0001
0002
0003
0004
0005
0006
0007
0008
0009
0010
0011
0012
0013
0014
0015
0016
0017
0018
0019
0020
0021
0022
0023
0024 #include <linux/init.h>
0025 #include <linux/kd.h>
0026 #include <linux/kernel.h>
0027 #include <linux/kernel_read_file.h>
0028 #include <linux/errno.h>
0029 #include <linux/sched/signal.h>
0030 #include <linux/sched/task.h>
0031 #include <linux/lsm_hooks.h>
0032 #include <linux/xattr.h>
0033 #include <linux/capability.h>
0034 #include <linux/unistd.h>
0035 #include <linux/mm.h>
0036 #include <linux/mman.h>
0037 #include <linux/slab.h>
0038 #include <linux/pagemap.h>
0039 #include <linux/proc_fs.h>
0040 #include <linux/swap.h>
0041 #include <linux/spinlock.h>
0042 #include <linux/syscalls.h>
0043 #include <linux/dcache.h>
0044 #include <linux/file.h>
0045 #include <linux/fdtable.h>
0046 #include <linux/namei.h>
0047 #include <linux/mount.h>
0048 #include <linux/fs_context.h>
0049 #include <linux/fs_parser.h>
0050 #include <linux/netfilter_ipv4.h>
0051 #include <linux/netfilter_ipv6.h>
0052 #include <linux/tty.h>
0053 #include <net/icmp.h>
0054 #include <net/ip.h> /* for local_port_range[] */
0055 #include <net/tcp.h> /* struct or_callable used in sock_rcv_skb */
0056 #include <net/inet_connection_sock.h>
0057 #include <net/net_namespace.h>
0058 #include <net/netlabel.h>
0059 #include <linux/uaccess.h>
0060 #include <asm/ioctls.h>
0061 #include <linux/atomic.h>
0062 #include <linux/bitops.h>
0063 #include <linux/interrupt.h>
0064 #include <linux/netdevice.h> /* for network interface checks */
0065 #include <net/netlink.h>
0066 #include <linux/tcp.h>
0067 #include <linux/udp.h>
0068 #include <linux/dccp.h>
0069 #include <linux/sctp.h>
0070 #include <net/sctp/structs.h>
0071 #include <linux/quota.h>
0072 #include <linux/un.h> /* for Unix socket types */
0073 #include <net/af_unix.h> /* for Unix socket types */
0074 #include <linux/parser.h>
0075 #include <linux/nfs_mount.h>
0076 #include <net/ipv6.h>
0077 #include <linux/hugetlb.h>
0078 #include <linux/personality.h>
0079 #include <linux/audit.h>
0080 #include <linux/string.h>
0081 #include <linux/mutex.h>
0082 #include <linux/posix-timers.h>
0083 #include <linux/syslog.h>
0084 #include <linux/user_namespace.h>
0085 #include <linux/export.h>
0086 #include <linux/msg.h>
0087 #include <linux/shm.h>
0088 #include <linux/bpf.h>
0089 #include <linux/kernfs.h>
0090 #include <linux/stringhash.h> /* for hashlen_string() */
0091 #include <uapi/linux/mount.h>
0092 #include <linux/fsnotify.h>
0093 #include <linux/fanotify.h>
0094 #include <linux/io_uring.h>
0095
0096 #include "avc.h"
0097 #include "objsec.h"
0098 #include "netif.h"
0099 #include "netnode.h"
0100 #include "netport.h"
0101 #include "ibpkey.h"
0102 #include "xfrm.h"
0103 #include "netlabel.h"
0104 #include "audit.h"
0105 #include "avc_ss.h"
0106
0107 struct selinux_state selinux_state;
0108
0109
0110 static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
0111
0112 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
0113 static int selinux_enforcing_boot __initdata;
0114
0115 static int __init enforcing_setup(char *str)
0116 {
0117 unsigned long enforcing;
0118 if (!kstrtoul(str, 0, &enforcing))
0119 selinux_enforcing_boot = enforcing ? 1 : 0;
0120 return 1;
0121 }
0122 __setup("enforcing=", enforcing_setup);
0123 #else
0124 #define selinux_enforcing_boot 1
0125 #endif
0126
0127 int selinux_enabled_boot __initdata = 1;
0128 #ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
0129 static int __init selinux_enabled_setup(char *str)
0130 {
0131 unsigned long enabled;
0132 if (!kstrtoul(str, 0, &enabled))
0133 selinux_enabled_boot = enabled ? 1 : 0;
0134 return 1;
0135 }
0136 __setup("selinux=", selinux_enabled_setup);
0137 #endif
0138
0139 static unsigned int selinux_checkreqprot_boot =
0140 CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE;
0141
0142 static int __init checkreqprot_setup(char *str)
0143 {
0144 unsigned long checkreqprot;
0145
0146 if (!kstrtoul(str, 0, &checkreqprot)) {
0147 selinux_checkreqprot_boot = checkreqprot ? 1 : 0;
0148 if (checkreqprot)
0149 pr_err("SELinux: checkreqprot set to 1 via kernel parameter. This is deprecated and will be rejected in a future kernel release.\n");
0150 }
0151 return 1;
0152 }
0153 __setup("checkreqprot=", checkreqprot_setup);
0154
0155
0156
0157
0158
0159
0160
0161
0162
0163
0164
0165
0166 static int selinux_secmark_enabled(void)
0167 {
0168 return (selinux_policycap_alwaysnetwork() ||
0169 atomic_read(&selinux_secmark_refcount));
0170 }
0171
0172
0173
0174
0175
0176
0177
0178
0179
0180
0181
0182 static int selinux_peerlbl_enabled(void)
0183 {
0184 return (selinux_policycap_alwaysnetwork() ||
0185 netlbl_enabled() || selinux_xfrm_enabled());
0186 }
0187
0188 static int selinux_netcache_avc_callback(u32 event)
0189 {
0190 if (event == AVC_CALLBACK_RESET) {
0191 sel_netif_flush();
0192 sel_netnode_flush();
0193 sel_netport_flush();
0194 synchronize_net();
0195 }
0196 return 0;
0197 }
0198
0199 static int selinux_lsm_notifier_avc_callback(u32 event)
0200 {
0201 if (event == AVC_CALLBACK_RESET) {
0202 sel_ib_pkey_flush();
0203 call_blocking_lsm_notifier(LSM_POLICY_CHANGE, NULL);
0204 }
0205
0206 return 0;
0207 }
0208
0209
0210
0211
0212 static void cred_init_security(void)
0213 {
0214 struct task_security_struct *tsec;
0215
0216 tsec = selinux_cred(unrcu_pointer(current->real_cred));
0217 tsec->osid = tsec->sid = SECINITSID_KERNEL;
0218 }
0219
0220
0221
0222
0223 static inline u32 cred_sid(const struct cred *cred)
0224 {
0225 const struct task_security_struct *tsec;
0226
0227 tsec = selinux_cred(cred);
0228 return tsec->sid;
0229 }
0230
0231
0232
0233
0234 static inline u32 task_sid_obj(const struct task_struct *task)
0235 {
0236 u32 sid;
0237
0238 rcu_read_lock();
0239 sid = cred_sid(__task_cred(task));
0240 rcu_read_unlock();
0241 return sid;
0242 }
0243
0244 static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
0245
0246
0247
0248
0249
0250
0251
0252 static int __inode_security_revalidate(struct inode *inode,
0253 struct dentry *dentry,
0254 bool may_sleep)
0255 {
0256 struct inode_security_struct *isec = selinux_inode(inode);
0257
0258 might_sleep_if(may_sleep);
0259
0260 if (selinux_initialized(&selinux_state) &&
0261 isec->initialized != LABEL_INITIALIZED) {
0262 if (!may_sleep)
0263 return -ECHILD;
0264
0265
0266
0267
0268
0269
0270 inode_doinit_with_dentry(inode, dentry);
0271 }
0272 return 0;
0273 }
0274
0275 static struct inode_security_struct *inode_security_novalidate(struct inode *inode)
0276 {
0277 return selinux_inode(inode);
0278 }
0279
0280 static struct inode_security_struct *inode_security_rcu(struct inode *inode, bool rcu)
0281 {
0282 int error;
0283
0284 error = __inode_security_revalidate(inode, NULL, !rcu);
0285 if (error)
0286 return ERR_PTR(error);
0287 return selinux_inode(inode);
0288 }
0289
0290
0291
0292
0293 static struct inode_security_struct *inode_security(struct inode *inode)
0294 {
0295 __inode_security_revalidate(inode, NULL, true);
0296 return selinux_inode(inode);
0297 }
0298
0299 static struct inode_security_struct *backing_inode_security_novalidate(struct dentry *dentry)
0300 {
0301 struct inode *inode = d_backing_inode(dentry);
0302
0303 return selinux_inode(inode);
0304 }
0305
0306
0307
0308
0309 static struct inode_security_struct *backing_inode_security(struct dentry *dentry)
0310 {
0311 struct inode *inode = d_backing_inode(dentry);
0312
0313 __inode_security_revalidate(inode, dentry, true);
0314 return selinux_inode(inode);
0315 }
0316
0317 static void inode_free_security(struct inode *inode)
0318 {
0319 struct inode_security_struct *isec = selinux_inode(inode);
0320 struct superblock_security_struct *sbsec;
0321
0322 if (!isec)
0323 return;
0324 sbsec = selinux_superblock(inode->i_sb);
0325
0326
0327
0328
0329
0330
0331
0332
0333
0334
0335 if (!list_empty_careful(&isec->list)) {
0336 spin_lock(&sbsec->isec_lock);
0337 list_del_init(&isec->list);
0338 spin_unlock(&sbsec->isec_lock);
0339 }
0340 }
0341
0342 struct selinux_mnt_opts {
0343 u32 fscontext_sid;
0344 u32 context_sid;
0345 u32 rootcontext_sid;
0346 u32 defcontext_sid;
0347 };
0348
0349 static void selinux_free_mnt_opts(void *mnt_opts)
0350 {
0351 kfree(mnt_opts);
0352 }
0353
0354 enum {
0355 Opt_error = -1,
0356 Opt_context = 0,
0357 Opt_defcontext = 1,
0358 Opt_fscontext = 2,
0359 Opt_rootcontext = 3,
0360 Opt_seclabel = 4,
0361 };
0362
0363 #define A(s, has_arg) {#s, sizeof(#s) - 1, Opt_##s, has_arg}
0364 static struct {
0365 const char *name;
0366 int len;
0367 int opt;
0368 bool has_arg;
0369 } tokens[] = {
0370 A(context, true),
0371 A(fscontext, true),
0372 A(defcontext, true),
0373 A(rootcontext, true),
0374 A(seclabel, false),
0375 };
0376 #undef A
0377
0378 static int match_opt_prefix(char *s, int l, char **arg)
0379 {
0380 int i;
0381
0382 for (i = 0; i < ARRAY_SIZE(tokens); i++) {
0383 size_t len = tokens[i].len;
0384 if (len > l || memcmp(s, tokens[i].name, len))
0385 continue;
0386 if (tokens[i].has_arg) {
0387 if (len == l || s[len] != '=')
0388 continue;
0389 *arg = s + len + 1;
0390 } else if (len != l)
0391 continue;
0392 return tokens[i].opt;
0393 }
0394 return Opt_error;
0395 }
0396
0397 #define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
0398
0399 static int may_context_mount_sb_relabel(u32 sid,
0400 struct superblock_security_struct *sbsec,
0401 const struct cred *cred)
0402 {
0403 const struct task_security_struct *tsec = selinux_cred(cred);
0404 int rc;
0405
0406 rc = avc_has_perm(&selinux_state,
0407 tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
0408 FILESYSTEM__RELABELFROM, NULL);
0409 if (rc)
0410 return rc;
0411
0412 rc = avc_has_perm(&selinux_state,
0413 tsec->sid, sid, SECCLASS_FILESYSTEM,
0414 FILESYSTEM__RELABELTO, NULL);
0415 return rc;
0416 }
0417
0418 static int may_context_mount_inode_relabel(u32 sid,
0419 struct superblock_security_struct *sbsec,
0420 const struct cred *cred)
0421 {
0422 const struct task_security_struct *tsec = selinux_cred(cred);
0423 int rc;
0424 rc = avc_has_perm(&selinux_state,
0425 tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
0426 FILESYSTEM__RELABELFROM, NULL);
0427 if (rc)
0428 return rc;
0429
0430 rc = avc_has_perm(&selinux_state,
0431 sid, sbsec->sid, SECCLASS_FILESYSTEM,
0432 FILESYSTEM__ASSOCIATE, NULL);
0433 return rc;
0434 }
0435
0436 static int selinux_is_genfs_special_handling(struct super_block *sb)
0437 {
0438
0439 return !strcmp(sb->s_type->name, "sysfs") ||
0440 !strcmp(sb->s_type->name, "pstore") ||
0441 !strcmp(sb->s_type->name, "debugfs") ||
0442 !strcmp(sb->s_type->name, "tracefs") ||
0443 !strcmp(sb->s_type->name, "rootfs") ||
0444 (selinux_policycap_cgroupseclabel() &&
0445 (!strcmp(sb->s_type->name, "cgroup") ||
0446 !strcmp(sb->s_type->name, "cgroup2")));
0447 }
0448
0449 static int selinux_is_sblabel_mnt(struct super_block *sb)
0450 {
0451 struct superblock_security_struct *sbsec = selinux_superblock(sb);
0452
0453
0454
0455
0456
0457 BUILD_BUG_ON(SECURITY_FS_USE_MAX != 7);
0458
0459 switch (sbsec->behavior) {
0460 case SECURITY_FS_USE_XATTR:
0461 case SECURITY_FS_USE_TRANS:
0462 case SECURITY_FS_USE_TASK:
0463 case SECURITY_FS_USE_NATIVE:
0464 return 1;
0465
0466 case SECURITY_FS_USE_GENFS:
0467 return selinux_is_genfs_special_handling(sb);
0468
0469
0470 case SECURITY_FS_USE_MNTPOINT:
0471 case SECURITY_FS_USE_NONE:
0472 default:
0473 return 0;
0474 }
0475 }
0476
0477 static int sb_check_xattr_support(struct super_block *sb)
0478 {
0479 struct superblock_security_struct *sbsec = selinux_superblock(sb);
0480 struct dentry *root = sb->s_root;
0481 struct inode *root_inode = d_backing_inode(root);
0482 u32 sid;
0483 int rc;
0484
0485
0486
0487
0488
0489
0490
0491
0492 if (!(root_inode->i_opflags & IOP_XATTR)) {
0493 pr_warn("SELinux: (dev %s, type %s) has no xattr support\n",
0494 sb->s_id, sb->s_type->name);
0495 goto fallback;
0496 }
0497
0498 rc = __vfs_getxattr(root, root_inode, XATTR_NAME_SELINUX, NULL, 0);
0499 if (rc < 0 && rc != -ENODATA) {
0500 if (rc == -EOPNOTSUPP) {
0501 pr_warn("SELinux: (dev %s, type %s) has no security xattr handler\n",
0502 sb->s_id, sb->s_type->name);
0503 goto fallback;
0504 } else {
0505 pr_warn("SELinux: (dev %s, type %s) getxattr errno %d\n",
0506 sb->s_id, sb->s_type->name, -rc);
0507 return rc;
0508 }
0509 }
0510 return 0;
0511
0512 fallback:
0513
0514 rc = security_genfs_sid(&selinux_state, sb->s_type->name, "/",
0515 SECCLASS_DIR, &sid);
0516 if (rc)
0517 return -EOPNOTSUPP;
0518
0519 pr_warn("SELinux: (dev %s, type %s) falling back to genfs\n",
0520 sb->s_id, sb->s_type->name);
0521 sbsec->behavior = SECURITY_FS_USE_GENFS;
0522 sbsec->sid = sid;
0523 return 0;
0524 }
0525
0526 static int sb_finish_set_opts(struct super_block *sb)
0527 {
0528 struct superblock_security_struct *sbsec = selinux_superblock(sb);
0529 struct dentry *root = sb->s_root;
0530 struct inode *root_inode = d_backing_inode(root);
0531 int rc = 0;
0532
0533 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
0534 rc = sb_check_xattr_support(sb);
0535 if (rc)
0536 return rc;
0537 }
0538
0539 sbsec->flags |= SE_SBINITIALIZED;
0540
0541
0542
0543
0544
0545
0546 if (selinux_is_sblabel_mnt(sb))
0547 sbsec->flags |= SBLABEL_MNT;
0548 else
0549 sbsec->flags &= ~SBLABEL_MNT;
0550
0551
0552 rc = inode_doinit_with_dentry(root_inode, root);
0553
0554
0555
0556
0557
0558 spin_lock(&sbsec->isec_lock);
0559 while (!list_empty(&sbsec->isec_head)) {
0560 struct inode_security_struct *isec =
0561 list_first_entry(&sbsec->isec_head,
0562 struct inode_security_struct, list);
0563 struct inode *inode = isec->inode;
0564 list_del_init(&isec->list);
0565 spin_unlock(&sbsec->isec_lock);
0566 inode = igrab(inode);
0567 if (inode) {
0568 if (!IS_PRIVATE(inode))
0569 inode_doinit_with_dentry(inode, NULL);
0570 iput(inode);
0571 }
0572 spin_lock(&sbsec->isec_lock);
0573 }
0574 spin_unlock(&sbsec->isec_lock);
0575 return rc;
0576 }
0577
0578 static int bad_option(struct superblock_security_struct *sbsec, char flag,
0579 u32 old_sid, u32 new_sid)
0580 {
0581 char mnt_flags = sbsec->flags & SE_MNTMASK;
0582
0583
0584 if (sbsec->flags & SE_SBINITIALIZED)
0585 if (!(sbsec->flags & flag) ||
0586 (old_sid != new_sid))
0587 return 1;
0588
0589
0590
0591
0592 if (!(sbsec->flags & SE_SBINITIALIZED))
0593 if (mnt_flags & flag)
0594 return 1;
0595 return 0;
0596 }
0597
0598
0599
0600
0601
0602 static int selinux_set_mnt_opts(struct super_block *sb,
0603 void *mnt_opts,
0604 unsigned long kern_flags,
0605 unsigned long *set_kern_flags)
0606 {
0607 const struct cred *cred = current_cred();
0608 struct superblock_security_struct *sbsec = selinux_superblock(sb);
0609 struct dentry *root = sb->s_root;
0610 struct selinux_mnt_opts *opts = mnt_opts;
0611 struct inode_security_struct *root_isec;
0612 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
0613 u32 defcontext_sid = 0;
0614 int rc = 0;
0615
0616 mutex_lock(&sbsec->lock);
0617
0618 if (!selinux_initialized(&selinux_state)) {
0619 if (!opts) {
0620
0621
0622
0623 goto out;
0624 }
0625 rc = -EINVAL;
0626 pr_warn("SELinux: Unable to set superblock options "
0627 "before the security server is initialized\n");
0628 goto out;
0629 }
0630 if (kern_flags && !set_kern_flags) {
0631
0632
0633 rc = -EINVAL;
0634 goto out;
0635 }
0636
0637
0638
0639
0640
0641
0642
0643
0644
0645
0646
0647
0648 if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
0649 && !opts)
0650 goto out;
0651
0652 root_isec = backing_inode_security_novalidate(root);
0653
0654
0655
0656
0657
0658
0659 if (opts) {
0660 if (opts->fscontext_sid) {
0661 fscontext_sid = opts->fscontext_sid;
0662 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
0663 fscontext_sid))
0664 goto out_double_mount;
0665 sbsec->flags |= FSCONTEXT_MNT;
0666 }
0667 if (opts->context_sid) {
0668 context_sid = opts->context_sid;
0669 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
0670 context_sid))
0671 goto out_double_mount;
0672 sbsec->flags |= CONTEXT_MNT;
0673 }
0674 if (opts->rootcontext_sid) {
0675 rootcontext_sid = opts->rootcontext_sid;
0676 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
0677 rootcontext_sid))
0678 goto out_double_mount;
0679 sbsec->flags |= ROOTCONTEXT_MNT;
0680 }
0681 if (opts->defcontext_sid) {
0682 defcontext_sid = opts->defcontext_sid;
0683 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
0684 defcontext_sid))
0685 goto out_double_mount;
0686 sbsec->flags |= DEFCONTEXT_MNT;
0687 }
0688 }
0689
0690 if (sbsec->flags & SE_SBINITIALIZED) {
0691
0692 if ((sbsec->flags & SE_MNTMASK) && !opts)
0693 goto out_double_mount;
0694 rc = 0;
0695 goto out;
0696 }
0697
0698 if (strcmp(sb->s_type->name, "proc") == 0)
0699 sbsec->flags |= SE_SBPROC | SE_SBGENFS;
0700
0701 if (!strcmp(sb->s_type->name, "debugfs") ||
0702 !strcmp(sb->s_type->name, "tracefs") ||
0703 !strcmp(sb->s_type->name, "binder") ||
0704 !strcmp(sb->s_type->name, "bpf") ||
0705 !strcmp(sb->s_type->name, "pstore") ||
0706 !strcmp(sb->s_type->name, "securityfs"))
0707 sbsec->flags |= SE_SBGENFS;
0708
0709 if (!strcmp(sb->s_type->name, "sysfs") ||
0710 !strcmp(sb->s_type->name, "cgroup") ||
0711 !strcmp(sb->s_type->name, "cgroup2"))
0712 sbsec->flags |= SE_SBGENFS | SE_SBGENFS_XATTR;
0713
0714 if (!sbsec->behavior) {
0715
0716
0717
0718
0719 rc = security_fs_use(&selinux_state, sb);
0720 if (rc) {
0721 pr_warn("%s: security_fs_use(%s) returned %d\n",
0722 __func__, sb->s_type->name, rc);
0723 goto out;
0724 }
0725 }
0726
0727
0728
0729
0730
0731
0732 if (sb->s_user_ns != &init_user_ns &&
0733 strcmp(sb->s_type->name, "tmpfs") &&
0734 strcmp(sb->s_type->name, "ramfs") &&
0735 strcmp(sb->s_type->name, "devpts") &&
0736 strcmp(sb->s_type->name, "overlay")) {
0737 if (context_sid || fscontext_sid || rootcontext_sid ||
0738 defcontext_sid) {
0739 rc = -EACCES;
0740 goto out;
0741 }
0742 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
0743 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
0744 rc = security_transition_sid(&selinux_state,
0745 current_sid(),
0746 current_sid(),
0747 SECCLASS_FILE, NULL,
0748 &sbsec->mntpoint_sid);
0749 if (rc)
0750 goto out;
0751 }
0752 goto out_set_opts;
0753 }
0754
0755
0756 if (fscontext_sid) {
0757 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
0758 if (rc)
0759 goto out;
0760
0761 sbsec->sid = fscontext_sid;
0762 }
0763
0764
0765
0766
0767
0768
0769 if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !context_sid) {
0770 sbsec->behavior = SECURITY_FS_USE_NATIVE;
0771 *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
0772 }
0773
0774 if (context_sid) {
0775 if (!fscontext_sid) {
0776 rc = may_context_mount_sb_relabel(context_sid, sbsec,
0777 cred);
0778 if (rc)
0779 goto out;
0780 sbsec->sid = context_sid;
0781 } else {
0782 rc = may_context_mount_inode_relabel(context_sid, sbsec,
0783 cred);
0784 if (rc)
0785 goto out;
0786 }
0787 if (!rootcontext_sid)
0788 rootcontext_sid = context_sid;
0789
0790 sbsec->mntpoint_sid = context_sid;
0791 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
0792 }
0793
0794 if (rootcontext_sid) {
0795 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
0796 cred);
0797 if (rc)
0798 goto out;
0799
0800 root_isec->sid = rootcontext_sid;
0801 root_isec->initialized = LABEL_INITIALIZED;
0802 }
0803
0804 if (defcontext_sid) {
0805 if (sbsec->behavior != SECURITY_FS_USE_XATTR &&
0806 sbsec->behavior != SECURITY_FS_USE_NATIVE) {
0807 rc = -EINVAL;
0808 pr_warn("SELinux: defcontext option is "
0809 "invalid for this filesystem type\n");
0810 goto out;
0811 }
0812
0813 if (defcontext_sid != sbsec->def_sid) {
0814 rc = may_context_mount_inode_relabel(defcontext_sid,
0815 sbsec, cred);
0816 if (rc)
0817 goto out;
0818 }
0819
0820 sbsec->def_sid = defcontext_sid;
0821 }
0822
0823 out_set_opts:
0824 rc = sb_finish_set_opts(sb);
0825 out:
0826 mutex_unlock(&sbsec->lock);
0827 return rc;
0828 out_double_mount:
0829 rc = -EINVAL;
0830 pr_warn("SELinux: mount invalid. Same superblock, different "
0831 "security settings for (dev %s, type %s)\n", sb->s_id,
0832 sb->s_type->name);
0833 goto out;
0834 }
0835
0836 static int selinux_cmp_sb_context(const struct super_block *oldsb,
0837 const struct super_block *newsb)
0838 {
0839 struct superblock_security_struct *old = selinux_superblock(oldsb);
0840 struct superblock_security_struct *new = selinux_superblock(newsb);
0841 char oldflags = old->flags & SE_MNTMASK;
0842 char newflags = new->flags & SE_MNTMASK;
0843
0844 if (oldflags != newflags)
0845 goto mismatch;
0846 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid)
0847 goto mismatch;
0848 if ((oldflags & CONTEXT_MNT) && old->mntpoint_sid != new->mntpoint_sid)
0849 goto mismatch;
0850 if ((oldflags & DEFCONTEXT_MNT) && old->def_sid != new->def_sid)
0851 goto mismatch;
0852 if (oldflags & ROOTCONTEXT_MNT) {
0853 struct inode_security_struct *oldroot = backing_inode_security(oldsb->s_root);
0854 struct inode_security_struct *newroot = backing_inode_security(newsb->s_root);
0855 if (oldroot->sid != newroot->sid)
0856 goto mismatch;
0857 }
0858 return 0;
0859 mismatch:
0860 pr_warn("SELinux: mount invalid. Same superblock, "
0861 "different security settings for (dev %s, "
0862 "type %s)\n", newsb->s_id, newsb->s_type->name);
0863 return -EBUSY;
0864 }
0865
0866 static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
0867 struct super_block *newsb,
0868 unsigned long kern_flags,
0869 unsigned long *set_kern_flags)
0870 {
0871 int rc = 0;
0872 const struct superblock_security_struct *oldsbsec =
0873 selinux_superblock(oldsb);
0874 struct superblock_security_struct *newsbsec = selinux_superblock(newsb);
0875
0876 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
0877 int set_context = (oldsbsec->flags & CONTEXT_MNT);
0878 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
0879
0880
0881
0882
0883
0884 if (!selinux_initialized(&selinux_state))
0885 return 0;
0886
0887
0888
0889
0890
0891 if (kern_flags && !set_kern_flags)
0892 return -EINVAL;
0893
0894
0895 BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
0896
0897
0898 if (newsbsec->flags & SE_SBINITIALIZED) {
0899 if ((kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context)
0900 *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
0901 return selinux_cmp_sb_context(oldsb, newsb);
0902 }
0903
0904 mutex_lock(&newsbsec->lock);
0905
0906 newsbsec->flags = oldsbsec->flags;
0907
0908 newsbsec->sid = oldsbsec->sid;
0909 newsbsec->def_sid = oldsbsec->def_sid;
0910 newsbsec->behavior = oldsbsec->behavior;
0911
0912 if (newsbsec->behavior == SECURITY_FS_USE_NATIVE &&
0913 !(kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context) {
0914 rc = security_fs_use(&selinux_state, newsb);
0915 if (rc)
0916 goto out;
0917 }
0918
0919 if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !set_context) {
0920 newsbsec->behavior = SECURITY_FS_USE_NATIVE;
0921 *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
0922 }
0923
0924 if (set_context) {
0925 u32 sid = oldsbsec->mntpoint_sid;
0926
0927 if (!set_fscontext)
0928 newsbsec->sid = sid;
0929 if (!set_rootcontext) {
0930 struct inode_security_struct *newisec = backing_inode_security(newsb->s_root);
0931 newisec->sid = sid;
0932 }
0933 newsbsec->mntpoint_sid = sid;
0934 }
0935 if (set_rootcontext) {
0936 const struct inode_security_struct *oldisec = backing_inode_security(oldsb->s_root);
