1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26#include <linux/init.h>
27#include <linux/kernel.h>
28#include <linux/tracehook.h>
29#include <linux/errno.h>
30#include <linux/sched.h>
31#include <linux/security.h>
32#include <linux/xattr.h>
33#include <linux/capability.h>
34#include <linux/unistd.h>
35#include <linux/mm.h>
36#include <linux/mman.h>
37#include <linux/slab.h>
38#include <linux/pagemap.h>
39#include <linux/swap.h>
40#include <linux/spinlock.h>
41#include <linux/syscalls.h>
42#include <linux/file.h>
43#include <linux/fdtable.h>
44#include <linux/namei.h>
45#include <linux/mount.h>
46#include <linux/proc_fs.h>
47#include <linux/netfilter_ipv4.h>
48#include <linux/netfilter_ipv6.h>
49#include <linux/tty.h>
50#include <net/icmp.h>
51#include <net/ip.h>
52#include <net/tcp.h>
53#include <net/net_namespace.h>
54#include <net/netlabel.h>
55#include <linux/uaccess.h>
56#include <asm/ioctls.h>
57#include <asm/atomic.h>
58#include <linux/bitops.h>
59#include <linux/interrupt.h>
60#include <linux/netdevice.h>
61#include <linux/netlink.h>
62#include <linux/tcp.h>
63#include <linux/udp.h>
64#include <linux/dccp.h>
65#include <linux/quota.h>
66#include <linux/un.h>
67#include <net/af_unix.h>
68#include <linux/parser.h>
69#include <linux/nfs_mount.h>
70#include <net/ipv6.h>
71#include <linux/hugetlb.h>
72#include <linux/personality.h>
73#include <linux/sysctl.h>
74#include <linux/audit.h>
75#include <linux/string.h>
76#include <linux/selinux.h>
77#include <linux/mutex.h>
78#include <linux/posix-timers.h>
79
80#include "avc.h"
81#include "objsec.h"
82#include "netif.h"
83#include "netnode.h"
84#include "netport.h"
85#include "xfrm.h"
86#include "netlabel.h"
87#include "audit.h"
88
89#define XATTR_SELINUX_SUFFIX "selinux"
90#define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX
91
92#define NUM_SEL_MNT_OPTS 4
93
94extern unsigned int policydb_loaded_version;
95extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm);
96extern int selinux_compat_net;
97extern struct security_operations *security_ops;
98
99
100atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
101
102#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
103int selinux_enforcing;
104
105static int __init enforcing_setup(char *str)
106{
107 unsigned long enforcing;
108 if (!strict_strtoul(str, 0, &enforcing))
109 selinux_enforcing = enforcing ? 1 : 0;
110 return 1;
111}
112__setup("enforcing=", enforcing_setup);
113#endif
114
115#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
116int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
117
118static int __init selinux_enabled_setup(char *str)
119{
120 unsigned long enabled;
121 if (!strict_strtoul(str, 0, &enabled))
122 selinux_enabled = enabled ? 1 : 0;
123 return 1;
124}
125__setup("selinux=", selinux_enabled_setup);
126#else
127int selinux_enabled = 1;
128#endif
129
130
131
132
133
134
135static struct security_operations *secondary_ops;
136
137
138
139static LIST_HEAD(superblock_security_head);
140static DEFINE_SPINLOCK(sb_security_lock);
141
142static struct kmem_cache *sel_inode_cache;
143
144
145
146
147
148
149
150
151
152
153
154static int selinux_secmark_enabled(void)
155{
156 return (atomic_read(&selinux_secmark_refcount) > 0);
157}
158
159
160
161static int task_alloc_security(struct task_struct *task)
162{
163 struct task_security_struct *tsec;
164
165 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
166 if (!tsec)
167 return -ENOMEM;
168
169 tsec->osid = tsec->sid = SECINITSID_UNLABELED;
170 task->security = tsec;
171
172 return 0;
173}
174
175static void task_free_security(struct task_struct *task)
176{
177 struct task_security_struct *tsec = task->security;
178 task->security = NULL;
179 kfree(tsec);
180}
181
182static int inode_alloc_security(struct inode *inode)
183{
184 struct task_security_struct *tsec = current->security;
185 struct inode_security_struct *isec;
186
187 isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
188 if (!isec)
189 return -ENOMEM;
190
191 mutex_init(&isec->lock);
192 INIT_LIST_HEAD(&isec->list);
193 isec->inode = inode;
194 isec->sid = SECINITSID_UNLABELED;
195 isec->sclass = SECCLASS_FILE;
196 isec->task_sid = tsec->sid;
197 inode->i_security = isec;
198
199 return 0;
200}
201
202static void inode_free_security(struct inode *inode)
203{
204 struct inode_security_struct *isec = inode->i_security;
205 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
206
207 spin_lock(&sbsec->isec_lock);
208 if (!list_empty(&isec->list))
209 list_del_init(&isec->list);
210 spin_unlock(&sbsec->isec_lock);
211
212 inode->i_security = NULL;
213 kmem_cache_free(sel_inode_cache, isec);
214}
215
216static int file_alloc_security(struct file *file)
217{
218 struct task_security_struct *tsec = current->security;
219 struct file_security_struct *fsec;
220
221 fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
222 if (!fsec)
223 return -ENOMEM;
224
225 fsec->sid = tsec->sid;
226 fsec->fown_sid = tsec->sid;
227 file->f_security = fsec;
228
229 return 0;
230}
231
232static void file_free_security(struct file *file)
233{
234 struct file_security_struct *fsec = file->f_security;
235 file->f_security = NULL;
236 kfree(fsec);
237}
238
239static int superblock_alloc_security(struct super_block *sb)
240{
241 struct superblock_security_struct *sbsec;
242
243 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
244 if (!sbsec)
245 return -ENOMEM;
246
247 mutex_init(&sbsec->lock);
248 INIT_LIST_HEAD(&sbsec->list);
249 INIT_LIST_HEAD(&sbsec->isec_head);
250 spin_lock_init(&sbsec->isec_lock);
251 sbsec->sb = sb;
252 sbsec->sid = SECINITSID_UNLABELED;
253 sbsec->def_sid = SECINITSID_FILE;
254 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
255 sb->s_security = sbsec;
256
257 return 0;
258}
259
260static void superblock_free_security(struct super_block *sb)
261{
262 struct superblock_security_struct *sbsec = sb->s_security;
263
264 spin_lock(&sb_security_lock);
265 if (!list_empty(&sbsec->list))
266 list_del_init(&sbsec->list);
267 spin_unlock(&sb_security_lock);
268
269 sb->s_security = NULL;
270 kfree(sbsec);
271}
272
273static int sk_alloc_security(struct sock *sk, int family, gfp_t priority)
274{
275 struct sk_security_struct *ssec;
276
277 ssec = kzalloc(sizeof(*ssec), priority);
278 if (!ssec)
279 return -ENOMEM;
280
281 ssec->peer_sid = SECINITSID_UNLABELED;
282 ssec->sid = SECINITSID_UNLABELED;
283 sk->sk_security = ssec;
284
285 selinux_netlbl_sk_security_reset(ssec, family);
286
287 return 0;
288}
289
290static void sk_free_security(struct sock *sk)
291{
292 struct sk_security_struct *ssec = sk->sk_security;
293
294 sk->sk_security = NULL;
295 selinux_netlbl_sk_security_free(ssec);
296 kfree(ssec);
297}
298
299
300
301extern int ss_initialized;
302
303
304
305static char *labeling_behaviors[6] = {
306 "uses xattr",
307 "uses transition SIDs",
308 "uses task SIDs",
309 "uses genfs_contexts",
310 "not configured for labeling",
311 "uses mountpoint labeling",
312};
313
314static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
315
316static inline int inode_doinit(struct inode *inode)
317{
318 return inode_doinit_with_dentry(inode, NULL);
319}
320
321enum {
322 Opt_error = -1,
323 Opt_context = 1,
324 Opt_fscontext = 2,
325 Opt_defcontext = 3,
326 Opt_rootcontext = 4,
327};
328
329static const match_table_t tokens = {
330 {Opt_context, CONTEXT_STR "%s"},
331 {Opt_fscontext, FSCONTEXT_STR "%s"},
332 {Opt_defcontext, DEFCONTEXT_STR "%s"},
333 {Opt_rootcontext, ROOTCONTEXT_STR "%s"},
334 {Opt_error, NULL},
335};
336
337#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
338
339static int may_context_mount_sb_relabel(u32 sid,
340 struct superblock_security_struct *sbsec,
341 struct task_security_struct *tsec)
342{
343 int rc;
344
345 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
346 FILESYSTEM__RELABELFROM, NULL);
347 if (rc)
348 return rc;
349
350 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
351 FILESYSTEM__RELABELTO, NULL);
352 return rc;
353}
354
355static int may_context_mount_inode_relabel(u32 sid,
356 struct superblock_security_struct *sbsec,
357 struct task_security_struct *tsec)
358{
359 int rc;
360 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
361 FILESYSTEM__RELABELFROM, NULL);
362 if (rc)
363 return rc;
364
365 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
366 FILESYSTEM__ASSOCIATE, NULL);
367 return rc;
368}
369
370static int sb_finish_set_opts(struct super_block *sb)
371{
372 struct superblock_security_struct *sbsec = sb->s_security;
373 struct dentry *root = sb->s_root;
374 struct inode *root_inode = root->d_inode;
375 int rc = 0;
376
377 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
378
379
380
381
382
383 if (!root_inode->i_op->getxattr) {
384 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
385 "xattr support\n", sb->s_id, sb->s_type->name);
386 rc = -EOPNOTSUPP;
387 goto out;
388 }
389 rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
390 if (rc < 0 && rc != -ENODATA) {
391 if (rc == -EOPNOTSUPP)
392 printk(KERN_WARNING "SELinux: (dev %s, type "
393 "%s) has no security xattr handler\n",
394 sb->s_id, sb->s_type->name);
395 else
396 printk(KERN_WARNING "SELinux: (dev %s, type "
397 "%s) getxattr errno %d\n", sb->s_id,
398 sb->s_type->name, -rc);
399 goto out;
400 }
401 }
402
403 sbsec->initialized = 1;
404
405 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
406 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
407 sb->s_id, sb->s_type->name);
408 else
409 printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
410 sb->s_id, sb->s_type->name,
411 labeling_behaviors[sbsec->behavior-1]);
412
413
414 rc = inode_doinit_with_dentry(root_inode, root);
415
416
417
418
419
420 spin_lock(&sbsec->isec_lock);
421next_inode:
422 if (!list_empty(&sbsec->isec_head)) {
423 struct inode_security_struct *isec =
424 list_entry(sbsec->isec_head.next,
425 struct inode_security_struct, list);
426 struct inode *inode = isec->inode;
427 spin_unlock(&sbsec->isec_lock);
428 inode = igrab(inode);
429 if (inode) {
430 if (!IS_PRIVATE(inode))
431 inode_doinit(inode);
432 iput(inode);
433 }
434 spin_lock(&sbsec->isec_lock);
435 list_del_init(&isec->list);
436 goto next_inode;
437 }
438 spin_unlock(&sbsec->isec_lock);
439out:
440 return rc;
441}
442
443
444
445
446
447
448static int selinux_get_mnt_opts(const struct super_block *sb,
449 struct security_mnt_opts *opts)
450{
451 int rc = 0, i;
452 struct superblock_security_struct *sbsec = sb->s_security;
453 char *context = NULL;
454 u32 len;
455 char tmp;
456
457 security_init_mnt_opts(opts);
458
459 if (!sbsec->initialized)
460 return -EINVAL;
461
462 if (!ss_initialized)
463 return -EINVAL;
464
465
466
467
468
469 tmp = sbsec->flags;
470
471 for (i = 0; i < 8; i++) {
472 if (tmp & 0x01)
473 opts->num_mnt_opts++;
474 tmp >>= 1;
475 }
476
477 opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);
478 if (!opts->mnt_opts) {
479 rc = -ENOMEM;
480 goto out_free;
481 }
482
483 opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC);
484 if (!opts->mnt_opts_flags) {
485 rc = -ENOMEM;
486 goto out_free;
487 }
488
489 i = 0;
490 if (sbsec->flags & FSCONTEXT_MNT) {
491 rc = security_sid_to_context(sbsec->sid, &context, &len);
492 if (rc)
493 goto out_free;
494 opts->mnt_opts[i] = context;
495 opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;
496 }
497 if (sbsec->flags & CONTEXT_MNT) {
498 rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);
499 if (rc)
500 goto out_free;
501 opts->mnt_opts[i] = context;
502 opts->mnt_opts_flags[i++] = CONTEXT_MNT;
503 }
504 if (sbsec->flags & DEFCONTEXT_MNT) {
505 rc = security_sid_to_context(sbsec->def_sid, &context, &len);
506 if (rc)
507 goto out_free;
508 opts->mnt_opts[i] = context;
509 opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT;
510 }
511 if (sbsec->flags & ROOTCONTEXT_MNT) {
512 struct inode *root = sbsec->sb->s_root->d_inode;
513 struct inode_security_struct *isec = root->i_security;
514
515 rc = security_sid_to_context(isec->sid, &context, &len);
516 if (rc)
517 goto out_free;
518 opts->mnt_opts[i] = context;
519 opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT;
520 }
521
522 BUG_ON(i != opts->num_mnt_opts);
523
524 return 0;
525
526out_free:
527 security_free_mnt_opts(opts);
528 return rc;
529}
530
531static int bad_option(struct superblock_security_struct *sbsec, char flag,
532 u32 old_sid, u32 new_sid)
533{
534
535 if (sbsec->initialized)
536 if (!(sbsec->flags & flag) ||
537 (old_sid != new_sid))
538 return 1;
539
540
541
542
543 if (!sbsec->initialized)
544 if (sbsec->flags & flag)
545 return 1;
546 return 0;
547}
548
549
550
551
552
553static int selinux_set_mnt_opts(struct super_block *sb,
554 struct security_mnt_opts *opts)
555{
556 int rc = 0, i;
557 struct task_security_struct *tsec = current->security;
558 struct superblock_security_struct *sbsec = sb->s_security;
559 const char *name = sb->s_type->name;
560 struct inode *inode = sbsec->sb->s_root->d_inode;
561 struct inode_security_struct *root_isec = inode->i_security;
562 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
563 u32 defcontext_sid = 0;
564 char **mount_options = opts->mnt_opts;
565 int *flags = opts->mnt_opts_flags;
566 int num_opts = opts->num_mnt_opts;
567
568 mutex_lock(&sbsec->lock);
569
570 if (!ss_initialized) {
571 if (!num_opts) {
572
573
574
575 spin_lock(&sb_security_lock);
576 if (list_empty(&sbsec->list))
577 list_add(&sbsec->list, &superblock_security_head);
578 spin_unlock(&sb_security_lock);
579 goto out;
580 }
581 rc = -EINVAL;
582 printk(KERN_WARNING "SELinux: Unable to set superblock options "
583 "before the security server is initialized\n");
584 goto out;
585 }
586
587
588
589
590
591
592
593
594
595
596
597
598 if (sbsec->initialized && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
599 && (num_opts == 0))
600 goto out;
601
602
603
604
605
606
607 for (i = 0; i < num_opts; i++) {
608 u32 sid;
609 rc = security_context_to_sid(mount_options[i],
610 strlen(mount_options[i]), &sid);
611 if (rc) {
612 printk(KERN_WARNING "SELinux: security_context_to_sid"
613 "(%s) failed for (dev %s, type %s) errno=%d\n",
614 mount_options[i], sb->s_id, name, rc);
615 goto out;
616 }
617 switch (flags[i]) {
618 case FSCONTEXT_MNT:
619 fscontext_sid = sid;
620
621 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
622 fscontext_sid))
623 goto out_double_mount;
624
625 sbsec->flags |= FSCONTEXT_MNT;
626 break;
627 case CONTEXT_MNT:
628 context_sid = sid;
629
630 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
631 context_sid))
632 goto out_double_mount;
633
634 sbsec->flags |= CONTEXT_MNT;
635 break;
636 case ROOTCONTEXT_MNT:
637 rootcontext_sid = sid;
638
639 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
640 rootcontext_sid))
641 goto out_double_mount;
642
643 sbsec->flags |= ROOTCONTEXT_MNT;
644
645 break;
646 case DEFCONTEXT_MNT:
647 defcontext_sid = sid;
648
649 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
650 defcontext_sid))
651 goto out_double_mount;
652
653 sbsec->flags |= DEFCONTEXT_MNT;
654
655 break;
656 default:
657 rc = -EINVAL;
658 goto out;
659 }
660 }
661
662 if (sbsec->initialized) {
663
664 if (sbsec->flags && !num_opts)
665 goto out_double_mount;
666 rc = 0;
667 goto out;
668 }
669
670 if (strcmp(sb->s_type->name, "proc") == 0)
671 sbsec->proc = 1;
672
673
674 rc = security_fs_use(sb->s_type->name, &sbsec->behavior, &sbsec->sid);
675 if (rc) {
676 printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
677 __func__, sb->s_type->name, rc);
678 goto out;
679 }
680
681
682 if (fscontext_sid) {
