linux/security/selinux/selinuxfs.c
<<
>>
Prefs
   1/* Updated: Karl MacMillan <kmacmillan@tresys.com>
   2 *
   3 *      Added conditional policy language extensions
   4 *
   5 *  Updated: Hewlett-Packard <paul.moore@hp.com>
   6 *
   7 *      Added support for the policy capability bitmap
   8 *
   9 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
  10 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
  11 * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
  12 *      This program is free software; you can redistribute it and/or modify
  13 *      it under the terms of the GNU General Public License as published by
  14 *      the Free Software Foundation, version 2.
  15 */
  16
  17#include <linux/kernel.h>
  18#include <linux/pagemap.h>
  19#include <linux/slab.h>
  20#include <linux/vmalloc.h>
  21#include <linux/fs.h>
  22#include <linux/mutex.h>
  23#include <linux/init.h>
  24#include <linux/string.h>
  25#include <linux/security.h>
  26#include <linux/major.h>
  27#include <linux/seq_file.h>
  28#include <linux/percpu.h>
  29#include <linux/audit.h>
  30#include <linux/uaccess.h>
  31
  32/* selinuxfs pseudo filesystem for exporting the security policy API.
  33   Based on the proc code and the fs/nfsd/nfsctl.c code. */
  34
  35#include "flask.h"
  36#include "avc.h"
  37#include "avc_ss.h"
  38#include "security.h"
  39#include "objsec.h"
  40#include "conditional.h"
  41
  42/* Policy capability filenames */
  43static char *policycap_names[] = {
  44        "network_peer_controls",
  45        "open_perms"
  46};
  47
  48unsigned int selinux_checkreqprot = CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE;
  49
  50#ifdef CONFIG_SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT
  51#define SELINUX_COMPAT_NET_VALUE 0
  52#else
  53#define SELINUX_COMPAT_NET_VALUE 1
  54#endif
  55
  56int selinux_compat_net = SELINUX_COMPAT_NET_VALUE;
  57
  58static int __init checkreqprot_setup(char *str)
  59{
  60        unsigned long checkreqprot;
  61        if (!strict_strtoul(str, 0, &checkreqprot))
  62                selinux_checkreqprot = checkreqprot ? 1 : 0;
  63        return 1;
  64}
  65__setup("checkreqprot=", checkreqprot_setup);
  66
  67static int __init selinux_compat_net_setup(char *str)
  68{
  69        unsigned long compat_net;
  70        if (!strict_strtoul(str, 0, &compat_net))
  71                selinux_compat_net = compat_net ? 1 : 0;
  72        return 1;
  73}
  74__setup("selinux_compat_net=", selinux_compat_net_setup);
  75
  76
  77static DEFINE_MUTEX(sel_mutex);
  78
  79/* global data for booleans */
  80static struct dentry *bool_dir;
  81static int bool_num;
  82static char **bool_pending_names;
  83static int *bool_pending_values;
  84
  85/* global data for classes */
  86static struct dentry *class_dir;
  87static unsigned long last_class_ino;
  88
  89/* global data for policy capabilities */
  90static struct dentry *policycap_dir;
  91
  92extern void selnl_notify_setenforce(int val);
  93
  94/* Check whether a task is allowed to use a security operation. */
  95static int task_has_security(struct task_struct *tsk,
  96                             u32 perms)
  97{
  98        struct task_security_struct *tsec;
  99
 100        tsec = tsk->security;
 101        if (!tsec)
 102                return -EACCES;
 103
 104        return avc_has_perm(tsec->sid, SECINITSID_SECURITY,
 105                            SECCLASS_SECURITY, perms, NULL);
 106}
 107
 108enum sel_inos {
 109        SEL_ROOT_INO = 2,
 110        SEL_LOAD,       /* load policy */
 111        SEL_ENFORCE,    /* get or set enforcing status */
 112        SEL_CONTEXT,    /* validate context */
 113        SEL_ACCESS,     /* compute access decision */
 114        SEL_CREATE,     /* compute create labeling decision */
 115        SEL_RELABEL,    /* compute relabeling decision */
 116        SEL_USER,       /* compute reachable user contexts */
 117        SEL_POLICYVERS, /* return policy version for this kernel */
 118        SEL_COMMIT_BOOLS, /* commit new boolean values */
 119        SEL_MLS,        /* return if MLS policy is enabled */
 120        SEL_DISABLE,    /* disable SELinux until next reboot */
 121        SEL_MEMBER,     /* compute polyinstantiation membership decision */
 122        SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */
 123        SEL_COMPAT_NET, /* whether to use old compat network packet controls */
 124        SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */
 125        SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */
 126        SEL_INO_NEXT,   /* The next inode number to use */
 127};
 128
 129static unsigned long sel_last_ino = SEL_INO_NEXT - 1;
 130
 131#define SEL_INITCON_INO_OFFSET          0x01000000
 132#define SEL_BOOL_INO_OFFSET             0x02000000
 133#define SEL_CLASS_INO_OFFSET            0x04000000
 134#define SEL_POLICYCAP_INO_OFFSET        0x08000000
 135#define SEL_INO_MASK                    0x00ffffff
 136
 137#define TMPBUFLEN       12
 138static ssize_t sel_read_enforce(struct file *filp, char __user *buf,
 139                                size_t count, loff_t *ppos)
 140{
 141        char tmpbuf[TMPBUFLEN];
 142        ssize_t length;
 143
 144        length = scnprintf(tmpbuf, TMPBUFLEN, "%d", selinux_enforcing);
 145        return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
 146}
 147
 148#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
 149static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
 150                                 size_t count, loff_t *ppos)
 151
 152{
 153        char *page;
 154        ssize_t length;
 155        int new_value;
 156
 157        if (count >= PAGE_SIZE)
 158                return -ENOMEM;
 159        if (*ppos != 0) {
 160                /* No partial writes. */
 161                return -EINVAL;
 162        }
 163        page = (char *)get_zeroed_page(GFP_KERNEL);
 164        if (!page)
 165                return -ENOMEM;
 166        length = -EFAULT;
 167        if (copy_from_user(page, buf, count))
 168                goto out;
 169
 170        length = -EINVAL;
 171        if (sscanf(page, "%d", &new_value) != 1)
 172                goto out;
 173
 174        if (new_value != selinux_enforcing) {
 175                length = task_has_security(current, SECURITY__SETENFORCE);
 176                if (length)
 177                        goto out;
 178                audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
 179                        "enforcing=%d old_enforcing=%d auid=%u ses=%u",
 180                        new_value, selinux_enforcing,
 181                        audit_get_loginuid(current),
 182                        audit_get_sessionid(current));
 183                selinux_enforcing = new_value;
 184                if (selinux_enforcing)
 185                        avc_ss_reset(0);
 186                selnl_notify_setenforce(selinux_enforcing);
 187        }
 188        length = count;
 189out:
 190        free_page((unsigned long) page);
 191        return length;
 192}
 193#else
 194#define sel_write_enforce NULL
 195#endif
 196
 197static const struct file_operations sel_enforce_ops = {
 198        .read           = sel_read_enforce,
 199        .write          = sel_write_enforce,
 200};
 201
 202static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf,
 203                                        size_t count, loff_t *ppos)
 204{
 205        char tmpbuf[TMPBUFLEN];
 206        ssize_t length;
 207        ino_t ino = filp->f_path.dentry->d_inode->i_ino;
 208        int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ?
