This source file includes following definitions.
- enforcing_setup
- selinux_enabled_setup
- checkreqprot_setup
- selinux_secmark_enabled
- selinux_peerlbl_enabled
- selinux_netcache_avc_callback
- selinux_lsm_notifier_avc_callback
- cred_init_security
- cred_sid
- task_sid
- inode_alloc_security
- __inode_security_revalidate
- inode_security_novalidate
- inode_security_rcu
- backing_inode_security_novalidate
- backing_inode_security
- inode_free_security
- file_alloc_security
- superblock_alloc_security
- superblock_free_security
- selinux_free_mnt_opts
- inode_doinit
- match_opt_prefix
- may_context_mount_sb_relabel
- may_context_mount_inode_relabel
- selinux_is_genfs_special_handling
- selinux_is_sblabel_mnt
- sb_finish_set_opts
- bad_option
- parse_sid
- selinux_set_mnt_opts
- selinux_cmp_sb_context
- selinux_sb_clone_mnt_opts
- selinux_add_opt
- selinux_add_mnt_opt
- show_sid
- selinux_sb_show_options
- inode_mode_to_security_class
- default_protocol_stream
- default_protocol_dgram
- socket_type_to_security_class
- selinux_genfs_get_sid
- inode_doinit_use_xattr
- inode_doinit_with_dentry
- signal_to_av
- cred_has_capability
- inode_has_perm
- dentry_has_perm
- path_has_perm
- file_path_has_perm
- file_has_perm
- selinux_determine_inode_label
- may_create
- may_link
- may_rename
- superblock_has_perm
- file_mask_to_av
- file_to_av
- open_file_to_av
- selinux_binder_set_context_mgr
- selinux_binder_transaction
- selinux_binder_transfer_binder
- selinux_binder_transfer_file
- selinux_ptrace_access_check
- selinux_ptrace_traceme
- selinux_capget
- selinux_capset
- selinux_capable
- selinux_quotactl
- selinux_quota_on
- selinux_syslog
- selinux_vm_enough_memory
- ptrace_parent_sid
- check_nnp_nosuid
- selinux_bprm_set_creds
- match_file
- flush_unauthorized_files
- selinux_bprm_committing_creds
- selinux_bprm_committed_creds
- selinux_sb_alloc_security
- selinux_sb_free_security
- opt_len
- selinux_sb_eat_lsm_opts
- selinux_sb_remount
- selinux_sb_kern_mount
- selinux_sb_statfs
- selinux_mount
- selinux_move_mount
- selinux_umount
- selinux_fs_context_dup
- selinux_fs_context_parse_param
- selinux_inode_alloc_security
- selinux_inode_free_security
- selinux_dentry_init_security
- selinux_dentry_create_files_as
- selinux_inode_init_security
- selinux_inode_create
- selinux_inode_link
- selinux_inode_unlink
- selinux_inode_symlink
- selinux_inode_mkdir
- selinux_inode_rmdir
- selinux_inode_mknod
- selinux_inode_rename
- selinux_inode_readlink
- selinux_inode_follow_link
- audit_inode_permission
- selinux_inode_permission
- selinux_inode_setattr
- selinux_inode_getattr
- has_cap_mac_admin
- selinux_inode_setxattr
- selinux_inode_post_setxattr
- selinux_inode_getxattr
- selinux_inode_listxattr
- selinux_inode_removexattr
- selinux_path_notify
- selinux_inode_getsecurity
- selinux_inode_setsecurity
- selinux_inode_listsecurity
- selinux_inode_getsecid
- selinux_inode_copy_up
- selinux_inode_copy_up_xattr
- selinux_kernfs_init_security
- selinux_revalidate_file_permission
- selinux_file_permission
- selinux_file_alloc_security
- ioctl_has_perm
- selinux_file_ioctl
- file_map_prot_check
- selinux_mmap_addr
- selinux_mmap_file
- selinux_file_mprotect
- selinux_file_lock
- selinux_file_fcntl
- selinux_file_set_fowner
- selinux_file_send_sigiotask
- selinux_file_receive
- selinux_file_open
- selinux_task_alloc
- selinux_cred_prepare
- selinux_cred_transfer
- selinux_cred_getsecid
- selinux_kernel_act_as
- selinux_kernel_create_files_as
- selinux_kernel_module_request
- selinux_kernel_module_from_file
- selinux_kernel_read_file
- selinux_kernel_load_data
- selinux_task_setpgid
- selinux_task_getpgid
- selinux_task_getsid
- selinux_task_getsecid
- selinux_task_setnice
- selinux_task_setioprio
- selinux_task_getioprio
- selinux_task_prlimit
- selinux_task_setrlimit
- selinux_task_setscheduler
- selinux_task_getscheduler
- selinux_task_movememory
- selinux_task_kill
- selinux_task_to_inode
- selinux_parse_skb_ipv4
- selinux_parse_skb_ipv6
- selinux_parse_skb
- selinux_skb_peerlbl_sid
- selinux_conn_sid
- socket_sockcreate_sid
- sock_has_perm
- selinux_socket_create
- selinux_socket_post_create
- selinux_socket_socketpair
- selinux_socket_bind
- selinux_socket_connect_helper
- selinux_socket_connect
- selinux_socket_listen
- selinux_socket_accept
- selinux_socket_sendmsg
- selinux_socket_recvmsg
- selinux_socket_getsockname
- selinux_socket_getpeername
- selinux_socket_setsockopt
- selinux_socket_getsockopt
- selinux_socket_shutdown
- selinux_socket_unix_stream_connect
- selinux_socket_unix_may_send
- selinux_inet_sys_rcv_skb
- selinux_sock_rcv_skb_compat
- selinux_socket_sock_rcv_skb
- selinux_socket_getpeersec_stream
- selinux_socket_getpeersec_dgram
- selinux_sk_alloc_security
- selinux_sk_free_security
- selinux_sk_clone_security
- selinux_sk_getsecid
- selinux_sock_graft
- selinux_sctp_assoc_request
- selinux_sctp_bind_connect
- selinux_sctp_sk_clone
- selinux_inet_conn_request
- selinux_inet_csk_clone
- selinux_inet_conn_established
- selinux_secmark_relabel_packet
- selinux_secmark_refcount_inc
- selinux_secmark_refcount_dec
- selinux_req_classify_flow
- selinux_tun_dev_alloc_security
- selinux_tun_dev_free_security
- selinux_tun_dev_create
- selinux_tun_dev_attach_queue
- selinux_tun_dev_attach
- selinux_tun_dev_open
- selinux_nlmsg_perm
- selinux_ip_forward
- selinux_ipv4_forward
- selinux_ipv6_forward
- selinux_ip_output
- selinux_ipv4_output
- selinux_ipv6_output
- selinux_ip_postroute_compat
- selinux_ip_postroute
- selinux_ipv4_postroute
- selinux_ipv6_postroute
- selinux_netlink_send
- ipc_init_security
- msg_msg_alloc_security
- ipc_has_perm
- selinux_msg_msg_alloc_security
- selinux_msg_queue_alloc_security
- selinux_msg_queue_associate
- selinux_msg_queue_msgctl
- selinux_msg_queue_msgsnd
- selinux_msg_queue_msgrcv
- selinux_shm_alloc_security
- selinux_shm_associate
- selinux_shm_shmctl
- selinux_shm_shmat
- selinux_sem_alloc_security
- selinux_sem_associate
- selinux_sem_semctl
- selinux_sem_semop
- selinux_ipc_permission
- selinux_ipc_getsecid
- selinux_d_instantiate
- selinux_getprocattr
- selinux_setprocattr
- selinux_ismaclabel
- selinux_secid_to_secctx
- selinux_secctx_to_secid
- selinux_release_secctx
- selinux_inode_invalidate_secctx
- selinux_inode_notifysecctx
- selinux_inode_setsecctx
- selinux_inode_getsecctx
- selinux_key_alloc
- selinux_key_free
- selinux_key_permission
- selinux_key_getsecurity
- selinux_ib_pkey_access
- selinux_ib_endport_manage_subnet
- selinux_ib_alloc_security
- selinux_ib_free_security
- selinux_bpf
- bpf_map_fmode_to_av
- bpf_fd_pass
- selinux_bpf_map
- selinux_bpf_prog
- selinux_bpf_map_alloc
- selinux_bpf_map_free
- selinux_bpf_prog_alloc
- selinux_bpf_prog_free
- selinux_init
- delayed_superblock_init
- selinux_complete_init
- selinux_nf_register
- selinux_nf_unregister
- selinux_nf_ip_init
- selinux_nf_ip_exit
- selinux_disable
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24 #include <linux/init.h>
25 #include <linux/kd.h>
26 #include <linux/kernel.h>
27 #include <linux/tracehook.h>
28 #include <linux/errno.h>
29 #include <linux/sched/signal.h>
30 #include <linux/sched/task.h>
31 #include <linux/lsm_hooks.h>
32 #include <linux/xattr.h>
33 #include <linux/capability.h>
34 #include <linux/unistd.h>
35 #include <linux/mm.h>
36 #include <linux/mman.h>
37 #include <linux/slab.h>
38 #include <linux/pagemap.h>
39 #include <linux/proc_fs.h>
40 #include <linux/swap.h>
41 #include <linux/spinlock.h>
42 #include <linux/syscalls.h>
43 #include <linux/dcache.h>
44 #include <linux/file.h>
45 #include <linux/fdtable.h>
46 #include <linux/namei.h>
47 #include <linux/mount.h>
48 #include <linux/fs_context.h>
49 #include <linux/fs_parser.h>
50 #include <linux/netfilter_ipv4.h>
51 #include <linux/netfilter_ipv6.h>
52 #include <linux/tty.h>
53 #include <net/icmp.h>
54 #include <net/ip.h>
55 #include <net/tcp.h>
56 #include <net/inet_connection_sock.h>
57 #include <net/net_namespace.h>
58 #include <net/netlabel.h>
59 #include <linux/uaccess.h>
60 #include <asm/ioctls.h>
61 #include <linux/atomic.h>
62 #include <linux/bitops.h>
63 #include <linux/interrupt.h>
64 #include <linux/netdevice.h>
65 #include <net/netlink.h>
66 #include <linux/tcp.h>
67 #include <linux/udp.h>
68 #include <linux/dccp.h>
69 #include <linux/sctp.h>
70 #include <net/sctp/structs.h>
71 #include <linux/quota.h>
72 #include <linux/un.h>
73 #include <net/af_unix.h>
74 #include <linux/parser.h>
75 #include <linux/nfs_mount.h>
76 #include <net/ipv6.h>
77 #include <linux/hugetlb.h>
78 #include <linux/personality.h>
79 #include <linux/audit.h>
80 #include <linux/string.h>
81 #include <linux/mutex.h>
82 #include <linux/posix-timers.h>
83 #include <linux/syslog.h>
84 #include <linux/user_namespace.h>
85 #include <linux/export.h>
86 #include <linux/msg.h>
87 #include <linux/shm.h>
88 #include <linux/bpf.h>
89 #include <linux/kernfs.h>
90 #include <linux/stringhash.h>
91 #include <uapi/linux/mount.h>
92 #include <linux/fsnotify.h>
93 #include <linux/fanotify.h>
94
95 #include "avc.h"
96 #include "objsec.h"
97 #include "netif.h"
98 #include "netnode.h"
99 #include "netport.h"
100 #include "ibpkey.h"
101 #include "xfrm.h"
102 #include "netlabel.h"
103 #include "audit.h"
104 #include "avc_ss.h"
105
106 struct selinux_state selinux_state;
107
108
109 static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
110
111 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
112 static int selinux_enforcing_boot;
113
114 static int __init enforcing_setup(char *str)
115 {
116 unsigned long enforcing;
117 if (!kstrtoul(str, 0, &enforcing))
118 selinux_enforcing_boot = enforcing ? 1 : 0;
119 return 1;
120 }
121 __setup("enforcing=", enforcing_setup);
122 #else
123 #define selinux_enforcing_boot 1
124 #endif
125
126 int selinux_enabled __lsm_ro_after_init = 1;
127 #ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
128 static int __init selinux_enabled_setup(char *str)
129 {
130 unsigned long enabled;
131 if (!kstrtoul(str, 0, &enabled))
132 selinux_enabled = enabled ? 1 : 0;
133 return 1;
134 }
135 __setup("selinux=", selinux_enabled_setup);
136 #endif
137
138 static unsigned int selinux_checkreqprot_boot =
139 CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE;
140
141 static int __init checkreqprot_setup(char *str)
142 {
143 unsigned long checkreqprot;
144
145 if (!kstrtoul(str, 0, &checkreqprot))
146 selinux_checkreqprot_boot = checkreqprot ? 1 : 0;
147 return 1;
148 }
149 __setup("checkreqprot=", checkreqprot_setup);
150
151
152
153
154
155
156
157
158
159
160
161
162 static int selinux_secmark_enabled(void)
163 {
164 return (selinux_policycap_alwaysnetwork() ||
165 atomic_read(&selinux_secmark_refcount));
166 }
167
168
169
170
171
172
173
174
175
176
177
178 static int selinux_peerlbl_enabled(void)
179 {
180 return (selinux_policycap_alwaysnetwork() ||
181 netlbl_enabled() || selinux_xfrm_enabled());
182 }
183
184 static int selinux_netcache_avc_callback(u32 event)
185 {
186 if (event == AVC_CALLBACK_RESET) {
187 sel_netif_flush();
188 sel_netnode_flush();
189 sel_netport_flush();
190 synchronize_net();
191 }
192 return 0;
193 }
194
195 static int selinux_lsm_notifier_avc_callback(u32 event)
196 {
197 if (event == AVC_CALLBACK_RESET) {
198 sel_ib_pkey_flush();
199 call_blocking_lsm_notifier(LSM_POLICY_CHANGE, NULL);
200 }
201
202 return 0;
203 }
204
205
206
207
208 static void cred_init_security(void)
209 {
210 struct cred *cred = (struct cred *) current->real_cred;
211 struct task_security_struct *tsec;
212
213 tsec = selinux_cred(cred);
214 tsec->osid = tsec->sid = SECINITSID_KERNEL;
215 }
216
217
218
219
220 static inline u32 cred_sid(const struct cred *cred)
221 {
222 const struct task_security_struct *tsec;
223
224 tsec = selinux_cred(cred);
225 return tsec->sid;
226 }
227
228
229
230
231 static inline u32 task_sid(const struct task_struct *task)
232 {
233 u32 sid;
234
235 rcu_read_lock();
236 sid = cred_sid(__task_cred(task));
237 rcu_read_unlock();
238 return sid;
239 }
240
241
242
243 static int inode_alloc_security(struct inode *inode)
244 {
245 struct inode_security_struct *isec = selinux_inode(inode);
246 u32 sid = current_sid();
247
248 spin_lock_init(&isec->lock);
249 INIT_LIST_HEAD(&isec->list);
250 isec->inode = inode;
251 isec->sid = SECINITSID_UNLABELED;
252 isec->sclass = SECCLASS_FILE;
253 isec->task_sid = sid;
254 isec->initialized = LABEL_INVALID;
255
256 return 0;
257 }
258
259 static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
260
261
262
263
264
265
266
267 static int __inode_security_revalidate(struct inode *inode,
268 struct dentry *dentry,
269 bool may_sleep)
270 {
271 struct inode_security_struct *isec = selinux_inode(inode);
272
273 might_sleep_if(may_sleep);
274
275 if (selinux_state.initialized &&
276 isec->initialized != LABEL_INITIALIZED) {
277 if (!may_sleep)
278 return -ECHILD;
279
280
281
282
283
284
285 inode_doinit_with_dentry(inode, dentry);
286 }
287 return 0;
288 }
289
290 static struct inode_security_struct *inode_security_novalidate(struct inode *inode)
291 {
292 return selinux_inode(inode);
293 }
294
295 static struct inode_security_struct *inode_security_rcu(struct inode *inode, bool rcu)
296 {
297 int error;
298
299 error = __inode_security_revalidate(inode, NULL, !rcu);
300 if (error)
301 return ERR_PTR(error);
302 return selinux_inode(inode);
303 }
304
305
306
307
308 static struct inode_security_struct *inode_security(struct inode *inode)
309 {
310 __inode_security_revalidate(inode, NULL, true);
311 return selinux_inode(inode);
312 }
313
314 static struct inode_security_struct *backing_inode_security_novalidate(struct dentry *dentry)
315 {
316 struct inode *inode = d_backing_inode(dentry);
317
318 return selinux_inode(inode);
319 }
320
321
322
323
324 static struct inode_security_struct *backing_inode_security(struct dentry *dentry)
325 {
326 struct inode *inode = d_backing_inode(dentry);
327
328 __inode_security_revalidate(inode, dentry, true);
329 return selinux_inode(inode);
330 }
331
332 static void inode_free_security(struct inode *inode)
333 {
334 struct inode_security_struct *isec = selinux_inode(inode);
335 struct superblock_security_struct *sbsec;
336
337 if (!isec)
338 return;
339 sbsec = inode->i_sb->s_security;
340
341
342
343
344
345
346
347
348
349
350 if (!list_empty_careful(&isec->list)) {
351 spin_lock(&sbsec->isec_lock);
352 list_del_init(&isec->list);
353 spin_unlock(&sbsec->isec_lock);
354 }
355 }
356
357 static int file_alloc_security(struct file *file)
358 {
359 struct file_security_struct *fsec = selinux_file(file);
360 u32 sid = current_sid();
361
362 fsec->sid = sid;
363 fsec->fown_sid = sid;
364
365 return 0;
366 }
367
368 static int superblock_alloc_security(struct super_block *sb)
369 {
370 struct superblock_security_struct *sbsec;
371
372 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
373 if (!sbsec)
374 return -ENOMEM;
375
376 mutex_init(&sbsec->lock);
377 INIT_LIST_HEAD(&sbsec->isec_head);
378 spin_lock_init(&sbsec->isec_lock);
379 sbsec->sb = sb;
380 sbsec->sid = SECINITSID_UNLABELED;
381 sbsec->def_sid = SECINITSID_FILE;
382 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
383 sb->s_security = sbsec;
384
385 return 0;
386 }
387
388 static void superblock_free_security(struct super_block *sb)
389 {
390 struct superblock_security_struct *sbsec = sb->s_security;
391 sb->s_security = NULL;
392 kfree(sbsec);
393 }
394
395 struct selinux_mnt_opts {
396 const char *fscontext, *context, *rootcontext, *defcontext;
397 };
398
399 static void selinux_free_mnt_opts(void *mnt_opts)
400 {
401 struct selinux_mnt_opts *opts = mnt_opts;
402 kfree(opts->fscontext);
403 kfree(opts->context);
404 kfree(opts->rootcontext);
405 kfree(opts->defcontext);
406 kfree(opts);
407 }
408
409 static inline int inode_doinit(struct inode *inode)
410 {
411 return inode_doinit_with_dentry(inode, NULL);
412 }
413
414 enum {
415 Opt_error = -1,
416 Opt_context = 0,
417 Opt_defcontext = 1,
418 Opt_fscontext = 2,
419 Opt_rootcontext = 3,
420 Opt_seclabel = 4,
421 };
422
423 #define A(s, has_arg) {#s, sizeof(#s) - 1, Opt_##s, has_arg}
424 static struct {
425 const char *name;
426 int len;
427 int opt;
428 bool has_arg;
429 } tokens[] = {
430 A(context, true),
431 A(fscontext, true),
432 A(defcontext, true),
433 A(rootcontext, true),
434 A(seclabel, false),
435 };
436 #undef A
437
438 static int match_opt_prefix(char *s, int l, char **arg)
439 {
440 int i;
441
442 for (i = 0; i < ARRAY_SIZE(tokens); i++) {
443 size_t len = tokens[i].len;
444 if (len > l || memcmp(s, tokens[i].name, len))
445 continue;
446 if (tokens[i].has_arg) {
447 if (len == l || s[len] != '=')
448 continue;
449 *arg = s + len + 1;
450 } else if (len != l)
451 continue;
452 return tokens[i].opt;
453 }
454 return Opt_error;
455 }
456
457 #define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
458
459 static int may_context_mount_sb_relabel(u32 sid,
460 struct superblock_security_struct *sbsec,
461 const struct cred *cred)
462 {
463 const struct task_security_struct *tsec = selinux_cred(cred);
464 int rc;
465
466 rc = avc_has_perm(&selinux_state,
467 tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
468 FILESYSTEM__RELABELFROM, NULL);
469 if (rc)
470 return rc;
471
472 rc = avc_has_perm(&selinux_state,
473 tsec->sid, sid, SECCLASS_FILESYSTEM,
474 FILESYSTEM__RELABELTO, NULL);
475 return rc;
476 }
477
478 static int may_context_mount_inode_relabel(u32 sid,
479 struct superblock_security_struct *sbsec,
480 const struct cred *cred)
481 {
482 const struct task_security_struct *tsec = selinux_cred(cred);
483 int rc;
484 rc = avc_has_perm(&selinux_state,
485 tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
486 FILESYSTEM__RELABELFROM, NULL);
487 if (rc)
488 return rc;
489
490 rc = avc_has_perm(&selinux_state,
491 sid, sbsec->sid, SECCLASS_FILESYSTEM,
492 FILESYSTEM__ASSOCIATE, NULL);
493 return rc;
494 }
495
496 static int selinux_is_genfs_special_handling(struct super_block *sb)
497 {
498
499 return !strcmp(sb->s_type->name, "sysfs") ||
500 !strcmp(sb->s_type->name, "pstore") ||
501 !strcmp(sb->s_type->name, "debugfs") ||
502 !strcmp(sb->s_type->name, "tracefs") ||
503 !strcmp(sb->s_type->name, "rootfs") ||
504 (selinux_policycap_cgroupseclabel() &&
505 (!strcmp(sb->s_type->name, "cgroup") ||
506 !strcmp(sb->s_type->name, "cgroup2")));
507 }
508
509 static int selinux_is_sblabel_mnt(struct super_block *sb)
510 {
511 struct superblock_security_struct *sbsec = sb->s_security;
512
513
514
515
516
517 BUILD_BUG_ON(SECURITY_FS_USE_MAX != 7);
518
519 switch (sbsec->behavior) {
520 case SECURITY_FS_USE_XATTR:
521 case SECURITY_FS_USE_TRANS:
522 case SECURITY_FS_USE_TASK:
523 case SECURITY_FS_USE_NATIVE:
524 return 1;
525
526 case SECURITY_FS_USE_GENFS:
527 return selinux_is_genfs_special_handling(sb);
528
529
530 case SECURITY_FS_USE_MNTPOINT:
531 case SECURITY_FS_USE_NONE:
532 default:
533 return 0;
534 }
535 }
536
537 static int sb_finish_set_opts(struct super_block *sb)
538 {
539 struct superblock_security_struct *sbsec = sb->s_security;
540 struct dentry *root = sb->s_root;
541 struct inode *root_inode = d_backing_inode(root);
542 int rc = 0;
543
544 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
545
546
547
548
549
550 if (!(root_inode->i_opflags & IOP_XATTR)) {
551 pr_warn("SELinux: (dev %s, type %s) has no "
552 "xattr support\n", sb->s_id, sb->s_type->name);
553 rc = -EOPNOTSUPP;
554 goto out;
555 }
556
557 rc = __vfs_getxattr(root, root_inode, XATTR_NAME_SELINUX, NULL, 0);
558 if (rc < 0 && rc != -ENODATA) {
559 if (rc == -EOPNOTSUPP)
560 pr_warn("SELinux: (dev %s, type "
561 "%s) has no security xattr handler\n",
562 sb->s_id, sb->s_type->name);
563 else
564 pr_warn("SELinux: (dev %s, type "
565 "%s) getxattr errno %d\n", sb->s_id,
566 sb->s_type->name, -rc);
567 goto out;
568 }
569 }
570
571 sbsec->flags |= SE_SBINITIALIZED;
572
573
574
575
576
577
578 if (selinux_is_sblabel_mnt(sb))
579 sbsec->flags |= SBLABEL_MNT;
580 else
581 sbsec->flags &= ~SBLABEL_MNT;
582
583
584 rc = inode_doinit_with_dentry(root_inode, root);
585
586
587
588
589
590 spin_lock(&sbsec->isec_lock);
591 while (!list_empty(&sbsec->isec_head)) {
592 struct inode_security_struct *isec =
593 list_first_entry(&sbsec->isec_head,
594 struct inode_security_struct, list);
595 struct inode *inode = isec->inode;
596 list_del_init(&isec->list);
597 spin_unlock(&sbsec->isec_lock);
598 inode = igrab(inode);
599 if (inode) {
600 if (!IS_PRIVATE(inode))
601 inode_doinit(inode);
602 iput(inode);
603 }
604 spin_lock(&sbsec->isec_lock);
605 }
606 spin_unlock(&sbsec->isec_lock);
607 out:
608 return rc;
609 }
610
611 static int bad_option(struct superblock_security_struct *sbsec, char flag,
612 u32 old_sid, u32 new_sid)
613 {
614 char mnt_flags = sbsec->flags & SE_MNTMASK;
615
616
617 if (sbsec->flags & SE_SBINITIALIZED)
618 if (!(sbsec->flags & flag) ||
619 (old_sid != new_sid))
620 return 1;
621
622
623
624
625 if (!(sbsec->flags & SE_SBINITIALIZED))
626 if (mnt_flags & flag)
627 return 1;
628 return 0;
629 }
630
631 static int parse_sid(struct super_block *sb, const char *s, u32 *sid)
632 {
633 int rc = security_context_str_to_sid(&selinux_state, s,
634 sid, GFP_KERNEL);
635 if (rc)
636 pr_warn("SELinux: security_context_str_to_sid"
637 "(%s) failed for (dev %s, type %s) errno=%d\n",
638 s, sb->s_id, sb->s_type->name, rc);
639 return rc;
640 }
641
642
643
644
645
646 static int selinux_set_mnt_opts(struct super_block *sb,
647 void *mnt_opts,
648 unsigned long kern_flags,
649 unsigned long *set_kern_flags)
650 {
651 const struct cred *cred = current_cred();
652 struct superblock_security_struct *sbsec = sb->s_security;
653 struct dentry *root = sbsec->sb->s_root;
654 struct selinux_mnt_opts *opts = mnt_opts;
655 struct inode_security_struct *root_isec;
656 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
657 u32 defcontext_sid = 0;
658 int rc = 0;
659
660 mutex_lock(&sbsec->lock);
661
662 if (!selinux_state.initialized) {
663 if (!opts) {
664
665
666
667 goto out;
668 }
669 rc = -EINVAL;
670 pr_warn("SELinux: Unable to set superblock options "
671 "before the security server is initialized\n");
672 goto out;
673 }
674 if (kern_flags && !set_kern_flags) {
675
676
677 rc = -EINVAL;
678 goto out;
679 }
680
681
682
683
684
685
686
687
688
689
690
691
692 if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
693 && !opts)
694 goto out;
695
696 root_isec = backing_inode_security_novalidate(root);
