PageRenderTime 63ms CodeModel.GetById 21ms RepoModel.GetById 0ms app.codeStats 1ms

/security/selinux/hooks.c

https://gitlab.com/LiquidSmooth-Devices/android_kernel_htc_msm8974
C | 5579 lines | 4543 code | 1005 blank | 31 comment | 726 complexity | df3e1a3692524b5a2b543eb0165add05 MD5 | raw file
Possible License(s): GPL-2.0

Large files files are truncated, but you can click here to view the full file

    

  1. /*
    2. 

  2.  *  NSA Security-Enhanced Linux (SELinux) security module
    3. 

  3.  *
    4. 

  4.  *  This file contains the SELinux hook function implementations.
    5. 

  5.  *
    6. 

  6.  *  Authors:  Stephen Smalley, <sds@epoch.ncsc.mil>
    7. 

  7.  *	      Chris Vance, <cvance@nai.com>
    8. 

  8.  *	      Wayne Salamon, <wsalamon@nai.com>
    9. 

  9.  *	      James Morris <jmorris@redhat.com>
    10. 

  10.  *
    11. 

  11.  *  Copyright (C) 2001,2002 Networks Associates Technology, Inc.
    12. 

  12.  *  Copyright (C) 2003-2008 Red Hat, Inc., James Morris <jmorris@redhat.com>
    13. 

  13.  *					   Eric Paris <eparis@redhat.com>
    14. 

  14.  *  Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
    15. 

  15.  *			    <dgoeddel@trustedcs.com>
    16. 

  16.  *  Copyright (C) 2006, 2007, 2009 Hewlett-Packard Development Company, L.P.
    17. 

  17.  *	Paul Moore <paul@paul-moore.com>
    18. 

  18.  *  Copyright (C) 2007 Hitachi Software Engineering Co., Ltd.
    19. 

  19.  *		       Yuichi Nakamura <ynakam@hitachisoft.jp>
    20. 

  20.  *
    21. 

  21.  *	This program is free software; you can redistribute it and/or modify
    22. 

  22.  *	it under the terms of the GNU General Public License version 2,
    23. 

  23.  *	as published by the Free Software Foundation.
    24. 

  24.  */
    25. 

  25. 

  26. #include <linux/init.h>
    27. 

  27. #include <linux/kd.h>
    28. 

  28. #include <linux/kernel.h>
    29. 

  29. #include <linux/tracehook.h>
    30. 

  30. #include <linux/errno.h>
    31. 

  31. #include <linux/sched.h>
    32. 

  32. #include <linux/security.h>
    33. 

  33. #include <linux/xattr.h>
    34. 

  34. #include <linux/capability.h>
    35. 

  35. #include <linux/unistd.h>
    36. 

  36. #include <linux/mm.h>
    37. 

  37. #include <linux/mman.h>
    38. 

  38. #include <linux/slab.h>
    39. 

  39. #include <linux/pagemap.h>
    40. 

  40. #include <linux/proc_fs.h>
    41. 

  41. #include <linux/swap.h>
    42. 

  42. #include <linux/spinlock.h>
    43. 

  43. #include <linux/syscalls.h>
    44. 

  44. #include <linux/dcache.h>
    45. 

  45. #include <linux/file.h>
    46. 

  46. #include <linux/fdtable.h>
    47. 

  47. #include <linux/namei.h>
    48. 

  48. #include <linux/mount.h>
    49. 

  49. #include <linux/netfilter_ipv4.h>
    50. 

  50. #include <linux/netfilter_ipv6.h>
    51. 

  51. #include <linux/tty.h>
    52. 

  52. #include <net/icmp.h>
    53. 

  53. #include <net/ip.h>		
    54. 

  54. #include <net/tcp.h>		
    55. 

  55. #include <net/net_namespace.h>
    56. 

  56. #include <net/netlabel.h>
    57. 

  57. #include <linux/uaccess.h>
    58. 

  58. #include <asm/ioctls.h>
    59. 

  59. #include <linux/atomic.h>
    60. 

  60. #include <linux/bitops.h>
    61. 

  61. #include <linux/interrupt.h>
    62. 

  62. #include <linux/netdevice.h>	
    63. 

  63. #include <linux/netlink.h>
    64. 

  64. #include <linux/tcp.h>
    65. 

  65. #include <linux/udp.h>
    66. 

  66. #include <linux/dccp.h>
    67. 

  67. #include <linux/quota.h>
    68. 

  68. #include <linux/un.h>		
    69. 

  69. #include <net/af_unix.h>	
    70. 

  70. #include <linux/parser.h>
    71. 

  71. #include <linux/nfs_mount.h>
    72. 

  72. #include <net/ipv6.h>
    73. 

  73. #include <linux/hugetlb.h>
    74. 

  74. #include <linux/personality.h>
    75. 

  75. #include <linux/audit.h>
    76. 

  76. #include <linux/string.h>
    77. 

  77. #include <linux/selinux.h>
    78. 

  78. #include <linux/mutex.h>
    79. 

  79. #include <linux/posix-timers.h>
    80. 

  80. #include <linux/syslog.h>
    81. 

  81. #include <linux/user_namespace.h>
    82. 

  82. #include <linux/export.h>
    83. 

  83. #include <linux/msg.h>
    84. 

  84. #include <linux/shm.h>
    85. 

  85. 

  86. #include "avc.h"
    87. 

  87. #include "objsec.h"
    88. 

  88. #include "netif.h"
    89. 

  89. #include "netnode.h"
    90. 

  90. #include "netport.h"
    91. 

  91. #include "xfrm.h"
    92. 

  92. #include "netlabel.h"
    93. 

  93. #include "audit.h"
    94. 

  94. #include "avc_ss.h"
    95. 

  95. 

  96. #define NUM_SEL_MNT_OPTS 5
    97. 

  97. 

  98. extern struct security_operations *security_ops;
    99. 

  99. 

  100. static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
    101. 

  101. 

  102. #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
    103. 

  103. int selinux_enforcing;
    104. 

  104. 

  105. static int __init enforcing_setup(char *str)
    106. 

  106. {
    107. 

  107. 	unsigned long enforcing;
    108. 

  108. 	if (!strict_strtoul(str, 0, &enforcing))
    109. 

  109. 		selinux_enforcing = enforcing ? 1 : 0;
    110. 

  110. 	return 1;
    111. 

  111. }
    112. 

  112. __setup("enforcing=", enforcing_setup);
    113. 

  113. #endif
    114. 

  114. 

  115. #ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
    116. 

  116. int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
    117. 

  117. 

  118. static int __init selinux_enabled_setup(char *str)
    119. 

  119. {
    120. 

  120. 	unsigned long enabled;
    121. 

  121. 	if (!strict_strtoul(str, 0, &enabled))
    122. 

  122. 		selinux_enabled = enabled ? 1 : 0;
    123. 

  123. 	return 1;
    124. 

  124. }
    125. 

  125. __setup("selinux=", selinux_enabled_setup);
    126. 

  126. #else
    127. 

  127. int selinux_enabled = 1;
    128. 

  128. #endif
    129. 

  129. 

  130. static struct kmem_cache *sel_inode_cache;
    131. 

  131. 

  132. static int selinux_secmark_enabled(void)
    133. 

  133. {
    134. 

  134. 	return (atomic_read(&selinux_secmark_refcount) > 0);
    135. 

  135. }
    136. 

  136. 

  137. static void cred_init_security(void)
    138. 

  138. {
    139. 

  139. 	struct cred *cred = (struct cred *) current->real_cred;
    140. 

  140. 	struct task_security_struct *tsec;
    141. 

  141. 

  142. 	tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
    143. 

  143. 	if (!tsec)
    144. 

  144. 		panic("SELinux:  Failed to initialize initial task.\n");
    145. 

  145. 

  146. 	tsec->osid = tsec->sid = SECINITSID_KERNEL;
    147. 

  147. 	cred->security = tsec;
    148. 

  148. }
    149. 

  149. 

  150. static inline u32 cred_sid(const struct cred *cred)
    151. 

  151. {
    152. 

  152. 	const struct task_security_struct *tsec;
    153. 

  153. 

  154. 	tsec = cred->security;
    155. 

  155. 	return tsec->sid;
    156. 

  156. }
    157. 

  157. 

  158. static inline u32 task_sid(const struct task_struct *task)
    159. 

  159. {
    160. 

  160. 	u32 sid;
    161. 

  161. 

  162. 	rcu_read_lock();
    163. 

  163. 	sid = cred_sid(__task_cred(task));
    164. 

  164. 	rcu_read_unlock();
    165. 

  165. 	return sid;
    166. 

  166. }
    167. 

  167. 

  168. static inline u32 current_sid(void)
    169. 

  169. {
    170. 

  170. 	const struct task_security_struct *tsec = current_security();
    171. 

  171. 

  172. 	return tsec->sid;
    173. 

  173. }
    174. 

  174. 

  175. 

  176. static int inode_alloc_security(struct inode *inode)
    177. 

  177. {
    178. 

  178. 	struct inode_security_struct *isec;
    179. 

  179. 	u32 sid = current_sid();
    180. 

  180. 

  181. 	isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
    182. 

  182. 	if (!isec)
    183. 

  183. 		return -ENOMEM;
    184. 

  184. 

  185. 	mutex_init(&isec->lock);
    186. 

  186. 	INIT_LIST_HEAD(&isec->list);
    187. 

  187. 	isec->inode = inode;
    188. 

  188. 	isec->sid = SECINITSID_UNLABELED;
    189. 

  189. 	isec->sclass = SECCLASS_FILE;
    190. 

  190. 	isec->task_sid = sid;
    191. 

  191. 	inode->i_security = isec;
    192. 

  192. 

  193. 	return 0;
    194. 

  194. }
    195. 

  195. 

  196. static void inode_free_security(struct inode *inode)
    197. 

  197. {
    198. 

  198. 	struct inode_security_struct *isec = inode->i_security;
    199. 

  199. 	struct superblock_security_struct *sbsec = inode->i_sb->s_security;
    200. 

  200. 

  201. 	spin_lock(&sbsec->isec_lock);
    202. 

  202. 	if (!list_empty(&isec->list))
    203. 

  203. 		list_del_init(&isec->list);
    204. 

  204. 	spin_unlock(&sbsec->isec_lock);
    205. 

  205. 

  206. 	inode->i_security = NULL;
    207. 

  207. 	kmem_cache_free(sel_inode_cache, isec);
    208. 

  208. }
    209. 

  209. 

  210. static int file_alloc_security(struct file *file)
    211. 

  211. {
    212. 

  212. 	struct file_security_struct *fsec;
    213. 

  213. 	u32 sid = current_sid();
    214. 

  214. 

  215. 	fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
    216. 

  216. 	if (!fsec)
    217. 

  217. 		return -ENOMEM;
    218. 

  218. 

  219. 	fsec->sid = sid;
    220. 

  220. 	fsec->fown_sid = sid;
    221. 

  221. 	file->f_security = fsec;
    222. 

  222. 

  223. 	return 0;
    224. 

  224. }
    225. 

  225. 

  226. static void file_free_security(struct file *file)
    227. 

  227. {
    228. 

  228. 	struct file_security_struct *fsec = file->f_security;
    229. 

  229. 	file->f_security = NULL;
    230. 

  230. 	kfree(fsec);
    231. 

  231. }
    232. 

  232. 

  233. static int superblock_alloc_security(struct super_block *sb)
    234. 

  234. {
    235. 

  235. 	struct superblock_security_struct *sbsec;
    236. 

  236. 

  237. 	sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
    238. 

  238. 	if (!sbsec)
    239. 

  239. 		return -ENOMEM;
    240. 

  240. 

  241. 	mutex_init(&sbsec->lock);
    242. 

  242. 	INIT_LIST_HEAD(&sbsec->isec_head);
    243. 

  243. 	spin_lock_init(&sbsec->isec_lock);
    244. 

  244. 	sbsec->sb = sb;
    245. 

  245. 	sbsec->sid = SECINITSID_UNLABELED;
    246. 

  246. 	sbsec->def_sid = SECINITSID_FILE;
    247. 

  247. 	sbsec->mntpoint_sid = SECINITSID_UNLABELED;
    248. 

  248. 	sb->s_security = sbsec;
    249. 

  249. 

  250. 	return 0;
    251. 

  251. }
    252. 

  252. 

  253. static void superblock_free_security(struct super_block *sb)
    254. 

  254. {
    255. 

  255. 	struct superblock_security_struct *sbsec = sb->s_security;
    256. 

  256. 	sb->s_security = NULL;
    257. 

  257. 	kfree(sbsec);
    258. 

  258. }
    259. 

  259. 

  260. 

  261. static const char *labeling_behaviors[6] = {
    262. 

  262. 	"uses xattr",
    263. 

  263. 	"uses transition SIDs",
    264. 

  264. 	"uses task SIDs",
    265. 

  265. 	"uses genfs_contexts",
    266. 

  266. 	"not configured for labeling",
    267. 

  267. 	"uses mountpoint labeling",
    268. 

  268. };
    269. 

  269. 

  270. static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
    271. 