 209                security_get_reject_unknown() : !security_get_allow_unknown();
 210
 211        length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown);
 212        return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
 213}
 214
 215static const struct file_operations sel_handle_unknown_ops = {
 216        .read           = sel_read_handle_unknown,
 217};
 218
 219#ifdef CONFIG_SECURITY_SELINUX_DISABLE
 220static ssize_t sel_write_disable(struct file *file, const char __user *buf,
 221                                 size_t count, loff_t *ppos)
 222
 223{
 224        char *page;
 225        ssize_t length;
 226        int new_value;
 227        extern int selinux_disable(void);
 228
 229        if (count >= PAGE_SIZE)
 230                return -ENOMEM;
 231        if (*ppos != 0) {
 232                /* No partial writes. */
 233                return -EINVAL;
 234        }
 235        page = (char *)get_zeroed_page(GFP_KERNEL);
 236        if (!page)
 237                return -ENOMEM;
 238        length = -EFAULT;
 239        if (copy_from_user(page, buf, count))
 240                goto out;
 241
 242        length = -EINVAL;
 243        if (sscanf(page, "%d", &new_value) != 1)
 244                goto out;
 245
 246        if (new_value) {
 247                length = selinux_disable();
 248                if (length < 0)
 249                        goto out;
 250                audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
 251                        "selinux=0 auid=%u ses=%u",
 252                        audit_get_loginuid(current),
 253                        audit_get_sessionid(current));
 254        }
 255
 256        length = count;
 257out:
 258        free_page((unsigned long) page);
 259        return length;
 260}
 261#else
 262#define sel_write_disable NULL
 263#endif
 264
 265static const struct file_operations sel_disable_ops = {
 266        .write          = sel_write_disable,
 267};
 268
 269static ssize_t sel_read_policyvers(struct file *filp, char __user *buf,
 270                                   size_t count, loff_t *ppos)
 271{
 272        char tmpbuf[TMPBUFLEN];
 273        ssize_t length;
 274
 275        length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX);
 276        return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
 277}
 278
 279static const struct file_operations sel_policyvers_ops = {
 280        .read           = sel_read_policyvers,
 281};
 282
 283/* declaration for sel_write_load */
 284static int sel_make_bools(void);
 285static int sel_make_classes(void);
 286static int sel_make_policycap(void);
 287
 288/* declaration for sel_make_class_dirs */
 289static int sel_make_dir(struct inode *dir, struct dentry *dentry,
 290                        unsigned long *ino);
 291
 292static ssize_t sel_read_mls(struct file *filp, char __user *buf,
 293                                size_t count, loff_t *ppos)
 294{
 295        char tmpbuf[TMPBUFLEN];
 296        ssize_t length;
 297
 298        length = scnprintf(tmpbuf, TMPBUFLEN, "%d", selinux_mls_enabled);
 299        return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
 300}
 301
 302static const struct file_operations sel_mls_ops = {
 303        .read           = sel_read_mls,
 304};
 305
 306static ssize_t sel_write_load(struct file *file, const char __user *buf,
 307                              size_t count, loff_t *ppos)
 308
 309{
 310        int ret;
 311        ssize_t length;
 312        void *data = NULL;
 313
 314        mutex_lock(&sel_mutex);
 315
 316        length = task_has_security(current, SECURITY__LOAD_POLICY);
 317        if (length)
 318                goto out;
 319
 320        if (*ppos != 0) {
 321                /* No partial writes. */
 322                length = -EINVAL;
 323                goto out;
 324        }
 325
 326        if ((count > 64 * 1024 * 1024)
 327            || (data = vmalloc(count)) == NULL) {
 328                length = -ENOMEM;
 329                goto out;
 330        }
 331
 332        length = -EFAULT;
 333        if (copy_from_user(data, buf, count) != 0)
 334                goto out;
 335
 336        length = security_load_policy(data, count);
 337        if (length)
 338                goto out;
 339
 340        ret = sel_make_bools();
 341        if (ret) {
 342                length = ret;
 343                goto out1;
 344        }
 345
 346        ret = sel_make_classes();
 347        if (ret) {
 348                length = ret;
 349                goto out1;
 350        }
 351
 352        ret = sel_make_policycap();
 353        if (ret)
 354                length = ret;
 355        else
 356                length = count;
 357
 358out1:
 359        audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
 360                "policy loaded auid=%u ses=%u",
 361                audit_get_loginuid(current),
 362                audit_get_sessionid(current));
 363out:
 364        mutex_unlock(&sel_mutex);
 365        vfree(data);
 366        return length;
 367}
 368
 369static const struct file_operations sel_load_ops = {
 370        .write          = sel_write_load,
 371};
 372
 373static ssize_t sel_write_context(struct file *file, char *buf, size_t size)
 374{
 375        char *canon;
 376        u32 sid, len;
 377        ssize_t length;
 378
 379        length = task_has_security(current, SECURITY__CHECK_CONTEXT);
 380        if (length)
 381                return length;
 382
 383        length = security_context_to_sid(buf, size, &sid);
 384        if (length < 0)
 385                return length;
 386
 387        length = security_sid_to_context(sid, &canon, &len);
 388        if (length < 0)
 389                return length;
 390
 391        if (len > SIMPLE_TRANSACTION_LIMIT) {
 392                printk(KERN_ERR "SELinux: %s:  context size (%u) exceeds "
 393                        "payload max\n", __func__, len);
 394                length = -ERANGE;
 395                goto out;
 396        }
 397
 398        memcpy(buf, canon, len);
 399        length = len;
 400out:
 401        kfree(canon);
 402        return length;
 403}
 404
 405static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf,
 406                                     size_t count, loff_t *ppos)
 407{
 408        char tmpbuf[TMPBUFLEN];
 409        ssize_t length;
 410
 411        length = scnprintf(tmpbuf, TMPBUFLEN, "%u", selinux_checkreqprot);
 412        return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
 413}
 414
 415static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
 416                                      size_t count, loff_t *ppos)
 417{
 418        char *page;
 419        ssize_t length;
 420        unsigned int new_value;
 421
 422        length = task_has_security(current, SECURITY__SETCHECKREQPROT);
 423        if (length)
 424                return length;
 425
 426        if (count >= PAGE_SIZE)
 427                return -ENOMEM;
 428        if (*ppos != 0) {
 429                /* No partial writes. */
 430                return -EINVAL;
 431        }
 432        page = (char *)get_zeroed_page(GFP_KERNEL);
 433        if (!page)
 434                return -ENOMEM;
 435        length = -EFAULT;
 436        if (copy_from_user(page, buf, count))
 437                goto out;
 438
 439        length = -EINVAL;
 440        if (sscanf(page, "%u", &new_value) != 1)
 441                goto out;
 442