697
698
699
700
701
702
703 if (opts) {
704 if (opts->fscontext) {
705 rc = parse_sid(sb, opts->fscontext, &fscontext_sid);
706 if (rc)
707 goto out;
708 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
709 fscontext_sid))
710 goto out_double_mount;
711 sbsec->flags |= FSCONTEXT_MNT;
712 }
713 if (opts->context) {
714 rc = parse_sid(sb, opts->context, &context_sid);
715 if (rc)
716 goto out;
717 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
718 context_sid))
719 goto out_double_mount;
720 sbsec->flags |= CONTEXT_MNT;
721 }
722 if (opts->rootcontext) {
723 rc = parse_sid(sb, opts->rootcontext, &rootcontext_sid);
724 if (rc)
725 goto out;
726 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
727 rootcontext_sid))
728 goto out_double_mount;
729 sbsec->flags |= ROOTCONTEXT_MNT;
730 }
731 if (opts->defcontext) {
732 rc = parse_sid(sb, opts->defcontext, &defcontext_sid);
733 if (rc)
734 goto out;
735 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
736 defcontext_sid))
737 goto out_double_mount;
738 sbsec->flags |= DEFCONTEXT_MNT;
739 }
740 }
741
742 if (sbsec->flags & SE_SBINITIALIZED) {
743
744 if ((sbsec->flags & SE_MNTMASK) && !opts)
745 goto out_double_mount;
746 rc = 0;
747 goto out;
748 }
749
750 if (strcmp(sb->s_type->name, "proc") == 0)
751 sbsec->flags |= SE_SBPROC | SE_SBGENFS;
752
753 if (!strcmp(sb->s_type->name, "debugfs") ||
754 !strcmp(sb->s_type->name, "tracefs") ||
755 !strcmp(sb->s_type->name, "pstore"))
756 sbsec->flags |= SE_SBGENFS;
757
758 if (!strcmp(sb->s_type->name, "sysfs") ||
759 !strcmp(sb->s_type->name, "cgroup") ||
760 !strcmp(sb->s_type->name, "cgroup2"))
761 sbsec->flags |= SE_SBGENFS | SE_SBGENFS_XATTR;
762
763 if (!sbsec->behavior) {
764
765
766
767
768 rc = security_fs_use(&selinux_state, sb);
769 if (rc) {
770 pr_warn("%s: security_fs_use(%s) returned %d\n",
771 __func__, sb->s_type->name, rc);
772 goto out;
773 }
774 }
775
776
777
778
779
780
781 if (sb->s_user_ns != &init_user_ns &&
782 strcmp(sb->s_type->name, "tmpfs") &&
783 strcmp(sb->s_type->name, "ramfs") &&
784 strcmp(sb->s_type->name, "devpts")) {
785 if (context_sid || fscontext_sid || rootcontext_sid ||
786 defcontext_sid) {
787 rc = -EACCES;
788 goto out;
789 }
790 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
791 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
792 rc = security_transition_sid(&selinux_state,
793 current_sid(),
794 current_sid(),
795 SECCLASS_FILE, NULL,
796 &sbsec->mntpoint_sid);
797 if (rc)
798 goto out;
799 }
800 goto out_set_opts;
801 }
802
803
804 if (fscontext_sid) {
805 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
806 if (rc)
807 goto out;
808
809 sbsec->sid = fscontext_sid;
810 }
811
812
813
814
815
816
817 if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !context_sid) {
818 sbsec->behavior = SECURITY_FS_USE_NATIVE;
819 *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
820 }
821
822 if (context_sid) {
823 if (!fscontext_sid) {
824 rc = may_context_mount_sb_relabel(context_sid, sbsec,
825 cred);
826 if (rc)
827 goto out;
828 sbsec->sid = context_sid;
829 } else {
830 rc = may_context_mount_inode_relabel(context_sid, sbsec,
831 cred);
832 if (rc)
833 goto out;
834 }
835 if (!rootcontext_sid)
836 rootcontext_sid = context_sid;
837
838 sbsec->mntpoint_sid = context_sid;
839 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
840 }
841
842 if (rootcontext_sid) {
843 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
844 cred);
845 if (rc)
846 goto out;
847
848 root_isec->sid = rootcontext_sid;
849 root_isec->initialized = LABEL_INITIALIZED;
850 }
851
852 if (defcontext_sid) {
853 if (sbsec->behavior != SECURITY_FS_USE_XATTR &&
854 sbsec->behavior != SECURITY_FS_USE_NATIVE) {
855 rc = -EINVAL;
856 pr_warn("SELinux: defcontext option is "
857 "invalid for this filesystem type\n");
858 goto out;
859 }
860
861 if (defcontext_sid != sbsec->def_sid) {
862 rc = may_context_mount_inode_relabel(defcontext_sid,
863 sbsec, cred);
864 if (rc)
865 goto out;
866 }
867
868 sbsec->def_sid = defcontext_sid;
869 }
870
871 out_set_opts:
872 rc = sb_finish_set_opts(sb);
873 out:
874 mutex_unlock(&sbsec->lock);
875 return rc;
876 out_double_mount:
877 rc = -EINVAL;
878 pr_warn("SELinux: mount invalid. Same superblock, different "
879 "security settings for (dev %s, type %s)\n", sb->s_id,
880 sb->s_type->name);
881 goto out;
882 }
883
884 static int selinux_cmp_sb_context(const struct super_block *oldsb,
885 const struct super_block *newsb)
886 {
887 struct superblock_security_struct *old = oldsb->s_security;
888 struct superblock_security_struct *new = newsb->s_security;
889 char oldflags = old->flags & SE_MNTMASK;
890 char newflags = new->flags & SE_MNTMASK;
891
892 if (oldflags != newflags)
893 goto mismatch;
894 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid)
895 goto mismatch;
896 if ((oldflags & CONTEXT_MNT) && old->mntpoint_sid != new->mntpoint_sid)
897 goto mismatch;
898 if ((oldflags & DEFCONTEXT_MNT) && old->def_sid != new->def_sid)
899 goto mismatch;
900 if (oldflags & ROOTCONTEXT_MNT) {
901 struct inode_security_struct *oldroot = backing_inode_security(oldsb->s_root);
902 struct inode_security_struct *newroot = backing_inode_security(newsb->s_root);
903 if (oldroot->sid != newroot->sid)
904 goto mismatch;
905 }
906 return 0;
907 mismatch:
908 pr_warn("SELinux: mount invalid. Same superblock, "
909 "different security settings for (dev %s, "
910 "type %s)\n", newsb->s_id, newsb->s_type->name);
911 return -EBUSY;
912 }
913
914 static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
915 struct super_block *newsb,
916 unsigned long kern_flags,
917 unsigned long *set_kern_flags)
918 {
919 int rc = 0;
920 const struct superblock_security_struct *oldsbsec = oldsb->s_security;
921 struct superblock_security_struct *newsbsec = newsb->s_security;
922
923 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
924 int set_context = (oldsbsec->flags & CONTEXT_MNT);
925 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
926
927
928
929
930
931 if (!selinux_state.initialized)
932 return 0;
933
934
935
936
937
938 if (kern_flags && !set_kern_flags)
939 return -EINVAL;
940
941
942 BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
943
944
945 if (newsbsec->flags & SE_SBINITIALIZED) {
946 if ((kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context)
947 *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
948 return selinux_cmp_sb_context(oldsb, newsb);
949 }
950
951 mutex_lock(&newsbsec->lock);
952
953 newsbsec->flags = oldsbsec->flags;
954
955 newsbsec->sid = oldsbsec->sid;
956 newsbsec->def_sid = oldsbsec->def_sid;
957 newsbsec->behavior = oldsbsec->behavior;
958
959 if (newsbsec->behavior == SECURITY_FS_USE_NATIVE &&
960 !(kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context) {
961 rc = security_fs_use(&selinux_state, newsb);
962 if (rc)
963 goto out;
964 }
965
966 if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !set_context) {
967 newsbsec->behavior = SECURITY_FS_USE_NATIVE;
968 *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
969 }
970
971 if (set_context) {
972 u32 sid = oldsbsec->mntpoint_sid;
973
974 if (!set_fscontext)
975 newsbsec->sid = sid;
976 if (!set_rootcontext) {
977 struct inode_security_struct *newisec = backing_inode_security(newsb->s_root);
978 newisec->sid = sid;
979 }
980 newsbsec->mntpoint_sid = sid;
981 }
982 if (set_rootcontext) {
983 const struct inode_security_struct *oldisec = backing_inode_security(oldsb->s_root);
984 struct inode_security_struct *newisec = backing_inode_security(newsb->s_root);
985
986 newisec->sid = oldisec->sid;
987 }
988
989 sb_finish_set_opts(newsb);
990 out:
991 mutex_unlock(&newsbsec->lock);
992 return rc;
993 }
994
995 static int selinux_add_opt(int token, const char *s, void **mnt_opts)
996 {
997 struct selinux_mnt_opts *opts = *mnt_opts;
998
999 if (token == Opt_seclabel)
1000 return 0;
1001
1002 if (!opts) {
1003 opts = kzalloc(sizeof(struct selinux_mnt_opts), GFP_KERNEL);
1004 if (!opts)
1005 return -ENOMEM;
1006 *mnt_opts = opts;
1007 }
1008 if (!s)
1009 return -ENOMEM;
1010 switch (token) {
1011 case Opt_context:
1012 if (opts->context || opts->defcontext)
1013 goto Einval;
1014 opts->context = s;
1015 break;
1016 case Opt_fscontext:
1017 if (opts->fscontext)
1018 goto Einval;
1019 opts->fscontext = s;
1020 break;
1021 case Opt_rootcontext:
1022 if (opts->rootcontext)
1023 goto Einval;
1024 opts->rootcontext = s;
1025 break;
1026 case Opt_defcontext:
1027 if (opts->context || opts->defcontext)
1028 goto Einval;
1029 opts->defcontext = s;
1030 break;
1031 }
1032 return 0;
1033 Einval:
1034 pr_warn(SEL_MOUNT_FAIL_MSG);
1035 return -EINVAL;
1036 }
1037
1038 static int selinux_add_mnt_opt(const char *option, const char *val, int len,
1039 void **mnt_opts)
1040 {
1041 int token = Opt_error;
1042 int rc, i;
1043
1044 for (i = 0; i < ARRAY_SIZE(tokens); i++) {
1045 if (strcmp(option, tokens[i].name) == 0) {
1046 token = tokens[i].opt;
1047 break;
1048 }
1049 }
1050
1051 if (token == Opt_error)
1052 return -EINVAL;
1053
1054 if (token != Opt_seclabel) {
1055 val = kmemdup_nul(val, len, GFP_KERNEL);
1056 if (!val) {
1057 rc = -ENOMEM;
1058 goto free_opt;
1059 }
1060 }
1061 rc = selinux_add_opt(token, val, mnt_opts);
1062 if (unlikely(rc)) {
1063 kfree(val);
1064 goto free_opt;
1065 }
1066 return rc;
1067
1068 free_opt:
1069 if (*mnt_opts) {
1070 selinux_free_mnt_opts(*mnt_opts);
1071 *mnt_opts = NULL;
1072 }
1073 return rc;
1074 }
1075
1076 static int show_sid(struct seq_file *m, u32 sid)
1077 {
1078 char *context = NULL;
1079 u32 len;
1080 int rc;
1081
1082 rc = security_sid_to_context(&selinux_state, sid,
1083 &context, &len);
1084 if (!rc) {
1085 bool has_comma = context && strchr(context, ',');
1086
1087 seq_putc(m, '=');
1088 if (has_comma)
1089 seq_putc(m, '\"');
1090 seq_escape(m, context, "\"\n\\");
1091 if (has_comma)
1092 seq_putc(m, '\"');
1093 }
1094 kfree(context);
1095 return rc;
1096 }
1097
1098 static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
1099 {
1100 struct superblock_security_struct *sbsec = sb->s_security;
1101 int rc;
1102
1103 if (!(sbsec->flags & SE_SBINITIALIZED))
1104 return 0;
1105
1106 if (!selinux_state.initialized)
1107 return 0;
1108
1109 if (sbsec->flags & FSCONTEXT_MNT) {
1110 seq_putc(m, ',');
1111 seq_puts(m, FSCONTEXT_STR);
1112 rc = show_sid(m, sbsec->sid);
1113 if (rc)
1114 return rc;
1115 }
1116 if (sbsec->flags & CONTEXT_MNT) {
1117 seq_putc(m, ',');
1118 seq_puts(m, CONTEXT_STR);
1119 rc = show_sid(m, sbsec->mntpoint_sid);
1120 if (rc)
1121 return rc;
1122 }
1123 if (sbsec->flags & DEFCONTEXT_MNT) {
1124 seq_putc(m, ',');
1125 seq_puts(m, DEFCONTEXT_STR);
1126 rc = show_sid(m, sbsec->def_sid);
1127 if (rc)
1128 return rc;
1129 }
1130 if (sbsec->flags & ROOTCONTEXT_MNT) {
1131 struct dentry *root = sbsec->sb->s_root;
1132 struct inode_security_struct *isec = backing_inode_security(root);
1133 seq_putc(m, ',');
1134 seq_puts(m, ROOTCONTEXT_STR);
1135 rc = show_sid(m, isec->sid);
1136 if (rc)
1137 return rc;
1138 }
1139 if (sbsec->flags & SBLABEL_MNT) {
1140 seq_putc(m, ',');
1141 seq_puts(m, SECLABEL_STR);
1142 }
1143 return 0;
1144 }
1145
1146 static inline u16 inode_mode_to_security_class(umode_t mode)
1147 {
1148 switch (mode & S_IFMT) {
1149 case S_IFSOCK:
1150 return SECCLASS_SOCK_FILE;
1151 case S_IFLNK:
1152 return SECCLASS_LNK_FILE;
1153 case S_IFREG:
1154 return SECCLASS_FILE;
1155 case S_IFBLK:
1156 return SECCLASS_BLK_FILE;
1157 case S_IFDIR:
1158 return SECCLASS_DIR;
1159 case S_IFCHR:
1160 return SECCLASS_CHR_FILE;
1161 case S_IFIFO:
1162 return SECCLASS_FIFO_FILE;
1163
1164 }
1165
1166 return SECCLASS_FILE;
1167 }
1168
1169 static inline int default_protocol_stream(int protocol)
1170 {
1171 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
1172 }
1173
1174 static inline int default_protocol_dgram(int protocol)
1175 {
1176 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
1177 }
1178
1179 static inline u16 socket_type_to_security_class(int family, int type, int protocol)
1180 {
1181 int extsockclass = selinux_policycap_extsockclass();
1182
1183 switch (family) {
1184 case PF_UNIX:
1185 switch (type) {
1186 case SOCK_STREAM:
1187 case SOCK_SEQPACKET:
1188 return SECCLASS_UNIX_STREAM_SOCKET;
1189 case SOCK_DGRAM:
1190 case SOCK_RAW:
1191 return SECCLASS_UNIX_DGRAM_SOCKET;
1192 }
1193 break;
1194 case PF_INET:
1195 case PF_INET6:
1196 switch (type) {
1197 case SOCK_STREAM:
1198 case SOCK_SEQPACKET:
1199 if (default_protocol_stream(protocol))
1200 return SECCLASS_TCP_SOCKET;
1201 else if (extsockclass && protocol == IPPROTO_SCTP)
1202 return SECCLASS_SCTP_SOCKET;
1203 else
1204 return SECCLASS_RAWIP_SOCKET;
1205 case SOCK_DGRAM:
1206 if (default_protocol_dgram(protocol))
1207 return SECCLASS_UDP_SOCKET;
1208 else if (extsockclass && (protocol == IPPROTO_ICMP ||
1209 protocol == IPPROTO_ICMPV6))
1210 return SECCLASS_ICMP_SOCKET;
1211 else
1212 return SECCLASS_RAWIP_SOCKET;
1213 case SOCK_DCCP:
1214 return SECCLASS_DCCP_SOCKET;
1215 default:
1216 return SECCLASS_RAWIP_SOCKET;
1217 }
1218 break;
1219 case PF_NETLINK:
1220 switch (protocol) {
1221 case NETLINK_ROUTE:
1222 return SECCLASS_NETLINK_ROUTE_SOCKET;
1223 case NETLINK_SOCK_DIAG:
1224 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
1225 case NETLINK_NFLOG:
1226 return SECCLASS_NETLINK_NFLOG_SOCKET;
1227 case NETLINK_XFRM:
1228 return SECCLASS_NETLINK_XFRM_SOCKET;
1229 case NETLINK_SELINUX:
1230 return SECCLASS_NETLINK_SELINUX_SOCKET;
1231 case NETLINK_ISCSI:
1232 return SECCLASS_NETLINK_ISCSI_SOCKET;
1233 case NETLINK_AUDIT:
1234 return SECCLASS_NETLINK_AUDIT_SOCKET;
1235 case NETLINK_FIB_LOOKUP:
1236 return SECCLASS_NETLINK_FIB_LOOKUP_SOCKET;
1237 case NETLINK_CONNECTOR:
1238 return SECCLASS_NETLINK_CONNECTOR_SOCKET;
1239 case NETLINK_NETFILTER:
1240 return SECCLASS_NETLINK_NETFILTER_SOCKET;
1241 case NETLINK_DNRTMSG:
1242 return SECCLASS_NETLINK_DNRT_SOCKET;
1243 case NETLINK_KOBJECT_UEVENT:
1244 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
1245 case NETLINK_GENERIC:
1246 return SECCLASS_NETLINK_GENERIC_SOCKET;
1247 case NETLINK_SCSITRANSPORT:
1248 return SECCLASS_NETLINK_SCSITRANSPORT_SOCKET;
1249 case NETLINK_RDMA:
1250 return SECCLASS_NETLINK_RDMA_SOCKET;
1251 case NETLINK_CRYPTO:
1252 return SECCLASS_NETLINK_CRYPTO_SOCKET;
1253 default:
1254 return SECCLASS_NETLINK_SOCKET;
1255 }
1256 case PF_PACKET:
1257 return SECCLASS_PACKET_SOCKET;
1258 case PF_KEY:
1259 return SECCLASS_KEY_SOCKET;
1260 case PF_APPLETALK:
1261 return SECCLASS_APPLETALK_SOCKET;
1262 }
1263
1264 if (extsockclass) {
1265 switch (family) {
1266 case PF_AX25:
1267 return SECCLASS_AX25_SOCKET;
1268 case PF_IPX:
1269 return SECCLASS_IPX_SOCKET;
1270 case PF_NETROM:
1271 return SECCLASS_NETROM_SOCKET;
1272 case PF_ATMPVC:
1273 return SECCLASS_ATMPVC_SOCKET;
1274 case PF_X25:
1275 return SECCLASS_X25_SOCKET;
1276 case PF_ROSE:
1277 return SECCLASS_ROSE_SOCKET;
1278 case PF_DECnet:
1279 return SECCLASS_DECNET_SOCKET;
1280 case PF_ATMSVC:
1281 return SECCLASS_ATMSVC_SOCKET;
1282 case PF_RDS:
1283 return SECCLASS_RDS_SOCKET;
1284 case PF_IRDA:
1285 return SECCLASS_IRDA_SOCKET;
1286 case PF_PPPOX:
1287 return SECCLASS_PPPOX_SOCKET;
1288 case PF_LLC:
1289 return SECCLASS_LLC_SOCKET;
1290 case PF_CAN:
1291 return SECCLASS_CAN_SOCKET;
1292 case PF_TIPC:
1293 return SECCLASS_TIPC_SOCKET;
1294 case PF_BLUETOOTH:
1295 return SECCLASS_BLUETOOTH_SOCKET;
1296 case PF_IUCV:
1297 return SECCLASS_IUCV_SOCKET;
1298 case PF_RXRPC:
1299 return SECCLASS_RXRPC_SOCKET;
1300 case PF_ISDN:
1301 return SECCLASS_ISDN_SOCKET;
1302 case PF_PHONET:
1303 return SECCLASS_PHONET_SOCKET;
1304 case PF_IEEE802154:
1305 return SECCLASS_IEEE802154_SOCKET;
1306 case PF_CAIF:
1307 return SECCLASS_CAIF_SOCKET;
1308 case PF_ALG:
1309 return SECCLASS_ALG_SOCKET;
1310 case PF_NFC:
1311 return SECCLASS_NFC_SOCKET;
1312 case PF_VSOCK:
1313 return SECCLASS_VSOCK_SOCKET;
1314 case PF_KCM:
1315 return SECCLASS_KCM_SOCKET;
1316 case PF_QIPCRTR:
1317 return SECCLASS_QIPCRTR_SOCKET;
1318 case PF_SMC:
1319 return SECCLASS_SMC_SOCKET;
1320 case PF_XDP:
1321 return SECCLASS_XDP_SOCKET;
1322 #if PF_MAX > 45
1323 #error New address family defined, please update this function.
1324 #endif
1325 }
1326 }
1327
1328 return SECCLASS_SOCKET;
1329 }
1330
1331 static int selinux_genfs_get_sid(struct dentry *dentry,
1332 u16 tclass,
1333 u16 flags,
1334 u32 *sid)
1335 {
1336 int rc;
1337 struct super_block *sb = dentry->d_sb;
1338 char *buffer, *path;
1339
1340 buffer = (char *)__get_free_page(GFP_KERNEL);
1341 if (!buffer)
1342 return -ENOMEM;
1343
1344 path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
1345 if (IS_ERR(path))
1346 rc = PTR_ERR(path);
1347 else {
1348 if (flags & SE_SBPROC) {
1349
1350
1351
1352 while (path[1] >= '0' && path[1] <= '9') {
1353 path[1] = '/';
1354 path++;
1355 }
1356 }
1357 rc = security_genfs_sid(&selinux_state, sb->s_type->name,
1358 path, tclass, sid);
1359 if (rc == -ENOENT) {
1360
1361 *sid = SECINITSID_UNLABELED;
1362 rc = 0;
1363 }
1364 }
1365 free_page((unsigned long)buffer);
1366 return rc;
1367 }
1368
1369 static int inode_doinit_use_xattr(struct inode *inode, struct dentry *dentry,
1370 u32 def_sid, u32 *sid)
1371 {
1372 #define INITCONTEXTLEN 255
1373 char *context;
1374 unsigned int len;
1375 int rc;
1376
1377 len = INITCONTEXTLEN;
1378 context = kmalloc(len + 1, GFP_NOFS);
1379 if (!context)
1380 return -ENOMEM;
1381
1382 context[len] = '\0';
1383 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, context, len);
1384 if (rc == -ERANGE) {
1385 kfree(context);
1386
1387
1388 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, NULL, 0);
1389 if (rc < 0)
1390 return rc;
1391
1392 len = rc;
1393 context = kmalloc(len + 1, GFP_NOFS);
1394 if (!context)
1395 return -ENOMEM;
1396
1397 context[len] = '\0';
1398 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX,
1399 context, len);
1400 }
1401 if (rc < 0) {
1402 kfree(context);
1403 if (rc != -ENODATA) {
1404 pr_warn("SELinux: %s: getxattr returned %d for dev=%s ino=%ld\n",
1405 __func__, -rc, inode->i_sb->s_id, inode->i_ino);
1406 return rc;
1407 }
1408 *sid = def_sid;
1409 return 0;
1410 }
1411
1412 rc = security_context_to_sid_default(&selinux_state, context, rc, sid,
1413 def_sid, GFP_NOFS);
1414 if (rc) {
1415 char *dev = inode->i_sb->s_id;
1416 unsigned long ino = inode->i_ino;
1417
1418 if (rc == -EINVAL) {
1419 pr_notice_ratelimited("SELinux: inode=%lu on dev=%s was found to have an invalid context=%s. This indicates you may need to relabel the inode or the filesystem in question.\n",
1420 ino, dev, context);
1421 } else {
1422 pr_warn("SELinux: %s: context_to_sid(%s) returned %d for dev=%s ino=%ld\n",
1423 __func__, context, -rc, dev, ino);
1424 }
1425 }
1426 kfree(context);
1427 return 0;
1428 }
1429
1430
1431 static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1432 {
1433 struct superblock_security_struct *sbsec = NULL;
1434 struct inode_security_struct *isec = selinux_inode(inode);
1435 u32 task_sid, sid = 0;
1436 u16 sclass;
1437 struct dentry *dentry;
1438 int rc = 0;
1439
1440 if (isec->initialized == LABEL_INITIALIZED)
1441 return 0;
1442
1443 spin_lock(&isec->lock);
1444 if (isec->initialized == LABEL_INITIALIZED)
1445 goto out_unlock;
1446
1447 if (isec->sclass == SECCLASS_FILE)
1448 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1449
1450 sbsec = inode->i_sb->s_security;
1451 if (!(sbsec->flags & SE_SBINITIALIZED)) {
1452
1453
1454
1455 spin_lock(&sbsec->isec_lock);
1456 if (list_empty(&isec->list))
1457 list_add(&isec->list, &sbsec->isec_head);
1458 spin_unlock(&sbsec->isec_lock);
1459 goto out_unlock;
1460 }
1461
1462 sclass = isec->sclass;
1463 task_sid = isec->task_sid;
1464 sid = isec->sid;
1465 isec->initialized = LABEL_PENDING;
1466 spin_unlock(&isec->lock);
1467
1468 switch (sbsec->behavior) {
1469 case SECURITY_FS_USE_NATIVE:
1470 break;
1471 case SECURITY_FS_USE_XATTR:
1472 if (!(inode->i_opflags & IOP_XATTR)) {
1473 sid = sbsec->def_sid;
1474 break;
1475 }
1476
1477
1478 if (opt_dentry) {
1479
1480 dentry = dget(opt_dentry);
1481 } else {
1482
1483
1484
1485
1486
1487
1488 dentry = d_find_alias(inode);
1489 if (!dentry)
1490 dentry = d_find_any_alias(inode);
1491 }
1492 if (!dentry) {
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502 goto out;
1503 }
1504
1505 rc = inode_doinit_use_xattr(inode, dentry, sbsec->def_sid,
1506 &sid);
1507 dput(dentry);
1508 if (rc)
1509 goto out;
1510 break;
1511 case SECURITY_FS_USE_TASK:
1512 sid = task_sid;
1513 break;
1514 case SECURITY_FS_USE_TRANS:
1515
1516 sid = sbsec->sid;
1517
1518
1519 rc = security_transition_sid(&selinux_state, task_sid, sid,
1520 sclass, NULL, &sid);
1521 if (rc)
1522 goto out;
1523 break;
1524 case SECURITY_FS_USE_MNTPOINT:
1525 sid = sbsec->mntpoint_sid;
1526 break;
1527 default:
1528
1529 sid = sbsec->sid;
1530
1531 if ((sbsec->flags & SE_SBGENFS) && !S_ISLNK(inode->i_mode)) {
1532
1533
1534 if (opt_dentry) {
1535
1536
1537 dentry = dget(opt_dentry);
1538 } else {
1539
1540
1541
1542
1543 dentry = d_find_alias(inode);
1544 if (!dentry)
1545 dentry = d_find_any_alias(inode);
1546 }
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556 if (!dentry)
1557 goto out;
1558 rc = selinux_genfs_get_sid(dentry, sclass,
1559 sbsec->flags, &sid);
1560 if (rc) {
1561 dput(dentry);
1562 goto out;
1563 }
1564
1565 if ((sbsec->flags & SE_SBGENFS_XATTR) &&
1566 (inode->i_opflags & IOP_XATTR)) {
1567 rc = inode_doinit_use_xattr(inode, dentry,
1568 sid, &sid);
1569 if (rc) {
1570 dput(dentry);
1571 goto out;
1572 }
1573 }
1574 dput(dentry);
1575 }
1576 break;
1577 }
1578
1579 out:
1580 spin_lock(&isec->lock);
1581 if (isec->initialized == LABEL_PENDING) {
1582 if (!sid || rc) {
1583 isec->initialized = LABEL_INVALID;
1584 goto out_unlock;
1585 }
1586
1587 isec->initialized = LABEL_INITIALIZED;
1588 isec->sid = sid;
1589 }
1590
1591 out_unlock:
1592 spin_unlock(&isec->lock);
1593 return rc;
1594 }
1595
1596
1597 static inline u32 signal_to_av(int sig)
1598 {
1599 u32 perm = 0;
1600
1601 switch (sig) {
1602 case SIGCHLD:
1603
1604 perm = PROCESS__SIGCHLD;
1605 break;
1606 case SIGKILL:
1607
1608 perm = PROCESS__SIGKILL;
1609 break;
1610 case SIGSTOP:
1611
1612 perm = PROCESS__SIGSTOP;
1613 break;
1614 default:
1615
1616 perm = PROCESS__SIGNAL;
1617 break;
1618 }
1619
1620 return perm;
1621 }
1622
1623 #if CAP_LAST_CAP > 63
1624 #error Fix SELinux to handle capabilities > 63.