683
684 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, tsec);
685 if (rc)
686 goto out;
687
688 sbsec->sid = fscontext_sid;
689 }
690
691
692
693
694
695
696 if (context_sid) {
697 if (!fscontext_sid) {
698 rc = may_context_mount_sb_relabel(context_sid, sbsec, tsec);
699 if (rc)
700 goto out;
701 sbsec->sid = context_sid;
702 } else {
703 rc = may_context_mount_inode_relabel(context_sid, sbsec, tsec);
704 if (rc)
705 goto out;
706 }
707 if (!rootcontext_sid)
708 rootcontext_sid = context_sid;
709
710 sbsec->mntpoint_sid = context_sid;
711 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
712 }
713
714 if (rootcontext_sid) {
715 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec, tsec);
716 if (rc)
717 goto out;
718
719 root_isec->sid = rootcontext_sid;
720 root_isec->initialized = 1;
721 }
722
723 if (defcontext_sid) {
724 if (sbsec->behavior != SECURITY_FS_USE_XATTR) {
725 rc = -EINVAL;
726 printk(KERN_WARNING "SELinux: defcontext option is "
727 "invalid for this filesystem type\n");
728 goto out;
729 }
730
731 if (defcontext_sid != sbsec->def_sid) {
732 rc = may_context_mount_inode_relabel(defcontext_sid,
733 sbsec, tsec);
734 if (rc)
735 goto out;
736 }
737
738 sbsec->def_sid = defcontext_sid;
739 }
740
741 rc = sb_finish_set_opts(sb);
742out:
743 mutex_unlock(&sbsec->lock);
744 return rc;
745out_double_mount:
746 rc = -EINVAL;
747 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
748 "security settings for (dev %s, type %s)\n", sb->s_id, name);
749 goto out;
750}
751
752static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
753 struct super_block *newsb)
754{
755 const struct superblock_security_struct *oldsbsec = oldsb->s_security;
756 struct superblock_security_struct *newsbsec = newsb->s_security;
757
758 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
759 int set_context = (oldsbsec->flags & CONTEXT_MNT);
760 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
761
762
763
764
765
766
767 if (!ss_initialized) {
768 spin_lock(&sb_security_lock);
769 if (list_empty(&newsbsec->list))
770 list_add(&newsbsec->list, &superblock_security_head);
771 spin_unlock(&sb_security_lock);
772 return;
773 }
774
775
776 BUG_ON(!oldsbsec->initialized);
777
778
779 if (newsbsec->initialized)
780 return;
781
782 mutex_lock(&newsbsec->lock);
783
784 newsbsec->flags = oldsbsec->flags;
785
786 newsbsec->sid = oldsbsec->sid;
787 newsbsec->def_sid = oldsbsec->def_sid;
788 newsbsec->behavior = oldsbsec->behavior;
789
790 if (set_context) {
791 u32 sid = oldsbsec->mntpoint_sid;
792
793 if (!set_fscontext)
794 newsbsec->sid = sid;
795 if (!set_rootcontext) {
796 struct inode *newinode = newsb->s_root->d_inode;
797 struct inode_security_struct *newisec = newinode->i_security;
798 newisec->sid = sid;
799 }
800 newsbsec->mntpoint_sid = sid;
801 }
802 if (set_rootcontext) {
803 const struct inode *oldinode = oldsb->s_root->d_inode;
804 const struct inode_security_struct *oldisec = oldinode->i_security;
805 struct inode *newinode = newsb->s_root->d_inode;
806 struct inode_security_struct *newisec = newinode->i_security;
807
808 newisec->sid = oldisec->sid;
809 }
810
811 sb_finish_set_opts(newsb);
812 mutex_unlock(&newsbsec->lock);
813}
814
815static int selinux_parse_opts_str(char *options,
816 struct security_mnt_opts *opts)
817{
818 char *p;
819 char *context = NULL, *defcontext = NULL;
820 char *fscontext = NULL, *rootcontext = NULL;
821 int rc, num_mnt_opts = 0;
822
823 opts->num_mnt_opts = 0;
824
825
826 while ((p = strsep(&options, "|")) != NULL) {
827 int token;
828 substring_t args[MAX_OPT_ARGS];
829
830 if (!*p)
831 continue;
832
833 token = match_token(p, tokens, args);
834
835 switch (token) {
836 case Opt_context:
837 if (context || defcontext) {
838 rc = -EINVAL;
839 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
840 goto out_err;
841 }
842 context = match_strdup(&args[0]);
843 if (!context) {
844 rc = -ENOMEM;
845 goto out_err;
846 }
847 break;
848
849 case Opt_fscontext:
850 if (fscontext) {
851 rc = -EINVAL;
852 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
853 goto out_err;
854 }
855 fscontext = match_strdup(&args[0]);
856 if (!fscontext) {
857 rc = -ENOMEM;
858 goto out_err;
859 }
860 break;
861
862 case Opt_rootcontext:
863 if (rootcontext) {
864 rc = -EINVAL;
865 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
866 goto out_err;
867 }
868 rootcontext = match_strdup(&args[0]);
869 if (!rootcontext) {
870 rc = -ENOMEM;
871 goto out_err;
872 }
873 break;
874
875 case Opt_defcontext:
876 if (context || defcontext) {
877 rc = -EINVAL;
878 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
879 goto out_err;
880 }
881 defcontext = match_strdup(&args[0]);
882 if (!defcontext) {
883 rc = -ENOMEM;
884 goto out_err;
885 }
886 break;
887
888 default:
889 rc = -EINVAL;
890 printk(KERN_WARNING "SELinux: unknown mount option\n");
891 goto out_err;
892
893 }
894 }
895
896 rc = -ENOMEM;
897 opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_ATOMIC);
898 if (!opts->mnt_opts)
899 goto out_err;
900
901 opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), GFP_ATOMIC);
902 if (!opts->mnt_opts_flags) {
903 kfree(opts->mnt_opts);
904 goto out_err;
905 }
906
907 if (fscontext) {
908 opts->mnt_opts[num_mnt_opts] = fscontext;
909 opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT;
910 }
911 if (context) {
912 opts->mnt_opts[num_mnt_opts] = context;
913 opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT;
914 }
915 if (rootcontext) {
916 opts->mnt_opts[num_mnt_opts] = rootcontext;
917 opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT;
918 }
919 if (defcontext) {
920 opts->mnt_opts[num_mnt_opts] = defcontext;
921 opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT;
922 }
923
924 opts->num_mnt_opts = num_mnt_opts;
925 return 0;
926
927out_err:
928 kfree(context);
929 kfree(defcontext);
930 kfree(fscontext);
931 kfree(rootcontext);
932 return rc;
933}
934
935
936
937static int superblock_doinit(struct super_block *sb, void *data)
938{
939 int rc = 0;
940 char *options = data;
941 struct security_mnt_opts opts;
942
943 security_init_mnt_opts(&opts);
944
945 if (!data)
946 goto out;
947
948 BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);
949
950 rc = selinux_parse_opts_str(options, &opts);
951 if (rc)
952 goto out_err;
953
954out:
955 rc = selinux_set_mnt_opts(sb, &opts);
956
957out_err:
958 security_free_mnt_opts(&opts);
959 return rc;
960}
961
962static void selinux_write_opts(struct seq_file *m,
963 struct security_mnt_opts *opts)
964{
965 int i;
966 char *prefix;
967
968 for (i = 0; i < opts->num_mnt_opts; i++) {
969 char *has_comma = strchr(opts->mnt_opts[i], ',');
970
971 switch (opts->mnt_opts_flags[i]) {
972 case CONTEXT_MNT:
973 prefix = CONTEXT_STR;
974 break;
975 case FSCONTEXT_MNT:
976 prefix = FSCONTEXT_STR;
977 break;
978 case ROOTCONTEXT_MNT:
979 prefix = ROOTCONTEXT_STR;
980 break;
981 case DEFCONTEXT_MNT:
982 prefix = DEFCONTEXT_STR;
983 break;
984 default:
985 BUG();
986 };
987
988 seq_putc(m, ',');
989 seq_puts(m, prefix);
990 if (has_comma)
991 seq_putc(m, '\"');
992 seq_puts(m, opts->mnt_opts[i]);
993 if (has_comma)
994 seq_putc(m, '\"');
995 }
996}
997
998static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
999{
1000 struct security_mnt_opts opts;
1001 int rc;
1002
1003 rc = selinux_get_mnt_opts(sb, &opts);
1004 if (rc) {
1005
1006 if (rc == -EINVAL)
1007 rc = 0;
1008 return rc;
1009 }
1010
1011 selinux_write_opts(m, &opts);
1012
1013 security_free_mnt_opts(&opts);
1014
1015 return rc;
1016}
1017
1018static inline u16 inode_mode_to_security_class(umode_t mode)
1019{
1020 switch (mode & S_IFMT) {
1021 case S_IFSOCK:
1022 return SECCLASS_SOCK_FILE;
1023 case S_IFLNK:
1024 return SECCLASS_LNK_FILE;
1025 case S_IFREG:
1026 return SECCLASS_FILE;
1027 case S_IFBLK:
1028 return SECCLASS_BLK_FILE;
1029 case S_IFDIR:
1030 return SECCLASS_DIR;
1031 case S_IFCHR:
1032 return SECCLASS_CHR_FILE;
1033 case S_IFIFO:
1034 return SECCLASS_FIFO_FILE;
1035
1036 }
1037
1038 return SECCLASS_FILE;
1039}
1040
1041static inline int default_protocol_stream(int protocol)
1042{
1043 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
1044}
1045
1046static inline int default_protocol_dgram(int protocol)
1047{
1048 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
1049}
1050
1051static inline u16 socket_type_to_security_class(int family, int type, int protocol)
1052{
1053 switch (family) {
1054 case PF_UNIX:
1055 switch (type) {
1056 case SOCK_STREAM:
1057 case SOCK_SEQPACKET:
1058 return SECCLASS_UNIX_STREAM_SOCKET;
1059 case SOCK_DGRAM:
1060 return SECCLASS_UNIX_DGRAM_SOCKET;
1061 }
1062 break;
1063 case PF_INET:
1064 case PF_INET6:
1065 switch (type) {
1066 case SOCK_STREAM:
1067 if (default_protocol_stream(protocol))
1068 return SECCLASS_TCP_SOCKET;
1069 else
1070 return SECCLASS_RAWIP_SOCKET;
1071 case SOCK_DGRAM:
1072 if (default_protocol_dgram(protocol))
1073 return SECCLASS_UDP_SOCKET;
1074 else
1075 return SECCLASS_RAWIP_SOCKET;
1076 case SOCK_DCCP:
1077 return SECCLASS_DCCP_SOCKET;
1078 default:
1079 return SECCLASS_RAWIP_SOCKET;
1080 }
1081 break;
1082 case PF_NETLINK:
1083 switch (protocol) {
1084 case NETLINK_ROUTE:
1085 return SECCLASS_NETLINK_ROUTE_SOCKET;
1086 case NETLINK_FIREWALL:
1087 return SECCLASS_NETLINK_FIREWALL_SOCKET;
1088 case NETLINK_INET_DIAG:
1089 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
1090 case NETLINK_NFLOG:
1091 return SECCLASS_NETLINK_NFLOG_SOCKET;
1092 case NETLINK_XFRM:
1093 return SECCLASS_NETLINK_XFRM_SOCKET;
1094 case NETLINK_SELINUX:
1095 return SECCLASS_NETLINK_SELINUX_SOCKET;
1096 case NETLINK_AUDIT:
1097 return SECCLASS_NETLINK_AUDIT_SOCKET;
1098 case NETLINK_IP6_FW:
1099 return SECCLASS_NETLINK_IP6FW_SOCKET;
1100 case NETLINK_DNRTMSG:
1101 return SECCLASS_NETLINK_DNRT_SOCKET;
1102 case NETLINK_KOBJECT_UEVENT:
1103 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
1104 default:
1105 return SECCLASS_NETLINK_SOCKET;
1106 }
1107 case PF_PACKET:
1108 return SECCLASS_PACKET_SOCKET;
1109 case PF_KEY:
1110 return SECCLASS_KEY_SOCKET;
1111 case PF_APPLETALK:
1112 return SECCLASS_APPLETALK_SOCKET;
1113 }
1114
1115 return SECCLASS_SOCKET;
1116}
1117
1118#ifdef CONFIG_PROC_FS
1119static int selinux_proc_get_sid(struct proc_dir_entry *de,
1120 u16 tclass,
1121 u32 *sid)
1122{
1123 int buflen, rc;
1124 char *buffer, *path, *end;
1125
1126 buffer = (char *)__get_free_page(GFP_KERNEL);
1127 if (!buffer)
1128 return -ENOMEM;
1129
1130 buflen = PAGE_SIZE;
1131 end = buffer+buflen;
1132 *--end = '\0';
1133 buflen--;
1134 path = end-1;
1135 *path = '/';
1136 while (de && de != de->parent) {
1137 buflen -= de->namelen + 1;
1138 if (buflen < 0)
1139 break;
1140 end -= de->namelen;
1141 memcpy(end, de->name, de->namelen);
1142 *--end = '/';
1143 path = end;
1144 de = de->parent;
1145 }
1146 rc = security_genfs_sid("proc", path, tclass, sid);
1147 free_page((unsigned long)buffer);
1148 return rc;
1149}
1150#else
1151static int selinux_proc_get_sid(struct proc_dir_entry *de,
1152 u16 tclass,
1153 u32 *sid)
1154{
1155 return -EINVAL;
1156}
1157#endif
1158
1159
1160static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1161{
1162 struct superblock_security_struct *sbsec = NULL;
1163 struct inode_security_struct *isec = inode->i_security;
1164 u32 sid;
1165 struct dentry *dentry;
1166#define INITCONTEXTLEN 255
1167 char *context = NULL;
1168 unsigned len = 0;
1169 int rc = 0;
1170
1171 if (isec->initialized)
1172 goto out;
1173
1174 mutex_lock(&isec->lock);
1175 if (isec->initialized)
1176 goto out_unlock;
1177
1178 sbsec = inode->i_sb->s_security;
1179 if (!sbsec->initialized) {
1180
1181
1182
1183 spin_lock(&sbsec->isec_lock);
1184 if (list_empty(&isec->list))
1185 list_add(&isec->list, &sbsec->isec_head);
1186 spin_unlock(&sbsec->isec_lock);
1187 goto out_unlock;
1188 }
1189
1190 switch (sbsec->behavior) {
1191 case SECURITY_FS_USE_XATTR:
1192 if (!inode->i_op->getxattr) {
1193 isec->sid = sbsec->def_sid;
1194 break;
1195 }
1196
1197
1198
1199 if (opt_dentry) {
1200
1201 dentry = dget(opt_dentry);
1202 } else {
1203
1204 dentry = d_find_alias(inode);
1205 }
1206 if (!dentry) {
1207 printk(KERN_WARNING "SELinux: %s: no dentry for dev=%s "
1208 "ino=%ld\n", __func__, inode->i_sb->s_id,
1209 inode->i_ino);
1210 goto out_unlock;
1211 }
1212
1213 len = INITCONTEXTLEN;
1214 context = kmalloc(len, GFP_NOFS);
1215 if (!context) {
1216 rc = -ENOMEM;
1217 dput(dentry);
1218 goto out_unlock;
1219 }
1220 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1221 context, len);
1222 if (rc == -ERANGE) {
1223
1224 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1225 NULL, 0);
1226 if (rc < 0) {
1227 dput(dentry);
1228 goto out_unlock;
1229 }
1230 kfree(context);
1231 len = rc;
1232 context = kmalloc(len, GFP_NOFS);
1233 if (!context) {
1234 rc = -ENOMEM;
1235 dput(dentry);
1236 goto out_unlock;
1237 }
1238 rc = inode->i_op->getxattr(dentry,
1239 XATTR_NAME_SELINUX,
1240 context, len);
1241 }
1242 dput(dentry);
1243 if (rc < 0) {
1244 if (rc != -ENODATA) {
1245 printk(KERN_WARNING "SELinux: %s: getxattr returned "
1246 "%d for dev=%s ino=%ld\n", __func__,
1247 -rc, inode->i_sb->s_id, inode->i_ino);
1248 kfree(context);
1249 goto out_unlock;
1250 }
1251
1252 sid = sbsec->def_sid;
1253 rc = 0;
1254 } else {
1255 rc = security_context_to_sid_default(context, rc, &sid,
1256 sbsec->def_sid,
1257 GFP_NOFS);
1258 if (rc) {
1259 printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
1260 "returned %d for dev=%s ino=%ld\n",
1261 __func__, context, -rc,
1262 inode->i_sb->s_id, inode->i_ino);
1263 kfree(context);
1264
1265 rc = 0;
1266 break;
1267 }
1268 }
1269 kfree(context);
1270 isec->sid = sid;
1271 break;
1272 case SECURITY_FS_USE_TASK:
1273 isec->sid = isec->task_sid;
1274 break;
1275 case SECURITY_FS_USE_TRANS:
1276
1277 isec->sid = sbsec->sid;
1278
1279
1280 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1281 rc = security_transition_sid(isec->task_sid,
1282 sbsec->sid,
1283 isec->sclass,
1284 &sid);
1285 if (rc)
1286 goto out_unlock;
1287 isec->sid = sid;
1288 break;
1289 case SECURITY_FS_USE_MNTPOINT:
1290 isec->sid = sbsec->mntpoint_sid;
1291 break;
1292 default:
1293
1294 isec->sid = sbsec->sid;
1295
1296 if (sbsec->proc && !S_ISLNK(inode->i_mode)) {
1297 struct proc_inode *proci = PROC_I(inode);
1298 if (proci->pde) {
1299 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1300 rc = selinux_proc_get_sid(proci->pde,
1301 isec->sclass,
1302 &sid);
1303 if (rc)
1304 goto out_unlock;
1305 isec->sid = sid;
1306 }
1307 }
1308 break;
1309 }
1310
1311 isec->initialized = 1;
1312
1313out_unlock:
1314 mutex_unlock(&isec->lock);
1315out:
1316 if (isec->sclass == SECCLASS_FILE)
1317 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1318 return rc;
1319}
1320
1321
1322static inline u32 signal_to_av(int sig)
1323{
1324 u32 perm = 0;
1325
1326 switch (sig) {
1327 case SIGCHLD:
1328
1329 perm = PROCESS__SIGCHLD;
1330 break;
1331 case SIGKILL:
1332
1333 perm = PROCESS__SIGKILL;
1334 break;
1335 case SIGSTOP:
1336
1337 perm = PROCESS__SIGSTOP;
1338 break;
1339 default:
1340
1341 perm = PROCESS__SIGNAL;
1342 break;
1343 }
1344
1345 return perm;
1346}
1347
1348
1349
1350static int task_has_perm(struct task_struct *tsk1,
1351 struct task_struct *tsk2,
1352 u32 perms)
1353{
1354 struct task_security_struct *tsec1, *tsec2;
1355
1356 tsec1 = tsk1->security;
1357 tsec2 = tsk2->security;
1358 return avc_has_perm(tsec1->sid, tsec2->sid,
1359 SECCLASS_PROCESS, perms, NULL);
1360}
1361
1362#if CAP_LAST_CAP > 63
1363#error Fix SELinux to handle capabilities > 63.