 443        selinux_checkreqprot = new_value ? 1 : 0;
 444        length = count;
 445out:
 446        free_page((unsigned long) page);
 447        return length;
 448}
 449static const struct file_operations sel_checkreqprot_ops = {
 450        .read           = sel_read_checkreqprot,
 451        .write          = sel_write_checkreqprot,
 452};
 453
 454static ssize_t sel_read_compat_net(struct file *filp, char __user *buf,
 455                                   size_t count, loff_t *ppos)
 456{
 457        char tmpbuf[TMPBUFLEN];
 458        ssize_t length;
 459
 460        length = scnprintf(tmpbuf, TMPBUFLEN, "%d", selinux_compat_net);
 461        return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
 462}
 463
 464static ssize_t sel_write_compat_net(struct file *file, const char __user *buf,
 465                                    size_t count, loff_t *ppos)
 466{
 467        char *page;
 468        ssize_t length;
 469        int new_value;
 470
 471        length = task_has_security(current, SECURITY__LOAD_POLICY);
 472        if (length)
 473                return length;
 474
 475        if (count >= PAGE_SIZE)
 476                return -ENOMEM;
 477        if (*ppos != 0) {
 478                /* No partial writes. */
 479                return -EINVAL;
 480        }
 481        page = (char *)get_zeroed_page(GFP_KERNEL);
 482        if (!page)
 483                return -ENOMEM;
 484        length = -EFAULT;
 485        if (copy_from_user(page, buf, count))
 486                goto out;
 487
 488        length = -EINVAL;
 489        if (sscanf(page, "%d", &new_value) != 1)
 490                goto out;
 491
 492        selinux_compat_net = new_value ? 1 : 0;
 493        length = count;
 494out:
 495        free_page((unsigned long) page);
 496        return length;
 497}
 498static const struct file_operations sel_compat_net_ops = {
 499        .read           = sel_read_compat_net,
 500        .write          = sel_write_compat_net,
 501};
 502
 503/*
 504 * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c
 505 */
 506static ssize_t sel_write_access(struct file *file, char *buf, size_t size);
 507static ssize_t sel_write_create(struct file *file, char *buf, size_t size);
 508static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size);
 509static ssize_t sel_write_user(struct file *file, char *buf, size_t size);
 510static ssize_t sel_write_member(struct file *file, char *buf, size_t size);
 511
 512static ssize_t (*write_op[])(struct file *, char *, size_t) = {
 513        [SEL_ACCESS] = sel_write_access,
 514        [SEL_CREATE] = sel_write_create,
 515        [SEL_RELABEL] = sel_write_relabel,
 516        [SEL_USER] = sel_write_user,
 517        [SEL_MEMBER] = sel_write_member,
 518        [SEL_CONTEXT] = sel_write_context,
 519};
 520
 521static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos)
 522{
 523        ino_t ino = file->f_path.dentry->d_inode->i_ino;
 524        char *data;
 525        ssize_t rv;
 526
 527        if (ino >= ARRAY_SIZE(write_op) || !write_op[ino])
 528                return -EINVAL;
 529
 530        data = simple_transaction_get(file, buf, size);
 531        if (IS_ERR(data))
 532                return PTR_ERR(data);
 533
 534        rv = write_op[ino](file, data, size);
 535        if (rv > 0) {
 536                simple_transaction_set(file, rv);
 537                rv = size;
 538        }
 539        return rv;
 540}
 541
 542static const struct file_operations transaction_ops = {
 543        .write          = selinux_transaction_write,
 544        .read           = simple_transaction_read,
 545        .release        = simple_transaction_release,
 546};
 547
 548/*
 549 * payload - write methods
 550 * If the method has a response, the response should be put in buf,
 551 * and the length returned.  Otherwise return 0 or and -error.
 552 */
 553
 554static ssize_t sel_write_access(struct file *file, char *buf, size_t size)
 555{
 556        char *scon, *tcon;
 557        u32 ssid, tsid;
 558        u16 tclass;
 559        u32 req;
 560        struct av_decision avd;
 561        ssize_t length;
 562
 563        length = task_has_security(current, SECURITY__COMPUTE_AV);
 564        if (length)
 565                return length;
 566
 567        length = -ENOMEM;
 568        scon = kzalloc(size+1, GFP_KERNEL);
 569        if (!scon)
 570                return length;
 571
 572        tcon = kzalloc(size+1, GFP_KERNEL);
 573        if (!tcon)
 574                goto out;
 575
 576        length = -EINVAL;
 577        if (sscanf(buf, "%s %s %hu %x", scon, tcon, &tclass, &req) != 4)
 578                goto out2;
 579
 580        length = security_context_to_sid(scon, strlen(scon)+1, &ssid);
 581        if (length < 0)
 582                goto out2;
 583        length = security_context_to_sid(tcon, strlen(tcon)+1, &tsid);
 584        if (length < 0)
 585                goto out2;
 586
 587        length = security_compute_av(ssid, tsid, tclass, req, &avd);
 588        if (length < 0)
 589                goto out2;
 590
 591        length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT,
 592                          "%x %x %x %x %u",
 593                          avd.allowed, avd.decided,
 594                          avd.auditallow, avd.auditdeny,
 595                          avd.seqno);
 596out2:
 597        kfree(tcon);
 598out:
 599        kfree(scon);
 600        return length;
 601}
 602
 603static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
 604{
 605        char *scon, *tcon;
 606        u32 ssid, tsid, newsid;
 607        u16 tclass;
 608        ssize_t length;
 609        char *newcon;
 610        u32 len;
 611
 612        length = task_has_security(current, SECURITY__COMPUTE_CREATE);
 613        if (length)
 614                return length;
 615
 616        length = -ENOMEM;
 617        scon = kzalloc(size+1, GFP_KERNEL);
 618        if (!scon)
 619                return length;
 620
 621        tcon = kzalloc(size+1, GFP_KERNEL);
 622        if (!tcon)
 623                goto out;
 624
 625        length = -EINVAL;
 626        if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
 627                goto out2;
 628
 629        length = security_context_to_sid(scon, strlen(scon)+1, &ssid);
 630        if (length < 0)
 631                goto out2;
 632        length = security_context_to_sid(tcon, strlen(tcon)+1, &tsid);
 633        if (length < 0)
 634                goto out2;
 635
 636        length = security_transition_sid(ssid, tsid, tclass, &newsid);
 637        if (length < 0)
 638                goto out2;
 639
 640        length = security_sid_to_context(newsid, &newcon, &len);
 641        if (length < 0)
 642                goto out2;
 643
 644        if (len > SIMPLE_TRANSACTION_LIMIT) {
 645                printk(KERN_ERR "SELinux: %s:  context size (%u) exceeds "
 646                        "payload max\n", __func__, len);
 647                length = -ERANGE;
 648                goto out3;
 649        }
 650
 651        memcpy(buf, newcon, len);
 652        length = len;
 653out3:
 654        kfree(newcon);
 655out2:
 656        kfree(tcon);
 657out:
 658        kfree(scon);
 659        return length;
 660}
 661
 662static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size)
 663{
 664        char *scon, *tcon;
 665        u32 ssid, tsid, newsid;
 666        u16 tclass;
 667        ssize_t length;