0937 struct inode_security_struct *newisec = backing_inode_security(newsb->s_root);
0938
0939 newisec->sid = oldisec->sid;
0940 }
0941
0942 sb_finish_set_opts(newsb);
0943 out:
0944 mutex_unlock(&newsbsec->lock);
0945 return rc;
0946 }
0947
0948
0949
0950
0951 static int selinux_add_opt(int token, const char *s, void **mnt_opts)
0952 {
0953 struct selinux_mnt_opts *opts = *mnt_opts;
0954 u32 *dst_sid;
0955 int rc;
0956
0957 if (token == Opt_seclabel)
0958
0959 return 0;
0960 if (!s)
0961 return -EINVAL;
0962
0963 if (!selinux_initialized(&selinux_state)) {
0964 pr_warn("SELinux: Unable to set superblock options before the security server is initialized\n");
0965 return -EINVAL;
0966 }
0967
0968 if (!opts) {
0969 opts = kzalloc(sizeof(*opts), GFP_KERNEL);
0970 if (!opts)
0971 return -ENOMEM;
0972 *mnt_opts = opts;
0973 }
0974
0975 switch (token) {
0976 case Opt_context:
0977 if (opts->context_sid || opts->defcontext_sid)
0978 goto err;
0979 dst_sid = &opts->context_sid;
0980 break;
0981 case Opt_fscontext:
0982 if (opts->fscontext_sid)
0983 goto err;
0984 dst_sid = &opts->fscontext_sid;
0985 break;
0986 case Opt_rootcontext:
0987 if (opts->rootcontext_sid)
0988 goto err;
0989 dst_sid = &opts->rootcontext_sid;
0990 break;
0991 case Opt_defcontext:
0992 if (opts->context_sid || opts->defcontext_sid)
0993 goto err;
0994 dst_sid = &opts->defcontext_sid;
0995 break;
0996 default:
0997 WARN_ON(1);
0998 return -EINVAL;
0999 }
1000 rc = security_context_str_to_sid(&selinux_state, s, dst_sid, GFP_KERNEL);
1001 if (rc)
1002 pr_warn("SELinux: security_context_str_to_sid (%s) failed with errno=%d\n",
1003 s, rc);
1004 return rc;
1005
1006 err:
1007 pr_warn(SEL_MOUNT_FAIL_MSG);
1008 return -EINVAL;
1009 }
1010
1011 static int show_sid(struct seq_file *m, u32 sid)
1012 {
1013 char *context = NULL;
1014 u32 len;
1015 int rc;
1016
1017 rc = security_sid_to_context(&selinux_state, sid,
1018 &context, &len);
1019 if (!rc) {
1020 bool has_comma = strchr(context, ',');
1021
1022 seq_putc(m, '=');
1023 if (has_comma)
1024 seq_putc(m, '\"');
1025 seq_escape(m, context, "\"\n\\");
1026 if (has_comma)
1027 seq_putc(m, '\"');
1028 }
1029 kfree(context);
1030 return rc;
1031 }
1032
1033 static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
1034 {
1035 struct superblock_security_struct *sbsec = selinux_superblock(sb);
1036 int rc;
1037
1038 if (!(sbsec->flags & SE_SBINITIALIZED))
1039 return 0;
1040
1041 if (!selinux_initialized(&selinux_state))
1042 return 0;
1043
1044 if (sbsec->flags & FSCONTEXT_MNT) {
1045 seq_putc(m, ',');
1046 seq_puts(m, FSCONTEXT_STR);
1047 rc = show_sid(m, sbsec->sid);
1048 if (rc)
1049 return rc;
1050 }
1051 if (sbsec->flags & CONTEXT_MNT) {
1052 seq_putc(m, ',');
1053 seq_puts(m, CONTEXT_STR);
1054 rc = show_sid(m, sbsec->mntpoint_sid);
1055 if (rc)
1056 return rc;
1057 }
1058 if (sbsec->flags & DEFCONTEXT_MNT) {
1059 seq_putc(m, ',');
1060 seq_puts(m, DEFCONTEXT_STR);
1061 rc = show_sid(m, sbsec->def_sid);
1062 if (rc)
1063 return rc;
1064 }
1065 if (sbsec->flags & ROOTCONTEXT_MNT) {
1066 struct dentry *root = sb->s_root;
1067 struct inode_security_struct *isec = backing_inode_security(root);
1068 seq_putc(m, ',');
1069 seq_puts(m, ROOTCONTEXT_STR);
1070 rc = show_sid(m, isec->sid);
1071 if (rc)
1072 return rc;
1073 }
1074 if (sbsec->flags & SBLABEL_MNT) {
1075 seq_putc(m, ',');
1076 seq_puts(m, SECLABEL_STR);
1077 }
1078 return 0;
1079 }
1080
1081 static inline u16 inode_mode_to_security_class(umode_t mode)
1082 {
1083 switch (mode & S_IFMT) {
1084 case S_IFSOCK:
1085 return SECCLASS_SOCK_FILE;
1086 case S_IFLNK:
1087 return SECCLASS_LNK_FILE;
1088 case S_IFREG:
1089 return SECCLASS_FILE;
1090 case S_IFBLK:
1091 return SECCLASS_BLK_FILE;
1092 case S_IFDIR:
1093 return SECCLASS_DIR;
1094 case S_IFCHR:
1095 return SECCLASS_CHR_FILE;
1096 case S_IFIFO:
1097 return SECCLASS_FIFO_FILE;
1098
1099 }
1100
1101 return SECCLASS_FILE;
1102 }
1103
1104 static inline int default_protocol_stream(int protocol)
1105 {
1106 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP ||
1107 protocol == IPPROTO_MPTCP);
1108 }
1109
1110 static inline int default_protocol_dgram(int protocol)
1111 {
1112 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
1113 }
1114
1115 static inline u16 socket_type_to_security_class(int family, int type, int protocol)
1116 {
1117 int extsockclass = selinux_policycap_extsockclass();
1118
1119 switch (family) {
1120 case PF_UNIX:
1121 switch (type) {
1122 case SOCK_STREAM:
1123 case SOCK_SEQPACKET:
1124 return SECCLASS_UNIX_STREAM_SOCKET;
1125 case SOCK_DGRAM:
1126 case SOCK_RAW:
1127 return SECCLASS_UNIX_DGRAM_SOCKET;
1128 }
1129 break;
1130 case PF_INET:
1131 case PF_INET6:
1132 switch (type) {
1133 case SOCK_STREAM:
1134 case SOCK_SEQPACKET:
1135 if (default_protocol_stream(protocol))
1136 return SECCLASS_TCP_SOCKET;
1137 else if (extsockclass && protocol == IPPROTO_SCTP)
1138 return SECCLASS_SCTP_SOCKET;
1139 else
1140 return SECCLASS_RAWIP_SOCKET;
1141 case SOCK_DGRAM:
1142 if (default_protocol_dgram(protocol))
1143 return SECCLASS_UDP_SOCKET;
1144 else if (extsockclass && (protocol == IPPROTO_ICMP ||
1145 protocol == IPPROTO_ICMPV6))
1146 return SECCLASS_ICMP_SOCKET;
1147 else
1148 return SECCLASS_RAWIP_SOCKET;
1149 case SOCK_DCCP:
1150 return SECCLASS_DCCP_SOCKET;
1151 default:
1152 return SECCLASS_RAWIP_SOCKET;
1153 }
1154 break;
1155 case PF_NETLINK:
1156 switch (protocol) {
1157 case NETLINK_ROUTE:
1158 return SECCLASS_NETLINK_ROUTE_SOCKET;
1159 case NETLINK_SOCK_DIAG:
1160 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
1161 case NETLINK_NFLOG:
1162 return SECCLASS_NETLINK_NFLOG_SOCKET;
1163 case NETLINK_XFRM:
1164 return SECCLASS_NETLINK_XFRM_SOCKET;
1165 case NETLINK_SELINUX:
1166 return SECCLASS_NETLINK_SELINUX_SOCKET;
1167 case NETLINK_ISCSI:
1168 return SECCLASS_NETLINK_ISCSI_SOCKET;
1169 case NETLINK_AUDIT:
1170 return SECCLASS_NETLINK_AUDIT_SOCKET;
1171 case NETLINK_FIB_LOOKUP:
1172 return SECCLASS_NETLINK_FIB_LOOKUP_SOCKET;
1173 case NETLINK_CONNECTOR:
1174 return SECCLASS_NETLINK_CONNECTOR_SOCKET;
1175 case NETLINK_NETFILTER:
1176 return SECCLASS_NETLINK_NETFILTER_SOCKET;
1177 case NETLINK_DNRTMSG:
1178 return SECCLASS_NETLINK_DNRT_SOCKET;
1179 case NETLINK_KOBJECT_UEVENT:
1180 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
1181 case NETLINK_GENERIC:
1182 return SECCLASS_NETLINK_GENERIC_SOCKET;
1183 case NETLINK_SCSITRANSPORT:
1184 return SECCLASS_NETLINK_SCSITRANSPORT_SOCKET;
1185 case NETLINK_RDMA:
1186 return SECCLASS_NETLINK_RDMA_SOCKET;
1187 case NETLINK_CRYPTO:
1188 return SECCLASS_NETLINK_CRYPTO_SOCKET;
1189 default:
1190 return SECCLASS_NETLINK_SOCKET;
1191 }
1192 case PF_PACKET:
1193 return SECCLASS_PACKET_SOCKET;
1194 case PF_KEY:
1195 return SECCLASS_KEY_SOCKET;
1196 case PF_APPLETALK:
1197 return SECCLASS_APPLETALK_SOCKET;
1198 }
1199
1200 if (extsockclass) {
1201 switch (family) {
1202 case PF_AX25:
1203 return SECCLASS_AX25_SOCKET;
1204 case PF_IPX:
1205 return SECCLASS_IPX_SOCKET;
1206 case PF_NETROM:
1207 return SECCLASS_NETROM_SOCKET;
1208 case PF_ATMPVC:
1209 return SECCLASS_ATMPVC_SOCKET;
1210 case PF_X25:
1211 return SECCLASS_X25_SOCKET;
1212 case PF_ROSE:
1213 return SECCLASS_ROSE_SOCKET;
1214 case PF_DECnet:
1215 return SECCLASS_DECNET_SOCKET;
1216 case PF_ATMSVC:
1217 return SECCLASS_ATMSVC_SOCKET;
1218 case PF_RDS:
1219 return SECCLASS_RDS_SOCKET;
1220 case PF_IRDA:
1221 return SECCLASS_IRDA_SOCKET;
1222 case PF_PPPOX:
1223 return SECCLASS_PPPOX_SOCKET;
1224 case PF_LLC:
1225 return SECCLASS_LLC_SOCKET;
1226 case PF_CAN:
1227 return SECCLASS_CAN_SOCKET;
1228 case PF_TIPC:
1229 return SECCLASS_TIPC_SOCKET;
1230 case PF_BLUETOOTH:
1231 return SECCLASS_BLUETOOTH_SOCKET;
1232 case PF_IUCV:
1233 return SECCLASS_IUCV_SOCKET;
1234 case PF_RXRPC:
1235 return SECCLASS_RXRPC_SOCKET;
1236 case PF_ISDN:
1237 return SECCLASS_ISDN_SOCKET;
1238 case PF_PHONET:
1239 return SECCLASS_PHONET_SOCKET;
1240 case PF_IEEE802154:
1241 return SECCLASS_IEEE802154_SOCKET;
1242 case PF_CAIF:
1243 return SECCLASS_CAIF_SOCKET;
1244 case PF_ALG:
1245 return SECCLASS_ALG_SOCKET;
1246 case PF_NFC:
1247 return SECCLASS_NFC_SOCKET;
1248 case PF_VSOCK:
1249 return SECCLASS_VSOCK_SOCKET;
1250 case PF_KCM:
1251 return SECCLASS_KCM_SOCKET;
1252 case PF_QIPCRTR:
1253 return SECCLASS_QIPCRTR_SOCKET;
1254 case PF_SMC:
1255 return SECCLASS_SMC_SOCKET;
1256 case PF_XDP:
1257 return SECCLASS_XDP_SOCKET;
1258 case PF_MCTP:
1259 return SECCLASS_MCTP_SOCKET;
1260 #if PF_MAX > 46
1261 #error New address family defined, please update this function.
1262 #endif
1263 }
1264 }
1265
1266 return SECCLASS_SOCKET;
1267 }
1268
1269 static int selinux_genfs_get_sid(struct dentry *dentry,
1270 u16 tclass,
1271 u16 flags,
1272 u32 *sid)
1273 {
1274 int rc;
1275 struct super_block *sb = dentry->d_sb;
1276 char *buffer, *path;
1277
1278 buffer = (char *)__get_free_page(GFP_KERNEL);
1279 if (!buffer)
1280 return -ENOMEM;
1281
1282 path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
1283 if (IS_ERR(path))
1284 rc = PTR_ERR(path);
1285 else {
1286 if (flags & SE_SBPROC) {
1287
1288
1289
1290 while (path[1] >= '0' && path[1] <= '9') {
1291 path[1] = '/';
1292 path++;
1293 }
1294 }
1295 rc = security_genfs_sid(&selinux_state, sb->s_type->name,
1296 path, tclass, sid);
1297 if (rc == -ENOENT) {
1298
1299 *sid = SECINITSID_UNLABELED;
1300 rc = 0;
1301 }
1302 }
1303 free_page((unsigned long)buffer);
1304 return rc;
1305 }
1306
1307 static int inode_doinit_use_xattr(struct inode *inode, struct dentry *dentry,
1308 u32 def_sid, u32 *sid)
1309 {
1310 #define INITCONTEXTLEN 255
1311 char *context;
1312 unsigned int len;
1313 int rc;
1314
1315 len = INITCONTEXTLEN;
1316 context = kmalloc(len + 1, GFP_NOFS);
1317 if (!context)
1318 return -ENOMEM;
1319
1320 context[len] = '\0';
1321 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, context, len);
1322 if (rc == -ERANGE) {
1323 kfree(context);
1324
1325
1326 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, NULL, 0);
1327 if (rc < 0)
1328 return rc;
1329
1330 len = rc;
1331 context = kmalloc(len + 1, GFP_NOFS);
1332 if (!context)
1333 return -ENOMEM;
1334
1335 context[len] = '\0';
1336 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX,
1337 context, len);
1338 }
1339 if (rc < 0) {
1340 kfree(context);
1341 if (rc != -ENODATA) {
1342 pr_warn("SELinux: %s: getxattr returned %d for dev=%s ino=%ld\n",
1343 __func__, -rc, inode->i_sb->s_id, inode->i_ino);
1344 return rc;
1345 }
1346 *sid = def_sid;
1347 return 0;
1348 }
1349
1350 rc = security_context_to_sid_default(&selinux_state, context, rc, sid,
1351 def_sid, GFP_NOFS);
1352 if (rc) {
1353 char *dev = inode->i_sb->s_id;
1354 unsigned long ino = inode->i_ino;
1355
1356 if (rc == -EINVAL) {
1357 pr_notice_ratelimited("SELinux: inode=%lu on dev=%s was found to have an invalid context=%s. This indicates you may need to relabel the inode or the filesystem in question.\n",
1358 ino, dev, context);
1359 } else {
1360 pr_warn("SELinux: %s: context_to_sid(%s) returned %d for dev=%s ino=%ld\n",
1361 __func__, context, -rc, dev, ino);
1362 }
1363 }
1364 kfree(context);
1365 return 0;
1366 }
1367
1368
1369 static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1370 {
1371 struct superblock_security_struct *sbsec = NULL;
1372 struct inode_security_struct *isec = selinux_inode(inode);
1373 u32 task_sid, sid = 0;
1374 u16 sclass;
1375 struct dentry *dentry;
1376 int rc = 0;
1377
1378 if (isec->initialized == LABEL_INITIALIZED)
1379 return 0;
1380
1381 spin_lock(&isec->lock);
1382 if (isec->initialized == LABEL_INITIALIZED)
1383 goto out_unlock;
1384
1385 if (isec->sclass == SECCLASS_FILE)
1386 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1387
1388 sbsec = selinux_superblock(inode->i_sb);
1389 if (!(sbsec->flags & SE_SBINITIALIZED)) {
1390
1391
1392
1393 spin_lock(&sbsec->isec_lock);
1394 if (list_empty(&isec->list))
1395 list_add(&isec->list, &sbsec->isec_head);
1396 spin_unlock(&sbsec->isec_lock);
1397 goto out_unlock;
1398 }
1399
1400 sclass = isec->sclass;
1401 task_sid = isec->task_sid;
1402 sid = isec->sid;
1403 isec->initialized = LABEL_PENDING;
1404 spin_unlock(&isec->lock);
1405
1406 switch (sbsec->behavior) {
1407 case SECURITY_FS_USE_NATIVE:
1408 break;
1409 case SECURITY_FS_USE_XATTR:
1410 if (!(inode->i_opflags & IOP_XATTR)) {
1411 sid = sbsec->def_sid;
1412 break;
1413 }
1414
1415
1416 if (opt_dentry) {
1417
1418 dentry = dget(opt_dentry);
1419 } else {
1420
1421
1422
1423
1424
1425
1426 dentry = d_find_alias(inode);
1427 if (!dentry)
1428 dentry = d_find_any_alias(inode);
1429 }
1430 if (!dentry) {
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440 goto out_invalid;
1441 }
1442
1443 rc = inode_doinit_use_xattr(inode, dentry, sbsec->def_sid,
1444 &sid);
1445 dput(dentry);
1446 if (rc)
1447 goto out;
1448 break;
1449 case SECURITY_FS_USE_TASK:
1450 sid = task_sid;
1451 break;
1452 case SECURITY_FS_USE_TRANS:
1453
1454 sid = sbsec->sid;
1455
1456
1457 rc = security_transition_sid(&selinux_state, task_sid, sid,
1458 sclass, NULL, &sid);
1459 if (rc)
1460 goto out;
1461 break;
1462 case SECURITY_FS_USE_MNTPOINT:
1463 sid = sbsec->mntpoint_sid;
1464 break;
1465 default:
1466
1467 sid = sbsec->sid;
1468
1469 if ((sbsec->flags & SE_SBGENFS) &&
1470 (!S_ISLNK(inode->i_mode) ||
1471 selinux_policycap_genfs_seclabel_symlinks())) {
1472
1473
1474 if (opt_dentry) {
1475
1476
1477 dentry = dget(opt_dentry);
1478 } else {
1479
1480
1481
1482
1483 dentry = d_find_alias(inode);
1484 if (!dentry)
1485 dentry = d_find_any_alias(inode);
1486 }
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496 if (!dentry)
1497 goto out_invalid;
1498 rc = selinux_genfs_get_sid(dentry, sclass,
1499 sbsec->flags, &sid);
1500 if (rc) {
1501 dput(dentry);
1502 goto out;
1503 }
1504
1505 if ((sbsec->flags & SE_SBGENFS_XATTR) &&
1506 (inode->i_opflags & IOP_XATTR)) {
1507 rc = inode_doinit_use_xattr(inode, dentry,
1508 sid, &sid);
1509 if (rc) {
1510 dput(dentry);
1511 goto out;
1512 }
1513 }
1514 dput(dentry);
1515 }
1516 break;
1517 }
1518
1519 out:
1520 spin_lock(&isec->lock);
1521 if (isec->initialized == LABEL_PENDING) {
1522 if (rc) {
1523 isec->initialized = LABEL_INVALID;
1524 goto out_unlock;
1525 }
1526 isec->initialized = LABEL_INITIALIZED;
1527 isec->sid = sid;
1528 }
1529
1530 out_unlock:
1531 spin_unlock(&isec->lock);
1532 return rc;
1533
1534 out_invalid:
1535 spin_lock(&isec->lock);
1536 if (isec->initialized == LABEL_PENDING) {
1537 isec->initialized = LABEL_INVALID;
1538 isec->sid = sid;
1539 }
1540 spin_unlock(&isec->lock);
1541 return 0;
1542 }
1543
1544
1545 static inline u32 signal_to_av(int sig)
1546 {
1547 u32 perm = 0;
1548
1549 switch (sig) {
1550 case SIGCHLD:
1551
1552 perm = PROCESS__SIGCHLD;
1553 break;
1554 case SIGKILL:
1555
1556 perm = PROCESS__SIGKILL;
1557 break;
1558 case SIGSTOP:
1559
1560 perm = PROCESS__SIGSTOP;
1561 break;
1562 default:
1563
1564 perm = PROCESS__SIGNAL;
1565 break;
1566 }
1567
1568 return perm;
1569 }
1570
1571 #if CAP_LAST_CAP > 63
1572 #error Fix SELinux to handle capabilities > 63.
1573 #endif
1574
1575
1576 static int cred_has_capability(const struct cred *cred,
1577 int cap, unsigned int opts, bool initns)
1578 {
1579 struct common_audit_data ad;
1580 struct av_decision avd;
1581 u16 sclass;
1582 u32 sid = cred_sid(cred);
1583 u32 av = CAP_TO_MASK(cap);
1584 int rc;
1585
1586 ad.type = LSM_AUDIT_DATA_CAP;
1587 ad.u.cap = cap;
1588
1589 switch (CAP_TO_INDEX(cap)) {
1590 case 0:
1591 sclass = initns ? SECCLASS_CAPABILITY : SECCLASS_CAP_USERNS;
1592 break;
1593 case 1:
1594 sclass = initns ? SECCLASS_CAPABILITY2 : SECCLASS_CAP2_USERNS;
1595 break;
1596 default:
1597 pr_err("SELinux: out of range capability %d\n", cap);
1598 BUG();
1599 return -EINVAL;
1600 }
1601
1602 rc = avc_has_perm_noaudit(&selinux_state,
1603 sid, sid, sclass, av, 0, &avd);
1604 if (!(opts & CAP_OPT_NOAUDIT)) {
1605 int rc2 = avc_audit(&selinux_state,
1606 sid, sid, sclass, av, &avd, rc, &ad);
1607 if (rc2)
1608 return rc2;
1609 }
1610 return rc;
1611 }
1612
1613
1614
1615
1616 static int inode_has_perm(const struct cred *cred,
1617 struct inode *inode,
1618 u32 perms,
1619 struct common_audit_data *adp)
1620 {
1621 struct inode_security_struct *isec;
1622 u32 sid;
1623
1624 validate_creds(cred);
1625
1626 if (unlikely(IS_PRIVATE(inode)))
1627 return 0;
1628
1629 sid = cred_sid(cred);
1630 isec = selinux_inode(inode);
1631
1632 return avc_has_perm(&selinux_state,
1633 sid, isec->sid, isec->sclass, perms, adp);
1634 }
1635
1636
1637
1638
1639 static inline int dentry_has_perm(const struct cred *cred,
1640 struct dentry *dentry,
1641 u32 av)
1642 {
1643 struct inode *inode = d_backing_inode(dentry);
1644 struct common_audit_data ad;
1645
1646 ad.type = LSM_AUDIT_DATA_DENTRY;
1647 ad.u.dentry = dentry;
1648 __inode_security_revalidate(inode, dentry, true);
1649 return inode_has_perm(cred, inode, av, &ad);
1650 }
1651
1652
1653
1654
1655 static inline int path_has_perm(const struct cred *cred,
1656 const struct path *path,
1657 u32 av)
1658 {
1659 struct inode *inode = d_backing_inode(path->dentry);
1660 struct common_audit_data ad;
1661
1662 ad.type = LSM_AUDIT_DATA_PATH;
1663 ad.u.path = *path;
1664 __inode_security_revalidate(inode, path->dentry, true);
1665 return inode_has_perm(cred, inode, av, &ad);
1666 }
1667
1668
1669 static inline int file_path_has_perm(const struct cred *cred,
1670 struct file *file,
1671 u32 av)
1672 {
1673 struct common_audit_data ad;
1674
1675 ad.type = LSM_AUDIT_DATA_FILE;
1676 ad.u.file = file;
1677 return inode_has_perm(cred, file_inode(file), av, &ad);
1678 }
1679
1680 #ifdef CONFIG_BPF_SYSCALL
1681 static int bpf_fd_pass(struct file *file, u32 sid);
1682 #endif
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692 static int file_has_perm(const struct cred *cred,
1693 struct file *file,
1694 u32 av)
1695 {
1696 struct file_security_struct *fsec = selinux_file(file);
1697 struct inode *inode = file_inode(file);
1698 struct common_audit_data ad;
1699 u32 sid = cred_sid(cred);
1700 int rc;
1701
1702 ad.type = LSM_AUDIT_DATA_FILE;
1703 ad.u.file = file;
1704
1705 if (sid != fsec->sid) {
1706 rc = avc_has_perm(&selinux_state,
1707 sid, fsec->sid,
1708 SECCLASS_FD,
1709 FD__USE,
1710 &ad);
1711 if (rc)
1712 goto out;
1713 }
1714
1715 #ifdef CONFIG_BPF_SYSCALL
1716 rc = bpf_fd_pass(file, cred_sid(cred));
1717 if (rc)
1718 return rc;
1719 #endif
1720
1721
1722 rc = 0;
1723 if (av)
1724 rc = inode_has_perm(cred, inode, av, &ad);
1725
1726 out:
1727 return rc;
1728 }
1729
1730
1731
1732
1733 static int
1734 selinux_determine_inode_label(const struct task_security_struct *tsec,
1735 struct inode *dir,
1736 const struct qstr *name, u16 tclass,
1737 u32 *_new_isid)
1738 {
1739 const struct superblock_security_struct *sbsec =
1740 selinux_superblock(dir->i_sb);
1741
1742 if ((sbsec->flags & SE_SBINITIALIZED) &&
1743 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) {
1744 *_new_isid = sbsec->mntpoint_sid;
1745 } else if ((sbsec->flags & SBLABEL_MNT) &&
1746 tsec->create_sid) {
1747 *_new_isid = tsec->create_sid;
1748 } else {
1749 const struct inode_security_struct *dsec = inode_security(dir);
1750 return security_transition_sid(&selinux_state, tsec->sid,
1751 dsec->sid, tclass,
1752 name, _new_isid);
1753 }
1754
1755 return 0;
1756 }
1757
1758
1759 static int may_create(struct inode *dir,
1760 struct dentry *dentry,
1761 u16 tclass)
1762 {
1763 const struct task_security_struct *tsec = selinux_cred(current_cred());
1764 struct inode_security_struct *dsec;
1765 struct superblock_security_struct *sbsec;
1766 u32 sid, newsid;
1767 struct common_audit_data ad;
1768 int rc;
1769
1770 dsec = inode_security(dir);
1771 sbsec = selinux_superblock(dir->i_sb);
1772
1773 sid = tsec->sid;
1774
1775 ad.type = LSM_AUDIT_DATA_DENTRY;
1776 ad.u.dentry = dentry;
1777
1778 rc = avc_has_perm(&selinux_state,
1779 sid, dsec->sid, SECCLASS_DIR,
1780 DIR__ADD_NAME | DIR__SEARCH,
1781 &ad);
1782 if (rc)
1783 return rc;
1784
1785 rc = selinux_determine_inode_label(tsec, dir, &dentry->d_name, tclass,
1786 &newsid);
1787 if (rc)
1788 return rc;
1789
1790 rc = avc_has_perm(&selinux_state,
1791 sid, newsid, tclass, FILE__CREATE, &ad);
1792 if (rc)
1793 return rc;
1794
1795 return avc_has_perm(&selinux_state,
1796 newsid, sbsec->sid,
1797 SECCLASS_FILESYSTEM,
1798 FILESYSTEM__ASSOCIATE, &ad);
1799 }
1800
1801 #define MAY_LINK 0
1802 #define MAY_UNLINK 1
1803 #define MAY_RMDIR 2
1804
1805
1806 static int may_link(struct inode *dir,
1807 struct dentry *dentry,
1808 int kind)
1809
1810 {
1811 struct inode_security_struct *dsec, *isec;
1812 struct common_audit_data ad;
1813 u32 sid = current_sid();
1814 u32 av;
1815 int rc;
1816
1817 dsec = inode_security(dir);
1818 isec = backing_inode_security(dentry);
1819
1820 ad.type = LSM_AUDIT_DATA_DENTRY;
1821 ad.u.dentry = dentry;
1822
1823 av = DIR__SEARCH;
1824 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1825 rc = avc_has_perm(&selinux_state,
1826 sid, dsec->sid, SECCLASS_DIR, av, &ad);
1827 if (rc)
1828 return rc;
1829
1830 switch (kind) {
1831 case MAY_LINK:
1832 av = FILE__LINK;
1833 break;
1834 case MAY_UNLINK:
1835 av = FILE__UNLINK;
1836 break;
1837 case MAY_RMDIR:
1838 av = DIR__RMDIR;
1839 break;
1840 default:
1841 pr_warn("SELinux: %s: unrecognized kind %d\n",
1842 __func__, kind);
1843 return 0;
1844 }
1845
1846 rc = avc_has_perm(&selinux_state,
1847 sid, isec->sid, isec->sclass, av, &ad);
1848 return rc;
1849 }
1850
1851 static inline int may_rename(struct inode *old_dir,
1852 struct dentry *old_dentry,
1853 struct inode *new_dir,
1854 struct dentry *new_dentry)
1855 {
1856 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1857 struct common_audit_data ad;
1858 u32 sid = current_sid();
1859 u32 av;
1860 int old_is_dir, new_is_dir;
1861 int rc;
1862
1863 old_dsec = inode_security(old_dir);
1864 old_isec = backing_inode_security(old_dentry);
1865 old_is_dir = d_is_dir(old_dentry);
1866 new_dsec = inode_security(new_dir);
1867
1868 ad.type = LSM_AUDIT_DATA_DENTRY;
1869
1870 ad.u.dentry = old_dentry;
1871 rc = avc_has_perm(&selinux_state,
1872 sid, old_dsec->sid, SECCLASS_DIR,
1873 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1874 if (rc)
1875 return rc;
1876 rc = avc_has_perm(&selinux_state,
1877 sid, old_isec->sid,
1878 old_isec->sclass, FILE__RENAME, &ad);
1879 if (rc)
1880 return rc;
1881 if (old_is_dir && new_dir != old_dir) {
1882 rc = avc_has_perm(&selinux_state,
1883 sid, old_isec->sid,
1884 old_isec->sclass, DIR__REPARENT, &ad);
1885 if (rc)
1886 return rc;
1887 }
1888
1889 ad.u.dentry = new_dentry;
1890 av = DIR__ADD_NAME | DIR__SEARCH;
1891 if (d_is_positive(new_dentry))
1892 av |= DIR__REMOVE_NAME;
1893 rc = avc_has_perm(&selinux_state,
1894 sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1895 if (rc)
1896 return rc;
1897 if (d_is_positive(new_dentry)) {
1898 new_isec = backing_inode_security(new_dentry);
1899 new_is_dir = d_is_dir(new_dentry);
1900 rc = avc_has_perm(&selinux_state,
1901 sid, new_isec->sid,
1902 new_isec->sclass,
1903 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1904 if (rc)
1905 return rc;
1906 }
1907
1908 return 0;
1909 }
1910
1911
1912 static int superblock_has_perm(const struct cred *cred,
1913 struct super_block *sb,
1914 u32 perms,
1915 struct common_audit_data *ad)
1916 {
1917 struct superblock_security_struct *sbsec;