1625 #endif
1626
1627
1628 static int cred_has_capability(const struct cred *cred,
1629 int cap, unsigned int opts, bool initns)
1630 {
1631 struct common_audit_data ad;
1632 struct av_decision avd;
1633 u16 sclass;
1634 u32 sid = cred_sid(cred);
1635 u32 av = CAP_TO_MASK(cap);
1636 int rc;
1637
1638 ad.type = LSM_AUDIT_DATA_CAP;
1639 ad.u.cap = cap;
1640
1641 switch (CAP_TO_INDEX(cap)) {
1642 case 0:
1643 sclass = initns ? SECCLASS_CAPABILITY : SECCLASS_CAP_USERNS;
1644 break;
1645 case 1:
1646 sclass = initns ? SECCLASS_CAPABILITY2 : SECCLASS_CAP2_USERNS;
1647 break;
1648 default:
1649 pr_err("SELinux: out of range capability %d\n", cap);
1650 BUG();
1651 return -EINVAL;
1652 }
1653
1654 rc = avc_has_perm_noaudit(&selinux_state,
1655 sid, sid, sclass, av, 0, &avd);
1656 if (!(opts & CAP_OPT_NOAUDIT)) {
1657 int rc2 = avc_audit(&selinux_state,
1658 sid, sid, sclass, av, &avd, rc, &ad, 0);
1659 if (rc2)
1660 return rc2;
1661 }
1662 return rc;
1663 }
1664
1665
1666
1667
1668 static int inode_has_perm(const struct cred *cred,
1669 struct inode *inode,
1670 u32 perms,
1671 struct common_audit_data *adp)
1672 {
1673 struct inode_security_struct *isec;
1674 u32 sid;
1675
1676 validate_creds(cred);
1677
1678 if (unlikely(IS_PRIVATE(inode)))
1679 return 0;
1680
1681 sid = cred_sid(cred);
1682 isec = selinux_inode(inode);
1683
1684 return avc_has_perm(&selinux_state,
1685 sid, isec->sid, isec->sclass, perms, adp);
1686 }
1687
1688
1689
1690
1691 static inline int dentry_has_perm(const struct cred *cred,
1692 struct dentry *dentry,
1693 u32 av)
1694 {
1695 struct inode *inode = d_backing_inode(dentry);
1696 struct common_audit_data ad;
1697
1698 ad.type = LSM_AUDIT_DATA_DENTRY;
1699 ad.u.dentry = dentry;
1700 __inode_security_revalidate(inode, dentry, true);
1701 return inode_has_perm(cred, inode, av, &ad);
1702 }
1703
1704
1705
1706
1707 static inline int path_has_perm(const struct cred *cred,
1708 const struct path *path,
1709 u32 av)
1710 {
1711 struct inode *inode = d_backing_inode(path->dentry);
1712 struct common_audit_data ad;
1713
1714 ad.type = LSM_AUDIT_DATA_PATH;
1715 ad.u.path = *path;
1716 __inode_security_revalidate(inode, path->dentry, true);
1717 return inode_has_perm(cred, inode, av, &ad);
1718 }
1719
1720
1721 static inline int file_path_has_perm(const struct cred *cred,
1722 struct file *file,
1723 u32 av)
1724 {
1725 struct common_audit_data ad;
1726
1727 ad.type = LSM_AUDIT_DATA_FILE;
1728 ad.u.file = file;
1729 return inode_has_perm(cred, file_inode(file), av, &ad);
1730 }
1731
1732 #ifdef CONFIG_BPF_SYSCALL
1733 static int bpf_fd_pass(struct file *file, u32 sid);
1734 #endif
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744 static int file_has_perm(const struct cred *cred,
1745 struct file *file,
1746 u32 av)
1747 {
1748 struct file_security_struct *fsec = selinux_file(file);
1749 struct inode *inode = file_inode(file);
1750 struct common_audit_data ad;
1751 u32 sid = cred_sid(cred);
1752 int rc;
1753
1754 ad.type = LSM_AUDIT_DATA_FILE;
1755 ad.u.file = file;
1756
1757 if (sid != fsec->sid) {
1758 rc = avc_has_perm(&selinux_state,
1759 sid, fsec->sid,
1760 SECCLASS_FD,
1761 FD__USE,
1762 &ad);
1763 if (rc)
1764 goto out;
1765 }
1766
1767 #ifdef CONFIG_BPF_SYSCALL
1768 rc = bpf_fd_pass(file, cred_sid(cred));
1769 if (rc)
1770 return rc;
1771 #endif
1772
1773
1774 rc = 0;
1775 if (av)
1776 rc = inode_has_perm(cred, inode, av, &ad);
1777
1778 out:
1779 return rc;
1780 }
1781
1782
1783
1784
1785 static int
1786 selinux_determine_inode_label(const struct task_security_struct *tsec,
1787 struct inode *dir,
1788 const struct qstr *name, u16 tclass,
1789 u32 *_new_isid)
1790 {
1791 const struct superblock_security_struct *sbsec = dir->i_sb->s_security;
1792
1793 if ((sbsec->flags & SE_SBINITIALIZED) &&
1794 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) {
1795 *_new_isid = sbsec->mntpoint_sid;
1796 } else if ((sbsec->flags & SBLABEL_MNT) &&
1797 tsec->create_sid) {
1798 *_new_isid = tsec->create_sid;
1799 } else {
1800 const struct inode_security_struct *dsec = inode_security(dir);
1801 return security_transition_sid(&selinux_state, tsec->sid,
1802 dsec->sid, tclass,
1803 name, _new_isid);
1804 }
1805
1806 return 0;
1807 }
1808
1809
1810 static int may_create(struct inode *dir,
1811 struct dentry *dentry,
1812 u16 tclass)
1813 {
1814 const struct task_security_struct *tsec = selinux_cred(current_cred());
1815 struct inode_security_struct *dsec;
1816 struct superblock_security_struct *sbsec;
1817 u32 sid, newsid;
1818 struct common_audit_data ad;
1819 int rc;
1820
1821 dsec = inode_security(dir);
1822 sbsec = dir->i_sb->s_security;
1823
1824 sid = tsec->sid;
1825
1826 ad.type = LSM_AUDIT_DATA_DENTRY;
1827 ad.u.dentry = dentry;
1828
1829 rc = avc_has_perm(&selinux_state,
1830 sid, dsec->sid, SECCLASS_DIR,
1831 DIR__ADD_NAME | DIR__SEARCH,
1832 &ad);
1833 if (rc)
1834 return rc;
1835
1836 rc = selinux_determine_inode_label(selinux_cred(current_cred()), dir,
1837 &dentry->d_name, tclass, &newsid);
1838 if (rc)
1839 return rc;
1840
1841 rc = avc_has_perm(&selinux_state,
1842 sid, newsid, tclass, FILE__CREATE, &ad);
1843 if (rc)
1844 return rc;
1845
1846 return avc_has_perm(&selinux_state,
1847 newsid, sbsec->sid,
1848 SECCLASS_FILESYSTEM,
1849 FILESYSTEM__ASSOCIATE, &ad);
1850 }
1851
1852 #define MAY_LINK 0
1853 #define MAY_UNLINK 1
1854 #define MAY_RMDIR 2
1855
1856
1857 static int may_link(struct inode *dir,
1858 struct dentry *dentry,
1859 int kind)
1860
1861 {
1862 struct inode_security_struct *dsec, *isec;
1863 struct common_audit_data ad;
1864 u32 sid = current_sid();
1865 u32 av;
1866 int rc;
1867
1868 dsec = inode_security(dir);
1869 isec = backing_inode_security(dentry);
1870
1871 ad.type = LSM_AUDIT_DATA_DENTRY;
1872 ad.u.dentry = dentry;
1873
1874 av = DIR__SEARCH;
1875 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1876 rc = avc_has_perm(&selinux_state,
1877 sid, dsec->sid, SECCLASS_DIR, av, &ad);
1878 if (rc)
1879 return rc;
1880
1881 switch (kind) {
1882 case MAY_LINK:
1883 av = FILE__LINK;
1884 break;
1885 case MAY_UNLINK:
1886 av = FILE__UNLINK;
1887 break;
1888 case MAY_RMDIR:
1889 av = DIR__RMDIR;
1890 break;
1891 default:
1892 pr_warn("SELinux: %s: unrecognized kind %d\n",
1893 __func__, kind);
1894 return 0;
1895 }
1896
1897 rc = avc_has_perm(&selinux_state,
1898 sid, isec->sid, isec->sclass, av, &ad);
1899 return rc;
1900 }
1901
1902 static inline int may_rename(struct inode *old_dir,
1903 struct dentry *old_dentry,
1904 struct inode *new_dir,
1905 struct dentry *new_dentry)
1906 {
1907 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1908 struct common_audit_data ad;
1909 u32 sid = current_sid();
1910 u32 av;
1911 int old_is_dir, new_is_dir;
1912 int rc;
1913
1914 old_dsec = inode_security(old_dir);
1915 old_isec = backing_inode_security(old_dentry);
1916 old_is_dir = d_is_dir(old_dentry);
1917 new_dsec = inode_security(new_dir);
1918
1919 ad.type = LSM_AUDIT_DATA_DENTRY;
1920
1921 ad.u.dentry = old_dentry;
1922 rc = avc_has_perm(&selinux_state,
1923 sid, old_dsec->sid, SECCLASS_DIR,
1924 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1925 if (rc)
1926 return rc;
1927 rc = avc_has_perm(&selinux_state,
1928 sid, old_isec->sid,
1929 old_isec->sclass, FILE__RENAME, &ad);
1930 if (rc)
1931 return rc;
1932 if (old_is_dir && new_dir != old_dir) {
1933 rc = avc_has_perm(&selinux_state,
1934 sid, old_isec->sid,
1935 old_isec->sclass, DIR__REPARENT, &ad);
1936 if (rc)
1937 return rc;
1938 }
1939
1940 ad.u.dentry = new_dentry;
1941 av = DIR__ADD_NAME | DIR__SEARCH;
1942 if (d_is_positive(new_dentry))
1943 av |= DIR__REMOVE_NAME;
1944 rc = avc_has_perm(&selinux_state,
1945 sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1946 if (rc)
1947 return rc;
1948 if (d_is_positive(new_dentry)) {
1949 new_isec = backing_inode_security(new_dentry);
1950 new_is_dir = d_is_dir(new_dentry);
1951 rc = avc_has_perm(&selinux_state,
1952 sid, new_isec->sid,
1953 new_isec->sclass,
1954 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1955 if (rc)
1956 return rc;
1957 }
1958
1959 return 0;
1960 }
1961
1962
1963 static int superblock_has_perm(const struct cred *cred,
1964 struct super_block *sb,
1965 u32 perms,
1966 struct common_audit_data *ad)
1967 {
1968 struct superblock_security_struct *sbsec;
1969 u32 sid = cred_sid(cred);
1970
1971 sbsec = sb->s_security;
1972 return avc_has_perm(&selinux_state,
1973 sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
1974 }
1975
1976
1977 static inline u32 file_mask_to_av(int mode, int mask)
1978 {
1979 u32 av = 0;
1980
1981 if (!S_ISDIR(mode)) {
1982 if (mask & MAY_EXEC)
1983 av |= FILE__EXECUTE;
1984 if (mask & MAY_READ)
1985 av |= FILE__READ;
1986
1987 if (mask & MAY_APPEND)
1988 av |= FILE__APPEND;
1989 else if (mask & MAY_WRITE)
1990 av |= FILE__WRITE;
1991
1992 } else {
1993 if (mask & MAY_EXEC)
1994 av |= DIR__SEARCH;
1995 if (mask & MAY_WRITE)
1996 av |= DIR__WRITE;
1997 if (mask & MAY_READ)
1998 av |= DIR__READ;
1999 }
2000
2001 return av;
2002 }
2003
2004
2005 static inline u32 file_to_av(struct file *file)
2006 {
2007 u32 av = 0;
2008
2009 if (file->f_mode & FMODE_READ)
2010 av |= FILE__READ;
2011 if (file->f_mode & FMODE_WRITE) {
2012 if (file->f_flags & O_APPEND)
2013 av |= FILE__APPEND;
2014 else
2015 av |= FILE__WRITE;
2016 }
2017 if (!av) {
2018
2019
2020
2021 av = FILE__IOCTL;
2022 }
2023
2024 return av;
2025 }
2026
2027
2028
2029
2030
2031 static inline u32 open_file_to_av(struct file *file)
2032 {
2033 u32 av = file_to_av(file);
2034 struct inode *inode = file_inode(file);
2035
2036 if (selinux_policycap_openperm() &&
2037 inode->i_sb->s_magic != SOCKFS_MAGIC)
2038 av |= FILE__OPEN;
2039
2040 return av;
2041 }
2042
2043
2044
2045 static int selinux_binder_set_context_mgr(struct task_struct *mgr)
2046 {
2047 u32 mysid = current_sid();
2048 u32 mgrsid = task_sid(mgr);
2049
2050 return avc_has_perm(&selinux_state,
2051 mysid, mgrsid, SECCLASS_BINDER,
2052 BINDER__SET_CONTEXT_MGR, NULL);
2053 }
2054
2055 static int selinux_binder_transaction(struct task_struct *from,
2056 struct task_struct *to)
2057 {
2058 u32 mysid = current_sid();
2059 u32 fromsid = task_sid(from);
2060 u32 tosid = task_sid(to);
2061 int rc;
2062
2063 if (mysid != fromsid) {
2064 rc = avc_has_perm(&selinux_state,
2065 mysid, fromsid, SECCLASS_BINDER,
2066 BINDER__IMPERSONATE, NULL);
2067 if (rc)
2068 return rc;
2069 }
2070
2071 return avc_has_perm(&selinux_state,
2072 fromsid, tosid, SECCLASS_BINDER, BINDER__CALL,
2073 NULL);
2074 }
2075
2076 static int selinux_binder_transfer_binder(struct task_struct *from,
2077 struct task_struct *to)
2078 {
2079 u32 fromsid = task_sid(from);
2080 u32 tosid = task_sid(to);
2081
2082 return avc_has_perm(&selinux_state,
2083 fromsid, tosid, SECCLASS_BINDER, BINDER__TRANSFER,
2084 NULL);
2085 }
2086
2087 static int selinux_binder_transfer_file(struct task_struct *from,
2088 struct task_struct *to,
2089 struct file *file)
2090 {
2091 u32 sid = task_sid(to);
2092 struct file_security_struct *fsec = selinux_file(file);
2093 struct dentry *dentry = file->f_path.dentry;
2094 struct inode_security_struct *isec;
2095 struct common_audit_data ad;
2096 int rc;
2097
2098 ad.type = LSM_AUDIT_DATA_PATH;
2099 ad.u.path = file->f_path;
2100
2101 if (sid != fsec->sid) {
2102 rc = avc_has_perm(&selinux_state,
2103 sid, fsec->sid,
2104 SECCLASS_FD,
2105 FD__USE,
2106 &ad);
2107 if (rc)
2108 return rc;
2109 }
2110
2111 #ifdef CONFIG_BPF_SYSCALL
2112 rc = bpf_fd_pass(file, sid);
2113 if (rc)
2114 return rc;
2115 #endif
2116
2117 if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2118 return 0;
2119
2120 isec = backing_inode_security(dentry);
2121 return avc_has_perm(&selinux_state,
2122 sid, isec->sid, isec->sclass, file_to_av(file),
2123 &ad);
2124 }
2125
2126 static int selinux_ptrace_access_check(struct task_struct *child,
2127 unsigned int mode)
2128 {
2129 u32 sid = current_sid();
2130 u32 csid = task_sid(child);
2131
2132 if (mode & PTRACE_MODE_READ)
2133 return avc_has_perm(&selinux_state,
2134 sid, csid, SECCLASS_FILE, FILE__READ, NULL);
2135
2136 return avc_has_perm(&selinux_state,
2137 sid, csid, SECCLASS_PROCESS, PROCESS__PTRACE, NULL);
2138 }
2139
2140 static int selinux_ptrace_traceme(struct task_struct *parent)
2141 {
2142 return avc_has_perm(&selinux_state,
2143 task_sid(parent), current_sid(), SECCLASS_PROCESS,
2144 PROCESS__PTRACE, NULL);
2145 }
2146
2147 static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
2148 kernel_cap_t *inheritable, kernel_cap_t *permitted)
2149 {
2150 return avc_has_perm(&selinux_state,
2151 current_sid(), task_sid(target), SECCLASS_PROCESS,
2152 PROCESS__GETCAP, NULL);
2153 }
2154
2155 static int selinux_capset(struct cred *new, const struct cred *old,
2156 const kernel_cap_t *effective,
2157 const kernel_cap_t *inheritable,
2158 const kernel_cap_t *permitted)
2159 {
2160 return avc_has_perm(&selinux_state,
2161 cred_sid(old), cred_sid(new), SECCLASS_PROCESS,
2162 PROCESS__SETCAP, NULL);
2163 }
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175 static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
2176 int cap, unsigned int opts)
2177 {
2178 return cred_has_capability(cred, cap, opts, ns == &init_user_ns);
2179 }
2180
2181 static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
2182 {
2183 const struct cred *cred = current_cred();
2184 int rc = 0;
2185
2186 if (!sb)
2187 return 0;
2188
2189 switch (cmds) {
2190 case Q_SYNC:
2191 case Q_QUOTAON:
2192 case Q_QUOTAOFF:
2193 case Q_SETINFO:
2194 case Q_SETQUOTA:
2195 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
2196 break;
2197 case Q_GETFMT:
2198 case Q_GETINFO:
2199 case Q_GETQUOTA:
2200 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
2201 break;
2202 default:
2203 rc = 0;
2204 break;
2205 }
2206 return rc;
2207 }
2208
2209 static int selinux_quota_on(struct dentry *dentry)
2210 {
2211 const struct cred *cred = current_cred();
2212
2213 return dentry_has_perm(cred, dentry, FILE__QUOTAON);
2214 }
2215
2216 static int selinux_syslog(int type)
2217 {
2218 switch (type) {
2219 case SYSLOG_ACTION_READ_ALL:
2220 case SYSLOG_ACTION_SIZE_BUFFER:
2221 return avc_has_perm(&selinux_state,
2222 current_sid(), SECINITSID_KERNEL,
2223 SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, NULL);
2224 case SYSLOG_ACTION_CONSOLE_OFF:
2225 case SYSLOG_ACTION_CONSOLE_ON:
2226
2227 case SYSLOG_ACTION_CONSOLE_LEVEL:
2228 return avc_has_perm(&selinux_state,
2229 current_sid(), SECINITSID_KERNEL,
2230 SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE,
2231 NULL);
2232 }
2233
2234 return avc_has_perm(&selinux_state,
2235 current_sid(), SECINITSID_KERNEL,
2236 SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, NULL);
2237 }
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247 static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
2248 {
2249 int rc, cap_sys_admin = 0;
2250
2251 rc = cred_has_capability(current_cred(), CAP_SYS_ADMIN,
2252 CAP_OPT_NOAUDIT, true);
2253 if (rc == 0)
2254 cap_sys_admin = 1;
2255
2256 return cap_sys_admin;
2257 }
2258
2259
2260
2261 static u32 ptrace_parent_sid(void)
2262 {
2263 u32 sid = 0;
2264 struct task_struct *tracer;
2265
2266 rcu_read_lock();
2267 tracer = ptrace_parent(current);
2268 if (tracer)
2269 sid = task_sid(tracer);
2270 rcu_read_unlock();
2271
2272 return sid;
2273 }
2274
2275 static int check_nnp_nosuid(const struct linux_binprm *bprm,
2276 const struct task_security_struct *old_tsec,
2277 const struct task_security_struct *new_tsec)
2278 {
2279 int nnp = (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS);
2280 int nosuid = !mnt_may_suid(bprm->file->f_path.mnt);
2281 int rc;
2282 u32 av;
2283
2284 if (!nnp && !nosuid)
2285 return 0;
2286
2287 if (new_tsec->sid == old_tsec->sid)
2288 return 0;
2289
2290
2291
2292
2293
2294
2295
2296 if (selinux_policycap_nnp_nosuid_transition()) {
2297 av = 0;
2298 if (nnp)
2299 av |= PROCESS2__NNP_TRANSITION;
2300 if (nosuid)
2301 av |= PROCESS2__NOSUID_TRANSITION;
2302 rc = avc_has_perm(&selinux_state,
2303 old_tsec->sid, new_tsec->sid,
2304 SECCLASS_PROCESS2, av, NULL);
2305 if (!rc)
2306 return 0;
2307 }
2308
2309
2310
2311
2312
2313
2314 rc = security_bounded_transition(&selinux_state, old_tsec->sid,
2315 new_tsec->sid);
2316 if (!rc)
2317 return 0;
2318
2319
2320
2321
2322
2323
2324 if (nnp)
2325 return -EPERM;
2326 return -EACCES;
2327 }
2328
2329 static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2330 {
2331 const struct task_security_struct *old_tsec;
2332 struct task_security_struct *new_tsec;
2333 struct inode_security_struct *isec;
2334 struct common_audit_data ad;
2335 struct inode *inode = file_inode(bprm->file);
2336 int rc;
2337
2338
2339
2340 if (bprm->called_set_creds)
2341 return 0;
2342
2343 old_tsec = selinux_cred(current_cred());
2344 new_tsec = selinux_cred(bprm->cred);
2345 isec = inode_security(inode);
2346
2347
2348 new_tsec->sid = old_tsec->sid;
2349 new_tsec->osid = old_tsec->sid;
2350
2351
2352 new_tsec->create_sid = 0;
2353 new_tsec->keycreate_sid = 0;
2354 new_tsec->sockcreate_sid = 0;
2355
2356 if (old_tsec->exec_sid) {
2357 new_tsec->sid = old_tsec->exec_sid;
2358
2359 new_tsec->exec_sid = 0;
2360
2361
2362 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec);
2363 if (rc)
2364 return rc;
2365 } else {
2366
2367 rc = security_transition_sid(&selinux_state, old_tsec->sid,
2368 isec->sid, SECCLASS_PROCESS, NULL,
2369 &new_tsec->sid);
2370 if (rc)
2371 return rc;
2372
2373
2374
2375
2376
2377 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec);
2378 if (rc)
2379 new_tsec->sid = old_tsec->sid;
2380 }
2381
2382 ad.type = LSM_AUDIT_DATA_FILE;
2383 ad.u.file = bprm->file;
2384
2385 if (new_tsec->sid == old_tsec->sid) {
2386 rc = avc_has_perm(&selinux_state,
2387 old_tsec->sid, isec->sid,
2388 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2389 if (rc)
2390 return rc;
2391 } else {
2392
2393 rc = avc_has_perm(&selinux_state,
2394 old_tsec->sid, new_tsec->sid,
2395 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2396 if (rc)
2397 return rc;
2398
2399 rc = avc_has_perm(&selinux_state,
2400 new_tsec->sid, isec->sid,
2401 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2402 if (rc)
2403 return rc;
2404
2405
2406 if (bprm->unsafe & LSM_UNSAFE_SHARE) {
2407 rc = avc_has_perm(&selinux_state,
2408 old_tsec->sid, new_tsec->sid,
2409 SECCLASS_PROCESS, PROCESS__SHARE,
2410 NULL);
2411 if (rc)
2412 return -EPERM;
2413 }
2414
2415
2416
2417 if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
2418 u32 ptsid = ptrace_parent_sid();
2419 if (ptsid != 0) {
2420 rc = avc_has_perm(&selinux_state,
2421 ptsid, new_tsec->sid,
2422 SECCLASS_PROCESS,
2423 PROCESS__PTRACE, NULL);
2424 if (rc)
2425 return -EPERM;
2426 }
2427 }
2428
2429
2430 bprm->per_clear |= PER_CLEAR_ON_SETID;
2431
2432
2433
2434
2435 rc = avc_has_perm(&selinux_state,
2436 old_tsec->sid, new_tsec->sid,
2437 SECCLASS_PROCESS, PROCESS__NOATSECURE,
2438 NULL);
2439 bprm->secureexec |= !!rc;
2440 }
2441
2442 return 0;
2443 }
2444
2445 static int match_file(const void *p, struct file *file, unsigned fd)
2446 {
2447 return file_has_perm(p, file, file_to_av(file)) ? fd + 1 : 0;
2448 }
2449
2450
2451 static inline void flush_unauthorized_files(const struct cred *cred,
2452 struct files_struct *files)
2453 {
2454 struct file *file, *devnull = NULL;
2455 struct tty_struct *tty;
2456 int drop_tty = 0;
2457 unsigned n;
2458
2459 tty = get_current_tty();
2460 if (tty) {
2461 spin_lock(&tty->files_lock);
2462 if (!list_empty(&tty->tty_files)) {
2463 struct tty_file_private *file_priv;
2464
2465
2466
2467
2468
2469
2470 file_priv = list_first_entry(&tty->tty_files,
2471 struct tty_file_private, list);
2472 file = file_priv->file;
2473 if (file_path_has_perm(cred, file, FILE__READ | FILE__WRITE))
2474 drop_tty = 1;
2475 }
2476 spin_unlock(&tty->files_lock);
2477 tty_kref_put(tty);
2478 }
2479
2480 if (drop_tty)
2481 no_tty();
2482
2483
2484 n = iterate_fd(files, 0, match_file, cred);
2485 if (!n)
2486 return;
2487
2488 devnull = dentry_open(&selinux_null, O_RDWR, cred);
2489 if (IS_ERR(devnull))
2490 devnull = NULL;
2491
2492 do {
2493 replace_fd(n - 1, devnull, 0);
2494 } while ((n = iterate_fd(files, n, match_file, cred)) != 0);
2495 if (devnull)
2496 fput(devnull);
2497 }
2498
2499
2500
2501
2502 static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2503 {
2504 struct task_security_struct *new_tsec;
2505 struct rlimit *rlim, *initrlim;
2506 int rc, i;
2507
2508 new_tsec = selinux_cred(bprm->cred);
2509 if (new_tsec->sid == new_tsec->osid)
2510 return;
2511
2512
2513 flush_unauthorized_files(bprm->cred, current->files);
2514
2515
2516 current->pdeath_signal = 0;
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528 rc = avc_has_perm(&selinux_state,
2529 new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2530 PROCESS__RLIMITINH, NULL);
2531 if (rc) {
2532
2533 task_lock(current);
2534 for (i = 0; i < RLIM_NLIMITS; i++) {
2535 rlim = current->signal->rlim + i;
2536 initrlim = init_task.signal->rlim + i;
2537 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2538 }
2539 task_unlock(current);
2540 if (IS_ENABLED(CONFIG_POSIX_TIMERS))
2541 update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
2542 }
2543 }
2544
2545
2546
2547
2548
2549 static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2550 {
2551 const struct task_security_struct *tsec = selinux_cred(current_cred());
2552 struct itimerval itimer;
2553 u32 osid, sid;
2554 int rc, i;
2555
2556 osid = tsec->osid;
2557 sid = tsec->sid;
2558
2559 if (sid == osid)
2560 return;
2561
2562
2563
2564
2565
2566
2567
2568
2569 rc = avc_has_perm(&selinux_state,
2570 osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2571 if (rc) {
2572 if (IS_ENABLED(CONFIG_POSIX_TIMERS)) {
2573 memset(&itimer, 0, sizeof itimer);
2574 for (i = 0; i < 3; i++)
2575 do_setitimer(i, &itimer, NULL);
2576 }
2577 spin_lock_irq(¤t->sighand->siglock);
2578 if (!fatal_signal_pending(current)) {
2579 flush_sigqueue(¤t->pending);
2580 flush_sigqueue(¤t->signal->shared_pending);
2581 flush_signal_handlers(current, 1);
2582 sigemptyset(¤t->blocked);
2583 recalc_sigpending();
2584 }
2585 spin_unlock_irq(¤t->sighand->siglock);
2586 }
2587
2588
2589
2590 read_lock(&tasklist_lock);
2591 __wake_up_parent(current, current->real_parent);
2592 read_unlock(&tasklist_lock);
2593 }
2594
2595
2596
2597 static int selinux_sb_alloc_security(struct super_block *sb)
2598 {
2599 return superblock_alloc_security(sb);
2600 }
2601
2602 static void selinux_sb_free_security(struct super_block *sb)
2603 {
2604 superblock_free_security(sb);
2605 }
2606
2607 static inline int opt_len(const char *s)
2608 {
2609 bool open_quote = false;
2610 int len;
2611 char c;
2612
2613 for (len = 0; (c = s[len]) != '\0'; len++) {
2614 if (c == '"')
2615 open_quote = !open_quote;
2616 if (c == ',' && !open_quote)
2617 break;
2618 }
2619 return len;
2620 }
2621
2622 static int selinux_sb_eat_lsm_opts(char *options, void **mnt_opts)
2623 {
2624 char *from = options;
2625 char *to = options;
2626 bool first = true;
2627 int rc;
2628
2629 while (1) {
2630 int len = opt_len(from);
2631 int token;
2632 char *arg = NULL;
2633
2634 token = match_opt_prefix(from, len, &arg);
2635
2636 if (token != Opt_error) {
2637 char *p, *q;
2638
2639
2640 if (arg) {
2641 for (p = q = arg; p < from + len; p++) {
2642 char c = *p;
2643 if (c != '"')
2644 *q++ = c;
2645 }