1364#endif
1365
1366
1367static int task_has_capability(struct task_struct *tsk,
1368 int cap)
1369{
1370 struct task_security_struct *tsec;
1371 struct avc_audit_data ad;
1372 u16 sclass;
1373 u32 av = CAP_TO_MASK(cap);
1374
1375 tsec = tsk->security;
1376
1377 AVC_AUDIT_DATA_INIT(&ad, CAP);
1378 ad.tsk = tsk;
1379 ad.u.cap = cap;
1380
1381 switch (CAP_TO_INDEX(cap)) {
1382 case 0:
1383 sclass = SECCLASS_CAPABILITY;
1384 break;
1385 case 1:
1386 sclass = SECCLASS_CAPABILITY2;
1387 break;
1388 default:
1389 printk(KERN_ERR
1390 "SELinux: out of range capability %d\n", cap);
1391 BUG();
1392 }
1393 return avc_has_perm(tsec->sid, tsec->sid, sclass, av, &ad);
1394}
1395
1396
1397static int task_has_system(struct task_struct *tsk,
1398 u32 perms)
1399{
1400 struct task_security_struct *tsec;
1401
1402 tsec = tsk->security;
1403
1404 return avc_has_perm(tsec->sid, SECINITSID_KERNEL,
1405 SECCLASS_SYSTEM, perms, NULL);
1406}
1407
1408
1409
1410
1411static int inode_has_perm(struct task_struct *tsk,
1412 struct inode *inode,
1413 u32 perms,
1414 struct avc_audit_data *adp)
1415{
1416 struct task_security_struct *tsec;
1417 struct inode_security_struct *isec;
1418 struct avc_audit_data ad;
1419
1420 if (unlikely(IS_PRIVATE(inode)))
1421 return 0;
1422
1423 tsec = tsk->security;
1424 isec = inode->i_security;
1425
1426 if (!adp) {
1427 adp = &ad;
1428 AVC_AUDIT_DATA_INIT(&ad, FS);
1429 ad.u.fs.inode = inode;
1430 }
1431
1432 return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, adp);
1433}
1434
1435
1436
1437
1438static inline int dentry_has_perm(struct task_struct *tsk,
1439 struct vfsmount *mnt,
1440 struct dentry *dentry,
1441 u32 av)
1442{
1443 struct inode *inode = dentry->d_inode;
1444 struct avc_audit_data ad;
1445 AVC_AUDIT_DATA_INIT(&ad, FS);
1446 ad.u.fs.path.mnt = mnt;
1447 ad.u.fs.path.dentry = dentry;
1448 return inode_has_perm(tsk, inode, av, &ad);
1449}
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459static int file_has_perm(struct task_struct *tsk,
1460 struct file *file,
1461 u32 av)
1462{
1463 struct task_security_struct *tsec = tsk->security;
1464 struct file_security_struct *fsec = file->f_security;
1465 struct inode *inode = file->f_path.dentry->d_inode;
1466 struct avc_audit_data ad;
1467 int rc;
1468
1469 AVC_AUDIT_DATA_INIT(&ad, FS);
1470 ad.u.fs.path = file->f_path;
1471
1472 if (tsec->sid != fsec->sid) {
1473 rc = avc_has_perm(tsec->sid, fsec->sid,
1474 SECCLASS_FD,
1475 FD__USE,
1476 &ad);
1477 if (rc)
1478 return rc;
1479 }
1480
1481
1482 if (av)
1483 return inode_has_perm(tsk, inode, av, &ad);
1484
1485 return 0;
1486}
1487
1488
1489static int may_create(struct inode *dir,
1490 struct dentry *dentry,
1491 u16 tclass)
1492{
1493 struct task_security_struct *tsec;
1494 struct inode_security_struct *dsec;
1495 struct superblock_security_struct *sbsec;
1496 u32 newsid;
1497 struct avc_audit_data ad;
1498 int rc;
1499
1500 tsec = current->security;
1501 dsec = dir->i_security;
1502 sbsec = dir->i_sb->s_security;
1503
1504 AVC_AUDIT_DATA_INIT(&ad, FS);
1505 ad.u.fs.path.dentry = dentry;
1506
1507 rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR,
1508 DIR__ADD_NAME | DIR__SEARCH,
1509 &ad);
1510 if (rc)
1511 return rc;
1512
1513 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
1514 newsid = tsec->create_sid;
1515 } else {
1516 rc = security_transition_sid(tsec->sid, dsec->sid, tclass,
1517 &newsid);
1518 if (rc)
1519 return rc;
1520 }
1521
1522 rc = avc_has_perm(tsec->sid, newsid, tclass, FILE__CREATE, &ad);
1523 if (rc)
1524 return rc;
1525
1526 return avc_has_perm(newsid, sbsec->sid,
1527 SECCLASS_FILESYSTEM,
1528 FILESYSTEM__ASSOCIATE, &ad);
1529}
1530
1531
1532static int may_create_key(u32 ksid,
1533 struct task_struct *ctx)
1534{
1535 struct task_security_struct *tsec;
1536
1537 tsec = ctx->security;
1538
1539 return avc_has_perm(tsec->sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1540}
1541
1542#define MAY_LINK 0
1543#define MAY_UNLINK 1
1544#define MAY_RMDIR 2
1545
1546
1547static int may_link(struct inode *dir,
1548 struct dentry *dentry,
1549 int kind)
1550
1551{
1552 struct task_security_struct *tsec;
1553 struct inode_security_struct *dsec, *isec;
1554 struct avc_audit_data ad;
1555 u32 av;
1556 int rc;
1557
1558 tsec = current->security;
1559 dsec = dir->i_security;
1560 isec = dentry->d_inode->i_security;
1561
1562 AVC_AUDIT_DATA_INIT(&ad, FS);
1563 ad.u.fs.path.dentry = dentry;
1564
1565 av = DIR__SEARCH;
1566 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1567 rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR, av, &ad);
1568 if (rc)
1569 return rc;
1570
1571 switch (kind) {
1572 case MAY_LINK:
1573 av = FILE__LINK;
1574 break;
1575 case MAY_UNLINK:
1576 av = FILE__UNLINK;
1577 break;
1578 case MAY_RMDIR:
1579 av = DIR__RMDIR;
1580 break;
1581 default:
1582 printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
1583 __func__, kind);
1584 return 0;
1585 }
1586
1587 rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass, av, &ad);
1588 return rc;
1589}
1590
1591static inline int may_rename(struct inode *old_dir,
1592 struct dentry *old_dentry,
1593 struct inode *new_dir,
1594 struct dentry *new_dentry)
1595{
1596 struct task_security_struct *tsec;
1597 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1598 struct avc_audit_data ad;
1599 u32 av;
1600 int old_is_dir, new_is_dir;
1601 int rc;
1602
1603 tsec = current->security;
1604 old_dsec = old_dir->i_security;
1605 old_isec = old_dentry->d_inode->i_security;
1606 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
1607 new_dsec = new_dir->i_security;
1608
1609 AVC_AUDIT_DATA_INIT(&ad, FS);
1610
1611 ad.u.fs.path.dentry = old_dentry;
1612 rc = avc_has_perm(tsec->sid, old_dsec->sid, SECCLASS_DIR,
1613 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1614 if (rc)
1615 return rc;
1616 rc = avc_has_perm(tsec->sid, old_isec->sid,
1617 old_isec->sclass, FILE__RENAME, &ad);
1618 if (rc)
1619 return rc;
1620 if (old_is_dir && new_dir != old_dir) {
1621 rc = avc_has_perm(tsec->sid, old_isec->sid,
1622 old_isec->sclass, DIR__REPARENT, &ad);
1623 if (rc)
1624 return rc;
1625 }
1626
1627 ad.u.fs.path.dentry = new_dentry;
1628 av = DIR__ADD_NAME | DIR__SEARCH;
1629 if (new_dentry->d_inode)
1630 av |= DIR__REMOVE_NAME;
1631 rc = avc_has_perm(tsec->sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1632 if (rc)
1633 return rc;
1634 if (new_dentry->d_inode) {
1635 new_isec = new_dentry->d_inode->i_security;
1636 new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
1637 rc = avc_has_perm(tsec->sid, new_isec->sid,
1638 new_isec->sclass,
1639 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1640 if (rc)
1641 return rc;
1642 }
1643
1644 return 0;
1645}
1646
1647
1648static int superblock_has_perm(struct task_struct *tsk,
1649 struct super_block *sb,
1650 u32 perms,
1651 struct avc_audit_data *ad)
1652{
1653 struct task_security_struct *tsec;
1654 struct superblock_security_struct *sbsec;
1655
1656 tsec = tsk->security;
1657 sbsec = sb->s_security;
1658 return avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
1659 perms, ad);
1660}
1661
1662
1663static inline u32 file_mask_to_av(int mode, int mask)
1664{
1665 u32 av = 0;
1666
1667 if ((mode & S_IFMT) != S_IFDIR) {
1668 if (mask & MAY_EXEC)
1669 av |= FILE__EXECUTE;
1670 if (mask & MAY_READ)
1671 av |= FILE__READ;
1672
1673 if (mask & MAY_APPEND)
1674 av |= FILE__APPEND;
1675 else if (mask & MAY_WRITE)
1676 av |= FILE__WRITE;
1677
1678 } else {
1679 if (mask & MAY_EXEC)
1680 av |= DIR__SEARCH;
1681 if (mask & MAY_WRITE)
1682 av |= DIR__WRITE;
1683 if (mask & MAY_READ)
1684 av |= DIR__READ;
1685 }
1686
1687 return av;
1688}
1689
1690
1691
1692
1693
1694static inline u32 open_file_mask_to_av(int mode, int mask)
1695{
1696 u32 av = file_mask_to_av(mode, mask);
1697
1698 if (selinux_policycap_openperm) {
1699
1700
1701
1702 if (S_ISREG(mode))
1703 av |= FILE__OPEN;
1704 else if (S_ISCHR(mode))
1705 av |= CHR_FILE__OPEN;
1706 else if (S_ISBLK(mode))
1707 av |= BLK_FILE__OPEN;
1708 else if (S_ISFIFO(mode))
1709 av |= FIFO_FILE__OPEN;
1710 else if (S_ISDIR(mode))
1711 av |= DIR__OPEN;
1712 else
1713 printk(KERN_ERR "SELinux: WARNING: inside %s with "
1714 "unknown mode:%x\n", __func__, mode);
1715 }
1716 return av;
1717}
1718
1719
1720static inline u32 file_to_av(struct file *file)
1721{
1722 u32 av = 0;
1723
1724 if (file->f_mode & FMODE_READ)
1725 av |= FILE__READ;
1726 if (file->f_mode & FMODE_WRITE) {
1727 if (file->f_flags & O_APPEND)
1728 av |= FILE__APPEND;
1729 else
1730 av |= FILE__WRITE;
1731 }
1732 if (!av) {
1733
1734
1735
1736 av = FILE__IOCTL;
1737 }
1738
1739 return av;
1740}
1741
1742
1743
1744static int selinux_ptrace_may_access(struct task_struct *child,
1745 unsigned int mode)
1746{
1747 int rc;
1748
1749 rc = secondary_ops->ptrace_may_access(child, mode);
1750 if (rc)
1751 return rc;
1752
1753 if (mode == PTRACE_MODE_READ) {
1754 struct task_security_struct *tsec = current->security;
1755 struct task_security_struct *csec = child->security;
1756 return avc_has_perm(tsec->sid, csec->sid,
1757 SECCLASS_FILE, FILE__READ, NULL);
1758 }
1759
1760 return task_has_perm(current, child, PROCESS__PTRACE);
1761}
1762
1763static int selinux_ptrace_traceme(struct task_struct *parent)
1764{
1765 int rc;
1766
1767 rc = secondary_ops->ptrace_traceme(parent);
1768 if (rc)
1769 return rc;
1770
1771 return task_has_perm(parent, current, PROCESS__PTRACE);
1772}
1773
1774static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
1775 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1776{
1777 int error;
1778
1779 error = task_has_perm(current, target, PROCESS__GETCAP);
1780 if (error)
1781 return error;
1782
1783 return secondary_ops->capget(target, effective, inheritable, permitted);
1784}
1785
1786static int selinux_capset_check(struct task_struct *target, kernel_cap_t *effective,
1787 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1788{
1789 int error;
1790
1791 error = secondary_ops->capset_check(target, effective, inheritable, permitted);
1792 if (error)
1793 return error;
1794
1795 return task_has_perm(current, target, PROCESS__SETCAP);
1796}
1797
1798static void selinux_capset_set(struct task_struct *target, kernel_cap_t *effective,
1799 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1800{
1801 secondary_ops->capset_set(target, effective, inheritable, permitted);
1802}
1803
1804static int selinux_capable(struct task_struct *tsk, int cap)
1805{
1806 int rc;
1807
1808 rc = secondary_ops->capable(tsk, cap);
1809 if (rc)
1810 return rc;
1811
1812 return task_has_capability(tsk, cap);
1813}
1814
1815static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid)
1816{
1817 int buflen, rc;
1818 char *buffer, *path, *end;
1819
1820 rc = -ENOMEM;
1821 buffer = (char *)__get_free_page(GFP_KERNEL);
1822 if (!buffer)
1823 goto out;
1824
1825 buflen = PAGE_SIZE;
1826 end = buffer+buflen;
1827 *--end = '\0';
1828 buflen--;
1829 path = end-1;
1830 *path = '/';
1831 while (table) {
1832 const char *name = table->procname;
1833 size_t namelen = strlen(name);
1834 buflen -= namelen + 1;
1835 if (buflen < 0)
1836 goto out_free;
1837 end -= namelen;
1838 memcpy(end, name, namelen);
1839 *--end = '/';
1840 path = end;
1841 table = table->parent;
1842 }
1843 buflen -= 4;
1844 if (buflen < 0)
1845 goto out_free;
1846 end -= 4;
1847 memcpy(end, "/sys", 4);
1848 path = end;
1849 rc = security_genfs_sid("proc", path, tclass, sid);
1850out_free:
1851 free_page((unsigned long)buffer);
1852out:
1853 return rc;
1854}
1855
1856static int selinux_sysctl(ctl_table *table, int op)
1857{
1858 int error = 0;
1859 u32 av;
1860 struct task_security_struct *tsec;
1861 u32 tsid;
1862 int rc;
1863
1864 rc = secondary_ops->sysctl(table, op);
1865 if (rc)
1866 return rc;
1867
1868 tsec = current->security;
1869
1870 rc = selinux_sysctl_get_sid(table, (op == 0001) ?
1871 SECCLASS_DIR : SECCLASS_FILE, &tsid);
1872 if (rc) {
1873
1874 tsid = SECINITSID_SYSCTL;
1875 }
1876
1877
1878
1879 if (op == 001) {
1880 error = avc_has_perm(tsec->sid, tsid,
1881 SECCLASS_DIR, DIR__SEARCH, NULL);
1882 } else {
1883 av = 0;
1884 if (op & 004)
1885 av |= FILE__READ;
1886 if (op & 002)
1887 av |= FILE__WRITE;
1888 if (av)
1889 error = avc_has_perm(tsec->sid, tsid,
1890 SECCLASS_FILE, av, NULL);
1891 }
1892
1893 return error;
1894}
1895
1896static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
1897{
1898 int rc = 0;
1899
1900 if (!sb)
1901 return 0;
1902
1903 switch (cmds) {
1904 case Q_SYNC:
1905 case Q_QUOTAON:
1906 case Q_QUOTAOFF:
1907 case Q_SETINFO:
1908 case Q_SETQUOTA:
1909 rc = superblock_has_perm(current, sb, FILESYSTEM__QUOTAMOD,
1910 NULL);
1911 break;
1912 case Q_GETFMT:
1913 case Q_GETINFO:
1914 case Q_GETQUOTA:
1915 rc = superblock_has_perm(current, sb, FILESYSTEM__QUOTAGET,
1916 NULL);
1917 break;
1918 default:
1919 rc = 0;
1920 break;
1921 }
1922 return rc;
1923}
1924
1925static int selinux_quota_on(struct dentry *dentry)
1926{
1927 return dentry_has_perm(current, NULL, dentry, FILE__QUOTAON);
1928}
1929
1930static int selinux_syslog(int type)
1931{
1932 int rc;
1933
1934 rc = secondary_ops->syslog(type);
1935 if (rc)
1936 return rc;
1937
1938 switch (type) {
1939 case 3:
1940 case 10:
1941 rc = task_has_system(current, SYSTEM__SYSLOG_READ);
1942 break;
1943 case 6:
1944 case 7:
1945 case 8:
1946 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
1947 break;
1948 case 0:
1949 case 1:
1950 case 2:
1951 case 4:
1952 case 5:
1953 default:
1954 rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
1955 break;
1956 }
1957 return rc;
1958}
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
1973{
1974 int rc, cap_sys_admin = 0;
1975 struct task_security_struct *tsec = current->security;
1976
1977 rc = secondary_ops->capable(current, CAP_SYS_ADMIN);
1978 if (rc == 0)
1979 rc = avc_has_perm_noaudit(tsec->sid, tsec->sid,
1980 SECCLASS_CAPABILITY,
1981 CAP_TO_MASK(CAP_SYS_ADMIN),
1982 0,
1983 NULL);
1984
1985 if (rc == 0)
1986 cap_sys_admin = 1;
1987
1988 return __vm_enough_memory(mm, pages, cap_sys_admin);
1989}
1990
1991
1992
1993static int selinux_bprm_alloc_security(struct linux_binprm *bprm)
1994{
1995 struct bprm_security_struct *bsec;
1996
1997 bsec = kzalloc(sizeof(struct bprm_security_struct), GFP_KERNEL);
1998 if (!bsec)
1999 return -ENOMEM;
2000
2001 bsec->sid = SECINITSID_UNLABELED;
2002 bsec->set = 0;
2003
2004 bprm->security = bsec;
2005 return 0;
2006}
2007
2008static int selinux_bprm_set_security(struct linux_binprm *bprm)
2009{
2010 struct task_security_struct *tsec;
2011 struct inode *inode = bprm->file->f_path.dentry->d_inode;
2012 struct inode_security_struct *isec;
2013 struct bprm_security_struct *bsec;
2014 u32 newsid;
2015 struct avc_audit_data ad;
2016 int rc;
2017
2018 rc = secondary_ops->bprm_set_security(bprm);
2019 if (rc)
2020 return rc;
2021
2022 bsec = bprm->security;
2023
2024 if (bsec->set)
2025 return 0;
2026
2027 tsec = current->security;
2028 isec = inode->i_security;
2029
2030
2031 bsec->sid = tsec->sid;
2032
2033
2034 tsec->create_sid = 0;
2035 tsec->keycreate_sid = 0;
2036 tsec->sockcreate_sid = 0;
2037
2038 if (tsec->exec_sid) {
2039 newsid = tsec->exec_sid;
2040
2041 tsec->exec_sid = 0;
2042 } else {
2043
2044 rc = security_transition_sid(tsec->sid, isec->sid,
2045 SECCLASS_PROCESS, &newsid);
2046 if (rc)
2047 return rc;
2048 }
2049
2050 AVC_AUDIT_DATA_INIT(&ad, FS);
2051 ad.u.fs.path = bprm->file->f_path;
2052
2053 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
2054 newsid = tsec->sid;
2055
2056 if (tsec->sid == newsid) {
2057 rc = avc_has_perm(tsec->sid, isec->sid,
2058 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2059 if (rc)
2060 return rc;
2061 } else {
2062
2063 rc = avc_has_perm(tsec->sid, newsid,
2064 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2065 if (rc)
2066 return rc;
2067
2068 rc = avc_has_perm(newsid, isec->sid,
2069 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2070 if (rc)
2071 return rc;
2072
2073
2074 current->personality &= ~PER_CLEAR_ON_SETID;
2075
2076
2077 bsec->sid = newsid;
2078 }
2079
2080 bsec->set = 1;
2081 return 0;
2082}
2083
2084static int selinux_bprm_check_security(struct linux_binprm *bprm)
2085{
2086 return secondary_ops->bprm_check_security(bprm);
2087}
2088
2089
2090static int selinux_bprm_secureexec(struct linux_binprm *bprm)
2091{
2092 struct task_security_struct *tsec = current->security;
2093 int atsecure = 0;
2094
2095 if (tsec->osid != tsec->sid) {
2096
2097
2098
2099 atsecure = avc_has_perm(tsec->osid, tsec->sid,
2100 SECCLASS_PROCESS,
2101 PROCESS__NOATSECURE, NULL);
2102 }
2103
2104 return (atsecure || secondary_ops->bprm_secureexec(bprm));
2105}
2106
2107static void selinux_bprm_free_security(struct linux_binprm *bprm)
2108{
2109 kfree(bprm->security);
2110 bprm->security = NULL;
2111}
2112
2113extern struct vfsmount *selinuxfs_mount;
2114extern struct dentry *selinux_null;
2115
2116
2117static inline void flush_unauthorized_files(struct files_struct *files)
2118{
2119 struct avc_audit_data ad;
2120 struct file *file, *devnull = NULL;
2121 struct tty_struct *tty;
2122 struct fdtable *fdt;
2123 long j = -1;
2124 int drop_tty = 0;
2125
2126 tty = get_current_tty();
2127 if (tty) {
2128 file_list_lock();
2129 if (!list_empty(&tty->tty_files)) {
2130 struct inode *inode;
2131
2132
2133
2134
2135
2136
2137 file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list);
2138 inode = file->f_path.dentry->d_inode;
2139 if (inode_has_perm(current, inode,
2140 FILE__READ | FILE__WRITE, NULL)) {
2141 drop_tty = 1;
2142 }
2143 }
2144 file_list_unlock();
2145 tty_kref_put(tty);
2146 }
2147
2148 if (drop_tty)
2149 no_tty();
2150
2151
2152
2153 AVC_AUDIT_DATA_INIT(&ad, FS);
2154
2155 spin_lock(&files->file_lock);
2156 for (;;) {
2157 unsigned long set, i;
2158 int fd;
2159
2160 j++;
2161 i = j * __NFDBITS;
2162 fdt = files_fdtable(files);
2163 if (i >= fdt->max_fds)
2164 break;
2165 set = fdt->open_fds->fds_bits[j];
2166 if (!set)
2167 continue;
2168 spin_unlock(&files->file_lock);
2169 for ( ; set ; i++, set >>= 1) {
2170 if (set & 1) {
2171 file = fget(i);
2172 if (!file)
2173 continue;
2174 if (file_has_perm(current,
2175 file,
2176 file_to_av(file))) {
2177 sys_close(i);
2178 fd = get_unused_fd();
2179 if (fd != i) {
2180 if (fd >= 0)
2181 put_unused_fd(fd);
2182 fput(file);
2183 continue;
2184 }
2185 if (devnull) {
2186 get_file(devnull);
2187 } else {
2188 devnull = dentry_open(dget(selinux_null), mntget(selinuxfs_mount), O_RDWR);
2189 if (IS_ERR(devnull)) {
2190 devnull = NULL;
2191 put_unused_fd(fd);
2192 fput(file);
2193 continue;
2194 }
2195 }
2196 fd_install(fd, devnull);
2197 }
2198 fput(file);
2199 }
2200 }
2201 spin_lock(&files->file_lock);
2202
2203 }
2204 spin_unlock(&files->file_lock);
2205}
2206
2207static void selinux_bprm_apply_creds(struct linux_binprm *bprm, int unsafe)
2208{
2209 struct task_security_struct *tsec;
2210 struct bprm_security_struct *bsec;