1918 u32 sid = cred_sid(cred);
1919
1920 sbsec = selinux_superblock(sb);
1921 return avc_has_perm(&selinux_state,
1922 sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
1923 }
1924
1925
1926 static inline u32 file_mask_to_av(int mode, int mask)
1927 {
1928 u32 av = 0;
1929
1930 if (!S_ISDIR(mode)) {
1931 if (mask & MAY_EXEC)
1932 av |= FILE__EXECUTE;
1933 if (mask & MAY_READ)
1934 av |= FILE__READ;
1935
1936 if (mask & MAY_APPEND)
1937 av |= FILE__APPEND;
1938 else if (mask & MAY_WRITE)
1939 av |= FILE__WRITE;
1940
1941 } else {
1942 if (mask & MAY_EXEC)
1943 av |= DIR__SEARCH;
1944 if (mask & MAY_WRITE)
1945 av |= DIR__WRITE;
1946 if (mask & MAY_READ)
1947 av |= DIR__READ;
1948 }
1949
1950 return av;
1951 }
1952
1953
1954 static inline u32 file_to_av(struct file *file)
1955 {
1956 u32 av = 0;
1957
1958 if (file->f_mode & FMODE_READ)
1959 av |= FILE__READ;
1960 if (file->f_mode & FMODE_WRITE) {
1961 if (file->f_flags & O_APPEND)
1962 av |= FILE__APPEND;
1963 else
1964 av |= FILE__WRITE;
1965 }
1966 if (!av) {
1967
1968
1969
1970 av = FILE__IOCTL;
1971 }
1972
1973 return av;
1974 }
1975
1976
1977
1978
1979
1980 static inline u32 open_file_to_av(struct file *file)
1981 {
1982 u32 av = file_to_av(file);
1983 struct inode *inode = file_inode(file);
1984
1985 if (selinux_policycap_openperm() &&
1986 inode->i_sb->s_magic != SOCKFS_MAGIC)
1987 av |= FILE__OPEN;
1988
1989 return av;
1990 }
1991
1992
1993
1994 static int selinux_binder_set_context_mgr(const struct cred *mgr)
1995 {
1996 return avc_has_perm(&selinux_state,
1997 current_sid(), cred_sid(mgr), SECCLASS_BINDER,
1998 BINDER__SET_CONTEXT_MGR, NULL);
1999 }
2000
2001 static int selinux_binder_transaction(const struct cred *from,
2002 const struct cred *to)
2003 {
2004 u32 mysid = current_sid();
2005 u32 fromsid = cred_sid(from);
2006 u32 tosid = cred_sid(to);
2007 int rc;
2008
2009 if (mysid != fromsid) {
2010 rc = avc_has_perm(&selinux_state,
2011 mysid, fromsid, SECCLASS_BINDER,
2012 BINDER__IMPERSONATE, NULL);
2013 if (rc)
2014 return rc;
2015 }
2016
2017 return avc_has_perm(&selinux_state, fromsid, tosid,
2018 SECCLASS_BINDER, BINDER__CALL, NULL);
2019 }
2020
2021 static int selinux_binder_transfer_binder(const struct cred *from,
2022 const struct cred *to)
2023 {
2024 return avc_has_perm(&selinux_state,
2025 cred_sid(from), cred_sid(to),
2026 SECCLASS_BINDER, BINDER__TRANSFER,
2027 NULL);
2028 }
2029
2030 static int selinux_binder_transfer_file(const struct cred *from,
2031 const struct cred *to,
2032 struct file *file)
2033 {
2034 u32 sid = cred_sid(to);
2035 struct file_security_struct *fsec = selinux_file(file);
2036 struct dentry *dentry = file->f_path.dentry;
2037 struct inode_security_struct *isec;
2038 struct common_audit_data ad;
2039 int rc;
2040
2041 ad.type = LSM_AUDIT_DATA_PATH;
2042 ad.u.path = file->f_path;
2043
2044 if (sid != fsec->sid) {
2045 rc = avc_has_perm(&selinux_state,
2046 sid, fsec->sid,
2047 SECCLASS_FD,
2048 FD__USE,
2049 &ad);
2050 if (rc)
2051 return rc;
2052 }
2053
2054 #ifdef CONFIG_BPF_SYSCALL
2055 rc = bpf_fd_pass(file, sid);
2056 if (rc)
2057 return rc;
2058 #endif
2059
2060 if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2061 return 0;
2062
2063 isec = backing_inode_security(dentry);
2064 return avc_has_perm(&selinux_state,
2065 sid, isec->sid, isec->sclass, file_to_av(file),
2066 &ad);
2067 }
2068
2069 static int selinux_ptrace_access_check(struct task_struct *child,
2070 unsigned int mode)
2071 {
2072 u32 sid = current_sid();
2073 u32 csid = task_sid_obj(child);
2074
2075 if (mode & PTRACE_MODE_READ)
2076 return avc_has_perm(&selinux_state,
2077 sid, csid, SECCLASS_FILE, FILE__READ, NULL);
2078
2079 return avc_has_perm(&selinux_state,
2080 sid, csid, SECCLASS_PROCESS, PROCESS__PTRACE, NULL);
2081 }
2082
2083 static int selinux_ptrace_traceme(struct task_struct *parent)
2084 {
2085 return avc_has_perm(&selinux_state,
2086 task_sid_obj(parent), task_sid_obj(current),
2087 SECCLASS_PROCESS, PROCESS__PTRACE, NULL);
2088 }
2089
2090 static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
2091 kernel_cap_t *inheritable, kernel_cap_t *permitted)
2092 {
2093 return avc_has_perm(&selinux_state,
2094 current_sid(), task_sid_obj(target), SECCLASS_PROCESS,
2095 PROCESS__GETCAP, NULL);
2096 }
2097
2098 static int selinux_capset(struct cred *new, const struct cred *old,
2099 const kernel_cap_t *effective,
2100 const kernel_cap_t *inheritable,
2101 const kernel_cap_t *permitted)
2102 {
2103 return avc_has_perm(&selinux_state,
2104 cred_sid(old), cred_sid(new), SECCLASS_PROCESS,
2105 PROCESS__SETCAP, NULL);
2106 }
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118 static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
2119 int cap, unsigned int opts)
2120 {
2121 return cred_has_capability(cred, cap, opts, ns == &init_user_ns);
2122 }
2123
2124 static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
2125 {
2126 const struct cred *cred = current_cred();
2127 int rc = 0;
2128
2129 if (!sb)
2130 return 0;
2131
2132 switch (cmds) {
2133 case Q_SYNC:
2134 case Q_QUOTAON:
2135 case Q_QUOTAOFF:
2136 case Q_SETINFO:
2137 case Q_SETQUOTA:
2138 case Q_XQUOTAOFF:
2139 case Q_XQUOTAON:
2140 case Q_XSETQLIM:
2141 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
2142 break;
2143 case Q_GETFMT:
2144 case Q_GETINFO:
2145 case Q_GETQUOTA:
2146 case Q_XGETQUOTA:
2147 case Q_XGETQSTAT:
2148 case Q_XGETQSTATV:
2149 case Q_XGETNEXTQUOTA:
2150 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
2151 break;
2152 default:
2153 rc = 0;
2154 break;
2155 }
2156 return rc;
2157 }
2158
2159 static int selinux_quota_on(struct dentry *dentry)
2160 {
2161 const struct cred *cred = current_cred();
2162
2163 return dentry_has_perm(cred, dentry, FILE__QUOTAON);
2164 }
2165
2166 static int selinux_syslog(int type)
2167 {
2168 switch (type) {
2169 case SYSLOG_ACTION_READ_ALL:
2170 case SYSLOG_ACTION_SIZE_BUFFER:
2171 return avc_has_perm(&selinux_state,
2172 current_sid(), SECINITSID_KERNEL,
2173 SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, NULL);
2174 case SYSLOG_ACTION_CONSOLE_OFF:
2175 case SYSLOG_ACTION_CONSOLE_ON:
2176
2177 case SYSLOG_ACTION_CONSOLE_LEVEL:
2178 return avc_has_perm(&selinux_state,
2179 current_sid(), SECINITSID_KERNEL,
2180 SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE,
2181 NULL);
2182 }
2183
2184 return avc_has_perm(&selinux_state,
2185 current_sid(), SECINITSID_KERNEL,
2186 SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, NULL);
2187 }
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197 static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
2198 {
2199 int rc, cap_sys_admin = 0;
2200
2201 rc = cred_has_capability(current_cred(), CAP_SYS_ADMIN,
2202 CAP_OPT_NOAUDIT, true);
2203 if (rc == 0)
2204 cap_sys_admin = 1;
2205
2206 return cap_sys_admin;
2207 }
2208
2209
2210
2211 static u32 ptrace_parent_sid(void)
2212 {
2213 u32 sid = 0;
2214 struct task_struct *tracer;
2215
2216 rcu_read_lock();
2217 tracer = ptrace_parent(current);
2218 if (tracer)
2219 sid = task_sid_obj(tracer);
2220 rcu_read_unlock();
2221
2222 return sid;
2223 }
2224
2225 static int check_nnp_nosuid(const struct linux_binprm *bprm,
2226 const struct task_security_struct *old_tsec,
2227 const struct task_security_struct *new_tsec)
2228 {
2229 int nnp = (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS);
2230 int nosuid = !mnt_may_suid(bprm->file->f_path.mnt);
2231 int rc;
2232 u32 av;
2233
2234 if (!nnp && !nosuid)
2235 return 0;
2236
2237 if (new_tsec->sid == old_tsec->sid)
2238 return 0;
2239
2240
2241
2242
2243
2244
2245
2246 if (selinux_policycap_nnp_nosuid_transition()) {
2247 av = 0;
2248 if (nnp)
2249 av |= PROCESS2__NNP_TRANSITION;
2250 if (nosuid)
2251 av |= PROCESS2__NOSUID_TRANSITION;
2252 rc = avc_has_perm(&selinux_state,
2253 old_tsec->sid, new_tsec->sid,
2254 SECCLASS_PROCESS2, av, NULL);
2255 if (!rc)
2256 return 0;
2257 }
2258
2259
2260
2261
2262
2263
2264 rc = security_bounded_transition(&selinux_state, old_tsec->sid,
2265 new_tsec->sid);
2266 if (!rc)
2267 return 0;
2268
2269
2270
2271
2272
2273
2274 if (nnp)
2275 return -EPERM;
2276 return -EACCES;
2277 }
2278
2279 static int selinux_bprm_creds_for_exec(struct linux_binprm *bprm)
2280 {
2281 const struct task_security_struct *old_tsec;
2282 struct task_security_struct *new_tsec;
2283 struct inode_security_struct *isec;
2284 struct common_audit_data ad;
2285 struct inode *inode = file_inode(bprm->file);
2286 int rc;
2287
2288
2289
2290
2291 old_tsec = selinux_cred(current_cred());
2292 new_tsec = selinux_cred(bprm->cred);
2293 isec = inode_security(inode);
2294
2295
2296 new_tsec->sid = old_tsec->sid;
2297 new_tsec->osid = old_tsec->sid;
2298
2299
2300 new_tsec->create_sid = 0;
2301 new_tsec->keycreate_sid = 0;
2302 new_tsec->sockcreate_sid = 0;
2303
2304 if (old_tsec->exec_sid) {
2305 new_tsec->sid = old_tsec->exec_sid;
2306
2307 new_tsec->exec_sid = 0;
2308
2309
2310 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec);
2311 if (rc)
2312 return rc;
2313 } else {
2314
2315 rc = security_transition_sid(&selinux_state, old_tsec->sid,
2316 isec->sid, SECCLASS_PROCESS, NULL,
2317 &new_tsec->sid);
2318 if (rc)
2319 return rc;
2320
2321
2322
2323
2324
2325 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec);
2326 if (rc)
2327 new_tsec->sid = old_tsec->sid;
2328 }
2329
2330 ad.type = LSM_AUDIT_DATA_FILE;
2331 ad.u.file = bprm->file;
2332
2333 if (new_tsec->sid == old_tsec->sid) {
2334 rc = avc_has_perm(&selinux_state,
2335 old_tsec->sid, isec->sid,
2336 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2337 if (rc)
2338 return rc;
2339 } else {
2340
2341 rc = avc_has_perm(&selinux_state,
2342 old_tsec->sid, new_tsec->sid,
2343 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2344 if (rc)
2345 return rc;
2346
2347 rc = avc_has_perm(&selinux_state,
2348 new_tsec->sid, isec->sid,
2349 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2350 if (rc)
2351 return rc;
2352
2353
2354 if (bprm->unsafe & LSM_UNSAFE_SHARE) {
2355 rc = avc_has_perm(&selinux_state,
2356 old_tsec->sid, new_tsec->sid,
2357 SECCLASS_PROCESS, PROCESS__SHARE,
2358 NULL);
2359 if (rc)
2360 return -EPERM;
2361 }
2362
2363
2364
2365 if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
2366 u32 ptsid = ptrace_parent_sid();
2367 if (ptsid != 0) {
2368 rc = avc_has_perm(&selinux_state,
2369 ptsid, new_tsec->sid,
2370 SECCLASS_PROCESS,
2371 PROCESS__PTRACE, NULL);
2372 if (rc)
2373 return -EPERM;
2374 }
2375 }
2376
2377
2378 bprm->per_clear |= PER_CLEAR_ON_SETID;
2379
2380
2381
2382
2383 rc = avc_has_perm(&selinux_state,
2384 old_tsec->sid, new_tsec->sid,
2385 SECCLASS_PROCESS, PROCESS__NOATSECURE,
2386 NULL);
2387 bprm->secureexec |= !!rc;
2388 }
2389
2390 return 0;
2391 }
2392
2393 static int match_file(const void *p, struct file *file, unsigned fd)
2394 {
2395 return file_has_perm(p, file, file_to_av(file)) ? fd + 1 : 0;
2396 }
2397
2398
2399 static inline void flush_unauthorized_files(const struct cred *cred,
2400 struct files_struct *files)
2401 {
2402 struct file *file, *devnull = NULL;
2403 struct tty_struct *tty;
2404 int drop_tty = 0;
2405 unsigned n;
2406
2407 tty = get_current_tty();
2408 if (tty) {
2409 spin_lock(&tty->files_lock);
2410 if (!list_empty(&tty->tty_files)) {
2411 struct tty_file_private *file_priv;
2412
2413
2414
2415
2416
2417
2418 file_priv = list_first_entry(&tty->tty_files,
2419 struct tty_file_private, list);
2420 file = file_priv->file;
2421 if (file_path_has_perm(cred, file, FILE__READ | FILE__WRITE))
2422 drop_tty = 1;
2423 }
2424 spin_unlock(&tty->files_lock);
2425 tty_kref_put(tty);
2426 }
2427
2428 if (drop_tty)
2429 no_tty();
2430
2431
2432 n = iterate_fd(files, 0, match_file, cred);
2433 if (!n)
2434 return;
2435
2436 devnull = dentry_open(&selinux_null, O_RDWR, cred);
2437 if (IS_ERR(devnull))
2438 devnull = NULL;
2439
2440 do {
2441 replace_fd(n - 1, devnull, 0);
2442 } while ((n = iterate_fd(files, n, match_file, cred)) != 0);
2443 if (devnull)
2444 fput(devnull);
2445 }
2446
2447
2448
2449
2450 static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2451 {
2452 struct task_security_struct *new_tsec;
2453 struct rlimit *rlim, *initrlim;
2454 int rc, i;
2455
2456 new_tsec = selinux_cred(bprm->cred);
2457 if (new_tsec->sid == new_tsec->osid)
2458 return;
2459
2460
2461 flush_unauthorized_files(bprm->cred, current->files);
2462
2463
2464 current->pdeath_signal = 0;
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476 rc = avc_has_perm(&selinux_state,
2477 new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2478 PROCESS__RLIMITINH, NULL);
2479 if (rc) {
2480
2481 task_lock(current);
2482 for (i = 0; i < RLIM_NLIMITS; i++) {
2483 rlim = current->signal->rlim + i;
2484 initrlim = init_task.signal->rlim + i;
2485 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2486 }
2487 task_unlock(current);
2488 if (IS_ENABLED(CONFIG_POSIX_TIMERS))
2489 update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
2490 }
2491 }
2492
2493
2494
2495
2496
2497 static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2498 {
2499 const struct task_security_struct *tsec = selinux_cred(current_cred());
2500 u32 osid, sid;
2501 int rc;
2502
2503 osid = tsec->osid;
2504 sid = tsec->sid;
2505
2506 if (sid == osid)
2507 return;
2508
2509
2510
2511
2512
2513
2514
2515
2516 rc = avc_has_perm(&selinux_state,
2517 osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2518 if (rc) {
2519 clear_itimer();
2520
2521 spin_lock_irq(&unrcu_pointer(current->sighand)->siglock);
2522 if (!fatal_signal_pending(current)) {
2523 flush_sigqueue(¤t->pending);
2524 flush_sigqueue(¤t->signal->shared_pending);
2525 flush_signal_handlers(current, 1);
2526 sigemptyset(¤t->blocked);
2527 recalc_sigpending();
2528 }
2529 spin_unlock_irq(&unrcu_pointer(current->sighand)->siglock);
2530 }
2531
2532
2533
2534 read_lock(&tasklist_lock);
2535 __wake_up_parent(current, unrcu_pointer(current->real_parent));
2536 read_unlock(&tasklist_lock);
2537 }
2538
2539
2540
2541 static int selinux_sb_alloc_security(struct super_block *sb)
2542 {
2543 struct superblock_security_struct *sbsec = selinux_superblock(sb);
2544
2545 mutex_init(&sbsec->lock);
2546 INIT_LIST_HEAD(&sbsec->isec_head);
2547 spin_lock_init(&sbsec->isec_lock);
2548 sbsec->sid = SECINITSID_UNLABELED;
2549 sbsec->def_sid = SECINITSID_FILE;
2550 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
2551
2552 return 0;
2553 }
2554
2555 static inline int opt_len(const char *s)
2556 {
2557 bool open_quote = false;
2558 int len;
2559 char c;
2560
2561 for (len = 0; (c = s[len]) != '\0'; len++) {
2562 if (c == '"')
2563 open_quote = !open_quote;
2564 if (c == ',' && !open_quote)
2565 break;
2566 }
2567 return len;
2568 }
2569
2570 static int selinux_sb_eat_lsm_opts(char *options, void **mnt_opts)
2571 {
2572 char *from = options;
2573 char *to = options;
2574 bool first = true;
2575 int rc;
2576
2577 while (1) {
2578 int len = opt_len(from);
2579 int token;
2580 char *arg = NULL;
2581
2582 token = match_opt_prefix(from, len, &arg);
2583
2584 if (token != Opt_error) {
2585 char *p, *q;
2586
2587
2588 if (arg) {
2589 for (p = q = arg; p < from + len; p++) {
2590 char c = *p;
2591 if (c != '"')
2592 *q++ = c;
2593 }
2594 arg = kmemdup_nul(arg, q - arg, GFP_KERNEL);
2595 if (!arg) {
2596 rc = -ENOMEM;
2597 goto free_opt;
2598 }
2599 }
2600 rc = selinux_add_opt(token, arg, mnt_opts);
2601 kfree(arg);
2602 arg = NULL;
2603 if (unlikely(rc)) {
2604 goto free_opt;
2605 }
2606 } else {
2607 if (!first) {
2608 from--;
2609 len++;
2610 }
2611 if (to != from)
2612 memmove(to, from, len);
2613 to += len;
2614 first = false;
2615 }
2616 if (!from[len])
2617 break;
2618 from += len + 1;
2619 }
2620 *to = '\0';
2621 return 0;
2622
2623 free_opt:
2624 if (*mnt_opts) {
2625 selinux_free_mnt_opts(*mnt_opts);
2626 *mnt_opts = NULL;
2627 }
2628 return rc;
2629 }
2630
2631 static int selinux_sb_mnt_opts_compat(struct super_block *sb, void *mnt_opts)
2632 {
2633 struct selinux_mnt_opts *opts = mnt_opts;
2634 struct superblock_security_struct *sbsec = selinux_superblock(sb);
2635
2636
2637
2638
2639
2640 if (!(sbsec->flags & SE_SBINITIALIZED))
2641 return opts ? 1 : 0;
2642
2643
2644
2645
2646
2647 if (!opts)
2648 return (sbsec->flags & SE_MNTMASK) ? 1 : 0;
2649
2650 if (opts->fscontext_sid) {
2651 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
2652 opts->fscontext_sid))
2653 return 1;
2654 }
2655 if (opts->context_sid) {
2656 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
2657 opts->context_sid))
2658 return 1;
2659 }
2660 if (opts->rootcontext_sid) {
2661 struct inode_security_struct *root_isec;
2662
2663 root_isec = backing_inode_security(sb->s_root);
2664 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
2665 opts->rootcontext_sid))
2666 return 1;
2667 }
2668 if (opts->defcontext_sid) {
2669 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
2670 opts->defcontext_sid))
2671 return 1;
2672 }
2673 return 0;
2674 }
2675
2676 static int selinux_sb_remount(struct super_block *sb, void *mnt_opts)
2677 {
2678 struct selinux_mnt_opts *opts = mnt_opts;
2679 struct superblock_security_struct *sbsec = selinux_superblock(sb);
2680
2681 if (!(sbsec->flags & SE_SBINITIALIZED))
2682 return 0;
2683
2684 if (!opts)
2685 return 0;
2686
2687 if (opts->fscontext_sid) {
2688 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
2689 opts->fscontext_sid))
2690 goto out_bad_option;
2691 }
2692 if (opts->context_sid) {
2693 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
2694 opts->context_sid))
2695 goto out_bad_option;
2696 }
2697 if (opts->rootcontext_sid) {
2698 struct inode_security_struct *root_isec;
2699 root_isec = backing_inode_security(sb->s_root);
2700 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
2701 opts->rootcontext_sid))
2702 goto out_bad_option;
2703 }
2704 if (opts->defcontext_sid) {
2705 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
2706 opts->defcontext_sid))
2707 goto out_bad_option;
2708 }
2709 return 0;
2710
2711 out_bad_option:
2712 pr_warn("SELinux: unable to change security options "
2713 "during remount (dev %s, type=%s)\n", sb->s_id,
2714 sb->s_type->name);
2715 return -EINVAL;
2716 }
2717
2718 static int selinux_sb_kern_mount(struct super_block *sb)
2719 {
2720 const struct cred *cred = current_cred();
2721 struct common_audit_data ad;
2722
2723 ad.type = LSM_AUDIT_DATA_DENTRY;
2724 ad.u.dentry = sb->s_root;
2725 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2726 }
2727
2728 static int selinux_sb_statfs(struct dentry *dentry)
2729 {
2730 const struct cred *cred = current_cred();
2731 struct common_audit_data ad;
2732
2733 ad.type = LSM_AUDIT_DATA_DENTRY;
2734 ad.u.dentry = dentry->d_sb->s_root;
2735 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2736 }
2737
2738 static int selinux_mount(const char *dev_name,
2739 const struct path *path,
2740 const char *type,
2741 unsigned long flags,
2742 void *data)
2743 {
2744 const struct cred *cred = current_cred();
2745
2746 if (flags & MS_REMOUNT)
2747 return superblock_has_perm(cred, path->dentry->d_sb,
2748 FILESYSTEM__REMOUNT, NULL);
2749 else
2750 return path_has_perm(cred, path, FILE__MOUNTON);
2751 }
2752
2753 static int selinux_move_mount(const struct path *from_path,
2754 const struct path *to_path)
2755 {
2756 const struct cred *cred = current_cred();
2757
2758 return path_has_perm(cred, to_path, FILE__MOUNTON);
2759 }
2760
2761 static int selinux_umount(struct vfsmount *mnt, int flags)
2762 {
2763 const struct cred *cred = current_cred();
2764
2765 return superblock_has_perm(cred, mnt->mnt_sb,
2766 FILESYSTEM__UNMOUNT, NULL);
2767 }
2768
2769 static int selinux_fs_context_dup(struct fs_context *fc,
2770 struct fs_context *src_fc)
2771 {
2772 const struct selinux_mnt_opts *src = src_fc->security;
2773
2774 if (!src)
2775 return 0;
2776
2777 fc->security = kmemdup(src, sizeof(*src), GFP_KERNEL);
2778 return fc->security ? 0 : -ENOMEM;
2779 }
2780
2781 static const struct fs_parameter_spec selinux_fs_parameters[] = {
2782 fsparam_string(CONTEXT_STR, Opt_context),
2783 fsparam_string(DEFCONTEXT_STR, Opt_defcontext),
2784 fsparam_string(FSCONTEXT_STR, Opt_fscontext),
2785 fsparam_string(ROOTCONTEXT_STR, Opt_rootcontext),
2786 fsparam_flag (SECLABEL_STR, Opt_seclabel),
2787 {}
2788 };
2789
2790 static int selinux_fs_context_parse_param(struct fs_context *fc,
2791 struct fs_parameter *param)
2792 {
2793 struct fs_parse_result result;
2794 int opt;
2795
2796 opt = fs_parse(fc, selinux_fs_parameters, param, &result);
2797 if (opt < 0)
2798 return opt;
2799
2800 return selinux_add_opt(opt, param->string, &fc->security);
2801 }
2802
2803
2804
2805 static int selinux_inode_alloc_security(struct inode *inode)
2806 {
2807 struct inode_security_struct *isec = selinux_inode(inode);
2808 u32 sid = current_sid();
2809
2810 spin_lock_init(&isec->lock);
2811 INIT_LIST_HEAD(&isec->list);
2812 isec->inode = inode;
2813 isec->sid = SECINITSID_UNLABELED;
2814 isec->sclass = SECCLASS_FILE;
2815 isec->task_sid = sid;
2816 isec->initialized = LABEL_INVALID;
2817
2818 return 0;
2819 }
2820
2821 static void selinux_inode_free_security(struct inode *inode)
2822 {
2823 inode_free_security(inode);
2824 }
2825
2826 static int selinux_dentry_init_security(struct dentry *dentry, int mode,
2827 const struct qstr *name,
2828 const char **xattr_name, void **ctx,
2829 u32 *ctxlen)
2830 {
2831 u32 newsid;
2832 int rc;
2833
2834 rc = selinux_determine_inode_label(selinux_cred(current_cred()),
2835 d_inode(dentry->d_parent), name,
2836 inode_mode_to_security_class(mode),
2837 &newsid);
2838 if (rc)
2839 return rc;
2840
2841 if (xattr_name)
2842 *xattr_name = XATTR_NAME_SELINUX;
2843
2844 return security_sid_to_context(&selinux_state, newsid, (char **)ctx,
2845 ctxlen);
2846 }
2847
2848 static int selinux_dentry_create_files_as(struct dentry *dentry, int mode,
2849 struct qstr *name,
2850 const struct cred *old,
2851 struct cred *new)
2852 {
2853 u32 newsid;
2854 int rc;
2855 struct task_security_struct *tsec;
2856
2857 rc = selinux_determine_inode_label(selinux_cred(old),
2858 d_inode(dentry->d_parent), name,
2859 inode_mode_to_security_class(mode),
2860 &newsid);
2861 if (rc)
2862 return rc;
2863
2864 tsec = selinux_cred(new);
2865 tsec->create_sid = newsid;
2866 return 0;
2867 }
2868
2869 static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2870 const struct qstr *qstr,
2871 const char **name,
2872 void **value, size_t *len)
2873 {
2874 const struct task_security_struct *tsec = selinux_cred(current_cred());
2875 struct superblock_security_struct *sbsec;
2876 u32 newsid, clen;
2877 int rc;
2878 char *context;
2879
2880 sbsec = selinux_superblock(dir->i_sb);
2881
2882 newsid = tsec->create_sid;
2883
2884 rc = selinux_determine_inode_label(tsec, dir, qstr,
2885 inode_mode_to_security_class(inode->i_mode),
2886 &newsid);
2887 if (rc)
2888 return rc;
2889
2890
2891 if (sbsec->flags & SE_SBINITIALIZED) {
2892 struct inode_security_struct *isec = selinux_inode(inode);
2893 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2894 isec->sid = newsid;
2895 isec->initialized = LABEL_INITIALIZED;
2896 }
2897
2898 if (!selinux_initialized(&selinux_state) ||
2899 !(sbsec->flags & SBLABEL_MNT))
2900 return -EOPNOTSUPP;
2901
2902 if (name)
2903 *name = XATTR_SELINUX_SUFFIX;
2904