  271. 

  272. static inline int inode_doinit(struct inode *inode)
    273. 

  273. {
    274. 

  274. 	return inode_doinit_with_dentry(inode, NULL);
    275. 

  275. }
    276. 

  276. 

  277. enum {
    278. 

  278. 	Opt_error = -1,
    279. 

  279. 	Opt_context = 1,
    280. 

  280. 	Opt_fscontext = 2,
    281. 

  281. 	Opt_defcontext = 3,
    282. 

  282. 	Opt_rootcontext = 4,
    283. 

  283. 	Opt_labelsupport = 5,
    284. 

  284. };
    285. 

  285. 

  286. static const match_table_t tokens = {
    287. 

  287. 	{Opt_context, CONTEXT_STR "%s"},
    288. 

  288. 	{Opt_fscontext, FSCONTEXT_STR "%s"},
    289. 

  289. 	{Opt_defcontext, DEFCONTEXT_STR "%s"},
    290. 

  290. 	{Opt_rootcontext, ROOTCONTEXT_STR "%s"},
    291. 

  291. 	{Opt_labelsupport, LABELSUPP_STR},
    292. 

  292. 	{Opt_error, NULL},
    293. 

  293. };
    294. 

  294. 

  295. #define SEL_MOUNT_FAIL_MSG "SELinux:  duplicate or incompatible mount options\n"
    296. 

  296. 

  297. static int may_context_mount_sb_relabel(u32 sid,
    298. 

  298. 			struct superblock_security_struct *sbsec,
    299. 

  299. 			const struct cred *cred)
    300. 

  300. {
    301. 

  301. 	const struct task_security_struct *tsec = cred->security;
    302. 

  302. 	int rc;
    303. 

  303. 

  304. 	rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
    305. 

  305. 			  FILESYSTEM__RELABELFROM, NULL);
    306. 

  306. 	if (rc)
    307. 

  307. 		return rc;
    308. 

  308. 

  309. 	rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
    310. 

  310. 			  FILESYSTEM__RELABELTO, NULL);
    311. 

  311. 	return rc;
    312. 

  312. }
    313. 

  313. 

  314. static int may_context_mount_inode_relabel(u32 sid,
    315. 

  315. 			struct superblock_security_struct *sbsec,
    316. 

  316. 			const struct cred *cred)
    317. 

  317. {
    318. 

  318. 	const struct task_security_struct *tsec = cred->security;
    319. 

  319. 	int rc;
    320. 

  320. 	rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
    321. 

  321. 			  FILESYSTEM__RELABELFROM, NULL);
    322. 

  322. 	if (rc)
    323. 

  323. 		return rc;
    324. 

  324. 

  325. 	rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
    326. 

  326. 			  FILESYSTEM__ASSOCIATE, NULL);
    327. 

  327. 	return rc;
    328. 

  328. }
    329. 

  329. 

  330. static int sb_finish_set_opts(struct super_block *sb)
    331. 

  331. {
    332. 

  332. 	struct superblock_security_struct *sbsec = sb->s_security;
    333. 

  333. 	struct dentry *root = sb->s_root;
    334. 

  334. 	struct inode *root_inode = root->d_inode;
    335. 

  335. 	int rc = 0;
    336. 

  336. 

  337. 	if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
    338. 

  338. 		if (!root_inode->i_op->getxattr) {
    339. 

  339. 			printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
    340. 

  340. 			       "xattr support\n", sb->s_id, sb->s_type->name);
    341. 

  341. 			rc = -EOPNOTSUPP;
    342. 

  342. 			goto out;
    343. 

  343. 		}
    344. 

  344. 		rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
    345. 

  345. 		if (rc < 0 && rc != -ENODATA) {
    346. 

  346. 			if (rc == -EOPNOTSUPP)
    347. 

  347. 				printk(KERN_WARNING "SELinux: (dev %s, type "
    348. 

  348. 				       "%s) has no security xattr handler\n",
    349. 

  349. 				       sb->s_id, sb->s_type->name);
    350. 

  350. 			else
    351. 

  351. 				printk(KERN_WARNING "SELinux: (dev %s, type "
    352. 

  352. 				       "%s) getxattr errno %d\n", sb->s_id,
    353. 

  353. 				       sb->s_type->name, -rc);
    354. 

  354. 			goto out;
    355. 

  355. 		}
    356. 

  356. 	}
    357. 

  357. 

  358. 	sbsec->flags |= (SE_SBINITIALIZED | SE_SBLABELSUPP);
    359. 

  359. 

  360. 	if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
    361. 

  361. 		printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
    362. 

  362. 		       sb->s_id, sb->s_type->name);
    363. 

  363. 	else
    364. 

  364. 		printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
    365. 

  365. 		       sb->s_id, sb->s_type->name,
    366. 

  366. 		       labeling_behaviors[sbsec->behavior-1]);
    367. 

  367. 

  368. 	if (sbsec->behavior == SECURITY_FS_USE_GENFS ||
    369. 

  369. 	    sbsec->behavior == SECURITY_FS_USE_MNTPOINT ||
    370. 

  370. 	    sbsec->behavior == SECURITY_FS_USE_NONE ||
    371. 

  371. 	    sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
    372. 

  372. 		sbsec->flags &= ~SE_SBLABELSUPP;
    373. 

  373. 

  374. 	
    375. 

  375. 	if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0)
    376. 

  376. 		sbsec->flags |= SE_SBLABELSUPP;
    377. 

  377. 

  378. 	
    379. 

  379. 	rc = inode_doinit_with_dentry(root_inode, root);
    380. 

  380. 

  381. 	spin_lock(&sbsec->isec_lock);
    382. 

  382. next_inode:
    383. 

  383. 	if (!list_empty(&sbsec->isec_head)) {
    384. 

  384. 		struct inode_security_struct *isec =
    385. 

  385. 				list_entry(sbsec->isec_head.next,
    386. 

  386. 					   struct inode_security_struct, list);
    387. 

  387. 		struct inode *inode = isec->inode;
    388. 

  388. 		spin_unlock(&sbsec->isec_lock);
    389. 

  389. 		inode = igrab(inode);
    390. 

  390. 		if (inode) {
    391. 

  391. 			if (!IS_PRIVATE(inode))
    392. 

  392. 				inode_doinit(inode);
    393. 

  393. 			iput(inode);
    394. 

  394. 		}
    395. 

  395. 		spin_lock(&sbsec->isec_lock);
    396. 

  396. 		list_del_init(&isec->list);
    397. 

  397. 		goto next_inode;
    398. 

  398. 	}
    399. 

  399. 	spin_unlock(&sbsec->isec_lock);
    400. 

  400. out:
    401. 

  401. 	return rc;
    402. 

  402. }
    403. 

  403. 

  404. static int selinux_get_mnt_opts(const struct super_block *sb,
    405. 

  405. 				struct security_mnt_opts *opts)
    406. 

  406. {
    407. 

  407. 	int rc = 0, i;
    408. 

  408. 	struct superblock_security_struct *sbsec = sb->s_security;
    409. 

  409. 	char *context = NULL;
    410. 

  410. 	u32 len;
    411. 

  411. 	char tmp;
    412. 

  412. 

  413. 	security_init_mnt_opts(opts);
    414. 

  414. 

  415. 	if (!(sbsec->flags & SE_SBINITIALIZED))
    416. 

  416. 		return -EINVAL;
    417. 

  417. 

  418. 	if (!ss_initialized)
    419. 

  419. 		return -EINVAL;
    420. 

  420. 

  421. 	tmp = sbsec->flags & SE_MNTMASK;
    422. 

  422. 	
    423. 

  423. 	for (i = 0; i < 8; i++) {
    424. 

  424. 		if (tmp & 0x01)
    425. 

  425. 			opts->num_mnt_opts++;
    426. 

  426. 		tmp >>= 1;
    427. 

  427. 	}
    428. 

  428. 	
    429. 

  429. 	if (sbsec->flags & SE_SBLABELSUPP)
    430. 

  430. 		opts->num_mnt_opts++;
    431. 

  431. 

  432. 	opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);
    433. 

  433. 	if (!opts->mnt_opts) {
    434. 

  434. 		rc = -ENOMEM;
    435. 

  435. 		goto out_free;
    436. 

  436. 	}
    437. 

  437. 

  438. 	opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC);
    439. 

  439. 	if (!opts->mnt_opts_flags) {
    440. 

  440. 		rc = -ENOMEM;
    441. 

  441. 		goto out_free;
    442. 

  442. 	}
    443. 

  443. 

  444. 	i = 0;
    445. 

  445. 	if (sbsec->flags & FSCONTEXT_MNT) {
    446. 

  446. 		rc = security_sid_to_context(sbsec->sid, &context, &len);
    447. 

  447. 		if (rc)
    448. 

  448. 			goto out_free;
    449. 

  449. 		opts->mnt_opts[i] = context;
    450. 

  450. 		opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;
    451. 

  451. 	}
    452. 

  452. 	if (sbsec->flags & CONTEXT_MNT) {
    453. 

  453. 		rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);
    454. 

  454. 		if (rc)
    455. 

  455. 			goto out_free;
    456. 

  456. 		opts->mnt_opts[i] = context;
    457. 

  457. 		opts->mnt_opts_flags[i++] = CONTEXT_MNT;
    458. 

  458. 	}
    459. 

  459. 	if (sbsec->flags & DEFCONTEXT_MNT) {
    460. 

  460. 		rc = security_sid_to_context(sbsec->def_sid, &context, &len);
    461. 

  461. 		if (rc)
    462. 

  462. 			goto out_free;
    463. 

  463. 		opts->mnt_opts[i] = context;
    464. 

  464. 		opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT;
    465. 

  465. 	}
    466. 

  466. 	if (sbsec->flags & ROOTCONTEXT_MNT) {
    467. 

  467. 		struct inode *root = sbsec->sb->s_root->d_inode;
    468. 

  468. 		struct inode_security_struct *isec = root->i_security;
    469. 

  469. 

  470. 		rc = security_sid_to_context(isec->sid, &context, &len);
    471. 

  471. 		if (rc)
    472. 

  472. 			goto out_free;
    473. 

  473. 		opts->mnt_opts[i] = context;
    474. 

  474. 		opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT;
    475. 

  475. 	}
    476. 

  476. 	if (sbsec->flags & SE_SBLABELSUPP) {
    477. 

  477. 		opts->mnt_opts[i] = NULL;
    478. 

  478. 		opts->mnt_opts_flags[i++] = SE_SBLABELSUPP;
    479. 

  479. 	}
    480. 

  480. 

  481. 	BUG_ON(i != opts->num_mnt_opts);
    482. 

  482. 

  483. 	return 0;
    484. 

  484. 

  485. out_free:
    486. 

  486. 	security_free_mnt_opts(opts);
    487. 

  487. 	return rc;
    488. 

  488. }
    489. 

  489. 

  490. static int bad_option(struct superblock_security_struct *sbsec, char flag,
    491. 

  491. 		      u32 old_sid, u32 new_sid)
    492. 

  492. {
    493. 

  493. 	char mnt_flags = sbsec->flags & SE_MNTMASK;
    494. 

  494. 

  495. 	
    496. 

  496. 	if (sbsec->flags & SE_SBINITIALIZED)
    497. 

  497. 		if (!(sbsec->flags & flag) ||
    498. 

  498. 		    (old_sid != new_sid))
    499. 

  499. 			return 1;
    500. 

  500. 

  501. 	if (!(sbsec->flags & SE_SBINITIALIZED))
    502. 

  502. 		if (mnt_flags & flag)
    503. 

  503. 			return 1;
    504. 

  504. 	return 0;
    505. 

  505. }
    506. 

  506. 

  507. static int selinux_set_mnt_opts(struct super_block *sb,
    508. 

  508. 				struct security_mnt_opts *opts)
    509. 

  509. {
    510. 

  510. 	const struct cred *cred = current_cred();
    511. 

  511. 	int rc = 0, i;
    512. 

  512. 	struct superblock_security_struct *sbsec = sb->s_security;
    513. 

  513. 	const char *name = sb->s_type->name;
    514. 

  514. 	struct inode *inode = sbsec->sb->s_root->d_inode;
    515. 

  515. 	struct inode_security_struct *root_isec = inode->i_security;
    516. 

  516. 	u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
    517. 

  517. 	u32 defcontext_sid = 0;
    518. 

  518. 	char **mount_options = opts->mnt_opts;
    519. 

  519. 	int *flags = opts->mnt_opts_flags;
    520. 

  520. 	int num_opts = opts->num_mnt_opts;
    521. 

  521. 

  522. 	mutex_lock(&sbsec->lock);
    523. 

  523. 

  524. 	if (!ss_initialized) {
    525. 

  525. 		if (!num_opts) {
    526. 

  526. 			goto out;
    527. 

  527. 		}
    528. 

  528. 		rc = -EINVAL;
    529. 

  529. 		printk(KERN_WARNING "SELinux: Unable to set superblock options "
    530. 

  530. 			"before the security server is initialized\n");
    531. 

  531. 		goto out;
    532. 

  532. 	}
    533. 