 668        char *newcon;
 669        u32 len;
 670
 671        length = task_has_security(current, SECURITY__COMPUTE_RELABEL);
 672        if (length)
 673                return length;
 674
 675        length = -ENOMEM;
 676        scon = kzalloc(size+1, GFP_KERNEL);
 677        if (!scon)
 678                return length;
 679
 680        tcon = kzalloc(size+1, GFP_KERNEL);
 681        if (!tcon)
 682                goto out;
 683
 684        length = -EINVAL;
 685        if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
 686                goto out2;
 687
 688        length = security_context_to_sid(scon, strlen(scon)+1, &ssid);
 689        if (length < 0)
 690                goto out2;
 691        length = security_context_to_sid(tcon, strlen(tcon)+1, &tsid);
 692        if (length < 0)
 693                goto out2;
 694
 695        length = security_change_sid(ssid, tsid, tclass, &newsid);
 696        if (length < 0)
 697                goto out2;
 698
 699        length = security_sid_to_context(newsid, &newcon, &len);
 700        if (length < 0)
 701                goto out2;
 702
 703        if (len > SIMPLE_TRANSACTION_LIMIT) {
 704                length = -ERANGE;
 705                goto out3;
 706        }
 707
 708        memcpy(buf, newcon, len);
 709        length = len;
 710out3:
 711        kfree(newcon);
 712out2:
 713        kfree(tcon);
 714out:
 715        kfree(scon);
 716        return length;
 717}
 718
 719static ssize_t sel_write_user(struct file *file, char *buf, size_t size)
 720{
 721        char *con, *user, *ptr;
 722        u32 sid, *sids;
 723        ssize_t length;
 724        char *newcon;
 725        int i, rc;
 726        u32 len, nsids;
 727
 728        length = task_has_security(current, SECURITY__COMPUTE_USER);
 729        if (length)
 730                return length;
 731
 732        length = -ENOMEM;
 733        con = kzalloc(size+1, GFP_KERNEL);
 734        if (!con)
 735                return length;
 736
 737        user = kzalloc(size+1, GFP_KERNEL);
 738        if (!user)
 739                goto out;
 740
 741        length = -EINVAL;
 742        if (sscanf(buf, "%s %s", con, user) != 2)
 743                goto out2;
 744
 745        length = security_context_to_sid(con, strlen(con)+1, &sid);
 746        if (length < 0)
 747                goto out2;
 748
 749        length = security_get_user_sids(sid, user, &sids, &nsids);
 750        if (length < 0)
 751                goto out2;
 752
 753        length = sprintf(buf, "%u", nsids) + 1;
 754        ptr = buf + length;
 755        for (i = 0; i < nsids; i++) {
 756                rc = security_sid_to_context(sids[i], &newcon, &len);
 757                if (rc) {
 758                        length = rc;
 759                        goto out3;
 760                }
 761                if ((length + len) >= SIMPLE_TRANSACTION_LIMIT) {
 762                        kfree(newcon);
 763                        length = -ERANGE;
 764                        goto out3;
 765                }
 766                memcpy(ptr, newcon, len);
 767                kfree(newcon);
 768                ptr += len;
 769                length += len;
 770        }
 771out3:
 772        kfree(sids);
 773out2:
 774        kfree(user);
 775out:
 776        kfree(con);
 777        return length;
 778}
 779
 780static ssize_t sel_write_member(struct file *file, char *buf, size_t size)
 781{
 782        char *scon, *tcon;
 783        u32 ssid, tsid, newsid;
 784        u16 tclass;
 785        ssize_t length;
 786        char *newcon;
 787        u32 len;
 788
 789        length = task_has_security(current, SECURITY__COMPUTE_MEMBER);
 790        if (length)
 791                return length;
 792
 793        length = -ENOMEM;
 794        scon = kzalloc(size+1, GFP_KERNEL);
 795        if (!scon)
 796                return length;
 797
 798        tcon = kzalloc(size+1, GFP_KERNEL);
 799        if (!tcon)
 800                goto out;
 801
 802        length = -EINVAL;
 803        if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
 804                goto out2;
 805
 806        length = security_context_to_sid(scon, strlen(scon)+1, &ssid);
 807        if (length < 0)
 808                goto out2;
 809        length = security_context_to_sid(tcon, strlen(tcon)+1, &tsid);
 810        if (length < 0)
 811                goto out2;
 812
 813        length = security_member_sid(ssid, tsid, tclass, &newsid);
 814        if (length < 0)
 815                goto out2;
 816
 817        length = security_sid_to_context(newsid, &newcon, &len);
 818        if (length < 0)
 819                goto out2;
 820
 821        if (len > SIMPLE_TRANSACTION_LIMIT) {
 822                printk(KERN_ERR "SELinux: %s:  context size (%u) exceeds "
 823                        "payload max\n", __func__, len);
 824                length = -ERANGE;
 825                goto out3;
 826        }
 827
 828        memcpy(buf, newcon, len);
 829        length = len;
 830out3:
 831        kfree(newcon);
 832out2:
 833        kfree(tcon);
 834out:
 835        kfree(scon);
 836        return length;
 837}
 838
 839static struct inode *sel_make_inode(struct super_block *sb, int mode)
 840{
 841        struct inode *ret = new_inode(sb);
 842
 843        if (ret) {
 844                ret->i_mode = mode;
 845                ret->i_uid = ret->i_gid = 0;
 846                ret->i_blocks = 0;
 847                ret->i_atime = ret->i_mtime = ret->i_ctime = CURRENT_TIME;
 848        }
 849        return ret;
 850}
 851
 852static ssize_t sel_read_bool(struct file *filep, char __user *buf,
 853                             size_t count, loff_t *ppos)
 854{
 855        char *page = NULL;
 856        ssize_t length;
 857        ssize_t ret;
 858        int cur_enforcing;
 859        struct inode *inode = filep->f_path.dentry->d_inode;
 860        unsigned index = inode->i_ino & SEL_INO_MASK;
 861        const char *name = filep->f_path.dentry->d_name.name;
 862
 863        mutex_lock(&sel_mutex);
 864
 865        if (index >= bool_num || strcmp(name, bool_pending_names[index])) {
 866                ret = -EINVAL;
 867                goto out;
 868        }
 869
 870        if (count > PAGE_SIZE) {
 871                ret = -EINVAL;
 872                goto out;
 873        }
 874        page = (char *)get_zeroed_page(GFP_KERNEL);
 875        if (!page) {
 876                ret = -ENOMEM;
 877                goto out;
 878        }
 879
 880        cur_enforcing = security_get_bool_value(index);
 881        if (cur_enforcing < 0) {
 882                ret = cur_enforcing;
 883                goto out;
 884        }
 885        length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing,
 886                          bool_pending_values[index]);
 887        ret = simple_read_from_buffer(buf, count, ppos, page, length);
 888out:
 889        mutex_unlock(&sel_mutex);
 890        if (page)
 891                free_page((unsigned long)page);
 892        return ret;
 893}
 894
 895static ssize_t sel_write_bool(struct file *filep, const char __user *buf,
 896                              size_t count, loff_t *ppos)
 897{
 898        char *page = NULL;
 899        ssize_t length;
 900        int new_value;
 901        struct inode *inode = filep->f_path.dentry->d_inode;
 902        unsigned index = inode->i_ino & SEL_INO_MASK;
 903        const char *name = filep->f_path.dentry->d_name.name;