2905 if (value && len) {
2906 rc = security_sid_to_context_force(&selinux_state, newsid,
2907 &context, &clen);
2908 if (rc)
2909 return rc;
2910 *value = context;
2911 *len = clen;
2912 }
2913
2914 return 0;
2915 }
2916
2917 static int selinux_inode_init_security_anon(struct inode *inode,
2918 const struct qstr *name,
2919 const struct inode *context_inode)
2920 {
2921 const struct task_security_struct *tsec = selinux_cred(current_cred());
2922 struct common_audit_data ad;
2923 struct inode_security_struct *isec;
2924 int rc;
2925
2926 if (unlikely(!selinux_initialized(&selinux_state)))
2927 return 0;
2928
2929 isec = selinux_inode(inode);
2930
2931
2932
2933
2934
2935
2936
2937 if (context_inode) {
2938 struct inode_security_struct *context_isec =
2939 selinux_inode(context_inode);
2940 if (context_isec->initialized != LABEL_INITIALIZED) {
2941 pr_err("SELinux: context_inode is not initialized");
2942 return -EACCES;
2943 }
2944
2945 isec->sclass = context_isec->sclass;
2946 isec->sid = context_isec->sid;
2947 } else {
2948 isec->sclass = SECCLASS_ANON_INODE;
2949 rc = security_transition_sid(
2950 &selinux_state, tsec->sid, tsec->sid,
2951 isec->sclass, name, &isec->sid);
2952 if (rc)
2953 return rc;
2954 }
2955
2956 isec->initialized = LABEL_INITIALIZED;
2957
2958
2959
2960
2961
2962 ad.type = LSM_AUDIT_DATA_ANONINODE;
2963 ad.u.anonclass = name ? (const char *)name->name : "?";
2964
2965 return avc_has_perm(&selinux_state,
2966 tsec->sid,
2967 isec->sid,
2968 isec->sclass,
2969 FILE__CREATE,
2970 &ad);
2971 }
2972
2973 static int selinux_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)
2974 {
2975 return may_create(dir, dentry, SECCLASS_FILE);
2976 }
2977
2978 static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2979 {
2980 return may_link(dir, old_dentry, MAY_LINK);
2981 }
2982
2983 static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
2984 {
2985 return may_link(dir, dentry, MAY_UNLINK);
2986 }
2987
2988 static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2989 {
2990 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2991 }
2992
2993 static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mask)
2994 {
2995 return may_create(dir, dentry, SECCLASS_DIR);
2996 }
2997
2998 static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2999 {
3000 return may_link(dir, dentry, MAY_RMDIR);
3001 }
3002
3003 static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
3004 {
3005 return may_create(dir, dentry, inode_mode_to_security_class(mode));
3006 }
3007
3008 static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
3009 struct inode *new_inode, struct dentry *new_dentry)
3010 {
3011 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
3012 }
3013
3014 static int selinux_inode_readlink(struct dentry *dentry)
3015 {
3016 const struct cred *cred = current_cred();
3017
3018 return dentry_has_perm(cred, dentry, FILE__READ);
3019 }
3020
3021 static int selinux_inode_follow_link(struct dentry *dentry, struct inode *inode,
3022 bool rcu)
3023 {
3024 const struct cred *cred = current_cred();
3025 struct common_audit_data ad;
3026 struct inode_security_struct *isec;
3027 u32 sid;
3028
3029 validate_creds(cred);
3030
3031 ad.type = LSM_AUDIT_DATA_DENTRY;
3032 ad.u.dentry = dentry;
3033 sid = cred_sid(cred);
3034 isec = inode_security_rcu(inode, rcu);
3035 if (IS_ERR(isec))
3036 return PTR_ERR(isec);
3037
3038 return avc_has_perm(&selinux_state,
3039 sid, isec->sid, isec->sclass, FILE__READ, &ad);
3040 }
3041
3042 static noinline int audit_inode_permission(struct inode *inode,
3043 u32 perms, u32 audited, u32 denied,
3044 int result)
3045 {
3046 struct common_audit_data ad;
3047 struct inode_security_struct *isec = selinux_inode(inode);
3048
3049 ad.type = LSM_AUDIT_DATA_INODE;
3050 ad.u.inode = inode;
3051
3052 return slow_avc_audit(&selinux_state,
3053 current_sid(), isec->sid, isec->sclass, perms,
3054 audited, denied, result, &ad);
3055 }
3056
3057 static int selinux_inode_permission(struct inode *inode, int mask)
3058 {
3059 const struct cred *cred = current_cred();
3060 u32 perms;
3061 bool from_access;
3062 bool no_block = mask & MAY_NOT_BLOCK;
3063 struct inode_security_struct *isec;
3064 u32 sid;
3065 struct av_decision avd;
3066 int rc, rc2;
3067 u32 audited, denied;
3068
3069 from_access = mask & MAY_ACCESS;
3070 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
3071
3072
3073 if (!mask)
3074 return 0;
3075
3076 validate_creds(cred);
3077
3078 if (unlikely(IS_PRIVATE(inode)))
3079 return 0;
3080
3081 perms = file_mask_to_av(inode->i_mode, mask);
3082
3083 sid = cred_sid(cred);
3084 isec = inode_security_rcu(inode, no_block);
3085 if (IS_ERR(isec))
3086 return PTR_ERR(isec);
3087
3088 rc = avc_has_perm_noaudit(&selinux_state,
3089 sid, isec->sid, isec->sclass, perms, 0,
3090 &avd);
3091 audited = avc_audit_required(perms, &avd, rc,
3092 from_access ? FILE__AUDIT_ACCESS : 0,
3093 &denied);
3094 if (likely(!audited))
3095 return rc;
3096
3097 rc2 = audit_inode_permission(inode, perms, audited, denied, rc);
3098 if (rc2)
3099 return rc2;
3100 return rc;
3101 }
3102
3103 static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
3104 {
3105 const struct cred *cred = current_cred();
3106 struct inode *inode = d_backing_inode(dentry);
3107 unsigned int ia_valid = iattr->ia_valid;
3108 __u32 av = FILE__WRITE;
3109
3110
3111 if (ia_valid & ATTR_FORCE) {
3112 ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_MODE |
3113 ATTR_FORCE);
3114 if (!ia_valid)
3115 return 0;
3116 }
3117
3118 if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
3119 ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
3120 return dentry_has_perm(cred, dentry, FILE__SETATTR);
3121
3122 if (selinux_policycap_openperm() &&
3123 inode->i_sb->s_magic != SOCKFS_MAGIC &&
3124 (ia_valid & ATTR_SIZE) &&
3125 !(ia_valid & ATTR_FILE))
3126 av |= FILE__OPEN;
3127
3128 return dentry_has_perm(cred, dentry, av);
3129 }
3130
3131 static int selinux_inode_getattr(const struct path *path)
3132 {
3133 return path_has_perm(current_cred(), path, FILE__GETATTR);
3134 }
3135
3136 static bool has_cap_mac_admin(bool audit)
3137 {
3138 const struct cred *cred = current_cred();
3139 unsigned int opts = audit ? CAP_OPT_NONE : CAP_OPT_NOAUDIT;
3140
3141 if (cap_capable(cred, &init_user_ns, CAP_MAC_ADMIN, opts))
3142 return false;
3143 if (cred_has_capability(cred, CAP_MAC_ADMIN, opts, true))
3144 return false;
3145 return true;
3146 }
3147
3148 static int selinux_inode_setxattr(struct user_namespace *mnt_userns,
3149 struct dentry *dentry, const char *name,
3150 const void *value, size_t size, int flags)
3151 {
3152 struct inode *inode = d_backing_inode(dentry);
3153 struct inode_security_struct *isec;
3154 struct superblock_security_struct *sbsec;
3155 struct common_audit_data ad;
3156 u32 newsid, sid = current_sid();
3157 int rc = 0;
3158
3159 if (strcmp(name, XATTR_NAME_SELINUX)) {
3160 rc = cap_inode_setxattr(dentry, name, value, size, flags);
3161 if (rc)
3162 return rc;
3163
3164
3165
3166 return dentry_has_perm(current_cred(), dentry, FILE__SETATTR);
3167 }
3168
3169 if (!selinux_initialized(&selinux_state))
3170 return (inode_owner_or_capable(mnt_userns, inode) ? 0 : -EPERM);
3171
3172 sbsec = selinux_superblock(inode->i_sb);
3173 if (!(sbsec->flags & SBLABEL_MNT))
3174 return -EOPNOTSUPP;
3175
3176 if (!inode_owner_or_capable(mnt_userns, inode))
3177 return -EPERM;
3178
3179 ad.type = LSM_AUDIT_DATA_DENTRY;
3180 ad.u.dentry = dentry;
3181
3182 isec = backing_inode_security(dentry);
3183 rc = avc_has_perm(&selinux_state,
3184 sid, isec->sid, isec->sclass,
3185 FILE__RELABELFROM, &ad);
3186 if (rc)
3187 return rc;
3188
3189 rc = security_context_to_sid(&selinux_state, value, size, &newsid,
3190 GFP_KERNEL);
3191 if (rc == -EINVAL) {
3192 if (!has_cap_mac_admin(true)) {
3193 struct audit_buffer *ab;
3194 size_t audit_size;
3195
3196
3197
3198 if (value) {
3199 const char *str = value;
3200
3201 if (str[size - 1] == '\0')
3202 audit_size = size - 1;
3203 else
3204 audit_size = size;
3205 } else {
3206 audit_size = 0;
3207 }
3208 ab = audit_log_start(audit_context(),
3209 GFP_ATOMIC, AUDIT_SELINUX_ERR);
3210 if (!ab)
3211 return rc;
3212 audit_log_format(ab, "op=setxattr invalid_context=");
3213 audit_log_n_untrustedstring(ab, value, audit_size);
3214 audit_log_end(ab);
3215
3216 return rc;
3217 }
3218 rc = security_context_to_sid_force(&selinux_state, value,
3219 size, &newsid);
3220 }
3221 if (rc)
3222 return rc;
3223
3224 rc = avc_has_perm(&selinux_state,
3225 sid, newsid, isec->sclass,
3226 FILE__RELABELTO, &ad);
3227 if (rc)
3228 return rc;
3229
3230 rc = security_validate_transition(&selinux_state, isec->sid, newsid,
3231 sid, isec->sclass);
3232 if (rc)
3233 return rc;
3234
3235 return avc_has_perm(&selinux_state,
3236 newsid,
3237 sbsec->sid,
3238 SECCLASS_FILESYSTEM,
3239 FILESYSTEM__ASSOCIATE,
3240 &ad);
3241 }
3242
3243 static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
3244 const void *value, size_t size,
3245 int flags)
3246 {
3247 struct inode *inode = d_backing_inode(dentry);
3248 struct inode_security_struct *isec;
3249 u32 newsid;
3250 int rc;
3251
3252 if (strcmp(name, XATTR_NAME_SELINUX)) {
3253
3254 return;
3255 }
3256
3257 if (!selinux_initialized(&selinux_state)) {
3258
3259
3260
3261
3262
3263 return;
3264 }
3265
3266 rc = security_context_to_sid_force(&selinux_state, value, size,
3267 &newsid);
3268 if (rc) {
3269 pr_err("SELinux: unable to map context to SID"
3270 "for (%s, %lu), rc=%d\n",
3271 inode->i_sb->s_id, inode->i_ino, -rc);
3272 return;
3273 }
3274
3275 isec = backing_inode_security(dentry);
3276 spin_lock(&isec->lock);
3277 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3278 isec->sid = newsid;
3279 isec->initialized = LABEL_INITIALIZED;
3280 spin_unlock(&isec->lock);
3281 }
3282
3283 static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
3284 {
3285 const struct cred *cred = current_cred();
3286
3287 return dentry_has_perm(cred, dentry, FILE__GETATTR);
3288 }
3289
3290 static int selinux_inode_listxattr(struct dentry *dentry)
3291 {
3292 const struct cred *cred = current_cred();
3293
3294 return dentry_has_perm(cred, dentry, FILE__GETATTR);
3295 }
3296
3297 static int selinux_inode_removexattr(struct user_namespace *mnt_userns,
3298 struct dentry *dentry, const char *name)
3299 {
3300 if (strcmp(name, XATTR_NAME_SELINUX)) {
3301 int rc = cap_inode_removexattr(mnt_userns, dentry, name);
3302 if (rc)
3303 return rc;
3304
3305
3306
3307 return dentry_has_perm(current_cred(), dentry, FILE__SETATTR);
3308 }
3309
3310 if (!selinux_initialized(&selinux_state))
3311 return 0;
3312
3313
3314
3315 return -EACCES;
3316 }
3317
3318 static int selinux_path_notify(const struct path *path, u64 mask,
3319 unsigned int obj_type)
3320 {
3321 int ret;
3322 u32 perm;
3323
3324 struct common_audit_data ad;
3325
3326 ad.type = LSM_AUDIT_DATA_PATH;
3327 ad.u.path = *path;
3328
3329
3330
3331
3332
3333 switch (obj_type) {
3334 case FSNOTIFY_OBJ_TYPE_VFSMOUNT:
3335 perm = FILE__WATCH_MOUNT;
3336 break;
3337 case FSNOTIFY_OBJ_TYPE_SB:
3338 perm = FILE__WATCH_SB;
3339 ret = superblock_has_perm(current_cred(), path->dentry->d_sb,
3340 FILESYSTEM__WATCH, &ad);
3341 if (ret)
3342 return ret;
3343 break;
3344 case FSNOTIFY_OBJ_TYPE_INODE:
3345 perm = FILE__WATCH;
3346 break;
3347 default:
3348 return -EINVAL;
3349 }
3350
3351
3352 if (mask & (ALL_FSNOTIFY_PERM_EVENTS))
3353 perm |= FILE__WATCH_WITH_PERM;
3354
3355
3356 if (mask & (FS_ACCESS | FS_ACCESS_PERM | FS_CLOSE_NOWRITE))
3357 perm |= FILE__WATCH_READS;
3358
3359 return path_has_perm(current_cred(), path, perm);
3360 }
3361
3362
3363
3364
3365
3366
3367 static int selinux_inode_getsecurity(struct user_namespace *mnt_userns,
3368 struct inode *inode, const char *name,
3369 void **buffer, bool alloc)
3370 {
3371 u32 size;
3372 int error;
3373 char *context = NULL;
3374 struct inode_security_struct *isec;
3375
3376
3377
3378
3379
3380 if (!selinux_initialized(&selinux_state) ||
3381 strcmp(name, XATTR_SELINUX_SUFFIX))
3382 return -EOPNOTSUPP;
3383
3384
3385
3386
3387
3388
3389
3390
3391
3392
3393 isec = inode_security(inode);
3394 if (has_cap_mac_admin(false))
3395 error = security_sid_to_context_force(&selinux_state,
3396 isec->sid, &context,
3397 &size);
3398 else
3399 error = security_sid_to_context(&selinux_state, isec->sid,
3400 &context, &size);
3401 if (error)
3402 return error;
3403 error = size;
3404 if (alloc) {
3405 *buffer = context;
3406 goto out_nofree;
3407 }
3408 kfree(context);
3409 out_nofree:
3410 return error;
3411 }
3412
3413 static int selinux_inode_setsecurity(struct inode *inode, const char *name,
3414 const void *value, size_t size, int flags)
3415 {
3416 struct inode_security_struct *isec = inode_security_novalidate(inode);
3417 struct superblock_security_struct *sbsec;
3418 u32 newsid;
3419 int rc;
3420
3421 if (strcmp(name, XATTR_SELINUX_SUFFIX))
3422 return -EOPNOTSUPP;
3423
3424 sbsec = selinux_superblock(inode->i_sb);
3425 if (!(sbsec->flags & SBLABEL_MNT))
3426 return -EOPNOTSUPP;
3427
3428 if (!value || !size)
3429 return -EACCES;
3430
3431 rc = security_context_to_sid(&selinux_state, value, size, &newsid,
3432 GFP_KERNEL);
3433 if (rc)
3434 return rc;
3435
3436 spin_lock(&isec->lock);
3437 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3438 isec->sid = newsid;
3439 isec->initialized = LABEL_INITIALIZED;
3440 spin_unlock(&isec->lock);
3441 return 0;
3442 }
3443
3444 static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
3445 {
3446 const int len = sizeof(XATTR_NAME_SELINUX);
3447
3448 if (!selinux_initialized(&selinux_state))
3449 return 0;
3450
3451 if (buffer && len <= buffer_size)
3452 memcpy(buffer, XATTR_NAME_SELINUX, len);
3453 return len;
3454 }
3455
3456 static void selinux_inode_getsecid(struct inode *inode, u32 *secid)
3457 {
3458 struct inode_security_struct *isec = inode_security_novalidate(inode);
3459 *secid = isec->sid;
3460 }
3461
3462 static int selinux_inode_copy_up(struct dentry *src, struct cred **new)
3463 {
3464 u32 sid;
3465 struct task_security_struct *tsec;
3466 struct cred *new_creds = *new;
3467
3468 if (new_creds == NULL) {
3469 new_creds = prepare_creds();
3470 if (!new_creds)
3471 return -ENOMEM;
3472 }
3473
3474 tsec = selinux_cred(new_creds);
3475
3476 selinux_inode_getsecid(d_inode(src), &sid);
3477 tsec->create_sid = sid;
3478 *new = new_creds;
3479 return 0;
3480 }
3481
3482 static int selinux_inode_copy_up_xattr(const char *name)
3483 {
3484
3485
3486
3487
3488 if (strcmp(name, XATTR_NAME_SELINUX) == 0)
3489 return 1;
3490
3491
3492
3493
3494 return -EOPNOTSUPP;
3495 }
3496
3497
3498
3499 static int selinux_kernfs_init_security(struct kernfs_node *kn_dir,
3500 struct kernfs_node *kn)
3501 {
3502 const struct task_security_struct *tsec = selinux_cred(current_cred());
3503 u32 parent_sid, newsid, clen;
3504 int rc;
3505 char *context;
3506
3507 rc = kernfs_xattr_get(kn_dir, XATTR_NAME_SELINUX, NULL, 0);
3508 if (rc == -ENODATA)
3509 return 0;
3510 else if (rc < 0)
3511 return rc;
3512
3513 clen = (u32)rc;
3514 context = kmalloc(clen, GFP_KERNEL);
3515 if (!context)
3516 return -ENOMEM;
3517
3518 rc = kernfs_xattr_get(kn_dir, XATTR_NAME_SELINUX, context, clen);
3519 if (rc < 0) {
3520 kfree(context);
3521 return rc;
3522 }
3523
3524 rc = security_context_to_sid(&selinux_state, context, clen, &parent_sid,
3525 GFP_KERNEL);
3526 kfree(context);
3527 if (rc)
3528 return rc;
3529
3530 if (tsec->create_sid) {
3531 newsid = tsec->create_sid;
3532 } else {
3533 u16 secclass = inode_mode_to_security_class(kn->mode);
3534 struct qstr q;
3535
3536 q.name = kn->name;
3537 q.hash_len = hashlen_string(kn_dir, kn->name);
3538
3539 rc = security_transition_sid(&selinux_state, tsec->sid,
3540 parent_sid, secclass, &q,
3541 &newsid);
3542 if (rc)
3543 return rc;
3544 }
3545
3546 rc = security_sid_to_context_force(&selinux_state, newsid,
3547 &context, &clen);
3548 if (rc)
3549 return rc;
3550
3551 rc = kernfs_xattr_set(kn, XATTR_NAME_SELINUX, context, clen,
3552 XATTR_CREATE);
3553 kfree(context);
3554 return rc;
3555 }
3556
3557
3558
3559
3560 static int selinux_revalidate_file_permission(struct file *file, int mask)
3561 {
3562 const struct cred *cred = current_cred();
3563 struct inode *inode = file_inode(file);
3564
3565
3566 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
3567 mask |= MAY_APPEND;
3568
3569 return file_has_perm(cred, file,
3570 file_mask_to_av(inode->i_mode, mask));
3571 }
3572
3573 static int selinux_file_permission(struct file *file, int mask)
3574 {
3575 struct inode *inode = file_inode(file);
3576 struct file_security_struct *fsec = selinux_file(file);
3577 struct inode_security_struct *isec;
3578 u32 sid = current_sid();
3579
3580 if (!mask)
3581
3582 return 0;
3583
3584 isec = inode_security(inode);
3585 if (sid == fsec->sid && fsec->isid == isec->sid &&
3586 fsec->pseqno == avc_policy_seqno(&selinux_state))
3587
3588 return 0;
3589
3590 return selinux_revalidate_file_permission(file, mask);
3591 }
3592
3593 static int selinux_file_alloc_security(struct file *file)
3594 {
3595 struct file_security_struct *fsec = selinux_file(file);
3596 u32 sid = current_sid();
3597
3598 fsec->sid = sid;
3599 fsec->fown_sid = sid;
3600
3601 return 0;
3602 }
3603
3604
3605
3606
3607
3608 static int ioctl_has_perm(const struct cred *cred, struct file *file,
3609 u32 requested, u16 cmd)
3610 {
3611 struct common_audit_data ad;
3612 struct file_security_struct *fsec = selinux_file(file);
3613 struct inode *inode = file_inode(file);
3614 struct inode_security_struct *isec;
3615 struct lsm_ioctlop_audit ioctl;
3616 u32 ssid = cred_sid(cred);
3617 int rc;
3618 u8 driver = cmd >> 8;
3619 u8 xperm = cmd & 0xff;
3620
3621 ad.type = LSM_AUDIT_DATA_IOCTL_OP;
3622 ad.u.op = &ioctl;
3623 ad.u.op->cmd = cmd;
3624 ad.u.op->path = file->f_path;
3625
3626 if (ssid != fsec->sid) {
3627 rc = avc_has_perm(&selinux_state,
3628 ssid, fsec->sid,
3629 SECCLASS_FD,
3630 FD__USE,
3631 &ad);
3632 if (rc)
3633 goto out;
3634 }
3635
3636 if (unlikely(IS_PRIVATE(inode)))
3637 return 0;
3638
3639 isec = inode_security(inode);
3640 rc = avc_has_extended_perms(&selinux_state,
3641 ssid, isec->sid, isec->sclass,
3642 requested, driver, xperm, &ad);
3643 out:
3644 return rc;
3645 }
3646
3647 static int selinux_file_ioctl(struct file *file, unsigned int cmd,
3648 unsigned long arg)
3649 {
3650 const struct cred *cred = current_cred();
3651 int error = 0;
3652
3653 switch (cmd) {
3654 case FIONREAD:
3655 case FIBMAP:
3656 case FIGETBSZ:
3657 case FS_IOC_GETFLAGS:
3658 case FS_IOC_GETVERSION:
3659 error = file_has_perm(cred, file, FILE__GETATTR);
3660 break;
3661
3662 case FS_IOC_SETFLAGS:
3663 case FS_IOC_SETVERSION:
3664 error = file_has_perm(cred, file, FILE__SETATTR);
3665 break;
3666
3667
3668 case FIONBIO:
3669 case FIOASYNC:
3670 error = file_has_perm(cred, file, 0);
3671 break;
3672
3673 case KDSKBENT:
3674 case KDSKBSENT:
3675 error = cred_has_capability(cred, CAP_SYS_TTY_CONFIG,
3676 CAP_OPT_NONE, true);
3677 break;
3678
3679 case FIOCLEX:
3680 case FIONCLEX:
3681 if (!selinux_policycap_ioctl_skip_cloexec())
3682 error = ioctl_has_perm(cred, file, FILE__IOCTL, (u16) cmd);
3683 break;
3684
3685
3686
3687
3688 default:
3689 error = ioctl_has_perm(cred, file, FILE__IOCTL, (u16) cmd);
3690 }
3691 return error;
3692 }
3693
3694 static int default_noexec __ro_after_init;
3695
3696 static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
3697 {
3698 const struct cred *cred = current_cred();
3699 u32 sid = cred_sid(cred);
3700 int rc = 0;
3701
3702 if (default_noexec &&
3703 (prot & PROT_EXEC) && (!file || IS_PRIVATE(file_inode(file)) ||
3704 (!shared && (prot & PROT_WRITE)))) {
3705
3706
3707
3708
3709
3710 rc = avc_has_perm(&selinux_state,
3711 sid, sid, SECCLASS_PROCESS,
3712 PROCESS__EXECMEM, NULL);
3713 if (rc)
3714 goto error;
3715 }
3716
3717 if (file) {
3718
3719 u32 av = FILE__READ;
3720
3721
3722 if (shared && (prot & PROT_WRITE))
3723 av |= FILE__WRITE;
3724
3725 if (prot & PROT_EXEC)
3726 av |= FILE__EXECUTE;
3727
3728 return file_has_perm(cred, file, av);
3729 }
3730
3731 error:
3732 return rc;
3733 }
3734
3735 static int selinux_mmap_addr(unsigned long addr)
3736 {
3737 int rc = 0;
3738
3739 if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
3740 u32 sid = current_sid();
3741 rc = avc_has_perm(&selinux_state,
3742 sid, sid, SECCLASS_MEMPROTECT,
3743 MEMPROTECT__MMAP_ZERO, NULL);
3744 }
3745
3746 return rc;
3747 }
3748
3749 static int selinux_mmap_file(struct file *file, unsigned long reqprot,
3750 unsigned long prot, unsigned long flags)
3751 {
3752 struct common_audit_data ad;
3753 int rc;
3754
3755 if (file) {
3756 ad.type = LSM_AUDIT_DATA_FILE;
3757 ad.u.file = file;
3758 rc = inode_has_perm(current_cred(), file_inode(file),
3759 FILE__MAP, &ad);
3760 if (rc)
3761 return rc;
3762 }
3763
3764 if (checkreqprot_get(&selinux_state))
3765 prot = reqprot;
3766
3767 return file_map_prot_check(file, prot,
3768 (flags & MAP_TYPE) == MAP_SHARED);
3769 }
3770
3771 static int selinux_file_mprotect(struct vm_area_struct *vma,
3772 unsigned long reqprot,
3773 unsigned long prot)
3774 {
3775 const struct cred *cred = current_cred();
3776 u32 sid = cred_sid(cred);
3777
3778 if (checkreqprot_get(&selinux_state))
3779 prot = reqprot;
3780
3781 if (default_noexec &&
3782 (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
3783 int rc = 0;
3784 if (vma->vm_start >= vma->vm_mm->start_brk &&
3785 vma->vm_end <= vma->vm_mm->brk) {
3786 rc = avc_has_perm(&selinux_state,
3787 sid, sid, SECCLASS_PROCESS,
3788 PROCESS__EXECHEAP, NULL);
3789 } else if (!vma->vm_file &&
3790 ((vma->vm_start <= vma->vm_mm->start_stack &&
3791 vma->vm_end >= vma->vm_mm->start_stack) ||
3792 vma_is_stack_for_current(vma))) {
3793 rc = avc_has_perm(&selinux_state,
3794 sid, sid, SECCLASS_PROCESS,
3795 PROCESS__EXECSTACK, NULL);
3796 } else if (vma->vm_file && vma->anon_vma) {
3797
3798
3799
3800
3801
3802
3803
3804 rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);
3805 }
3806 if (rc)
3807 return rc;
3808 }
3809
3810 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
3811 }
3812
3813 static int selinux_file_lock(struct file *file, unsigned int cmd)
3814 {
3815 const struct cred *cred = current_cred();
3816
3817 return file_has_perm(cred, file, FILE__LOCK);
3818 }
3819
3820 static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3821 unsigned long arg)
3822 {
3823 const struct cred *cred = current_cred();
3824 int err = 0;
3825
3826 switch (cmd) {
3827 case F_SETFL:
3828 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3829 err = file_has_perm(cred, file, FILE__WRITE);
3830 break;
3831 }
3832 fallthrough;
3833 case F_SETOWN:
3834 case F_SETSIG:
3835 case F_GETFL:
3836 case F_GETOWN:
3837 case F_GETSIG:
3838 case F_GETOWNER_UIDS:
3839
3840 err = file_has_perm(cred, file, 0);
3841 break;
3842 case F_GETLK:
3843 case F_SETLK:
3844 case F_SETLKW:
3845 case F_OFD_GETLK:
3846 case F_OFD_SETLK:
3847 case F_OFD_SETLKW:
3848 #if BITS_PER_LONG == 32
3849 case F_GETLK64:
3850 case F_SETLK64:
3851 case F_SETLKW64:
3852 #endif
3853 err = file_has_perm(cred, file, FILE__LOCK);
3854 break;
3855 }
3856
3857 return err;
3858 }
3859
3860 static void selinux_file_set_fowner(struct file *file)
3861 {
3862 struct file_security_struct *fsec;
3863
3864 fsec = selinux_file(file);