  533. 

  534. 	if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
    535. 

  535. 	    && (num_opts == 0))
    536. 

  536. 		goto out;
    537. 

  537. 

  538. 	for (i = 0; i < num_opts; i++) {
    539. 

  539. 		u32 sid;
    540. 

  540. 

  541. 		if (flags[i] == SE_SBLABELSUPP)
    542. 

  542. 			continue;
    543. 

  543. 		rc = security_context_to_sid(mount_options[i],
    544. 

  544. 					     strlen(mount_options[i]), &sid);
    545. 

  545. 		if (rc) {
    546. 

  546. 			printk(KERN_WARNING "SELinux: security_context_to_sid"
    547. 

  547. 			       "(%s) failed for (dev %s, type %s) errno=%d\n",
    548. 

  548. 			       mount_options[i], sb->s_id, name, rc);
    549. 

  549. 			goto out;
    550. 

  550. 		}
    551. 

  551. 		switch (flags[i]) {
    552. 

  552. 		case FSCONTEXT_MNT:
    553. 

  553. 			fscontext_sid = sid;
    554. 

  554. 

  555. 			if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
    556. 

  556. 					fscontext_sid))
    557. 

  557. 				goto out_double_mount;
    558. 

  558. 

  559. 			sbsec->flags |= FSCONTEXT_MNT;
    560. 

  560. 			break;
    561. 

  561. 		case CONTEXT_MNT:
    562. 

  562. 			context_sid = sid;
    563. 

  563. 

  564. 			if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
    565. 

  565. 					context_sid))
    566. 

  566. 				goto out_double_mount;
    567. 

  567. 

  568. 			sbsec->flags |= CONTEXT_MNT;
    569. 

  569. 			break;
    570. 

  570. 		case ROOTCONTEXT_MNT:
    571. 

  571. 			rootcontext_sid = sid;
    572. 

  572. 

  573. 			if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
    574. 

  574. 					rootcontext_sid))
    575. 

  575. 				goto out_double_mount;
    576. 

  576. 

  577. 			sbsec->flags |= ROOTCONTEXT_MNT;
    578. 

  578. 

  579. 			break;
    580. 

  580. 		case DEFCONTEXT_MNT:
    581. 

  581. 			defcontext_sid = sid;
    582. 

  582. 

  583. 			if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
    584. 

  584. 					defcontext_sid))
    585. 

  585. 				goto out_double_mount;
    586. 

  586. 

  587. 			sbsec->flags |= DEFCONTEXT_MNT;
    588. 

  588. 

  589. 			break;
    590. 

  590. 		default:
    591. 

  591. 			rc = -EINVAL;
    592. 

  592. 			goto out;
    593. 

  593. 		}
    594. 

  594. 	}
    595. 

  595. 

  596. 	if (sbsec->flags & SE_SBINITIALIZED) {
    597. 

  597. 		
    598. 

  598. 		if ((sbsec->flags & SE_MNTMASK) && !num_opts)
    599. 

  599. 			goto out_double_mount;
    600. 

  600. 		rc = 0;
    601. 

  601. 		goto out;
    602. 

  602. 	}
    603. 

  603. 

  604. 	if (strcmp(sb->s_type->name, "proc") == 0)
    605. 

  605. 		sbsec->flags |= SE_SBPROC;
    606. 

  606. 

  607. 	
    608. 

  608. 	rc = security_fs_use((sbsec->flags & SE_SBPROC) ? "proc" : sb->s_type->name, &sbsec->behavior, &sbsec->sid);
    609. 

  609. 	if (rc) {
    610. 

  610. 		printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
    611. 

  611. 		       __func__, sb->s_type->name, rc);
    612. 

  612. 		goto out;
    613. 

  613. 	}
    614. 

  614. 

  615. 	
    616. 

  616. 	if (fscontext_sid) {
    617. 

  617. 		rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
    618. 

  618. 		if (rc)
    619. 

  619. 			goto out;
    620. 

  620. 

  621. 		sbsec->sid = fscontext_sid;
    622. 

  622. 	}
    623. 

  623. 

  624. 	if (context_sid) {
    625. 

  625. 		if (!fscontext_sid) {
    626. 

  626. 			rc = may_context_mount_sb_relabel(context_sid, sbsec,
    627. 

  627. 							  cred);
    628. 

  628. 			if (rc)
    629. 

  629. 				goto out;
    630. 

  630. 			sbsec->sid = context_sid;
    631. 

  631. 		} else {
    632. 

  632. 			rc = may_context_mount_inode_relabel(context_sid, sbsec,
    633. 

  633. 							     cred);
    634. 

  634. 			if (rc)
    635. 

  635. 				goto out;
    636. 

  636. 		}
    637. 

  637. 		if (!rootcontext_sid)
    638. 

  638. 			rootcontext_sid = context_sid;
    639. 

  639. 

  640. 		sbsec->mntpoint_sid = context_sid;
    641. 

  641. 		sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
    642. 

  642. 	}
    643. 

  643. 

  644. 	if (rootcontext_sid) {
    645. 

  645. 		rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
    646. 

  646. 						     cred);
    647. 

  647. 		if (rc)
    648. 

  648. 			goto out;
    649. 

  649. 

  650. 		root_isec->sid = rootcontext_sid;
    651. 

  651. 		root_isec->initialized = 1;
    652. 

  652. 	}
    653. 

  653. 

  654. 	if (defcontext_sid) {
    655. 

  655. 		if (sbsec->behavior != SECURITY_FS_USE_XATTR) {
    656. 

  656. 			rc = -EINVAL;
    657. 

  657. 			printk(KERN_WARNING "SELinux: defcontext option is "
    658. 

  658. 			       "invalid for this filesystem type\n");
    659. 

  659. 			goto out;
    660. 

  660. 		}
    661. 

  661. 

  662. 		if (defcontext_sid != sbsec->def_sid) {
    663. 

  663. 			rc = may_context_mount_inode_relabel(defcontext_sid,
    664. 

  664. 							     sbsec, cred);
    665. 

  665. 			if (rc)
    666. 

  666. 				goto out;
    667. 

  667. 		}
    668. 

  668. 

  669. 		sbsec->def_sid = defcontext_sid;
    670. 

  670. 	}
    671. 

  671. 

  672. 	rc = sb_finish_set_opts(sb);
    673. 

  673. out:
    674. 

  674. 	mutex_unlock(&sbsec->lock);
    675. 

  675. 	return rc;
    676. 

  676. out_double_mount:
    677. 

  677. 	rc = -EINVAL;
    678. 

  678. 	printk(KERN_WARNING "SELinux: mount invalid.  Same superblock, different "
    679. 

  679. 	       "security settings for (dev %s, type %s)\n", sb->s_id, name);
    680. 

  680. 	goto out;
    681. 

  681. }
    682. 

  682. 

  683. static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
    684. 

  684. 					struct super_block *newsb)
    685. 

  685. {
    686. 

  686. 	const struct superblock_security_struct *oldsbsec = oldsb->s_security;
    687. 

  687. 	struct superblock_security_struct *newsbsec = newsb->s_security;
    688. 

  688. 

  689. 	int set_fscontext =	(oldsbsec->flags & FSCONTEXT_MNT);
    690. 

  690. 	int set_context =	(oldsbsec->flags & CONTEXT_MNT);
    691. 

  691. 	int set_rootcontext =	(oldsbsec->flags & ROOTCONTEXT_MNT);
    692. 

  692. 

  693. 	if (!ss_initialized)
    694. 

  694. 		return;
    695. 

  695. 

  696. 	
    697. 

  697. 	BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
    698. 

  698. 

  699. 	
    700. 

  700. 	if (newsbsec->flags & SE_SBINITIALIZED)
    701. 

  701. 		return;
    702. 

  702. 

  703. 	mutex_lock(&newsbsec->lock);
    704. 

  704. 

  705. 	newsbsec->flags = oldsbsec->flags;
    706. 

  706. 

  707. 	newsbsec->sid = oldsbsec->sid;
    708. 

  708. 	newsbsec->def_sid = oldsbsec->def_sid;
    709. 

  709. 	newsbsec->behavior = oldsbsec->behavior;
    710. 

  710. 

  711. 	if (set_context) {
    712. 

  712. 		u32 sid = oldsbsec->mntpoint_sid;
    713. 

  713. 

  714. 		if (!set_fscontext)
    715. 

  715. 			newsbsec->sid = sid;
    716. 

  716. 		if (!set_rootcontext) {
    717. 

  717. 			struct inode *newinode = newsb->s_root->d_inode;
    718. 

  718. 			struct inode_security_struct *newisec = newinode->i_security;
    719. 

  719. 			newisec->sid = sid;
    720. 

  720. 		}
    721. 

  721. 		newsbsec->mntpoint_sid = sid;
    722. 

  722. 	}
    723. 

  723. 	if (set_rootcontext) {
    724. 

  724. 		const struct inode *oldinode = oldsb->s_root->d_inode;
    725. 

  725. 		const struct inode_security_struct *oldisec = oldinode->i_security;
    726. 

  726. 		struct inode *newinode = newsb->s_root->d_inode;
    727. 

  727. 		struct inode_security_struct *newisec = newinode->i_security;
    728. 

  728. 

  729. 		newisec->sid = oldisec->sid;
    730. 

  730. 	}
    731. 

  731. 

  732. 	sb_finish_set_opts(newsb);
    733. 

  733. 	mutex_unlock(&newsbsec->lock);
    734. 

  734. }
    735. 

  735. 

  736. static int selinux_parse_opts_str(char *options,
    737. 

  737. 				  struct security_mnt_opts *opts)
    738. 

  738. {
    739. 

  739. 	char *p;
    740. 

  740. 	char *context = NULL, *defcontext = NULL;
    741. 

  741. 	char *fscontext = NULL, *rootcontext = NULL;
    742. 

  742. 	int rc, num_mnt_opts = 0;
    743. 

  743. 

  744. 	opts->num_mnt_opts = 0;
    745. 

  745. 

  746. 	
    747. 

  747. 	while ((p = strsep(&options, "|")) != NULL) {
    748. 

  748. 		int token;
    749. 

  749. 		substring_t args[MAX_OPT_ARGS];
    750. 

  750. 

  751. 		if (!*p)
    752. 

  752. 			continue;
    753. 

  753. 

  754. 		token = match_token(p, tokens, args);
    755. 

  755. 

  756. 		switch (token) {
    757. 

  757. 		case Opt_context:
    758. 

  758. 			if (context || defcontext) {
    759. 

  759. 				rc = -EINVAL;
    760. 

  760. 				printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
    761. 

  761. 				goto out_err;
    762. 

  762. 			}
    763. 

  763. 			context = match_strdup(&args[0]);
    764. 

  764. 			if (!context) {
    765. 

  765. 				rc = -ENOMEM;
    766. 

  766. 				goto out_err;
    767. 

  767. 			}
    768. 

  768. 			break;
    769. 

  769. 

  770. 		case Opt_fscontext:
    771. 

  771. 			if (fscontext) {
    772. 

  772. 				rc = -EINVAL;
    773. 

  773. 				printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
    774. 

  774. 				goto out_err;
    775. 

  775. 			}
    776. 

  776. 			fscontext = match_strdup(&args[0]);
    777. 

  777. 			if (!fscontext) {
    778. 

  778. 				rc = -ENOMEM;
    779. 

  779. 				goto out_err;
    780. 

  780. 			}
    781. 

  781. 			break;
    782. 

  782. 

  783. 		case Opt_rootcontext:
    784. 

  784. 			if (rootcontext) {
    785. 

  785. 				rc = -EINVAL;
    786. 

  786. 				printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
    787. 

  787. 				goto out_err;
    788. 

  788. 			}
    789. 

  789. 			rootcontext = match_strdup(&args[0]);
    790. 

  790. 			if (!rootcontext) {
    791. 

  791. 				rc = -ENOMEM;
    792. 

  792. 				goto out_err;
    793. 

  793. 			}
    794. 

  794. 			break;
    795. 

  795. 

  796. 		case Opt_defcontext:
    797. 

  797. 			if (context || defcontext) {
    798. 

  798. 				rc = -EINVAL;
    799. 

  799. 				printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
    800. 

  800. 				goto out_err;
    801. 

  801. 			}
    802. 

  802. 			defcontext = match_strdup(&args[0]);
    803. 

  803. 			if (!defcontext) {
    804. 

  804. 				rc = -ENOMEM;
    805. 

  805. 				goto out_err;
    806. 

  806. 			}
    807. 

  807. 			break;
    808. 

  808. 		case Opt_labelsupport:
    809. 

  809. 			break;
    810. 

  810. 		default:
    811. 

  811. 			rc = -EINVAL;
    812. 

  812. 			printk(KERN_WARNING "SELinux:  unknown mount option\n");
    813. 

  813. 			goto out_err;
    814. 

  814. 

  815. 		}
    816. 

  816. 	}
    817. 

  817. 

  818. 	rc = -ENOMEM;
    819. 

  819. 	opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_ATOMIC);
    820. 

  820. 	if (!opts->mnt_opts)
    821. 