2646 arg = kmemdup_nul(arg, q - arg, GFP_KERNEL);
2647 if (!arg) {
2648 rc = -ENOMEM;
2649 goto free_opt;
2650 }
2651 }
2652 rc = selinux_add_opt(token, arg, mnt_opts);
2653 if (unlikely(rc)) {
2654 kfree(arg);
2655 goto free_opt;
2656 }
2657 } else {
2658 if (!first) {
2659 from--;
2660 len++;
2661 }
2662 if (to != from)
2663 memmove(to, from, len);
2664 to += len;
2665 first = false;
2666 }
2667 if (!from[len])
2668 break;
2669 from += len + 1;
2670 }
2671 *to = '\0';
2672 return 0;
2673
2674 free_opt:
2675 if (*mnt_opts) {
2676 selinux_free_mnt_opts(*mnt_opts);
2677 *mnt_opts = NULL;
2678 }
2679 return rc;
2680 }
2681
2682 static int selinux_sb_remount(struct super_block *sb, void *mnt_opts)
2683 {
2684 struct selinux_mnt_opts *opts = mnt_opts;
2685 struct superblock_security_struct *sbsec = sb->s_security;
2686 u32 sid;
2687 int rc;
2688
2689 if (!(sbsec->flags & SE_SBINITIALIZED))
2690 return 0;
2691
2692 if (!opts)
2693 return 0;
2694
2695 if (opts->fscontext) {
2696 rc = parse_sid(sb, opts->fscontext, &sid);
2697 if (rc)
2698 return rc;
2699 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
2700 goto out_bad_option;
2701 }
2702 if (opts->context) {
2703 rc = parse_sid(sb, opts->context, &sid);
2704 if (rc)
2705 return rc;
2706 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))
2707 goto out_bad_option;
2708 }
2709 if (opts->rootcontext) {
2710 struct inode_security_struct *root_isec;
2711 root_isec = backing_inode_security(sb->s_root);
2712 rc = parse_sid(sb, opts->rootcontext, &sid);
2713 if (rc)
2714 return rc;
2715 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))
2716 goto out_bad_option;
2717 }
2718 if (opts->defcontext) {
2719 rc = parse_sid(sb, opts->defcontext, &sid);
2720 if (rc)
2721 return rc;
2722 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))
2723 goto out_bad_option;
2724 }
2725 return 0;
2726
2727 out_bad_option:
2728 pr_warn("SELinux: unable to change security options "
2729 "during remount (dev %s, type=%s)\n", sb->s_id,
2730 sb->s_type->name);
2731 return -EINVAL;
2732 }
2733
2734 static int selinux_sb_kern_mount(struct super_block *sb)
2735 {
2736 const struct cred *cred = current_cred();
2737 struct common_audit_data ad;
2738
2739 ad.type = LSM_AUDIT_DATA_DENTRY;
2740 ad.u.dentry = sb->s_root;
2741 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2742 }
2743
2744 static int selinux_sb_statfs(struct dentry *dentry)
2745 {
2746 const struct cred *cred = current_cred();
2747 struct common_audit_data ad;
2748
2749 ad.type = LSM_AUDIT_DATA_DENTRY;
2750 ad.u.dentry = dentry->d_sb->s_root;
2751 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2752 }
2753
2754 static int selinux_mount(const char *dev_name,
2755 const struct path *path,
2756 const char *type,
2757 unsigned long flags,
2758 void *data)
2759 {
2760 const struct cred *cred = current_cred();
2761
2762 if (flags & MS_REMOUNT)
2763 return superblock_has_perm(cred, path->dentry->d_sb,
2764 FILESYSTEM__REMOUNT, NULL);
2765 else
2766 return path_has_perm(cred, path, FILE__MOUNTON);
2767 }
2768
2769 static int selinux_move_mount(const struct path *from_path,
2770 const struct path *to_path)
2771 {
2772 const struct cred *cred = current_cred();
2773
2774 return path_has_perm(cred, to_path, FILE__MOUNTON);
2775 }
2776
2777 static int selinux_umount(struct vfsmount *mnt, int flags)
2778 {
2779 const struct cred *cred = current_cred();
2780
2781 return superblock_has_perm(cred, mnt->mnt_sb,
2782 FILESYSTEM__UNMOUNT, NULL);
2783 }
2784
2785 static int selinux_fs_context_dup(struct fs_context *fc,
2786 struct fs_context *src_fc)
2787 {
2788 const struct selinux_mnt_opts *src = src_fc->security;
2789 struct selinux_mnt_opts *opts;
2790
2791 if (!src)
2792 return 0;
2793
2794 fc->security = kzalloc(sizeof(struct selinux_mnt_opts), GFP_KERNEL);
2795 if (!fc->security)
2796 return -ENOMEM;
2797
2798 opts = fc->security;
2799
2800 if (src->fscontext) {
2801 opts->fscontext = kstrdup(src->fscontext, GFP_KERNEL);
2802 if (!opts->fscontext)
2803 return -ENOMEM;
2804 }
2805 if (src->context) {
2806 opts->context = kstrdup(src->context, GFP_KERNEL);
2807 if (!opts->context)
2808 return -ENOMEM;
2809 }
2810 if (src->rootcontext) {
2811 opts->rootcontext = kstrdup(src->rootcontext, GFP_KERNEL);
2812 if (!opts->rootcontext)
2813 return -ENOMEM;
2814 }
2815 if (src->defcontext) {
2816 opts->defcontext = kstrdup(src->defcontext, GFP_KERNEL);
2817 if (!opts->defcontext)
2818 return -ENOMEM;
2819 }
2820 return 0;
2821 }
2822
2823 static const struct fs_parameter_spec selinux_param_specs[] = {
2824 fsparam_string(CONTEXT_STR, Opt_context),
2825 fsparam_string(DEFCONTEXT_STR, Opt_defcontext),
2826 fsparam_string(FSCONTEXT_STR, Opt_fscontext),
2827 fsparam_string(ROOTCONTEXT_STR, Opt_rootcontext),
2828 fsparam_flag (SECLABEL_STR, Opt_seclabel),
2829 {}
2830 };
2831
2832 static const struct fs_parameter_description selinux_fs_parameters = {
2833 .name = "SELinux",
2834 .specs = selinux_param_specs,
2835 };
2836
2837 static int selinux_fs_context_parse_param(struct fs_context *fc,
2838 struct fs_parameter *param)
2839 {
2840 struct fs_parse_result result;
2841 int opt, rc;
2842
2843 opt = fs_parse(fc, &selinux_fs_parameters, param, &result);
2844 if (opt < 0)
2845 return opt;
2846
2847 rc = selinux_add_opt(opt, param->string, &fc->security);
2848 if (!rc) {
2849 param->string = NULL;
2850 rc = 1;
2851 }
2852 return rc;
2853 }
2854
2855
2856
2857 static int selinux_inode_alloc_security(struct inode *inode)
2858 {
2859 return inode_alloc_security(inode);
2860 }
2861
2862 static void selinux_inode_free_security(struct inode *inode)
2863 {
2864 inode_free_security(inode);
2865 }
2866
2867 static int selinux_dentry_init_security(struct dentry *dentry, int mode,
2868 const struct qstr *name, void **ctx,
2869 u32 *ctxlen)
2870 {
2871 u32 newsid;
2872 int rc;
2873
2874 rc = selinux_determine_inode_label(selinux_cred(current_cred()),
2875 d_inode(dentry->d_parent), name,
2876 inode_mode_to_security_class(mode),
2877 &newsid);
2878 if (rc)
2879 return rc;
2880
2881 return security_sid_to_context(&selinux_state, newsid, (char **)ctx,
2882 ctxlen);
2883 }
2884
2885 static int selinux_dentry_create_files_as(struct dentry *dentry, int mode,
2886 struct qstr *name,
2887 const struct cred *old,
2888 struct cred *new)
2889 {
2890 u32 newsid;
2891 int rc;
2892 struct task_security_struct *tsec;
2893
2894 rc = selinux_determine_inode_label(selinux_cred(old),
2895 d_inode(dentry->d_parent), name,
2896 inode_mode_to_security_class(mode),
2897 &newsid);
2898 if (rc)
2899 return rc;
2900
2901 tsec = selinux_cred(new);
2902 tsec->create_sid = newsid;
2903 return 0;
2904 }
2905
2906 static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2907 const struct qstr *qstr,
2908 const char **name,
2909 void **value, size_t *len)
2910 {
2911 const struct task_security_struct *tsec = selinux_cred(current_cred());
2912 struct superblock_security_struct *sbsec;
2913 u32 newsid, clen;
2914 int rc;
2915 char *context;
2916
2917 sbsec = dir->i_sb->s_security;
2918
2919 newsid = tsec->create_sid;
2920
2921 rc = selinux_determine_inode_label(selinux_cred(current_cred()),
2922 dir, qstr,
2923 inode_mode_to_security_class(inode->i_mode),
2924 &newsid);
2925 if (rc)
2926 return rc;
2927
2928
2929 if (sbsec->flags & SE_SBINITIALIZED) {
2930 struct inode_security_struct *isec = selinux_inode(inode);
2931 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2932 isec->sid = newsid;
2933 isec->initialized = LABEL_INITIALIZED;
2934 }
2935
2936 if (!selinux_state.initialized || !(sbsec->flags & SBLABEL_MNT))
2937 return -EOPNOTSUPP;
2938
2939 if (name)
2940 *name = XATTR_SELINUX_SUFFIX;
2941
2942 if (value && len) {
2943 rc = security_sid_to_context_force(&selinux_state, newsid,
2944 &context, &clen);
2945 if (rc)
2946 return rc;
2947 *value = context;
2948 *len = clen;
2949 }
2950
2951 return 0;
2952 }
2953
2954 static int selinux_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)
2955 {
2956 return may_create(dir, dentry, SECCLASS_FILE);
2957 }
2958
2959 static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2960 {
2961 return may_link(dir, old_dentry, MAY_LINK);
2962 }
2963
2964 static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
2965 {
2966 return may_link(dir, dentry, MAY_UNLINK);
2967 }
2968
2969 static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2970 {
2971 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2972 }
2973
2974 static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mask)
2975 {
2976 return may_create(dir, dentry, SECCLASS_DIR);
2977 }
2978
2979 static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2980 {
2981 return may_link(dir, dentry, MAY_RMDIR);
2982 }
2983
2984 static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
2985 {
2986 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2987 }
2988
2989 static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2990 struct inode *new_inode, struct dentry *new_dentry)
2991 {
2992 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
2993 }
2994
2995 static int selinux_inode_readlink(struct dentry *dentry)
2996 {
2997 const struct cred *cred = current_cred();
2998
2999 return dentry_has_perm(cred, dentry, FILE__READ);
3000 }
3001
3002 static int selinux_inode_follow_link(struct dentry *dentry, struct inode *inode,
3003 bool rcu)
3004 {
3005 const struct cred *cred = current_cred();
3006 struct common_audit_data ad;
3007 struct inode_security_struct *isec;
3008 u32 sid;
3009
3010 validate_creds(cred);
3011
3012 ad.type = LSM_AUDIT_DATA_DENTRY;
3013 ad.u.dentry = dentry;
3014 sid = cred_sid(cred);
3015 isec = inode_security_rcu(inode, rcu);
3016 if (IS_ERR(isec))
3017 return PTR_ERR(isec);
3018
3019 return avc_has_perm_flags(&selinux_state,
3020 sid, isec->sid, isec->sclass, FILE__READ, &ad,
3021 rcu ? MAY_NOT_BLOCK : 0);
3022 }
3023
3024 static noinline int audit_inode_permission(struct inode *inode,
3025 u32 perms, u32 audited, u32 denied,
3026 int result)
3027 {
3028 struct common_audit_data ad;
3029 struct inode_security_struct *isec = selinux_inode(inode);
3030 int rc;
3031
3032 ad.type = LSM_AUDIT_DATA_INODE;
3033 ad.u.inode = inode;
3034
3035 rc = slow_avc_audit(&selinux_state,
3036 current_sid(), isec->sid, isec->sclass, perms,
3037 audited, denied, result, &ad);
3038 if (rc)
3039 return rc;
3040 return 0;
3041 }
3042
3043 static int selinux_inode_permission(struct inode *inode, int mask)
3044 {
3045 const struct cred *cred = current_cred();
3046 u32 perms;
3047 bool from_access;
3048 unsigned flags = mask & MAY_NOT_BLOCK;
3049 struct inode_security_struct *isec;
3050 u32 sid;
3051 struct av_decision avd;
3052 int rc, rc2;
3053 u32 audited, denied;
3054
3055 from_access = mask & MAY_ACCESS;
3056 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
3057
3058
3059 if (!mask)
3060 return 0;
3061
3062 validate_creds(cred);
3063
3064 if (unlikely(IS_PRIVATE(inode)))
3065 return 0;
3066
3067 perms = file_mask_to_av(inode->i_mode, mask);
3068
3069 sid = cred_sid(cred);
3070 isec = inode_security_rcu(inode, flags & MAY_NOT_BLOCK);
3071 if (IS_ERR(isec))
3072 return PTR_ERR(isec);
3073
3074 rc = avc_has_perm_noaudit(&selinux_state,
3075 sid, isec->sid, isec->sclass, perms,
3076 (flags & MAY_NOT_BLOCK) ? AVC_NONBLOCKING : 0,
3077 &avd);
3078 audited = avc_audit_required(perms, &avd, rc,
3079 from_access ? FILE__AUDIT_ACCESS : 0,
3080 &denied);
3081 if (likely(!audited))
3082 return rc;
3083
3084
3085 if (flags & MAY_NOT_BLOCK)
3086 return -ECHILD;
3087
3088 rc2 = audit_inode_permission(inode, perms, audited, denied, rc);
3089 if (rc2)
3090 return rc2;
3091 return rc;
3092 }
3093
3094 static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
3095 {
3096 const struct cred *cred = current_cred();
3097 struct inode *inode = d_backing_inode(dentry);
3098 unsigned int ia_valid = iattr->ia_valid;
3099 __u32 av = FILE__WRITE;
3100
3101
3102 if (ia_valid & ATTR_FORCE) {
3103 ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_MODE |
3104 ATTR_FORCE);
3105 if (!ia_valid)
3106 return 0;
3107 }
3108
3109 if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
3110 ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
3111 return dentry_has_perm(cred, dentry, FILE__SETATTR);
3112
3113 if (selinux_policycap_openperm() &&
3114 inode->i_sb->s_magic != SOCKFS_MAGIC &&
3115 (ia_valid & ATTR_SIZE) &&
3116 !(ia_valid & ATTR_FILE))
3117 av |= FILE__OPEN;
3118
3119 return dentry_has_perm(cred, dentry, av);
3120 }
3121
3122 static int selinux_inode_getattr(const struct path *path)
3123 {
3124 return path_has_perm(current_cred(), path, FILE__GETATTR);
3125 }
3126
3127 static bool has_cap_mac_admin(bool audit)
3128 {
3129 const struct cred *cred = current_cred();
3130 unsigned int opts = audit ? CAP_OPT_NONE : CAP_OPT_NOAUDIT;
3131
3132 if (cap_capable(cred, &init_user_ns, CAP_MAC_ADMIN, opts))
3133 return false;
3134 if (cred_has_capability(cred, CAP_MAC_ADMIN, opts, true))
3135 return false;
3136 return true;
3137 }
3138
3139 static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
3140 const void *value, size_t size, int flags)
3141 {
3142 struct inode *inode = d_backing_inode(dentry);
3143 struct inode_security_struct *isec;
3144 struct superblock_security_struct *sbsec;
3145 struct common_audit_data ad;
3146 u32 newsid, sid = current_sid();
3147 int rc = 0;
3148
3149 if (strcmp(name, XATTR_NAME_SELINUX)) {
3150 rc = cap_inode_setxattr(dentry, name, value, size, flags);
3151 if (rc)
3152 return rc;
3153
3154
3155
3156 return dentry_has_perm(current_cred(), dentry, FILE__SETATTR);
3157 }
3158
3159 sbsec = inode->i_sb->s_security;
3160 if (!(sbsec->flags & SBLABEL_MNT))
3161 return -EOPNOTSUPP;
3162
3163 if (!inode_owner_or_capable(inode))
3164 return -EPERM;
3165
3166 ad.type = LSM_AUDIT_DATA_DENTRY;
3167 ad.u.dentry = dentry;
3168
3169 isec = backing_inode_security(dentry);
3170 rc = avc_has_perm(&selinux_state,
3171 sid, isec->sid, isec->sclass,
3172 FILE__RELABELFROM, &ad);
3173 if (rc)
3174 return rc;
3175
3176 rc = security_context_to_sid(&selinux_state, value, size, &newsid,
3177 GFP_KERNEL);
3178 if (rc == -EINVAL) {
3179 if (!has_cap_mac_admin(true)) {
3180 struct audit_buffer *ab;
3181 size_t audit_size;
3182
3183
3184
3185 if (value) {
3186 const char *str = value;
3187
3188 if (str[size - 1] == '\0')
3189 audit_size = size - 1;
3190 else
3191 audit_size = size;
3192 } else {
3193 audit_size = 0;
3194 }
3195 ab = audit_log_start(audit_context(),
3196 GFP_ATOMIC, AUDIT_SELINUX_ERR);
3197 audit_log_format(ab, "op=setxattr invalid_context=");
3198 audit_log_n_untrustedstring(ab, value, audit_size);
3199 audit_log_end(ab);
3200
3201 return rc;
3202 }
3203 rc = security_context_to_sid_force(&selinux_state, value,
3204 size, &newsid);
3205 }
3206 if (rc)
3207 return rc;
3208
3209 rc = avc_has_perm(&selinux_state,
3210 sid, newsid, isec->sclass,
3211 FILE__RELABELTO, &ad);
3212 if (rc)
3213 return rc;
3214
3215 rc = security_validate_transition(&selinux_state, isec->sid, newsid,
3216 sid, isec->sclass);
3217 if (rc)
3218 return rc;
3219
3220 return avc_has_perm(&selinux_state,
3221 newsid,
3222 sbsec->sid,
3223 SECCLASS_FILESYSTEM,
3224 FILESYSTEM__ASSOCIATE,
3225 &ad);
3226 }
3227
3228 static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
3229 const void *value, size_t size,
3230 int flags)
3231 {
3232 struct inode *inode = d_backing_inode(dentry);
3233 struct inode_security_struct *isec;
3234 u32 newsid;
3235 int rc;
3236
3237 if (strcmp(name, XATTR_NAME_SELINUX)) {
3238
3239 return;
3240 }
3241
3242 rc = security_context_to_sid_force(&selinux_state, value, size,
3243 &newsid);
3244 if (rc) {
3245 pr_err("SELinux: unable to map context to SID"
3246 "for (%s, %lu), rc=%d\n",
3247 inode->i_sb->s_id, inode->i_ino, -rc);
3248 return;
3249 }
3250
3251 isec = backing_inode_security(dentry);
3252 spin_lock(&isec->lock);
3253 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3254 isec->sid = newsid;
3255 isec->initialized = LABEL_INITIALIZED;
3256 spin_unlock(&isec->lock);
3257
3258 return;
3259 }
3260
3261 static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
3262 {
3263 const struct cred *cred = current_cred();
3264
3265 return dentry_has_perm(cred, dentry, FILE__GETATTR);
3266 }
3267
3268 static int selinux_inode_listxattr(struct dentry *dentry)
3269 {
3270 const struct cred *cred = current_cred();
3271
3272 return dentry_has_perm(cred, dentry, FILE__GETATTR);
3273 }
3274
3275 static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
3276 {
3277 if (strcmp(name, XATTR_NAME_SELINUX)) {
3278 int rc = cap_inode_removexattr(dentry, name);
3279 if (rc)
3280 return rc;
3281
3282
3283
3284 return dentry_has_perm(current_cred(), dentry, FILE__SETATTR);
3285 }
3286
3287
3288
3289 return -EACCES;
3290 }
3291
3292 static int selinux_path_notify(const struct path *path, u64 mask,
3293 unsigned int obj_type)
3294 {
3295 int ret;
3296 u32 perm;
3297
3298 struct common_audit_data ad;
3299
3300 ad.type = LSM_AUDIT_DATA_PATH;
3301 ad.u.path = *path;
3302
3303
3304
3305
3306
3307 switch (obj_type) {
3308 case FSNOTIFY_OBJ_TYPE_VFSMOUNT:
3309 perm = FILE__WATCH_MOUNT;
3310 break;
3311 case FSNOTIFY_OBJ_TYPE_SB:
3312 perm = FILE__WATCH_SB;
3313 ret = superblock_has_perm(current_cred(), path->dentry->d_sb,
3314 FILESYSTEM__WATCH, &ad);
3315 if (ret)
3316 return ret;
3317 break;
3318 case FSNOTIFY_OBJ_TYPE_INODE:
3319 perm = FILE__WATCH;
3320 break;
3321 default:
3322 return -EINVAL;
3323 }
3324
3325
3326 if (mask & (ALL_FSNOTIFY_PERM_EVENTS))
3327 perm |= FILE__WATCH_WITH_PERM;
3328
3329
3330 if (mask & (FS_ACCESS | FS_ACCESS_PERM | FS_CLOSE_NOWRITE))
3331 perm |= FILE__WATCH_READS;
3332
3333 return path_has_perm(current_cred(), path, perm);
3334 }
3335
3336
3337
3338
3339
3340
3341 static int selinux_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc)
3342 {
3343 u32 size;
3344 int error;
3345 char *context = NULL;
3346 struct inode_security_struct *isec;
3347
3348 if (strcmp(name, XATTR_SELINUX_SUFFIX))
3349 return -EOPNOTSUPP;
3350
3351
3352
3353
3354
3355
3356
3357
3358
3359
3360 isec = inode_security(inode);
3361 if (has_cap_mac_admin(false))
3362 error = security_sid_to_context_force(&selinux_state,
3363 isec->sid, &context,
3364 &size);
3365 else
3366 error = security_sid_to_context(&selinux_state, isec->sid,
3367 &context, &size);
3368 if (error)
3369 return error;
3370 error = size;
3371 if (alloc) {
3372 *buffer = context;
3373 goto out_nofree;
3374 }
3375 kfree(context);
3376 out_nofree:
3377 return error;
3378 }
3379
3380 static int selinux_inode_setsecurity(struct inode *inode, const char *name,
3381 const void *value, size_t size, int flags)
3382 {
3383 struct inode_security_struct *isec = inode_security_novalidate(inode);
3384 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
3385 u32 newsid;
3386 int rc;
3387
3388 if (strcmp(name, XATTR_SELINUX_SUFFIX))
3389 return -EOPNOTSUPP;
3390
3391 if (!(sbsec->flags & SBLABEL_MNT))
3392 return -EOPNOTSUPP;
3393
3394 if (!value || !size)
3395 return -EACCES;
3396
3397 rc = security_context_to_sid(&selinux_state, value, size, &newsid,
3398 GFP_KERNEL);
3399 if (rc)
3400 return rc;
3401
3402 spin_lock(&isec->lock);
3403 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3404 isec->sid = newsid;
3405 isec->initialized = LABEL_INITIALIZED;
3406 spin_unlock(&isec->lock);
3407 return 0;
3408 }
3409
3410 static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
3411 {
3412 const int len = sizeof(XATTR_NAME_SELINUX);
3413 if (buffer && len <= buffer_size)
3414 memcpy(buffer, XATTR_NAME_SELINUX, len);
3415 return len;
3416 }
3417
3418 static void selinux_inode_getsecid(struct inode *inode, u32 *secid)
3419 {
3420 struct inode_security_struct *isec = inode_security_novalidate(inode);
3421 *secid = isec->sid;
3422 }
3423
3424 static int selinux_inode_copy_up(struct dentry *src, struct cred **new)
3425 {
3426 u32 sid;
3427 struct task_security_struct *tsec;
3428 struct cred *new_creds = *new;
3429
3430 if (new_creds == NULL) {
3431 new_creds = prepare_creds();
3432 if (!new_creds)
3433 return -ENOMEM;
3434 }
3435
3436 tsec = selinux_cred(new_creds);
3437
3438 selinux_inode_getsecid(d_inode(src), &sid);
3439 tsec->create_sid = sid;
3440 *new = new_creds;
3441 return 0;
3442 }
3443
3444 static int selinux_inode_copy_up_xattr(const char *name)
3445 {
3446
3447
3448
3449
3450 if (strcmp(name, XATTR_NAME_SELINUX) == 0)
3451 return 1;
3452
3453
3454
3455
3456 return -EOPNOTSUPP;
3457 }
3458
3459
3460
3461 static int selinux_kernfs_init_security(struct kernfs_node *kn_dir,
3462 struct kernfs_node *kn)
3463 {
3464 const struct task_security_struct *tsec = selinux_cred(current_cred());
3465 u32 parent_sid, newsid, clen;
3466 int rc;
3467 char *context;
3468
3469 rc = kernfs_xattr_get(kn_dir, XATTR_NAME_SELINUX, NULL, 0);
3470 if (rc == -ENODATA)
3471 return 0;
3472 else if (rc < 0)
3473 return rc;
3474
3475 clen = (u32)rc;
3476 context = kmalloc(clen, GFP_KERNEL);
3477 if (!context)
3478 return -ENOMEM;
3479
3480 rc = kernfs_xattr_get(kn_dir, XATTR_NAME_SELINUX, context, clen);
3481 if (rc < 0) {
3482 kfree(context);
3483 return rc;
3484 }
3485
3486 rc = security_context_to_sid(&selinux_state, context, clen, &parent_sid,
3487 GFP_KERNEL);
3488 kfree(context);
3489 if (rc)
3490 return rc;
3491
3492 if (tsec->create_sid) {
3493 newsid = tsec->create_sid;
3494 } else {
3495 u16 secclass = inode_mode_to_security_class(kn->mode);
3496 struct qstr q;
3497
3498 q.name = kn->name;
3499 q.hash_len = hashlen_string(kn_dir, kn->name);
3500
3501 rc = security_transition_sid(&selinux_state, tsec->sid,
3502 parent_sid, secclass, &q,
3503 &newsid);
3504 if (rc)
3505 return rc;
3506 }
3507
3508 rc = security_sid_to_context_force(&selinux_state, newsid,
3509 &context, &clen);
3510 if (rc)
3511 return rc;
3512
3513 rc = kernfs_xattr_set(kn, XATTR_NAME_SELINUX, context, clen,
3514 XATTR_CREATE);
3515 kfree(context);
3516 return rc;
3517 }
3518
3519
3520
3521
3522 static int selinux_revalidate_file_permission(struct file *file, int mask)
3523 {
3524 const struct cred *cred = current_cred();
3525 struct inode *inode = file_inode(file);
3526
3527
3528 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
3529 mask |= MAY_APPEND;
3530
3531 return file_has_perm(cred, file,
3532 file_mask_to_av(inode->i_mode, mask));
3533 }
3534
3535 static int selinux_file_permission(struct file *file, int mask)
3536 {
3537 struct inode *inode = file_inode(file);
3538 struct file_security_struct *fsec = selinux_file(file);
3539 struct inode_security_struct *isec;
3540 u32 sid = current_sid();
3541
3542 if (!mask)
3543
3544 return 0;
3545
3546 isec = inode_security(inode);
3547 if (sid == fsec->sid && fsec->isid == isec->sid &&
3548 fsec->pseqno == avc_policy_seqno(&selinux_state))
3549
3550 return 0;
3551
3552 return selinux_revalidate_file_permission(file, mask);
3553 }
3554
3555 static int selinux_file_alloc_security(struct file *file)
3556 {
3557 return file_alloc_security(file);
3558 }
3559
3560
3561
3562
3563
3564 static int ioctl_has_perm(const struct cred *cred, struct file *file,
3565 u32 requested, u16 cmd)
3566 {
3567 struct common_audit_data ad;
3568 struct file_security_struct *fsec = selinux_file(file);
3569 struct inode *inode = file_inode(file);
3570 struct inode_security_struct *isec;
3571 struct lsm_ioctlop_audit ioctl;
3572 u32 ssid = cred_sid(cred);
3573 int rc;
3574 u8 driver = cmd >> 8;