3865 fsec->fown_sid = current_sid();
3866 }
3867
3868 static int selinux_file_send_sigiotask(struct task_struct *tsk,
3869 struct fown_struct *fown, int signum)
3870 {
3871 struct file *file;
3872 u32 sid = task_sid_obj(tsk);
3873 u32 perm;
3874 struct file_security_struct *fsec;
3875
3876
3877 file = container_of(fown, struct file, f_owner);
3878
3879 fsec = selinux_file(file);
3880
3881 if (!signum)
3882 perm = signal_to_av(SIGIO);
3883 else
3884 perm = signal_to_av(signum);
3885
3886 return avc_has_perm(&selinux_state,
3887 fsec->fown_sid, sid,
3888 SECCLASS_PROCESS, perm, NULL);
3889 }
3890
3891 static int selinux_file_receive(struct file *file)
3892 {
3893 const struct cred *cred = current_cred();
3894
3895 return file_has_perm(cred, file, file_to_av(file));
3896 }
3897
3898 static int selinux_file_open(struct file *file)
3899 {
3900 struct file_security_struct *fsec;
3901 struct inode_security_struct *isec;
3902
3903 fsec = selinux_file(file);
3904 isec = inode_security(file_inode(file));
3905
3906
3907
3908
3909
3910
3911
3912 fsec->isid = isec->sid;
3913 fsec->pseqno = avc_policy_seqno(&selinux_state);
3914
3915
3916
3917
3918
3919
3920
3921
3922 return file_path_has_perm(file->f_cred, file, open_file_to_av(file));
3923 }
3924
3925
3926
3927 static int selinux_task_alloc(struct task_struct *task,
3928 unsigned long clone_flags)
3929 {
3930 u32 sid = current_sid();
3931
3932 return avc_has_perm(&selinux_state,
3933 sid, sid, SECCLASS_PROCESS, PROCESS__FORK, NULL);
3934 }
3935
3936
3937
3938
3939 static int selinux_cred_prepare(struct cred *new, const struct cred *old,
3940 gfp_t gfp)
3941 {
3942 const struct task_security_struct *old_tsec = selinux_cred(old);
3943 struct task_security_struct *tsec = selinux_cred(new);
3944
3945 *tsec = *old_tsec;
3946 return 0;
3947 }
3948
3949
3950
3951
3952 static void selinux_cred_transfer(struct cred *new, const struct cred *old)
3953 {
3954 const struct task_security_struct *old_tsec = selinux_cred(old);
3955 struct task_security_struct *tsec = selinux_cred(new);
3956
3957 *tsec = *old_tsec;
3958 }
3959
3960 static void selinux_cred_getsecid(const struct cred *c, u32 *secid)
3961 {
3962 *secid = cred_sid(c);
3963 }
3964
3965
3966
3967
3968
3969 static int selinux_kernel_act_as(struct cred *new, u32 secid)
3970 {
3971 struct task_security_struct *tsec = selinux_cred(new);
3972 u32 sid = current_sid();
3973 int ret;
3974
3975 ret = avc_has_perm(&selinux_state,
3976 sid, secid,
3977 SECCLASS_KERNEL_SERVICE,
3978 KERNEL_SERVICE__USE_AS_OVERRIDE,
3979 NULL);
3980 if (ret == 0) {
3981 tsec->sid = secid;
3982 tsec->create_sid = 0;
3983 tsec->keycreate_sid = 0;
3984 tsec->sockcreate_sid = 0;
3985 }
3986 return ret;
3987 }
3988
3989
3990
3991
3992
3993 static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
3994 {
3995 struct inode_security_struct *isec = inode_security(inode);
3996 struct task_security_struct *tsec = selinux_cred(new);
3997 u32 sid = current_sid();
3998 int ret;
3999
4000 ret = avc_has_perm(&selinux_state,
4001 sid, isec->sid,
4002 SECCLASS_KERNEL_SERVICE,
4003 KERNEL_SERVICE__CREATE_FILES_AS,
4004 NULL);
4005
4006 if (ret == 0)
4007 tsec->create_sid = isec->sid;
4008 return ret;
4009 }
4010
4011 static int selinux_kernel_module_request(char *kmod_name)
4012 {
4013 struct common_audit_data ad;
4014
4015 ad.type = LSM_AUDIT_DATA_KMOD;
4016 ad.u.kmod_name = kmod_name;
4017
4018 return avc_has_perm(&selinux_state,
4019 current_sid(), SECINITSID_KERNEL, SECCLASS_SYSTEM,
4020 SYSTEM__MODULE_REQUEST, &ad);
4021 }
4022
4023 static int selinux_kernel_module_from_file(struct file *file)
4024 {
4025 struct common_audit_data ad;
4026 struct inode_security_struct *isec;
4027 struct file_security_struct *fsec;
4028 u32 sid = current_sid();
4029 int rc;
4030
4031
4032 if (file == NULL)
4033 return avc_has_perm(&selinux_state,
4034 sid, sid, SECCLASS_SYSTEM,
4035 SYSTEM__MODULE_LOAD, NULL);
4036
4037
4038
4039 ad.type = LSM_AUDIT_DATA_FILE;
4040 ad.u.file = file;
4041
4042 fsec = selinux_file(file);
4043 if (sid != fsec->sid) {
4044 rc = avc_has_perm(&selinux_state,
4045 sid, fsec->sid, SECCLASS_FD, FD__USE, &ad);
4046 if (rc)
4047 return rc;
4048 }
4049
4050 isec = inode_security(file_inode(file));
4051 return avc_has_perm(&selinux_state,
4052 sid, isec->sid, SECCLASS_SYSTEM,
4053 SYSTEM__MODULE_LOAD, &ad);
4054 }
4055
4056 static int selinux_kernel_read_file(struct file *file,
4057 enum kernel_read_file_id id,
4058 bool contents)
4059 {
4060 int rc = 0;
4061
4062 switch (id) {
4063 case READING_MODULE:
4064 rc = selinux_kernel_module_from_file(contents ? file : NULL);
4065 break;
4066 default:
4067 break;
4068 }
4069
4070 return rc;
4071 }
4072
4073 static int selinux_kernel_load_data(enum kernel_load_data_id id, bool contents)
4074 {
4075 int rc = 0;
4076
4077 switch (id) {
4078 case LOADING_MODULE:
4079 rc = selinux_kernel_module_from_file(NULL);
4080 break;
4081 default:
4082 break;
4083 }
4084
4085 return rc;
4086 }
4087
4088 static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
4089 {
4090 return avc_has_perm(&selinux_state,
4091 current_sid(), task_sid_obj(p), SECCLASS_PROCESS,
4092 PROCESS__SETPGID, NULL);
4093 }
4094
4095 static int selinux_task_getpgid(struct task_struct *p)
4096 {
4097 return avc_has_perm(&selinux_state,
4098 current_sid(), task_sid_obj(p), SECCLASS_PROCESS,
4099 PROCESS__GETPGID, NULL);
4100 }
4101
4102 static int selinux_task_getsid(struct task_struct *p)
4103 {
4104 return avc_has_perm(&selinux_state,
4105 current_sid(), task_sid_obj(p), SECCLASS_PROCESS,
4106 PROCESS__GETSESSION, NULL);
4107 }
4108
4109 static void selinux_current_getsecid_subj(u32 *secid)
4110 {
4111 *secid = current_sid();
4112 }
4113
4114 static void selinux_task_getsecid_obj(struct task_struct *p, u32 *secid)
4115 {
4116 *secid = task_sid_obj(p);
4117 }
4118
4119 static int selinux_task_setnice(struct task_struct *p, int nice)
4120 {
4121 return avc_has_perm(&selinux_state,
4122 current_sid(), task_sid_obj(p), SECCLASS_PROCESS,
4123 PROCESS__SETSCHED, NULL);
4124 }
4125
4126 static int selinux_task_setioprio(struct task_struct *p, int ioprio)
4127 {
4128 return avc_has_perm(&selinux_state,
4129 current_sid(), task_sid_obj(p), SECCLASS_PROCESS,
4130 PROCESS__SETSCHED, NULL);
4131 }
4132
4133 static int selinux_task_getioprio(struct task_struct *p)
4134 {
4135 return avc_has_perm(&selinux_state,
4136 current_sid(), task_sid_obj(p), SECCLASS_PROCESS,
4137 PROCESS__GETSCHED, NULL);
4138 }
4139
4140 static int selinux_task_prlimit(const struct cred *cred, const struct cred *tcred,
4141 unsigned int flags)
4142 {
4143 u32 av = 0;
4144
4145 if (!flags)
4146 return 0;
4147 if (flags & LSM_PRLIMIT_WRITE)
4148 av |= PROCESS__SETRLIMIT;
4149 if (flags & LSM_PRLIMIT_READ)
4150 av |= PROCESS__GETRLIMIT;
4151 return avc_has_perm(&selinux_state,
4152 cred_sid(cred), cred_sid(tcred),
4153 SECCLASS_PROCESS, av, NULL);
4154 }
4155
4156 static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
4157 struct rlimit *new_rlim)
4158 {
4159 struct rlimit *old_rlim = p->signal->rlim + resource;
4160
4161
4162
4163
4164
4165 if (old_rlim->rlim_max != new_rlim->rlim_max)
4166 return avc_has_perm(&selinux_state,
4167 current_sid(), task_sid_obj(p),
4168 SECCLASS_PROCESS, PROCESS__SETRLIMIT, NULL);
4169
4170 return 0;
4171 }
4172
4173 static int selinux_task_setscheduler(struct task_struct *p)
4174 {
4175 return avc_has_perm(&selinux_state,
4176 current_sid(), task_sid_obj(p), SECCLASS_PROCESS,
4177 PROCESS__SETSCHED, NULL);
4178 }
4179
4180 static int selinux_task_getscheduler(struct task_struct *p)
4181 {
4182 return avc_has_perm(&selinux_state,
4183 current_sid(), task_sid_obj(p), SECCLASS_PROCESS,
4184 PROCESS__GETSCHED, NULL);
4185 }
4186
4187 static int selinux_task_movememory(struct task_struct *p)
4188 {
4189 return avc_has_perm(&selinux_state,
4190 current_sid(), task_sid_obj(p), SECCLASS_PROCESS,
4191 PROCESS__SETSCHED, NULL);
4192 }
4193
4194 static int selinux_task_kill(struct task_struct *p, struct kernel_siginfo *info,
4195 int sig, const struct cred *cred)
4196 {
4197 u32 secid;
4198 u32 perm;
4199
4200 if (!sig)
4201 perm = PROCESS__SIGNULL;
4202 else
4203 perm = signal_to_av(sig);
4204 if (!cred)
4205 secid = current_sid();
4206 else
4207 secid = cred_sid(cred);
4208 return avc_has_perm(&selinux_state,
4209 secid, task_sid_obj(p), SECCLASS_PROCESS, perm, NULL);
4210 }
4211
4212 static void selinux_task_to_inode(struct task_struct *p,
4213 struct inode *inode)
4214 {
4215 struct inode_security_struct *isec = selinux_inode(inode);
4216 u32 sid = task_sid_obj(p);
4217
4218 spin_lock(&isec->lock);
4219 isec->sclass = inode_mode_to_security_class(inode->i_mode);
4220 isec->sid = sid;
4221 isec->initialized = LABEL_INITIALIZED;
4222 spin_unlock(&isec->lock);
4223 }
4224
4225
4226 static int selinux_parse_skb_ipv4(struct sk_buff *skb,
4227 struct common_audit_data *ad, u8 *proto)
4228 {
4229 int offset, ihlen, ret = -EINVAL;
4230 struct iphdr _iph, *ih;
4231
4232 offset = skb_network_offset(skb);
4233 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
4234 if (ih == NULL)
4235 goto out;
4236
4237 ihlen = ih->ihl * 4;
4238 if (ihlen < sizeof(_iph))
4239 goto out;
4240
4241 ad->u.net->v4info.saddr = ih->saddr;
4242 ad->u.net->v4info.daddr = ih->daddr;
4243 ret = 0;
4244
4245 if (proto)
4246 *proto = ih->protocol;
4247
4248 switch (ih->protocol) {
4249 case IPPROTO_TCP: {
4250 struct tcphdr _tcph, *th;
4251
4252 if (ntohs(ih->frag_off) & IP_OFFSET)
4253 break;
4254
4255 offset += ihlen;
4256 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
4257 if (th == NULL)
4258 break;
4259
4260 ad->u.net->sport = th->source;
4261 ad->u.net->dport = th->dest;
4262 break;
4263 }
4264
4265 case IPPROTO_UDP: {
4266 struct udphdr _udph, *uh;
4267
4268 if (ntohs(ih->frag_off) & IP_OFFSET)
4269 break;
4270
4271 offset += ihlen;
4272 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
4273 if (uh == NULL)
4274 break;
4275
4276 ad->u.net->sport = uh->source;
4277 ad->u.net->dport = uh->dest;
4278 break;
4279 }
4280
4281 case IPPROTO_DCCP: {
4282 struct dccp_hdr _dccph, *dh;
4283
4284 if (ntohs(ih->frag_off) & IP_OFFSET)
4285 break;
4286
4287 offset += ihlen;
4288 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
4289 if (dh == NULL)
4290 break;
4291
4292 ad->u.net->sport = dh->dccph_sport;
4293 ad->u.net->dport = dh->dccph_dport;
4294 break;
4295 }
4296
4297 #if IS_ENABLED(CONFIG_IP_SCTP)
4298 case IPPROTO_SCTP: {
4299 struct sctphdr _sctph, *sh;
4300
4301 if (ntohs(ih->frag_off) & IP_OFFSET)
4302 break;
4303
4304 offset += ihlen;
4305 sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph);
4306 if (sh == NULL)
4307 break;
4308
4309 ad->u.net->sport = sh->source;
4310 ad->u.net->dport = sh->dest;
4311 break;
4312 }
4313 #endif
4314 default:
4315 break;
4316 }
4317 out:
4318 return ret;
4319 }
4320
4321 #if IS_ENABLED(CONFIG_IPV6)
4322
4323
4324 static int selinux_parse_skb_ipv6(struct sk_buff *skb,
4325 struct common_audit_data *ad, u8 *proto)
4326 {
4327 u8 nexthdr;
4328 int ret = -EINVAL, offset;
4329 struct ipv6hdr _ipv6h, *ip6;
4330 __be16 frag_off;
4331
4332 offset = skb_network_offset(skb);
4333 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
4334 if (ip6 == NULL)
4335 goto out;
4336
4337 ad->u.net->v6info.saddr = ip6->saddr;
4338 ad->u.net->v6info.daddr = ip6->daddr;
4339 ret = 0;
4340
4341 nexthdr = ip6->nexthdr;
4342 offset += sizeof(_ipv6h);
4343 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
4344 if (offset < 0)
4345 goto out;
4346
4347 if (proto)
4348 *proto = nexthdr;
4349
4350 switch (nexthdr) {
4351 case IPPROTO_TCP: {
4352 struct tcphdr _tcph, *th;
4353
4354 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
4355 if (th == NULL)
4356 break;
4357
4358 ad->u.net->sport = th->source;
4359 ad->u.net->dport = th->dest;
4360 break;
4361 }
4362
4363 case IPPROTO_UDP: {
4364 struct udphdr _udph, *uh;
4365
4366 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
4367 if (uh == NULL)
4368 break;
4369
4370 ad->u.net->sport = uh->source;
4371 ad->u.net->dport = uh->dest;
4372 break;
4373 }
4374
4375 case IPPROTO_DCCP: {
4376 struct dccp_hdr _dccph, *dh;
4377
4378 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
4379 if (dh == NULL)
4380 break;
4381
4382 ad->u.net->sport = dh->dccph_sport;
4383 ad->u.net->dport = dh->dccph_dport;
4384 break;
4385 }
4386
4387 #if IS_ENABLED(CONFIG_IP_SCTP)
4388 case IPPROTO_SCTP: {
4389 struct sctphdr _sctph, *sh;
4390
4391 sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph);
4392 if (sh == NULL)
4393 break;
4394
4395 ad->u.net->sport = sh->source;
4396 ad->u.net->dport = sh->dest;
4397 break;
4398 }
4399 #endif
4400
4401 default:
4402 break;
4403 }
4404 out:
4405 return ret;
4406 }
4407
4408 #endif
4409
4410 static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
4411 char **_addrp, int src, u8 *proto)
4412 {
4413 char *addrp;
4414 int ret;
4415
4416 switch (ad->u.net->family) {
4417 case PF_INET:
4418 ret = selinux_parse_skb_ipv4(skb, ad, proto);
4419 if (ret)
4420 goto parse_error;
4421 addrp = (char *)(src ? &ad->u.net->v4info.saddr :
4422 &ad->u.net->v4info.daddr);
4423 goto okay;
4424
4425 #if IS_ENABLED(CONFIG_IPV6)
4426 case PF_INET6:
4427 ret = selinux_parse_skb_ipv6(skb, ad, proto);
4428 if (ret)
4429 goto parse_error;
4430 addrp = (char *)(src ? &ad->u.net->v6info.saddr :
4431 &ad->u.net->v6info.daddr);
4432 goto okay;
4433 #endif
4434 default:
4435 addrp = NULL;
4436 goto okay;
4437 }
4438
4439 parse_error:
4440 pr_warn(
4441 "SELinux: failure in selinux_parse_skb(),"
4442 " unable to parse packet\n");
4443 return ret;
4444
4445 okay:
4446 if (_addrp)
4447 *_addrp = addrp;
4448 return 0;
4449 }
4450
4451
4452
4453
4454
4455
4456
4457
4458
4459
4460
4461
4462
4463
4464
4465
4466 static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
4467 {
4468 int err;
4469 u32 xfrm_sid;
4470 u32 nlbl_sid;
4471 u32 nlbl_type;
4472
4473 err = selinux_xfrm_skb_sid(skb, &xfrm_sid);
4474 if (unlikely(err))
4475 return -EACCES;
4476 err = selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
4477 if (unlikely(err))
4478 return -EACCES;
4479
4480 err = security_net_peersid_resolve(&selinux_state, nlbl_sid,
4481 nlbl_type, xfrm_sid, sid);
4482 if (unlikely(err)) {
4483 pr_warn(
4484 "SELinux: failure in selinux_skb_peerlbl_sid(),"
4485 " unable to determine packet's peer label\n");
4486 return -EACCES;
4487 }
4488
4489 return 0;
4490 }
4491
4492
4493
4494
4495
4496
4497
4498
4499
4500
4501
4502
4503
4504 static int selinux_conn_sid(u32 sk_sid, u32 skb_sid, u32 *conn_sid)
4505 {
4506 int err = 0;
4507
4508 if (skb_sid != SECSID_NULL)
4509 err = security_sid_mls_copy(&selinux_state, sk_sid, skb_sid,
4510 conn_sid);
4511 else
4512 *conn_sid = sk_sid;
4513
4514 return err;
4515 }
4516
4517
4518
4519 static int socket_sockcreate_sid(const struct task_security_struct *tsec,
4520 u16 secclass, u32 *socksid)
4521 {
4522 if (tsec->sockcreate_sid > SECSID_NULL) {
4523 *socksid = tsec->sockcreate_sid;
4524 return 0;
4525 }
4526
4527 return security_transition_sid(&selinux_state, tsec->sid, tsec->sid,
4528 secclass, NULL, socksid);
4529 }
4530
4531 static int sock_has_perm(struct sock *sk, u32 perms)
4532 {
4533 struct sk_security_struct *sksec = sk->sk_security;
4534 struct common_audit_data ad;
4535 struct lsm_network_audit net = {0,};
4536
4537 if (sksec->sid == SECINITSID_KERNEL)
4538 return 0;
4539
4540 ad.type = LSM_AUDIT_DATA_NET;
4541 ad.u.net = &net;
4542 ad.u.net->sk = sk;
4543
4544 return avc_has_perm(&selinux_state,
4545 current_sid(), sksec->sid, sksec->sclass, perms,
4546 &ad);
4547 }
4548
4549 static int selinux_socket_create(int family, int type,
4550 int protocol, int kern)
4551 {
4552 const struct task_security_struct *tsec = selinux_cred(current_cred());
4553 u32 newsid;
4554 u16 secclass;
4555 int rc;
4556
4557 if (kern)
4558 return 0;
4559
4560 secclass = socket_type_to_security_class(family, type, protocol);
4561 rc = socket_sockcreate_sid(tsec, secclass, &newsid);
4562 if (rc)
4563 return rc;
4564
4565 return avc_has_perm(&selinux_state,
4566 tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
4567 }
4568
4569 static int selinux_socket_post_create(struct socket *sock, int family,
4570 int type, int protocol, int kern)
4571 {
4572 const struct task_security_struct *tsec = selinux_cred(current_cred());
4573 struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(sock));
4574 struct sk_security_struct *sksec;
4575 u16 sclass = socket_type_to_security_class(family, type, protocol);
4576 u32 sid = SECINITSID_KERNEL;
4577 int err = 0;
4578
4579 if (!kern) {
4580 err = socket_sockcreate_sid(tsec, sclass, &sid);
4581 if (err)
4582 return err;
4583 }
4584
4585 isec->sclass = sclass;
4586 isec->sid = sid;
4587 isec->initialized = LABEL_INITIALIZED;
4588
4589 if (sock->sk) {
4590 sksec = sock->sk->sk_security;
4591 sksec->sclass = sclass;
4592 sksec->sid = sid;
4593
4594 if (sksec->sclass == SECCLASS_SCTP_SOCKET)
4595 sksec->sctp_assoc_state = SCTP_ASSOC_UNSET;
4596
4597 err = selinux_netlbl_socket_post_create(sock->sk, family);
4598 }
4599
4600 return err;
4601 }
4602
4603 static int selinux_socket_socketpair(struct socket *socka,
4604 struct socket *sockb)
4605 {
4606 struct sk_security_struct *sksec_a = socka->sk->sk_security;
4607 struct sk_security_struct *sksec_b = sockb->sk->sk_security;
4608
4609 sksec_a->peer_sid = sksec_b->sid;
4610 sksec_b->peer_sid = sksec_a->sid;
4611
4612 return 0;
4613 }
4614
4615
4616
4617
4618
4619 static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
4620 {
4621 struct sock *sk = sock->sk;
4622 struct sk_security_struct *sksec = sk->sk_security;
4623 u16 family;
4624 int err;
4625
4626 err = sock_has_perm(sk, SOCKET__BIND);
4627 if (err)
4628 goto out;
4629
4630
4631 family = sk->sk_family;
4632 if (family == PF_INET || family == PF_INET6) {
4633 char *addrp;
4634 struct common_audit_data ad;
4635 struct lsm_network_audit net = {0,};
4636 struct sockaddr_in *addr4 = NULL;
4637 struct sockaddr_in6 *addr6 = NULL;
4638 u16 family_sa;
4639 unsigned short snum;
4640 u32 sid, node_perm;
4641
4642
4643
4644
4645
4646
4647
4648 if (addrlen < offsetofend(struct sockaddr, sa_family))
4649 return -EINVAL;
4650 family_sa = address->sa_family;
4651 switch (family_sa) {
4652 case AF_UNSPEC:
4653 case AF_INET:
4654 if (addrlen < sizeof(struct sockaddr_in))
4655 return -EINVAL;
4656 addr4 = (struct sockaddr_in *)address;
4657 if (family_sa == AF_UNSPEC) {
4658
4659
4660
4661 if (addr4->sin_addr.s_addr != htonl(INADDR_ANY))
4662 goto err_af;
4663 family_sa = AF_INET;
4664 }
4665 snum = ntohs(addr4->sin_port);
4666 addrp = (char *)&addr4->sin_addr.s_addr;
4667 break;
4668 case AF_INET6:
4669 if (addrlen < SIN6_LEN_RFC2133)
4670 return -EINVAL;
4671 addr6 = (struct sockaddr_in6 *)address;
4672 snum = ntohs(addr6->sin6_port);
4673 addrp = (char *)&addr6->sin6_addr.s6_addr;
4674 break;
4675 default:
4676 goto err_af;
4677 }
4678
4679 ad.type = LSM_AUDIT_DATA_NET;
4680 ad.u.net = &net;
4681 ad.u.net->sport = htons(snum);
4682 ad.u.net->family = family_sa;
4683
4684 if (snum) {
4685 int low, high;
4686
4687 inet_get_local_port_range(sock_net(sk), &low, &high);
4688
4689 if (inet_port_requires_bind_service(sock_net(sk), snum) ||
4690 snum < low || snum > high) {
4691 err = sel_netport_sid(sk->sk_protocol,
4692 snum, &sid);
4693 if (err)
4694 goto out;
4695 err = avc_has_perm(&selinux_state,
4696 sksec->sid, sid,
4697 sksec->sclass,
4698 SOCKET__NAME_BIND, &ad);
4699 if (err)
4700 goto out;
4701 }
4702 }
4703
4704 switch (sksec->sclass) {
4705 case SECCLASS_TCP_SOCKET:
4706 node_perm = TCP_SOCKET__NODE_BIND;
4707 break;
4708
4709 case SECCLASS_UDP_SOCKET:
4710 node_perm = UDP_SOCKET__NODE_BIND;
4711 break;
4712
4713 case SECCLASS_DCCP_SOCKET:
4714 node_perm = DCCP_SOCKET__NODE_BIND;
4715 break;
4716
4717 case SECCLASS_SCTP_SOCKET:
4718 node_perm = SCTP_SOCKET__NODE_BIND;
4719 break;
4720
4721 default:
4722 node_perm = RAWIP_SOCKET__NODE_BIND;
4723 break;
4724 }
4725
4726 err = sel_netnode_sid(addrp, family_sa, &sid);
4727 if (err)
4728 goto out;
4729
4730 if (family_sa == AF_INET)
4731 ad.u.net->v4info.saddr = addr4->sin_addr.s_addr;
4732 else
4733 ad.u.net->v6info.saddr = addr6->sin6_addr;
4734
4735 err = avc_has_perm(&selinux_state,
4736 sksec->sid, sid,
4737 sksec->sclass, node_perm, &ad);
4738 if (err)
4739 goto out;
4740 }
4741 out:
4742 return err;
4743 err_af:
4744
4745 if (sksec->sclass == SECCLASS_SCTP_SOCKET)
4746 return -EINVAL;
4747 return -EAFNOSUPPORT;
4748 }
4749
4750
4751
4752
4753 static int selinux_socket_connect_helper(struct socket *sock,
4754 struct sockaddr *address, int addrlen)
4755 {
4756 struct sock *sk = sock->sk;
4757 struct sk_security_struct *sksec = sk->sk_security;
4758 int err;
4759
4760 err = sock_has_perm(sk, SOCKET__CONNECT);
4761 if (err)
4762 return err;
4763 if (addrlen < offsetofend(struct sockaddr, sa_family))
4764 return -EINVAL;
4765
4766
4767
4768
4769 if (address->sa_family == AF_UNSPEC)
4770 return 0;
4771
4772
4773
4774
4775
4776 if (sksec->sclass == SECCLASS_TCP_SOCKET ||
4777 sksec->sclass == SECCLASS_DCCP_SOCKET ||
4778 sksec->sclass == SECCLASS_SCTP_SOCKET) {
4779 struct common_audit_data ad;
4780 struct lsm_network_audit net = {0,};
4781 struct sockaddr_in *addr4 = NULL;
4782 struct sockaddr_in6 *addr6 = NULL;
4783 unsigned short snum;
4784 u32 sid, perm;
4785
4786
4787
4788
4789
4790
4791 switch (address->sa_family) {
4792 case AF_INET:
4793 addr4 = (struct sockaddr_in *)address;
4794 if (addrlen < sizeof(struct sockaddr_in))
4795 return -EINVAL;
4796 snum = ntohs(addr4->sin_port);
4797 break;
4798 case AF_INET6:
4799 addr6 = (struct sockaddr_in6 *)address;
4800 if (addrlen < SIN6_LEN_RFC2133)
4801 return -EINVAL;
4802 snum = ntohs(addr6->sin6_port);
4803 break;
4804 default:
4805
4806
4807
4808 if (sksec->sclass == SECCLASS_SCTP_SOCKET)
4809 return -EINVAL;
4810 else
4811 return -EAFNOSUPPORT;
4812 }
4813
4814 err = sel_netport_sid(sk->sk_protocol, snum, &sid);
4815 if (err)
4816 return err;
4817
4818 switch (sksec->sclass) {
4819 case SECCLASS_TCP_SOCKET:
4820 perm = TCP_SOCKET__NAME_CONNECT;
4821 break;
4822 case SECCLASS_DCCP_SOCKET:
4823 perm = DCCP_SOCKET__NAME_CONNECT;
4824 break;
4825 case SECCLASS_SCTP_SOCKET:
4826 perm = SCTP_SOCKET__NAME_CONNECT;
4827 break;
4828 }
4829
4830 ad.type = LSM_AUDIT_DATA_NET;
4831 ad.u.net = &net;
4832 ad.u.net->dport = htons(snum);
4833 ad.u.net->family = address->sa_family;
4834 err = avc_has_perm(&selinux_state,
4835 sksec->sid, sid, sksec->sclass, perm, &ad);
4836 if (err)
4837 return err;
4838 }
4839
4840 return 0;
4841 }
4842
4843
4844 static int selinux_socket_connect(struct socket *sock,
4845 struct sockaddr *address, int addrlen)
4846 {
4847 int err;
4848 struct sock *sk = sock->sk;
4849
4850 err = selinux_socket_connect_helper(sock, address, addrlen);
4851 if (err)
4852 return err;
4853
4854 return selinux_netlbl_socket_connect(sk, address);
4855 }
4856
4857 static int selinux_socket_listen(struct socket *sock, int backlog)
4858 {
4859 return sock_has_perm(sock->sk, SOCKET__LISTEN);
4860 }
4861
4862 static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
4863 {
4864 int err;
4865 struct inode_security_struct *isec;
4866 struct inode_security_struct *newisec;
4867 u16 sclass;
4868 u32 sid;
4869