  821. 		goto out_err;
    822. 

  822. 

  823. 	opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), GFP_ATOMIC);
    824. 

  824. 	if (!opts->mnt_opts_flags) {
    825. 

  825. 		kfree(opts->mnt_opts);
    826. 

  826. 		goto out_err;
    827. 

  827. 	}
    828. 

  828. 

  829. 	if (fscontext) {
    830. 

  830. 		opts->mnt_opts[num_mnt_opts] = fscontext;
    831. 

  831. 		opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT;
    832. 

  832. 	}
    833. 

  833. 	if (context) {
    834. 

  834. 		opts->mnt_opts[num_mnt_opts] = context;
    835. 

  835. 		opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT;
    836. 

  836. 	}
    837. 

  837. 	if (rootcontext) {
    838. 

  838. 		opts->mnt_opts[num_mnt_opts] = rootcontext;
    839. 

  839. 		opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT;
    840. 

  840. 	}
    841. 

  841. 	if (defcontext) {
    842. 

  842. 		opts->mnt_opts[num_mnt_opts] = defcontext;
    843. 

  843. 		opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT;
    844. 

  844. 	}
    845. 

  845. 

  846. 	opts->num_mnt_opts = num_mnt_opts;
    847. 

  847. 	return 0;
    848. 

  848. 

  849. out_err:
    850. 

  850. 	kfree(context);
    851. 

  851. 	kfree(defcontext);
    852. 

  852. 	kfree(fscontext);
    853. 

  853. 	kfree(rootcontext);
    854. 

  854. 	return rc;
    855. 

  855. }
    856. 

  856. static int superblock_doinit(struct super_block *sb, void *data)
    857. 

  857. {
    858. 

  858. 	int rc = 0;
    859. 

  859. 	char *options = data;
    860. 

  860. 	struct security_mnt_opts opts;
    861. 

  861. 

  862. 	security_init_mnt_opts(&opts);
    863. 

  863. 

  864. 	if (!data)
    865. 

  865. 		goto out;
    866. 

  866. 

  867. 	BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);
    868. 

  868. 

  869. 	rc = selinux_parse_opts_str(options, &opts);
    870. 

  870. 	if (rc)
    871. 

  871. 		goto out_err;
    872. 

  872. 

  873. out:
    874. 

  874. 	rc = selinux_set_mnt_opts(sb, &opts);
    875. 

  875. 

  876. out_err:
    877. 

  877. 	security_free_mnt_opts(&opts);
    878. 

  878. 	return rc;
    879. 

  879. }
    880. 

  880. 

  881. static void selinux_write_opts(struct seq_file *m,
    882. 

  882. 			       struct security_mnt_opts *opts)
    883. 

  883. {
    884. 

  884. 	int i;
    885. 

  885. 	char *prefix;
    886. 

  886. 

  887. 	for (i = 0; i < opts->num_mnt_opts; i++) {
    888. 

  888. 		char *has_comma;
    889. 

  889. 

  890. 		if (opts->mnt_opts[i])
    891. 

  891. 			has_comma = strchr(opts->mnt_opts[i], ',');
    892. 

  892. 		else
    893. 

  893. 			has_comma = NULL;
    894. 

  894. 

  895. 		switch (opts->mnt_opts_flags[i]) {
    896. 

  896. 		case CONTEXT_MNT:
    897. 

  897. 			prefix = CONTEXT_STR;
    898. 

  898. 			break;
    899. 

  899. 		case FSCONTEXT_MNT:
    900. 

  900. 			prefix = FSCONTEXT_STR;
    901. 

  901. 			break;
    902. 

  902. 		case ROOTCONTEXT_MNT:
    903. 

  903. 			prefix = ROOTCONTEXT_STR;
    904. 

  904. 			break;
    905. 

  905. 		case DEFCONTEXT_MNT:
    906. 

  906. 			prefix = DEFCONTEXT_STR;
    907. 

  907. 			break;
    908. 

  908. 		case SE_SBLABELSUPP:
    909. 

  909. 			seq_putc(m, ',');
    910. 

  910. 			seq_puts(m, LABELSUPP_STR);
    911. 

  911. 			continue;
    912. 

  912. 		default:
    913. 

  913. 			BUG();
    914. 

  914. 			return;
    915. 

  915. 		};
    916. 

  916. 		
    917. 

  917. 		seq_putc(m, ',');
    918. 

  918. 		seq_puts(m, prefix);
    919. 

  919. 		if (has_comma)
    920. 

  920. 			seq_putc(m, '\"');
    921. 

  921. 		seq_puts(m, opts->mnt_opts[i]);
    922. 

  922. 		if (has_comma)
    923. 

  923. 			seq_putc(m, '\"');
    924. 

  924. 	}
    925. 

  925. }
    926. 

  926. 

  927. static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
    928. 

  928. {
    929. 

  929. 	struct security_mnt_opts opts;
    930. 

  930. 	int rc;
    931. 

  931. 

  932. 	rc = selinux_get_mnt_opts(sb, &opts);
    933. 

  933. 	if (rc) {
    934. 

  934. 		
    935. 

  935. 		if (rc == -EINVAL)
    936. 

  936. 			rc = 0;
    937. 

  937. 		return rc;
    938. 

  938. 	}
    939. 

  939. 

  940. 	selinux_write_opts(m, &opts);
    941. 

  941. 

  942. 	security_free_mnt_opts(&opts);
    943. 

  943. 

  944. 	return rc;
    945. 

  945. }
    946. 

  946. 

  947. static inline u16 inode_mode_to_security_class(umode_t mode)
    948. 

  948. {
    949. 

  949. 	switch (mode & S_IFMT) {
    950. 

  950. 	case S_IFSOCK:
    951. 

  951. 		return SECCLASS_SOCK_FILE;
    952. 

  952. 	case S_IFLNK:
    953. 

  953. 		return SECCLASS_LNK_FILE;
    954. 

  954. 	case S_IFREG:
    955. 

  955. 		return SECCLASS_FILE;
    956. 

  956. 	case S_IFBLK:
    957. 

  957. 		return SECCLASS_BLK_FILE;
    958. 

  958. 	case S_IFDIR:
    959. 

  959. 		return SECCLASS_DIR;
    960. 

  960. 	case S_IFCHR:
    961. 

  961. 		return SECCLASS_CHR_FILE;
    962. 

  962. 	case S_IFIFO:
    963. 

  963. 		return SECCLASS_FIFO_FILE;
    964. 

  964. 

  965. 	}
    966. 

  966. 

  967. 	return SECCLASS_FILE;
    968. 

  968. }
    969. 

  969. 

  970. static inline int default_protocol_stream(int protocol)
    971. 

  971. {
    972. 

  972. 	return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
    973. 

  973. }
    974. 

  974. 

  975. static inline int default_protocol_dgram(int protocol)
    976. 

  976. {
    977. 

  977. 	return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
    978. 

  978. }
    979. 

  979. 

  980. static inline u16 socket_type_to_security_class(int family, int type, int protocol)
    981. 

  981. {
    982. 

  982. 	switch (family) {
    983. 

  983. 	case PF_UNIX:
    984. 

  984. 		switch (type) {
    985. 

  985. 		case SOCK_STREAM:
    986. 

  986. 		case SOCK_SEQPACKET:
    987. 

  987. 			return SECCLASS_UNIX_STREAM_SOCKET;
    988. 

  988. 		case SOCK_DGRAM:
    989. 

  989. 			return SECCLASS_UNIX_DGRAM_SOCKET;
    990. 

  990. 		}
    991. 

  991. 		break;
    992. 

  992. 	case PF_INET:
    993. 

  993. 	case PF_INET6:
    994. 

  994. 		switch (type) {
    995. 

  995. 		case SOCK_STREAM:
    996. 

  996. 			if (default_protocol_stream(protocol))
    997. 

  997. 				return SECCLASS_TCP_SOCKET;
    998. 

  998. 			else
    999. 

  999. 				return SECCLASS_RAWIP_SOCKET;
    1000. 

  1000. 		case SOCK_DGRAM:
    1001. 

  1001. 			if (default_protocol_dgram(protocol))
    1002. 

  1002. 				return SECCLASS_UDP_SOCKET;
    1003. 

  1003. 			else
    1004. 

  1004. 				return SECCLASS_RAWIP_SOCKET;
    1005. 

  1005. 		case SOCK_DCCP:
    1006. 

  1006. 			return SECCLASS_DCCP_SOCKET;
    1007. 

  1007. 		default:
    1008. 

  1008. 			return SECCLASS_RAWIP_SOCKET;
    1009. 

  1009. 		}
    1010. 

  1010. 		break;
    1011. 

  1011. 	case PF_NETLINK:
    1012. 

  1012. 		switch (protocol) {
    1013. 

  1013. 		case NETLINK_ROUTE:
    1014. 

  1014. 			return SECCLASS_NETLINK_ROUTE_SOCKET;
    1015. 

  1015. 		case NETLINK_FIREWALL:
    1016. 

  1016. 			return SECCLASS_NETLINK_FIREWALL_SOCKET;
    1017. 

  1017. 		case NETLINK_SOCK_DIAG:
    1018. 

  1018. 			return SECCLASS_NETLINK_TCPDIAG_SOCKET;
    1019. 

  1019. 		case NETLINK_NFLOG:
    1020. 

  1020. 			return SECCLASS_NETLINK_NFLOG_SOCKET;
    1021. 

  1021. 		case NETLINK_XFRM:
    1022. 

  1022. 			return SECCLASS_NETLINK_XFRM_SOCKET;
    1023. 

  1023. 		case NETLINK_SELINUX:
    1024. 

  1024. 			return SECCLASS_NETLINK_SELINUX_SOCKET;
    1025. 

  1025. 		case NETLINK_AUDIT:
    1026. 

  1026. 			return SECCLASS_NETLINK_AUDIT_SOCKET;
    1027. 

  1027. 		case NETLINK_IP6_FW:
    1028. 

  1028. 			return SECCLASS_NETLINK_IP6FW_SOCKET;
    1029. 

  1029. 		case NETLINK_DNRTMSG:
    1030. 

  1030. 			return SECCLASS_NETLINK_DNRT_SOCKET;
    1031. 

  1031. 		case NETLINK_KOBJECT_UEVENT:
    1032. 

  1032. 			return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
    1033. 

  1033. 		default:
    1034. 

  1034. 			return SECCLASS_NETLINK_SOCKET;
    1035. 

  1035. 		}
    1036. 

  1036. 	case PF_PACKET:
    1037. 

  1037. 		return SECCLASS_PACKET_SOCKET;
    1038. 

  1038. 	case PF_KEY:
    1039. 

  1039. 		return SECCLASS_KEY_SOCKET;
    1040. 

  1040. 	case PF_APPLETALK:
    1041. 

  1041. 		return SECCLASS_APPLETALK_SOCKET;
    1042. 

  1042. 	}
    1043. 

  1043. 

  1044. 	return SECCLASS_SOCKET;
    1045. 

  1045. }
    1046. 

  1046. 

  1047. #ifdef CONFIG_PROC_FS
    1048. 

  1048. static int selinux_proc_get_sid(struct dentry *dentry,
    1049. 

  1049. 				u16 tclass,
    1050. 

  1050. 				u32 *sid)
    1051. 

  1051. {
    1052. 

  1052. 	int rc;
    1053. 

  1053. 	char *buffer, *path;
    1054. 

  1054. 

  1055. 	buffer = (char *)__get_free_page(GFP_KERNEL);
    1056. 

  1056. 	if (!buffer)
    1057. 

  1057. 		return -ENOMEM;
    1058. 

  1058. 

  1059. 	path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
    1060. 

  1060. 	if (IS_ERR(path))
    1061. 

  1061. 		rc = PTR_ERR(path);
    1062. 

  1062. 	else {
    1063. 

  1063. 		while (path[1] >= '0' && path[1] <= '9') {
    1064. 

  1064. 			path[1] = '/';
    1065. 

  1065. 			path++;
    1066. 

  1066. 		}
    1067. 

  1067. 		rc = security_genfs_sid("proc", path, tclass, sid);
    1068. 

  1068. 	}
    1069. 

  1069. 	free_page((unsigned long)buffer);
    1070. 

  1070. 	return rc;
    1071. 

  1071. }
    1072. 

  1072. #else
    1073. 

  1073. static int selinux_proc_get_sid(struct dentry *dentry,
    1074. 

  1074. 				u16 tclass,
    1075. 

  1075. 				u32 *sid)
    1076. 

  1076. {
    1077. 

  1077. 	return -EINVAL;
    1078. 

  1078. }
    1079. 

  1079. #endif
    1080. 

  1080. 

  1081. static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
    1082. 

  1082. {
    1083. 

  1083. 	struct superblock_security_struct *sbsec = NULL;
    1084. 

  1084. 	struct inode_security_struct *isec = inode->i_security;
    1085. 

  1085. 	u32 sid;
    1086. 

  1086. 	struct dentry *dentry;
    1087. 

  1087. #define INITCONTEXTLEN 255
    1088. 

  1088. 	char *context = NULL;
    1089. 