3575 u8 xperm = cmd & 0xff;
3576
3577 ad.type = LSM_AUDIT_DATA_IOCTL_OP;
3578 ad.u.op = &ioctl;
3579 ad.u.op->cmd = cmd;
3580 ad.u.op->path = file->f_path;
3581
3582 if (ssid != fsec->sid) {
3583 rc = avc_has_perm(&selinux_state,
3584 ssid, fsec->sid,
3585 SECCLASS_FD,
3586 FD__USE,
3587 &ad);
3588 if (rc)
3589 goto out;
3590 }
3591
3592 if (unlikely(IS_PRIVATE(inode)))
3593 return 0;
3594
3595 isec = inode_security(inode);
3596 rc = avc_has_extended_perms(&selinux_state,
3597 ssid, isec->sid, isec->sclass,
3598 requested, driver, xperm, &ad);
3599 out:
3600 return rc;
3601 }
3602
3603 static int selinux_file_ioctl(struct file *file, unsigned int cmd,
3604 unsigned long arg)
3605 {
3606 const struct cred *cred = current_cred();
3607 int error = 0;
3608
3609 switch (cmd) {
3610 case FIONREAD:
3611
3612 case FIBMAP:
3613
3614 case FIGETBSZ:
3615
3616 case FS_IOC_GETFLAGS:
3617
3618 case FS_IOC_GETVERSION:
3619 error = file_has_perm(cred, file, FILE__GETATTR);
3620 break;
3621
3622 case FS_IOC_SETFLAGS:
3623
3624 case FS_IOC_SETVERSION:
3625 error = file_has_perm(cred, file, FILE__SETATTR);
3626 break;
3627
3628
3629 case FIONBIO:
3630
3631 case FIOASYNC:
3632 error = file_has_perm(cred, file, 0);
3633 break;
3634
3635 case KDSKBENT:
3636 case KDSKBSENT:
3637 error = cred_has_capability(cred, CAP_SYS_TTY_CONFIG,
3638 CAP_OPT_NONE, true);
3639 break;
3640
3641
3642
3643
3644 default:
3645 error = ioctl_has_perm(cred, file, FILE__IOCTL, (u16) cmd);
3646 }
3647 return error;
3648 }
3649
3650 static int default_noexec;
3651
3652 static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
3653 {
3654 const struct cred *cred = current_cred();
3655 u32 sid = cred_sid(cred);
3656 int rc = 0;
3657
3658 if (default_noexec &&
3659 (prot & PROT_EXEC) && (!file || IS_PRIVATE(file_inode(file)) ||
3660 (!shared && (prot & PROT_WRITE)))) {
3661
3662
3663
3664
3665
3666 rc = avc_has_perm(&selinux_state,
3667 sid, sid, SECCLASS_PROCESS,
3668 PROCESS__EXECMEM, NULL);
3669 if (rc)
3670 goto error;
3671 }
3672
3673 if (file) {
3674
3675 u32 av = FILE__READ;
3676
3677
3678 if (shared && (prot & PROT_WRITE))
3679 av |= FILE__WRITE;
3680
3681 if (prot & PROT_EXEC)
3682 av |= FILE__EXECUTE;
3683
3684 return file_has_perm(cred, file, av);
3685 }
3686
3687 error:
3688 return rc;
3689 }
3690
3691 static int selinux_mmap_addr(unsigned long addr)
3692 {
3693 int rc = 0;
3694
3695 if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
3696 u32 sid = current_sid();
3697 rc = avc_has_perm(&selinux_state,
3698 sid, sid, SECCLASS_MEMPROTECT,
3699 MEMPROTECT__MMAP_ZERO, NULL);
3700 }
3701
3702 return rc;
3703 }
3704
3705 static int selinux_mmap_file(struct file *file, unsigned long reqprot,
3706 unsigned long prot, unsigned long flags)
3707 {
3708 struct common_audit_data ad;
3709 int rc;
3710
3711 if (file) {
3712 ad.type = LSM_AUDIT_DATA_FILE;
3713 ad.u.file = file;
3714 rc = inode_has_perm(current_cred(), file_inode(file),
3715 FILE__MAP, &ad);
3716 if (rc)
3717 return rc;
3718 }
3719
3720 if (selinux_state.checkreqprot)
3721 prot = reqprot;
3722
3723 return file_map_prot_check(file, prot,
3724 (flags & MAP_TYPE) == MAP_SHARED);
3725 }
3726
3727 static int selinux_file_mprotect(struct vm_area_struct *vma,
3728 unsigned long reqprot,
3729 unsigned long prot)
3730 {
3731 const struct cred *cred = current_cred();
3732 u32 sid = cred_sid(cred);
3733
3734 if (selinux_state.checkreqprot)
3735 prot = reqprot;
3736
3737 if (default_noexec &&
3738 (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
3739 int rc = 0;
3740 if (vma->vm_start >= vma->vm_mm->start_brk &&
3741 vma->vm_end <= vma->vm_mm->brk) {
3742 rc = avc_has_perm(&selinux_state,
3743 sid, sid, SECCLASS_PROCESS,
3744 PROCESS__EXECHEAP, NULL);
3745 } else if (!vma->vm_file &&
3746 ((vma->vm_start <= vma->vm_mm->start_stack &&
3747 vma->vm_end >= vma->vm_mm->start_stack) ||
3748 vma_is_stack_for_current(vma))) {
3749 rc = avc_has_perm(&selinux_state,
3750 sid, sid, SECCLASS_PROCESS,
3751 PROCESS__EXECSTACK, NULL);
3752 } else if (vma->vm_file && vma->anon_vma) {
3753
3754
3755
3756
3757
3758
3759
3760 rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);
3761 }
3762 if (rc)
3763 return rc;
3764 }
3765
3766 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
3767 }
3768
3769 static int selinux_file_lock(struct file *file, unsigned int cmd)
3770 {
3771 const struct cred *cred = current_cred();
3772
3773 return file_has_perm(cred, file, FILE__LOCK);
3774 }
3775
3776 static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3777 unsigned long arg)
3778 {
3779 const struct cred *cred = current_cred();
3780 int err = 0;
3781
3782 switch (cmd) {
3783 case F_SETFL:
3784 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3785 err = file_has_perm(cred, file, FILE__WRITE);
3786 break;
3787 }
3788
3789 case F_SETOWN:
3790 case F_SETSIG:
3791 case F_GETFL:
3792 case F_GETOWN:
3793 case F_GETSIG:
3794 case F_GETOWNER_UIDS:
3795
3796 err = file_has_perm(cred, file, 0);
3797 break;
3798 case F_GETLK:
3799 case F_SETLK:
3800 case F_SETLKW:
3801 case F_OFD_GETLK:
3802 case F_OFD_SETLK:
3803 case F_OFD_SETLKW:
3804 #if BITS_PER_LONG == 32
3805 case F_GETLK64:
3806 case F_SETLK64:
3807 case F_SETLKW64:
3808 #endif
3809 err = file_has_perm(cred, file, FILE__LOCK);
3810 break;
3811 }
3812
3813 return err;
3814 }
3815
3816 static void selinux_file_set_fowner(struct file *file)
3817 {
3818 struct file_security_struct *fsec;
3819
3820 fsec = selinux_file(file);
3821 fsec->fown_sid = current_sid();
3822 }
3823
3824 static int selinux_file_send_sigiotask(struct task_struct *tsk,
3825 struct fown_struct *fown, int signum)
3826 {
3827 struct file *file;
3828 u32 sid = task_sid(tsk);
3829 u32 perm;
3830 struct file_security_struct *fsec;
3831
3832
3833 file = container_of(fown, struct file, f_owner);
3834
3835 fsec = selinux_file(file);
3836
3837 if (!signum)
3838 perm = signal_to_av(SIGIO);
3839 else
3840 perm = signal_to_av(signum);
3841
3842 return avc_has_perm(&selinux_state,
3843 fsec->fown_sid, sid,
3844 SECCLASS_PROCESS, perm, NULL);
3845 }
3846
3847 static int selinux_file_receive(struct file *file)
3848 {
3849 const struct cred *cred = current_cred();
3850
3851 return file_has_perm(cred, file, file_to_av(file));
3852 }
3853
3854 static int selinux_file_open(struct file *file)
3855 {
3856 struct file_security_struct *fsec;
3857 struct inode_security_struct *isec;
3858
3859 fsec = selinux_file(file);
3860 isec = inode_security(file_inode(file));
3861
3862
3863
3864
3865
3866
3867
3868 fsec->isid = isec->sid;
3869 fsec->pseqno = avc_policy_seqno(&selinux_state);
3870
3871
3872
3873
3874
3875
3876
3877
3878 return file_path_has_perm(file->f_cred, file, open_file_to_av(file));
3879 }
3880
3881
3882
3883 static int selinux_task_alloc(struct task_struct *task,
3884 unsigned long clone_flags)
3885 {
3886 u32 sid = current_sid();
3887
3888 return avc_has_perm(&selinux_state,
3889 sid, sid, SECCLASS_PROCESS, PROCESS__FORK, NULL);
3890 }
3891
3892
3893
3894
3895 static int selinux_cred_prepare(struct cred *new, const struct cred *old,
3896 gfp_t gfp)
3897 {
3898 const struct task_security_struct *old_tsec = selinux_cred(old);
3899 struct task_security_struct *tsec = selinux_cred(new);
3900
3901 *tsec = *old_tsec;
3902 return 0;
3903 }
3904
3905
3906
3907
3908 static void selinux_cred_transfer(struct cred *new, const struct cred *old)
3909 {
3910 const struct task_security_struct *old_tsec = selinux_cred(old);
3911 struct task_security_struct *tsec = selinux_cred(new);
3912
3913 *tsec = *old_tsec;
3914 }
3915
3916 static void selinux_cred_getsecid(const struct cred *c, u32 *secid)
3917 {
3918 *secid = cred_sid(c);
3919 }
3920
3921
3922
3923
3924
3925 static int selinux_kernel_act_as(struct cred *new, u32 secid)
3926 {
3927 struct task_security_struct *tsec = selinux_cred(new);
3928 u32 sid = current_sid();
3929 int ret;
3930
3931 ret = avc_has_perm(&selinux_state,
3932 sid, secid,
3933 SECCLASS_KERNEL_SERVICE,
3934 KERNEL_SERVICE__USE_AS_OVERRIDE,
3935 NULL);
3936 if (ret == 0) {
3937 tsec->sid = secid;
3938 tsec->create_sid = 0;
3939 tsec->keycreate_sid = 0;
3940 tsec->sockcreate_sid = 0;
3941 }
3942 return ret;
3943 }
3944
3945
3946
3947
3948
3949 static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
3950 {
3951 struct inode_security_struct *isec = inode_security(inode);
3952 struct task_security_struct *tsec = selinux_cred(new);
3953 u32 sid = current_sid();
3954 int ret;
3955
3956 ret = avc_has_perm(&selinux_state,
3957 sid, isec->sid,
3958 SECCLASS_KERNEL_SERVICE,
3959 KERNEL_SERVICE__CREATE_FILES_AS,
3960 NULL);
3961
3962 if (ret == 0)
3963 tsec->create_sid = isec->sid;
3964 return ret;
3965 }
3966
3967 static int selinux_kernel_module_request(char *kmod_name)
3968 {
3969 struct common_audit_data ad;
3970
3971 ad.type = LSM_AUDIT_DATA_KMOD;
3972 ad.u.kmod_name = kmod_name;
3973
3974 return avc_has_perm(&selinux_state,
3975 current_sid(), SECINITSID_KERNEL, SECCLASS_SYSTEM,
3976 SYSTEM__MODULE_REQUEST, &ad);
3977 }
3978
3979 static int selinux_kernel_module_from_file(struct file *file)
3980 {
3981 struct common_audit_data ad;
3982 struct inode_security_struct *isec;
3983 struct file_security_struct *fsec;
3984 u32 sid = current_sid();
3985 int rc;
3986
3987
3988 if (file == NULL)
3989 return avc_has_perm(&selinux_state,
3990 sid, sid, SECCLASS_SYSTEM,
3991 SYSTEM__MODULE_LOAD, NULL);
3992
3993
3994
3995 ad.type = LSM_AUDIT_DATA_FILE;
3996 ad.u.file = file;
3997
3998 fsec = selinux_file(file);
3999 if (sid != fsec->sid) {
4000 rc = avc_has_perm(&selinux_state,
4001 sid, fsec->sid, SECCLASS_FD, FD__USE, &ad);
4002 if (rc)
4003 return rc;
4004 }
4005
4006 isec = inode_security(file_inode(file));
4007 return avc_has_perm(&selinux_state,
4008 sid, isec->sid, SECCLASS_SYSTEM,
4009 SYSTEM__MODULE_LOAD, &ad);
4010 }
4011
4012 static int selinux_kernel_read_file(struct file *file,
4013 enum kernel_read_file_id id)
4014 {
4015 int rc = 0;
4016
4017 switch (id) {
4018 case READING_MODULE:
4019 rc = selinux_kernel_module_from_file(file);
4020 break;
4021 default:
4022 break;
4023 }
4024
4025 return rc;
4026 }
4027
4028 static int selinux_kernel_load_data(enum kernel_load_data_id id)
4029 {
4030 int rc = 0;
4031
4032 switch (id) {
4033 case LOADING_MODULE:
4034 rc = selinux_kernel_module_from_file(NULL);
4035 default:
4036 break;
4037 }
4038
4039 return rc;
4040 }
4041
4042 static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
4043 {
4044 return avc_has_perm(&selinux_state,
4045 current_sid(), task_sid(p), SECCLASS_PROCESS,
4046 PROCESS__SETPGID, NULL);
4047 }
4048
4049 static int selinux_task_getpgid(struct task_struct *p)
4050 {
4051 return avc_has_perm(&selinux_state,
4052 current_sid(), task_sid(p), SECCLASS_PROCESS,
4053 PROCESS__GETPGID, NULL);
4054 }
4055
4056 static int selinux_task_getsid(struct task_struct *p)
4057 {
4058 return avc_has_perm(&selinux_state,
4059 current_sid(), task_sid(p), SECCLASS_PROCESS,
4060 PROCESS__GETSESSION, NULL);
4061 }
4062
4063 static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
4064 {
4065 *secid = task_sid(p);
4066 }
4067
4068 static int selinux_task_setnice(struct task_struct *p, int nice)
4069 {
4070 return avc_has_perm(&selinux_state,
4071 current_sid(), task_sid(p), SECCLASS_PROCESS,
4072 PROCESS__SETSCHED, NULL);
4073 }
4074
4075 static int selinux_task_setioprio(struct task_struct *p, int ioprio)
4076 {
4077 return avc_has_perm(&selinux_state,
4078 current_sid(), task_sid(p), SECCLASS_PROCESS,
4079 PROCESS__SETSCHED, NULL);
4080 }
4081
4082 static int selinux_task_getioprio(struct task_struct *p)
4083 {
4084 return avc_has_perm(&selinux_state,
4085 current_sid(), task_sid(p), SECCLASS_PROCESS,
4086 PROCESS__GETSCHED, NULL);
4087 }
4088
4089 static int selinux_task_prlimit(const struct cred *cred, const struct cred *tcred,
4090 unsigned int flags)
4091 {
4092 u32 av = 0;
4093
4094 if (!flags)
4095 return 0;
4096 if (flags & LSM_PRLIMIT_WRITE)
4097 av |= PROCESS__SETRLIMIT;
4098 if (flags & LSM_PRLIMIT_READ)
4099 av |= PROCESS__GETRLIMIT;
4100 return avc_has_perm(&selinux_state,
4101 cred_sid(cred), cred_sid(tcred),
4102 SECCLASS_PROCESS, av, NULL);
4103 }
4104
4105 static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
4106 struct rlimit *new_rlim)
4107 {
4108 struct rlimit *old_rlim = p->signal->rlim + resource;
4109
4110
4111
4112
4113
4114 if (old_rlim->rlim_max != new_rlim->rlim_max)
4115 return avc_has_perm(&selinux_state,
4116 current_sid(), task_sid(p),
4117 SECCLASS_PROCESS, PROCESS__SETRLIMIT, NULL);
4118
4119 return 0;
4120 }
4121
4122 static int selinux_task_setscheduler(struct task_struct *p)
4123 {
4124 return avc_has_perm(&selinux_state,
4125 current_sid(), task_sid(p), SECCLASS_PROCESS,
4126 PROCESS__SETSCHED, NULL);
4127 }
4128
4129 static int selinux_task_getscheduler(struct task_struct *p)
4130 {
4131 return avc_has_perm(&selinux_state,
4132 current_sid(), task_sid(p), SECCLASS_PROCESS,
4133 PROCESS__GETSCHED, NULL);
4134 }
4135
4136 static int selinux_task_movememory(struct task_struct *p)
4137 {
4138 return avc_has_perm(&selinux_state,
4139 current_sid(), task_sid(p), SECCLASS_PROCESS,
4140 PROCESS__SETSCHED, NULL);
4141 }
4142
4143 static int selinux_task_kill(struct task_struct *p, struct kernel_siginfo *info,
4144 int sig, const struct cred *cred)
4145 {
4146 u32 secid;
4147 u32 perm;
4148
4149 if (!sig)
4150 perm = PROCESS__SIGNULL;
4151 else
4152 perm = signal_to_av(sig);
4153 if (!cred)
4154 secid = current_sid();
4155 else
4156 secid = cred_sid(cred);
4157 return avc_has_perm(&selinux_state,
4158 secid, task_sid(p), SECCLASS_PROCESS, perm, NULL);
4159 }
4160
4161 static void selinux_task_to_inode(struct task_struct *p,
4162 struct inode *inode)
4163 {
4164 struct inode_security_struct *isec = selinux_inode(inode);
4165 u32 sid = task_sid(p);
4166
4167 spin_lock(&isec->lock);
4168 isec->sclass = inode_mode_to_security_class(inode->i_mode);
4169 isec->sid = sid;
4170 isec->initialized = LABEL_INITIALIZED;
4171 spin_unlock(&isec->lock);
4172 }
4173
4174
4175 static int selinux_parse_skb_ipv4(struct sk_buff *skb,
4176 struct common_audit_data *ad, u8 *proto)
4177 {
4178 int offset, ihlen, ret = -EINVAL;
4179 struct iphdr _iph, *ih;
4180
4181 offset = skb_network_offset(skb);
4182 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
4183 if (ih == NULL)
4184 goto out;
4185
4186 ihlen = ih->ihl * 4;
4187 if (ihlen < sizeof(_iph))
4188 goto out;
4189
4190 ad->u.net->v4info.saddr = ih->saddr;
4191 ad->u.net->v4info.daddr = ih->daddr;
4192 ret = 0;
4193
4194 if (proto)
4195 *proto = ih->protocol;
4196
4197 switch (ih->protocol) {
4198 case IPPROTO_TCP: {
4199 struct tcphdr _tcph, *th;
4200
4201 if (ntohs(ih->frag_off) & IP_OFFSET)
4202 break;
4203
4204 offset += ihlen;
4205 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
4206 if (th == NULL)
4207 break;
4208
4209 ad->u.net->sport = th->source;
4210 ad->u.net->dport = th->dest;
4211 break;
4212 }
4213
4214 case IPPROTO_UDP: {
4215 struct udphdr _udph, *uh;
4216
4217 if (ntohs(ih->frag_off) & IP_OFFSET)
4218 break;
4219
4220 offset += ihlen;
4221 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
4222 if (uh == NULL)
4223 break;
4224
4225 ad->u.net->sport = uh->source;
4226 ad->u.net->dport = uh->dest;
4227 break;
4228 }
4229
4230 case IPPROTO_DCCP: {
4231 struct dccp_hdr _dccph, *dh;
4232
4233 if (ntohs(ih->frag_off) & IP_OFFSET)
4234 break;
4235
4236 offset += ihlen;
4237 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
4238 if (dh == NULL)
4239 break;
4240
4241 ad->u.net->sport = dh->dccph_sport;
4242 ad->u.net->dport = dh->dccph_dport;
4243 break;
4244 }
4245
4246 #if IS_ENABLED(CONFIG_IP_SCTP)
4247 case IPPROTO_SCTP: {
4248 struct sctphdr _sctph, *sh;
4249
4250 if (ntohs(ih->frag_off) & IP_OFFSET)
4251 break;
4252
4253 offset += ihlen;
4254 sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph);
4255 if (sh == NULL)
4256 break;
4257
4258 ad->u.net->sport = sh->source;
4259 ad->u.net->dport = sh->dest;
4260 break;
4261 }
4262 #endif
4263 default:
4264 break;
4265 }
4266 out:
4267 return ret;
4268 }
4269
4270 #if IS_ENABLED(CONFIG_IPV6)
4271
4272
4273 static int selinux_parse_skb_ipv6(struct sk_buff *skb,
4274 struct common_audit_data *ad, u8 *proto)
4275 {
4276 u8 nexthdr;
4277 int ret = -EINVAL, offset;
4278 struct ipv6hdr _ipv6h, *ip6;
4279 __be16 frag_off;
4280
4281 offset = skb_network_offset(skb);
4282 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
4283 if (ip6 == NULL)
4284 goto out;
4285
4286 ad->u.net->v6info.saddr = ip6->saddr;
4287 ad->u.net->v6info.daddr = ip6->daddr;
4288 ret = 0;
4289
4290 nexthdr = ip6->nexthdr;
4291 offset += sizeof(_ipv6h);
4292 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
4293 if (offset < 0)
4294 goto out;
4295
4296 if (proto)
4297 *proto = nexthdr;
4298
4299 switch (nexthdr) {
4300 case IPPROTO_TCP: {
4301 struct tcphdr _tcph, *th;
4302
4303 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
4304 if (th == NULL)
4305 break;
4306
4307 ad->u.net->sport = th->source;
4308 ad->u.net->dport = th->dest;
4309 break;
4310 }
4311
4312 case IPPROTO_UDP: {
4313 struct udphdr _udph, *uh;
4314
4315 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
4316 if (uh == NULL)
4317 break;
4318
4319 ad->u.net->sport = uh->source;
4320 ad->u.net->dport = uh->dest;
4321 break;
4322 }
4323
4324 case IPPROTO_DCCP: {
4325 struct dccp_hdr _dccph, *dh;
4326
4327 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
4328 if (dh == NULL)
4329 break;
4330
4331 ad->u.net->sport = dh->dccph_sport;
4332 ad->u.net->dport = dh->dccph_dport;
4333 break;
4334 }
4335
4336 #if IS_ENABLED(CONFIG_IP_SCTP)
4337 case IPPROTO_SCTP: {
4338 struct sctphdr _sctph, *sh;
4339
4340 sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph);
4341 if (sh == NULL)
4342 break;
4343
4344 ad->u.net->sport = sh->source;
4345 ad->u.net->dport = sh->dest;
4346 break;
4347 }
4348 #endif
4349
4350 default:
4351 break;
4352 }
4353 out:
4354 return ret;
4355 }
4356
4357 #endif
4358
4359 static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
4360 char **_addrp, int src, u8 *proto)
4361 {
4362 char *addrp;
4363 int ret;
4364
4365 switch (ad->u.net->family) {
4366 case PF_INET:
4367 ret = selinux_parse_skb_ipv4(skb, ad, proto);
4368 if (ret)
4369 goto parse_error;
4370 addrp = (char *)(src ? &ad->u.net->v4info.saddr :
4371 &ad->u.net->v4info.daddr);
4372 goto okay;
4373
4374 #if IS_ENABLED(CONFIG_IPV6)
4375 case PF_INET6:
4376 ret = selinux_parse_skb_ipv6(skb, ad, proto);
4377 if (ret)
4378 goto parse_error;
4379 addrp = (char *)(src ? &ad->u.net->v6info.saddr :
4380 &ad->u.net->v6info.daddr);
4381 goto okay;
4382 #endif
4383 default:
4384 addrp = NULL;
4385 goto okay;
4386 }
4387
4388 parse_error:
4389 pr_warn(
4390 "SELinux: failure in selinux_parse_skb(),"
4391 " unable to parse packet\n");
4392 return ret;
4393
4394 okay:
4395 if (_addrp)
4396 *_addrp = addrp;
4397 return 0;
4398 }
4399
4400
4401
4402
4403
4404
4405
4406
4407
4408
4409
4410
4411
4412
4413
4414
4415 static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
4416 {
4417 int err;
4418 u32 xfrm_sid;
4419 u32 nlbl_sid;
4420 u32 nlbl_type;
4421
4422 err = selinux_xfrm_skb_sid(skb, &xfrm_sid);
4423 if (unlikely(err))
4424 return -EACCES;
4425 err = selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
4426 if (unlikely(err))
4427 return -EACCES;
4428
4429 err = security_net_peersid_resolve(&selinux_state, nlbl_sid,
4430 nlbl_type, xfrm_sid, sid);
4431 if (unlikely(err)) {
4432 pr_warn(
4433 "SELinux: failure in selinux_skb_peerlbl_sid(),"
4434 " unable to determine packet's peer label\n");
4435 return -EACCES;
4436 }
4437
4438 return 0;
4439 }
4440
4441
4442
4443
4444
4445
4446
4447
4448
4449
4450
4451
4452
4453 static int selinux_conn_sid(u32 sk_sid, u32 skb_sid, u32 *conn_sid)
4454 {
4455 int err = 0;
4456
4457 if (skb_sid != SECSID_NULL)
4458 err = security_sid_mls_copy(&selinux_state, sk_sid, skb_sid,
4459 conn_sid);
4460 else
4461 *conn_sid = sk_sid;
4462
4463 return err;
4464 }
4465
4466
4467
4468 static int socket_sockcreate_sid(const struct task_security_struct *tsec,
4469 u16 secclass, u32 *socksid)
4470 {
4471 if (tsec->sockcreate_sid > SECSID_NULL) {
4472 *socksid = tsec->sockcreate_sid;
4473 return 0;
4474 }
4475
4476 return security_transition_sid(&selinux_state, tsec->sid, tsec->sid,
4477 secclass, NULL, socksid);
4478 }
4479
4480 static int sock_has_perm(struct sock *sk, u32 perms)
4481 {
4482 struct sk_security_struct *sksec = sk->sk_security;
4483 struct common_audit_data ad;
4484 struct lsm_network_audit net = {0,};
4485
4486 if (sksec->sid == SECINITSID_KERNEL)
4487 return 0;
4488
4489 ad.type = LSM_AUDIT_DATA_NET;
4490 ad.u.net = &net;
4491 ad.u.net->sk = sk;
4492
4493 return avc_has_perm(&selinux_state,
4494 current_sid(), sksec->sid, sksec->sclass, perms,
4495 &ad);
4496 }
4497
4498 static int selinux_socket_create(int family, int type,
4499 int protocol, int kern)
4500 {
4501 const struct task_security_struct *tsec = selinux_cred(current_cred());
4502 u32 newsid;
4503 u16 secclass;
4504 int rc;
4505
4506 if (kern)
4507 return 0;
4508
4509 secclass = socket_type_to_security_class(family, type, protocol);
4510 rc = socket_sockcreate_sid(tsec, secclass, &newsid);
4511 if (rc)
4512 return rc;
4513
4514 return avc_has_perm(&selinux_state,
4515 tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
4516 }
4517
4518 static int selinux_socket_post_create(struct socket *sock, int family,
4519 int type, int protocol, int kern)
4520 {
4521 const struct task_security_struct *tsec = selinux_cred(current_cred());
4522 struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(sock));
4523 struct sk_security_struct *sksec;
4524 u16 sclass = socket_type_to_security_class(family, type, protocol);
4525 u32 sid = SECINITSID_KERNEL;
4526 int err = 0;
4527
4528 if (!kern) {
4529 err = socket_sockcreate_sid(tsec, sclass, &sid);
4530 if (err)
4531 return err;
4532 }
4533
4534 isec->sclass = sclass;
4535 isec->sid = sid;
4536 isec->initialized = LABEL_INITIALIZED;
4537
4538 if (sock->sk) {
4539 sksec = sock->sk->sk_security;
4540 sksec->sclass = sclass;
4541 sksec->sid = sid;
4542
4543 if (sksec->sclass == SECCLASS_SCTP_SOCKET)
4544 sksec->sctp_assoc_state = SCTP_ASSOC_UNSET;
4545
4546 err = selinux_netlbl_socket_post_create(sock->sk, family);
4547 }
4548
4549 return err;
4550 }
4551
4552 static int selinux_socket_socketpair(struct socket *socka,
4553 struct socket *sockb)
4554 {
4555 struct sk_security_struct *sksec_a = socka->sk->sk_security;
4556 struct sk_security_struct *sksec_b = sockb->sk->sk_security;
4557
4558 sksec_a->peer_sid = sksec_b->sid;
4559 sksec_b->peer_sid = sksec_a->sid;
4560
4561 return 0;
4562 }
4563
4564
4565
4566
4567
4568 static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
4569 {
4570 struct sock *sk = sock->sk;
4571 struct sk_security_struct *sksec = sk->sk_security;
4572 u16 family;
4573 int err;
4574
4575 err = sock_has_perm(sk, SOCKET__BIND);
4576 if (err)
4577 goto out;
4578
4579
4580 family = sk->sk_family;
4581 if (family == PF_INET || family == PF_INET6) {
4582 char *addrp;
4583 struct common_audit_data ad;
4584 struct lsm_network_audit net = {0,};
4585 struct sockaddr_in *addr4 = NULL;
4586 struct sockaddr_in6 *addr6 = NULL;
4587 u16 family_sa;
4588 unsigned short snum;
4589 u32 sid, node_perm;
4590
4591
4592
4593
4594
4595
4596
4597 if (addrlen < offsetofend(struct sockaddr, sa_family))