 904
 905        mutex_lock(&sel_mutex);
 906
 907        length = task_has_security(current, SECURITY__SETBOOL);
 908        if (length)
 909                goto out;
 910
 911        if (index >= bool_num || strcmp(name, bool_pending_names[index])) {
 912                length = -EINVAL;
 913                goto out;
 914        }
 915
 916        if (count >= PAGE_SIZE) {
 917                length = -ENOMEM;
 918                goto out;
 919        }
 920
 921        if (*ppos != 0) {
 922                /* No partial writes. */
 923                length = -EINVAL;
 924                goto out;
 925        }
 926        page = (char *)get_zeroed_page(GFP_KERNEL);
 927        if (!page) {
 928                length = -ENOMEM;
 929                goto out;
 930        }
 931
 932        length = -EFAULT;
 933        if (copy_from_user(page, buf, count))
 934                goto out;
 935
 936        length = -EINVAL;
 937        if (sscanf(page, "%d", &new_value) != 1)
 938                goto out;
 939
 940        if (new_value)
 941                new_value = 1;
 942
 943        bool_pending_values[index] = new_value;
 944        length = count;
 945
 946out:
 947        mutex_unlock(&sel_mutex);
 948        if (page)
 949                free_page((unsigned long) page);
 950        return length;
 951}
 952
 953static const struct file_operations sel_bool_ops = {
 954        .read           = sel_read_bool,
 955        .write          = sel_write_bool,
 956};
 957
 958static ssize_t sel_commit_bools_write(struct file *filep,
 959                                      const char __user *buf,
 960                                      size_t count, loff_t *ppos)
 961{
 962        char *page = NULL;
 963        ssize_t length;
 964        int new_value;
 965
 966        mutex_lock(&sel_mutex);
 967
 968        length = task_has_security(current, SECURITY__SETBOOL);
 969        if (length)
 970                goto out;
 971
 972        if (count >= PAGE_SIZE) {
 973                length = -ENOMEM;
 974                goto out;
 975        }
 976        if (*ppos != 0) {
 977                /* No partial writes. */
 978                goto out;
 979        }
 980        page = (char *)get_zeroed_page(GFP_KERNEL);
 981        if (!page) {
 982                length = -ENOMEM;
 983                goto out;
 984        }
 985
 986        length = -EFAULT;
 987        if (copy_from_user(page, buf, count))
 988                goto out;
 989
 990        length = -EINVAL;
 991        if (sscanf(page, "%d", &new_value) != 1)
 992                goto out;
 993
 994        if (new_value && bool_pending_values)
 995                security_set_bools(bool_num, bool_pending_values);
 996
 997        length = count;
 998
 999out:
1000        mutex_unlock(&sel_mutex);
1001        if (page)
1002                free_page((unsigned long) page);
1003        return length;
1004}
1005
1006static const struct file_operations sel_commit_bools_ops = {
1007        .write          = sel_commit_bools_write,
1008};
1009
1010static void sel_remove_entries(struct dentry *de)
1011{
1012        struct list_head *node;
1013
1014        spin_lock(&dcache_lock);
1015        node = de->d_subdirs.next;
1016        while (node != &de->d_subdirs) {
1017                struct dentry *d = list_entry(node, struct dentry, d_u.d_child);
1018                list_del_init(node);
1019
1020                if (d->d_inode) {
1021                        d = dget_locked(d);
1022                        spin_unlock(&dcache_lock);
1023                        d_delete(d);
1024                        simple_unlink(de->d_inode, d);
1025                        dput(d);
1026                        spin_lock(&dcache_lock);
1027                }
1028                node = de->d_subdirs.next;
1029        }
1030
1031        spin_unlock(&dcache_lock);
1032}
1033
1034#define BOOL_DIR_NAME "booleans"
1035
1036static int sel_make_bools(void)
1037{
1038        int i, ret = 0;
1039        ssize_t len;
1040        struct dentry *dentry = NULL;
1041        struct dentry *dir = bool_dir;
1042        struct inode *inode = NULL;
1043        struct inode_security_struct *isec;
1044        char **names = NULL, *page;
1045        int num;
1046        int *values = NULL;
1047        u32 sid;
1048
1049        /* remove any existing files */
1050        kfree(bool_pending_names);
1051        kfree(bool_pending_values);
1052        bool_pending_names = NULL;
1053        bool_pending_values = NULL;
1054
1055        sel_remove_entries(dir);
1056
1057        page = (char *)get_zeroed_page(GFP_KERNEL);
1058        if (!page)
1059                return -ENOMEM;
1060
1061        ret = security_get_bools(&num, &names, &values);
1062        if (ret != 0)
1063                goto out;
1064
1065        for (i = 0; i < num; i++) {
1066                dentry = d_alloc_name(dir, names[i]);
1067                if (!dentry) {
1068                        ret = -ENOMEM;
1069                        goto err;
1070                }
1071                inode = sel_make_inode(dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR);
1072                if (!inode) {
1073                        ret = -ENOMEM;
1074                        goto err;
1075                }
1076
1077                len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]);
1078                if (len < 0) {
1079                        ret = -EINVAL;
1080                        goto err;
1081                } else if (len >= PAGE_SIZE) {
1082                        ret = -ENAMETOOLONG;
1083                        goto err;
1084                }
1085                isec = (struct inode_security_struct *)inode->i_security;
1086                ret = security_genfs_sid("selinuxfs", page, SECCLASS_FILE, &sid);
1087                if (ret)
1088                        goto err;
1089                isec->sid = sid;
1090                isec->initialized = 1;
1091                inode->i_fop = &sel_bool_ops;
1092                inode->i_ino = i|SEL_BOOL_INO_OFFSET;
1093                d_add(dentry, inode);
1094        }
1095        bool_num = num;
1096        bool_pending_names = names;
1097        bool_pending_values = values;
1098out:
1099        free_page((unsigned long)page);
1100        return ret;
1101err:
1102        if (names) {
1103                for (i = 0; i < num; i++)
1104                        kfree(names[i]);
1105                kfree(names);
1106        }
1107        kfree(values);
1108        sel_remove_entries(dir);
1109        ret = -ENOMEM;
1110        goto out;
1111}
1112
1113#define NULL_FILE_NAME "null"
1114
1115struct dentry *selinux_null;
1116
1117static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf,
1118                                            size_t count, loff_t *ppos)
1119{
1120        char tmpbuf[TMPBUFLEN];
1121        ssize_t length;
1122
1123        length = scnprintf(tmpbuf, TMPBUFLEN, "%u", avc_cache_threshold);
1124        return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
1125}
1126
1127static ssize_t sel_write_avc_cache_threshold(struct file *file,
1128                                             const char __user *buf,
1129                                             size_t count, loff_t *ppos)
1130
1131{
1132        char *page;
1133        ssize_t ret;
1134        int new_value;
1135
1136        if (count >= PAGE_SIZE) {
1137                ret = -ENOMEM;
1138                goto out;