  1089. 	unsigned len = 0;
    1090. 

  1090. 	int rc = 0;
    1091. 

  1091. 

  1092. 	if (isec->initialized)
    1093. 

  1093. 		goto out;
    1094. 

  1094. 

  1095. 	mutex_lock(&isec->lock);
    1096. 

  1096. 	if (isec->initialized)
    1097. 

  1097. 		goto out_unlock;
    1098. 

  1098. 

  1099. 	sbsec = inode->i_sb->s_security;
    1100. 

  1100. 	if (!(sbsec->flags & SE_SBINITIALIZED)) {
    1101. 

  1101. 		spin_lock(&sbsec->isec_lock);
    1102. 

  1102. 		if (list_empty(&isec->list))
    1103. 

  1103. 			list_add(&isec->list, &sbsec->isec_head);
    1104. 

  1104. 		spin_unlock(&sbsec->isec_lock);
    1105. 

  1105. 		goto out_unlock;
    1106. 

  1106. 	}
    1107. 

  1107. 

  1108. 	switch (sbsec->behavior) {
    1109. 

  1109. 	case SECURITY_FS_USE_XATTR:
    1110. 

  1110. 		if (!inode->i_op->getxattr) {
    1111. 

  1111. 			isec->sid = sbsec->def_sid;
    1112. 

  1112. 			break;
    1113. 

  1113. 		}
    1114. 

  1114. 

  1115. 		if (opt_dentry) {
    1116. 

  1116. 			
    1117. 

  1117. 			dentry = dget(opt_dentry);
    1118. 

  1118. 		} else {
    1119. 

  1119. 			
    1120. 

  1120. 			dentry = d_find_alias(inode);
    1121. 

  1121. 		}
    1122. 

  1122. 		if (!dentry) {
    1123. 

  1123. 			goto out_unlock;
    1124. 

  1124. 		}
    1125. 

  1125. 

  1126. 		len = INITCONTEXTLEN;
    1127. 

  1127. 		context = kmalloc(len+1, GFP_NOFS);
    1128. 

  1128. 		if (!context) {
    1129. 

  1129. 			rc = -ENOMEM;
    1130. 

  1130. 			dput(dentry);
    1131. 

  1131. 			goto out_unlock;
    1132. 

  1132. 		}
    1133. 

  1133. 		context[len] = '\0';
    1134. 

  1134. 		rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
    1135. 

  1135. 					   context, len);
    1136. 

  1136. 		if (rc == -ERANGE) {
    1137. 

  1137. 			kfree(context);
    1138. 

  1138. 

  1139. 			
    1140. 

  1140. 			rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
    1141. 

  1141. 						   NULL, 0);
    1142. 

  1142. 			if (rc < 0) {
    1143. 

  1143. 				dput(dentry);
    1144. 

  1144. 				goto out_unlock;
    1145. 

  1145. 			}
    1146. 

  1146. 			len = rc;
    1147. 

  1147. 			context = kmalloc(len+1, GFP_NOFS);
    1148. 

  1148. 			if (!context) {
    1149. 

  1149. 				rc = -ENOMEM;
    1150. 

  1150. 				dput(dentry);
    1151. 

  1151. 				goto out_unlock;
    1152. 

  1152. 			}
    1153. 

  1153. 			context[len] = '\0';
    1154. 

  1154. 			rc = inode->i_op->getxattr(dentry,
    1155. 

  1155. 						   XATTR_NAME_SELINUX,
    1156. 

  1156. 						   context, len);
    1157. 

  1157. 		}
    1158. 

  1158. 		dput(dentry);
    1159. 

  1159. 		if (rc < 0) {
    1160. 

  1160. 			if (rc != -ENODATA) {
    1161. 

  1161. 				printk(KERN_WARNING "SELinux: %s:  getxattr returned "
    1162. 

  1162. 				       "%d for dev=%s ino=%ld\n", __func__,
    1163. 

  1163. 				       -rc, inode->i_sb->s_id, inode->i_ino);
    1164. 

  1164. 				kfree(context);
    1165. 

  1165. 				goto out_unlock;
    1166. 

  1166. 			}
    1167. 

  1167. 			
    1168. 

  1168. 			sid = sbsec->def_sid;
    1169. 

  1169. 			rc = 0;
    1170. 

  1170. 		} else {
    1171. 

  1171. 			rc = security_context_to_sid_default(context, rc, &sid,
    1172. 

  1172. 							     sbsec->def_sid,
    1173. 

  1173. 							     GFP_NOFS);
    1174. 

  1174. 			if (rc) {
    1175. 

  1175. 				char *dev = inode->i_sb->s_id;
    1176. 

  1176. 				unsigned long ino = inode->i_ino;
    1177. 

  1177. 

  1178. 				if (rc == -EINVAL) {
    1179. 

  1179. 					if (printk_ratelimit())
    1180. 

  1180. 						printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid "
    1181. 

  1181. 							"context=%s.  This indicates you may need to relabel the inode or the "
    1182. 

  1182. 							"filesystem in question.\n", ino, dev, context);
    1183. 

  1183. 				} else {
    1184. 

  1184. 					printk(KERN_WARNING "SELinux: %s:  context_to_sid(%s) "
    1185. 

  1185. 					       "returned %d for dev=%s ino=%ld\n",
    1186. 

  1186. 					       __func__, context, -rc, dev, ino);
    1187. 

  1187. 				}
    1188. 

  1188. 				kfree(context);
    1189. 

  1189. 				
    1190. 

  1190. 				rc = 0;
    1191. 

  1191. 				break;
    1192. 

  1192. 			}
    1193. 

  1193. 		}
    1194. 

  1194. 		kfree(context);
    1195. 

  1195. 		isec->sid = sid;
    1196. 

  1196. 		break;
    1197. 

  1197. 	case SECURITY_FS_USE_TASK:
    1198. 

  1198. 		isec->sid = isec->task_sid;
    1199. 

  1199. 		break;
    1200. 

  1200. 	case SECURITY_FS_USE_TRANS:
    1201. 

  1201. 		
    1202. 

  1202. 		isec->sid = sbsec->sid;
    1203. 

  1203. 

  1204. 		
    1205. 

  1205. 		isec->sclass = inode_mode_to_security_class(inode->i_mode);
    1206. 

  1206. 		rc = security_transition_sid(isec->task_sid, sbsec->sid,
    1207. 

  1207. 					     isec->sclass, NULL, &sid);
    1208. 

  1208. 		if (rc)
    1209. 

  1209. 			goto out_unlock;
    1210. 

  1210. 		isec->sid = sid;
    1211. 

  1211. 		break;
    1212. 

  1212. 	case SECURITY_FS_USE_MNTPOINT:
    1213. 

  1213. 		isec->sid = sbsec->mntpoint_sid;
    1214. 

  1214. 		break;
    1215. 

  1215. 	default:
    1216. 

  1216. 		
    1217. 

  1217. 		isec->sid = sbsec->sid;
    1218. 

  1218. 

  1219. 		if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {
    1220. 

  1220. 			if (opt_dentry) {
    1221. 

  1221. 				isec->sclass = inode_mode_to_security_class(inode->i_mode);
    1222. 

  1222. 				rc = selinux_proc_get_sid(opt_dentry,
    1223. 

  1223. 							  isec->sclass,
    1224. 

  1224. 							  &sid);
    1225. 

  1225. 				if (rc)
    1226. 

  1226. 					goto out_unlock;
    1227. 

  1227. 				isec->sid = sid;
    1228. 

  1228. 			}
    1229. 

  1229. 		}
    1230. 

  1230. 		break;
    1231. 

  1231. 	}
    1232. 

  1232. 

  1233. 	isec->initialized = 1;
    1234. 

  1234. 

  1235. out_unlock:
    1236. 

  1236. 	mutex_unlock(&isec->lock);
    1237. 

  1237. out:
    1238. 

  1238. 	if (isec->sclass == SECCLASS_FILE)
    1239. 

  1239. 		isec->sclass = inode_mode_to_security_class(inode->i_mode);
    1240. 

  1240. 	return rc;
    1241. 

  1241. }
    1242. 

  1242. 

  1243. static inline u32 signal_to_av(int sig)
    1244. 

  1244. {
    1245. 

  1245. 	u32 perm = 0;
    1246. 

  1246. 

  1247. 	switch (sig) {
    1248. 

  1248. 	case SIGCHLD:
    1249. 

  1249. 		
    1250. 

  1250. 		perm = PROCESS__SIGCHLD;
    1251. 

  1251. 		break;
    1252. 

  1252. 	case SIGKILL:
    1253. 

  1253. 		
    1254. 

  1254. 		perm = PROCESS__SIGKILL;
    1255. 

  1255. 		break;
    1256. 

  1256. 	case SIGSTOP:
    1257. 

  1257. 		
    1258. 

  1258. 		perm = PROCESS__SIGSTOP;
    1259. 

  1259. 		break;
    1260. 

  1260. 	default:
    1261. 

  1261. 		
    1262. 

  1262. 		perm = PROCESS__SIGNAL;
    1263. 

  1263. 		break;
    1264. 

  1264. 	}
    1265. 

  1265. 

  1266. 	return perm;
    1267. 

  1267. }
    1268. 

  1268. 

  1269. static int cred_has_perm(const struct cred *actor,
    1270. 

  1270. 			 const struct cred *target,
    1271. 

  1271. 			 u32 perms)
    1272. 

  1272. {
    1273. 

  1273. 	u32 asid = cred_sid(actor), tsid = cred_sid(target);
    1274. 

  1274. 

  1275. 	return avc_has_perm(asid, tsid, SECCLASS_PROCESS, perms, NULL);
    1276. 

  1276. }
    1277. 

  1277. 

  1278. static int task_has_perm(const struct task_struct *tsk1,
    1279. 

  1279. 			 const struct task_struct *tsk2,
    1280. 

  1280. 			 u32 perms)
    1281. 

  1281. {
    1282. 

  1282. 	const struct task_security_struct *__tsec1, *__tsec2;
    1283. 

  1283. 	u32 sid1, sid2;
    1284. 

  1284. 

  1285. 	rcu_read_lock();
    1286. 

  1286. 	__tsec1 = __task_cred(tsk1)->security;	sid1 = __tsec1->sid;
    1287. 

  1287. 	__tsec2 = __task_cred(tsk2)->security;	sid2 = __tsec2->sid;
    1288. 

  1288. 	rcu_read_unlock();
    1289. 

  1289. 	return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL);
    1290. 

  1290. }
    1291. 

  1291. 

  1292. static int current_has_perm(const struct task_struct *tsk,
    1293. 

  1293. 			    u32 perms)
    1294. 

  1294. {
    1295. 

  1295. 	u32 sid, tsid;
    1296. 

  1296. 

  1297. 	sid = current_sid();
    1298. 

  1298. 	tsid = task_sid(tsk);
    1299. 

  1299. 	return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL);
    1300. 

  1300. }
    1301. 

  1301. 

  1302. #if CAP_LAST_CAP > 63
    1303. 

  1303. #error Fix SELinux to handle capabilities > 63.
    1304. 

  1304. #endif
    1305. 

  1305. 

  1306. static int cred_has_capability(const struct cred *cred,
    1307. 

  1307. 			       int cap, int audit)
    1308. 

  1308. {
    1309. 

  1309. 	struct common_audit_data ad;
    1310. 

  1310. 	struct selinux_audit_data sad = {0,};
    1311. 

  1311. 	struct av_decision avd;
    1312. 

  1312. 	u16 sclass;
    1313. 

  1313. 	u32 sid = cred_sid(cred);
    1314. 

  1314. 	u32 av = CAP_TO_MASK(cap);
    1315. 

  1315. 	int rc;
    1316. 

  1316. 

  1317. 	COMMON_AUDIT_DATA_INIT(&ad, CAP);
    1318. 

  1318. 	ad.selinux_audit_data = &sad;
    1319. 

  1319. 	ad.tsk = current;
    1320. 

  1320. 	ad.u.cap = cap;
    1321. 

  1321. 

  1322. 	switch (CAP_TO_INDEX(cap)) {
    1323. 

  1323. 	case 0:
    1324. 

  1324. 		sclass = SECCLASS_CAPABILITY;
    1325. 

  1325. 		break;
    1326. 

  1326. 	case 1:
    1327. 

  1327. 		sclass = SECCLASS_CAPABILITY2;
    1328. 

  1328. 		break;
    1329. 

  1329. 	default:
    1330. 

  1330. 		printk(KERN_ERR
    1331. 

  1331. 		       "SELinux:  out of range capability %d\n", cap);
    1332. 

  1332. 		BUG();
    1333. 

  1333. 		return -EINVAL;
    1334. 

  1334. 	}
    1335. 

  1335. 

  1336. 	rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
    1337. 

  1337. 	if (audit == SECURITY_CAP_AUDIT) {
    1338. 

  1338. 		int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad, 0);
    1339. 

  1339. 		if (rc2)
    1340. 

  1340. 			return rc2;
    1341. 

  1341. 	}
    1342. 

  1342. 	return rc;
    1343. 

  1343. }
    1344. 

  1344. 