2211 u32 sid;
2212 int rc;
2213
2214 secondary_ops->bprm_apply_creds(bprm, unsafe);
2215
2216 tsec = current->security;
2217
2218 bsec = bprm->security;
2219 sid = bsec->sid;
2220
2221 tsec->osid = tsec->sid;
2222 bsec->unsafe = 0;
2223 if (tsec->sid != sid) {
2224
2225
2226 if (unsafe & LSM_UNSAFE_SHARE) {
2227 rc = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
2228 PROCESS__SHARE, NULL);
2229 if (rc) {
2230 bsec->unsafe = 1;
2231 return;
2232 }
2233 }
2234
2235
2236
2237 if (unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
2238 struct task_struct *tracer;
2239 struct task_security_struct *sec;
2240 u32 ptsid = 0;
2241
2242 rcu_read_lock();
2243 tracer = tracehook_tracer_task(current);
2244 if (likely(tracer != NULL)) {
2245 sec = tracer->security;
2246 ptsid = sec->sid;
2247 }
2248 rcu_read_unlock();
2249
2250 if (ptsid != 0) {
2251 rc = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
2252 PROCESS__PTRACE, NULL);
2253 if (rc) {
2254 bsec->unsafe = 1;
2255 return;
2256 }
2257 }
2258 }
2259 tsec->sid = sid;
2260 }
2261}
2262
2263
2264
2265
2266static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm)
2267{
2268 struct task_security_struct *tsec;
2269 struct rlimit *rlim, *initrlim;
2270 struct itimerval itimer;
2271 struct bprm_security_struct *bsec;
2272 int rc, i;
2273
2274 tsec = current->security;
2275 bsec = bprm->security;
2276
2277 if (bsec->unsafe) {
2278 force_sig_specific(SIGKILL, current);
2279 return;
2280 }
2281 if (tsec->osid == tsec->sid)
2282 return;
2283
2284
2285 flush_unauthorized_files(current->files);
2286
2287
2288
2289
2290
2291
2292
2293 rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS,
2294 PROCESS__SIGINH, NULL);
2295 if (rc) {
2296 memset(&itimer, 0, sizeof itimer);
2297 for (i = 0; i < 3; i++)
2298 do_setitimer(i, &itimer, NULL);
2299 flush_signals(current);
2300 spin_lock_irq(¤t->sighand->siglock);
2301 flush_signal_handlers(current, 1);
2302 sigemptyset(¤t->blocked);
2303 recalc_sigpending();
2304 spin_unlock_irq(¤t->sighand->siglock);
2305 }
2306
2307
2308 current->pdeath_signal = 0;
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320 rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS,
2321 PROCESS__RLIMITINH, NULL);
2322 if (rc) {
2323 for (i = 0; i < RLIM_NLIMITS; i++) {
2324 rlim = current->signal->rlim + i;
2325 initrlim = init_task.signal->rlim+i;
2326 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2327 }
2328 update_rlimit_cpu(rlim->rlim_cur);
2329 }
2330
2331
2332
2333 wake_up_interruptible(¤t->parent->signal->wait_chldexit);
2334}
2335
2336
2337
2338static int selinux_sb_alloc_security(struct super_block *sb)
2339{
2340 return superblock_alloc_security(sb);
2341}
2342
2343static void selinux_sb_free_security(struct super_block *sb)
2344{
2345 superblock_free_security(sb);
2346}
2347
2348static inline int match_prefix(char *prefix, int plen, char *option, int olen)
2349{
2350 if (plen > olen)
2351 return 0;
2352
2353 return !memcmp(prefix, option, plen);
2354}
2355
2356static inline int selinux_option(char *option, int len)
2357{
2358 return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) ||
2359 match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) ||
2360 match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) ||
2361 match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len));
2362}
2363
2364static inline void take_option(char **to, char *from, int *first, int len)
2365{
2366 if (!*first) {
2367 **to = ',';
2368 *to += 1;
2369 } else
2370 *first = 0;
2371 memcpy(*to, from, len);
2372 *to += len;
2373}
2374
2375static inline void take_selinux_option(char **to, char *from, int *first,
2376 int len)
2377{
2378 int current_size = 0;
2379
2380 if (!*first) {
2381 **to = '|';
2382 *to += 1;
2383 } else
2384 *first = 0;
2385
2386 while (current_size < len) {
2387 if (*from != '"') {
2388 **to = *from;
2389 *to += 1;
2390 }
2391 from += 1;
2392 current_size += 1;
2393 }
2394}
2395
2396static int selinux_sb_copy_data(char *orig, char *copy)
2397{
2398 int fnosec, fsec, rc = 0;
2399 char *in_save, *in_curr, *in_end;
2400 char *sec_curr, *nosec_save, *nosec;
2401 int open_quote = 0;
2402
2403 in_curr = orig;
2404 sec_curr = copy;
2405
2406 nosec = (char *)get_zeroed_page(GFP_KERNEL);
2407 if (!nosec) {
2408 rc = -ENOMEM;
2409 goto out;
2410 }
2411
2412 nosec_save = nosec;
2413 fnosec = fsec = 1;
2414 in_save = in_end = orig;
2415
2416 do {
2417 if (*in_end == '"')
2418 open_quote = !open_quote;
2419 if ((*in_end == ',' && open_quote == 0) ||
2420 *in_end == '\0') {
2421 int len = in_end - in_curr;
2422
2423 if (selinux_option(in_curr, len))
2424 take_selinux_option(&sec_curr, in_curr, &fsec, len);
2425 else
2426 take_option(&nosec, in_curr, &fnosec, len);
2427
2428 in_curr = in_end + 1;
2429 }
2430 } while (*in_end++);
2431
2432 strcpy(in_save, nosec_save);
2433 free_page((unsigned long)nosec_save);
2434out:
2435 return rc;
2436}
2437
2438static int selinux_sb_kern_mount(struct super_block *sb, void *data)
2439{
2440 struct avc_audit_data ad;
2441 int rc;
2442
2443 rc = superblock_doinit(sb, data);
2444 if (rc)
2445 return rc;
2446
2447 AVC_AUDIT_DATA_INIT(&ad, FS);
2448 ad.u.fs.path.dentry = sb->s_root;
2449 return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad);
2450}
2451
2452static int selinux_sb_statfs(struct dentry *dentry)
2453{
2454 struct avc_audit_data ad;
2455
2456 AVC_AUDIT_DATA_INIT(&ad, FS);
2457 ad.u.fs.path.dentry = dentry->d_sb->s_root;
2458 return superblock_has_perm(current, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2459}
2460
2461static int selinux_mount(char *dev_name,
2462 struct path *path,
2463 char *type,
2464 unsigned long flags,
2465 void *data)
2466{
2467 int rc;
2468
2469 rc = secondary_ops->sb_mount(dev_name, path, type, flags, data);
2470 if (rc)
2471 return rc;
2472
2473 if (flags & MS_REMOUNT)
2474 return superblock_has_perm(current, path->mnt->mnt_sb,
2475 FILESYSTEM__REMOUNT, NULL);
2476 else
2477 return dentry_has_perm(current, path->mnt, path->dentry,
2478 FILE__MOUNTON);
2479}
2480
2481static int selinux_umount(struct vfsmount *mnt, int flags)
2482{
2483 int rc;
2484
2485 rc = secondary_ops->sb_umount(mnt, flags);
2486 if (rc)
2487 return rc;
2488
2489 return superblock_has_perm(current, mnt->mnt_sb,
2490 FILESYSTEM__UNMOUNT, NULL);
2491}
2492
2493
2494
2495static int selinux_inode_alloc_security(struct inode *inode)
2496{
2497 return inode_alloc_security(inode);
2498}
2499
2500static void selinux_inode_free_security(struct inode *inode)
2501{
2502 inode_free_security(inode);
2503}
2504
2505static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2506 char **name, void **value,
2507 size_t *len)
2508{
2509 struct task_security_struct *tsec;
2510 struct inode_security_struct *dsec;
2511 struct superblock_security_struct *sbsec;
2512 u32 newsid, clen;
2513 int rc;
2514 char *namep = NULL, *context;
2515
2516 tsec = current->security;
2517 dsec = dir->i_security;
2518 sbsec = dir->i_sb->s_security;
2519
2520 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
2521 newsid = tsec->create_sid;
2522 } else {
2523 rc = security_transition_sid(tsec->sid, dsec->sid,
2524 inode_mode_to_security_class(inode->i_mode),
2525 &newsid);
2526 if (rc) {
2527 printk(KERN_WARNING "%s: "
2528 "security_transition_sid failed, rc=%d (dev=%s "
2529 "ino=%ld)\n",
2530 __func__,
2531 -rc, inode->i_sb->s_id, inode->i_ino);
2532 return rc;
2533 }
2534 }
2535
2536
2537 if (sbsec->initialized) {
2538 struct inode_security_struct *isec = inode->i_security;
2539 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2540 isec->sid = newsid;
2541 isec->initialized = 1;
2542 }
2543
2544 if (!ss_initialized || sbsec->behavior == SECURITY_FS_USE_MNTPOINT)
2545 return -EOPNOTSUPP;
2546
2547 if (name) {
2548 namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS);
2549 if (!namep)
2550 return -ENOMEM;
2551 *name = namep;
2552 }
2553
2554 if (value && len) {
2555 rc = security_sid_to_context_force(newsid, &context, &clen);
2556 if (rc) {
2557 kfree(namep);
2558 return rc;
2559 }
2560 *value = context;
2561 *len = clen;
2562 }
2563
2564 return 0;
2565}
2566
2567static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask)
2568{
2569 return may_create(dir, dentry, SECCLASS_FILE);
2570}
2571
2572static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2573{
2574 int rc;
2575
2576 rc = secondary_ops->inode_link(old_dentry, dir, new_dentry);
2577 if (rc)
2578 return rc;
2579 return may_link(dir, old_dentry, MAY_LINK);
2580}
2581
2582static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
2583{
2584 int rc;
2585
2586 rc = secondary_ops->inode_unlink(dir, dentry);
2587 if (rc)
2588 return rc;
2589 return may_link(dir, dentry, MAY_UNLINK);
2590}
2591
2592static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2593{
2594 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2595}
2596
2597static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask)
2598{
2599 return may_create(dir, dentry, SECCLASS_DIR);
2600}
2601
2602static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2603{
2604 return may_link(dir, dentry, MAY_RMDIR);
2605}
2606
2607static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
2608{
2609 int rc;
2610
2611 rc = secondary_ops->inode_mknod(dir, dentry, mode, dev);
2612 if (rc)
2613 return rc;
2614
2615 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2616}
2617
2618static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2619 struct inode *new_inode, struct dentry *new_dentry)
2620{
2621 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
2622}
2623
2624static int selinux_inode_readlink(struct dentry *dentry)
2625{
2626 return dentry_has_perm(current, NULL, dentry, FILE__READ);
2627}
2628
2629static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
2630{
2631 int rc;
2632
2633 rc = secondary_ops->inode_follow_link(dentry, nameidata);
2634 if (rc)
2635 return rc;
2636 return dentry_has_perm(current, NULL, dentry, FILE__READ);
2637}
2638
2639static int selinux_inode_permission(struct inode *inode, int mask)
2640{
2641 int rc;
2642
2643 rc = secondary_ops->inode_permission(inode, mask);
2644 if (rc)
2645 return rc;
2646
2647 if (!mask) {
2648
2649 return 0;
2650 }
2651
2652 return inode_has_perm(current, inode,
2653 open_file_mask_to_av(inode->i_mode, mask), NULL);
2654}
2655
2656static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2657{
2658 int rc;
2659
2660 rc = secondary_ops->inode_setattr(dentry, iattr);
2661 if (rc)
2662 return rc;
2663
2664 if (iattr->ia_valid & ATTR_FORCE)
2665 return 0;
2666
2667 if (iattr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
2668 ATTR_ATIME_SET | ATTR_MTIME_SET))
2669 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
2670
2671 return dentry_has_perm(current, NULL, dentry, FILE__WRITE);
2672}
2673
2674static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
2675{
2676 return dentry_has_perm(current, mnt, dentry, FILE__GETATTR);
2677}
2678
2679static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
2680{
2681 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2682 sizeof XATTR_SECURITY_PREFIX - 1)) {
2683 if (!strcmp(name, XATTR_NAME_CAPS)) {
2684 if (!capable(CAP_SETFCAP))
2685 return -EPERM;
2686 } else if (!capable(CAP_SYS_ADMIN)) {
2687
2688
2689 return -EPERM;
2690 }
2691 }
2692
2693
2694
2695 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
2696}
2697
2698static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2699 const void *value, size_t size, int flags)
2700{
2701 struct task_security_struct *tsec = current->security;
2702 struct inode *inode = dentry->d_inode;
2703 struct inode_security_struct *isec = inode->i_security;
2704 struct superblock_security_struct *sbsec;
2705 struct avc_audit_data ad;
2706 u32 newsid;
2707 int rc = 0;
2708
2709 if (strcmp(name, XATTR_NAME_SELINUX))
2710 return selinux_inode_setotherxattr(dentry, name);
2711
2712 sbsec = inode->i_sb->s_security;
2713 if (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)
2714 return -EOPNOTSUPP;
2715
2716 if (!is_owner_or_cap(inode))
2717 return -EPERM;
2718
2719 AVC_AUDIT_DATA_INIT(&ad, FS);
2720 ad.u.fs.path.dentry = dentry;
2721
2722 rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
2723 FILE__RELABELFROM, &ad);
2724 if (rc)
2725 return rc;
2726
2727 rc = security_context_to_sid(value, size, &newsid);
2728 if (rc == -EINVAL) {
2729 if (!capable(CAP_MAC_ADMIN))
2730 return rc;
2731 rc = security_context_to_sid_force(value, size, &newsid);
2732 }
2733 if (rc)
2734 return rc;
2735
2736 rc = avc_has_perm(tsec->sid, newsid, isec->sclass,
2737 FILE__RELABELTO, &ad);
2738 if (rc)
2739 return rc;
2740
2741 rc = security_validate_transition(isec->sid, newsid, tsec->sid,
2742 isec->sclass);
2743 if (rc)
2744 return rc;
2745
2746 return avc_has_perm(newsid,
2747 sbsec->sid,
2748 SECCLASS_FILESYSTEM,
2749 FILESYSTEM__ASSOCIATE,
2750 &ad);
2751}
2752
2753static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
2754 const void *value, size_t size,
2755 int flags)
2756{
2757 struct inode *inode = dentry->d_inode;
2758 struct inode_security_struct *isec = inode->i_security;
2759 u32 newsid;
2760 int rc;
2761
2762 if (strcmp(name, XATTR_NAME_SELINUX)) {
2763
2764 return;
2765 }
2766
2767 rc = security_context_to_sid_force(value, size, &newsid);
2768 if (rc) {
2769 printk(KERN_ERR "SELinux: unable to map context to SID"
2770 "for (%s, %lu), rc=%d\n",
2771 inode->i_sb->s_id, inode->i_ino, -rc);
2772 return;
2773 }
2774
2775 isec->sid = newsid;
2776 return;
2777}
2778
2779static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
2780{
2781 return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
2782}
2783
2784static int selinux_inode_listxattr(struct dentry *dentry)
2785{
2786 return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
2787}
2788
2789static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
2790{
2791 if (strcmp(name, XATTR_NAME_SELINUX))
2792 return selinux_inode_setotherxattr(dentry, name);
2793
2794
2795
2796 return -EACCES;
2797}
2798
2799
2800
2801
2802
2803
2804static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
2805{
2806 u32 size;
2807 int error;
2808 char *context = NULL;
2809 struct task_security_struct *tsec = current->security;
2810 struct inode_security_struct *isec = inode->i_security;
2811
2812 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2813 return -EOPNOTSUPP;
2814
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824 error = secondary_ops->capable(current, CAP_MAC_ADMIN);
2825 if (!error)
2826 error = avc_has_perm_noaudit(tsec->sid, tsec->sid,
2827 SECCLASS_CAPABILITY2,
2828 CAPABILITY2__MAC_ADMIN,
2829 0,
2830 NULL);
2831 if (!error)
2832 error = security_sid_to_context_force(isec->sid, &context,
2833 &size);
2834 else
2835 error = security_sid_to_context(isec->sid, &context, &size);
2836 if (error)
2837 return error;
2838 error = size;
2839 if (alloc) {
2840 *buffer = context;
2841 goto out_nofree;
2842 }
2843 kfree(context);
2844out_nofree:
2845 return error;
2846}
2847
2848static int selinux_inode_setsecurity(struct inode *inode, const char *name,
2849 const void *value, size_t size, int flags)
2850{
2851 struct inode_security_struct *isec = inode->i_security;
2852 u32 newsid;
2853 int rc;
2854
2855 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2856 return -EOPNOTSUPP;
2857
2858 if (!value || !size)
2859 return -EACCES;
2860
2861 rc = security_context_to_sid((void *)value, size, &newsid);
2862 if (rc)
2863 return rc;
2864
2865 isec->sid = newsid;
2866 return 0;
2867}
2868
2869static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
2870{
2871 const int len = sizeof(XATTR_NAME_SELINUX);
2872 if (buffer && len <= buffer_size)
2873 memcpy(buffer, XATTR_NAME_SELINUX, len);
2874 return len;
2875}
2876
2877static int selinux_inode_need_killpriv(struct dentry *dentry)
2878{
2879 return secondary_ops->inode_need_killpriv(dentry);
2880}
2881
2882static int selinux_inode_killpriv(struct dentry *dentry)
2883{
2884 return secondary_ops->inode_killpriv(dentry);
2885}
2886
2887static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
2888{
2889 struct inode_security_struct *isec = inode->i_security;
2890 *secid = isec->sid;
2891}
2892
2893
2894
2895static int selinux_revalidate_file_permission(struct file *file, int mask)
2896{
2897 int rc;
2898 struct inode *inode = file->f_path.dentry->d_inode;
2899
2900 if (!mask) {
2901
2902 return 0;
2903 }
2904
2905
2906 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
2907 mask |= MAY_APPEND;
2908
2909 rc = file_has_perm(current, file,
2910 file_mask_to_av(inode->i_mode, mask));
2911 if (rc)
2912 return rc;
2913
2914 return selinux_netlbl_inode_permission(inode, mask);
2915}
2916
2917static int selinux_file_permission(struct file *file, int mask)
2918{
2919 struct inode *inode = file->f_path.dentry->d_inode;
2920 struct task_security_struct *tsec = current->security;
2921 struct file_security_struct *fsec = file->f_security;
2922 struct inode_security_struct *isec = inode->i_security;
2923
2924 if (!mask) {
2925
2926 return 0;
2927 }
2928
2929 if (tsec->sid == fsec->sid && fsec->isid == isec->sid
2930 && fsec->pseqno == avc_policy_seqno())
2931 return selinux_netlbl_inode_permission(inode, mask);
2932
2933 return selinux_revalidate_file_permission(file, mask);
2934}
2935
2936static int selinux_file_alloc_security(struct file *file)
2937{
2938 return file_alloc_security(file);
2939}
2940
2941static void selinux_file_free_security(struct file *file)
2942{
2943 file_free_security(file);
2944}
2945
2946static int selinux_file_ioctl(struct file *file, unsigned int cmd,
2947 unsigned long arg)
2948{
2949 u32 av = 0;
2950
2951 if (_IOC_DIR(cmd) & _IOC_WRITE)
2952 av |= FILE__WRITE;
2953 if (_IOC_DIR(cmd) & _IOC_READ)
2954 av |= FILE__READ;
2955 if (!av)
2956 av = FILE__IOCTL;
2957
2958 return file_has_perm(current, file, av);
2959}
2960
2961static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
2962{
2963#ifndef CONFIG_PPC32
2964 if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
2965
2966
2967
2968
2969
2970 int rc = task_has_perm(current, current, PROCESS__EXECMEM);
2971 if (rc)
2972 return rc;
2973 }
2974#endif
2975
2976 if (file) {
2977
2978 u32 av = FILE__READ;
2979
2980
2981 if (shared && (prot & PROT_WRITE))
2982 av |= FILE__WRITE;
2983
2984 if (prot & PROT_EXEC)
2985 av |= FILE__EXECUTE;
2986
2987 return file_has_perm(current, file, av);
2988 }
2989 return 0;
2990}
2991
2992static int selinux_file_mmap(struct file *file, unsigned long reqprot,
2993 unsigned long prot, unsigned long flags,
2994 unsigned long addr, unsigned long addr_only)
2995{
2996 int rc = 0;
2997 u32 sid = ((struct task_security_struct *)(current->security))->sid;
2998
2999 if (addr < mmap_min_addr)
3000 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
3001 MEMPROTECT__MMAP_ZERO, NULL);
3002 if (rc || addr_only)
3003 return rc;
3004