1139        }
1140
1141        if (*ppos != 0) {
1142                /* No partial writes. */
1143                ret = -EINVAL;
1144                goto out;
1145        }
1146
1147        page = (char *)get_zeroed_page(GFP_KERNEL);
1148        if (!page) {
1149                ret = -ENOMEM;
1150                goto out;
1151        }
1152
1153        if (copy_from_user(page, buf, count)) {
1154                ret = -EFAULT;
1155                goto out_free;
1156        }
1157
1158        if (sscanf(page, "%u", &new_value) != 1) {
1159                ret = -EINVAL;
1160                goto out;
1161        }
1162
1163        if (new_value != avc_cache_threshold) {
1164                ret = task_has_security(current, SECURITY__SETSECPARAM);
1165                if (ret)
1166                        goto out_free;
1167                avc_cache_threshold = new_value;
1168        }
1169        ret = count;
1170out_free:
1171        free_page((unsigned long)page);
1172out:
1173        return ret;
1174}
1175
1176static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf,
1177                                       size_t count, loff_t *ppos)
1178{
1179        char *page;
1180        ssize_t ret = 0;
1181
1182        page = (char *)__get_free_page(GFP_KERNEL);
1183        if (!page) {
1184                ret = -ENOMEM;
1185                goto out;
1186        }
1187        ret = avc_get_hash_stats(page);
1188        if (ret >= 0)
1189                ret = simple_read_from_buffer(buf, count, ppos, page, ret);
1190        free_page((unsigned long)page);
1191out:
1192        return ret;
1193}
1194
1195static const struct file_operations sel_avc_cache_threshold_ops = {
1196        .read           = sel_read_avc_cache_threshold,
1197        .write          = sel_write_avc_cache_threshold,
1198};
1199
1200static const struct file_operations sel_avc_hash_stats_ops = {
1201        .read           = sel_read_avc_hash_stats,
1202};
1203
1204#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
1205static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx)
1206{
1207        int cpu;
1208
1209        for (cpu = *idx; cpu < NR_CPUS; ++cpu) {
1210                if (!cpu_possible(cpu))
1211                        continue;
1212                *idx = cpu + 1;
1213                return &per_cpu(avc_cache_stats, cpu);
1214        }
1215        return NULL;
1216}
1217
1218static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos)
1219{
1220        loff_t n = *pos - 1;
1221
1222        if (*pos == 0)
1223                return SEQ_START_TOKEN;
1224
1225        return sel_avc_get_stat_idx(&n);
1226}
1227
1228static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1229{
1230        return sel_avc_get_stat_idx(pos);
1231}
1232
1233static int sel_avc_stats_seq_show(struct seq_file *seq, void *v)
1234{
1235        struct avc_cache_stats *st = v;
1236
1237        if (v == SEQ_START_TOKEN)
1238                seq_printf(seq, "lookups hits misses allocations reclaims "
1239                           "frees\n");
1240        else
1241                seq_printf(seq, "%u %u %u %u %u %u\n", st->lookups,
1242                           st->hits, st->misses, st->allocations,
1243                           st->reclaims, st->frees);
1244        return 0;
1245}
1246
1247static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v)
1248{ }
1249
1250static const struct seq_operations sel_avc_cache_stats_seq_ops = {
1251        .start          = sel_avc_stats_seq_start,
1252        .next           = sel_avc_stats_seq_next,
1253        .show           = sel_avc_stats_seq_show,
1254        .stop           = sel_avc_stats_seq_stop,
1255};
1256
1257static int sel_open_avc_cache_stats(struct inode *inode, struct file *file)
1258{
1259        return seq_open(file, &sel_avc_cache_stats_seq_ops);
1260}
1261
1262static const struct file_operations sel_avc_cache_stats_ops = {
1263        .open           = sel_open_avc_cache_stats,
1264        .read           = seq_read,
1265        .llseek         = seq_lseek,
1266        .release        = seq_release,
1267};
1268#endif
1269
1270static int sel_make_avc_files(struct dentry *dir)
1271{
1272        int i, ret = 0;
1273        static struct tree_descr files[] = {
1274                { "cache_threshold",
1275                  &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR },
1276                { "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO },
1277#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
1278                { "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO },
1279#endif
1280        };
1281
1282        for (i = 0; i < ARRAY_SIZE(files); i++) {
1283                struct inode *inode;
1284                struct dentry *dentry;
1285
1286                dentry = d_alloc_name(dir, files[i].name);
1287                if (!dentry) {
1288                        ret = -ENOMEM;
1289                        goto out;
1290                }
1291
1292                inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode);
1293                if (!inode) {
1294                        ret = -ENOMEM;
1295                        goto out;
1296                }
1297                inode->i_fop = files[i].ops;
1298                inode->i_ino = ++sel_last_ino;
1299                d_add(dentry, inode);
1300        }
1301out:
1302        return ret;
1303}
1304
1305static ssize_t sel_read_initcon(struct file *file, char __user *buf,
1306                                size_t count, loff_t *ppos)
1307{
1308        struct inode *inode;
1309        char *con;
1310        u32 sid, len;
1311        ssize_t ret;
1312
1313        inode = file->f_path.dentry->d_inode;
1314        sid = inode->i_ino&SEL_INO_MASK;
1315        ret = security_sid_to_context(sid, &con, &len);
1316        if (ret < 0)
1317                return ret;
1318
1319        ret = simple_read_from_buffer(buf, count, ppos, con, len);
1320        kfree(con);
1321        return ret;
1322}
1323
1324static const struct file_operations sel_initcon_ops = {
1325        .read           = sel_read_initcon,
1326};
1327
1328static int sel_make_initcon_files(struct dentry *dir)
1329{
1330        int i, ret = 0;
1331
1332        for (i = 1; i <= SECINITSID_NUM; i++) {
1333                struct inode *inode;
1334                struct dentry *dentry;
1335                dentry = d_alloc_name(dir, security_get_initial_sid_context(i));
1336                if (!dentry) {
1337                        ret = -ENOMEM;
1338                        goto out;
1339                }
1340
1341                inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1342                if (!inode) {
1343                        ret = -ENOMEM;
1344                        goto out;
1345                }
1346                inode->i_fop = &sel_initcon_ops;
1347                inode->i_ino = i|SEL_INITCON_INO_OFFSET;
1348                d_add(dentry, inode);
1349        }
1350out:
1351        return ret;
1352}
1353
1354static inline unsigned int sel_div(unsigned long a, unsigned long b)
1355{
1356        return a / b - (a % b < 0);
1357}
1358
1359static inline unsigned long sel_class_to_ino(u16 class)
1360{
1361        return (class * (SEL_VEC_MAX + 1)) | SEL_CLASS_INO_OFFSET;
1362}
1363
1364static inline u16 sel_ino_to_class(unsigned long ino)
1365{
1366        return sel_div(ino & SEL_INO_MASK, SEL_VEC_MAX + 1);
1367}
1368