  1345. static int task_has_system(struct task_struct *tsk,
    1346. 

  1346. 			   u32 perms)
    1347. 

  1347. {
    1348. 

  1348. 	u32 sid = task_sid(tsk);
    1349. 

  1349. 

  1350. 	return avc_has_perm(sid, SECINITSID_KERNEL,
    1351. 

  1351. 			    SECCLASS_SYSTEM, perms, NULL);
    1352. 

  1352. }
    1353. 

  1353. 

  1354. static int inode_has_perm(const struct cred *cred,
    1355. 

  1355. 			  struct inode *inode,
    1356. 

  1356. 			  u32 perms,
    1357. 

  1357. 			  struct common_audit_data *adp,
    1358. 

  1358. 			  unsigned flags)
    1359. 

  1359. {
    1360. 

  1360. 	struct inode_security_struct *isec;
    1361. 

  1361. 	u32 sid;
    1362. 

  1362. 

  1363. 	validate_creds(cred);
    1364. 

  1364. 

  1365. 	if (unlikely(IS_PRIVATE(inode)))
    1366. 

  1366. 		return 0;
    1367. 

  1367. 

  1368. 	sid = cred_sid(cred);
    1369. 

  1369. 	isec = inode->i_security;
    1370. 

  1370. 

  1371. 	if (unlikely(isec == NULL)) {
    1372. 

  1372. 		printk(KERN_WARNING "SELinux: inode->i_security is NULL, return 0 to aovid access isec this NULL pointer");
    1373. 

  1373. 		return 0;
    1374. 

  1374. 	}
    1375. 

  1375. 

  1376. 	return avc_has_perm_flags(sid, isec->sid, isec->sclass, perms, adp, flags);
    1377. 

  1377. }
    1378. 

  1378. 

  1379. static int inode_has_perm_noadp(const struct cred *cred,
    1380. 

  1380. 				struct inode *inode,
    1381. 

  1381. 				u32 perms,
    1382. 

  1382. 				unsigned flags)
    1383. 

  1383. {
    1384. 

  1384. 	struct common_audit_data ad;
    1385. 

  1385. 	struct selinux_audit_data sad = {0,};
    1386. 

  1386. 

  1387. 	COMMON_AUDIT_DATA_INIT(&ad, INODE);
    1388. 

  1388. 	ad.u.inode = inode;
    1389. 

  1389. 	ad.selinux_audit_data = &sad;
    1390. 

  1390. 	return inode_has_perm(cred, inode, perms, &ad, flags);
    1391. 

  1391. }
    1392. 

  1392. 

  1393. static inline int dentry_has_perm(const struct cred *cred,
    1394. 

  1394. 				  struct dentry *dentry,
    1395. 

  1395. 				  u32 av)
    1396. 

  1396. {
    1397. 

  1397. 	struct inode *inode = dentry->d_inode;
    1398. 

  1398. 	struct common_audit_data ad;
    1399. 

  1399. 	struct selinux_audit_data sad = {0,};
    1400. 

  1400. 

  1401. 	COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
    1402. 

  1402. 	ad.u.dentry = dentry;
    1403. 

  1403. 	ad.selinux_audit_data = &sad;
    1404. 

  1404. 	return inode_has_perm(cred, inode, av, &ad, 0);
    1405. 

  1405. }
    1406. 

  1406. 

  1407. static inline int path_has_perm(const struct cred *cred,
    1408. 

  1408. 				struct path *path,
    1409. 

  1409. 				u32 av)
    1410. 

  1410. {
    1411. 

  1411. 	struct inode *inode = path->dentry->d_inode;
    1412. 

  1412. 	struct common_audit_data ad;
    1413. 

  1413. 	struct selinux_audit_data sad = {0,};
    1414. 

  1414. 

  1415. 	COMMON_AUDIT_DATA_INIT(&ad, PATH);
    1416. 

  1416. 	ad.u.path = *path;
    1417. 

  1417. 	ad.selinux_audit_data = &sad;
    1418. 

  1418. 	return inode_has_perm(cred, inode, av, &ad, 0);
    1419. 

  1419. }
    1420. 

  1420. 

  1421. static int file_has_perm(const struct cred *cred,
    1422. 

  1422. 			 struct file *file,
    1423. 

  1423. 			 u32 av)
    1424. 

  1424. {
    1425. 

  1425. 	struct file_security_struct *fsec = file->f_security;
    1426. 

  1426. 	struct inode *inode = file->f_path.dentry->d_inode;
    1427. 

  1427. 	struct common_audit_data ad;
    1428. 

  1428. 	struct selinux_audit_data sad = {0,};
    1429. 

  1429. 	u32 sid = cred_sid(cred);
    1430. 

  1430. 	int rc;
    1431. 

  1431. 

  1432. 	COMMON_AUDIT_DATA_INIT(&ad, PATH);
    1433. 

  1433. 	ad.u.path = file->f_path;
    1434. 

  1434. 	ad.selinux_audit_data = &sad;
    1435. 

  1435. 

  1436. 	if (sid != fsec->sid) {
    1437. 

  1437. 		rc = avc_has_perm(sid, fsec->sid,
    1438. 

  1438. 				  SECCLASS_FD,
    1439. 

  1439. 				  FD__USE,
    1440. 

  1440. 				  &ad);
    1441. 

  1441. 		if (rc)
    1442. 

  1442. 			goto out;
    1443. 

  1443. 	}
    1444. 

  1444. 

  1445. 	
    1446. 

  1446. 	rc = 0;
    1447. 

  1447. 	if (av)
    1448. 

  1448. 		rc = inode_has_perm(cred, inode, av, &ad, 0);
    1449. 

  1449. 

  1450. out:
    1451. 

  1451. 	return rc;
    1452. 

  1452. }
    1453. 

  1453. 

  1454. static int may_create(struct inode *dir,
    1455. 

  1455. 		      struct dentry *dentry,
    1456. 

  1456. 		      u16 tclass)
    1457. 

  1457. {
    1458. 

  1458. 	const struct task_security_struct *tsec = current_security();
    1459. 

  1459. 	struct inode_security_struct *dsec;
    1460. 

  1460. 	struct superblock_security_struct *sbsec;
    1461. 

  1461. 	u32 sid, newsid;
    1462. 

  1462. 	struct common_audit_data ad;
    1463. 

  1463. 	struct selinux_audit_data sad = {0,};
    1464. 

  1464. 	int rc;
    1465. 

  1465. 

  1466. 	dsec = dir->i_security;
    1467. 

  1467. 	sbsec = dir->i_sb->s_security;
    1468. 

  1468. 

  1469. 	sid = tsec->sid;
    1470. 

  1470. 	newsid = tsec->create_sid;
    1471. 

  1471. 

  1472. 	COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
    1473. 

  1473. 	ad.u.dentry = dentry;
    1474. 

  1474. 	ad.selinux_audit_data = &sad;
    1475. 

  1475. 

  1476. 	rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,
    1477. 

  1477. 			  DIR__ADD_NAME | DIR__SEARCH,
    1478. 

  1478. 			  &ad);
    1479. 

  1479. 	if (rc)
    1480. 

  1480. 		return rc;
    1481. 

  1481. 

  1482. 	if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
    1483. 

  1483. 		rc = security_transition_sid(sid, dsec->sid, tclass,
    1484. 

  1484. 					     &dentry->d_name, &newsid);
    1485. 

  1485. 		if (rc)
    1486. 

  1486. 			return rc;
    1487. 

  1487. 	}
    1488. 

  1488. 

  1489. 	rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad);
    1490. 

  1490. 	if (rc)
    1491. 

  1491. 		return rc;
    1492. 

  1492. 

  1493. 	return avc_has_perm(newsid, sbsec->sid,
    1494. 

  1494. 			    SECCLASS_FILESYSTEM,
    1495. 

  1495. 			    FILESYSTEM__ASSOCIATE, &ad);
    1496. 

  1496. }
    1497. 

  1497. 

  1498. static int may_create_key(u32 ksid,
    1499. 

  1499. 			  struct task_struct *ctx)
    1500. 

  1500. {
    1501. 

  1501. 	u32 sid = task_sid(ctx);
    1502. 

  1502. 

  1503. 	return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
    1504. 

  1504. }
    1505. 

  1505. 

  1506. #define MAY_LINK	0
    1507. 

  1507. #define MAY_UNLINK	1
    1508. 

  1508. #define MAY_RMDIR	2
    1509. 

  1509. 

  1510. static int may_link(struct inode *dir,
    1511. 

  1511. 		    struct dentry *dentry,
    1512. 

  1512. 		    int kind)
    1513. 

  1513. 

  1514. {
    1515. 

  1515. 	struct inode_security_struct *dsec, *isec;
    1516. 

  1516. 	struct common_audit_data ad;
    1517. 

  1517. 	struct selinux_audit_data sad = {0,};
    1518. 

  1518. 	u32 sid = current_sid();
    1519. 

  1519. 	u32 av;
    1520. 

  1520. 	int rc;
    1521. 

  1521. 

  1522. 	dsec = dir->i_security;
    1523. 

  1523. 	isec = dentry->d_inode->i_security;
    1524. 

  1524. 

  1525. 	COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
    1526. 

  1526. 	ad.u.dentry = dentry;
    1527. 

  1527. 	ad.selinux_audit_data = &sad;
    1528. 

  1528. 

  1529. 	av = DIR__SEARCH;
    1530. 

  1530. 	av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
    1531. 

  1531. 	rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad);
    1532. 

  1532. 	if (rc)
    1533. 

  1533. 		return rc;
    1534. 

  1534. 

  1535. 	switch (kind) {
    1536. 

  1536. 	case MAY_LINK:
    1537. 

  1537. 		av = FILE__LINK;
    1538. 

  1538. 		break;
    1539. 

  1539. 	case MAY_UNLINK:
    1540. 

  1540. 		av = FILE__UNLINK;
    1541. 

  1541. 		break;
    1542. 

  1542. 	case MAY_RMDIR:
    1543. 

  1543. 		av = DIR__RMDIR;
    1544. 

  1544. 		break;
    1545. 

  1545. 	default:
    1546. 

  1546. 		printk(KERN_WARNING "SELinux: %s:  unrecognized kind %d\n",
    1547. 

  1547. 			__func__, kind);
    1548. 

  1548. 		return 0;
    1549. 

  1549. 	}
    1550. 

  1550. 

  1551. 	rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad);
    1552. 

  1552. 	return rc;
    1553. 

  1553. }
    1554. 

  1554. 

  1555. static inline int may_rename(struct inode *old_dir,
    1556. 

  1556. 			     struct dentry *old_dentry,
    1557. 

  1557. 			     struct inode *new_dir,
    1558. 

  1558. 			     struct dentry *new_dentry)
    1559. 

  1559. {
    1560. 

  1560. 	struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
    1561. 

  1561. 	struct common_audit_data ad;
    1562. 

  1562. 	struct selinux_audit_data sad = {0,};
    1563. 

  1563. 	u32 sid = current_sid();
    1564. 

  1564. 	u32 av;
    1565. 

  1565. 	int old_is_dir, new_is_dir;
    1566. 

  1566. 	int rc;
    1567. 

  1567. 

  1568. 	old_dsec = old_dir->i_security;
    1569. 

  1569. 	old_isec = old_dentry->d_inode->i_security;
    1570. 

  1570. 	old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
    1571. 

  1571. 	new_dsec = new_dir->i_security;
    1572. 

  1572. 

  1573. 	COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
    1574. 

  1574. 	ad.selinux_audit_data = &sad;
    1575. 

  1575. 

  1576. 	ad.u.dentry = old_dentry;
    1577. 

  1577. 	rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,
    1578. 

  1578. 			  DIR__REMOVE_NAME | DIR__SEARCH, &ad);
    1579. 

  1579. 	if (rc)
    1580. 

  1580. 		return rc;
    1581. 

  1581. 	rc = avc_has_perm(sid, old_isec->sid,
    1582. 

  1582. 			  old_isec->sclass, FILE__RENAME, &ad);
    1583. 

  1583. 	if (rc)
    1584. 

  1584. 		return rc;
    1585. 

  1585. 	if (old_is_dir && new_dir != old_dir) {
    1586. 

  1586. 		rc = avc_has_perm(sid, old_isec->sid,
    1587. 

  1587. 				  old_isec->sclass, DIR__REPARENT, &ad);
    1588. 

  1588. 		if (rc)
    1589. 

  1589. 			return rc;
    1590. 

  1590. 	}
    1591. 

  1591. 

  1592. 	ad.u.dentry = new_dentry;
    1593. 

  1593. 	av = DIR__ADD_NAME | DIR__SEARCH;
    1594. 

  1594. 	if (new_dentry->d_inode)
    1595. 

  1595. 		av |= DIR__REMOVE_NAME;
    1596. 

  1596. 	rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
    1597. 

  1597. 	if (rc)
    1598. 

  1598. 		return rc;
    1599. 

  1599. 	if (new_dentry->d_inode) {
    1600. 

  1600. 		new_isec = new_dentry->d_inode->i_security;
    1601. 