4870 err = sock_has_perm(sock->sk, SOCKET__ACCEPT);
4871 if (err)
4872 return err;
4873
4874 isec = inode_security_novalidate(SOCK_INODE(sock));
4875 spin_lock(&isec->lock);
4876 sclass = isec->sclass;
4877 sid = isec->sid;
4878 spin_unlock(&isec->lock);
4879
4880 newisec = inode_security_novalidate(SOCK_INODE(newsock));
4881 newisec->sclass = sclass;
4882 newisec->sid = sid;
4883 newisec->initialized = LABEL_INITIALIZED;
4884
4885 return 0;
4886 }
4887
4888 static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
4889 int size)
4890 {
4891 return sock_has_perm(sock->sk, SOCKET__WRITE);
4892 }
4893
4894 static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
4895 int size, int flags)
4896 {
4897 return sock_has_perm(sock->sk, SOCKET__READ);
4898 }
4899
4900 static int selinux_socket_getsockname(struct socket *sock)
4901 {
4902 return sock_has_perm(sock->sk, SOCKET__GETATTR);
4903 }
4904
4905 static int selinux_socket_getpeername(struct socket *sock)
4906 {
4907 return sock_has_perm(sock->sk, SOCKET__GETATTR);
4908 }
4909
4910 static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
4911 {
4912 int err;
4913
4914 err = sock_has_perm(sock->sk, SOCKET__SETOPT);
4915 if (err)
4916 return err;
4917
4918 return selinux_netlbl_socket_setsockopt(sock, level, optname);
4919 }
4920
4921 static int selinux_socket_getsockopt(struct socket *sock, int level,
4922 int optname)
4923 {
4924 return sock_has_perm(sock->sk, SOCKET__GETOPT);
4925 }
4926
4927 static int selinux_socket_shutdown(struct socket *sock, int how)
4928 {
4929 return sock_has_perm(sock->sk, SOCKET__SHUTDOWN);
4930 }
4931
4932 static int selinux_socket_unix_stream_connect(struct sock *sock,
4933 struct sock *other,
4934 struct sock *newsk)
4935 {
4936 struct sk_security_struct *sksec_sock = sock->sk_security;
4937 struct sk_security_struct *sksec_other = other->sk_security;
4938 struct sk_security_struct *sksec_new = newsk->sk_security;
4939 struct common_audit_data ad;
4940 struct lsm_network_audit net = {0,};
4941 int err;
4942
4943 ad.type = LSM_AUDIT_DATA_NET;
4944 ad.u.net = &net;
4945 ad.u.net->sk = other;
4946
4947 err = avc_has_perm(&selinux_state,
4948 sksec_sock->sid, sksec_other->sid,
4949 sksec_other->sclass,
4950 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
4951 if (err)
4952 return err;
4953
4954
4955 sksec_new->peer_sid = sksec_sock->sid;
4956 err = security_sid_mls_copy(&selinux_state, sksec_other->sid,
4957 sksec_sock->sid, &sksec_new->sid);
4958 if (err)
4959 return err;
4960
4961
4962 sksec_sock->peer_sid = sksec_new->sid;
4963
4964 return 0;
4965 }
4966
4967 static int selinux_socket_unix_may_send(struct socket *sock,
4968 struct socket *other)
4969 {
4970 struct sk_security_struct *ssec = sock->sk->sk_security;
4971 struct sk_security_struct *osec = other->sk->sk_security;
4972 struct common_audit_data ad;
4973 struct lsm_network_audit net = {0,};
4974
4975 ad.type = LSM_AUDIT_DATA_NET;
4976 ad.u.net = &net;
4977 ad.u.net->sk = other->sk;
4978
4979 return avc_has_perm(&selinux_state,
4980 ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,
4981 &ad);
4982 }
4983
4984 static int selinux_inet_sys_rcv_skb(struct net *ns, int ifindex,
4985 char *addrp, u16 family, u32 peer_sid,
4986 struct common_audit_data *ad)
4987 {
4988 int err;
4989 u32 if_sid;
4990 u32 node_sid;
4991
4992 err = sel_netif_sid(ns, ifindex, &if_sid);
4993 if (err)
4994 return err;
4995 err = avc_has_perm(&selinux_state,
4996 peer_sid, if_sid,
4997 SECCLASS_NETIF, NETIF__INGRESS, ad);
4998 if (err)
4999 return err;
5000
5001 err = sel_netnode_sid(addrp, family, &node_sid);
5002 if (err)
5003 return err;
5004 return avc_has_perm(&selinux_state,
5005 peer_sid, node_sid,
5006 SECCLASS_NODE, NODE__RECVFROM, ad);
5007 }
5008
5009 static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
5010 u16 family)
5011 {
5012 int err = 0;
5013 struct sk_security_struct *sksec = sk->sk_security;
5014 u32 sk_sid = sksec->sid;
5015 struct common_audit_data ad;
5016 struct lsm_network_audit net = {0,};
5017 char *addrp;
5018
5019 ad.type = LSM_AUDIT_DATA_NET;
5020 ad.u.net = &net;
5021 ad.u.net->netif = skb->skb_iif;
5022 ad.u.net->family = family;
5023 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
5024 if (err)
5025 return err;
5026
5027 if (selinux_secmark_enabled()) {
5028 err = avc_has_perm(&selinux_state,
5029 sk_sid, skb->secmark, SECCLASS_PACKET,
5030 PACKET__RECV, &ad);
5031 if (err)
5032 return err;
5033 }
5034
5035 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
5036 if (err)
5037 return err;
5038 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
5039
5040 return err;
5041 }
5042
5043 static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
5044 {
5045 int err;
5046 struct sk_security_struct *sksec = sk->sk_security;
5047 u16 family = sk->sk_family;
5048 u32 sk_sid = sksec->sid;
5049 struct common_audit_data ad;
5050 struct lsm_network_audit net = {0,};
5051 char *addrp;
5052 u8 secmark_active;
5053 u8 peerlbl_active;
5054
5055 if (family != PF_INET && family != PF_INET6)
5056 return 0;
5057
5058
5059 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
5060 family = PF_INET;
5061
5062
5063
5064
5065
5066 if (!selinux_policycap_netpeer())
5067 return selinux_sock_rcv_skb_compat(sk, skb, family);
5068
5069 secmark_active = selinux_secmark_enabled();
5070 peerlbl_active = selinux_peerlbl_enabled();
5071 if (!secmark_active && !peerlbl_active)
5072 return 0;
5073
5074 ad.type = LSM_AUDIT_DATA_NET;
5075 ad.u.net = &net;
5076 ad.u.net->netif = skb->skb_iif;
5077 ad.u.net->family = family;
5078 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
5079 if (err)
5080 return err;
5081
5082 if (peerlbl_active) {
5083 u32 peer_sid;
5084
5085 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
5086 if (err)
5087 return err;
5088 err = selinux_inet_sys_rcv_skb(sock_net(sk), skb->skb_iif,
5089 addrp, family, peer_sid, &ad);
5090 if (err) {
5091 selinux_netlbl_err(skb, family, err, 0);
5092 return err;
5093 }
5094 err = avc_has_perm(&selinux_state,
5095 sk_sid, peer_sid, SECCLASS_PEER,
5096 PEER__RECV, &ad);
5097 if (err) {
5098 selinux_netlbl_err(skb, family, err, 0);
5099 return err;
5100 }
5101 }
5102
5103 if (secmark_active) {
5104 err = avc_has_perm(&selinux_state,
5105 sk_sid, skb->secmark, SECCLASS_PACKET,
5106 PACKET__RECV, &ad);
5107 if (err)
5108 return err;
5109 }
5110
5111 return err;
5112 }
5113
5114 static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
5115 int __user *optlen, unsigned len)
5116 {
5117 int err = 0;
5118 char *scontext;
5119 u32 scontext_len;
5120 struct sk_security_struct *sksec = sock->sk->sk_security;
5121 u32 peer_sid = SECSID_NULL;
5122
5123 if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
5124 sksec->sclass == SECCLASS_TCP_SOCKET ||
5125 sksec->sclass == SECCLASS_SCTP_SOCKET)
5126 peer_sid = sksec->peer_sid;
5127 if (peer_sid == SECSID_NULL)
5128 return -ENOPROTOOPT;
5129
5130 err = security_sid_to_context(&selinux_state, peer_sid, &scontext,
5131 &scontext_len);
5132 if (err)
5133 return err;
5134
5135 if (scontext_len > len) {
5136 err = -ERANGE;
5137 goto out_len;
5138 }
5139
5140 if (copy_to_user(optval, scontext, scontext_len))
5141 err = -EFAULT;
5142
5143 out_len:
5144 if (put_user(scontext_len, optlen))
5145 err = -EFAULT;
5146 kfree(scontext);
5147 return err;
5148 }
5149
5150 static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
5151 {
5152 u32 peer_secid = SECSID_NULL;
5153 u16 family;
5154 struct inode_security_struct *isec;
5155
5156 if (skb && skb->protocol == htons(ETH_P_IP))
5157 family = PF_INET;
5158 else if (skb && skb->protocol == htons(ETH_P_IPV6))
5159 family = PF_INET6;
5160 else if (sock)
5161 family = sock->sk->sk_family;
5162 else
5163 goto out;
5164
5165 if (sock && family == PF_UNIX) {
5166 isec = inode_security_novalidate(SOCK_INODE(sock));
5167 peer_secid = isec->sid;
5168 } else if (skb)
5169 selinux_skb_peerlbl_sid(skb, family, &peer_secid);
5170
5171 out:
5172 *secid = peer_secid;
5173 if (peer_secid == SECSID_NULL)
5174 return -EINVAL;
5175 return 0;
5176 }
5177
5178 static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
5179 {
5180 struct sk_security_struct *sksec;
5181
5182 sksec = kzalloc(sizeof(*sksec), priority);
5183 if (!sksec)
5184 return -ENOMEM;
5185
5186 sksec->peer_sid = SECINITSID_UNLABELED;
5187 sksec->sid = SECINITSID_UNLABELED;
5188 sksec->sclass = SECCLASS_SOCKET;
5189 selinux_netlbl_sk_security_reset(sksec);
5190 sk->sk_security = sksec;
5191
5192 return 0;
5193 }
5194
5195 static void selinux_sk_free_security(struct sock *sk)
5196 {
5197 struct sk_security_struct *sksec = sk->sk_security;
5198
5199 sk->sk_security = NULL;
5200 selinux_netlbl_sk_security_free(sksec);
5201 kfree(sksec);
5202 }
5203
5204 static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
5205 {
5206 struct sk_security_struct *sksec = sk->sk_security;
5207 struct sk_security_struct *newsksec = newsk->sk_security;
5208
5209 newsksec->sid = sksec->sid;
5210 newsksec->peer_sid = sksec->peer_sid;
5211 newsksec->sclass = sksec->sclass;
5212
5213 selinux_netlbl_sk_security_reset(newsksec);
5214 }
5215
5216 static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
5217 {
5218 if (!sk)
5219 *secid = SECINITSID_ANY_SOCKET;
5220 else {
5221 struct sk_security_struct *sksec = sk->sk_security;
5222
5223 *secid = sksec->sid;
5224 }
5225 }
5226
5227 static void selinux_sock_graft(struct sock *sk, struct socket *parent)
5228 {
5229 struct inode_security_struct *isec =
5230 inode_security_novalidate(SOCK_INODE(parent));
5231 struct sk_security_struct *sksec = sk->sk_security;
5232
5233 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
5234 sk->sk_family == PF_UNIX)
5235 isec->sid = sksec->sid;
5236 sksec->sclass = isec->sclass;
5237 }
5238
5239
5240
5241
5242
5243 static int selinux_sctp_process_new_assoc(struct sctp_association *asoc,
5244 struct sk_buff *skb)
5245 {
5246 struct sock *sk = asoc->base.sk;
5247 u16 family = sk->sk_family;
5248 struct sk_security_struct *sksec = sk->sk_security;
5249 struct common_audit_data ad;
5250 struct lsm_network_audit net = {0,};
5251 int err;
5252
5253
5254 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
5255 family = PF_INET;
5256
5257 if (selinux_peerlbl_enabled()) {
5258 asoc->peer_secid = SECSID_NULL;
5259
5260
5261
5262
5263 err = selinux_skb_peerlbl_sid(skb, family, &asoc->peer_secid);
5264 if (err)
5265 return err;
5266
5267 if (asoc->peer_secid == SECSID_NULL)
5268 asoc->peer_secid = SECINITSID_UNLABELED;
5269 } else {
5270 asoc->peer_secid = SECINITSID_UNLABELED;
5271 }
5272
5273 if (sksec->sctp_assoc_state == SCTP_ASSOC_UNSET) {
5274 sksec->sctp_assoc_state = SCTP_ASSOC_SET;
5275
5276
5277
5278
5279
5280
5281 sksec->peer_sid = asoc->peer_secid;
5282 } else if (sksec->peer_sid != asoc->peer_secid) {
5283
5284
5285
5286 ad.type = LSM_AUDIT_DATA_NET;
5287 ad.u.net = &net;
5288 ad.u.net->sk = asoc->base.sk;
5289 err = avc_has_perm(&selinux_state,
5290 sksec->peer_sid, asoc->peer_secid,
5291 sksec->sclass, SCTP_SOCKET__ASSOCIATION,
5292 &ad);
5293 if (err)
5294 return err;
5295 }
5296 return 0;
5297 }
5298
5299
5300
5301
5302
5303 static int selinux_sctp_assoc_request(struct sctp_association *asoc,
5304 struct sk_buff *skb)
5305 {
5306 struct sk_security_struct *sksec = asoc->base.sk->sk_security;
5307 u32 conn_sid;
5308 int err;
5309
5310 if (!selinux_policycap_extsockclass())
5311 return 0;
5312
5313 err = selinux_sctp_process_new_assoc(asoc, skb);
5314 if (err)
5315 return err;
5316
5317
5318
5319
5320
5321
5322
5323 err = selinux_conn_sid(sksec->sid, asoc->peer_secid, &conn_sid);
5324 if (err)
5325 return err;
5326
5327 asoc->secid = conn_sid;
5328
5329
5330 return selinux_netlbl_sctp_assoc_request(asoc, skb);
5331 }
5332
5333
5334
5335
5336 static int selinux_sctp_assoc_established(struct sctp_association *asoc,
5337 struct sk_buff *skb)
5338 {
5339 struct sk_security_struct *sksec = asoc->base.sk->sk_security;
5340
5341 if (!selinux_policycap_extsockclass())
5342 return 0;
5343
5344
5345
5346
5347
5348 asoc->secid = sksec->sid;
5349
5350 return selinux_sctp_process_new_assoc(asoc, skb);
5351 }
5352
5353
5354
5355
5356 static int selinux_sctp_bind_connect(struct sock *sk, int optname,
5357 struct sockaddr *address,
5358 int addrlen)
5359 {
5360 int len, err = 0, walk_size = 0;
5361 void *addr_buf;
5362 struct sockaddr *addr;
5363 struct socket *sock;
5364
5365 if (!selinux_policycap_extsockclass())
5366 return 0;
5367
5368
5369 sock = sk->sk_socket;
5370 addr_buf = address;
5371
5372 while (walk_size < addrlen) {
5373 if (walk_size + sizeof(sa_family_t) > addrlen)
5374 return -EINVAL;
5375
5376 addr = addr_buf;
5377 switch (addr->sa_family) {
5378 case AF_UNSPEC:
5379 case AF_INET:
5380 len = sizeof(struct sockaddr_in);
5381 break;
5382 case AF_INET6:
5383 len = sizeof(struct sockaddr_in6);
5384 break;
5385 default:
5386 return -EINVAL;
5387 }
5388
5389 if (walk_size + len > addrlen)
5390 return -EINVAL;
5391
5392 err = -EINVAL;
5393 switch (optname) {
5394
5395 case SCTP_PRIMARY_ADDR:
5396 case SCTP_SET_PEER_PRIMARY_ADDR:
5397 case SCTP_SOCKOPT_BINDX_ADD:
5398 err = selinux_socket_bind(sock, addr, len);
5399 break;
5400
5401 case SCTP_SOCKOPT_CONNECTX:
5402 case SCTP_PARAM_SET_PRIMARY:
5403 case SCTP_PARAM_ADD_IP:
5404 case SCTP_SENDMSG_CONNECT:
5405 err = selinux_socket_connect_helper(sock, addr, len);
5406 if (err)
5407 return err;
5408
5409
5410
5411
5412
5413
5414
5415
5416
5417
5418
5419
5420 err = selinux_netlbl_socket_connect_locked(sk, addr);
5421 break;
5422 }
5423
5424 if (err)
5425 return err;
5426
5427 addr_buf += len;
5428 walk_size += len;
5429 }
5430
5431 return 0;
5432 }
5433
5434
5435 static void selinux_sctp_sk_clone(struct sctp_association *asoc, struct sock *sk,
5436 struct sock *newsk)
5437 {
5438 struct sk_security_struct *sksec = sk->sk_security;
5439 struct sk_security_struct *newsksec = newsk->sk_security;
5440
5441
5442
5443
5444 if (!selinux_policycap_extsockclass())
5445 return selinux_sk_clone_security(sk, newsk);
5446
5447 newsksec->sid = asoc->secid;
5448 newsksec->peer_sid = asoc->peer_secid;
5449 newsksec->sclass = sksec->sclass;
5450 selinux_netlbl_sctp_sk_clone(sk, newsk);
5451 }
5452
5453 static int selinux_inet_conn_request(const struct sock *sk, struct sk_buff *skb,
5454 struct request_sock *req)
5455 {
5456 struct sk_security_struct *sksec = sk->sk_security;
5457 int err;
5458 u16 family = req->rsk_ops->family;
5459 u32 connsid;
5460 u32 peersid;
5461
5462 err = selinux_skb_peerlbl_sid(skb, family, &peersid);
5463 if (err)
5464 return err;
5465 err = selinux_conn_sid(sksec->sid, peersid, &connsid);
5466 if (err)
5467 return err;
5468 req->secid = connsid;
5469 req->peer_secid = peersid;
5470
5471 return selinux_netlbl_inet_conn_request(req, family);
5472 }
5473
5474 static void selinux_inet_csk_clone(struct sock *newsk,
5475 const struct request_sock *req)
5476 {
5477 struct sk_security_struct *newsksec = newsk->sk_security;
5478
5479 newsksec->sid = req->secid;
5480 newsksec->peer_sid = req->peer_secid;
5481
5482
5483
5484
5485
5486
5487
5488 selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family);
5489 }
5490
5491 static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
5492 {
5493 u16 family = sk->sk_family;
5494 struct sk_security_struct *sksec = sk->sk_security;
5495
5496
5497 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
5498 family = PF_INET;
5499
5500 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
5501 }
5502
5503 static int selinux_secmark_relabel_packet(u32 sid)
5504 {
5505 const struct task_security_struct *__tsec;
5506 u32 tsid;
5507
5508 __tsec = selinux_cred(current_cred());
5509 tsid = __tsec->sid;
5510
5511 return avc_has_perm(&selinux_state,
5512 tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO,
5513 NULL);
5514 }
5515
5516 static void selinux_secmark_refcount_inc(void)
5517 {
5518 atomic_inc(&selinux_secmark_refcount);
5519 }
5520
5521 static void selinux_secmark_refcount_dec(void)
5522 {
5523 atomic_dec(&selinux_secmark_refcount);
5524 }
5525
5526 static void selinux_req_classify_flow(const struct request_sock *req,
5527 struct flowi_common *flic)
5528 {
5529 flic->flowic_secid = req->secid;
5530 }
5531
5532 static int selinux_tun_dev_alloc_security(void **security)
5533 {
5534 struct tun_security_struct *tunsec;
5535
5536 tunsec = kzalloc(sizeof(*tunsec), GFP_KERNEL);
5537 if (!tunsec)
5538 return -ENOMEM;
5539 tunsec->sid = current_sid();
5540
5541 *security = tunsec;
5542 return 0;
5543 }
5544
5545 static void selinux_tun_dev_free_security(void *security)
5546 {
5547 kfree(security);
5548 }
5549
5550 static int selinux_tun_dev_create(void)
5551 {
5552 u32 sid = current_sid();
5553
5554
5555
5556
5557
5558
5559
5560
5561 return avc_has_perm(&selinux_state,
5562 sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
5563 NULL);
5564 }
5565
5566 static int selinux_tun_dev_attach_queue(void *security)
5567 {
5568 struct tun_security_struct *tunsec = security;
5569
5570 return avc_has_perm(&selinux_state,
5571 current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET,
5572 TUN_SOCKET__ATTACH_QUEUE, NULL);
5573 }
5574
5575 static int selinux_tun_dev_attach(struct sock *sk, void *security)
5576 {
5577 struct tun_security_struct *tunsec = security;
5578 struct sk_security_struct *sksec = sk->sk_security;
5579
5580
5581
5582
5583
5584
5585
5586
5587 sksec->sid = tunsec->sid;
5588 sksec->sclass = SECCLASS_TUN_SOCKET;
5589
5590 return 0;
5591 }
5592
5593 static int selinux_tun_dev_open(void *security)
5594 {
5595 struct tun_security_struct *tunsec = security;
5596 u32 sid = current_sid();
5597 int err;
5598
5599 err = avc_has_perm(&selinux_state,
5600 sid, tunsec->sid, SECCLASS_TUN_SOCKET,
5601 TUN_SOCKET__RELABELFROM, NULL);
5602 if (err)
5603 return err;
5604 err = avc_has_perm(&selinux_state,
5605 sid, sid, SECCLASS_TUN_SOCKET,
5606 TUN_SOCKET__RELABELTO, NULL);
5607 if (err)
5608 return err;
5609 tunsec->sid = sid;
5610
5611 return 0;
5612 }
5613
5614 #ifdef CONFIG_NETFILTER
5615
5616 static unsigned int selinux_ip_forward(void *priv, struct sk_buff *skb,
5617 const struct nf_hook_state *state)
5618 {
5619 int ifindex;
5620 u16 family;
5621 char *addrp;
5622 u32 peer_sid;
5623 struct common_audit_data ad;
5624 struct lsm_network_audit net = {0,};
5625 int secmark_active, peerlbl_active;
5626
5627 if (!selinux_policycap_netpeer())
5628 return NF_ACCEPT;
5629
5630 secmark_active = selinux_secmark_enabled();
5631 peerlbl_active = selinux_peerlbl_enabled();
5632 if (!secmark_active && !peerlbl_active)
5633 return NF_ACCEPT;
5634
5635 family = state->pf;
5636 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
5637 return NF_DROP;
5638
5639 ifindex = state->in->ifindex;
5640 ad.type = LSM_AUDIT_DATA_NET;
5641 ad.u.net = &net;
5642 ad.u.net->netif = ifindex;
5643 ad.u.net->family = family;
5644 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
5645 return NF_DROP;
5646
5647 if (peerlbl_active) {
5648 int err;
5649
5650 err = selinux_inet_sys_rcv_skb(state->net, ifindex,
5651 addrp, family, peer_sid, &ad);
5652 if (err) {
5653 selinux_netlbl_err(skb, family, err, 1);
5654 return NF_DROP;
5655 }
5656 }
5657
5658 if (secmark_active)
5659 if (avc_has_perm(&selinux_state,
5660 peer_sid, skb->secmark,
5661 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
5662 return NF_DROP;
5663
5664 if (netlbl_enabled())
5665
5666
5667
5668
5669 if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)
5670 return NF_DROP;
5671
5672 return NF_ACCEPT;
5673 }
5674
5675 static unsigned int selinux_ip_output(void *priv, struct sk_buff *skb,
5676 const struct nf_hook_state *state)
5677 {
5678 struct sock *sk;
5679 u32 sid;
5680
5681 if (!netlbl_enabled())
5682 return NF_ACCEPT;
5683
5684
5685
5686
5687 sk = skb->sk;
5688 if (sk) {
5689 struct sk_security_struct *sksec;
5690
5691 if (sk_listener(sk))
5692
5693
5694
5695
5696
5697
5698
5699
5700
5701
5702
5703
5704 return NF_ACCEPT;
5705
5706
5707 sksec = sk->sk_security;
5708 sid = sksec->sid;
5709 } else
5710 sid = SECINITSID_KERNEL;
5711 if (selinux_netlbl_skbuff_setsid(skb, state->pf, sid) != 0)
5712 return NF_DROP;
5713
5714 return NF_ACCEPT;
5715 }
5716
5717
5718 static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
5719 const struct nf_hook_state *state)
5720 {
5721 struct sock *sk;
5722 struct sk_security_struct *sksec;
5723 struct common_audit_data ad;
5724 struct lsm_network_audit net = {0,};
5725 u8 proto = 0;
5726
5727 sk = skb_to_full_sk(skb);
5728 if (sk == NULL)
5729 return NF_ACCEPT;
5730 sksec = sk->sk_security;
5731
5732 ad.type = LSM_AUDIT_DATA_NET;
5733 ad.u.net = &net;
5734 ad.u.net->netif = state->out->ifindex;
5735 ad.u.net->family = state->pf;
5736 if (selinux_parse_skb(skb, &ad, NULL, 0, &proto))
5737 return NF_DROP;
5738
5739 if (selinux_secmark_enabled())
5740 if (avc_has_perm(&selinux_state,
5741 sksec->sid, skb->secmark,
5742 SECCLASS_PACKET, PACKET__SEND, &ad))
5743 return NF_DROP_ERR(-ECONNREFUSED);
5744
5745 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
5746 return NF_DROP_ERR(-ECONNREFUSED);
5747
5748 return NF_ACCEPT;
5749 }
5750
5751 static unsigned int selinux_ip_postroute(void *priv,
5752 struct sk_buff *skb,
5753 const struct nf_hook_state *state)
5754 {
5755 u16 family;
5756 u32 secmark_perm;
5757 u32 peer_sid;
5758 int ifindex;
5759 struct sock *sk;
5760 struct common_audit_data ad;
5761 struct lsm_network_audit net = {0,};
5762 char *addrp;
5763 int secmark_active, peerlbl_active;
5764
5765
5766
5767
5768
5769 if (!selinux_policycap_netpeer())
5770 return selinux_ip_postroute_compat(skb, state);
5771
5772 secmark_active = selinux_secmark_enabled();
5773 peerlbl_active = selinux_peerlbl_enabled();
5774 if (!secmark_active && !peerlbl_active)
5775 return NF_ACCEPT;
5776
5777 sk = skb_to_full_sk(skb);
5778
5779 #ifdef CONFIG_XFRM
5780
5781
5782
5783
5784
5785
5786
5787
5788
5789
5790
5791 if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL &&
5792 !(sk && sk_listener(sk)))
5793 return NF_ACCEPT;
5794 #endif
5795
5796 family = state->pf;
5797 if (sk == NULL) {
5798
5799
5800
5801
5802 if (skb->skb_iif) {
5803 secmark_perm = PACKET__FORWARD_OUT;
5804 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
5805 return NF_DROP;
5806 } else {
5807 secmark_perm = PACKET__SEND;
5808 peer_sid = SECINITSID_KERNEL;
5809 }
5810 } else if (sk_listener(sk)) {
5811
5812
5813
5814
5815
5816
5817
5818
5819
5820 u32 skb_sid;
5821 struct sk_security_struct *sksec;
5822
5823 sksec = sk->sk_security;
5824 if (selinux_skb_peerlbl_sid(skb, family, &skb_sid))
5825 return NF_DROP;
5826
5827
5828
5829
5830
5831
5832 if (skb_sid == SECSID_NULL) {
5833 switch (family) {
5834 case PF_INET:
5835 if (IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED)
5836 return NF_ACCEPT;
5837 break;
5838 case PF_INET6:
5839 if (IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED)
5840 return NF_ACCEPT;
5841 break;
5842 default:
5843 return NF_DROP_ERR(-ECONNREFUSED);
5844 }
5845 }
5846 if (selinux_conn_sid(sksec->sid, skb_sid, &peer_sid))
5847 return NF_DROP;
5848 secmark_perm = PACKET__SEND;
5849 } else {
5850
5851
5852 struct sk_security_struct *sksec = sk->sk_security;
5853 peer_sid = sksec->sid;
5854 secmark_perm = PACKET__SEND;
5855 }
5856
5857 ifindex = state->out->ifindex;
5858 ad.type = LSM_AUDIT_DATA_NET;