1369static inline unsigned long sel_perm_to_ino(u16 class, u32 perm)
1370{
1371        return (class * (SEL_VEC_MAX + 1) + perm) | SEL_CLASS_INO_OFFSET;
1372}
1373
1374static inline u32 sel_ino_to_perm(unsigned long ino)
1375{
1376        return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1);
1377}
1378
1379static ssize_t sel_read_class(struct file *file, char __user *buf,
1380                                size_t count, loff_t *ppos)
1381{
1382        ssize_t rc, len;
1383        char *page;
1384        unsigned long ino = file->f_path.dentry->d_inode->i_ino;
1385
1386        page = (char *)__get_free_page(GFP_KERNEL);
1387        if (!page) {
1388                rc = -ENOMEM;
1389                goto out;
1390        }
1391
1392        len = snprintf(page, PAGE_SIZE, "%d", sel_ino_to_class(ino));
1393        rc = simple_read_from_buffer(buf, count, ppos, page, len);
1394        free_page((unsigned long)page);
1395out:
1396        return rc;
1397}
1398
1399static const struct file_operations sel_class_ops = {
1400        .read           = sel_read_class,
1401};
1402
1403static ssize_t sel_read_perm(struct file *file, char __user *buf,
1404                                size_t count, loff_t *ppos)
1405{
1406        ssize_t rc, len;
1407        char *page;
1408        unsigned long ino = file->f_path.dentry->d_inode->i_ino;
1409
1410        page = (char *)__get_free_page(GFP_KERNEL);
1411        if (!page) {
1412                rc = -ENOMEM;
1413                goto out;
1414        }
1415
1416        len = snprintf(page, PAGE_SIZE, "%d", sel_ino_to_perm(ino));
1417        rc = simple_read_from_buffer(buf, count, ppos, page, len);
1418        free_page((unsigned long)page);
1419out:
1420        return rc;
1421}
1422
1423static const struct file_operations sel_perm_ops = {
1424        .read           = sel_read_perm,
1425};
1426
1427static ssize_t sel_read_policycap(struct file *file, char __user *buf,
1428                                  size_t count, loff_t *ppos)
1429{
1430        int value;
1431        char tmpbuf[TMPBUFLEN];
1432        ssize_t length;
1433        unsigned long i_ino = file->f_path.dentry->d_inode->i_ino;
1434
1435        value = security_policycap_supported(i_ino & SEL_INO_MASK);
1436        length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value);
1437
1438        return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
1439}
1440
1441static const struct file_operations sel_policycap_ops = {
1442        .read           = sel_read_policycap,
1443};
1444
1445static int sel_make_perm_files(char *objclass, int classvalue,
1446                                struct dentry *dir)
1447{
1448        int i, rc = 0, nperms;
1449        char **perms;
1450
1451        rc = security_get_permissions(objclass, &perms, &nperms);
1452        if (rc)
1453                goto out;
1454
1455        for (i = 0; i < nperms; i++) {
1456                struct inode *inode;
1457                struct dentry *dentry;
1458
1459                dentry = d_alloc_name(dir, perms[i]);
1460                if (!dentry) {
1461                        rc = -ENOMEM;
1462                        goto out1;
1463                }
1464
1465                inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1466                if (!inode) {
1467                        rc = -ENOMEM;
1468                        goto out1;
1469                }
1470                inode->i_fop = &sel_perm_ops;
1471                /* i+1 since perm values are 1-indexed */
1472                inode->i_ino = sel_perm_to_ino(classvalue, i+1);
1473                d_add(dentry, inode);
1474        }
1475
1476out1:
1477        for (i = 0; i < nperms; i++)
1478                kfree(perms[i]);
1479        kfree(perms);
1480out:
1481        return rc;
1482}
1483
1484static int sel_make_class_dir_entries(char *classname, int index,
1485                                        struct dentry *dir)
1486{
1487        struct dentry *dentry = NULL;
1488        struct inode *inode = NULL;
1489        int rc;
1490
1491        dentry = d_alloc_name(dir, "index");
1492        if (!dentry) {
1493                rc = -ENOMEM;
1494                goto out;
1495        }
1496
1497        inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1498        if (!inode) {
1499                rc = -ENOMEM;
1500                goto out;
1501        }
1502
1503        inode->i_fop = &sel_class_ops;
1504        inode->i_ino = sel_class_to_ino(index);
1505        d_add(dentry, inode);
1506
1507        dentry = d_alloc_name(dir, "perms");
1508        if (!dentry) {
1509                rc = -ENOMEM;
1510                goto out;
1511        }
1512
1513        rc = sel_make_dir(dir->d_inode, dentry, &last_class_ino);
1514        if (rc)
1515                goto out;
1516
1517        rc = sel_make_perm_files(classname, index, dentry);
1518
1519out:
1520        return rc;
1521}
1522
1523static void sel_remove_classes(void)
1524{
1525        struct list_head *class_node;
1526
1527        list_for_each(class_node, &class_dir->d_subdirs) {
1528                struct dentry *class_subdir = list_entry(class_node,
1529                                        struct dentry, d_u.d_child);
1530                struct list_head *class_subdir_node;
1531
1532                list_for_each(class_subdir_node, &class_subdir->d_subdirs) {
1533                        struct dentry *d = list_entry(class_subdir_node,
1534                                                struct dentry, d_u.d_child);
1535
1536                        if (d->d_inode)
1537                                if (d->d_inode->i_mode & S_IFDIR)
1538                                        sel_remove_entries(d);
1539                }
1540
1541                sel_remove_entries(class_subdir);
1542        }
1543
1544        sel_remove_entries(class_dir);
1545}
1546
1547static int sel_make_classes(void)
1548{
1549        int rc = 0, nclasses, i;
1550        char **classes;
1551
1552        /* delete any existing entries */
1553        sel_remove_classes();
1554
1555        rc = security_get_classes(&classes, &nclasses);
1556        if (rc < 0)
1557                goto out;
1558
1559        /* +2 since classes are 1-indexed */
1560        last_class_ino = sel_class_to_ino(nclasses+2);
1561
1562        for (i = 0; i < nclasses; i++) {
1563                struct dentry *class_name_dir;
1564
1565                class_name_dir = d_alloc_name(class_dir, classes[i]);
1566                if (!class_name_dir) {
1567                        rc = -ENOMEM;
1568                        goto out1;
1569                }
1570
1571                rc = sel_make_dir(class_dir->d_inode, class_name_dir,
1572                                &last_class_ino);
1573                if (rc)
1574                        goto out1;
1575
1576                /* i+1 since class values are 1-indexed */
1577                rc = sel_make_class_dir_entries(classes[i], i+1,
1578                                class_name_dir);
1579                if (rc)
1580                        goto out1;
1581        }
1582
1583out1:
1584        for (i = 0; i < nclasses; i++)
1585                kfree(classes[i]);
1586        kfree(classes);
1587out:
1588        return rc;
1589}
1590
1591static int sel_make_policycap(void)
1592{
1593        unsigned int iter;
1594        struct dentry *dentry = NULL;
1595        struct inode *inode = NULL;
1596
1597        sel_remove_entries(policycap_dir);
1598