3005 if (selinux_checkreqprot)
3006 prot = reqprot;
3007
3008 return file_map_prot_check(file, prot,
3009 (flags & MAP_TYPE) == MAP_SHARED);
3010}
3011
3012static int selinux_file_mprotect(struct vm_area_struct *vma,
3013 unsigned long reqprot,
3014 unsigned long prot)
3015{
3016 int rc;
3017
3018 rc = secondary_ops->file_mprotect(vma, reqprot, prot);
3019 if (rc)
3020 return rc;
3021
3022 if (selinux_checkreqprot)
3023 prot = reqprot;
3024
3025#ifndef CONFIG_PPC32
3026 if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
3027 rc = 0;
3028 if (vma->vm_start >= vma->vm_mm->start_brk &&
3029 vma->vm_end <= vma->vm_mm->brk) {
3030 rc = task_has_perm(current, current,
3031 PROCESS__EXECHEAP);
3032 } else if (!vma->vm_file &&
3033 vma->vm_start <= vma->vm_mm->start_stack &&
3034 vma->vm_end >= vma->vm_mm->start_stack) {
3035 rc = task_has_perm(current, current, PROCESS__EXECSTACK);
3036 } else if (vma->vm_file && vma->anon_vma) {
3037
3038
3039
3040
3041
3042
3043
3044 rc = file_has_perm(current, vma->vm_file,
3045 FILE__EXECMOD);
3046 }
3047 if (rc)
3048 return rc;
3049 }
3050#endif
3051
3052 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
3053}
3054
3055static int selinux_file_lock(struct file *file, unsigned int cmd)
3056{
3057 return file_has_perm(current, file, FILE__LOCK);
3058}
3059
3060static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3061 unsigned long arg)
3062{
3063 int err = 0;
3064
3065 switch (cmd) {
3066 case F_SETFL:
3067 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
3068 err = -EINVAL;
3069 break;
3070 }
3071
3072 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3073 err = file_has_perm(current, file, FILE__WRITE);
3074 break;
3075 }
3076
3077 case F_SETOWN:
3078 case F_SETSIG:
3079 case F_GETFL:
3080 case F_GETOWN:
3081 case F_GETSIG:
3082
3083 err = file_has_perm(current, file, 0);
3084 break;
3085 case F_GETLK:
3086 case F_SETLK:
3087 case F_SETLKW:
3088#if BITS_PER_LONG == 32
3089 case F_GETLK64:
3090 case F_SETLK64:
3091 case F_SETLKW64:
3092#endif
3093 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
3094 err = -EINVAL;
3095 break;
3096 }
3097 err = file_has_perm(current, file, FILE__LOCK);
3098 break;
3099 }
3100
3101 return err;
3102}
3103
3104static int selinux_file_set_fowner(struct file *file)
3105{
3106 struct task_security_struct *tsec;
3107 struct file_security_struct *fsec;
3108
3109 tsec = current->security;
3110 fsec = file->f_security;
3111 fsec->fown_sid = tsec->sid;
3112
3113 return 0;
3114}
3115
3116static int selinux_file_send_sigiotask(struct task_struct *tsk,
3117 struct fown_struct *fown, int signum)
3118{
3119 struct file *file;
3120 u32 perm;
3121 struct task_security_struct *tsec;
3122 struct file_security_struct *fsec;
3123
3124
3125 file = container_of(fown, struct file, f_owner);
3126
3127 tsec = tsk->security;
3128 fsec = file->f_security;
3129
3130 if (!signum)
3131 perm = signal_to_av(SIGIO);
3132 else
3133 perm = signal_to_av(signum);
3134
3135 return avc_has_perm(fsec->fown_sid, tsec->sid,
3136 SECCLASS_PROCESS, perm, NULL);
3137}
3138
3139static int selinux_file_receive(struct file *file)
3140{
3141 return file_has_perm(current, file, file_to_av(file));
3142}
3143
3144static int selinux_dentry_open(struct file *file)
3145{
3146 struct file_security_struct *fsec;
3147 struct inode *inode;
3148 struct inode_security_struct *isec;
3149 inode = file->f_path.dentry->d_inode;
3150 fsec = file->f_security;
3151 isec = inode->i_security;
3152
3153
3154
3155
3156
3157
3158
3159 fsec->isid = isec->sid;
3160 fsec->pseqno = avc_policy_seqno();
3161
3162
3163
3164
3165
3166
3167
3168
3169 return inode_has_perm(current, inode, file_to_av(file), NULL);
3170}
3171
3172
3173
3174static int selinux_task_create(unsigned long clone_flags)
3175{
3176 int rc;
3177
3178 rc = secondary_ops->task_create(clone_flags);
3179 if (rc)
3180 return rc;
3181
3182 return task_has_perm(current, current, PROCESS__FORK);
3183}
3184
3185static int selinux_task_alloc_security(struct task_struct *tsk)
3186{
3187 struct task_security_struct *tsec1, *tsec2;
3188 int rc;
3189
3190 tsec1 = current->security;
3191
3192 rc = task_alloc_security(tsk);
3193 if (rc)
3194 return rc;
3195 tsec2 = tsk->security;
3196
3197 tsec2->osid = tsec1->osid;
3198 tsec2->sid = tsec1->sid;
3199
3200
3201 tsec2->exec_sid = tsec1->exec_sid;
3202 tsec2->create_sid = tsec1->create_sid;
3203 tsec2->keycreate_sid = tsec1->keycreate_sid;
3204 tsec2->sockcreate_sid = tsec1->sockcreate_sid;
3205
3206 return 0;
3207}
3208
3209static void selinux_task_free_security(struct task_struct *tsk)
3210{
3211 task_free_security(tsk);
3212}
3213
3214static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
3215{
3216
3217
3218
3219
3220
3221
3222 return 0;
3223}
3224
3225static int selinux_task_post_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
3226{
3227 return secondary_ops->task_post_setuid(id0, id1, id2, flags);
3228}
3229
3230static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags)
3231{
3232
3233 return 0;
3234}
3235
3236static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
3237{
3238 return task_has_perm(current, p, PROCESS__SETPGID);
3239}
3240
3241static int selinux_task_getpgid(struct task_struct *p)
3242{
3243 return task_has_perm(current, p, PROCESS__GETPGID);
3244}
3245
3246static int selinux_task_getsid(struct task_struct *p)
3247{
3248 return task_has_perm(current, p, PROCESS__GETSESSION);
3249}
3250
3251static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
3252{
3253 struct task_security_struct *tsec = p->security;
3254 *secid = tsec->sid;
3255}
3256
3257static int selinux_task_setgroups(struct group_info *group_info)
3258{
3259
3260 return 0;
3261}
3262
3263static int selinux_task_setnice(struct task_struct *p, int nice)
3264{
3265 int rc;
3266
3267 rc = secondary_ops->task_setnice(p, nice);
3268 if (rc)
3269 return rc;
3270
3271 return task_has_perm(current, p, PROCESS__SETSCHED);
3272}
3273
3274static int selinux_task_setioprio(struct task_struct *p, int ioprio)
3275{
3276 int rc;
3277
3278 rc = secondary_ops->task_setioprio(p, ioprio);
3279 if (rc)
3280 return rc;
3281
3282 return task_has_perm(current, p, PROCESS__SETSCHED);
3283}
3284
3285static int selinux_task_getioprio(struct task_struct *p)
3286{
3287 return task_has_perm(current, p, PROCESS__GETSCHED);
3288}
3289
3290static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim)
3291{
3292 struct rlimit *old_rlim = current->signal->rlim + resource;
3293 int rc;
3294
3295 rc = secondary_ops->task_setrlimit(resource, new_rlim);
3296 if (rc)
3297 return rc;
3298
3299
3300
3301
3302
3303 if (old_rlim->rlim_max != new_rlim->rlim_max)
3304 return task_has_perm(current, current, PROCESS__SETRLIMIT);
3305
3306 return 0;
3307}
3308
3309static int selinux_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp)
3310{
3311 int rc;
3312
3313 rc = secondary_ops->task_setscheduler(p, policy, lp);
3314 if (rc)
3315 return rc;
3316
3317 return task_has_perm(current, p, PROCESS__SETSCHED);
3318}
3319
3320static int selinux_task_getscheduler(struct task_struct *p)
3321{
3322 return task_has_perm(current, p, PROCESS__GETSCHED);
3323}
3324
3325static int selinux_task_movememory(struct task_struct *p)
3326{
3327 return task_has_perm(current, p, PROCESS__SETSCHED);
3328}
3329
3330static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
3331 int sig, u32 secid)
3332{
3333 u32 perm;
3334 int rc;
3335 struct task_security_struct *tsec;
3336
3337 rc = secondary_ops->task_kill(p, info, sig, secid);
3338 if (rc)
3339 return rc;
3340
3341 if (!sig)
3342 perm = PROCESS__SIGNULL;
3343 else
3344 perm = signal_to_av(sig);
3345 tsec = p->security;
3346 if (secid)
3347 rc = avc_has_perm(secid, tsec->sid, SECCLASS_PROCESS, perm, NULL);
3348 else
3349 rc = task_has_perm(current, p, perm);
3350 return rc;
3351}
3352
3353static int selinux_task_prctl(int option,
3354 unsigned long arg2,
3355 unsigned long arg3,
3356 unsigned long arg4,
3357 unsigned long arg5,
3358 long *rc_p)
3359{
3360
3361
3362
3363 return secondary_ops->task_prctl(option, arg2, arg3, arg4, arg5, rc_p);
3364}
3365
3366static int selinux_task_wait(struct task_struct *p)
3367{
3368 return task_has_perm(p, current, PROCESS__SIGCHLD);
3369}
3370
3371static void selinux_task_reparent_to_init(struct task_struct *p)
3372{
3373 struct task_security_struct *tsec;
3374
3375 secondary_ops->task_reparent_to_init(p);
3376
3377 tsec = p->security;
3378 tsec->osid = tsec->sid;
3379 tsec->sid = SECINITSID_KERNEL;
3380 return;
3381}
3382
3383static void selinux_task_to_inode(struct task_struct *p,
3384 struct inode *inode)
3385{
3386 struct task_security_struct *tsec = p->security;
3387 struct inode_security_struct *isec = inode->i_security;
3388
3389 isec->sid = tsec->sid;
3390 isec->initialized = 1;
3391 return;
3392}
3393
3394
3395static int selinux_parse_skb_ipv4(struct sk_buff *skb,
3396 struct avc_audit_data *ad, u8 *proto)
3397{
3398 int offset, ihlen, ret = -EINVAL;
3399 struct iphdr _iph, *ih;
3400
3401 offset = skb_network_offset(skb);
3402 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
3403 if (ih == NULL)
3404 goto out;
3405
3406 ihlen = ih->ihl * 4;
3407 if (ihlen < sizeof(_iph))
3408 goto out;
3409
3410 ad->u.net.v4info.saddr = ih->saddr;
3411 ad->u.net.v4info.daddr = ih->daddr;
3412 ret = 0;
3413
3414 if (proto)
3415 *proto = ih->protocol;
3416
3417 switch (ih->protocol) {
3418 case IPPROTO_TCP: {
3419 struct tcphdr _tcph, *th;
3420
3421 if (ntohs(ih->frag_off) & IP_OFFSET)
3422 break;
3423
3424 offset += ihlen;
3425 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3426 if (th == NULL)
3427 break;
3428
3429 ad->u.net.sport = th->source;
3430 ad->u.net.dport = th->dest;
3431 break;
3432 }
3433
3434 case IPPROTO_UDP: {
3435 struct udphdr _udph, *uh;
3436
3437 if (ntohs(ih->frag_off) & IP_OFFSET)
3438 break;
3439
3440 offset += ihlen;
3441 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3442 if (uh == NULL)
3443 break;
3444
3445 ad->u.net.sport = uh->source;
3446 ad->u.net.dport = uh->dest;
3447 break;
3448 }
3449
3450 case IPPROTO_DCCP: {
3451 struct dccp_hdr _dccph, *dh;
3452
3453 if (ntohs(ih->frag_off) & IP_OFFSET)
3454 break;
3455
3456 offset += ihlen;
3457 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3458 if (dh == NULL)
3459 break;
3460
3461 ad->u.net.sport = dh->dccph_sport;
3462 ad->u.net.dport = dh->dccph_dport;
3463 break;
3464 }
3465
3466 default:
3467 break;
3468 }
3469out:
3470 return ret;
3471}
3472
3473#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3474
3475
3476static int selinux_parse_skb_ipv6(struct sk_buff *skb,
3477 struct avc_audit_data *ad, u8 *proto)
3478{
3479 u8 nexthdr;
3480 int ret = -EINVAL, offset;
3481 struct ipv6hdr _ipv6h, *ip6;
3482
3483 offset = skb_network_offset(skb);
3484 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3485 if (ip6 == NULL)
3486 goto out;
3487
3488 ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr);
3489 ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr);
3490 ret = 0;
3491
3492 nexthdr = ip6->nexthdr;
3493 offset += sizeof(_ipv6h);
3494 offset = ipv6_skip_exthdr(skb, offset, &nexthdr);
3495 if (offset < 0)
3496 goto out;
3497
3498 if (proto)
3499 *proto = nexthdr;
3500
3501 switch (nexthdr) {
3502 case IPPROTO_TCP: {
3503 struct tcphdr _tcph, *th;
3504
3505 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3506 if (th == NULL)
3507 break;
3508
3509 ad->u.net.sport = th->source;
3510 ad->u.net.dport = th->dest;
3511 break;
3512 }
3513
3514 case IPPROTO_UDP: {
3515 struct udphdr _udph, *uh;
3516
3517 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3518 if (uh == NULL)
3519 break;
3520
3521 ad->u.net.sport = uh->source;
3522 ad->u.net.dport = uh->dest;
3523 break;
3524 }
3525
3526 case IPPROTO_DCCP: {
3527 struct dccp_hdr _dccph, *dh;
3528
3529 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3530 if (dh == NULL)
3531 break;
3532
3533 ad->u.net.sport = dh->dccph_sport;
3534 ad->u.net.dport = dh->dccph_dport;
3535 break;
3536 }
3537
3538
3539 default:
3540 break;
3541 }
3542out:
3543 return ret;
3544}
3545
3546#endif
3547
3548static int selinux_parse_skb(struct sk_buff *skb, struct avc_audit_data *ad,
3549 char **_addrp, int src, u8 *proto)
3550{
3551 char *addrp;
3552 int ret;
3553
3554 switch (ad->u.net.family) {
3555 case PF_INET:
3556 ret = selinux_parse_skb_ipv4(skb, ad, proto);
3557 if (ret)
3558 goto parse_error;
3559 addrp = (char *)(src ? &ad->u.net.v4info.saddr :
3560 &ad->u.net.v4info.daddr);
3561 goto okay;
3562
3563#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3564 case PF_INET6:
3565 ret = selinux_parse_skb_ipv6(skb, ad, proto);
3566 if (ret)
3567 goto parse_error;
3568 addrp = (char *)(src ? &ad->u.net.v6info.saddr :
3569 &ad->u.net.v6info.daddr);
3570 goto okay;
3571#endif
3572 default:
3573 addrp = NULL;
3574 goto okay;
3575 }
3576
3577parse_error:
3578 printk(KERN_WARNING
3579 "SELinux: failure in selinux_parse_skb(),"
3580 " unable to parse packet\n");
3581 return ret;
3582
3583okay:
3584 if (_addrp)
3585 *_addrp = addrp;
3586 return 0;
3587}
3588
3589
3590
3591
3592
3593
3594
3595
3596
3597
3598
3599
3600
3601
3602
3603
3604static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
3605{
3606 int err;
3607 u32 xfrm_sid;
3608 u32 nlbl_sid;
3609 u32 nlbl_type;
3610
3611 selinux_skb_xfrm_sid(skb, &xfrm_sid);
3612 selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
3613
3614 err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
3615 if (unlikely(err)) {
3616 printk(KERN_WARNING
3617 "SELinux: failure in selinux_skb_peerlbl_sid(),"
3618 " unable to determine packet's peer label\n");
3619 return -EACCES;
3620 }
3621
3622 return 0;
3623}
3624
3625
3626static int socket_has_perm(struct task_struct *task, struct socket *sock,
3627 u32 perms)
3628{
3629 struct inode_security_struct *isec;
3630 struct task_security_struct *tsec;
3631 struct avc_audit_data ad;
3632 int err = 0;
3633
3634 tsec = task->security;
3635 isec = SOCK_INODE(sock)->i_security;
3636
3637 if (isec->sid == SECINITSID_KERNEL)
3638 goto out;
3639
3640 AVC_AUDIT_DATA_INIT(&ad, NET);
3641 ad.u.net.sk = sock->sk;
3642 err = avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad);
3643
3644out:
3645 return err;
3646}
3647
3648static int selinux_socket_create(int family, int type,
3649 int protocol, int kern)
3650{
3651 int err = 0;
3652 struct task_security_struct *tsec;
3653 u32 newsid;
3654
3655 if (kern)
3656 goto out;
3657
3658 tsec = current->security;
3659 newsid = tsec->sockcreate_sid ? : tsec->sid;
3660 err = avc_has_perm(tsec->sid, newsid,
3661 socket_type_to_security_class(family, type,
3662 protocol), SOCKET__CREATE, NULL);
3663
3664out:
3665 return err;
3666}
3667
3668static int selinux_socket_post_create(struct socket *sock, int family,
3669 int type, int protocol, int kern)
3670{
3671 int err = 0;
3672 struct inode_security_struct *isec;
3673 struct task_security_struct *tsec;
3674 struct sk_security_struct *sksec;
3675 u32 newsid;
3676
3677 isec = SOCK_INODE(sock)->i_security;
3678
3679 tsec = current->security;
3680 newsid = tsec->sockcreate_sid ? : tsec->sid;
3681 isec->sclass = socket_type_to_security_class(family, type, protocol);
3682 isec->sid = kern ? SECINITSID_KERNEL : newsid;
3683 isec->initialized = 1;
3684
3685 if (sock->sk) {
3686 sksec = sock->sk->sk_security;
3687 sksec->sid = isec->sid;
3688 sksec->sclass = isec->sclass;
3689 err = selinux_netlbl_socket_post_create(sock);
3690 }
3691
3692 return err;
3693}
3694
3695
3696
3697
3698
3699static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
3700{
3701 u16 family;
3702 int err;
3703
3704 err = socket_has_perm(current, sock, SOCKET__BIND);
3705 if (err)
3706 goto out;
3707
3708
3709
3710
3711
3712
3713 family = sock->sk->sk_family;
3714 if (family == PF_INET || family == PF_INET6) {
3715 char *addrp;
3716 struct inode_security_struct *isec;
3717 struct task_security_struct *tsec;
3718 struct avc_audit_data ad;
3719 struct sockaddr_in *addr4 = NULL;
3720 struct sockaddr_in6 *addr6 = NULL;
3721 unsigned short snum;
3722 struct sock *sk = sock->sk;
3723 u32 sid, node_perm;
3724
3725 tsec = current->security;
3726 isec = SOCK_INODE(sock)->i_security;
3727
3728 if (family == PF_INET) {
3729 addr4 = (struct sockaddr_in *)address;
3730 snum = ntohs(addr4->sin_port);
3731 addrp = (char *)&addr4->sin_addr.s_addr;
3732 } else {
3733 addr6 = (struct sockaddr_in6 *)address;
3734 snum = ntohs(addr6->sin6_port);
3735 addrp = (char *)&addr6->sin6_addr.s6_addr;
3736 }
3737
3738 if (snum) {
3739 int low, high;
3740
3741 inet_get_local_port_range(&low, &high);
3742
3743 if (snum < max(PROT_SOCK, low) || snum > high) {
3744 err = sel_netport_sid(sk->sk_protocol,
3745 snum, &sid);
3746 if (err)
3747 goto out;
3748 AVC_AUDIT_DATA_INIT(&ad, NET);
3749 ad.u.net.sport = htons(snum);
3750 ad.u.net.family = family;
3751 err = avc_has_perm(isec->sid, sid,
3752 isec->sclass,
3753 SOCKET__NAME_BIND, &ad);
3754 if (err)
3755 goto out;
3756 }
3757 }
3758
3759 switch (isec->sclass) {
3760 case SECCLASS_TCP_SOCKET:
3761 node_perm = TCP_SOCKET__NODE_BIND;
3762 break;
3763
3764 case SECCLASS_UDP_SOCKET:
3765 node_perm = UDP_SOCKET__NODE_BIND;
3766 break;
3767
3768 case SECCLASS_DCCP_SOCKET:
3769 node_perm = DCCP_SOCKET__NODE_BIND;
3770 break;
3771
3772 default:
3773 node_perm = RAWIP_SOCKET__NODE_BIND;
3774 break;
3775 }
3776
3777 err = sel_netnode_sid(addrp, family, &sid);
3778 if (err)
3779 goto out;
3780
3781 AVC_AUDIT_DATA_INIT(&ad, NET);
3782 ad.u.net.sport = htons(snum);
3783 ad.u.net.family = family;
3784
3785 if (family == PF_INET)
3786 ad.u.net.v4info.saddr = addr4->sin_addr.s_addr;
3787 else
3788 ipv6_addr_copy(&ad.u.net.v6info.saddr, &addr6->sin6_addr);
3789
3790 err = avc_has_perm(isec->sid, sid,
3791 isec->sclass, node_perm, &ad);
3792 if (err)
3793 goto out;
3794 }
3795out:
3796 return err;
3797}
3798
3799static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
3800{
3801 struct sock *sk = sock->sk;
3802 struct inode_security_struct *isec;
3803 int err;
3804
3805 err = socket_has_perm(current, sock, SOCKET__CONNECT);
3806 if (err)
3807 return err;
3808
3809
3810
3811
3812 isec = SOCK_INODE(sock)->i_security;
3813 if (isec->sclass == SECCLASS_TCP_SOCKET ||
3814 isec->sclass == SECCLASS_DCCP_SOCKET) {
3815 struct avc_audit_data ad;
3816 struct sockaddr_in *addr4 = NULL;
3817 struct sockaddr_in6 *addr6 = NULL;
3818 unsigned short snum;
3819 u32 sid, perm;
3820
3821 if (sk->sk_family == PF_INET) {
3822 addr4 = (struct sockaddr_in *)address;
3823 if (addrlen < sizeof(struct sockaddr_in))
3824 return -EINVAL;
3825 snum = ntohs(addr4->sin_port);
3826 } else {
3827 addr6 = (struct sockaddr_in6 *)address;
3828 if (addrlen < SIN6_LEN_RFC2133)
3829 return -EINVAL;
3830 snum = ntohs(addr6->sin6_port);
3831 }
3832
3833 err = sel_netport_sid(sk->sk_protocol, snum, &sid);
3834 if (err)
3835 goto out;
3836
3837 perm = (isec->sclass == SECCLASS_TCP_SOCKET) ?