5859 ad.u.net = &net;
5860 ad.u.net->netif = ifindex;
5861 ad.u.net->family = family;
5862 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
5863 return NF_DROP;
5864
5865 if (secmark_active)
5866 if (avc_has_perm(&selinux_state,
5867 peer_sid, skb->secmark,
5868 SECCLASS_PACKET, secmark_perm, &ad))
5869 return NF_DROP_ERR(-ECONNREFUSED);
5870
5871 if (peerlbl_active) {
5872 u32 if_sid;
5873 u32 node_sid;
5874
5875 if (sel_netif_sid(state->net, ifindex, &if_sid))
5876 return NF_DROP;
5877 if (avc_has_perm(&selinux_state,
5878 peer_sid, if_sid,
5879 SECCLASS_NETIF, NETIF__EGRESS, &ad))
5880 return NF_DROP_ERR(-ECONNREFUSED);
5881
5882 if (sel_netnode_sid(addrp, family, &node_sid))
5883 return NF_DROP;
5884 if (avc_has_perm(&selinux_state,
5885 peer_sid, node_sid,
5886 SECCLASS_NODE, NODE__SENDTO, &ad))
5887 return NF_DROP_ERR(-ECONNREFUSED);
5888 }
5889
5890 return NF_ACCEPT;
5891 }
5892 #endif
5893
5894 static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
5895 {
5896 int rc = 0;
5897 unsigned int msg_len;
5898 unsigned int data_len = skb->len;
5899 unsigned char *data = skb->data;
5900 struct nlmsghdr *nlh;
5901 struct sk_security_struct *sksec = sk->sk_security;
5902 u16 sclass = sksec->sclass;
5903 u32 perm;
5904
5905 while (data_len >= nlmsg_total_size(0)) {
5906 nlh = (struct nlmsghdr *)data;
5907
5908
5909
5910
5911
5912
5913
5914 if (nlh->nlmsg_len < NLMSG_HDRLEN || nlh->nlmsg_len > data_len)
5915 return 0;
5916
5917 rc = selinux_nlmsg_lookup(sclass, nlh->nlmsg_type, &perm);
5918 if (rc == 0) {
5919 rc = sock_has_perm(sk, perm);
5920 if (rc)
5921 return rc;
5922 } else if (rc == -EINVAL) {
5923
5924 pr_warn_ratelimited("SELinux: unrecognized netlink"
5925 " message: protocol=%hu nlmsg_type=%hu sclass=%s"
5926 " pid=%d comm=%s\n",
5927 sk->sk_protocol, nlh->nlmsg_type,
5928 secclass_map[sclass - 1].name,
5929 task_pid_nr(current), current->comm);
5930 if (enforcing_enabled(&selinux_state) &&
5931 !security_get_allow_unknown(&selinux_state))
5932 return rc;
5933 rc = 0;
5934 } else if (rc == -ENOENT) {
5935
5936 rc = 0;
5937 } else {
5938 return rc;
5939 }
5940
5941
5942 msg_len = NLMSG_ALIGN(nlh->nlmsg_len);
5943 if (msg_len >= data_len)
5944 return 0;
5945 data_len -= msg_len;
5946 data += msg_len;
5947 }
5948
5949 return rc;
5950 }
5951
5952 static void ipc_init_security(struct ipc_security_struct *isec, u16 sclass)
5953 {
5954 isec->sclass = sclass;
5955 isec->sid = current_sid();
5956 }
5957
5958 static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
5959 u32 perms)
5960 {
5961 struct ipc_security_struct *isec;
5962 struct common_audit_data ad;
5963 u32 sid = current_sid();
5964
5965 isec = selinux_ipc(ipc_perms);
5966
5967 ad.type = LSM_AUDIT_DATA_IPC;
5968 ad.u.ipc_id = ipc_perms->key;
5969
5970 return avc_has_perm(&selinux_state,
5971 sid, isec->sid, isec->sclass, perms, &ad);
5972 }
5973
5974 static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
5975 {
5976 struct msg_security_struct *msec;
5977
5978 msec = selinux_msg_msg(msg);
5979 msec->sid = SECINITSID_UNLABELED;
5980
5981 return 0;
5982 }
5983
5984
5985 static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq)
5986 {
5987 struct ipc_security_struct *isec;
5988 struct common_audit_data ad;
5989 u32 sid = current_sid();
5990 int rc;
5991
5992 isec = selinux_ipc(msq);
5993 ipc_init_security(isec, SECCLASS_MSGQ);
5994
5995 ad.type = LSM_AUDIT_DATA_IPC;
5996 ad.u.ipc_id = msq->key;
5997
5998 rc = avc_has_perm(&selinux_state,
5999 sid, isec->sid, SECCLASS_MSGQ,
6000 MSGQ__CREATE, &ad);
6001 return rc;
6002 }
6003
6004 static int selinux_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg)
6005 {
6006 struct ipc_security_struct *isec;
6007 struct common_audit_data ad;
6008 u32 sid = current_sid();
6009
6010 isec = selinux_ipc(msq);
6011
6012 ad.type = LSM_AUDIT_DATA_IPC;
6013 ad.u.ipc_id = msq->key;
6014
6015 return avc_has_perm(&selinux_state,
6016 sid, isec->sid, SECCLASS_MSGQ,
6017 MSGQ__ASSOCIATE, &ad);
6018 }
6019
6020 static int selinux_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd)
6021 {
6022 int err;
6023 int perms;
6024
6025 switch (cmd) {
6026 case IPC_INFO:
6027 case MSG_INFO:
6028
6029 return avc_has_perm(&selinux_state,
6030 current_sid(), SECINITSID_KERNEL,
6031 SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL);
6032 case IPC_STAT:
6033 case MSG_STAT:
6034 case MSG_STAT_ANY:
6035 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
6036 break;
6037 case IPC_SET:
6038 perms = MSGQ__SETATTR;
6039 break;
6040 case IPC_RMID:
6041 perms = MSGQ__DESTROY;
6042 break;
6043 default:
6044 return 0;
6045 }
6046
6047 err = ipc_has_perm(msq, perms);
6048 return err;
6049 }
6050
6051 static int selinux_msg_queue_msgsnd(struct kern_ipc_perm *msq, struct msg_msg *msg, int msqflg)
6052 {
6053 struct ipc_security_struct *isec;
6054 struct msg_security_struct *msec;
6055 struct common_audit_data ad;
6056 u32 sid = current_sid();
6057 int rc;
6058
6059 isec = selinux_ipc(msq);
6060 msec = selinux_msg_msg(msg);
6061
6062
6063
6064
6065 if (msec->sid == SECINITSID_UNLABELED) {
6066
6067
6068
6069
6070 rc = security_transition_sid(&selinux_state, sid, isec->sid,
6071 SECCLASS_MSG, NULL, &msec->sid);
6072 if (rc)
6073 return rc;
6074 }
6075
6076 ad.type = LSM_AUDIT_DATA_IPC;
6077 ad.u.ipc_id = msq->key;
6078
6079
6080 rc = avc_has_perm(&selinux_state,
6081 sid, isec->sid, SECCLASS_MSGQ,
6082 MSGQ__WRITE, &ad);
6083 if (!rc)
6084
6085 rc = avc_has_perm(&selinux_state,
6086 sid, msec->sid, SECCLASS_MSG,
6087 MSG__SEND, &ad);
6088 if (!rc)
6089
6090 rc = avc_has_perm(&selinux_state,
6091 msec->sid, isec->sid, SECCLASS_MSGQ,
6092 MSGQ__ENQUEUE, &ad);
6093
6094 return rc;
6095 }
6096
6097 static int selinux_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg,
6098 struct task_struct *target,
6099 long type, int mode)
6100 {
6101 struct ipc_security_struct *isec;
6102 struct msg_security_struct *msec;
6103 struct common_audit_data ad;
6104 u32 sid = task_sid_obj(target);
6105 int rc;
6106
6107 isec = selinux_ipc(msq);
6108 msec = selinux_msg_msg(msg);
6109
6110 ad.type = LSM_AUDIT_DATA_IPC;
6111 ad.u.ipc_id = msq->key;
6112
6113 rc = avc_has_perm(&selinux_state,
6114 sid, isec->sid,
6115 SECCLASS_MSGQ, MSGQ__READ, &ad);
6116 if (!rc)
6117 rc = avc_has_perm(&selinux_state,
6118 sid, msec->sid,
6119 SECCLASS_MSG, MSG__RECEIVE, &ad);
6120 return rc;
6121 }
6122
6123
6124 static int selinux_shm_alloc_security(struct kern_ipc_perm *shp)
6125 {
6126 struct ipc_security_struct *isec;
6127 struct common_audit_data ad;
6128 u32 sid = current_sid();
6129 int rc;
6130
6131 isec = selinux_ipc(shp);
6132 ipc_init_security(isec, SECCLASS_SHM);
6133
6134 ad.type = LSM_AUDIT_DATA_IPC;
6135 ad.u.ipc_id = shp->key;
6136
6137 rc = avc_has_perm(&selinux_state,
6138 sid, isec->sid, SECCLASS_SHM,
6139 SHM__CREATE, &ad);
6140 return rc;
6141 }
6142
6143 static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg)
6144 {
6145 struct ipc_security_struct *isec;
6146 struct common_audit_data ad;
6147 u32 sid = current_sid();
6148
6149 isec = selinux_ipc(shp);
6150
6151 ad.type = LSM_AUDIT_DATA_IPC;
6152 ad.u.ipc_id = shp->key;
6153
6154 return avc_has_perm(&selinux_state,
6155 sid, isec->sid, SECCLASS_SHM,
6156 SHM__ASSOCIATE, &ad);
6157 }
6158
6159
6160 static int selinux_shm_shmctl(struct kern_ipc_perm *shp, int cmd)
6161 {
6162 int perms;
6163 int err;
6164
6165 switch (cmd) {
6166 case IPC_INFO:
6167 case SHM_INFO:
6168
6169 return avc_has_perm(&selinux_state,
6170 current_sid(), SECINITSID_KERNEL,
6171 SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL);
6172 case IPC_STAT:
6173 case SHM_STAT:
6174 case SHM_STAT_ANY:
6175 perms = SHM__GETATTR | SHM__ASSOCIATE;
6176 break;
6177 case IPC_SET:
6178 perms = SHM__SETATTR;
6179 break;
6180 case SHM_LOCK:
6181 case SHM_UNLOCK:
6182 perms = SHM__LOCK;
6183 break;
6184 case IPC_RMID:
6185 perms = SHM__DESTROY;
6186 break;
6187 default:
6188 return 0;
6189 }
6190
6191 err = ipc_has_perm(shp, perms);
6192 return err;
6193 }
6194
6195 static int selinux_shm_shmat(struct kern_ipc_perm *shp,
6196 char __user *shmaddr, int shmflg)
6197 {
6198 u32 perms;
6199
6200 if (shmflg & SHM_RDONLY)
6201 perms = SHM__READ;
6202 else
6203 perms = SHM__READ | SHM__WRITE;
6204
6205 return ipc_has_perm(shp, perms);
6206 }
6207
6208
6209 static int selinux_sem_alloc_security(struct kern_ipc_perm *sma)
6210 {
6211 struct ipc_security_struct *isec;
6212 struct common_audit_data ad;
6213 u32 sid = current_sid();
6214 int rc;
6215
6216 isec = selinux_ipc(sma);
6217 ipc_init_security(isec, SECCLASS_SEM);
6218
6219 ad.type = LSM_AUDIT_DATA_IPC;
6220 ad.u.ipc_id = sma->key;
6221
6222 rc = avc_has_perm(&selinux_state,
6223 sid, isec->sid, SECCLASS_SEM,
6224 SEM__CREATE, &ad);
6225 return rc;
6226 }
6227
6228 static int selinux_sem_associate(struct kern_ipc_perm *sma, int semflg)
6229 {
6230 struct ipc_security_struct *isec;
6231 struct common_audit_data ad;
6232 u32 sid = current_sid();
6233
6234 isec = selinux_ipc(sma);
6235
6236 ad.type = LSM_AUDIT_DATA_IPC;
6237 ad.u.ipc_id = sma->key;
6238
6239 return avc_has_perm(&selinux_state,
6240 sid, isec->sid, SECCLASS_SEM,
6241 SEM__ASSOCIATE, &ad);
6242 }
6243
6244
6245 static int selinux_sem_semctl(struct kern_ipc_perm *sma, int cmd)
6246 {
6247 int err;
6248 u32 perms;
6249
6250 switch (cmd) {
6251 case IPC_INFO:
6252 case SEM_INFO:
6253
6254 return avc_has_perm(&selinux_state,
6255 current_sid(), SECINITSID_KERNEL,
6256 SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL);
6257 case GETPID:
6258 case GETNCNT:
6259 case GETZCNT:
6260 perms = SEM__GETATTR;
6261 break;
6262 case GETVAL:
6263 case GETALL:
6264 perms = SEM__READ;
6265 break;
6266 case SETVAL:
6267 case SETALL:
6268 perms = SEM__WRITE;
6269 break;
6270 case IPC_RMID:
6271 perms = SEM__DESTROY;
6272 break;
6273 case IPC_SET:
6274 perms = SEM__SETATTR;
6275 break;
6276 case IPC_STAT:
6277 case SEM_STAT:
6278 case SEM_STAT_ANY:
6279 perms = SEM__GETATTR | SEM__ASSOCIATE;
6280 break;
6281 default:
6282 return 0;
6283 }
6284
6285 err = ipc_has_perm(sma, perms);
6286 return err;
6287 }
6288
6289 static int selinux_sem_semop(struct kern_ipc_perm *sma,
6290 struct sembuf *sops, unsigned nsops, int alter)
6291 {
6292 u32 perms;
6293
6294 if (alter)
6295 perms = SEM__READ | SEM__WRITE;
6296 else
6297 perms = SEM__READ;
6298
6299 return ipc_has_perm(sma, perms);
6300 }
6301
6302 static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
6303 {
6304 u32 av = 0;
6305
6306 av = 0;
6307 if (flag & S_IRUGO)
6308 av |= IPC__UNIX_READ;
6309 if (flag & S_IWUGO)
6310 av |= IPC__UNIX_WRITE;
6311
6312 if (av == 0)
6313 return 0;
6314
6315 return ipc_has_perm(ipcp, av);
6316 }
6317
6318 static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
6319 {
6320 struct ipc_security_struct *isec = selinux_ipc(ipcp);
6321 *secid = isec->sid;
6322 }
6323
6324 static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
6325 {
6326 if (inode)
6327 inode_doinit_with_dentry(inode, dentry);
6328 }
6329
6330 static int selinux_getprocattr(struct task_struct *p,
6331 char *name, char **value)
6332 {
6333 const struct task_security_struct *__tsec;
6334 u32 sid;
6335 int error;
6336 unsigned len;
6337
6338 rcu_read_lock();
6339 __tsec = selinux_cred(__task_cred(p));
6340
6341 if (current != p) {
6342 error = avc_has_perm(&selinux_state,
6343 current_sid(), __tsec->sid,
6344 SECCLASS_PROCESS, PROCESS__GETATTR, NULL);
6345 if (error)
6346 goto bad;
6347 }
6348
6349 if (!strcmp(name, "current"))
6350 sid = __tsec->sid;
6351 else if (!strcmp(name, "prev"))
6352 sid = __tsec->osid;
6353 else if (!strcmp(name, "exec"))
6354 sid = __tsec->exec_sid;
6355 else if (!strcmp(name, "fscreate"))
6356 sid = __tsec->create_sid;
6357 else if (!strcmp(name, "keycreate"))
6358 sid = __tsec->keycreate_sid;
6359 else if (!strcmp(name, "sockcreate"))
6360 sid = __tsec->sockcreate_sid;
6361 else {
6362 error = -EINVAL;
6363 goto bad;
6364 }
6365 rcu_read_unlock();
6366
6367 if (!sid)
6368 return 0;
6369
6370 error = security_sid_to_context(&selinux_state, sid, value, &len);
6371 if (error)
6372 return error;
6373 return len;
6374
6375 bad:
6376 rcu_read_unlock();
6377 return error;
6378 }
6379
6380 static int selinux_setprocattr(const char *name, void *value, size_t size)
6381 {
6382 struct task_security_struct *tsec;
6383 struct cred *new;
6384 u32 mysid = current_sid(), sid = 0, ptsid;
6385 int error;
6386 char *str = value;
6387
6388
6389
6390
6391 if (!strcmp(name, "exec"))
6392 error = avc_has_perm(&selinux_state,
6393 mysid, mysid, SECCLASS_PROCESS,
6394 PROCESS__SETEXEC, NULL);
6395 else if (!strcmp(name, "fscreate"))
6396 error = avc_has_perm(&selinux_state,
6397 mysid, mysid, SECCLASS_PROCESS,
6398 PROCESS__SETFSCREATE, NULL);
6399 else if (!strcmp(name, "keycreate"))
6400 error = avc_has_perm(&selinux_state,
6401 mysid, mysid, SECCLASS_PROCESS,
6402 PROCESS__SETKEYCREATE, NULL);
6403 else if (!strcmp(name, "sockcreate"))
6404 error = avc_has_perm(&selinux_state,
6405 mysid, mysid, SECCLASS_PROCESS,
6406 PROCESS__SETSOCKCREATE, NULL);
6407 else if (!strcmp(name, "current"))
6408 error = avc_has_perm(&selinux_state,
6409 mysid, mysid, SECCLASS_PROCESS,
6410 PROCESS__SETCURRENT, NULL);
6411 else
6412 error = -EINVAL;
6413 if (error)
6414 return error;
6415
6416
6417 if (size && str[0] && str[0] != '\n') {
6418 if (str[size-1] == '\n') {
6419 str[size-1] = 0;
6420 size--;
6421 }
6422 error = security_context_to_sid(&selinux_state, value, size,
6423 &sid, GFP_KERNEL);
6424 if (error == -EINVAL && !strcmp(name, "fscreate")) {
6425 if (!has_cap_mac_admin(true)) {
6426 struct audit_buffer *ab;
6427 size_t audit_size;
6428
6429
6430
6431 if (str[size - 1] == '\0')
6432 audit_size = size - 1;
6433 else
6434 audit_size = size;
6435 ab = audit_log_start(audit_context(),
6436 GFP_ATOMIC,
6437 AUDIT_SELINUX_ERR);
6438 if (!ab)
6439 return error;
6440 audit_log_format(ab, "op=fscreate invalid_context=");
6441 audit_log_n_untrustedstring(ab, value, audit_size);
6442 audit_log_end(ab);
6443
6444 return error;
6445 }
6446 error = security_context_to_sid_force(
6447 &selinux_state,
6448 value, size, &sid);
6449 }
6450 if (error)
6451 return error;
6452 }
6453
6454 new = prepare_creds();
6455 if (!new)
6456 return -ENOMEM;
6457
6458
6459
6460
6461
6462
6463
6464 tsec = selinux_cred(new);
6465 if (!strcmp(name, "exec")) {
6466 tsec->exec_sid = sid;
6467 } else if (!strcmp(name, "fscreate")) {
6468 tsec->create_sid = sid;
6469 } else if (!strcmp(name, "keycreate")) {
6470 if (sid) {
6471 error = avc_has_perm(&selinux_state, mysid, sid,
6472 SECCLASS_KEY, KEY__CREATE, NULL);
6473 if (error)
6474 goto abort_change;
6475 }
6476 tsec->keycreate_sid = sid;
6477 } else if (!strcmp(name, "sockcreate")) {
6478 tsec->sockcreate_sid = sid;
6479 } else if (!strcmp(name, "current")) {
6480 error = -EINVAL;
6481 if (sid == 0)
6482 goto abort_change;
6483
6484
6485 if (!current_is_single_threaded()) {
6486 error = security_bounded_transition(&selinux_state,
6487 tsec->sid, sid);
6488 if (error)
6489 goto abort_change;
6490 }
6491
6492
6493 error = avc_has_perm(&selinux_state,
6494 tsec->sid, sid, SECCLASS_PROCESS,
6495 PROCESS__DYNTRANSITION, NULL);
6496 if (error)
6497 goto abort_change;
6498
6499
6500
6501 ptsid = ptrace_parent_sid();
6502 if (ptsid != 0) {
6503 error = avc_has_perm(&selinux_state,
6504 ptsid, sid, SECCLASS_PROCESS,
6505 PROCESS__PTRACE, NULL);
6506 if (error)
6507 goto abort_change;
6508 }
6509
6510 tsec->sid = sid;
6511 } else {
6512 error = -EINVAL;
6513 goto abort_change;
6514 }
6515
6516 commit_creds(new);
6517 return size;
6518
6519 abort_change:
6520 abort_creds(new);
6521 return error;
6522 }
6523
6524 static int selinux_ismaclabel(const char *name)
6525 {
6526 return (strcmp(name, XATTR_SELINUX_SUFFIX) == 0);
6527 }
6528
6529 static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
6530 {
6531 return security_sid_to_context(&selinux_state, secid,
6532 secdata, seclen);
6533 }
6534
6535 static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
6536 {
6537 return security_context_to_sid(&selinux_state, secdata, seclen,
6538 secid, GFP_KERNEL);
6539 }
6540
6541 static void selinux_release_secctx(char *secdata, u32 seclen)
6542 {
6543 kfree(secdata);
6544 }
6545
6546 static void selinux_inode_invalidate_secctx(struct inode *inode)
6547 {
6548 struct inode_security_struct *isec = selinux_inode(inode);
6549
6550 spin_lock(&isec->lock);
6551 isec->initialized = LABEL_INVALID;
6552 spin_unlock(&isec->lock);
6553 }
6554
6555
6556
6557
6558 static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
6559 {
6560 int rc = selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX,
6561 ctx, ctxlen, 0);
6562
6563 return rc == -EOPNOTSUPP ? 0 : rc;
6564 }
6565
6566
6567
6568
6569 static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
6570 {
6571 return __vfs_setxattr_noperm(&init_user_ns, dentry, XATTR_NAME_SELINUX,
6572 ctx, ctxlen, 0);
6573 }
6574
6575 static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
6576 {
6577 int len = 0;
6578 len = selinux_inode_getsecurity(&init_user_ns, inode,
6579 XATTR_SELINUX_SUFFIX, ctx, true);
6580 if (len < 0)
6581 return len;
6582 *ctxlen = len;
6583 return 0;
6584 }
6585 #ifdef CONFIG_KEYS
6586
6587 static int selinux_key_alloc(struct key *k, const struct cred *cred,
6588 unsigned long flags)
6589 {
6590 const struct task_security_struct *tsec;
6591 struct key_security_struct *ksec;
6592
6593 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
6594 if (!ksec)
6595 return -ENOMEM;
6596
6597 tsec = selinux_cred(cred);
6598 if (tsec->keycreate_sid)
6599 ksec->sid = tsec->keycreate_sid;
6600 else
6601 ksec->sid = tsec->sid;
6602
6603 k->security = ksec;
6604 return 0;
6605 }
6606
6607 static void selinux_key_free(struct key *k)
6608 {
6609 struct key_security_struct *ksec = k->security;
6610
6611 k->security = NULL;
6612 kfree(ksec);
6613 }
6614
6615 static int selinux_key_permission(key_ref_t key_ref,
6616 const struct cred *cred,
6617 enum key_need_perm need_perm)
6618 {
6619 struct key *key;
6620 struct key_security_struct *ksec;
6621 u32 perm, sid;
6622
6623 switch (need_perm) {
6624 case KEY_NEED_VIEW:
6625 perm = KEY__VIEW;
6626 break;
6627 case KEY_NEED_READ:
6628 perm = KEY__READ;
6629 break;
6630 case KEY_NEED_WRITE:
6631 perm = KEY__WRITE;
6632 break;
6633 case KEY_NEED_SEARCH:
6634 perm = KEY__SEARCH;
6635 break;
6636 case KEY_NEED_LINK:
6637 perm = KEY__LINK;
6638 break;
6639 case KEY_NEED_SETATTR:
6640 perm = KEY__SETATTR;
6641 break;
6642 case KEY_NEED_UNLINK:
6643 case KEY_SYSADMIN_OVERRIDE:
6644 case KEY_AUTHTOKEN_OVERRIDE:
6645 case KEY_DEFER_PERM_CHECK:
6646 return 0;
6647 default:
6648 WARN_ON(1);
6649 return -EPERM;
6650
6651 }
6652
6653 sid = cred_sid(cred);
6654 key = key_ref_to_ptr(key_ref);
6655 ksec = key->security;
6656
6657 return avc_has_perm(&selinux_state,
6658 sid, ksec->sid, SECCLASS_KEY, perm, NULL);
6659 }
6660
6661 static int selinux_key_getsecurity(struct key *key, char **_buffer)
6662 {
6663 struct key_security_struct *ksec = key->security;
6664 char *context = NULL;
6665 unsigned len;
6666 int rc;
6667
6668 rc = security_sid_to_context(&selinux_state, ksec->sid,
6669 &context, &len);
6670 if (!rc)
6671 rc = len;
6672 *_buffer = context;
6673 return rc;
6674 }
6675
6676 #ifdef CONFIG_KEY_NOTIFICATIONS
6677 static int selinux_watch_key(struct key *key)
6678 {
6679 struct key_security_struct *ksec = key->security;
6680 u32 sid = current_sid();
6681
6682 return avc_has_perm(&selinux_state,
6683 sid, ksec->sid, SECCLASS_KEY, KEY__VIEW, NULL);
6684 }
6685 #endif
6686 #endif
6687
6688 #ifdef CONFIG_SECURITY_INFINIBAND
6689 static int selinux_ib_pkey_access(void *ib_sec, u64 subnet_prefix, u16 pkey_val)
6690 {
6691 struct common_audit_data ad;
6692 int err;
6693 u32 sid = 0;
6694 struct ib_security_struct *sec = ib_sec;
6695 struct lsm_ibpkey_audit ibpkey;
6696
6697 err = sel_ib_pkey_sid(subnet_prefix, pkey_val, &sid);
6698 if (err)
6699 return err;
6700
6701 ad.type = LSM_AUDIT_DATA_IBPKEY;
6702 ibpkey.subnet_prefix = subnet_prefix;
6703 ibpkey.pkey = pkey_val;
6704 ad.u.ibpkey = &ibpkey;
6705 return avc_has_perm(&selinux_state,
6706 sec->sid, sid,
6707 SECCLASS_INFINIBAND_PKEY,
6708 INFINIBAND_PKEY__ACCESS, &ad);
6709 }
6710
6711 static int selinux_ib_endport_manage_subnet(void *ib_sec, const char *dev_name,
6712 u8 port_num)
6713 {
6714 struct common_audit_data ad;
6715 int err;
6716 u32 sid = 0;
6717 struct ib_security_struct *sec = ib_sec;
6718 struct lsm_ibendport_audit ibendport;
6719
6720 err = security_ib_endport_sid(&selinux_state, dev_name, port_num,
6721 &sid);
6722
6723 if (err)
6724 return err;
6725
6726 ad.type = LSM_AUDIT_DATA_IBENDPORT;
6727 ibendport.dev_name = dev_name;
6728 ibendport.port = port_num;
6729 ad.u.ibendport = &ibendport;
6730 return avc_has_perm(&selinux_state,
6731 sec->sid, sid,
6732 SECCLASS_INFINIBAND_ENDPORT,
6733 INFINIBAND_ENDPORT__MANAGE_SUBNET, &ad);
6734 }
6735
6736 static int selinux_ib_alloc_security(void **ib_sec)
6737 {
6738 struct ib_security_struct *sec;
6739
6740 sec = kzalloc(sizeof(*sec), GFP_KERNEL);
6741 if (!sec)
6742 return -ENOMEM;
6743 sec->sid = current_sid();
6744
6745 *ib_sec = sec;
6746 return 0;
6747 }
6748
6749 static void selinux_ib_free_security(void *ib_sec)
6750 {
6751 kfree(ib_sec);
6752 }
6753 #endif
6754
6755 #ifdef CONFIG_BPF_SYSCALL
6756 static int selinux_bpf(int cmd, union bpf_attr *attr,
6757 unsigned int size)
6758 {
6759 u32 sid = current_sid();
6760 int ret;
6761
6762 switch (cmd) {
6763 case BPF_MAP_CREATE:
6764 ret = avc_has_perm(&selinux_state,
6765 sid, sid, SECCLASS_BPF, BPF__MAP_CREATE,
6766 NULL);
6767 break;
6768 case BPF_PROG_LOAD:
6769 ret = avc_has_perm(&selinux_state,
6770 sid, sid, SECCLASS_BPF, BPF__PROG_LOAD,
6771 NULL);
6772 break;
6773 default:
6774 ret = 0;
6775 break;
6776 }
6777
6778 return ret;
6779 }
6780
6781 static u32 bpf_map_fmode_to_av(fmode_t fmode)
6782 {
6783 u32 av = 0;
6784
6785 if (fmode & FMODE_READ)
6786 av |= BPF__MAP_READ;
6787 if (fmode & FMODE_WRITE)
6788 av |= BPF__MAP_WRITE;
6789 return av;
6790 }
6791
6792
6793
6794
6795
6796
6797
6798
6799
6800 static int bpf_fd_pass(struct file *file, u32 sid)
6801 {
6802 struct bpf_security_struct *bpfsec;
6803 struct bpf_prog *prog;
6804 struct bpf_map *map;
6805 int ret;
6806
6807 if (file->f_op == &bpf_map_fops) {
6808 map = file->private_data;
6809 bpfsec = map->security;
6810 ret = avc_has_perm(&selinux_state,
6811 sid, bpfsec->sid, SECCLASS_BPF,
6812 bpf_map_fmode_to_av(file->f_mode), NULL);
6813 if (ret)
6814 return ret;
6815 } else if (file->f_op == &bpf_prog_fops) {
6816 prog = file->private_data;
6817 bpfsec = prog->aux->security;
6818 ret = avc_has_perm(&selinux_state,
6819 sid, bpfsec->sid, SECCLASS_BPF,
6820 BPF__PROG_RUN, NULL);
6821 if (ret)
6822 return ret;
6823 }
6824 return 0;
6825 }
6826
6827 static int selinux_bpf_map(struct bpf_map *map, fmode_t fmode)
6828 {
6829 u32 sid = current_sid();
6830 struct bpf_security_struct *bpfsec;
6831
6832 bpfsec = map->security;
6833 return avc_has_perm(&selinux_state,
6834 sid, bpfsec->sid, SECCLASS_BPF,
6835 bpf_map_fmode_to_av(fmode), NULL);
6836 }
6837
6838 static int selinux_bpf_prog(struct bpf_prog *prog)
6839 {
6840 u32 sid = current_sid();
6841 struct bpf_security_struct *bpfsec;
6842
6843 bpfsec = prog->aux->security;