1599        for (iter = 0; iter <= POLICYDB_CAPABILITY_MAX; iter++) {
1600                if (iter < ARRAY_SIZE(policycap_names))
1601                        dentry = d_alloc_name(policycap_dir,
1602                                              policycap_names[iter]);
1603                else
1604                        dentry = d_alloc_name(policycap_dir, "unknown");
1605
1606                if (dentry == NULL)
1607                        return -ENOMEM;
1608
1609                inode = sel_make_inode(policycap_dir->d_sb, S_IFREG | S_IRUGO);
1610                if (inode == NULL)
1611                        return -ENOMEM;
1612
1613                inode->i_fop = &sel_policycap_ops;
1614                inode->i_ino = iter | SEL_POLICYCAP_INO_OFFSET;
1615                d_add(dentry, inode);
1616        }
1617
1618        return 0;
1619}
1620
1621static int sel_make_dir(struct inode *dir, struct dentry *dentry,
1622                        unsigned long *ino)
1623{
1624        int ret = 0;
1625        struct inode *inode;
1626
1627        inode = sel_make_inode(dir->i_sb, S_IFDIR | S_IRUGO | S_IXUGO);
1628        if (!inode) {
1629                ret = -ENOMEM;
1630                goto out;
1631        }
1632        inode->i_op = &simple_dir_inode_operations;
1633        inode->i_fop = &simple_dir_operations;
1634        inode->i_ino = ++(*ino);
1635        /* directory inodes start off with i_nlink == 2 (for "." entry) */
1636        inc_nlink(inode);
1637        d_add(dentry, inode);
1638        /* bump link count on parent directory, too */
1639        inc_nlink(dir);
1640out:
1641        return ret;
1642}
1643
1644static int sel_fill_super(struct super_block *sb, void *data, int silent)
1645{
1646        int ret;
1647        struct dentry *dentry;
1648        struct inode *inode, *root_inode;
1649        struct inode_security_struct *isec;
1650
1651        static struct tree_descr selinux_files[] = {
1652                [SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR},
1653                [SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR},
1654                [SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO},
1655                [SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO},
1656                [SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO},
1657                [SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO},
1658                [SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO},
1659                [SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO},
1660                [SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR},
1661                [SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO},
1662                [SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR},
1663                [SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO},
1664                [SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR},
1665                [SEL_COMPAT_NET] = {"compat_net", &sel_compat_net_ops, S_IRUGO|S_IWUSR},
1666                [SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO},
1667                [SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO},
1668                /* last one */ {""}
1669        };
1670        ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);
1671        if (ret)
1672                goto err;
1673
1674        root_inode = sb->s_root->d_inode;
1675
1676        dentry = d_alloc_name(sb->s_root, BOOL_DIR_NAME);
1677        if (!dentry) {
1678                ret = -ENOMEM;
1679                goto err;
1680        }
1681
1682        ret = sel_make_dir(root_inode, dentry, &sel_last_ino);
1683        if (ret)
1684                goto err;
1685
1686        bool_dir = dentry;
1687
1688        dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME);
1689        if (!dentry) {
1690                ret = -ENOMEM;
1691                goto err;
1692        }
1693
1694        inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO);
1695        if (!inode) {
1696                ret = -ENOMEM;
1697                goto err;
1698        }
1699        inode->i_ino = ++sel_last_ino;
1700        isec = (struct inode_security_struct *)inode->i_security;
1701        isec->sid = SECINITSID_DEVNULL;
1702        isec->sclass = SECCLASS_CHR_FILE;
1703        isec->initialized = 1;
1704
1705        init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3));
1706        d_add(dentry, inode);
1707        selinux_null = dentry;
1708
1709        dentry = d_alloc_name(sb->s_root, "avc");
1710        if (!dentry) {
1711                ret = -ENOMEM;
1712                goto err;
1713        }
1714
1715        ret = sel_make_dir(root_inode, dentry, &sel_last_ino);
1716        if (ret)
1717                goto err;
1718
1719        ret = sel_make_avc_files(dentry);
1720        if (ret)
1721                goto err;
1722
1723        dentry = d_alloc_name(sb->s_root, "initial_contexts");
1724        if (!dentry) {
1725                ret = -ENOMEM;
1726                goto err;
1727        }
1728
1729        ret = sel_make_dir(root_inode, dentry, &sel_last_ino);
1730        if (ret)
1731                goto err;
1732
1733        ret = sel_make_initcon_files(dentry);
1734        if (ret)
1735                goto err;
1736
1737        dentry = d_alloc_name(sb->s_root, "class");
1738        if (!dentry) {
1739                ret = -ENOMEM;
1740                goto err;
1741        }
1742
1743        ret = sel_make_dir(root_inode, dentry, &sel_last_ino);
1744        if (ret)
1745                goto err;
1746
1747        class_dir = dentry;
1748
1749        dentry = d_alloc_name(sb->s_root, "policy_capabilities");
1750        if (!dentry) {
1751                ret = -ENOMEM;
1752                goto err;
1753        }
1754
1755        ret = sel_make_dir(root_inode, dentry, &sel_last_ino);
1756        if (ret)
1757                goto err;
1758
1759        policycap_dir = dentry;
1760
1761out:
1762        return ret;
1763err:
1764        printk(KERN_ERR "SELinux: %s:  failed while creating inodes\n",
1765                __func__);
1766        goto out;
1767}
1768
1769static int sel_get_sb(struct file_system_type *fs_type,
1770                      int flags, const char *dev_name, void *data,
1771                      struct vfsmount *mnt)
1772{
1773        return get_sb_single(fs_type, flags, data, sel_fill_super, mnt);
1774}
1775
1776static struct file_system_type sel_fs_type = {
1777        .name           = "selinuxfs",
1778        .get_sb         = sel_get_sb,
1779        .kill_sb        = kill_litter_super,
1780};
1781
1782struct vfsmount *selinuxfs_mount;
1783
1784static int __init init_sel_fs(void)
1785{
1786        int err;
1787
1788        if (!selinux_enabled)
1789                return 0;
1790        err = register_filesystem(&sel_fs_type);
1791        if (!err) {
1792                selinuxfs_mount = kern_mount(&sel_fs_type);
1793                if (IS_ERR(selinuxfs_mount)) {
1794                        printk(KERN_ERR "selinuxfs:  could not mount!\n");
1795                        err = PTR_ERR(selinuxfs_mount);
1796                        selinuxfs_mount = NULL;
1797                }
1798        }
1799        return err;
1800}
1801
1802__initcall(init_sel_fs);
1803
1804#ifdef CONFIG_SECURITY_SELINUX_DISABLE
1805void exit_sel_fs(void)
1806{
1807        unregister_filesystem(&sel_fs_type);
1808}
1809#endif
1810