  1601. 		new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
    1602. 

  1602. 		rc = avc_has_perm(sid, new_isec->sid,
    1603. 

  1603. 				  new_isec->sclass,
    1604. 

  1604. 				  (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
    1605. 

  1605. 		if (rc)
    1606. 

  1606. 			return rc;
    1607. 

  1607. 	}
    1608. 

  1608. 

  1609. 	return 0;
    1610. 

  1610. }
    1611. 

  1611. 

  1612. static int superblock_has_perm(const struct cred *cred,
    1613. 

  1613. 			       struct super_block *sb,
    1614. 

  1614. 			       u32 perms,
    1615. 

  1615. 			       struct common_audit_data *ad)
    1616. 

  1616. {
    1617. 

  1617. 	struct superblock_security_struct *sbsec;
    1618. 

  1618. 	u32 sid = cred_sid(cred);
    1619. 

  1619. 

  1620. 	sbsec = sb->s_security;
    1621. 

  1621. 	return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
    1622. 

  1622. }
    1623. 

  1623. 

  1624. static inline u32 file_mask_to_av(int mode, int mask)
    1625. 

  1625. {
    1626. 

  1626. 	u32 av = 0;
    1627. 

  1627. 

  1628. 	if (!S_ISDIR(mode)) {
    1629. 

  1629. 		if (mask & MAY_EXEC)
    1630. 

  1630. 			av |= FILE__EXECUTE;
    1631. 

  1631. 		if (mask & MAY_READ)
    1632. 

  1632. 			av |= FILE__READ;
    1633. 

  1633. 

  1634. 		if (mask & MAY_APPEND)
    1635. 

  1635. 			av |= FILE__APPEND;
    1636. 

  1636. 		else if (mask & MAY_WRITE)
    1637. 

  1637. 			av |= FILE__WRITE;
    1638. 

  1638. 

  1639. 	} else {
    1640. 

  1640. 		if (mask & MAY_EXEC)
    1641. 

  1641. 			av |= DIR__SEARCH;
    1642. 

  1642. 		if (mask & MAY_WRITE)
    1643. 

  1643. 			av |= DIR__WRITE;
    1644. 

  1644. 		if (mask & MAY_READ)
    1645. 

  1645. 			av |= DIR__READ;
    1646. 

  1646. 	}
    1647. 

  1647. 

  1648. 	return av;
    1649. 

  1649. }
    1650. 

  1650. 

  1651. static inline u32 file_to_av(struct file *file)
    1652. 

  1652. {
    1653. 

  1653. 	u32 av = 0;
    1654. 

  1654. 

  1655. 	if (file->f_mode & FMODE_READ)
    1656. 

  1656. 		av |= FILE__READ;
    1657. 

  1657. 	if (file->f_mode & FMODE_WRITE) {
    1658. 

  1658. 		if (file->f_flags & O_APPEND)
    1659. 

  1659. 			av |= FILE__APPEND;
    1660. 

  1660. 		else
    1661. 

  1661. 			av |= FILE__WRITE;
    1662. 

  1662. 	}
    1663. 

  1663. 	if (!av) {
    1664. 

  1664. 		av = FILE__IOCTL;
    1665. 

  1665. 	}
    1666. 

  1666. 

  1667. 	return av;
    1668. 

  1668. }
    1669. 

  1669. 

  1670. static inline u32 open_file_to_av(struct file *file)
    1671. 

  1671. {
    1672. 

  1672. 	u32 av = file_to_av(file);
    1673. 

  1673. 

  1674. 	if (selinux_policycap_openperm)
    1675. 

  1675. 		av |= FILE__OPEN;
    1676. 

  1676. 

  1677. 	return av;
    1678. 

  1678. }
    1679. 

  1679. 

  1680. 

  1681. static int selinux_binder_set_context_mgr(struct task_struct *mgr)
    1682. 

  1682. {
    1683. 

  1683. 	u32 mysid = current_sid();
    1684. 

  1684. 	u32 mgrsid = task_sid(mgr);
    1685. 

  1685. 

  1686. 	return avc_has_perm(mysid, mgrsid, SECCLASS_BINDER, BINDER__SET_CONTEXT_MGR, NULL);
    1687. 

  1687. }
    1688. 

  1688. 

  1689. static int selinux_binder_transaction(struct task_struct *from, struct task_struct *to)
    1690. 

  1690. {
    1691. 

  1691. 	u32 mysid = current_sid();
    1692. 

  1692. 	u32 fromsid = task_sid(from);
    1693. 

  1693. 	u32 tosid = task_sid(to);
    1694. 

  1694. 	int rc;
    1695. 

  1695. 

  1696. 	if (mysid != fromsid) {
    1697. 

  1697. 		rc = avc_has_perm(mysid, fromsid, SECCLASS_BINDER, BINDER__IMPERSONATE, NULL);
    1698. 

  1698. 		if (rc)
    1699. 

  1699. 			return rc;
    1700. 

  1700. 	}
    1701. 

  1701. 

  1702. 	return avc_has_perm(fromsid, tosid, SECCLASS_BINDER, BINDER__CALL, NULL);
    1703. 

  1703. }
    1704. 

  1704. 

  1705. static int selinux_binder_transfer_binder(struct task_struct *from, struct task_struct *to)
    1706. 

  1706. {
    1707. 

  1707. 	u32 fromsid = task_sid(from);
    1708. 

  1708. 	u32 tosid = task_sid(to);
    1709. 

  1709. 	return avc_has_perm(fromsid, tosid, SECCLASS_BINDER, BINDER__TRANSFER, NULL);
    1710. 

  1710. }
    1711. 

  1711. 

  1712. static int selinux_binder_transfer_file(struct task_struct *from, struct task_struct *to, struct file *file)
    1713. 

  1713. {
    1714. 

  1714. 	u32 sid = task_sid(to);
    1715. 

  1715. 	struct file_security_struct *fsec = file->f_security;
    1716. 

  1716. 	struct inode *inode = file->f_path.dentry->d_inode;
    1717. 

  1717. 	struct inode_security_struct *isec = inode->i_security;
    1718. 

  1718. 	struct common_audit_data ad;
    1719. 

  1719. 	struct selinux_audit_data sad = {0,};
    1720. 

  1720. 	int rc;
    1721. 

  1721. 

  1722. 	COMMON_AUDIT_DATA_INIT(&ad, PATH);
    1723. 

  1723. 	ad.u.path = file->f_path;
    1724. 

  1724. 	ad.selinux_audit_data = &sad;
    1725. 

  1725. 

  1726. 	if (sid != fsec->sid) {
    1727. 

  1727. 		rc = avc_has_perm(sid, fsec->sid,
    1728. 

  1728. 				  SECCLASS_FD,
    1729. 

  1729. 				  FD__USE,
    1730. 

  1730. 				  &ad);
    1731. 

  1731. 		if (rc)
    1732. 

  1732. 			return rc;
    1733. 

  1733. 	}
    1734. 

  1734. 

  1735. 	if (unlikely(IS_PRIVATE(inode)))
    1736. 

  1736. 		return 0;
    1737. 

  1737. 

  1738. 	return avc_has_perm(sid, isec->sid, isec->sclass, file_to_av(file),
    1739. 

  1739. 			    &ad);
    1740. 

  1740. }
    1741. 

  1741. 

  1742. static int selinux_ptrace_access_check(struct task_struct *child,
    1743. 

  1743. 				     unsigned int mode)
    1744. 

  1744. {
    1745. 

  1745. 	int rc;
    1746. 

  1746. 

  1747. 	rc = cap_ptrace_access_check(child, mode);
    1748. 

  1748. 	if (rc)
    1749. 

  1749. 		return rc;
    1750. 

  1750. 

  1751. 	if (mode & PTRACE_MODE_READ) {
    1752. 

  1752. 		u32 sid = current_sid();
    1753. 

  1753. 		u32 csid = task_sid(child);
    1754. 

  1754. 		return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);
    1755. 

  1755. 	}
    1756. 

  1756. 

  1757. 	return current_has_perm(child, PROCESS__PTRACE);
    1758. 

  1758. }
    1759. 

  1759. 

  1760. static int selinux_ptrace_traceme(struct task_struct *parent)
    1761. 

  1761. {
    1762. 

  1762. 	int rc;
    1763. 

  1763. 

  1764. 	rc = cap_ptrace_traceme(parent);
    1765. 

  1765. 	if (rc)
    1766. 

  1766. 		return rc;
    1767. 

  1767. 

  1768. 	return task_has_perm(parent, current, PROCESS__PTRACE);
    1769. 

  1769. }
    1770. 

  1770. 

  1771. static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
    1772. 

  1772. 			  kernel_cap_t *inheritable, kernel_cap_t *permitted)
    1773. 

  1773. {
    1774. 

  1774. 	int error;
    1775. 

  1775. 

  1776. 	error = current_has_perm(target, PROCESS__GETCAP);
    1777. 

  1777. 	if (error)
    1778. 

  1778. 		return error;
    1779. 

  1779. 

  1780. 	return cap_capget(target, effective, inheritable, permitted);
    1781. 

  1781. }
    1782. 

  1782. 

  1783. static int selinux_capset(struct cred *new, const struct cred *old,
    1784. 

  1784. 			  const kernel_cap_t *effective,
    1785. 

  1785. 			  const kernel_cap_t *inheritable,
    1786. 

  1786. 			  const kernel_cap_t *permitted)
    1787. 

  1787. {
    1788. 

  1788. 	int error;
    1789. 

  1789. 

  1790. 	error = cap_capset(new, old,
    1791. 

  1791. 				      effective, inheritable, permitted);
    1792. 

  1792. 	if (error)
    1793. 

  1793. 		return error;
    1794. 

  1794. 

  1795. 	return cred_has_perm(old, new, PROCESS__SETCAP);
    1796. 

  1796. }
    1797. 

  1797. 

  1798. 

  1799. static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
    1800. 

  1800. 			   int cap, int audit)
    1801. 

  1801. {
    1802. 

  1802. 	int rc;
    1803. 

  1803. 

  1804. 	rc = cap_capable(cred, ns, cap, audit);
    1805. 

  1805. 	if (rc)
    1806. 

  1806. 		return rc;
    1807. 

  1807. 

  1808. 	return cred_has_capability(cred, cap, audit);
    1809. 

  1809. }
    1810. 

  1810. 

  1811. static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
    1812. 

  1812. {
    1813. 

  1813. 	const struct cred *cred = current_cred();
    1814. 

  1814. 	int rc = 0;
    1815. 

  1815. 

  1816. 	if (!sb)
    1817. 

  1817. 		return 0;
    1818. 

  1818. 

  1819. 	switch (cmds) {
    1820. 

  1820. 	case Q_SYNC:
    1821. 

  1821. 	case Q_QUOTAON:
    1822. 

  1822. 	case Q_QUOTAOFF:
    1823. 

  1823. 	case Q_SETINFO:
    1824. 

  1824. 	case Q_SETQUOTA:
    1825. 

  1825. 		rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
    1826. 

  1826. 		break;
    1827. 

  1827. 	case Q_GETFMT:
    1828. 

  1828. 	case Q_GETINFO:
    1829. 

  1829. 	case Q_GETQUOTA:
    1830. 

  1830. 		rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
    1831. 

  1831. 		break;
    1832. 

  1832. 	default:
    1833. 

  1833. 		rc = 0;  
    1834. 

  1834. 		break;
    1835. 

  1835. 	}
    1836. 

  1836. 	return rc;
    1837. 

  1837. }
    1838. 

  1838. 

  1839. static int selinux_quota_on(struct dentry *dentry)
    1840. 

  1840. {
    1841. 

  1841. 	const struct cred *cred = current_cred();
    1842. 

  1842. 

  1843. 	return dentry_has_perm(cred, dentry, FILE__QUOTAON);
    1844. 

  1844. }
    1845. 

  1845. 

  1846. static int selinux_syslog(int type)
    1847. 

  1847. {
    1848. 

  1848. 	int rc;
    1849. 

  1849. 

  1850. 	switch (type) {
    1851. 

  1851. 	case SYSLOG_ACTION_READ_ALL:	
    1852. 

  1852. 	case SYSLOG_ACTION_SIZE_BUFFER:	
    1853. 

  1853. 		rc = task_has_system(current, SYSTEM__SYSLOG_READ);
    1854. 

  1854. 		break;
    1855. 

  1855. 	case SYSLOG_ACTION_CONSOLE_OFF:	
    1856. 

  1856. 	case SYSLOG_ACTION_CONSOLE_ON:	
    1857. 

  1857. 	
    1858. 

  1858. 	case SYSLOG_ACTION_CONSOLE_LEVEL:
    1859. 

  1859. 		rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
    1860. 

  1860. 		break;
    1861. 

  1861. 	case SYSLOG_ACTION_CLOSE:	
    1862. 

  1862. 	case SYSLOG_ACTION_OPEN:	
    1863. 

  1863. 	case SYSLOG_ACTION_READ:	
    1864. 

  1864. 	case SYSLOG_ACTION_READ_CLEAR:	
    1865. 

  1865. 	case SYSLOG_ACTION_CLEAR:	
    1866. 