6844 return avc_has_perm(&selinux_state,
6845 sid, bpfsec->sid, SECCLASS_BPF,
6846 BPF__PROG_RUN, NULL);
6847 }
6848
6849 static int selinux_bpf_map_alloc(struct bpf_map *map)
6850 {
6851 struct bpf_security_struct *bpfsec;
6852
6853 bpfsec = kzalloc(sizeof(*bpfsec), GFP_KERNEL);
6854 if (!bpfsec)
6855 return -ENOMEM;
6856
6857 bpfsec->sid = current_sid();
6858 map->security = bpfsec;
6859
6860 return 0;
6861 }
6862
6863 static void selinux_bpf_map_free(struct bpf_map *map)
6864 {
6865 struct bpf_security_struct *bpfsec = map->security;
6866
6867 map->security = NULL;
6868 kfree(bpfsec);
6869 }
6870
6871 static int selinux_bpf_prog_alloc(struct bpf_prog_aux *aux)
6872 {
6873 struct bpf_security_struct *bpfsec;
6874
6875 bpfsec = kzalloc(sizeof(*bpfsec), GFP_KERNEL);
6876 if (!bpfsec)
6877 return -ENOMEM;
6878
6879 bpfsec->sid = current_sid();
6880 aux->security = bpfsec;
6881
6882 return 0;
6883 }
6884
6885 static void selinux_bpf_prog_free(struct bpf_prog_aux *aux)
6886 {
6887 struct bpf_security_struct *bpfsec = aux->security;
6888
6889 aux->security = NULL;
6890 kfree(bpfsec);
6891 }
6892 #endif
6893
6894 struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = {
6895 .lbs_cred = sizeof(struct task_security_struct),
6896 .lbs_file = sizeof(struct file_security_struct),
6897 .lbs_inode = sizeof(struct inode_security_struct),
6898 .lbs_ipc = sizeof(struct ipc_security_struct),
6899 .lbs_msg_msg = sizeof(struct msg_security_struct),
6900 .lbs_superblock = sizeof(struct superblock_security_struct),
6901 };
6902
6903 #ifdef CONFIG_PERF_EVENTS
6904 static int selinux_perf_event_open(struct perf_event_attr *attr, int type)
6905 {
6906 u32 requested, sid = current_sid();
6907
6908 if (type == PERF_SECURITY_OPEN)
6909 requested = PERF_EVENT__OPEN;
6910 else if (type == PERF_SECURITY_CPU)
6911 requested = PERF_EVENT__CPU;
6912 else if (type == PERF_SECURITY_KERNEL)
6913 requested = PERF_EVENT__KERNEL;
6914 else if (type == PERF_SECURITY_TRACEPOINT)
6915 requested = PERF_EVENT__TRACEPOINT;
6916 else
6917 return -EINVAL;
6918
6919 return avc_has_perm(&selinux_state, sid, sid, SECCLASS_PERF_EVENT,
6920 requested, NULL);
6921 }
6922
6923 static int selinux_perf_event_alloc(struct perf_event *event)
6924 {
6925 struct perf_event_security_struct *perfsec;
6926
6927 perfsec = kzalloc(sizeof(*perfsec), GFP_KERNEL);
6928 if (!perfsec)
6929 return -ENOMEM;
6930
6931 perfsec->sid = current_sid();
6932 event->security = perfsec;
6933
6934 return 0;
6935 }
6936
6937 static void selinux_perf_event_free(struct perf_event *event)
6938 {
6939 struct perf_event_security_struct *perfsec = event->security;
6940
6941 event->security = NULL;
6942 kfree(perfsec);
6943 }
6944
6945 static int selinux_perf_event_read(struct perf_event *event)
6946 {
6947 struct perf_event_security_struct *perfsec = event->security;
6948 u32 sid = current_sid();
6949
6950 return avc_has_perm(&selinux_state, sid, perfsec->sid,
6951 SECCLASS_PERF_EVENT, PERF_EVENT__READ, NULL);
6952 }
6953
6954 static int selinux_perf_event_write(struct perf_event *event)
6955 {
6956 struct perf_event_security_struct *perfsec = event->security;
6957 u32 sid = current_sid();
6958
6959 return avc_has_perm(&selinux_state, sid, perfsec->sid,
6960 SECCLASS_PERF_EVENT, PERF_EVENT__WRITE, NULL);
6961 }
6962 #endif
6963
6964 #ifdef CONFIG_IO_URING
6965
6966
6967
6968
6969
6970
6971
6972 static int selinux_uring_override_creds(const struct cred *new)
6973 {
6974 return avc_has_perm(&selinux_state, current_sid(), cred_sid(new),
6975 SECCLASS_IO_URING, IO_URING__OVERRIDE_CREDS, NULL);
6976 }
6977
6978
6979
6980
6981
6982
6983
6984 static int selinux_uring_sqpoll(void)
6985 {
6986 int sid = current_sid();
6987
6988 return avc_has_perm(&selinux_state, sid, sid,
6989 SECCLASS_IO_URING, IO_URING__SQPOLL, NULL);
6990 }
6991
6992
6993
6994
6995
6996
6997
6998
6999
7000 static int selinux_uring_cmd(struct io_uring_cmd *ioucmd)
7001 {
7002 struct file *file = ioucmd->file;
7003 struct inode *inode = file_inode(file);
7004 struct inode_security_struct *isec = selinux_inode(inode);
7005 struct common_audit_data ad;
7006
7007 ad.type = LSM_AUDIT_DATA_FILE;
7008 ad.u.file = file;
7009
7010 return avc_has_perm(&selinux_state, current_sid(), isec->sid,
7011 SECCLASS_IO_URING, IO_URING__CMD, &ad);
7012 }
7013 #endif
7014
7015
7016
7017
7018
7019
7020
7021
7022
7023
7024
7025
7026
7027
7028
7029
7030 static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
7031 LSM_HOOK_INIT(binder_set_context_mgr, selinux_binder_set_context_mgr),
7032 LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction),
7033 LSM_HOOK_INIT(binder_transfer_binder, selinux_binder_transfer_binder),
7034 LSM_HOOK_INIT(binder_transfer_file, selinux_binder_transfer_file),
7035
7036 LSM_HOOK_INIT(ptrace_access_check, selinux_ptrace_access_check),
7037 LSM_HOOK_INIT(ptrace_traceme, selinux_ptrace_traceme),
7038 LSM_HOOK_INIT(capget, selinux_capget),
7039 LSM_HOOK_INIT(capset, selinux_capset),
7040 LSM_HOOK_INIT(capable, selinux_capable),
7041 LSM_HOOK_INIT(quotactl, selinux_quotactl),
7042 LSM_HOOK_INIT(quota_on, selinux_quota_on),
7043 LSM_HOOK_INIT(syslog, selinux_syslog),
7044 LSM_HOOK_INIT(vm_enough_memory, selinux_vm_enough_memory),
7045
7046 LSM_HOOK_INIT(netlink_send, selinux_netlink_send),
7047
7048 LSM_HOOK_INIT(bprm_creds_for_exec, selinux_bprm_creds_for_exec),
7049 LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds),
7050 LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds),
7051
7052 LSM_HOOK_INIT(sb_free_mnt_opts, selinux_free_mnt_opts),
7053 LSM_HOOK_INIT(sb_mnt_opts_compat, selinux_sb_mnt_opts_compat),
7054 LSM_HOOK_INIT(sb_remount, selinux_sb_remount),
7055 LSM_HOOK_INIT(sb_kern_mount, selinux_sb_kern_mount),
7056 LSM_HOOK_INIT(sb_show_options, selinux_sb_show_options),
7057 LSM_HOOK_INIT(sb_statfs, selinux_sb_statfs),
7058 LSM_HOOK_INIT(sb_mount, selinux_mount),
7059 LSM_HOOK_INIT(sb_umount, selinux_umount),
7060 LSM_HOOK_INIT(sb_set_mnt_opts, selinux_set_mnt_opts),
7061 LSM_HOOK_INIT(sb_clone_mnt_opts, selinux_sb_clone_mnt_opts),
7062
7063 LSM_HOOK_INIT(move_mount, selinux_move_mount),
7064
7065 LSM_HOOK_INIT(dentry_init_security, selinux_dentry_init_security),
7066 LSM_HOOK_INIT(dentry_create_files_as, selinux_dentry_create_files_as),
7067
7068 LSM_HOOK_INIT(inode_free_security, selinux_inode_free_security),
7069 LSM_HOOK_INIT(inode_init_security, selinux_inode_init_security),
7070 LSM_HOOK_INIT(inode_init_security_anon, selinux_inode_init_security_anon),
7071 LSM_HOOK_INIT(inode_create, selinux_inode_create),
7072 LSM_HOOK_INIT(inode_link, selinux_inode_link),
7073 LSM_HOOK_INIT(inode_unlink, selinux_inode_unlink),
7074 LSM_HOOK_INIT(inode_symlink, selinux_inode_symlink),
7075 LSM_HOOK_INIT(inode_mkdir, selinux_inode_mkdir),
7076 LSM_HOOK_INIT(inode_rmdir, selinux_inode_rmdir),
7077 LSM_HOOK_INIT(inode_mknod, selinux_inode_mknod),
7078 LSM_HOOK_INIT(inode_rename, selinux_inode_rename),
7079 LSM_HOOK_INIT(inode_readlink, selinux_inode_readlink),
7080 LSM_HOOK_INIT(inode_follow_link, selinux_inode_follow_link),
7081 LSM_HOOK_INIT(inode_permission, selinux_inode_permission),
7082 LSM_HOOK_INIT(inode_setattr, selinux_inode_setattr),
7083 LSM_HOOK_INIT(inode_getattr, selinux_inode_getattr),
7084 LSM_HOOK_INIT(inode_setxattr, selinux_inode_setxattr),
7085 LSM_HOOK_INIT(inode_post_setxattr, selinux_inode_post_setxattr),
7086 LSM_HOOK_INIT(inode_getxattr, selinux_inode_getxattr),
7087 LSM_HOOK_INIT(inode_listxattr, selinux_inode_listxattr),
7088 LSM_HOOK_INIT(inode_removexattr, selinux_inode_removexattr),
7089 LSM_HOOK_INIT(inode_getsecurity, selinux_inode_getsecurity),
7090 LSM_HOOK_INIT(inode_setsecurity, selinux_inode_setsecurity),
7091 LSM_HOOK_INIT(inode_listsecurity, selinux_inode_listsecurity),
7092 LSM_HOOK_INIT(inode_getsecid, selinux_inode_getsecid),
7093 LSM_HOOK_INIT(inode_copy_up, selinux_inode_copy_up),
7094 LSM_HOOK_INIT(inode_copy_up_xattr, selinux_inode_copy_up_xattr),
7095 LSM_HOOK_INIT(path_notify, selinux_path_notify),
7096
7097 LSM_HOOK_INIT(kernfs_init_security, selinux_kernfs_init_security),
7098
7099 LSM_HOOK_INIT(file_permission, selinux_file_permission),
7100 LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security),
7101 LSM_HOOK_INIT(file_ioctl, selinux_file_ioctl),
7102 LSM_HOOK_INIT(mmap_file, selinux_mmap_file),
7103 LSM_HOOK_INIT(mmap_addr, selinux_mmap_addr),
7104 LSM_HOOK_INIT(file_mprotect, selinux_file_mprotect),
7105 LSM_HOOK_INIT(file_lock, selinux_file_lock),
7106 LSM_HOOK_INIT(file_fcntl, selinux_file_fcntl),
7107 LSM_HOOK_INIT(file_set_fowner, selinux_file_set_fowner),
7108 LSM_HOOK_INIT(file_send_sigiotask, selinux_file_send_sigiotask),
7109 LSM_HOOK_INIT(file_receive, selinux_file_receive),
7110
7111 LSM_HOOK_INIT(file_open, selinux_file_open),
7112
7113 LSM_HOOK_INIT(task_alloc, selinux_task_alloc),
7114 LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare),
7115 LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer),
7116 LSM_HOOK_INIT(cred_getsecid, selinux_cred_getsecid),
7117 LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as),
7118 LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as),
7119 LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request),
7120 LSM_HOOK_INIT(kernel_load_data, selinux_kernel_load_data),
7121 LSM_HOOK_INIT(kernel_read_file, selinux_kernel_read_file),
7122 LSM_HOOK_INIT(task_setpgid, selinux_task_setpgid),
7123 LSM_HOOK_INIT(task_getpgid, selinux_task_getpgid),
7124 LSM_HOOK_INIT(task_getsid, selinux_task_getsid),
7125 LSM_HOOK_INIT(current_getsecid_subj, selinux_current_getsecid_subj),
7126 LSM_HOOK_INIT(task_getsecid_obj, selinux_task_getsecid_obj),
7127 LSM_HOOK_INIT(task_setnice, selinux_task_setnice),
7128 LSM_HOOK_INIT(task_setioprio, selinux_task_setioprio),
7129 LSM_HOOK_INIT(task_getioprio, selinux_task_getioprio),
7130 LSM_HOOK_INIT(task_prlimit, selinux_task_prlimit),
7131 LSM_HOOK_INIT(task_setrlimit, selinux_task_setrlimit),
7132 LSM_HOOK_INIT(task_setscheduler, selinux_task_setscheduler),
7133 LSM_HOOK_INIT(task_getscheduler, selinux_task_getscheduler),
7134 LSM_HOOK_INIT(task_movememory, selinux_task_movememory),
7135 LSM_HOOK_INIT(task_kill, selinux_task_kill),
7136 LSM_HOOK_INIT(task_to_inode, selinux_task_to_inode),
7137
7138 LSM_HOOK_INIT(ipc_permission, selinux_ipc_permission),
7139 LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid),
7140
7141 LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate),
7142 LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl),
7143 LSM_HOOK_INIT(msg_queue_msgsnd, selinux_msg_queue_msgsnd),
7144 LSM_HOOK_INIT(msg_queue_msgrcv, selinux_msg_queue_msgrcv),
7145
7146 LSM_HOOK_INIT(shm_associate, selinux_shm_associate),
7147 LSM_HOOK_INIT(shm_shmctl, selinux_shm_shmctl),
7148 LSM_HOOK_INIT(shm_shmat, selinux_shm_shmat),
7149
7150 LSM_HOOK_INIT(sem_associate, selinux_sem_associate),
7151 LSM_HOOK_INIT(sem_semctl, selinux_sem_semctl),
7152 LSM_HOOK_INIT(sem_semop, selinux_sem_semop),
7153
7154 LSM_HOOK_INIT(d_instantiate, selinux_d_instantiate),
7155
7156 LSM_HOOK_INIT(getprocattr, selinux_getprocattr),
7157 LSM_HOOK_INIT(setprocattr, selinux_setprocattr),
7158
7159 LSM_HOOK_INIT(ismaclabel, selinux_ismaclabel),
7160 LSM_HOOK_INIT(secctx_to_secid, selinux_secctx_to_secid),
7161 LSM_HOOK_INIT(release_secctx, selinux_release_secctx),
7162 LSM_HOOK_INIT(inode_invalidate_secctx, selinux_inode_invalidate_secctx),
7163 LSM_HOOK_INIT(inode_notifysecctx, selinux_inode_notifysecctx),
7164 LSM_HOOK_INIT(inode_setsecctx, selinux_inode_setsecctx),
7165
7166 LSM_HOOK_INIT(unix_stream_connect, selinux_socket_unix_stream_connect),
7167 LSM_HOOK_INIT(unix_may_send, selinux_socket_unix_may_send),
7168
7169 LSM_HOOK_INIT(socket_create, selinux_socket_create),
7170 LSM_HOOK_INIT(socket_post_create, selinux_socket_post_create),
7171 LSM_HOOK_INIT(socket_socketpair, selinux_socket_socketpair),
7172 LSM_HOOK_INIT(socket_bind, selinux_socket_bind),
7173 LSM_HOOK_INIT(socket_connect, selinux_socket_connect),
7174 LSM_HOOK_INIT(socket_listen, selinux_socket_listen),
7175 LSM_HOOK_INIT(socket_accept, selinux_socket_accept),
7176 LSM_HOOK_INIT(socket_sendmsg, selinux_socket_sendmsg),
7177 LSM_HOOK_INIT(socket_recvmsg, selinux_socket_recvmsg),
7178 LSM_HOOK_INIT(socket_getsockname, selinux_socket_getsockname),
7179 LSM_HOOK_INIT(socket_getpeername, selinux_socket_getpeername),
7180 LSM_HOOK_INIT(socket_getsockopt, selinux_socket_getsockopt),
7181 LSM_HOOK_INIT(socket_setsockopt, selinux_socket_setsockopt),
7182 LSM_HOOK_INIT(socket_shutdown, selinux_socket_shutdown),
7183 LSM_HOOK_INIT(socket_sock_rcv_skb, selinux_socket_sock_rcv_skb),
7184 LSM_HOOK_INIT(socket_getpeersec_stream,
7185 selinux_socket_getpeersec_stream),
7186 LSM_HOOK_INIT(socket_getpeersec_dgram, selinux_socket_getpeersec_dgram),
7187 LSM_HOOK_INIT(sk_free_security, selinux_sk_free_security),
7188 LSM_HOOK_INIT(sk_clone_security, selinux_sk_clone_security),
7189 LSM_HOOK_INIT(sk_getsecid, selinux_sk_getsecid),
7190 LSM_HOOK_INIT(sock_graft, selinux_sock_graft),
7191 LSM_HOOK_INIT(sctp_assoc_request, selinux_sctp_assoc_request),
7192 LSM_HOOK_INIT(sctp_sk_clone, selinux_sctp_sk_clone),
7193 LSM_HOOK_INIT(sctp_bind_connect, selinux_sctp_bind_connect),
7194 LSM_HOOK_INIT(sctp_assoc_established, selinux_sctp_assoc_established),
7195 LSM_HOOK_INIT(inet_conn_request, selinux_inet_conn_request),
7196 LSM_HOOK_INIT(inet_csk_clone, selinux_inet_csk_clone),
7197 LSM_HOOK_INIT(inet_conn_established, selinux_inet_conn_established),
7198 LSM_HOOK_INIT(secmark_relabel_packet, selinux_secmark_relabel_packet),
7199 LSM_HOOK_INIT(secmark_refcount_inc, selinux_secmark_refcount_inc),
7200 LSM_HOOK_INIT(secmark_refcount_dec, selinux_secmark_refcount_dec),
7201 LSM_HOOK_INIT(req_classify_flow, selinux_req_classify_flow),
7202 LSM_HOOK_INIT(tun_dev_free_security, selinux_tun_dev_free_security),
7203 LSM_HOOK_INIT(tun_dev_create, selinux_tun_dev_create),
7204 LSM_HOOK_INIT(tun_dev_attach_queue, selinux_tun_dev_attach_queue),
7205 LSM_HOOK_INIT(tun_dev_attach, selinux_tun_dev_attach),
7206 LSM_HOOK_INIT(tun_dev_open, selinux_tun_dev_open),
7207 #ifdef CONFIG_SECURITY_INFINIBAND
7208 LSM_HOOK_INIT(ib_pkey_access, selinux_ib_pkey_access),
7209 LSM_HOOK_INIT(ib_endport_manage_subnet,
7210 selinux_ib_endport_manage_subnet),
7211 LSM_HOOK_INIT(ib_free_security, selinux_ib_free_security),
7212 #endif
7213 #ifdef CONFIG_SECURITY_NETWORK_XFRM
7214 LSM_HOOK_INIT(xfrm_policy_free_security, selinux_xfrm_policy_free),
7215 LSM_HOOK_INIT(xfrm_policy_delete_security, selinux_xfrm_policy_delete),
7216 LSM_HOOK_INIT(xfrm_state_free_security, selinux_xfrm_state_free),
7217 LSM_HOOK_INIT(xfrm_state_delete_security, selinux_xfrm_state_delete),
7218 LSM_HOOK_INIT(xfrm_policy_lookup, selinux_xfrm_policy_lookup),
7219 LSM_HOOK_INIT(xfrm_state_pol_flow_match,
7220 selinux_xfrm_state_pol_flow_match),
7221 LSM_HOOK_INIT(xfrm_decode_session, selinux_xfrm_decode_session),
7222 #endif
7223
7224 #ifdef CONFIG_KEYS
7225 LSM_HOOK_INIT(key_free, selinux_key_free),
7226 LSM_HOOK_INIT(key_permission, selinux_key_permission),
7227 LSM_HOOK_INIT(key_getsecurity, selinux_key_getsecurity),
7228 #ifdef CONFIG_KEY_NOTIFICATIONS
7229 LSM_HOOK_INIT(watch_key, selinux_watch_key),
7230 #endif
7231 #endif
7232
7233 #ifdef CONFIG_AUDIT
7234 LSM_HOOK_INIT(audit_rule_known, selinux_audit_rule_known),
7235 LSM_HOOK_INIT(audit_rule_match, selinux_audit_rule_match),
7236 LSM_HOOK_INIT(audit_rule_free, selinux_audit_rule_free),
7237 #endif
7238
7239 #ifdef CONFIG_BPF_SYSCALL
7240 LSM_HOOK_INIT(bpf, selinux_bpf),
7241 LSM_HOOK_INIT(bpf_map, selinux_bpf_map),
7242 LSM_HOOK_INIT(bpf_prog, selinux_bpf_prog),
7243 LSM_HOOK_INIT(bpf_map_free_security, selinux_bpf_map_free),
7244 LSM_HOOK_INIT(bpf_prog_free_security, selinux_bpf_prog_free),
7245 #endif
7246
7247 #ifdef CONFIG_PERF_EVENTS
7248 LSM_HOOK_INIT(perf_event_open, selinux_perf_event_open),
7249 LSM_HOOK_INIT(perf_event_free, selinux_perf_event_free),
7250 LSM_HOOK_INIT(perf_event_read, selinux_perf_event_read),
7251 LSM_HOOK_INIT(perf_event_write, selinux_perf_event_write),
7252 #endif
7253
7254 #ifdef CONFIG_IO_URING
7255 LSM_HOOK_INIT(uring_override_creds, selinux_uring_override_creds),
7256 LSM_HOOK_INIT(uring_sqpoll, selinux_uring_sqpoll),
7257 LSM_HOOK_INIT(uring_cmd, selinux_uring_cmd),
7258 #endif
7259
7260
7261
7262
7263 LSM_HOOK_INIT(fs_context_dup, selinux_fs_context_dup),
7264 LSM_HOOK_INIT(fs_context_parse_param, selinux_fs_context_parse_param),
7265 LSM_HOOK_INIT(sb_eat_lsm_opts, selinux_sb_eat_lsm_opts),
7266 #ifdef CONFIG_SECURITY_NETWORK_XFRM
7267 LSM_HOOK_INIT(xfrm_policy_clone_security, selinux_xfrm_policy_clone),
7268 #endif
7269
7270
7271
7272
7273 LSM_HOOK_INIT(msg_msg_alloc_security, selinux_msg_msg_alloc_security),
7274 LSM_HOOK_INIT(msg_queue_alloc_security,
7275 selinux_msg_queue_alloc_security),
7276 LSM_HOOK_INIT(shm_alloc_security, selinux_shm_alloc_security),
7277 LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security),
7278 LSM_HOOK_INIT(inode_alloc_security, selinux_inode_alloc_security),
7279 LSM_HOOK_INIT(sem_alloc_security, selinux_sem_alloc_security),
7280 LSM_HOOK_INIT(secid_to_secctx, selinux_secid_to_secctx),
7281 LSM_HOOK_INIT(inode_getsecctx, selinux_inode_getsecctx),
7282 LSM_HOOK_INIT(sk_alloc_security, selinux_sk_alloc_security),
7283 LSM_HOOK_INIT(tun_dev_alloc_security, selinux_tun_dev_alloc_security),
7284 #ifdef CONFIG_SECURITY_INFINIBAND
7285 LSM_HOOK_INIT(ib_alloc_security, selinux_ib_alloc_security),
7286 #endif
7287 #ifdef CONFIG_SECURITY_NETWORK_XFRM
7288 LSM_HOOK_INIT(xfrm_policy_alloc_security, selinux_xfrm_policy_alloc),
7289 LSM_HOOK_INIT(xfrm_state_alloc, selinux_xfrm_state_alloc),
7290 LSM_HOOK_INIT(xfrm_state_alloc_acquire,
7291 selinux_xfrm_state_alloc_acquire),
7292 #endif
7293 #ifdef CONFIG_KEYS
7294 LSM_HOOK_INIT(key_alloc, selinux_key_alloc),
7295 #endif
7296 #ifdef CONFIG_AUDIT
7297 LSM_HOOK_INIT(audit_rule_init, selinux_audit_rule_init),
7298 #endif
7299 #ifdef CONFIG_BPF_SYSCALL
7300 LSM_HOOK_INIT(bpf_map_alloc_security, selinux_bpf_map_alloc),
7301 LSM_HOOK_INIT(bpf_prog_alloc_security, selinux_bpf_prog_alloc),
7302 #endif
7303 #ifdef CONFIG_PERF_EVENTS
7304 LSM_HOOK_INIT(perf_event_alloc, selinux_perf_event_alloc),
7305 #endif
7306 };
7307
7308 static __init int selinux_init(void)
7309 {
7310 pr_info("SELinux: Initializing.\n");
7311
7312 memset(&selinux_state, 0, sizeof(selinux_state));
7313 enforcing_set(&selinux_state, selinux_enforcing_boot);
7314 if (CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE)
7315 pr_err("SELinux: CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE is non-zero. This is deprecated and will be rejected in a future kernel release.\n");
7316 checkreqprot_set(&selinux_state, selinux_checkreqprot_boot);
7317 selinux_avc_init(&selinux_state.avc);
7318 mutex_init(&selinux_state.status_lock);
7319 mutex_init(&selinux_state.policy_mutex);
7320
7321
7322 cred_init_security();
7323
7324 default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
7325
7326 avc_init();
7327
7328 avtab_cache_init();
7329
7330 ebitmap_cache_init();
7331
7332 hashtab_cache_init();
7333
7334 security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), "selinux");
7335
7336 if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET))
7337 panic("SELinux: Unable to register AVC netcache callback\n");
7338
7339 if (avc_add_callback(selinux_lsm_notifier_avc_callback, AVC_CALLBACK_RESET))
7340 panic("SELinux: Unable to register AVC LSM notifier callback\n");
7341
7342 if (selinux_enforcing_boot)
7343 pr_debug("SELinux: Starting in enforcing mode\n");
7344 else
7345 pr_debug("SELinux: Starting in permissive mode\n");
7346
7347 fs_validate_description("selinux", selinux_fs_parameters);
7348
7349 return 0;
7350 }
7351
7352 static void delayed_superblock_init(struct super_block *sb, void *unused)
7353 {
7354 selinux_set_mnt_opts(sb, NULL, 0, NULL);
7355 }
7356
7357 void selinux_complete_init(void)
7358 {
7359 pr_debug("SELinux: Completing initialization.\n");
7360
7361
7362 pr_debug("SELinux: Setting up existing superblocks.\n");
7363 iterate_supers(delayed_superblock_init, NULL);
7364 }
7365
7366
7367
7368 DEFINE_LSM(selinux) = {
7369 .name = "selinux",
7370 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
7371 .enabled = &selinux_enabled_boot,
7372 .blobs = &selinux_blob_sizes,
7373 .init = selinux_init,
7374 };
7375
7376 #if defined(CONFIG_NETFILTER)
7377
7378 static const struct nf_hook_ops selinux_nf_ops[] = {
7379 {
7380 .hook = selinux_ip_postroute,
7381 .pf = NFPROTO_IPV4,
7382 .hooknum = NF_INET_POST_ROUTING,
7383 .priority = NF_IP_PRI_SELINUX_LAST,
7384 },
7385 {
7386 .hook = selinux_ip_forward,
7387 .pf = NFPROTO_IPV4,
7388 .hooknum = NF_INET_FORWARD,
7389 .priority = NF_IP_PRI_SELINUX_FIRST,
7390 },
7391 {
7392 .hook = selinux_ip_output,
7393 .pf = NFPROTO_IPV4,
7394 .hooknum = NF_INET_LOCAL_OUT,
7395 .priority = NF_IP_PRI_SELINUX_FIRST,
7396 },
7397 #if IS_ENABLED(CONFIG_IPV6)
7398 {
7399 .hook = selinux_ip_postroute,
7400 .pf = NFPROTO_IPV6,
7401 .hooknum = NF_INET_POST_ROUTING,
7402 .priority = NF_IP6_PRI_SELINUX_LAST,
7403 },
7404 {
7405 .hook = selinux_ip_forward,
7406 .pf = NFPROTO_IPV6,
7407 .hooknum = NF_INET_FORWARD,
7408 .priority = NF_IP6_PRI_SELINUX_FIRST,
7409 },
7410 {
7411 .hook = selinux_ip_output,
7412 .pf = NFPROTO_IPV6,
7413 .hooknum = NF_INET_LOCAL_OUT,
7414 .priority = NF_IP6_PRI_SELINUX_FIRST,
7415 },
7416 #endif
7417 };
7418
7419 static int __net_init selinux_nf_register(struct net *net)
7420 {
7421 return nf_register_net_hooks(net, selinux_nf_ops,
7422 ARRAY_SIZE(selinux_nf_ops));
7423 }
7424
7425 static void __net_exit selinux_nf_unregister(struct net *net)
7426 {
7427 nf_unregister_net_hooks(net, selinux_nf_ops,
7428 ARRAY_SIZE(selinux_nf_ops));
7429 }
7430
7431 static struct pernet_operations selinux_net_ops = {
7432 .init = selinux_nf_register,
7433 .exit = selinux_nf_unregister,
7434 };
7435
7436 static int __init selinux_nf_ip_init(void)
7437 {
7438 int err;
7439
7440 if (!selinux_enabled_boot)
7441 return 0;
7442
7443 pr_debug("SELinux: Registering netfilter hooks\n");
7444
7445 err = register_pernet_subsys(&selinux_net_ops);
7446 if (err)
7447 panic("SELinux: register_pernet_subsys: error %d\n", err);
7448
7449 return 0;
7450 }
7451 __initcall(selinux_nf_ip_init);
7452
7453 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
7454 static void selinux_nf_ip_exit(void)
7455 {
7456 pr_debug("SELinux: Unregistering netfilter hooks\n");
7457
7458 unregister_pernet_subsys(&selinux_net_ops);
7459 }
7460 #endif
7461
7462 #else
7463
7464 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
7465 #define selinux_nf_ip_exit()
7466 #endif
7467
7468 #endif
7469
7470 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
7471 int selinux_disable(struct selinux_state *state)
7472 {
7473 if (selinux_initialized(state)) {
7474
7475 return -EINVAL;
7476 }
7477
7478 if (selinux_disabled(state)) {
7479
7480 return -EINVAL;
7481 }
7482
7483 selinux_mark_disabled(state);
7484
7485 pr_info("SELinux: Disabled at runtime.\n");
7486
7487
7488
7489
7490
7491
7492 selinux_nf_ip_exit();
7493
7494 security_delete_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks));
7495
7496
7497 avc_disable();
7498
7499
7500 exit_sel_fs();
7501
7502 return 0;
7503 }
7504 #endif