3838 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
3839
3840 AVC_AUDIT_DATA_INIT(&ad, NET);
3841 ad.u.net.dport = htons(snum);
3842 ad.u.net.family = sk->sk_family;
3843 err = avc_has_perm(isec->sid, sid, isec->sclass, perm, &ad);
3844 if (err)
3845 goto out;
3846 }
3847
3848 err = selinux_netlbl_socket_connect(sk, address);
3849
3850out:
3851 return err;
3852}
3853
3854static int selinux_socket_listen(struct socket *sock, int backlog)
3855{
3856 return socket_has_perm(current, sock, SOCKET__LISTEN);
3857}
3858
3859static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
3860{
3861 int err;
3862 struct inode_security_struct *isec;
3863 struct inode_security_struct *newisec;
3864
3865 err = socket_has_perm(current, sock, SOCKET__ACCEPT);
3866 if (err)
3867 return err;
3868
3869 newisec = SOCK_INODE(newsock)->i_security;
3870
3871 isec = SOCK_INODE(sock)->i_security;
3872 newisec->sclass = isec->sclass;
3873 newisec->sid = isec->sid;
3874 newisec->initialized = 1;
3875
3876 return 0;
3877}
3878
3879static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3880 int size)
3881{
3882 int rc;
3883
3884 rc = socket_has_perm(current, sock, SOCKET__WRITE);
3885 if (rc)
3886 return rc;
3887
3888 return selinux_netlbl_inode_permission(SOCK_INODE(sock), MAY_WRITE);
3889}
3890
3891static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
3892 int size, int flags)
3893{
3894 return socket_has_perm(current, sock, SOCKET__READ);
3895}
3896
3897static int selinux_socket_getsockname(struct socket *sock)
3898{
3899 return socket_has_perm(current, sock, SOCKET__GETATTR);
3900}
3901
3902static int selinux_socket_getpeername(struct socket *sock)
3903{
3904 return socket_has_perm(current, sock, SOCKET__GETATTR);
3905}
3906
3907static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
3908{
3909 int err;
3910
3911 err = socket_has_perm(current, sock, SOCKET__SETOPT);
3912 if (err)
3913 return err;
3914
3915 return selinux_netlbl_socket_setsockopt(sock, level, optname);
3916}
3917
3918static int selinux_socket_getsockopt(struct socket *sock, int level,
3919 int optname)
3920{
3921 return socket_has_perm(current, sock, SOCKET__GETOPT);
3922}
3923
3924static int selinux_socket_shutdown(struct socket *sock, int how)
3925{
3926 return socket_has_perm(current, sock, SOCKET__SHUTDOWN);
3927}
3928
3929static int selinux_socket_unix_stream_connect(struct socket *sock,
3930 struct socket *other,
3931 struct sock *newsk)
3932{
3933 struct sk_security_struct *ssec;
3934 struct inode_security_struct *isec;
3935 struct inode_security_struct *other_isec;
3936 struct avc_audit_data ad;
3937 int err;
3938
3939 err = secondary_ops->unix_stream_connect(sock, other, newsk);
3940 if (err)
3941 return err;
3942
3943 isec = SOCK_INODE(sock)->i_security;
3944 other_isec = SOCK_INODE(other)->i_security;
3945
3946 AVC_AUDIT_DATA_INIT(&ad, NET);
3947 ad.u.net.sk = other->sk;
3948
3949 err = avc_has_perm(isec->sid, other_isec->sid,
3950 isec->sclass,
3951 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
3952 if (err)
3953 return err;
3954
3955
3956 ssec = sock->sk->sk_security;
3957 ssec->peer_sid = other_isec->sid;
3958
3959
3960 ssec = newsk->sk_security;
3961 ssec->peer_sid = isec->sid;
3962 err = security_sid_mls_copy(other_isec->sid, ssec->peer_sid, &ssec->sid);
3963
3964 return err;
3965}
3966
3967static int selinux_socket_unix_may_send(struct socket *sock,
3968 struct socket *other)
3969{
3970 struct inode_security_struct *isec;
3971 struct inode_security_struct *other_isec;
3972 struct avc_audit_data ad;
3973 int err;
3974
3975 isec = SOCK_INODE(sock)->i_security;
3976 other_isec = SOCK_INODE(other)->i_security;
3977
3978 AVC_AUDIT_DATA_INIT(&ad, NET);
3979 ad.u.net.sk = other->sk;
3980
3981 err = avc_has_perm(isec->sid, other_isec->sid,
3982 isec->sclass, SOCKET__SENDTO, &ad);
3983 if (err)
3984 return err;
3985
3986 return 0;
3987}
3988
3989static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family,
3990 u32 peer_sid,
3991 struct avc_audit_data *ad)
3992{
3993 int err;
3994 u32 if_sid;
3995 u32 node_sid;
3996
3997 err = sel_netif_sid(ifindex, &if_sid);
3998 if (err)
3999 return err;
4000 err = avc_has_perm(peer_sid, if_sid,
4001 SECCLASS_NETIF, NETIF__INGRESS, ad);
4002 if (err)
4003 return err;
4004
4005 err = sel_netnode_sid(addrp, family, &node_sid);
4006 if (err)
4007 return err;
4008 return avc_has_perm(peer_sid, node_sid,
4009 SECCLASS_NODE, NODE__RECVFROM, ad);
4010}
4011
4012static int selinux_sock_rcv_skb_iptables_compat(struct sock *sk,
4013 struct sk_buff *skb,
4014 struct avc_audit_data *ad,
4015 u16 family,
4016 char *addrp)
4017{
4018 int err;
4019 struct sk_security_struct *sksec = sk->sk_security;
4020 u16 sk_class;
4021 u32 netif_perm, node_perm, recv_perm;
4022 u32 port_sid, node_sid, if_sid, sk_sid;
4023
4024 sk_sid = sksec->sid;
4025 sk_class = sksec->sclass;
4026
4027 switch (sk_class) {
4028 case SECCLASS_UDP_SOCKET:
4029 netif_perm = NETIF__UDP_RECV;
4030 node_perm = NODE__UDP_RECV;
4031 recv_perm = UDP_SOCKET__RECV_MSG;
4032 break;
4033 case SECCLASS_TCP_SOCKET:
4034 netif_perm = NETIF__TCP_RECV;
4035 node_perm = NODE__TCP_RECV;
4036 recv_perm = TCP_SOCKET__RECV_MSG;
4037 break;
4038 case SECCLASS_DCCP_SOCKET:
4039 netif_perm = NETIF__DCCP_RECV;
4040 node_perm = NODE__DCCP_RECV;
4041 recv_perm = DCCP_SOCKET__RECV_MSG;
4042 break;
4043 default:
4044 netif_perm = NETIF__RAWIP_RECV;
4045 node_perm = NODE__RAWIP_RECV;
4046 recv_perm = 0;
4047 break;
4048 }
4049
4050 err = sel_netif_sid(skb->iif, &if_sid);
4051 if (err)
4052 return err;
4053 err = avc_has_perm(sk_sid, if_sid, SECCLASS_NETIF, netif_perm, ad);
4054 if (err)
4055 return err;
4056
4057 err = sel_netnode_sid(addrp, family, &node_sid);
4058 if (err)
4059 return err;
4060 err = avc_has_perm(sk_sid, node_sid, SECCLASS_NODE, node_perm, ad);
4061 if (err)
4062 return err;
4063
4064 if (!recv_perm)
4065 return 0;
4066 err = sel_netport_sid(sk->sk_protocol,
4067 ntohs(ad->u.net.sport), &port_sid);
4068 if (unlikely(err)) {
4069 printk(KERN_WARNING
4070 "SELinux: failure in"
4071 " selinux_sock_rcv_skb_iptables_compat(),"
4072 " network port label not found\n");
4073 return err;
4074 }
4075 return avc_has_perm(sk_sid, port_sid, sk_class, recv_perm, ad);
4076}
4077
4078static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4079 u16 family)
4080{
4081 int err;
4082 struct sk_security_struct *sksec = sk->sk_security;
4083 u32 peer_sid;
4084 u32 sk_sid = sksec->sid;
4085 struct avc_audit_data ad;
4086 char *addrp;
4087
4088 AVC_AUDIT_DATA_INIT(&ad, NET);
4089 ad.u.net.netif = skb->iif;
4090 ad.u.net.family = family;
4091 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4092 if (err)
4093 return err;
4094
4095 if (selinux_compat_net)
4096 err = selinux_sock_rcv_skb_iptables_compat(sk, skb, &ad,
4097 family, addrp);
4098 else
4099 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4100 PACKET__RECV, &ad);
4101 if (err)
4102 return err;
4103
4104 if (selinux_policycap_netpeer) {
4105 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
4106 if (err)
4107 return err;
4108 err = avc_has_perm(sk_sid, peer_sid,
4109 SECCLASS_PEER, PEER__RECV, &ad);
4110 if (err)
4111 selinux_netlbl_err(skb, err, 0);
4112 } else {
4113 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
4114 if (err)
4115 return err;
4116 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
4117 }
4118
4119 return err;
4120}
4121
4122static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4123{
4124 int err;
4125 struct sk_security_struct *sksec = sk->sk_security;
4126 u16 family = sk->sk_family;
4127 u32 sk_sid = sksec->sid;
4128 struct avc_audit_data ad;
4129 char *addrp;
4130 u8 secmark_active;
4131 u8 peerlbl_active;
4132
4133 if (family != PF_INET && family != PF_INET6)
4134 return 0;
4135
4136
4137 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4138 family = PF_INET;
4139
4140
4141
4142
4143
4144 if (selinux_compat_net || !selinux_policycap_netpeer)
4145 return selinux_sock_rcv_skb_compat(sk, skb, family);
4146
4147 secmark_active = selinux_secmark_enabled();
4148 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
4149 if (!secmark_active && !peerlbl_active)
4150 return 0;
4151
4152 AVC_AUDIT_DATA_INIT(&ad, NET);
4153 ad.u.net.netif = skb->iif;
4154 ad.u.net.family = family;
4155 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4156 if (err)
4157 return err;
4158
4159 if (peerlbl_active) {
4160 u32 peer_sid;
4161
4162 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
4163 if (err)
4164 return err;
4165 err = selinux_inet_sys_rcv_skb(skb->iif, addrp, family,
4166 peer_sid, &ad);
4167 if (err) {
4168 selinux_netlbl_err(skb, err, 0);
4169 return err;
4170 }
4171 err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
4172 PEER__RECV, &ad);
4173 if (err)
4174 selinux_netlbl_err(skb, err, 0);
4175 }
4176
4177 if (secmark_active) {
4178 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4179 PACKET__RECV, &ad);
4180 if (err)
4181 return err;
4182 }
4183
4184 return err;
4185}
4186
4187static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
4188 int __user *optlen, unsigned len)
4189{
4190 int err = 0;
4191 char *scontext;
4192 u32 scontext_len;
4193 struct sk_security_struct *ssec;
4194 struct inode_security_struct *isec;
4195 u32 peer_sid = SECSID_NULL;
4196
4197 isec = SOCK_INODE(sock)->i_security;
4198
4199 if (isec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
4200 isec->sclass == SECCLASS_TCP_SOCKET) {
4201 ssec = sock->sk->sk_security;
4202 peer_sid = ssec->peer_sid;
4203 }
4204 if (peer_sid == SECSID_NULL) {
4205 err = -ENOPROTOOPT;
4206 goto out;
4207 }
4208
4209 err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
4210
4211 if (err)
4212 goto out;
4213
4214 if (scontext_len > len) {
4215 err = -ERANGE;
4216 goto out_len;
4217 }
4218
4219 if (copy_to_user(optval, scontext, scontext_len))
4220 err = -EFAULT;
4221
4222out_len:
4223 if (put_user(scontext_len, optlen))
4224 err = -EFAULT;
4225
4226 kfree(scontext);
4227out:
4228 return err;
4229}
4230
4231static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
4232{
4233 u32 peer_secid = SECSID_NULL;
4234 u16 family;
4235
4236 if (skb && skb->protocol == htons(ETH_P_IP))
4237 family = PF_INET;
4238 else if (skb && skb->protocol == htons(ETH_P_IPV6))
4239 family = PF_INET6;
4240 else if (sock)
4241 family = sock->sk->sk_family;
4242 else
4243 goto out;
4244
4245 if (sock && family == PF_UNIX)
4246 selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
4247 else if (skb)
4248 selinux_skb_peerlbl_sid(skb, family, &peer_secid);
4249
4250out:
4251 *secid = peer_secid;
4252 if (peer_secid == SECSID_NULL)
4253 return -EINVAL;
4254 return 0;
4255}
4256
4257static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
4258{
4259 return sk_alloc_security(sk, family, priority);
4260}
4261
4262static void selinux_sk_free_security(struct sock *sk)
4263{
4264 sk_free_security(sk);
4265}
4266
4267static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
4268{
4269 struct sk_security_struct *ssec = sk->sk_security;
4270 struct sk_security_struct *newssec = newsk->sk_security;
4271
4272 newssec->sid = ssec->sid;
4273 newssec->peer_sid = ssec->peer_sid;
4274 newssec->sclass = ssec->sclass;
4275
4276 selinux_netlbl_sk_security_reset(newssec, newsk->sk_family);
4277}
4278
4279static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
4280{
4281 if (!sk)
4282 *secid = SECINITSID_ANY_SOCKET;
4283 else {
4284 struct sk_security_struct *sksec = sk->sk_security;
4285
4286 *secid = sksec->sid;
4287 }
4288}
4289
4290static void selinux_sock_graft(struct sock *sk, struct socket *parent)
4291{
4292 struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
4293 struct sk_security_struct *sksec = sk->sk_security;
4294
4295 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
4296 sk->sk_family == PF_UNIX)
4297 isec->sid = sksec->sid;
4298 sksec->sclass = isec->sclass;
4299}
4300
4301static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4302 struct request_sock *req)
4303{
4304 struct sk_security_struct *sksec = sk->sk_security;
4305 int err;
4306 u16 family = sk->sk_family;
4307 u32 newsid;
4308 u32 peersid;
4309
4310
4311 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4312 family = PF_INET;
4313
4314 err = selinux_skb_peerlbl_sid(skb, family, &peersid);
4315 if (err)
4316 return err;
4317 if (peersid == SECSID_NULL) {
4318 req->secid = sksec->sid;
4319 req->peer_secid = SECSID_NULL;
4320 return 0;
4321 }
4322
4323 err = security_sid_mls_copy(sksec->sid, peersid, &newsid);
4324 if (err)
4325 return err;
4326
4327 req->secid = newsid;
4328 req->peer_secid = peersid;
4329 return 0;
4330}
4331
4332static void selinux_inet_csk_clone(struct sock *newsk,
4333 const struct request_sock *req)
4334{
4335 struct sk_security_struct *newsksec = newsk->sk_security;
4336
4337 newsksec->sid = req->secid;
4338 newsksec->peer_sid = req->peer_secid;
4339
4340
4341
4342
4343
4344
4345
4346 selinux_netlbl_sk_security_reset(newsksec, req->rsk_ops->family);
4347}
4348
4349static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
4350{
4351 u16 family = sk->sk_family;
4352 struct sk_security_struct *sksec = sk->sk_security;
4353
4354
4355 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4356 family = PF_INET;
4357
4358 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
4359
4360 selinux_netlbl_inet_conn_established(sk, family);
4361}
4362
4363static void selinux_req_classify_flow(const struct request_sock *req,
4364 struct flowi *fl)
4365{
4366 fl->secid = req->secid;
4367}
4368
4369static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
4370{
4371 int err = 0;
4372 u32 perm;
4373 struct nlmsghdr *nlh;
4374 struct socket *sock = sk->sk_socket;
4375 struct inode_security_struct *isec = SOCK_INODE(sock)->i_security;
4376
4377 if (skb->len < NLMSG_SPACE(0)) {
4378 err = -EINVAL;
4379 goto out;
4380 }
4381 nlh = nlmsg_hdr(skb);
4382
4383 err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);
4384 if (err) {
4385 if (err == -EINVAL) {
4386 audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR,
4387 "SELinux: unrecognized netlink message"
4388 " type=%hu for sclass=%hu\n",
4389 nlh->nlmsg_type, isec->sclass);
4390 if (!selinux_enforcing)
4391 err = 0;
4392 }
4393
4394
4395 if (err == -ENOENT)
4396 err = 0;
4397 goto out;
4398 }
4399
4400 err = socket_has_perm(current, sock, perm);
4401out:
4402 return err;
4403}
4404
4405#ifdef CONFIG_NETFILTER
4406
4407static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex,
4408 u16 family)
4409{
4410 int err;
4411 char *addrp;
4412 u32 peer_sid;
4413 struct avc_audit_data ad;
4414 u8 secmark_active;
4415 u8 netlbl_active;
4416 u8 peerlbl_active;
4417
4418 if (!selinux_policycap_netpeer)
4419 return NF_ACCEPT;
4420
4421 secmark_active = selinux_secmark_enabled();
4422 netlbl_active = netlbl_enabled();
4423 peerlbl_active = netlbl_active || selinux_xfrm_enabled();
4424 if (!secmark_active && !peerlbl_active)
4425 return NF_ACCEPT;
4426
4427 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
4428 return NF_DROP;
4429
4430 AVC_AUDIT_DATA_INIT(&ad, NET);
4431 ad.u.net.netif = ifindex;
4432 ad.u.net.family = family;
4433 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
4434 return NF_DROP;
4435
4436 if (peerlbl_active) {
4437 err = selinux_inet_sys_rcv_skb(ifindex, addrp, family,
4438 peer_sid, &ad);
4439 if (err) {
4440 selinux_netlbl_err(skb, err, 1);
4441 return NF_DROP;
4442 }
4443 }
4444
4445 if (secmark_active)
4446 if (avc_has_perm(peer_sid, skb->secmark,
4447 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
4448 return NF_DROP;
4449
4450 if (netlbl_active)
4451
4452
4453
4454
4455 if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)
4456 return NF_DROP;
4457
4458 return NF_ACCEPT;
4459}
4460
4461static unsigned int selinux_ipv4_forward(unsigned int hooknum,
4462 struct sk_buff *skb,
4463 const struct net_device *in,
4464 const struct net_device *out,
4465 int (*okfn)(struct sk_buff *))
4466{
4467 return selinux_ip_forward(skb, in->ifindex, PF_INET);
4468}
4469
4470#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4471static unsigned int selinux_ipv6_forward(unsigned int hooknum,
4472 struct sk_buff *skb,
4473 const struct net_device *in,
4474 const struct net_device *out,
4475 int (*okfn)(struct sk_buff *))
4476{
4477 return selinux_ip_forward(skb, in->ifindex, PF_INET6);
4478}
4479#endif
4480
4481static unsigned int selinux_ip_output(struct sk_buff *skb,
4482 u16 family)
4483{
4484 u32 sid;
4485
4486 if (!netlbl_enabled())
4487 return NF_ACCEPT;
4488
4489
4490
4491
4492 if (skb->sk) {
4493 struct sk_security_struct *sksec = skb->sk->sk_security;
4494 sid = sksec->sid;
4495 } else
4496 sid = SECINITSID_KERNEL;
4497 if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0)
4498 return NF_DROP;
4499
4500 return NF_ACCEPT;
4501}
4502
4503static unsigned int selinux_ipv4_output(unsigned int hooknum,
4504 struct sk_buff *skb,
4505 const struct net_device *in,
4506 const struct net_device *out,
4507 int (*okfn)(struct sk_buff *))
4508{
4509 return selinux_ip_output(skb, PF_INET);
4510}
4511
4512static int selinux_ip_postroute_iptables_compat(struct sock *sk,
4513 int ifindex,
4514 struct avc_audit_data *ad,
4515 u16 family, char *addrp)
4516{
4517 int err;
4518 struct sk_security_struct *sksec = sk->sk_security;
4519 u16 sk_class;
4520 u32 netif_perm, node_perm, send_perm;
4521 u32 port_sid, node_sid, if_sid, sk_sid;
4522
4523 sk_sid = sksec->sid;
4524 sk_class = sksec->sclass;
4525
4526 switch (sk_class) {
4527 case SECCLASS_UDP_SOCKET:
4528 netif_perm = NETIF__UDP_SEND;
4529 node_perm = NODE__UDP_SEND;
4530 send_perm = UDP_SOCKET__SEND_MSG;