4598 return -EINVAL;
4599 family_sa = address->sa_family;
4600 switch (family_sa) {
4601 case AF_UNSPEC:
4602 case AF_INET:
4603 if (addrlen < sizeof(struct sockaddr_in))
4604 return -EINVAL;
4605 addr4 = (struct sockaddr_in *)address;
4606 if (family_sa == AF_UNSPEC) {
4607
4608
4609
4610 if (addr4->sin_addr.s_addr != htonl(INADDR_ANY))
4611 goto err_af;
4612 family_sa = AF_INET;
4613 }
4614 snum = ntohs(addr4->sin_port);
4615 addrp = (char *)&addr4->sin_addr.s_addr;
4616 break;
4617 case AF_INET6:
4618 if (addrlen < SIN6_LEN_RFC2133)
4619 return -EINVAL;
4620 addr6 = (struct sockaddr_in6 *)address;
4621 snum = ntohs(addr6->sin6_port);
4622 addrp = (char *)&addr6->sin6_addr.s6_addr;
4623 break;
4624 default:
4625 goto err_af;
4626 }
4627
4628 ad.type = LSM_AUDIT_DATA_NET;
4629 ad.u.net = &net;
4630 ad.u.net->sport = htons(snum);
4631 ad.u.net->family = family_sa;
4632
4633 if (snum) {
4634 int low, high;
4635
4636 inet_get_local_port_range(sock_net(sk), &low, &high);
4637
4638 if (snum < max(inet_prot_sock(sock_net(sk)), low) ||
4639 snum > high) {
4640 err = sel_netport_sid(sk->sk_protocol,
4641 snum, &sid);
4642 if (err)
4643 goto out;
4644 err = avc_has_perm(&selinux_state,
4645 sksec->sid, sid,
4646 sksec->sclass,
4647 SOCKET__NAME_BIND, &ad);
4648 if (err)
4649 goto out;
4650 }
4651 }
4652
4653 switch (sksec->sclass) {
4654 case SECCLASS_TCP_SOCKET:
4655 node_perm = TCP_SOCKET__NODE_BIND;
4656 break;
4657
4658 case SECCLASS_UDP_SOCKET:
4659 node_perm = UDP_SOCKET__NODE_BIND;
4660 break;
4661
4662 case SECCLASS_DCCP_SOCKET:
4663 node_perm = DCCP_SOCKET__NODE_BIND;
4664 break;
4665
4666 case SECCLASS_SCTP_SOCKET:
4667 node_perm = SCTP_SOCKET__NODE_BIND;
4668 break;
4669
4670 default:
4671 node_perm = RAWIP_SOCKET__NODE_BIND;
4672 break;
4673 }
4674
4675 err = sel_netnode_sid(addrp, family_sa, &sid);
4676 if (err)
4677 goto out;
4678
4679 if (family_sa == AF_INET)
4680 ad.u.net->v4info.saddr = addr4->sin_addr.s_addr;
4681 else
4682 ad.u.net->v6info.saddr = addr6->sin6_addr;
4683
4684 err = avc_has_perm(&selinux_state,
4685 sksec->sid, sid,
4686 sksec->sclass, node_perm, &ad);
4687 if (err)
4688 goto out;
4689 }
4690 out:
4691 return err;
4692 err_af:
4693
4694 if (sksec->sclass == SECCLASS_SCTP_SOCKET)
4695 return -EINVAL;
4696 return -EAFNOSUPPORT;
4697 }
4698
4699
4700
4701
4702 static int selinux_socket_connect_helper(struct socket *sock,
4703 struct sockaddr *address, int addrlen)
4704 {
4705 struct sock *sk = sock->sk;
4706 struct sk_security_struct *sksec = sk->sk_security;
4707 int err;
4708
4709 err = sock_has_perm(sk, SOCKET__CONNECT);
4710 if (err)
4711 return err;
4712 if (addrlen < offsetofend(struct sockaddr, sa_family))
4713 return -EINVAL;
4714
4715
4716
4717
4718 if (address->sa_family == AF_UNSPEC)
4719 return 0;
4720
4721
4722
4723
4724
4725 if (sksec->sclass == SECCLASS_TCP_SOCKET ||
4726 sksec->sclass == SECCLASS_DCCP_SOCKET ||
4727 sksec->sclass == SECCLASS_SCTP_SOCKET) {
4728 struct common_audit_data ad;
4729 struct lsm_network_audit net = {0,};
4730 struct sockaddr_in *addr4 = NULL;
4731 struct sockaddr_in6 *addr6 = NULL;
4732 unsigned short snum;
4733 u32 sid, perm;
4734
4735
4736
4737
4738
4739
4740 switch (address->sa_family) {
4741 case AF_INET:
4742 addr4 = (struct sockaddr_in *)address;
4743 if (addrlen < sizeof(struct sockaddr_in))
4744 return -EINVAL;
4745 snum = ntohs(addr4->sin_port);
4746 break;
4747 case AF_INET6:
4748 addr6 = (struct sockaddr_in6 *)address;
4749 if (addrlen < SIN6_LEN_RFC2133)
4750 return -EINVAL;
4751 snum = ntohs(addr6->sin6_port);
4752 break;
4753 default:
4754
4755
4756
4757 if (sksec->sclass == SECCLASS_SCTP_SOCKET)
4758 return -EINVAL;
4759 else
4760 return -EAFNOSUPPORT;
4761 }
4762
4763 err = sel_netport_sid(sk->sk_protocol, snum, &sid);
4764 if (err)
4765 return err;
4766
4767 switch (sksec->sclass) {
4768 case SECCLASS_TCP_SOCKET:
4769 perm = TCP_SOCKET__NAME_CONNECT;
4770 break;
4771 case SECCLASS_DCCP_SOCKET:
4772 perm = DCCP_SOCKET__NAME_CONNECT;
4773 break;
4774 case SECCLASS_SCTP_SOCKET:
4775 perm = SCTP_SOCKET__NAME_CONNECT;
4776 break;
4777 }
4778
4779 ad.type = LSM_AUDIT_DATA_NET;
4780 ad.u.net = &net;
4781 ad.u.net->dport = htons(snum);
4782 ad.u.net->family = address->sa_family;
4783 err = avc_has_perm(&selinux_state,
4784 sksec->sid, sid, sksec->sclass, perm, &ad);
4785 if (err)
4786 return err;
4787 }
4788
4789 return 0;
4790 }
4791
4792
4793 static int selinux_socket_connect(struct socket *sock,
4794 struct sockaddr *address, int addrlen)
4795 {
4796 int err;
4797 struct sock *sk = sock->sk;
4798
4799 err = selinux_socket_connect_helper(sock, address, addrlen);
4800 if (err)
4801 return err;
4802
4803 return selinux_netlbl_socket_connect(sk, address);
4804 }
4805
4806 static int selinux_socket_listen(struct socket *sock, int backlog)
4807 {
4808 return sock_has_perm(sock->sk, SOCKET__LISTEN);
4809 }
4810
4811 static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
4812 {
4813 int err;
4814 struct inode_security_struct *isec;
4815 struct inode_security_struct *newisec;
4816 u16 sclass;
4817 u32 sid;
4818
4819 err = sock_has_perm(sock->sk, SOCKET__ACCEPT);
4820 if (err)
4821 return err;
4822
4823 isec = inode_security_novalidate(SOCK_INODE(sock));
4824 spin_lock(&isec->lock);
4825 sclass = isec->sclass;
4826 sid = isec->sid;
4827 spin_unlock(&isec->lock);
4828
4829 newisec = inode_security_novalidate(SOCK_INODE(newsock));
4830 newisec->sclass = sclass;
4831 newisec->sid = sid;
4832 newisec->initialized = LABEL_INITIALIZED;
4833
4834 return 0;
4835 }
4836
4837 static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
4838 int size)
4839 {
4840 return sock_has_perm(sock->sk, SOCKET__WRITE);
4841 }
4842
4843 static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
4844 int size, int flags)
4845 {
4846 return sock_has_perm(sock->sk, SOCKET__READ);
4847 }
4848
4849 static int selinux_socket_getsockname(struct socket *sock)
4850 {
4851 return sock_has_perm(sock->sk, SOCKET__GETATTR);
4852 }
4853
4854 static int selinux_socket_getpeername(struct socket *sock)
4855 {
4856 return sock_has_perm(sock->sk, SOCKET__GETATTR);
4857 }
4858
4859 static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
4860 {
4861 int err;
4862
4863 err = sock_has_perm(sock->sk, SOCKET__SETOPT);
4864 if (err)
4865 return err;
4866
4867 return selinux_netlbl_socket_setsockopt(sock, level, optname);
4868 }
4869
4870 static int selinux_socket_getsockopt(struct socket *sock, int level,
4871 int optname)
4872 {
4873 return sock_has_perm(sock->sk, SOCKET__GETOPT);
4874 }
4875
4876 static int selinux_socket_shutdown(struct socket *sock, int how)
4877 {
4878 return sock_has_perm(sock->sk, SOCKET__SHUTDOWN);
4879 }
4880
4881 static int selinux_socket_unix_stream_connect(struct sock *sock,
4882 struct sock *other,
4883 struct sock *newsk)
4884 {
4885 struct sk_security_struct *sksec_sock = sock->sk_security;
4886 struct sk_security_struct *sksec_other = other->sk_security;
4887 struct sk_security_struct *sksec_new = newsk->sk_security;
4888 struct common_audit_data ad;
4889 struct lsm_network_audit net = {0,};
4890 int err;
4891
4892 ad.type = LSM_AUDIT_DATA_NET;
4893 ad.u.net = &net;
4894 ad.u.net->sk = other;
4895
4896 err = avc_has_perm(&selinux_state,
4897 sksec_sock->sid, sksec_other->sid,
4898 sksec_other->sclass,
4899 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
4900 if (err)
4901 return err;
4902
4903
4904 sksec_new->peer_sid = sksec_sock->sid;
4905 err = security_sid_mls_copy(&selinux_state, sksec_other->sid,
4906 sksec_sock->sid, &sksec_new->sid);
4907 if (err)
4908 return err;
4909
4910
4911 sksec_sock->peer_sid = sksec_new->sid;
4912
4913 return 0;
4914 }
4915
4916 static int selinux_socket_unix_may_send(struct socket *sock,
4917 struct socket *other)
4918 {
4919 struct sk_security_struct *ssec = sock->sk->sk_security;
4920 struct sk_security_struct *osec = other->sk->sk_security;
4921 struct common_audit_data ad;
4922 struct lsm_network_audit net = {0,};
4923
4924 ad.type = LSM_AUDIT_DATA_NET;
4925 ad.u.net = &net;
4926 ad.u.net->sk = other->sk;
4927
4928 return avc_has_perm(&selinux_state,
4929 ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,
4930 &ad);
4931 }
4932
4933 static int selinux_inet_sys_rcv_skb(struct net *ns, int ifindex,
4934 char *addrp, u16 family, u32 peer_sid,
4935 struct common_audit_data *ad)
4936 {
4937 int err;
4938 u32 if_sid;
4939 u32 node_sid;
4940
4941 err = sel_netif_sid(ns, ifindex, &if_sid);
4942 if (err)
4943 return err;
4944 err = avc_has_perm(&selinux_state,
4945 peer_sid, if_sid,
4946 SECCLASS_NETIF, NETIF__INGRESS, ad);
4947 if (err)
4948 return err;
4949
4950 err = sel_netnode_sid(addrp, family, &node_sid);
4951 if (err)
4952 return err;
4953 return avc_has_perm(&selinux_state,
4954 peer_sid, node_sid,
4955 SECCLASS_NODE, NODE__RECVFROM, ad);
4956 }
4957
4958 static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4959 u16 family)
4960 {
4961 int err = 0;
4962 struct sk_security_struct *sksec = sk->sk_security;
4963 u32 sk_sid = sksec->sid;
4964 struct common_audit_data ad;
4965 struct lsm_network_audit net = {0,};
4966 char *addrp;
4967
4968 ad.type = LSM_AUDIT_DATA_NET;
4969 ad.u.net = &net;
4970 ad.u.net->netif = skb->skb_iif;
4971 ad.u.net->family = family;
4972 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4973 if (err)
4974 return err;
4975
4976 if (selinux_secmark_enabled()) {
4977 err = avc_has_perm(&selinux_state,
4978 sk_sid, skb->secmark, SECCLASS_PACKET,
4979 PACKET__RECV, &ad);
4980 if (err)
4981 return err;
4982 }
4983
4984 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
4985 if (err)
4986 return err;
4987 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
4988
4989 return err;
4990 }
4991
4992 static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4993 {
4994 int err;
4995 struct sk_security_struct *sksec = sk->sk_security;
4996 u16 family = sk->sk_family;
4997 u32 sk_sid = sksec->sid;
4998 struct common_audit_data ad;
4999 struct lsm_network_audit net = {0,};
5000 char *addrp;
5001 u8 secmark_active;
5002 u8 peerlbl_active;
5003
5004 if (family != PF_INET && family != PF_INET6)
5005 return 0;
5006
5007
5008 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
5009 family = PF_INET;
5010
5011
5012
5013
5014
5015 if (!selinux_policycap_netpeer())
5016 return selinux_sock_rcv_skb_compat(sk, skb, family);
5017
5018 secmark_active = selinux_secmark_enabled();
5019 peerlbl_active = selinux_peerlbl_enabled();
5020 if (!secmark_active && !peerlbl_active)
5021 return 0;
5022
5023 ad.type = LSM_AUDIT_DATA_NET;
5024 ad.u.net = &net;
5025 ad.u.net->netif = skb->skb_iif;
5026 ad.u.net->family = family;
5027 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
5028 if (err)
5029 return err;
5030
5031 if (peerlbl_active) {
5032 u32 peer_sid;
5033
5034 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
5035 if (err)
5036 return err;
5037 err = selinux_inet_sys_rcv_skb(sock_net(sk), skb->skb_iif,
5038 addrp, family, peer_sid, &ad);
5039 if (err) {
5040 selinux_netlbl_err(skb, family, err, 0);
5041 return err;
5042 }
5043 err = avc_has_perm(&selinux_state,
5044 sk_sid, peer_sid, SECCLASS_PEER,
5045 PEER__RECV, &ad);
5046 if (err) {
5047 selinux_netlbl_err(skb, family, err, 0);
5048 return err;
5049 }
5050 }
5051
5052 if (secmark_active) {
5053 err = avc_has_perm(&selinux_state,
5054 sk_sid, skb->secmark, SECCLASS_PACKET,
5055 PACKET__RECV, &ad);
5056 if (err)
5057 return err;
5058 }
5059
5060 return err;
5061 }
5062
5063 static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
5064 int __user *optlen, unsigned len)
5065 {
5066 int err = 0;
5067 char *scontext;
5068 u32 scontext_len;
5069 struct sk_security_struct *sksec = sock->sk->sk_security;
5070 u32 peer_sid = SECSID_NULL;
5071
5072 if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
5073 sksec->sclass == SECCLASS_TCP_SOCKET ||
5074 sksec->sclass == SECCLASS_SCTP_SOCKET)
5075 peer_sid = sksec->peer_sid;
5076 if (peer_sid == SECSID_NULL)
5077 return -ENOPROTOOPT;
5078
5079 err = security_sid_to_context(&selinux_state, peer_sid, &scontext,
5080 &scontext_len);
5081 if (err)
5082 return err;
5083
5084 if (scontext_len > len) {
5085 err = -ERANGE;
5086 goto out_len;
5087 }
5088
5089 if (copy_to_user(optval, scontext, scontext_len))
5090 err = -EFAULT;
5091
5092 out_len:
5093 if (put_user(scontext_len, optlen))
5094 err = -EFAULT;
5095 kfree(scontext);
5096 return err;
5097 }
5098
5099 static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
5100 {
5101 u32 peer_secid = SECSID_NULL;
5102 u16 family;
5103 struct inode_security_struct *isec;
5104
5105 if (skb && skb->protocol == htons(ETH_P_IP))
5106 family = PF_INET;
5107 else if (skb && skb->protocol == htons(ETH_P_IPV6))
5108 family = PF_INET6;
5109 else if (sock)
5110 family = sock->sk->sk_family;
5111 else
5112 goto out;
5113
5114 if (sock && family == PF_UNIX) {
5115 isec = inode_security_novalidate(SOCK_INODE(sock));
5116 peer_secid = isec->sid;
5117 } else if (skb)
5118 selinux_skb_peerlbl_sid(skb, family, &peer_secid);
5119
5120 out:
5121 *secid = peer_secid;
5122 if (peer_secid == SECSID_NULL)
5123 return -EINVAL;
5124 return 0;
5125 }
5126
5127 static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
5128 {
5129 struct sk_security_struct *sksec;
5130
5131 sksec = kzalloc(sizeof(*sksec), priority);
5132 if (!sksec)
5133 return -ENOMEM;
5134
5135 sksec->peer_sid = SECINITSID_UNLABELED;
5136 sksec->sid = SECINITSID_UNLABELED;
5137 sksec->sclass = SECCLASS_SOCKET;
5138 selinux_netlbl_sk_security_reset(sksec);
5139 sk->sk_security = sksec;
5140
5141 return 0;
5142 }
5143
5144 static void selinux_sk_free_security(struct sock *sk)
5145 {
5146 struct sk_security_struct *sksec = sk->sk_security;
5147
5148 sk->sk_security = NULL;
5149 selinux_netlbl_sk_security_free(sksec);
5150 kfree(sksec);
5151 }
5152
5153 static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
5154 {
5155 struct sk_security_struct *sksec = sk->sk_security;
5156 struct sk_security_struct *newsksec = newsk->sk_security;
5157
5158 newsksec->sid = sksec->sid;
5159 newsksec->peer_sid = sksec->peer_sid;
5160 newsksec->sclass = sksec->sclass;
5161
5162 selinux_netlbl_sk_security_reset(newsksec);
5163 }
5164
5165 static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
5166 {
5167 if (!sk)
5168 *secid = SECINITSID_ANY_SOCKET;
5169 else {
5170 struct sk_security_struct *sksec = sk->sk_security;
5171
5172 *secid = sksec->sid;
5173 }
5174 }
5175
5176 static void selinux_sock_graft(struct sock *sk, struct socket *parent)
5177 {
5178 struct inode_security_struct *isec =
5179 inode_security_novalidate(SOCK_INODE(parent));
5180 struct sk_security_struct *sksec = sk->sk_security;
5181
5182 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
5183 sk->sk_family == PF_UNIX)
5184 isec->sid = sksec->sid;
5185 sksec->sclass = isec->sclass;
5186 }
5187
5188
5189
5190
5191
5192 static int selinux_sctp_assoc_request(struct sctp_endpoint *ep,
5193 struct sk_buff *skb)
5194 {
5195 struct sk_security_struct *sksec = ep->base.sk->sk_security;
5196 struct common_audit_data ad;
5197 struct lsm_network_audit net = {0,};
5198 u8 peerlbl_active;
5199 u32 peer_sid = SECINITSID_UNLABELED;
5200 u32 conn_sid;
5201 int err = 0;
5202
5203 if (!selinux_policycap_extsockclass())
5204 return 0;
5205
5206 peerlbl_active = selinux_peerlbl_enabled();
5207
5208 if (peerlbl_active) {
5209
5210
5211
5212 err = selinux_skb_peerlbl_sid(skb, ep->base.sk->sk_family,
5213 &peer_sid);
5214 if (err)
5215 return err;
5216
5217 if (peer_sid == SECSID_NULL)
5218 peer_sid = SECINITSID_UNLABELED;
5219 }
5220
5221 if (sksec->sctp_assoc_state == SCTP_ASSOC_UNSET) {
5222 sksec->sctp_assoc_state = SCTP_ASSOC_SET;
5223
5224
5225
5226
5227
5228
5229 sksec->peer_sid = peer_sid;
5230 } else if (sksec->peer_sid != peer_sid) {
5231
5232
5233
5234 ad.type = LSM_AUDIT_DATA_NET;
5235 ad.u.net = &net;
5236 ad.u.net->sk = ep->base.sk;
5237 err = avc_has_perm(&selinux_state,
5238 sksec->peer_sid, peer_sid, sksec->sclass,
5239 SCTP_SOCKET__ASSOCIATION, &ad);
5240 if (err)
5241 return err;
5242 }
5243
5244
5245
5246
5247
5248
5249
5250 err = selinux_conn_sid(sksec->sid, peer_sid, &conn_sid);
5251 if (err)
5252 return err;
5253
5254 ep->secid = conn_sid;
5255 ep->peer_secid = peer_sid;
5256
5257
5258 return selinux_netlbl_sctp_assoc_request(ep, skb);
5259 }
5260
5261
5262
5263
5264 static int selinux_sctp_bind_connect(struct sock *sk, int optname,
5265 struct sockaddr *address,
5266 int addrlen)
5267 {
5268 int len, err = 0, walk_size = 0;
5269 void *addr_buf;
5270 struct sockaddr *addr;
5271 struct socket *sock;
5272
5273 if (!selinux_policycap_extsockclass())
5274 return 0;
5275
5276
5277 sock = sk->sk_socket;
5278 addr_buf = address;
5279
5280 while (walk_size < addrlen) {
5281 if (walk_size + sizeof(sa_family_t) > addrlen)
5282 return -EINVAL;
5283
5284 addr = addr_buf;
5285 switch (addr->sa_family) {
5286 case AF_UNSPEC:
5287 case AF_INET:
5288 len = sizeof(struct sockaddr_in);
5289 break;
5290 case AF_INET6:
5291 len = sizeof(struct sockaddr_in6);
5292 break;
5293 default:
5294 return -EINVAL;
5295 }
5296
5297 if (walk_size + len > addrlen)
5298 return -EINVAL;
5299
5300 err = -EINVAL;
5301 switch (optname) {
5302
5303 case SCTP_PRIMARY_ADDR:
5304 case SCTP_SET_PEER_PRIMARY_ADDR:
5305 case SCTP_SOCKOPT_BINDX_ADD:
5306 err = selinux_socket_bind(sock, addr, len);
5307 break;
5308
5309 case SCTP_SOCKOPT_CONNECTX:
5310 case SCTP_PARAM_SET_PRIMARY:
5311 case SCTP_PARAM_ADD_IP:
5312 case SCTP_SENDMSG_CONNECT:
5313 err = selinux_socket_connect_helper(sock, addr, len);
5314 if (err)
5315 return err;
5316
5317
5318
5319
5320
5321
5322
5323
5324
5325
5326
5327
5328 err = selinux_netlbl_socket_connect_locked(sk, addr);
5329 break;
5330 }
5331
5332 if (err)
5333 return err;
5334
5335 addr_buf += len;
5336 walk_size += len;
5337 }
5338
5339 return 0;
5340 }
5341
5342
5343 static void selinux_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk,
5344 struct sock *newsk)
5345 {
5346 struct sk_security_struct *sksec = sk->sk_security;
5347 struct sk_security_struct *newsksec = newsk->sk_security;
5348
5349
5350
5351
5352 if (!selinux_policycap_extsockclass())
5353 return selinux_sk_clone_security(sk, newsk);
5354
5355 newsksec->sid = ep->secid;
5356 newsksec->peer_sid = ep->peer_secid;
5357 newsksec->sclass = sksec->sclass;
5358 selinux_netlbl_sctp_sk_clone(sk, newsk);
5359 }
5360
5361 static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
5362 struct request_sock *req)
5363 {
5364 struct sk_security_struct *sksec = sk->sk_security;
5365 int err;
5366 u16 family = req->rsk_ops->family;
5367 u32 connsid;
5368 u32 peersid;
5369
5370 err = selinux_skb_peerlbl_sid(skb, family, &peersid);
5371 if (err)
5372 return err;
5373 err = selinux_conn_sid(sksec->sid, peersid, &connsid);
5374 if (err)
5375 return err;
5376 req->secid = connsid;
5377 req->peer_secid = peersid;
5378
5379 return selinux_netlbl_inet_conn_request(req, family);
5380 }
5381
5382 static void selinux_inet_csk_clone(struct sock *newsk,
5383 const struct request_sock *req)
5384 {
5385 struct sk_security_struct *newsksec = newsk->sk_security;
5386
5387 newsksec->sid = req->secid;
5388 newsksec->peer_sid = req->peer_secid;
5389
5390
5391
5392
5393
5394
5395
5396 selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family);
5397 }
5398
5399 static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
5400 {
5401 u16 family = sk->sk_family;
5402 struct sk_security_struct *sksec = sk->sk_security;
5403
5404
5405 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
5406 family = PF_INET;
5407
5408 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
5409 }
5410
5411 static int selinux_secmark_relabel_packet(u32 sid)
5412 {
5413 const struct task_security_struct *__tsec;
5414 u32 tsid;
5415
5416 __tsec = selinux_cred(current_cred());
5417 tsid = __tsec->sid;
5418
5419 return avc_has_perm(&selinux_state,
5420 tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO,
5421 NULL);
5422 }
5423
5424 static void selinux_secmark_refcount_inc(void)
5425 {
5426 atomic_inc(&selinux_secmark_refcount);
5427 }
5428
5429 static void selinux_secmark_refcount_dec(void)
5430 {
5431 atomic_dec(&selinux_secmark_refcount);
5432 }
5433
5434 static void selinux_req_classify_flow(const struct request_sock *req,
5435 struct flowi *fl)
5436 {
5437 fl->flowi_secid = req->secid;
5438 }
5439
5440 static int selinux_tun_dev_alloc_security(void **security)
5441 {
5442 struct tun_security_struct *tunsec;
5443
5444 tunsec = kzalloc(sizeof(*tunsec), GFP_KERNEL);
5445 if (!tunsec)
5446 return -ENOMEM;
5447 tunsec->sid = current_sid();
5448
5449 *security = tunsec;
5450 return 0;
5451 }
5452
5453 static void selinux_tun_dev_free_security(void *security)
5454 {
5455 kfree(security);
5456 }
5457
5458 static int selinux_tun_dev_create(void)
5459 {
5460 u32 sid = current_sid();
5461
5462
5463
5464
5465
5466
5467
5468
5469 return avc_has_perm(&selinux_state,
5470 sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
5471 NULL);
5472 }
5473
5474 static int selinux_tun_dev_attach_queue(void *security)
5475 {
5476 struct tun_security_struct *tunsec = security;
5477
5478 return avc_has_perm(&selinux_state,
5479 current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET,
5480 TUN_SOCKET__ATTACH_QUEUE, NULL);
5481 }
5482
5483 static int selinux_tun_dev_attach(struct sock *sk, void *security)
5484 {
5485 struct tun_security_struct *tunsec = security;
5486 struct sk_security_struct *sksec = sk->sk_security;
5487
5488
5489
5490
5491
5492
5493
5494
5495 sksec->sid = tunsec->sid;
5496 sksec->sclass = SECCLASS_TUN_SOCKET;
5497
5498 return 0;
5499 }
5500
5501 static int selinux_tun_dev_open(void *security)
5502 {
5503 struct tun_security_struct *tunsec = security;
5504 u32 sid = current_sid();
5505 int err;
5506
5507 err = avc_has_perm(&selinux_state,
5508 sid, tunsec->sid, SECCLASS_TUN_SOCKET,
5509 TUN_SOCKET__RELABELFROM, NULL);
5510 if (err)
5511 return err;
5512 err = avc_has_perm(&selinux_state,
5513 sid, sid, SECCLASS_TUN_SOCKET,
5514 TUN_SOCKET__RELABELTO, NULL);
5515 if (err)
5516 return err;
5517 tunsec->sid = sid;
5518
5519 return 0;
5520 }
5521
5522 static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
5523 {
5524 int rc = 0;
5525 unsigned int msg_len;
5526 unsigned int data_len = skb->len;
5527 unsigned char *data = skb->data;
5528 struct nlmsghdr *nlh;
5529 struct sk_security_struct *sksec = sk->sk_security;
5530 u16 sclass = sksec->sclass;
5531 u32 perm;
5532
5533 while (data_len >= nlmsg_total_size(0)) {
5534 nlh = (struct nlmsghdr *)data;
5535
5536
5537
5538
5539
5540
5541
5542 if (nlh->nlmsg_len < NLMSG_HDRLEN || nlh->nlmsg_len > data_len)
5543 return 0;
5544
5545 rc = selinux_nlmsg_lookup(sclass, nlh->nlmsg_type, &perm);
5546 if (rc == 0) {
5547 rc = sock_has_perm(sk, perm);
5548 if (rc)
5549 return rc;
5550 } else if (rc == -EINVAL) {
5551
5552 pr_warn_ratelimited("SELinux: unrecognized netlink"
5553 " message: protocol=%hu nlmsg_type=%hu sclass=%s"
5554 " pid=%d comm=%s\n",
5555 sk->sk_protocol, nlh->nlmsg_type,
5556 secclass_map[sclass - 1].name,
5557 task_pid_nr(current), current->comm);
5558 if (enforcing_enabled(&selinux_state) &&
5559 !security_get_allow_unknown(&selinux_state))
5560 return rc;
5561 rc = 0;
5562 } else if (rc == -ENOENT) {
5563
5564 rc = 0;
5565 } else {
5566 return rc;
5567 }
5568
5569
5570 msg_len = NLMSG_ALIGN(nlh->nlmsg_len);