4531 break;
4532 case SECCLASS_TCP_SOCKET:
4533 netif_perm = NETIF__TCP_SEND;
4534 node_perm = NODE__TCP_SEND;
4535 send_perm = TCP_SOCKET__SEND_MSG;
4536 break;
4537 case SECCLASS_DCCP_SOCKET:
4538 netif_perm = NETIF__DCCP_SEND;
4539 node_perm = NODE__DCCP_SEND;
4540 send_perm = DCCP_SOCKET__SEND_MSG;
4541 break;
4542 default:
4543 netif_perm = NETIF__RAWIP_SEND;
4544 node_perm = NODE__RAWIP_SEND;
4545 send_perm = 0;
4546 break;
4547 }
4548
4549 err = sel_netif_sid(ifindex, &if_sid);
4550 if (err)
4551 return err;
4552 err = avc_has_perm(sk_sid, if_sid, SECCLASS_NETIF, netif_perm, ad);
4553 return err;
4554
4555 err = sel_netnode_sid(addrp, family, &node_sid);
4556 if (err)
4557 return err;
4558 err = avc_has_perm(sk_sid, node_sid, SECCLASS_NODE, node_perm, ad);
4559 if (err)
4560 return err;
4561
4562 if (send_perm != 0)
4563 return 0;
4564
4565 err = sel_netport_sid(sk->sk_protocol,
4566 ntohs(ad->u.net.dport), &port_sid);
4567 if (unlikely(err)) {
4568 printk(KERN_WARNING
4569 "SELinux: failure in"
4570 " selinux_ip_postroute_iptables_compat(),"
4571 " network port label not found\n");
4572 return err;
4573 }
4574 return avc_has_perm(sk_sid, port_sid, sk_class, send_perm, ad);
4575}
4576
4577static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
4578 int ifindex,
4579 u16 family)
4580{
4581 struct sock *sk = skb->sk;
4582 struct sk_security_struct *sksec;
4583 struct avc_audit_data ad;
4584 char *addrp;
4585 u8 proto;
4586
4587 if (sk == NULL)
4588 return NF_ACCEPT;
4589 sksec = sk->sk_security;
4590
4591 AVC_AUDIT_DATA_INIT(&ad, NET);
4592 ad.u.net.netif = ifindex;
4593 ad.u.net.family = family;
4594 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
4595 return NF_DROP;
4596
4597 if (selinux_compat_net) {
4598 if (selinux_ip_postroute_iptables_compat(skb->sk, ifindex,
4599 &ad, family, addrp))
4600 return NF_DROP;
4601 } else {
4602 if (avc_has_perm(sksec->sid, skb->secmark,
4603 SECCLASS_PACKET, PACKET__SEND, &ad))
4604 return NF_DROP;
4605 }
4606
4607 if (selinux_policycap_netpeer)
4608 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
4609 return NF_DROP;
4610
4611 return NF_ACCEPT;
4612}
4613
4614static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4615 u16 family)
4616{
4617 u32 secmark_perm;
4618 u32 peer_sid;
4619 struct sock *sk;
4620 struct avc_audit_data ad;
4621 char *addrp;
4622 u8 secmark_active;
4623 u8 peerlbl_active;
4624
4625
4626
4627
4628
4629 if (selinux_compat_net || !selinux_policycap_netpeer)
4630 return selinux_ip_postroute_compat(skb, ifindex, family);
4631
4632
4633
4634
4635
4636
4637
4638 if (skb->dst != NULL && skb->dst->xfrm != NULL)
4639 return NF_ACCEPT;
4640
4641 secmark_active = selinux_secmark_enabled();
4642 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
4643 if (!secmark_active && !peerlbl_active)
4644 return NF_ACCEPT;
4645
4646
4647
4648
4649
4650 sk = skb->sk;
4651 if (sk == NULL) {
4652 switch (family) {
4653 case PF_INET:
4654 if (IPCB(skb)->flags & IPSKB_FORWARDED)
4655 secmark_perm = PACKET__FORWARD_OUT;
4656 else
4657 secmark_perm = PACKET__SEND;
4658 break;
4659 case PF_INET6:
4660 if (IP6CB(skb)->flags & IP6SKB_FORWARDED)
4661 secmark_perm = PACKET__FORWARD_OUT;
4662 else
4663 secmark_perm = PACKET__SEND;
4664 break;
4665 default:
4666 return NF_DROP;
4667 }
4668 if (secmark_perm == PACKET__FORWARD_OUT) {
4669 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
4670 return NF_DROP;
4671 } else
4672 peer_sid = SECINITSID_KERNEL;
4673 } else {
4674 struct sk_security_struct *sksec = sk->sk_security;
4675 peer_sid = sksec->sid;
4676 secmark_perm = PACKET__SEND;
4677 }
4678
4679 AVC_AUDIT_DATA_INIT(&ad, NET);
4680 ad.u.net.netif = ifindex;
4681 ad.u.net.family = family;
4682 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
4683 return NF_DROP;
4684
4685 if (secmark_active)
4686 if (avc_has_perm(peer_sid, skb->secmark,
4687 SECCLASS_PACKET, secmark_perm, &ad))
4688 return NF_DROP;
4689
4690 if (peerlbl_active) {
4691 u32 if_sid;
4692 u32 node_sid;
4693
4694 if (sel_netif_sid(ifindex, &if_sid))
4695 return NF_DROP;
4696 if (avc_has_perm(peer_sid, if_sid,
4697 SECCLASS_NETIF, NETIF__EGRESS, &ad))
4698 return NF_DROP;
4699
4700 if (sel_netnode_sid(addrp, family, &node_sid))
4701 return NF_DROP;
4702 if (avc_has_perm(peer_sid, node_sid,
4703 SECCLASS_NODE, NODE__SENDTO, &ad))
4704 return NF_DROP;
4705 }
4706
4707 return NF_ACCEPT;
4708}
4709
4710static unsigned int selinux_ipv4_postroute(unsigned int hooknum,
4711 struct sk_buff *skb,
4712 const struct net_device *in,
4713 const struct net_device *out,
4714 int (*okfn)(struct sk_buff *))
4715{
4716 return selinux_ip_postroute(skb, out->ifindex, PF_INET);
4717}
4718
4719#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4720static unsigned int selinux_ipv6_postroute(unsigned int hooknum,
4721 struct sk_buff *skb,
4722 const struct net_device *in,
4723 const struct net_device *out,
4724 int (*okfn)(struct sk_buff *))
4725{
4726 return selinux_ip_postroute(skb, out->ifindex, PF_INET6);
4727}
4728#endif
4729
4730#endif
4731
4732static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
4733{
4734 int err;
4735
4736 err = secondary_ops->netlink_send(sk, skb);
4737 if (err)
4738 return err;
4739
4740 if (policydb_loaded_version >= POLICYDB_VERSION_NLCLASS)
4741 err = selinux_nlmsg_perm(sk, skb);
4742
4743 return err;
4744}
4745
4746static int selinux_netlink_recv(struct sk_buff *skb, int capability)
4747{
4748 int err;
4749 struct avc_audit_data ad;
4750
4751 err = secondary_ops->netlink_recv(skb, capability);
4752 if (err)
4753 return err;
4754
4755 AVC_AUDIT_DATA_INIT(&ad, CAP);
4756 ad.u.cap = capability;
4757
4758 return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid,
4759 SECCLASS_CAPABILITY, CAP_TO_MASK(capability), &ad);
4760}
4761
4762static int ipc_alloc_security(struct task_struct *task,
4763 struct kern_ipc_perm *perm,
4764 u16 sclass)
4765{
4766 struct task_security_struct *tsec = task->security;
4767 struct ipc_security_struct *isec;
4768
4769 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
4770 if (!isec)
4771 return -ENOMEM;
4772
4773 isec->sclass = sclass;
4774 isec->sid = tsec->sid;
4775 perm->security = isec;
4776
4777 return 0;
4778}
4779
4780static void ipc_free_security(struct kern_ipc_perm *perm)
4781{
4782 struct ipc_security_struct *isec = perm->security;
4783 perm->security = NULL;
4784 kfree(isec);
4785}
4786
4787static int msg_msg_alloc_security(struct msg_msg *msg)
4788{
4789 struct msg_security_struct *msec;
4790
4791 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
4792 if (!msec)
4793 return -ENOMEM;
4794
4795 msec->sid = SECINITSID_UNLABELED;
4796 msg->security = msec;
4797
4798 return 0;
4799}
4800
4801static void msg_msg_free_security(struct msg_msg *msg)
4802{
4803 struct msg_security_struct *msec = msg->security;
4804
4805 msg->security = NULL;
4806 kfree(msec);
4807}
4808
4809static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
4810 u32 perms)
4811{
4812 struct task_security_struct *tsec;
4813 struct ipc_security_struct *isec;
4814 struct avc_audit_data ad;
4815
4816 tsec = current->security;
4817 isec = ipc_perms->security;
4818
4819 AVC_AUDIT_DATA_INIT(&ad, IPC);
4820 ad.u.ipc_id = ipc_perms->key;
4821
4822 return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad);
4823}
4824
4825static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
4826{
4827 return msg_msg_alloc_security(msg);
4828}
4829
4830static void selinux_msg_msg_free_security(struct msg_msg *msg)
4831{
4832 msg_msg_free_security(msg);
4833}
4834
4835
4836static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
4837{
4838 struct task_security_struct *tsec;
4839 struct ipc_security_struct *isec;
4840 struct avc_audit_data ad;
4841 int rc;
4842
4843 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
4844 if (rc)
4845 return rc;
4846
4847 tsec = current->security;
4848 isec = msq->q_perm.security;
4849
4850 AVC_AUDIT_DATA_INIT(&ad, IPC);
4851 ad.u.ipc_id = msq->q_perm.key;
4852
4853 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
4854 MSGQ__CREATE, &ad);
4855 if (rc) {
4856 ipc_free_security(&msq->q_perm);
4857 return rc;
4858 }
4859 return 0;
4860}
4861
4862static void selinux_msg_queue_free_security(struct msg_queue *msq)
4863{
4864 ipc_free_security(&msq->q_perm);
4865}
4866
4867static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
4868{
4869 struct task_security_struct *tsec;
4870 struct ipc_security_struct *isec;
4871 struct avc_audit_data ad;
4872
4873 tsec = current->security;
4874 isec = msq->q_perm.security;
4875
4876 AVC_AUDIT_DATA_INIT(&ad, IPC);
4877 ad.u.ipc_id = msq->q_perm.key;
4878
4879 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
4880 MSGQ__ASSOCIATE, &ad);
4881}
4882
4883static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
4884{
4885 int err;
4886 int perms;
4887
4888 switch (cmd) {
4889 case IPC_INFO:
4890 case MSG_INFO:
4891
4892 return task_has_system(current, SYSTEM__IPC_INFO);
4893 case IPC_STAT:
4894 case MSG_STAT:
4895 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
4896 break;
4897 case IPC_SET:
4898 perms = MSGQ__SETATTR;
4899 break;
4900 case IPC_RMID:
4901 perms = MSGQ__DESTROY;
4902 break;
4903 default:
4904 return 0;
4905 }
4906
4907 err = ipc_has_perm(&msq->q_perm, perms);
4908 return err;
4909}
4910
4911static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
4912{
4913 struct task_security_struct *tsec;
4914 struct ipc_security_struct *isec;
4915 struct msg_security_struct *msec;
4916 struct avc_audit_data ad;
4917 int rc;
4918
4919 tsec = current->security;
4920 isec = msq->q_perm.security;
4921 msec = msg->security;
4922
4923
4924
4925
4926 if (msec->sid == SECINITSID_UNLABELED) {
4927
4928
4929
4930
4931 rc = security_transition_sid(tsec->sid,
4932 isec->sid,
4933 SECCLASS_MSG,
4934 &msec->sid);
4935 if (rc)
4936 return rc;
4937 }
4938
4939 AVC_AUDIT_DATA_INIT(&ad, IPC);
4940 ad.u.ipc_id = msq->q_perm.key;
4941
4942
4943 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
4944 MSGQ__WRITE, &ad);
4945 if (!rc)
4946
4947 rc = avc_has_perm(tsec->sid, msec->sid,
4948 SECCLASS_MSG, MSG__SEND, &ad);
4949 if (!rc)
4950
4951 rc = avc_has_perm(msec->sid, isec->sid,
4952 SECCLASS_MSGQ, MSGQ__ENQUEUE, &ad);
4953
4954 return rc;
4955}
4956
4957static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
4958 struct task_struct *target,
4959 long type, int mode)
4960{
4961 struct task_security_struct *tsec;
4962 struct ipc_security_struct *isec;
4963 struct msg_security_struct *msec;
4964 struct avc_audit_data ad;
4965 int rc;
4966
4967 tsec = target->security;
4968 isec = msq->q_perm.security;
4969 msec = msg->security;
4970
4971 AVC_AUDIT_DATA_INIT(&ad, IPC);
4972 ad.u.ipc_id = msq->q_perm.key;
4973
4974 rc = avc_has_perm(tsec->sid, isec->sid,
4975 SECCLASS_MSGQ, MSGQ__READ, &ad);
4976 if (!rc)
4977 rc = avc_has_perm(tsec->sid, msec->sid,
4978 SECCLASS_MSG, MSG__RECEIVE, &ad);
4979 return rc;
4980}
4981
4982
4983static int selinux_shm_alloc_security(struct shmid_kernel *shp)
4984{
4985 struct task_security_struct *tsec;
4986 struct ipc_security_struct *isec;
4987 struct avc_audit_data ad;
4988 int rc;
4989
4990 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
4991 if (rc)
4992 return rc;
4993
4994 tsec = current->security;
4995 isec = shp->shm_perm.security;
4996
4997 AVC_AUDIT_DATA_INIT(&ad, IPC);
4998 ad.u.ipc_id = shp->shm_perm.key;
4999
5000 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM,
5001 SHM__CREATE, &ad);
5002 if (rc) {
5003 ipc_free_security(&shp->shm_perm);
5004 return rc;
5005 }
5006 return 0;
5007}
5008
5009static void selinux_shm_free_security(struct shmid_kernel *shp)
5010{
5011 ipc_free_security(&shp->shm_perm);
5012}
5013
5014static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
5015{
5016 struct task_security_struct *tsec;
5017 struct ipc_security_struct *isec;
5018 struct avc_audit_data ad;
5019
5020 tsec = current->security;
5021 isec = shp->shm_perm.security;
5022
5023 AVC_AUDIT_DATA_INIT(&ad, IPC);
5024 ad.u.ipc_id = shp->shm_perm.key;
5025
5026 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM,
5027 SHM__ASSOCIATE, &ad);
5028}
5029
5030
5031static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
5032{
5033 int perms;
5034 int err;
5035
5036 switch (cmd) {
5037 case IPC_INFO:
5038 case SHM_INFO:
5039
5040 return task_has_system(current, SYSTEM__IPC_INFO);
5041 case IPC_STAT:
5042 case SHM_STAT:
5043 perms = SHM__GETATTR | SHM__ASSOCIATE;
5044 break;
5045 case IPC_SET:
5046 perms = SHM__SETATTR;
5047 break;
5048 case SHM_LOCK:
5049 case SHM_UNLOCK:
5050 perms = SHM__LOCK;
5051 break;
5052 case IPC_RMID:
5053 perms = SHM__DESTROY;
5054 break;
5055 default:
5056 return 0;
5057 }
5058
5059 err = ipc_has_perm(&shp->shm_perm, perms);
5060 return err;
5061}
5062
5063static int selinux_shm_shmat(struct shmid_kernel *shp,
5064 char __user *shmaddr, int shmflg)
5065{
5066 u32 perms;
5067 int rc;
5068
5069 rc = secondary_ops->shm_shmat(shp, shmaddr, shmflg);
5070 if (rc)
5071 return rc;
5072
5073 if (shmflg & SHM_RDONLY)
5074 perms = SHM__READ;
5075 else
5076 perms = SHM__READ | SHM__WRITE;
5077
5078 return ipc_has_perm(&shp->shm_perm, perms);
5079}
5080
5081
5082static int selinux_sem_alloc_security(struct sem_array *sma)
5083{
5084 struct task_security_struct *tsec;
5085 struct ipc_security_struct *isec;
5086 struct avc_audit_data ad;
5087 int rc;
5088
5089 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
5090 if (rc)
5091 return rc;
5092
5093 tsec = current->security;
5094 isec = sma->sem_perm.security;
5095
5096 AVC_AUDIT_DATA_INIT(&ad, IPC);
5097 ad.u.ipc_id = sma->sem_perm.key;
5098
5099 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM,
5100 SEM__CREATE, &ad);
5101 if (rc) {
5102 ipc_free_security(&sma->sem_perm);
5103 return rc;
5104 }
5105 return 0;
5106}
5107
5108static void selinux_sem_free_security(struct sem_array *sma)
5109{
5110 ipc_free_security(&sma->sem_perm);
5111}
5112
5113static int selinux_sem_associate(struct sem_array *sma, int semflg)
5114{
5115 struct task_security_struct *tsec;
5116 struct ipc_security_struct *isec;
5117 struct avc_audit_data ad;
5118
5119 tsec = current->security;
5120 isec = sma->sem_perm.security;
5121
5122 AVC_AUDIT_DATA_INIT(&ad, IPC);
5123 ad.u.ipc_id = sma->sem_perm.key;
5124
5125 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM,
5126 SEM__ASSOCIATE, &ad);
5127}
5128
5129
5130static int selinux_sem_semctl(struct sem_array *sma, int cmd)
5131{
5132 int err;
5133 u32 perms;
5134
5135 switch (cmd) {
5136 case IPC_INFO:
5137 case SEM_INFO:
5138
5139 return task_has_system(current, SYSTEM__IPC_INFO);
5140 case GETPID:
5141 case GETNCNT:
5142 case GETZCNT:
5143 perms = SEM__GETATTR;
5144 break;
5145 case GETVAL:
5146 case GETALL:
5147 perms = SEM__READ;
5148 break;
5149 case SETVAL:
5150 case SETALL:
5151 perms = SEM__WRITE;
5152 break;
5153 case IPC_RMID:
5154 perms = SEM__DESTROY;
5155 break;
5156 case IPC_SET:
5157 perms = SEM__SETATTR;
5158 break;
5159 case IPC_STAT:
5160 case SEM_STAT:
5161 perms = SEM__GETATTR | SEM__ASSOCIATE;
5162 break;
5163 default:
5164 return 0;
5165 }
5166
5167 err = ipc_has_perm(&sma->sem_perm, perms);
5168 return err;
5169}
5170
5171static int selinux_sem_semop(struct sem_array *sma,
5172 struct sembuf *sops, unsigned nsops, int alter)
5173{
5174 u32 perms;
5175
5176 if (alter)
5177 perms = SEM__READ | SEM__WRITE;
5178 else
5179 perms = SEM__READ;
5180
5181 return ipc_has_perm(&sma->sem_perm, perms);
5182}
5183
5184static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
5185{
5186 u32 av = 0;
5187
5188 av = 0;
5189 if (flag & S_IRUGO)
5190 av |= IPC__UNIX_READ;
5191 if (flag & S_IWUGO)
5192 av |= IPC__UNIX_WRITE;
5193
5194 if (av == 0)
5195 return 0;
5196
5197 return ipc_has_perm(ipcp, av);
5198}
5199
5200static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
5201{
5202 struct ipc_security_struct *isec = ipcp->security;
5203 *secid = isec->sid;
5204}
5205
5206static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
5207{
5208 if (inode)
5209 inode_doinit_with_dentry(inode, dentry);
5210}
5211
5212static int selinux_getprocattr(struct task_struct *p,
5213 char *name, char **value)
5214{
5215 struct task_security_struct *tsec;
5216 u32 sid;
5217 int error;
5218 unsigned len;
5219
5220 if (current != p) {
5221 error = task_has_perm(current, p, PROCESS__GETATTR);
5222 if (error)
5223 return error;
5224 }
5225
5226 tsec = p->security;
5227
5228 if (!strcmp(name, "current"))
5229 sid = tsec->sid;
5230 else if (!strcmp(name, "prev"))
5231 sid = tsec->osid;
5232 else if (!strcmp(name, "exec"))
5233 sid = tsec->exec_sid;
5234 else if (!strcmp(name, "fscreate"))
5235 sid = tsec->create_sid;
5236 else if (!strcmp(name, "keycreate"))
5237 sid = tsec->keycreate_sid;
5238 else if (!strcmp(name, "sockcreate"))
5239 sid = tsec->sockcreate_sid;
5240 else
5241 return -EINVAL;
5242
5243 if (!sid)
5244 return 0;
5245
5246 error = security_sid_to_context(sid, value, &len);
5247 if (error)
5248 return error;
5249 return len;
5250}
5251
5252static int selinux_setprocattr(struct task_struct *p,
5253 char *name, void *value, size_t size)
5254{
5255 struct task_security_struct *tsec;
5256 struct task_struct *tracer;
5257 u32 sid = 0;
5258 int error;
5259 char *str = value;
5260
5261 if (current != p) {
5262
5263
5264 return -EACCES;
5265 }
5266
5267
5268
5269
5270
5271
5272 if (!strcmp(name, "exec"))
5273 error = task_has_perm(current, p, PROCESS__SETEXEC);
5274 else if (!strcmp(name, "fscreate"))
5275 error = task_has_perm(current, p, PROCESS__SETFSCREATE);
5276 else if (!strcmp(name, "keycreate"))
5277 error = task_has_perm(current, p, PROCESS__SETKEYCREATE);