5571 if (msg_len >= data_len)
5572 return 0;
5573 data_len -= msg_len;
5574 data += msg_len;
5575 }
5576
5577 return rc;
5578 }
5579
5580 #ifdef CONFIG_NETFILTER
5581
5582 static unsigned int selinux_ip_forward(struct sk_buff *skb,
5583 const struct net_device *indev,
5584 u16 family)
5585 {
5586 int err;
5587 char *addrp;
5588 u32 peer_sid;
5589 struct common_audit_data ad;
5590 struct lsm_network_audit net = {0,};
5591 u8 secmark_active;
5592 u8 netlbl_active;
5593 u8 peerlbl_active;
5594
5595 if (!selinux_policycap_netpeer())
5596 return NF_ACCEPT;
5597
5598 secmark_active = selinux_secmark_enabled();
5599 netlbl_active = netlbl_enabled();
5600 peerlbl_active = selinux_peerlbl_enabled();
5601 if (!secmark_active && !peerlbl_active)
5602 return NF_ACCEPT;
5603
5604 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
5605 return NF_DROP;
5606
5607 ad.type = LSM_AUDIT_DATA_NET;
5608 ad.u.net = &net;
5609 ad.u.net->netif = indev->ifindex;
5610 ad.u.net->family = family;
5611 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
5612 return NF_DROP;
5613
5614 if (peerlbl_active) {
5615 err = selinux_inet_sys_rcv_skb(dev_net(indev), indev->ifindex,
5616 addrp, family, peer_sid, &ad);
5617 if (err) {
5618 selinux_netlbl_err(skb, family, err, 1);
5619 return NF_DROP;
5620 }
5621 }
5622
5623 if (secmark_active)
5624 if (avc_has_perm(&selinux_state,
5625 peer_sid, skb->secmark,
5626 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
5627 return NF_DROP;
5628
5629 if (netlbl_active)
5630
5631
5632
5633
5634 if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)
5635 return NF_DROP;
5636
5637 return NF_ACCEPT;
5638 }
5639
5640 static unsigned int selinux_ipv4_forward(void *priv,
5641 struct sk_buff *skb,
5642 const struct nf_hook_state *state)
5643 {
5644 return selinux_ip_forward(skb, state->in, PF_INET);
5645 }
5646
5647 #if IS_ENABLED(CONFIG_IPV6)
5648 static unsigned int selinux_ipv6_forward(void *priv,
5649 struct sk_buff *skb,
5650 const struct nf_hook_state *state)
5651 {
5652 return selinux_ip_forward(skb, state->in, PF_INET6);
5653 }
5654 #endif
5655
5656 static unsigned int selinux_ip_output(struct sk_buff *skb,
5657 u16 family)
5658 {
5659 struct sock *sk;
5660 u32 sid;
5661
5662 if (!netlbl_enabled())
5663 return NF_ACCEPT;
5664
5665
5666
5667
5668 sk = skb->sk;
5669 if (sk) {
5670 struct sk_security_struct *sksec;
5671
5672 if (sk_listener(sk))
5673
5674
5675
5676
5677
5678
5679
5680
5681
5682
5683
5684
5685 return NF_ACCEPT;
5686
5687
5688 sksec = sk->sk_security;
5689 sid = sksec->sid;
5690 } else
5691 sid = SECINITSID_KERNEL;
5692 if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0)
5693 return NF_DROP;
5694
5695 return NF_ACCEPT;
5696 }
5697
5698 static unsigned int selinux_ipv4_output(void *priv,
5699 struct sk_buff *skb,
5700 const struct nf_hook_state *state)
5701 {
5702 return selinux_ip_output(skb, PF_INET);
5703 }
5704
5705 #if IS_ENABLED(CONFIG_IPV6)
5706 static unsigned int selinux_ipv6_output(void *priv,
5707 struct sk_buff *skb,
5708 const struct nf_hook_state *state)
5709 {
5710 return selinux_ip_output(skb, PF_INET6);
5711 }
5712 #endif
5713
5714 static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
5715 int ifindex,
5716 u16 family)
5717 {
5718 struct sock *sk = skb_to_full_sk(skb);
5719 struct sk_security_struct *sksec;
5720 struct common_audit_data ad;
5721 struct lsm_network_audit net = {0,};
5722 char *addrp;
5723 u8 proto;
5724
5725 if (sk == NULL)
5726 return NF_ACCEPT;
5727 sksec = sk->sk_security;
5728
5729 ad.type = LSM_AUDIT_DATA_NET;
5730 ad.u.net = &net;
5731 ad.u.net->netif = ifindex;
5732 ad.u.net->family = family;
5733 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
5734 return NF_DROP;
5735
5736 if (selinux_secmark_enabled())
5737 if (avc_has_perm(&selinux_state,
5738 sksec->sid, skb->secmark,
5739 SECCLASS_PACKET, PACKET__SEND, &ad))
5740 return NF_DROP_ERR(-ECONNREFUSED);
5741
5742 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
5743 return NF_DROP_ERR(-ECONNREFUSED);
5744
5745 return NF_ACCEPT;
5746 }
5747
5748 static unsigned int selinux_ip_postroute(struct sk_buff *skb,
5749 const struct net_device *outdev,
5750 u16 family)
5751 {
5752 u32 secmark_perm;
5753 u32 peer_sid;
5754 int ifindex = outdev->ifindex;
5755 struct sock *sk;
5756 struct common_audit_data ad;
5757 struct lsm_network_audit net = {0,};
5758 char *addrp;
5759 u8 secmark_active;
5760 u8 peerlbl_active;
5761
5762
5763
5764
5765
5766 if (!selinux_policycap_netpeer())
5767 return selinux_ip_postroute_compat(skb, ifindex, family);
5768
5769 secmark_active = selinux_secmark_enabled();
5770 peerlbl_active = selinux_peerlbl_enabled();
5771 if (!secmark_active && !peerlbl_active)
5772 return NF_ACCEPT;
5773
5774 sk = skb_to_full_sk(skb);
5775
5776 #ifdef CONFIG_XFRM
5777
5778
5779
5780
5781
5782
5783
5784
5785
5786
5787
5788 if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL &&
5789 !(sk && sk_listener(sk)))
5790 return NF_ACCEPT;
5791 #endif
5792
5793 if (sk == NULL) {
5794
5795
5796
5797
5798 if (skb->skb_iif) {
5799 secmark_perm = PACKET__FORWARD_OUT;
5800 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
5801 return NF_DROP;
5802 } else {
5803 secmark_perm = PACKET__SEND;
5804 peer_sid = SECINITSID_KERNEL;
5805 }
5806 } else if (sk_listener(sk)) {
5807
5808
5809
5810
5811
5812
5813
5814
5815
5816 u32 skb_sid;
5817 struct sk_security_struct *sksec;
5818
5819 sksec = sk->sk_security;
5820 if (selinux_skb_peerlbl_sid(skb, family, &skb_sid))
5821 return NF_DROP;
5822
5823
5824
5825
5826
5827
5828 if (skb_sid == SECSID_NULL) {
5829 switch (family) {
5830 case PF_INET:
5831 if (IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED)
5832 return NF_ACCEPT;
5833 break;
5834 case PF_INET6:
5835 if (IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED)
5836 return NF_ACCEPT;
5837 break;
5838 default:
5839 return NF_DROP_ERR(-ECONNREFUSED);
5840 }
5841 }
5842 if (selinux_conn_sid(sksec->sid, skb_sid, &peer_sid))
5843 return NF_DROP;
5844 secmark_perm = PACKET__SEND;
5845 } else {
5846
5847
5848 struct sk_security_struct *sksec = sk->sk_security;
5849 peer_sid = sksec->sid;
5850 secmark_perm = PACKET__SEND;
5851 }
5852
5853 ad.type = LSM_AUDIT_DATA_NET;
5854 ad.u.net = &net;
5855 ad.u.net->netif = ifindex;
5856 ad.u.net->family = family;
5857 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
5858 return NF_DROP;
5859
5860 if (secmark_active)
5861 if (avc_has_perm(&selinux_state,
5862 peer_sid, skb->secmark,
5863 SECCLASS_PACKET, secmark_perm, &ad))
5864 return NF_DROP_ERR(-ECONNREFUSED);
5865
5866 if (peerlbl_active) {
5867 u32 if_sid;
5868 u32 node_sid;
5869
5870 if (sel_netif_sid(dev_net(outdev), ifindex, &if_sid))
5871 return NF_DROP;
5872 if (avc_has_perm(&selinux_state,
5873 peer_sid, if_sid,
5874 SECCLASS_NETIF, NETIF__EGRESS, &ad))
5875 return NF_DROP_ERR(-ECONNREFUSED);
5876
5877 if (sel_netnode_sid(addrp, family, &node_sid))
5878 return NF_DROP;
5879 if (avc_has_perm(&selinux_state,
5880 peer_sid, node_sid,
5881 SECCLASS_NODE, NODE__SENDTO, &ad))
5882 return NF_DROP_ERR(-ECONNREFUSED);
5883 }
5884
5885 return NF_ACCEPT;
5886 }
5887
5888 static unsigned int selinux_ipv4_postroute(void *priv,
5889 struct sk_buff *skb,
5890 const struct nf_hook_state *state)
5891 {
5892 return selinux_ip_postroute(skb, state->out, PF_INET);
5893 }
5894
5895 #if IS_ENABLED(CONFIG_IPV6)
5896 static unsigned int selinux_ipv6_postroute(void *priv,
5897 struct sk_buff *skb,
5898 const struct nf_hook_state *state)
5899 {
5900 return selinux_ip_postroute(skb, state->out, PF_INET6);
5901 }
5902 #endif
5903
5904 #endif
5905
5906 static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
5907 {
5908 return selinux_nlmsg_perm(sk, skb);
5909 }
5910
5911 static void ipc_init_security(struct ipc_security_struct *isec, u16 sclass)
5912 {
5913 isec->sclass = sclass;
5914 isec->sid = current_sid();
5915 }
5916
5917 static int msg_msg_alloc_security(struct msg_msg *msg)
5918 {
5919 struct msg_security_struct *msec;
5920
5921 msec = selinux_msg_msg(msg);
5922 msec->sid = SECINITSID_UNLABELED;
5923
5924 return 0;
5925 }
5926
5927 static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
5928 u32 perms)
5929 {
5930 struct ipc_security_struct *isec;
5931 struct common_audit_data ad;
5932 u32 sid = current_sid();
5933
5934 isec = selinux_ipc(ipc_perms);
5935
5936 ad.type = LSM_AUDIT_DATA_IPC;
5937 ad.u.ipc_id = ipc_perms->key;
5938
5939 return avc_has_perm(&selinux_state,
5940 sid, isec->sid, isec->sclass, perms, &ad);
5941 }
5942
5943 static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
5944 {
5945 return msg_msg_alloc_security(msg);
5946 }
5947
5948
5949 static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq)
5950 {
5951 struct ipc_security_struct *isec;
5952 struct common_audit_data ad;
5953 u32 sid = current_sid();
5954 int rc;
5955
5956 isec = selinux_ipc(msq);
5957 ipc_init_security(isec, SECCLASS_MSGQ);
5958
5959 ad.type = LSM_AUDIT_DATA_IPC;
5960 ad.u.ipc_id = msq->key;
5961
5962 rc = avc_has_perm(&selinux_state,
5963 sid, isec->sid, SECCLASS_MSGQ,
5964 MSGQ__CREATE, &ad);
5965 return rc;
5966 }
5967
5968 static int selinux_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg)
5969 {
5970 struct ipc_security_struct *isec;
5971 struct common_audit_data ad;
5972 u32 sid = current_sid();
5973
5974 isec = selinux_ipc(msq);
5975
5976 ad.type = LSM_AUDIT_DATA_IPC;
5977 ad.u.ipc_id = msq->key;
5978
5979 return avc_has_perm(&selinux_state,
5980 sid, isec->sid, SECCLASS_MSGQ,
5981 MSGQ__ASSOCIATE, &ad);
5982 }
5983
5984 static int selinux_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd)
5985 {
5986 int err;
5987 int perms;
5988
5989 switch (cmd) {
5990 case IPC_INFO:
5991 case MSG_INFO:
5992
5993 return avc_has_perm(&selinux_state,
5994 current_sid(), SECINITSID_KERNEL,
5995 SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL);
5996 case IPC_STAT:
5997 case MSG_STAT:
5998 case MSG_STAT_ANY:
5999 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
6000 break;
6001 case IPC_SET:
6002 perms = MSGQ__SETATTR;
6003 break;
6004 case IPC_RMID:
6005 perms = MSGQ__DESTROY;
6006 break;
6007 default:
6008 return 0;
6009 }
6010
6011 err = ipc_has_perm(msq, perms);
6012 return err;
6013 }
6014
6015 static int selinux_msg_queue_msgsnd(struct kern_ipc_perm *msq, struct msg_msg *msg, int msqflg)
6016 {
6017 struct ipc_security_struct *isec;
6018 struct msg_security_struct *msec;
6019 struct common_audit_data ad;
6020 u32 sid = current_sid();
6021 int rc;
6022
6023 isec = selinux_ipc(msq);
6024 msec = selinux_msg_msg(msg);
6025
6026
6027
6028
6029 if (msec->sid == SECINITSID_UNLABELED) {
6030
6031
6032
6033
6034 rc = security_transition_sid(&selinux_state, sid, isec->sid,
6035 SECCLASS_MSG, NULL, &msec->sid);
6036 if (rc)
6037 return rc;
6038 }
6039
6040 ad.type = LSM_AUDIT_DATA_IPC;
6041 ad.u.ipc_id = msq->key;
6042
6043
6044 rc = avc_has_perm(&selinux_state,
6045 sid, isec->sid, SECCLASS_MSGQ,
6046 MSGQ__WRITE, &ad);
6047 if (!rc)
6048
6049 rc = avc_has_perm(&selinux_state,
6050 sid, msec->sid, SECCLASS_MSG,
6051 MSG__SEND, &ad);
6052 if (!rc)
6053
6054 rc = avc_has_perm(&selinux_state,
6055 msec->sid, isec->sid, SECCLASS_MSGQ,
6056 MSGQ__ENQUEUE, &ad);
6057
6058 return rc;
6059 }
6060
6061 static int selinux_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg,
6062 struct task_struct *target,
6063 long type, int mode)
6064 {
6065 struct ipc_security_struct *isec;
6066 struct msg_security_struct *msec;
6067 struct common_audit_data ad;
6068 u32 sid = task_sid(target);
6069 int rc;
6070
6071 isec = selinux_ipc(msq);
6072 msec = selinux_msg_msg(msg);
6073
6074 ad.type = LSM_AUDIT_DATA_IPC;
6075 ad.u.ipc_id = msq->key;
6076
6077 rc = avc_has_perm(&selinux_state,
6078 sid, isec->sid,
6079 SECCLASS_MSGQ, MSGQ__READ, &ad);
6080 if (!rc)
6081 rc = avc_has_perm(&selinux_state,
6082 sid, msec->sid,
6083 SECCLASS_MSG, MSG__RECEIVE, &ad);
6084 return rc;
6085 }
6086
6087
6088 static int selinux_shm_alloc_security(struct kern_ipc_perm *shp)
6089 {
6090 struct ipc_security_struct *isec;
6091 struct common_audit_data ad;
6092 u32 sid = current_sid();
6093 int rc;
6094
6095 isec = selinux_ipc(shp);
6096 ipc_init_security(isec, SECCLASS_SHM);
6097
6098 ad.type = LSM_AUDIT_DATA_IPC;
6099 ad.u.ipc_id = shp->key;
6100
6101 rc = avc_has_perm(&selinux_state,
6102 sid, isec->sid, SECCLASS_SHM,
6103 SHM__CREATE, &ad);
6104 return rc;
6105 }
6106
6107 static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg)
6108 {
6109 struct ipc_security_struct *isec;
6110 struct common_audit_data ad;
6111 u32 sid = current_sid();
6112
6113 isec = selinux_ipc(shp);
6114
6115 ad.type = LSM_AUDIT_DATA_IPC;
6116 ad.u.ipc_id = shp->key;
6117
6118 return avc_has_perm(&selinux_state,
6119 sid, isec->sid, SECCLASS_SHM,
6120 SHM__ASSOCIATE, &ad);
6121 }
6122
6123
6124 static int selinux_shm_shmctl(struct kern_ipc_perm *shp, int cmd)
6125 {
6126 int perms;
6127 int err;
6128
6129 switch (cmd) {
6130 case IPC_INFO:
6131 case SHM_INFO:
6132
6133 return avc_has_perm(&selinux_state,
6134 current_sid(), SECINITSID_KERNEL,
6135 SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL);
6136 case IPC_STAT:
6137 case SHM_STAT:
6138 case SHM_STAT_ANY:
6139 perms = SHM__GETATTR | SHM__ASSOCIATE;
6140 break;
6141 case IPC_SET:
6142 perms = SHM__SETATTR;
6143 break;
6144 case SHM_LOCK:
6145 case SHM_UNLOCK:
6146 perms = SHM__LOCK;
6147 break;
6148 case IPC_RMID:
6149 perms = SHM__DESTROY;
6150 break;
6151 default:
6152 return 0;
6153 }
6154
6155 err = ipc_has_perm(shp, perms);
6156 return err;
6157 }
6158
6159 static int selinux_shm_shmat(struct kern_ipc_perm *shp,
6160 char __user *shmaddr, int shmflg)
6161 {
6162 u32 perms;
6163
6164 if (shmflg & SHM_RDONLY)
6165 perms = SHM__READ;
6166 else
6167 perms = SHM__READ | SHM__WRITE;
6168
6169 return ipc_has_perm(shp, perms);
6170 }
6171
6172
6173 static int selinux_sem_alloc_security(struct kern_ipc_perm *sma)
6174 {
6175 struct ipc_security_struct *isec;
6176 struct common_audit_data ad;
6177 u32 sid = current_sid();
6178 int rc;
6179
6180 isec = selinux_ipc(sma);
6181 ipc_init_security(isec, SECCLASS_SEM);
6182
6183 ad.type = LSM_AUDIT_DATA_IPC;
6184 ad.u.ipc_id = sma->key;
6185
6186 rc = avc_has_perm(&selinux_state,
6187 sid, isec->sid, SECCLASS_SEM,
6188 SEM__CREATE, &ad);
6189 return rc;
6190 }
6191
6192 static int selinux_sem_associate(struct kern_ipc_perm *sma, int semflg)
6193 {
6194 struct ipc_security_struct *isec;
6195 struct common_audit_data ad;
6196 u32 sid = current_sid();
6197
6198 isec = selinux_ipc(sma);
6199
6200 ad.type = LSM_AUDIT_DATA_IPC;
6201 ad.u.ipc_id = sma->key;
6202
6203 return avc_has_perm(&selinux_state,
6204 sid, isec->sid, SECCLASS_SEM,
6205 SEM__ASSOCIATE, &ad);
6206 }
6207
6208
6209 static int selinux_sem_semctl(struct kern_ipc_perm *sma, int cmd)
6210 {
6211 int err;
6212 u32 perms;
6213
6214 switch (cmd) {
6215 case IPC_INFO:
6216 case SEM_INFO:
6217
6218 return avc_has_perm(&selinux_state,
6219 current_sid(), SECINITSID_KERNEL,
6220 SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL);
6221 case GETPID:
6222 case GETNCNT:
6223 case GETZCNT:
6224 perms = SEM__GETATTR;
6225 break;
6226 case GETVAL:
6227 case GETALL:
6228 perms = SEM__READ;
6229 break;
6230 case SETVAL:
6231 case SETALL:
6232 perms = SEM__WRITE;
6233 break;
6234 case IPC_RMID:
6235 perms = SEM__DESTROY;
6236 break;
6237 case IPC_SET:
6238 perms = SEM__SETATTR;
6239 break;
6240 case IPC_STAT:
6241 case SEM_STAT:
6242 case SEM_STAT_ANY:
6243 perms = SEM__GETATTR | SEM__ASSOCIATE;
6244 break;
6245 default:
6246 return 0;
6247 }
6248
6249 err = ipc_has_perm(sma, perms);
6250 return err;
6251 }
6252
6253 static int selinux_sem_semop(struct kern_ipc_perm *sma,
6254 struct sembuf *sops, unsigned nsops, int alter)
6255 {
6256 u32 perms;
6257
6258 if (alter)
6259 perms = SEM__READ | SEM__WRITE;
6260 else
6261 perms = SEM__READ;
6262
6263 return ipc_has_perm(sma, perms);
6264 }
6265
6266 static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
6267 {
6268 u32 av = 0;
6269
6270 av = 0;
6271 if (flag & S_IRUGO)
6272 av |= IPC__UNIX_READ;
6273 if (flag & S_IWUGO)
6274 av |= IPC__UNIX_WRITE;
6275
6276 if (av == 0)
6277 return 0;
6278
6279 return ipc_has_perm(ipcp, av);
6280 }
6281
6282 static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
6283 {
6284 struct ipc_security_struct *isec = selinux_ipc(ipcp);
6285 *secid = isec->sid;
6286 }
6287
6288 static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
6289 {
6290 if (inode)
6291 inode_doinit_with_dentry(inode, dentry);
6292 }
6293
6294 static int selinux_getprocattr(struct task_struct *p,
6295 char *name, char **value)
6296 {
6297 const struct task_security_struct *__tsec;
6298 u32 sid;
6299 int error;
6300 unsigned len;
6301
6302 rcu_read_lock();
6303 __tsec = selinux_cred(__task_cred(p));
6304
6305 if (current != p) {
6306 error = avc_has_perm(&selinux_state,
6307 current_sid(), __tsec->sid,
6308 SECCLASS_PROCESS, PROCESS__GETATTR, NULL);
6309 if (error)
6310 goto bad;
6311 }
6312
6313 if (!strcmp(name, "current"))
6314 sid = __tsec->sid;
6315 else if (!strcmp(name, "prev"))
6316 sid = __tsec->osid;
6317 else if (!strcmp(name, "exec"))
6318 sid = __tsec->exec_sid;
6319 else if (!strcmp(name, "fscreate"))
6320 sid = __tsec->create_sid;
6321 else if (!strcmp(name, "keycreate"))
6322 sid = __tsec->keycreate_sid;
6323 else if (!strcmp(name, "sockcreate"))
6324 sid = __tsec->sockcreate_sid;
6325 else {
6326 error = -EINVAL;
6327 goto bad;
6328 }
6329 rcu_read_unlock();
6330
6331 if (!sid)
6332 return 0;
6333
6334 error = security_sid_to_context(&selinux_state, sid, value, &len);
6335 if (error)
6336 return error;
6337 return len;
6338
6339 bad:
6340 rcu_read_unlock();
6341 return error;
6342 }
6343
6344 static int selinux_setprocattr(const char *name, void *value, size_t size)
6345 {
6346 struct task_security_struct *tsec;
6347 struct cred *new;
6348 u32 mysid = current_sid(), sid = 0, ptsid;
6349 int error;
6350 char *str = value;
6351
6352
6353
6354
6355 if (!strcmp(name, "exec"))
6356 error = avc_has_perm(&selinux_state,
6357 mysid, mysid, SECCLASS_PROCESS,
6358 PROCESS__SETEXEC, NULL);
6359 else if (!strcmp(name, "fscreate"))
6360 error = avc_has_perm(&selinux_state,
6361 mysid, mysid, SECCLASS_PROCESS,
6362 PROCESS__SETFSCREATE, NULL);
6363 else if (!strcmp(name, "keycreate"))
6364 error = avc_has_perm(&selinux_state,
6365 mysid, mysid, SECCLASS_PROCESS,
6366 PROCESS__SETKEYCREATE, NULL);
6367 else if (!strcmp(name, "sockcreate"))
6368 error = avc_has_perm(&selinux_state,
6369 mysid, mysid, SECCLASS_PROCESS,
6370 PROCESS__SETSOCKCREATE, NULL);
6371 else if (!strcmp(name, "current"))
6372 error = avc_has_perm(&selinux_state,
6373 mysid, mysid, SECCLASS_PROCESS,
6374 PROCESS__SETCURRENT, NULL);
6375 else
6376 error = -EINVAL;
6377 if (error)
6378 return error;
6379
6380
6381 if (size && str[0] && str[0] != '\n') {
6382 if (str[size-1] == '\n') {
6383 str[size-1] = 0;
6384 size--;
6385 }
6386 error = security_context_to_sid(&selinux_state, value, size,
6387 &sid, GFP_KERNEL);
6388 if (error == -EINVAL && !strcmp(name, "fscreate")) {
6389 if (!has_cap_mac_admin(true)) {
6390 struct audit_buffer *ab;
6391 size_t audit_size;
6392
6393
6394
6395 if (str[size - 1] == '\0')
6396 audit_size = size - 1;
6397 else
6398 audit_size = size;
6399 ab = audit_log_start(audit_context(),
6400 GFP_ATOMIC,
6401 AUDIT_SELINUX_ERR);
6402 audit_log_format(ab, "op=fscreate invalid_context=");
6403 audit_log_n_untrustedstring(ab, value, audit_size);
6404 audit_log_end(ab);
6405
6406 return error;
6407 }
6408 error = security_context_to_sid_force(
6409 &selinux_state,
6410 value, size, &sid);
6411 }
6412 if (error)
6413 return error;
6414 }
6415
6416 new = prepare_creds();
6417 if (!new)
6418 return -ENOMEM;
6419
6420
6421
6422
6423
6424
6425
6426 tsec = selinux_cred(new);
6427 if (!strcmp(name, "exec")) {
6428 tsec->exec_sid = sid;
6429 } else if (!strcmp(name, "fscreate")) {
6430 tsec->create_sid = sid;
6431 } else if (!strcmp(name, "keycreate")) {
6432 if (sid) {
6433 error = avc_has_perm(&selinux_state, mysid, sid,
6434 SECCLASS_KEY, KEY__CREATE, NULL);
6435 if (error)
6436 goto abort_change;
6437 }
6438 tsec->keycreate_sid = sid;
6439 } else if (!strcmp(name, "sockcreate")) {
6440 tsec->sockcreate_sid = sid;
6441 } else if (!strcmp(name, "current")) {
6442 error = -EINVAL;
6443 if (sid == 0)
6444 goto abort_change;
6445
6446
6447 error = -EPERM;
6448 if (!current_is_single_threaded()) {
6449 error = security_bounded_transition(&selinux_state,
6450 tsec->sid, sid);
6451 if (error)
6452 goto abort_change;
6453 }
6454
6455
6456 error = avc_has_perm(&selinux_state,
6457 tsec->sid, sid, SECCLASS_PROCESS,
6458 PROCESS__DYNTRANSITION, NULL);
6459 if (error)
6460 goto abort_change;
6461
6462
6463
6464 ptsid = ptrace_parent_sid();
6465 if (ptsid != 0) {
6466 error = avc_has_perm(&selinux_state,
6467 ptsid, sid, SECCLASS_PROCESS,
6468 PROCESS__PTRACE, NULL);
6469 if (error)
6470 goto abort_change;
6471 }
6472
6473 tsec->sid = sid;
6474 } else {
6475 error = -EINVAL;
6476 goto abort_change;
6477 }
6478
6479 commit_creds(new);
6480 return size;
6481
6482 abort_change:
6483 abort_creds(new);
6484 return error;
6485 }
6486
6487 static int selinux_ismaclabel(const char *name)
6488 {
6489 return (strcmp(name, XATTR_SELINUX_SUFFIX) == 0);
6490 }
6491
6492 static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
6493 {
6494 return security_sid_to_context(&selinux_state, secid,
6495 secdata, seclen);
6496 }
6497
6498 static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
6499 {
6500 return security_context_to_sid(&selinux_state, secdata, seclen,
6501 secid, GFP_KERNEL);
6502 }
6503
6504 static void selinux_release_secctx(char *secdata, u32 seclen)
6505 {
6506 kfree(secdata);
6507 }
6508
6509 static void selinux_inode_invalidate_secctx(struct inode *inode)
6510 {
6511 struct inode_security_struct *isec = selinux_inode(inode);
6512
6513 spin_lock(&isec->lock);
6514 isec->initialized = LABEL_INVALID;
6515 spin_unlock(&isec->lock);
6516 }
6517
6518
6519
6520
6521 static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
6522 {
6523 int rc = selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX,
6524 ctx, ctxlen, 0);
6525
6526 return rc == -EOPNOTSUPP ? 0 : rc;
6527 }
6528
6529
6530
6531
6532 static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
6533 {
6534 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0);
6535 }
6536
6537 static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
6538 {
6539 int len = 0;
6540 len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX,
6541 ctx, true);
6542 if (len < 0)
6543 return len;
6544 *ctxlen = len;
6545 return 0;
6546 }
6547 #ifdef CONFIG_KEYS
6548
6549 static int selinux_key_alloc(struct key *k, const struct cred *cred,
6550 unsigned long flags)
6551 {
6552 const struct task_security_struct *tsec;
6553 struct key_security_struct *ksec;
6554
6555 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
6556 if (!ksec)
6557 return -ENOMEM;
6558
6559 tsec = selinux_cred(cred);
6560 if (tsec->keycreate_sid)
6561 ksec->sid = tsec->keycreate_sid;
6562 else
6563 ksec->sid = tsec->sid;
6564
6565 k->security = ksec;
6566 return 0;
6567 }
6568
6569 static void selinux_key_free(struct key *k)
6570 {
6571 struct key_security_struct *ksec = k->security;
6572
6573 k->security = NULL;
6574 kfree(ksec);
6575 }
6576
6577 static int selinux_key_permission(key_ref_t key_ref,
6578 const struct cred *cred,
6579 unsigned perm)
6580 {
6581 struct key *key;
6582 struct key_security_struct *ksec;
6583 u32 sid;
6584
6585
6586
6587
6588 if (perm == 0)
6589 return 0;
6590
6591 sid = cred_sid(cred);
6592
6593 key = key_ref_to_ptr(key_ref);
6594 ksec = key->security;
6595
6596 return avc_has_perm(&selinux_state,
6597 sid, ksec->sid, SECCLASS_KEY, perm, NULL);
6598 }
6599
6600 static int selinux_key_getsecurity(struct key *key, char **_buffer)
6601 {
6602 struct key_security_struct *ksec = key->security;
6603 char *context = NULL;
6604 unsigned len;
6605 int rc;
6606
6607 rc = security_sid_to_context(&selinux_state, ksec->sid,
6608 &context, &len);
6609 if (!rc)
6610 rc = len;
6611 *_buffer = context;
6612 return rc;
6613 }
6614 #endif
6615
6616 #ifdef CONFIG_SECURITY_INFINIBAND
6617 static int selinux_ib_pkey_access(void *ib_sec, u64 subnet_prefix, u16 pkey_val)
6618 {
6619 struct common_audit_data ad;
6620 int err;
6621 u32 sid = 0;
6622 struct ib_security_struct *sec = ib_sec;
6623 struct lsm_ibpkey_audit ibpkey;
6624
6625 err = sel_ib_pkey_sid(subnet_prefix, pkey_val, &sid);
6626 if (err)
6627 return err;
6628
6629 ad.type = LSM_AUDIT_DATA_IBPKEY;
6630 ibpkey.subnet_prefix = subnet_prefix;
6631 ibpkey.pkey = pkey_val;
6632 ad.u.ibpkey = &ibpkey;
6633 return avc_has_perm(&selinux_state,
6634 sec->sid, sid,
6635 SECCLASS_INFINIBAND_PKEY,
6636 INFINIBAND_PKEY__ACCESS, &ad);
6637 }
6638
6639 static int selinux_ib_endport_manage_subnet(void *ib_sec, const char *dev_name,
6640 u8 port_num)
6641 {
6642 struct common_audit_data ad;
6643 int err;
6644 u32 sid = 0;
6645 struct ib_security_struct *sec = ib_sec;
6646 struct lsm_ibendport_audit ibendport;
6647
6648 err = security_ib_endport_sid(&selinux_state, dev_name, port_num,
6649 &sid);
6650
6651 if (err)
6652 return err;
6653
6654 ad.type = LSM_AUDIT_DATA_IBENDPORT;
6655 strncpy(ibendport.dev_name, dev_name, sizeof(ibendport.dev_name));
6656 ibendport.port = port_num;
6657 ad.u.ibendport = &ibendport;
6658 return avc_has_perm(&selinux_state,
6659 sec->sid, sid,
6660 SECCLASS_INFINIBAND_ENDPORT,
6661 INFINIBAND_ENDPORT__MANAGE_SUBNET, &ad);
6662 }
6663
6664 static int selinux_ib_alloc_security(void **ib_sec)
6665 {
6666 struct ib_security_struct *sec;
6667
6668 sec = kzalloc(sizeof(*sec), GFP_KERNEL);
6669 if (!sec)
6670 return -ENOMEM;
6671 sec->sid = current_sid();
6672
6673 *ib_sec = sec;
6674 return 0;
6675 }
6676
6677 static void selinux_ib_free_security(void *ib_sec)
6678 {
6679 kfree(ib_sec);
6680 }
6681 #endif
6682
6683 #ifdef CONFIG_BPF_SYSCALL
6684 static int selinux_bpf(int cmd, union bpf_attr *attr,
6685 unsigned int size)
6686 {
6687 u32 sid = current_sid();
6688 int ret;
6689
6690 switch (cmd) {
6691 case BPF_MAP_CREATE:
6692 ret = avc_has_perm(&selinux_state,
6693 sid, sid, SECCLASS_BPF, BPF__MAP_CREATE,
6694 NULL);
6695 break;
6696 case BPF_PROG_LOAD:
6697 ret = avc_has_perm(&selinux_state,
6698 sid, sid, SECCLASS_BPF, BPF__PROG_LOAD,
6699 NULL);
6700 break;
6701 default:
6702 ret = 0;
6703 break;
6704 }
6705
6706 return ret;
6707 }
6708
6709 static u32 bpf_map_fmode_to_av(fmode_t fmode)
6710 {
6711 u32 av = 0;
6712
6713 if (fmode & FMODE_READ)
6714 av |= BPF__MAP_READ;
6715 if (fmode & FMODE_WRITE)
6716 av |= BPF__MAP_WRITE;
6717 return av;
6718 }
6719
6720
6721
6722
6723
6724
6725
6726
6727
6728 static int bpf_fd_pass(struct file *file, u32 sid)
6729 {
6730 struct bpf_security_struct *bpfsec;
6731 struct bpf_prog *prog;
6732 struct bpf_map *map;
6733 int ret;
6734
6735 if (file->f_op == &bpf_map_fops) {
6736 map = file->private_data;
6737 bpfsec = map->security;
6738 ret = avc_has_perm(&selinux_state,
6739 sid, bpfsec->sid, SECCLASS_BPF,
6740 bpf_map_fmode_to_av(file->f_mode), NULL);
6741 if (ret)
6742 return ret;
6743 } else if (file->f_op == &bpf_prog_fops) {
6744 prog = file->private_data;
6745 bpfsec = prog->aux->security;
6746 ret = avc_has_perm(&selinux_state,
6747 sid, bpfsec->sid, SECCLASS_BPF,
6748 BPF__PROG_RUN, NULL);
6749 if (ret)
6750 return ret;
6751 }
6752 return 0;
6753 }
6754
6755 static int selinux_bpf_map(struct bpf_map *map, fmode_t fmode)
6756 {
6757 u32 sid = current_sid();
6758 struct bpf_security_struct *bpfsec;
6759
6760 bpfsec = map->security;
6761 return avc_has_perm(&selinux_state,
6762 sid, bpfsec->sid, SECCLASS_BPF,
6763 bpf_map_fmode_to_av(fmode), NULL);
6764 }
6765
6766 static int selinux_bpf_prog(struct bpf_prog *prog)
6767 {
6768 u32 sid = current_sid();
6769 struct bpf_security_struct *bpfsec;
6770
6771 bpfsec = prog->aux->security;
6772 return avc_has_perm(&selinux_state,
6773 sid, bpfsec->sid, SECCLASS_BPF,
6774 BPF__PROG_RUN, NULL);
6775 }
6776
6777 static int selinux_bpf_map_alloc(struct bpf_map *map)
6778 {
6779 struct bpf_security_struct *bpfsec;
6780
6781 bpfsec = kzalloc(sizeof(*bpfsec), GFP_KERNEL);
6782 if (!bpfsec)
6783 return -ENOMEM;
6784
6785 bpfsec->sid = current_sid();
6786 map->security = bpfsec;
6787
6788 return 0;
6789 }
6790
6791 static void selinux_bpf_map_free(struct bpf_map *map)
6792 {
6793 struct bpf_security_struct *bpfsec = map->security;
6794
6795 map->security = NULL;
6796 kfree(bpfsec);
6797 }
6798
6799 static int selinux_bpf_prog_alloc(struct bpf_prog_aux *aux)
6800 {
6801 struct bpf_security_struct *bpfsec;
6802
6803 bpfsec = kzalloc(sizeof(*bpfsec), GFP_KERNEL);
6804 if (!bpfsec)
6805 return -ENOMEM;
6806
6807 bpfsec->sid = current_sid();
6808 aux->security = bpfsec;
6809
6810 return 0;
6811 }
6812
6813 static void selinux_bpf_prog_free(struct bpf_prog_aux *aux)
6814 {
6815 struct bpf_security_struct *bpfsec = aux->security;
6816
6817 aux->security = NULL;
6818 kfree(bpfsec);
6819 }
6820 #endif
6821
6822 struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = {
6823 .lbs_cred = sizeof(struct task_security_struct),
6824 .lbs_file = sizeof(struct file_security_struct),
6825 .lbs_inode = sizeof(struct inode_security_struct),
6826 .lbs_ipc = sizeof(struct ipc_security_struct),
6827 .lbs_msg_msg = sizeof(struct msg_security_struct),
6828 };
6829
6830 static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
6831 LSM_HOOK_INIT(binder_set_context_mgr, selinux_binder_set_context_mgr),
6832 LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction),
6833 LSM_HOOK_INIT(binder_transfer_binder, selinux_binder_transfer_binder),
6834 LSM_HOOK_INIT(binder_transfer_file, selinux_binder_transfer_file),
6835
6836 LSM_HOOK_INIT(ptrace_access_check, selinux_ptrace_access_check),
6837 LSM_HOOK_INIT(ptrace_traceme, selinux_ptrace_traceme),
6838 LSM_HOOK_INIT(capget, selinux_capget),
6839 LSM_HOOK_INIT(capset, selinux_capset),
6840 LSM_HOOK_INIT(capable, selinux_capable),
6841 LSM_HOOK_INIT(quotactl, selinux_quotactl),
6842 LSM_HOOK_INIT(quota_on, selinux_quota_on),
6843 LSM_HOOK_INIT(syslog, selinux_syslog),
6844 LSM_HOOK_INIT(vm_enough_memory, selinux_vm_enough_memory),
6845
6846 LSM_HOOK_INIT(netlink_send, selinux_netlink_send),
6847
6848 LSM_HOOK_INIT(bprm_set_creds, selinux_bprm_set_creds),
6849 LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds),
6850 LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds),
6851
6852 LSM_HOOK_INIT(fs_context_dup, selinux_fs_context_dup),
6853 LSM_HOOK_INIT(fs_context_parse_param, selinux_fs_context_parse_param),
6854
6855 LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security),
6856 LSM_HOOK_INIT(sb_free_security, selinux_sb_free_security),
6857 LSM_HOOK_INIT(sb_eat_lsm_opts, selinux_sb_eat_lsm_opts),
6858 LSM_HOOK_INIT(sb_free_mnt_opts, selinux_free_mnt_opts),
6859 LSM_HOOK_INIT(sb_remount, selinux_sb_remount),
6860 LSM_HOOK_INIT(sb_kern_mount, selinux_sb_kern_mount),
6861 LSM_HOOK_INIT(sb_show_options, selinux_sb_show_options),
6862 LSM_HOOK_INIT(sb_statfs, selinux_sb_statfs),
6863 LSM_HOOK_INIT(sb_mount, selinux_mount),
6864 LSM_HOOK_INIT(sb_umount, selinux_umount),
6865 LSM_HOOK_INIT(sb_set_mnt_opts, selinux_set_mnt_opts),
6866 LSM_HOOK_INIT(sb_clone_mnt_opts, selinux_sb_clone_mnt_opts),
6867 LSM_HOOK_INIT(sb_add_mnt_opt, selinux_add_mnt_opt),
6868
6869 LSM_HOOK_INIT(move_mount, selinux_move_mount),
6870
6871 LSM_HOOK_INIT(dentry_init_security, selinux_dentry_init_security),
6872 LSM_HOOK_INIT(dentry_create_files_as, selinux_dentry_create_files_as),
6873
6874 LSM_HOOK_INIT(inode_alloc_security, selinux_inode_alloc_security),
6875 LSM_HOOK_INIT(inode_free_security, selinux_inode_free_security),
6876 LSM_HOOK_INIT(inode_init_security, selinux_inode_init_security),
6877 LSM_HOOK_INIT(inode_create, selinux_inode_create),
6878 LSM_HOOK_INIT(inode_link, selinux_inode_link),
6879 LSM_HOOK_INIT(inode_unlink, selinux_inode_unlink),
6880 LSM_HOOK_INIT(inode_symlink, selinux_inode_symlink),
6881 LSM_HOOK_INIT(inode_mkdir, selinux_inode_mkdir),
6882 LSM_HOOK_INIT(inode_rmdir, selinux_inode_rmdir),
6883 LSM_HOOK_INIT(inode_mknod, selinux_inode_mknod),
6884 LSM_HOOK_INIT(inode_rename, selinux_inode_rename),
6885 LSM_HOOK_INIT(inode_readlink, selinux_inode_readlink),
6886 LSM_HOOK_INIT(inode_follow_link, selinux_inode_follow_link),
6887 LSM_HOOK_INIT(inode_permission, selinux_inode_permission),
6888 LSM_HOOK_INIT(inode_setattr, selinux_inode_setattr),
6889 LSM_HOOK_INIT(inode_getattr, selinux_inode_getattr),
6890 LSM_HOOK_INIT(inode_setxattr, selinux_inode_setxattr),
6891 LSM_HOOK_INIT(inode_post_setxattr, selinux_inode_post_setxattr),
6892 LSM_HOOK_INIT(inode_getxattr, selinux_inode_getxattr),
6893 LSM_HOOK_INIT(inode_listxattr, selinux_inode_listxattr),
6894 LSM_HOOK_INIT(inode_removexattr, selinux_inode_removexattr),
6895 LSM_HOOK_INIT(inode_getsecurity, selinux_inode_getsecurity),
6896 LSM_HOOK_INIT(inode_setsecurity, selinux_inode_setsecurity),
6897 LSM_HOOK_INIT(inode_listsecurity, selinux_inode_listsecurity),
6898 LSM_HOOK_INIT(inode_getsecid, selinux_inode_getsecid),
6899 LSM_HOOK_INIT(inode_copy_up, selinux_inode_copy_up),
6900 LSM_HOOK_INIT(inode_copy_up_xattr, selinux_inode_copy_up_xattr),
6901 LSM_HOOK_INIT(path_notify, selinux_path_notify),
6902
6903 LSM_HOOK_INIT(kernfs_init_security, selinux_kernfs_init_security),
6904
6905 LSM_HOOK_INIT(file_permission, selinux_file_permission),
6906 LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security),
6907 LSM_HOOK_INIT(file_ioctl, selinux_file_ioctl),
6908 LSM_HOOK_INIT(mmap_file, selinux_mmap_file),
6909 LSM_HOOK_INIT(mmap_addr, selinux_mmap_addr),
6910 LSM_HOOK_INIT(file_mprotect, selinux_file_mprotect),
6911 LSM_HOOK_INIT(file_lock, selinux_file_lock),
6912 LSM_HOOK_INIT(file_fcntl, selinux_file_fcntl),
6913 LSM_HOOK_INIT(file_set_fowner, selinux_file_set_fowner),
6914 LSM_HOOK_INIT(file_send_sigiotask, selinux_file_send_sigiotask),
6915 LSM_HOOK_INIT(file_receive, selinux_file_receive),
6916
6917 LSM_HOOK_INIT(file_open, selinux_file_open),
6918
6919 LSM_HOOK_INIT(task_alloc, selinux_task_alloc),
6920 LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare),
6921 LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer),
6922 LSM_HOOK_INIT(cred_getsecid, selinux_cred_getsecid),
6923 LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as),
6924 LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as),
6925 LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request),
6926 LSM_HOOK_INIT(kernel_load_data, selinux_kernel_load_data),
6927 LSM_HOOK_INIT(kernel_read_file, selinux_kernel_read_file),
6928 LSM_HOOK_INIT(task_setpgid, selinux_task_setpgid),
6929 LSM_HOOK_INIT(task_getpgid, selinux_task_getpgid),
6930 LSM_HOOK_INIT(task_getsid, selinux_task_getsid),
6931 LSM_HOOK_INIT(task_getsecid, selinux_task_getsecid),
6932 LSM_HOOK_INIT(task_setnice, selinux_task_setnice),
6933 LSM_HOOK_INIT(task_setioprio, selinux_task_setioprio),
6934 LSM_HOOK_INIT(task_getioprio, selinux_task_getioprio),
6935 LSM_HOOK_INIT(task_prlimit, selinux_task_prlimit),
6936 LSM_HOOK_INIT(task_setrlimit, selinux_task_setrlimit),
6937 LSM_HOOK_INIT(task_setscheduler, selinux_task_setscheduler),
6938 LSM_HOOK_INIT(task_getscheduler, selinux_task_getscheduler),
6939 LSM_HOOK_INIT(task_movememory, selinux_task_movememory),
6940 LSM_HOOK_INIT(task_kill, selinux_task_kill),
6941 LSM_HOOK_INIT(task_to_inode, selinux_task_to_inode),
6942
6943 LSM_HOOK_INIT(ipc_permission, selinux_ipc_permission),
6944 LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid),
6945
6946 LSM_HOOK_INIT(msg_msg_alloc_security, selinux_msg_msg_alloc_security),
6947
6948 LSM_HOOK_INIT(msg_queue_alloc_security,
6949 selinux_msg_queue_alloc_security),
6950 LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate),
6951 LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl),
6952 LSM_HOOK_INIT(msg_queue_msgsnd, selinux_msg_queue_msgsnd),
6953 LSM_HOOK_INIT(msg_queue_msgrcv, selinux_msg_queue_msgrcv),
6954
6955 LSM_HOOK_INIT(shm_alloc_security, selinux_shm_alloc_security),
6956 LSM_HOOK_INIT(shm_associate, selinux_shm_associate),
6957 LSM_HOOK_INIT(shm_shmctl, selinux_shm_shmctl),
6958 LSM_HOOK_INIT(shm_shmat, selinux_shm_shmat),
6959
6960 LSM_HOOK_INIT(sem_alloc_security, selinux_sem_alloc_security),
6961 LSM_HOOK_INIT(sem_associate, selinux_sem_associate),
6962 LSM_HOOK_INIT(sem_semctl, selinux_sem_semctl),
6963 LSM_HOOK_INIT(sem_semop, selinux_sem_semop),
6964
6965 LSM_HOOK_INIT(d_instantiate, selinux_d_instantiate),
6966
6967 LSM_HOOK_INIT(getprocattr, selinux_getprocattr),
6968 LSM_HOOK_INIT(setprocattr, selinux_setprocattr),
6969
6970 LSM_HOOK_INIT(ismaclabel, selinux_ismaclabel),
6971 LSM_HOOK_INIT(secid_to_secctx, selinux_secid_to_secctx),
6972 LSM_HOOK_INIT(secctx_to_secid, selinux_secctx_to_secid),
6973 LSM_HOOK_INIT(release_secctx, selinux_release_secctx),
6974 LSM_HOOK_INIT(inode_invalidate_secctx, selinux_inode_invalidate_secctx),
6975 LSM_HOOK_INIT(inode_notifysecctx, selinux_inode_notifysecctx),
6976 LSM_HOOK_INIT(inode_setsecctx, selinux_inode_setsecctx),
6977 LSM_HOOK_INIT(inode_getsecctx, selinux_inode_getsecctx),
6978
6979 LSM_HOOK_INIT(unix_stream_connect, selinux_socket_unix_stream_connect),
6980 LSM_HOOK_INIT(unix_may_send, selinux_socket_unix_may_send),
6981
6982 LSM_HOOK_INIT(socket_create, selinux_socket_create),
6983 LSM_HOOK_INIT(socket_post_create, selinux_socket_post_create),
6984 LSM_HOOK_INIT(socket_socketpair, selinux_socket_socketpair),
6985 LSM_HOOK_INIT(socket_bind, selinux_socket_bind),
6986 LSM_HOOK_INIT(socket_connect, selinux_socket_connect),
6987 LSM_HOOK_INIT(socket_listen, selinux_socket_listen),
6988 LSM_HOOK_INIT(socket_accept, selinux_socket_accept),
6989 LSM_HOOK_INIT(socket_sendmsg, selinux_socket_sendmsg),
6990 LSM_HOOK_INIT(socket_recvmsg, selinux_socket_recvmsg),
6991 LSM_HOOK_INIT(socket_getsockname, selinux_socket_getsockname),
6992 LSM_HOOK_INIT(socket_getpeername, selinux_socket_getpeername),
6993 LSM_HOOK_INIT(socket_getsockopt, selinux_socket_getsockopt),
6994 LSM_HOOK_INIT(socket_setsockopt, selinux_socket_setsockopt),
6995 LSM_HOOK_INIT(socket_shutdown, selinux_socket_shutdown),
6996 LSM_HOOK_INIT(socket_sock_rcv_skb, selinux_socket_sock_rcv_skb),
6997 LSM_HOOK_INIT(socket_getpeersec_stream,
6998 selinux_socket_getpeersec_stream),
6999 LSM_HOOK_INIT(socket_getpeersec_dgram, selinux_socket_getpeersec_dgram),
7000 LSM_HOOK_INIT(sk_alloc_security, selinux_sk_alloc_security),
7001 LSM_HOOK_INIT(sk_free_security, selinux_sk_free_security),
7002 LSM_HOOK_INIT(sk_clone_security, selinux_sk_clone_security),
7003 LSM_HOOK_INIT(sk_getsecid, selinux_sk_getsecid),
7004 LSM_HOOK_INIT(sock_graft, selinux_sock_graft),
7005 LSM_HOOK_INIT(sctp_assoc_request, selinux_sctp_assoc_request),
7006 LSM_HOOK_INIT(sctp_sk_clone, selinux_sctp_sk_clone),
7007 LSM_HOOK_INIT(sctp_bind_connect, selinux_sctp_bind_connect),
7008 LSM_HOOK_INIT(inet_conn_request, selinux_inet_conn_request),
7009 LSM_HOOK_INIT(inet_csk_clone, selinux_inet_csk_clone),
7010 LSM_HOOK_INIT(inet_conn_established, selinux_inet_conn_established),
7011 LSM_HOOK_INIT(secmark_relabel_packet, selinux_secmark_relabel_packet),
7012 LSM_HOOK_INIT(secmark_refcount_inc, selinux_secmark_refcount_inc),
7013 LSM_HOOK_INIT(secmark_refcount_dec, selinux_secmark_refcount_dec),
7014 LSM_HOOK_INIT(req_classify_flow, selinux_req_classify_flow),
7015 LSM_HOOK_INIT(tun_dev_alloc_security, selinux_tun_dev_alloc_security),
7016 LSM_HOOK_INIT(tun_dev_free_security, selinux_tun_dev_free_security),
7017 LSM_HOOK_INIT(tun_dev_create, selinux_tun_dev_create),
7018 LSM_HOOK_INIT(tun_dev_attach_queue, selinux_tun_dev_attach_queue),
7019 LSM_HOOK_INIT(tun_dev_attach, selinux_tun_dev_attach),
7020 LSM_HOOK_INIT(tun_dev_open, selinux_tun_dev_open),
7021 #ifdef CONFIG_SECURITY_INFINIBAND
7022 LSM_HOOK_INIT(ib_pkey_access, selinux_ib_pkey_access),
7023 LSM_HOOK_INIT(ib_endport_manage_subnet,
7024 selinux_ib_endport_manage_subnet),
7025 LSM_HOOK_INIT(ib_alloc_security, selinux_ib_alloc_security),
7026 LSM_HOOK_INIT(ib_free_security, selinux_ib_free_security),
7027 #endif
7028 #ifdef CONFIG_SECURITY_NETWORK_XFRM
7029 LSM_HOOK_INIT(xfrm_policy_alloc_security, selinux_xfrm_policy_alloc),
7030 LSM_HOOK_INIT(xfrm_policy_clone_security, selinux_xfrm_policy_clone),
7031 LSM_HOOK_INIT(xfrm_policy_free_security, selinux_xfrm_policy_free),
7032 LSM_HOOK_INIT(xfrm_policy_delete_security, selinux_xfrm_policy_delete),
7033 LSM_HOOK_INIT(xfrm_state_alloc, selinux_xfrm_state_alloc),
7034 LSM_HOOK_INIT(xfrm_state_alloc_acquire,
7035 selinux_xfrm_state_alloc_acquire),
7036 LSM_HOOK_INIT(xfrm_state_free_security, selinux_xfrm_state_free),
7037 LSM_HOOK_INIT(xfrm_state_delete_security, selinux_xfrm_state_delete),
7038 LSM_HOOK_INIT(xfrm_policy_lookup, selinux_xfrm_policy_lookup),
7039 LSM_HOOK_INIT(xfrm_state_pol_flow_match,
7040 selinux_xfrm_state_pol_flow_match),
7041 LSM_HOOK_INIT(xfrm_decode_session, selinux_xfrm_decode_session),
7042 #endif
7043
7044 #ifdef CONFIG_KEYS
7045 LSM_HOOK_INIT(key_alloc, selinux_key_alloc),
7046 LSM_HOOK_INIT(key_free, selinux_key_free),
7047 LSM_HOOK_INIT(key_permission, selinux_key_permission),
7048 LSM_HOOK_INIT(key_getsecurity, selinux_key_getsecurity),
7049 #endif
7050
7051 #ifdef CONFIG_AUDIT
7052 LSM_HOOK_INIT(audit_rule_init, selinux_audit_rule_init),
7053 LSM_HOOK_INIT(audit_rule_known, selinux_audit_rule_known),
7054 LSM_HOOK_INIT(audit_rule_match, selinux_audit_rule_match),
7055 LSM_HOOK_INIT(audit_rule_free, selinux_audit_rule_free),
7056 #endif
7057
7058 #ifdef CONFIG_BPF_SYSCALL
7059 LSM_HOOK_INIT(bpf, selinux_bpf),
7060 LSM_HOOK_INIT(bpf_map, selinux_bpf_map),
7061 LSM_HOOK_INIT(bpf_prog, selinux_bpf_prog),
7062 LSM_HOOK_INIT(bpf_map_alloc_security, selinux_bpf_map_alloc),
7063 LSM_HOOK_INIT(bpf_prog_alloc_security, selinux_bpf_prog_alloc),
7064 LSM_HOOK_INIT(bpf_map_free_security, selinux_bpf_map_free),
7065 LSM_HOOK_INIT(bpf_prog_free_security, selinux_bpf_prog_free),
7066 #endif
7067 };
7068
7069 static __init int selinux_init(void)
7070 {
7071 pr_info("SELinux: Initializing.\n");
7072
7073 memset(&selinux_state, 0, sizeof(selinux_state));
7074 enforcing_set(&selinux_state, selinux_enforcing_boot);
7075 selinux_state.checkreqprot = selinux_checkreqprot_boot;
7076 selinux_ss_init(&selinux_state.ss);
7077 selinux_avc_init(&selinux_state.avc);
7078
7079
7080 cred_init_security();
7081
7082 default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
7083
7084 avc_init();
7085
7086 avtab_cache_init();
7087
7088 ebitmap_cache_init();
7089
7090 hashtab_cache_init();
7091
7092 security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), "selinux");
7093
7094 if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET))
7095 panic("SELinux: Unable to register AVC netcache callback\n");
7096
7097 if (avc_add_callback(selinux_lsm_notifier_avc_callback, AVC_CALLBACK_RESET))
7098 panic("SELinux: Unable to register AVC LSM notifier callback\n");
7099
7100 if (selinux_enforcing_boot)
7101 pr_debug("SELinux: Starting in enforcing mode\n");
7102 else
7103 pr_debug("SELinux: Starting in permissive mode\n");
7104
7105 fs_validate_description(&selinux_fs_parameters);
7106
7107 return 0;
7108 }
7109
7110 static void delayed_superblock_init(struct super_block *sb, void *unused)
7111 {
7112 selinux_set_mnt_opts(sb, NULL, 0, NULL);
7113 }
7114
7115 void selinux_complete_init(void)
7116 {
7117 pr_debug("SELinux: Completing initialization.\n");
7118
7119
7120 pr_debug("SELinux: Setting up existing superblocks.\n");
7121 iterate_supers(delayed_superblock_init, NULL);
7122 }
7123
7124
7125
7126 DEFINE_LSM(selinux) = {
7127 .name = "selinux",
7128 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
7129 .enabled = &selinux_enabled,
7130 .blobs = &selinux_blob_sizes,
7131 .init = selinux_init,
7132 };
7133
7134 #if defined(CONFIG_NETFILTER)
7135
7136 static const struct nf_hook_ops selinux_nf_ops[] = {
7137 {
7138 .hook = selinux_ipv4_postroute,
7139 .pf = NFPROTO_IPV4,
7140 .hooknum = NF_INET_POST_ROUTING,
7141 .priority = NF_IP_PRI_SELINUX_LAST,
7142 },
7143 {
7144 .hook = selinux_ipv4_forward,
7145 .pf = NFPROTO_IPV4,
7146 .hooknum = NF_INET_FORWARD,
7147 .priority = NF_IP_PRI_SELINUX_FIRST,
7148 },
7149 {
7150 .hook = selinux_ipv4_output,
7151 .pf = NFPROTO_IPV4,
7152 .hooknum = NF_INET_LOCAL_OUT,
7153 .priority = NF_IP_PRI_SELINUX_FIRST,
7154 },
7155 #if IS_ENABLED(CONFIG_IPV6)
7156 {
7157 .hook = selinux_ipv6_postroute,
7158 .pf = NFPROTO_IPV6,
7159 .hooknum = NF_INET_POST_ROUTING,
7160 .priority = NF_IP6_PRI_SELINUX_LAST,
7161 },
7162 {
7163 .hook = selinux_ipv6_forward,
7164 .pf = NFPROTO_IPV6,
7165 .hooknum = NF_INET_FORWARD,
7166 .priority = NF_IP6_PRI_SELINUX_FIRST,
7167 },
7168 {
7169 .hook = selinux_ipv6_output,
7170 .pf = NFPROTO_IPV6,
7171 .hooknum = NF_INET_LOCAL_OUT,
7172 .priority = NF_IP6_PRI_SELINUX_FIRST,
7173 },
7174 #endif
7175 };
7176
7177 static int __net_init selinux_nf_register(struct net *net)
7178 {
7179 return nf_register_net_hooks(net, selinux_nf_ops,
7180 ARRAY_SIZE(selinux_nf_ops));
7181 }
7182
7183 static void __net_exit selinux_nf_unregister(struct net *net)
7184 {
7185 nf_unregister_net_hooks(net, selinux_nf_ops,
7186 ARRAY_SIZE(selinux_nf_ops));
7187 }
7188
7189 static struct pernet_operations selinux_net_ops = {
7190 .init = selinux_nf_register,
7191 .exit = selinux_nf_unregister,
7192 };
7193
7194 static int __init selinux_nf_ip_init(void)
7195 {
7196 int err;
7197
7198 if (!selinux_enabled)
7199 return 0;
7200
7201 pr_debug("SELinux: Registering netfilter hooks\n");
7202
7203 err = register_pernet_subsys(&selinux_net_ops);
7204 if (err)
7205 panic("SELinux: register_pernet_subsys: error %d\n", err);
7206
7207 return 0;
7208 }
7209 __initcall(selinux_nf_ip_init);
7210
7211 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
7212 static void selinux_nf_ip_exit(void)
7213 {
7214 pr_debug("SELinux: Unregistering netfilter hooks\n");
7215
7216 unregister_pernet_subsys(&selinux_net_ops);
7217 }
7218 #endif
7219
7220 #else
7221
7222 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
7223 #define selinux_nf_ip_exit()
7224 #endif
7225
7226 #endif
7227
7228 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
7229 int selinux_disable(struct selinux_state *state)
7230 {
7231 if (state->initialized) {
7232
7233 return -EINVAL;
7234 }
7235
7236 if (state->disabled) {
7237
7238 return -EINVAL;
7239 }
7240
7241 state->disabled = 1;
7242
7243 pr_info("SELinux: Disabled at runtime.\n");
7244
7245 selinux_enabled = 0;
7246
7247 security_delete_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks));
7248
7249
7250 avc_disable();
7251
7252
7253 selinux_nf_ip_exit();
7254
7255
7256 exit_sel_fs();
7257
7258 return 0;
7259 }
7260 #endif