5278 else if (!strcmp(name, "sockcreate"))
5279 error = task_has_perm(current, p, PROCESS__SETSOCKCREATE);
5280 else if (!strcmp(name, "current"))
5281 error = task_has_perm(current, p, PROCESS__SETCURRENT);
5282 else
5283 error = -EINVAL;
5284 if (error)
5285 return error;
5286
5287
5288 if (size && str[1] && str[1] != '\n') {
5289 if (str[size-1] == '\n') {
5290 str[size-1] = 0;
5291 size--;
5292 }
5293 error = security_context_to_sid(value, size, &sid);
5294 if (error == -EINVAL && !strcmp(name, "fscreate")) {
5295 if (!capable(CAP_MAC_ADMIN))
5296 return error;
5297 error = security_context_to_sid_force(value, size,
5298 &sid);
5299 }
5300 if (error)
5301 return error;
5302 }
5303
5304
5305
5306
5307
5308
5309
5310 tsec = p->security;
5311 if (!strcmp(name, "exec"))
5312 tsec->exec_sid = sid;
5313 else if (!strcmp(name, "fscreate"))
5314 tsec->create_sid = sid;
5315 else if (!strcmp(name, "keycreate")) {
5316 error = may_create_key(sid, p);
5317 if (error)
5318 return error;
5319 tsec->keycreate_sid = sid;
5320 } else if (!strcmp(name, "sockcreate"))
5321 tsec->sockcreate_sid = sid;
5322 else if (!strcmp(name, "current")) {
5323 struct av_decision avd;
5324
5325 if (sid == 0)
5326 return -EINVAL;
5327
5328
5329
5330
5331
5332
5333 if (atomic_read(&p->mm->mm_users) != 1) {
5334 struct task_struct *g, *t;
5335 struct mm_struct *mm = p->mm;
5336 read_lock(&tasklist_lock);
5337 do_each_thread(g, t) {
5338 if (t->mm == mm && t != p) {
5339 read_unlock(&tasklist_lock);
5340 error = security_bounded_transition(tsec->sid, sid);
5341 if (!error)
5342 goto boundary_ok;
5343
5344 return error;
5345 }
5346 } while_each_thread(g, t);
5347 read_unlock(&tasklist_lock);
5348 }
5349boundary_ok:
5350
5351
5352 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
5353 PROCESS__DYNTRANSITION, NULL);
5354 if (error)
5355 return error;
5356
5357
5358
5359 task_lock(p);
5360 rcu_read_lock();
5361 tracer = tracehook_tracer_task(p);
5362 if (tracer != NULL) {
5363 struct task_security_struct *ptsec = tracer->security;
5364 u32 ptsid = ptsec->sid;
5365 rcu_read_unlock();
5366 error = avc_has_perm_noaudit(ptsid, sid,
5367 SECCLASS_PROCESS,
5368 PROCESS__PTRACE, 0, &avd);
5369 if (!error)
5370 tsec->sid = sid;
5371 task_unlock(p);
5372 avc_audit(ptsid, sid, SECCLASS_PROCESS,
5373 PROCESS__PTRACE, &avd, error, NULL);
5374 if (error)
5375 return error;
5376 } else {
5377 rcu_read_unlock();
5378 tsec->sid = sid;
5379 task_unlock(p);
5380 }
5381 } else
5382 return -EINVAL;
5383
5384 return size;
5385}
5386
5387static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
5388{
5389 return security_sid_to_context(secid, secdata, seclen);
5390}
5391
5392static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
5393{
5394 return security_context_to_sid(secdata, seclen, secid);
5395}
5396
5397static void selinux_release_secctx(char *secdata, u32 seclen)
5398{
5399 kfree(secdata);
5400}
5401
5402#ifdef CONFIG_KEYS
5403
5404static int selinux_key_alloc(struct key *k, struct task_struct *tsk,
5405 unsigned long flags)
5406{
5407 struct task_security_struct *tsec = tsk->security;
5408 struct key_security_struct *ksec;
5409
5410 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
5411 if (!ksec)
5412 return -ENOMEM;
5413
5414 if (tsec->keycreate_sid)
5415 ksec->sid = tsec->keycreate_sid;
5416 else
5417 ksec->sid = tsec->sid;
5418 k->security = ksec;
5419
5420 return 0;
5421}
5422
5423static void selinux_key_free(struct key *k)
5424{
5425 struct key_security_struct *ksec = k->security;
5426
5427 k->security = NULL;
5428 kfree(ksec);
5429}
5430
5431static int selinux_key_permission(key_ref_t key_ref,
5432 struct task_struct *ctx,
5433 key_perm_t perm)
5434{
5435 struct key *key;
5436 struct task_security_struct *tsec;
5437 struct key_security_struct *ksec;
5438
5439 key = key_ref_to_ptr(key_ref);
5440
5441 tsec = ctx->security;
5442 ksec = key->security;
5443
5444
5445
5446
5447 if (perm == 0)
5448 return 0;
5449
5450 return avc_has_perm(tsec->sid, ksec->sid,
5451 SECCLASS_KEY, perm, NULL);
5452}
5453
5454static int selinux_key_getsecurity(struct key *key, char **_buffer)
5455{
5456 struct key_security_struct *ksec = key->security;
5457 char *context = NULL;
5458 unsigned len;
5459 int rc;
5460
5461 rc = security_sid_to_context(ksec->sid, &context, &len);
5462 if (!rc)
5463 rc = len;
5464 *_buffer = context;
5465 return rc;
5466}
5467
5468#endif
5469
5470static struct security_operations selinux_ops = {
5471 .name = "selinux",
5472
5473 .ptrace_may_access = selinux_ptrace_may_access,
5474 .ptrace_traceme = selinux_ptrace_traceme,
5475 .capget = selinux_capget,
5476 .capset_check = selinux_capset_check,
5477 .capset_set = selinux_capset_set,
5478 .sysctl = selinux_sysctl,
5479 .capable = selinux_capable,
5480 .quotactl = selinux_quotactl,
5481 .quota_on = selinux_quota_on,
5482 .syslog = selinux_syslog,
5483 .vm_enough_memory = selinux_vm_enough_memory,
5484
5485 .netlink_send = selinux_netlink_send,
5486 .netlink_recv = selinux_netlink_recv,
5487
5488 .bprm_alloc_security = selinux_bprm_alloc_security,
5489 .bprm_free_security = selinux_bprm_free_security,
5490 .bprm_apply_creds = selinux_bprm_apply_creds,
5491 .bprm_post_apply_creds = selinux_bprm_post_apply_creds,
5492 .bprm_set_security = selinux_bprm_set_security,
5493 .bprm_check_security = selinux_bprm_check_security,
5494 .bprm_secureexec = selinux_bprm_secureexec,
5495
5496 .sb_alloc_security = selinux_sb_alloc_security,
5497 .sb_free_security = selinux_sb_free_security,
5498 .sb_copy_data = selinux_sb_copy_data,
5499 .sb_kern_mount = selinux_sb_kern_mount,
5500 .sb_show_options = selinux_sb_show_options,
5501 .sb_statfs = selinux_sb_statfs,
5502 .sb_mount = selinux_mount,
5503 .sb_umount = selinux_umount,
5504 .sb_set_mnt_opts = selinux_set_mnt_opts,
5505 .sb_clone_mnt_opts = selinux_sb_clone_mnt_opts,
5506 .sb_parse_opts_str = selinux_parse_opts_str,
5507
5508
5509 .inode_alloc_security = selinux_inode_alloc_security,
5510 .inode_free_security = selinux_inode_free_security,
5511 .inode_init_security = selinux_inode_init_security,
5512 .inode_create = selinux_inode_create,
5513 .inode_link = selinux_inode_link,
5514 .inode_unlink = selinux_inode_unlink,
5515 .inode_symlink = selinux_inode_symlink,
5516 .inode_mkdir = selinux_inode_mkdir,
5517 .inode_rmdir = selinux_inode_rmdir,
5518 .inode_mknod = selinux_inode_mknod,
5519 .inode_rename = selinux_inode_rename,
5520 .inode_readlink = selinux_inode_readlink,
5521 .inode_follow_link = selinux_inode_follow_link,
5522 .inode_permission = selinux_inode_permission,
5523 .inode_setattr = selinux_inode_setattr,
5524 .inode_getattr = selinux_inode_getattr,
5525 .inode_setxattr = selinux_inode_setxattr,
5526 .inode_post_setxattr = selinux_inode_post_setxattr,
5527 .inode_getxattr = selinux_inode_getxattr,
5528 .inode_listxattr = selinux_inode_listxattr,
5529 .inode_removexattr = selinux_inode_removexattr,
5530 .inode_getsecurity = selinux_inode_getsecurity,
5531 .inode_setsecurity = selinux_inode_setsecurity,
5532 .inode_listsecurity = selinux_inode_listsecurity,
5533 .inode_need_killpriv = selinux_inode_need_killpriv,
5534 .inode_killpriv = selinux_inode_killpriv,
5535 .inode_getsecid = selinux_inode_getsecid,
5536
5537 .file_permission = selinux_file_permission,
5538 .file_alloc_security = selinux_file_alloc_security,
5539 .file_free_security = selinux_file_free_security,
5540 .file_ioctl = selinux_file_ioctl,
5541 .file_mmap = selinux_file_mmap,
5542 .file_mprotect = selinux_file_mprotect,
5543 .file_lock = selinux_file_lock,
5544 .file_fcntl = selinux_file_fcntl,
5545 .file_set_fowner = selinux_file_set_fowner,
5546 .file_send_sigiotask = selinux_file_send_sigiotask,
5547 .file_receive = selinux_file_receive,
5548
5549 .dentry_open = selinux_dentry_open,
5550
5551 .task_create = selinux_task_create,
5552 .task_alloc_security = selinux_task_alloc_security,
5553 .task_free_security = selinux_task_free_security,
5554 .task_setuid = selinux_task_setuid,
5555 .task_post_setuid = selinux_task_post_setuid,
5556 .task_setgid = selinux_task_setgid,
5557 .task_setpgid = selinux_task_setpgid,
5558 .task_getpgid = selinux_task_getpgid,
5559 .task_getsid = selinux_task_getsid,
5560 .task_getsecid = selinux_task_getsecid,
5561 .task_setgroups = selinux_task_setgroups,
5562 .task_setnice = selinux_task_setnice,
5563 .task_setioprio = selinux_task_setioprio,
5564 .task_getioprio = selinux_task_getioprio,
5565 .task_setrlimit = selinux_task_setrlimit,
5566 .task_setscheduler = selinux_task_setscheduler,
5567 .task_getscheduler = selinux_task_getscheduler,
5568 .task_movememory = selinux_task_movememory,
5569 .task_kill = selinux_task_kill,
5570 .task_wait = selinux_task_wait,
5571 .task_prctl = selinux_task_prctl,
5572 .task_reparent_to_init = selinux_task_reparent_to_init,
5573 .task_to_inode = selinux_task_to_inode,
5574
5575 .ipc_permission = selinux_ipc_permission,
5576 .ipc_getsecid = selinux_ipc_getsecid,
5577
5578 .msg_msg_alloc_security = selinux_msg_msg_alloc_security,
5579 .msg_msg_free_security = selinux_msg_msg_free_security,
5580
5581 .msg_queue_alloc_security = selinux_msg_queue_alloc_security,
5582 .msg_queue_free_security = selinux_msg_queue_free_security,
5583 .msg_queue_associate = selinux_msg_queue_associate,
5584 .msg_queue_msgctl = selinux_msg_queue_msgctl,
5585 .msg_queue_msgsnd = selinux_msg_queue_msgsnd,
5586 .msg_queue_msgrcv = selinux_msg_queue_msgrcv,
5587
5588 .shm_alloc_security = selinux_shm_alloc_security,
5589 .shm_free_security = selinux_shm_free_security,
5590 .shm_associate = selinux_shm_associate,
5591 .shm_shmctl = selinux_shm_shmctl,
5592 .shm_shmat = selinux_shm_shmat,
5593
5594 .sem_alloc_security = selinux_sem_alloc_security,
5595 .sem_free_security = selinux_sem_free_security,
5596 .sem_associate = selinux_sem_associate,
5597 .sem_semctl = selinux_sem_semctl,
5598 .sem_semop = selinux_sem_semop,
5599
5600 .d_instantiate = selinux_d_instantiate,
5601
5602 .getprocattr = selinux_getprocattr,
5603 .setprocattr = selinux_setprocattr,
5604
5605 .secid_to_secctx = selinux_secid_to_secctx,
5606 .secctx_to_secid = selinux_secctx_to_secid,
5607 .release_secctx = selinux_release_secctx,
5608
5609 .unix_stream_connect = selinux_socket_unix_stream_connect,
5610 .unix_may_send = selinux_socket_unix_may_send,
5611
5612 .socket_create = selinux_socket_create,
5613 .socket_post_create = selinux_socket_post_create,
5614 .socket_bind = selinux_socket_bind,
5615 .socket_connect = selinux_socket_connect,
5616 .socket_listen = selinux_socket_listen,
5617 .socket_accept = selinux_socket_accept,
5618 .socket_sendmsg = selinux_socket_sendmsg,
5619 .socket_recvmsg = selinux_socket_recvmsg,
5620 .socket_getsockname = selinux_socket_getsockname,
5621 .socket_getpeername = selinux_socket_getpeername,
5622 .socket_getsockopt = selinux_socket_getsockopt,
5623 .socket_setsockopt = selinux_socket_setsockopt,
5624 .socket_shutdown = selinux_socket_shutdown,
5625 .socket_sock_rcv_skb = selinux_socket_sock_rcv_skb,
5626 .socket_getpeersec_stream = selinux_socket_getpeersec_stream,
5627 .socket_getpeersec_dgram = selinux_socket_getpeersec_dgram,
5628 .sk_alloc_security = selinux_sk_alloc_security,
5629 .sk_free_security = selinux_sk_free_security,
5630 .sk_clone_security = selinux_sk_clone_security,
5631 .sk_getsecid = selinux_sk_getsecid,
5632 .sock_graft = selinux_sock_graft,
5633 .inet_conn_request = selinux_inet_conn_request,
5634 .inet_csk_clone = selinux_inet_csk_clone,
5635 .inet_conn_established = selinux_inet_conn_established,
5636 .req_classify_flow = selinux_req_classify_flow,
5637
5638#ifdef CONFIG_SECURITY_NETWORK_XFRM
5639 .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc,
5640 .xfrm_policy_clone_security = selinux_xfrm_policy_clone,
5641 .xfrm_policy_free_security = selinux_xfrm_policy_free,
5642 .xfrm_policy_delete_security = selinux_xfrm_policy_delete,
5643 .xfrm_state_alloc_security = selinux_xfrm_state_alloc,
5644 .xfrm_state_free_security = selinux_xfrm_state_free,
5645 .xfrm_state_delete_security = selinux_xfrm_state_delete,
5646 .xfrm_policy_lookup = selinux_xfrm_policy_lookup,
5647 .xfrm_state_pol_flow_match = selinux_xfrm_state_pol_flow_match,
5648 .xfrm_decode_session = selinux_xfrm_decode_session,
5649#endif
5650
5651#ifdef CONFIG_KEYS
5652 .key_alloc = selinux_key_alloc,
5653 .key_free = selinux_key_free,
5654 .key_permission = selinux_key_permission,
5655 .key_getsecurity = selinux_key_getsecurity,
5656#endif
5657
5658#ifdef CONFIG_AUDIT
5659 .audit_rule_init = selinux_audit_rule_init,
5660 .audit_rule_known = selinux_audit_rule_known,
5661 .audit_rule_match = selinux_audit_rule_match,
5662 .audit_rule_free = selinux_audit_rule_free,
5663#endif
5664};
5665
5666static __init int selinux_init(void)
5667{
5668 struct task_security_struct *tsec;
5669
5670 if (!security_module_enable(&selinux_ops)) {
5671 selinux_enabled = 0;
5672 return 0;
5673 }
5674
5675 if (!selinux_enabled) {
5676 printk(KERN_INFO "SELinux: Disabled at boot.\n");
5677 return 0;
5678 }
5679
5680 printk(KERN_INFO "SELinux: Initializing.\n");
5681
5682
5683 if (task_alloc_security(current))
5684 panic("SELinux: Failed to initialize initial task.\n");
5685 tsec = current->security;
5686 tsec->osid = tsec->sid = SECINITSID_KERNEL;
5687
5688 sel_inode_cache = kmem_cache_create("selinux_inode_security",
5689 sizeof(struct inode_security_struct),
5690 0, SLAB_PANIC, NULL);
5691 avc_init();
5692
5693 secondary_ops = security_ops;
5694 if (!secondary_ops)
5695 panic("SELinux: No initial security operations\n");
5696 if (register_security(&selinux_ops))
5697 panic("SELinux: Unable to register with kernel.\n");
5698
5699 if (selinux_enforcing)
5700 printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
5701 else
5702 printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
5703
5704 return 0;
5705}
5706
5707void selinux_complete_init(void)
5708{
5709 printk(KERN_DEBUG "SELinux: Completing initialization.\n");
5710
5711
5712 printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");
5713 spin_lock(&sb_lock);
5714 spin_lock(&sb_security_lock);
5715next_sb:
5716 if (!list_empty(&superblock_security_head)) {
5717 struct superblock_security_struct *sbsec =
5718 list_entry(superblock_security_head.next,
5719 struct superblock_security_struct,
5720 list);
5721 struct super_block *sb = sbsec->sb;
5722 sb->s_count++;
5723 spin_unlock(&sb_security_lock);
5724 spin_unlock(&sb_lock);
5725 down_read(&sb->s_umount);
5726 if (sb->s_root)
5727 superblock_doinit(sb, NULL);
5728 drop_super(sb);
5729 spin_lock(&sb_lock);
5730 spin_lock(&sb_security_lock);
5731 list_del_init(&sbsec->list);
5732 goto next_sb;
5733 }
5734 spin_unlock(&sb_security_lock);
5735 spin_unlock(&sb_lock);
5736}
5737
5738
5739
5740security_initcall(selinux_init);
5741
5742#if defined(CONFIG_NETFILTER)
5743
5744static struct nf_hook_ops selinux_ipv4_ops[] = {
5745 {
5746 .hook = selinux_ipv4_postroute,
5747 .owner = THIS_MODULE,
5748 .pf = PF_INET,
5749 .hooknum = NF_INET_POST_ROUTING,
5750 .priority = NF_IP_PRI_SELINUX_LAST,
5751 },
5752 {
5753 .hook = selinux_ipv4_forward,
5754 .owner = THIS_MODULE,
5755 .pf = PF_INET,
5756 .hooknum = NF_INET_FORWARD,
5757 .priority = NF_IP_PRI_SELINUX_FIRST,
5758 },
5759 {
5760 .hook = selinux_ipv4_output,
5761 .owner = THIS_MODULE,
5762 .pf = PF_INET,
5763 .hooknum = NF_INET_LOCAL_OUT,
5764 .priority = NF_IP_PRI_SELINUX_FIRST,
5765 }
5766};
5767
5768#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5769
5770static struct nf_hook_ops selinux_ipv6_ops[] = {
5771 {
5772 .hook = selinux_ipv6_postroute,
5773 .owner = THIS_MODULE,
5774 .pf = PF_INET6,
5775 .hooknum = NF_INET_POST_ROUTING,
5776 .priority = NF_IP6_PRI_SELINUX_LAST,
5777 },
5778 {
5779 .hook = selinux_ipv6_forward,
5780 .owner = THIS_MODULE,
5781 .pf = PF_INET6,
5782 .hooknum = NF_INET_FORWARD,
5783 .priority = NF_IP6_PRI_SELINUX_FIRST,
5784 }
5785};
5786
5787#endif
5788
5789static int __init selinux_nf_ip_init(void)
5790{
5791 int err = 0;
5792
5793 if (!selinux_enabled)
5794 goto out;
5795
5796 printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
5797
5798 err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
5799 if (err)
5800 panic("SELinux: nf_register_hooks for IPv4: error %d\n", err);
5801
5802#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5803 err = nf_register_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
5804 if (err)
5805 panic("SELinux: nf_register_hooks for IPv6: error %d\n", err);
5806#endif
5807
5808out:
5809 return err;
5810}
5811
5812__initcall(selinux_nf_ip_init);
5813
5814#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5815static void selinux_nf_ip_exit(void)
5816{
5817 printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
5818
5819 nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
5820#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5821 nf_unregister_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
5822#endif
5823}
5824#endif
5825
5826#else
5827
5828#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5829#define selinux_nf_ip_exit()
5830#endif
5831
5832#endif
5833
5834#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5835static int selinux_disabled;
5836
5837int selinux_disable(void)
5838{
5839 extern void exit_sel_fs(void);
5840
5841 if (ss_initialized) {
5842
5843 return -EINVAL;
5844 }
5845
5846 if (selinux_disabled) {
5847
5848 return -EINVAL;
5849 }
5850
5851 printk(KERN_INFO "SELinux: Disabled at runtime.\n");
5852
5853 selinux_disabled = 1;
5854 selinux_enabled = 0;
5855
5856
5857 security_ops = secondary_ops;
5858
5859
5860 selinux_nf_ip_exit();
5861
5862
5863 exit_sel_fs();
5864
5865 return 0;
5866}
5867#endif
5868