  1866. 	default:
    1867. 

  1867. 		rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
    1868. 

  1868. 		break;
    1869. 

  1869. 	}
    1870. 

  1870. 	return rc;
    1871. 

  1871. }
    1872. 

  1872. 

  1873. static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
    1874. 

  1874. {
    1875. 

  1875. 	int rc, cap_sys_admin = 0;
    1876. 

  1876. 

  1877. 	rc = selinux_capable(current_cred(), &init_user_ns, CAP_SYS_ADMIN,
    1878. 

  1878. 			     SECURITY_CAP_NOAUDIT);
    1879. 

  1879. 	if (rc == 0)
    1880. 

  1880. 		cap_sys_admin = 1;
    1881. 

  1881. 

  1882. 	return __vm_enough_memory(mm, pages, cap_sys_admin);
    1883. 

  1883. }
    1884. 

  1884. 

  1885. 

  1886. static int selinux_bprm_set_creds(struct linux_binprm *bprm)
    1887. 

  1887. {
    1888. 

  1888. 	const struct task_security_struct *old_tsec;
    1889. 

  1889. 	struct task_security_struct *new_tsec;
    1890. 

  1890. 	struct inode_security_struct *isec;
    1891. 

  1891. 	struct common_audit_data ad;
    1892. 

  1892. 	struct selinux_audit_data sad = {0,};
    1893. 

  1893. 	struct inode *inode = bprm->file->f_path.dentry->d_inode;
    1894. 

  1894. 	int rc;
    1895. 

  1895. 

  1896. 	rc = cap_bprm_set_creds(bprm);
    1897. 

  1897. 	if (rc)
    1898. 

  1898. 		return rc;
    1899. 

  1899. 

  1900. 	if (bprm->cred_prepared)
    1901. 

  1901. 		return 0;
    1902. 

  1902. 

  1903. 	old_tsec = current_security();
    1904. 

  1904. 	new_tsec = bprm->cred->security;
    1905. 

  1905. 	isec = inode->i_security;
    1906. 

  1906. 

  1907. 	
    1908. 

  1908. 	new_tsec->sid = old_tsec->sid;
    1909. 

  1909. 	new_tsec->osid = old_tsec->sid;
    1910. 

  1910. 

  1911. 	
    1912. 

  1912. 	new_tsec->create_sid = 0;
    1913. 

  1913. 	new_tsec->keycreate_sid = 0;
    1914. 

  1914. 	new_tsec->sockcreate_sid = 0;
    1915. 

  1915. 

  1916. 	if (old_tsec->exec_sid) {
    1917. 

  1917. 		new_tsec->sid = old_tsec->exec_sid;
    1918. 

  1918. 		
    1919. 

  1919. 		new_tsec->exec_sid = 0;
    1920. 

  1920. 	} else {
    1921. 

  1921. 		
    1922. 

  1922. 		rc = security_transition_sid(old_tsec->sid, isec->sid,
    1923. 

  1923. 					     SECCLASS_PROCESS, NULL,
    1924. 

  1924. 					     &new_tsec->sid);
    1925. 

  1925. 		if (rc)
    1926. 

  1926. 			return rc;
    1927. 

  1927. 	}
    1928. 

  1928. 

  1929. 	COMMON_AUDIT_DATA_INIT(&ad, PATH);
    1930. 

  1930. 	ad.selinux_audit_data = &sad;
    1931. 

  1931. 	ad.u.path = bprm->file->f_path;
    1932. 

  1932. 

  1933. 	if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
    1934. 

  1934. 		new_tsec->sid = old_tsec->sid;
    1935. 

  1935. 

  1936. 	if (new_tsec->sid == old_tsec->sid) {
    1937. 

  1937. 		rc = avc_has_perm(old_tsec->sid, isec->sid,
    1938. 

  1938. 				  SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
    1939. 

  1939. 		if (rc)
    1940. 

  1940. 			return rc;
    1941. 

  1941. 	} else {
    1942. 

  1942. 		
    1943. 

  1943. 		rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
    1944. 

  1944. 				  SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
    1945. 

  1945. 		if (rc)
    1946. 

  1946. 			return rc;
    1947. 

  1947. 

  1948. 		rc = avc_has_perm(new_tsec->sid, isec->sid,
    1949. 

  1949. 				  SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
    1950. 

  1950. 		if (rc)
    1951. 

  1951. 			return rc;
    1952. 

  1952. 

  1953. 		
    1954. 

  1954. 		if (bprm->unsafe & LSM_UNSAFE_SHARE) {
    1955. 

  1955. 			rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
    1956. 

  1956. 					  SECCLASS_PROCESS, PROCESS__SHARE,
    1957. 

  1957. 					  NULL);
    1958. 

  1958. 			if (rc)
    1959. 

  1959. 				return -EPERM;
    1960. 

  1960. 		}
    1961. 

  1961. 

  1962. 		if (bprm->unsafe &
    1963. 

  1963. 		    (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
    1964. 

  1964. 			struct task_struct *tracer;
    1965. 

  1965. 			struct task_security_struct *sec;
    1966. 

  1966. 			u32 ptsid = 0;
    1967. 

  1967. 

  1968. 			rcu_read_lock();
    1969. 

  1969. 			tracer = ptrace_parent(current);
    1970. 

  1970. 			if (likely(tracer != NULL)) {
    1971. 

  1971. 				sec = __task_cred(tracer)->security;
    1972. 

  1972. 				ptsid = sec->sid;
    1973. 

  1973. 			}
    1974. 

  1974. 			rcu_read_unlock();
    1975. 

  1975. 

  1976. 			if (ptsid != 0) {
    1977. 

  1977. 				rc = avc_has_perm(ptsid, new_tsec->sid,
    1978. 

  1978. 						  SECCLASS_PROCESS,
    1979. 

  1979. 						  PROCESS__PTRACE, NULL);
    1980. 

  1980. 				if (rc)
    1981. 

  1981. 					return -EPERM;
    1982. 

  1982. 			}
    1983. 

  1983. 		}
    1984. 

  1984. 

  1985. 		
    1986. 

  1986. 		bprm->per_clear |= PER_CLEAR_ON_SETID;
    1987. 

  1987. 	}
    1988. 

  1988. 

  1989. 	return 0;
    1990. 

  1990. }
    1991. 

  1991. 

  1992. static int selinux_bprm_secureexec(struct linux_binprm *bprm)
    1993. 

  1993. {
    1994. 

  1994. 	const struct task_security_struct *tsec = current_security();
    1995. 

  1995. 	u32 sid, osid;
    1996. 

  1996. 	int atsecure = 0;
    1997. 

  1997. 

  1998. 	sid = tsec->sid;
    1999. 

  1999. 	osid = tsec->osid;
    2000. 

  2000. 

  2001. 	if (osid != sid) {
    2002. 

  2002. 		atsecure = avc_has_perm(osid, sid,
    2003. 

  2003. 					SECCLASS_PROCESS,
    2004. 

  2004. 					PROCESS__NOATSECURE, NULL);
    2005. 

  2005. 	}
    2006. 

  2006. 

  2007. 	return (atsecure || cap_bprm_secureexec(bprm));
    2008. 

  2008. }
    2009. 

  2009. 

  2010. static inline void flush_unauthorized_files(const struct cred *cred,
    2011. 

  2011. 					    struct files_struct *files)
    2012. 

  2012. {
    2013. 

  2013. 	struct common_audit_data ad;
    2014. 

  2014. 	struct selinux_audit_data sad = {0,};
    2015. 

  2015. 	struct file *file, *devnull = NULL;
    2016. 

  2016. 	struct tty_struct *tty;
    2017. 

  2017. 	struct fdtable *fdt;
    2018. 

  2018. 	long j = -1;
    2019. 

  2019. 	int drop_tty = 0;
    2020. 

  2020. 

  2021. 	tty = get_current_tty();
    2022. 

  2022. 	if (tty) {
    2023. 

  2023. 		spin_lock(&tty_files_lock);
    2024. 

  2024. 		if (!list_empty(&tty->tty_files)) {
    2025. 

  2025. 			struct tty_file_private *file_priv;
    2026. 

  2026. 			struct inode *inode;
    2027. 

  2027. 

  2028. 			file_priv = list_first_entry(&tty->tty_files,
    2029. 

  2029. 						struct tty_file_private, list);
    2030. 

  2030. 			file = file_priv->file;
    2031. 

  2031. 			inode = file->f_path.dentry->d_inode;
    2032. 

  2032. 			if (inode_has_perm_noadp(cred, inode,
    2033. 

  2033. 					   FILE__READ | FILE__WRITE, 0)) {
    2034. 

  2034. 				drop_tty = 1;
    2035. 

  2035. 			}
    2036. 

  2036. 		}
    2037. 

  2037. 		spin_unlock(&tty_files_lock);
    2038. 

  2038. 		tty_kref_put(tty);
    2039. 

  2039. 	}
    2040. 

  2040. 	
    2041. 

  2041. 	if (drop_tty)
    2042. 

  2042. 		no_tty();
    2043. 

  2043. 

  2044. 	
    2045. 

  2045. 

  2046. 	COMMON_AUDIT_DATA_INIT(&ad, INODE);
    2047. 

  2047. 	ad.selinux_audit_data = &sad;
    2048. 

  2048. 

  2049. 	spin_lock(&files->file_lock);
    2050. 

  2050. 	for (;;) {
    2051. 

  2051. 		unsigned long set, i;
    2052. 

  2052. 		int fd;
    2053. 

  2053. 

  2054. 		j++;
    2055. 

  2055. 		i = j * BITS_PER_LONG;
    2056. 

  2056. 		fdt = files_fdtable(files);
    2057. 

  2057. 		if (i >= fdt->max_fds)
    2058. 

  2058. 			break;
    2059. 

  2059. 		set = fdt->open_fds[j];
    2060. 

  2060. 		if (!set)
    2061. 

  2061. 			continue;
    2062. 

  2062. 		spin_unlock(&files->file_lock);
    2063. 

  2063. 		for ( ; set ; i++, set >>= 1) {
    2064. 

  2064. 			if (set & 1) {
    2065. 

  2065. 				file = fget(i);
    2066. 

  2066. 				if (!file)
    2067. 

  2067. 					continue;
    2068. 

  2068. 				if (file_has_perm(cred,
    2069. 

  2069. 						  file,
    2070. 

  2070. 						  file_to_av(file))) {
    2071. 

  2071. 					sys_close(i);
    2072. 

  2072. 					fd = get_unused_fd();
    2073. 

  2073. 					if (fd != i) {
    2074. 

  2074. 						if (fd >= 0)
    2075. 

  2075. 							put_unused_fd(fd);
    2076. 

  2076. 						fput(file);
    2077. 

  2077. 						continue;
    2078. 

  2078. 					}
    2079. 

  2079. 					if (devnull) {
    2080. 

  2080. 						get_file(devnull);
    2081. 

  2081. 					} else {
    2082. 

  2082. 						devnull = dentry_open(
    2083. 

  2083. 							dget(selinux_null),
    2084. 

  2084. 							mntget(selinuxfs_mount),
    2085. 

  2085. 							O_RDWR, cred);
    2086. 

  2086. 						if (IS_ERR(devnull)) {
    2087. 

  2087. 							devnull = NULL;
    2088. 

  2088. 							put_unused_fd(fd);
    2089. 

  2089. 							fput(file);
    2090. 

  2090. 							continue;
    2091. 

  2091. 						}
    2092. 

  2092. 					}
    2093. 

  2093. 					fd_install(fd, devnull);
    2094. 

  2094. 				}
    2095. 

  2095. 				fput(file);
    2096. 

  2096. 			}
    2097. 

  2097. 		}
    2098. 

  2098. 		spin_lock(&files->file_lock);
    2099. 

  2099. 

  2100. 	}
    2101. 

  2101. 	spin_unlock(&files->file_lock);
    2102. 

  2102. }
    2103. 

  2103. 

  2104. static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
    2105. 

  2105. {
    2106. 

  2106. 	struct task_security_struct *new_tsec;
    2107. 

  2107. 	struct rlimit *rlim, *initrlim;
    2108. 

  2108. 	int rc, i;
    2109. 

  2109. 

  2110. 	new_tsec = bprm->cred->security;
    2111. 

  2111. 	if (new_tsec->sid == new_tsec->osid)
    2112. 

  2112. 		return;
    2113. 

  2113. 

  2114. 	
    2115. 

  2115. 	flush_unauthorized_files(bprm->cred, current->files);
    2116. 

  2116. 

  2117. 	
    2118. 

  2118. 	current->pdeath_signal = 0;
    2119. 

  2119. 

  2120. 	rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
    2121. 

  2121. 			  PROCESS__RLIMITINH, NULL);
    2122. 

  2122. 	if (rc) {
    2123. 

  2123. 		
    2124. 

  2124. 		task_lock(current);
    2125. 

  2125. 		for (i = 0; i < RLIM_NLIMITS; i++) {
    2126. 

  2126. 			rlim = current->signal->rlim + i;
    2127. 

  2127. 			initrlim = init_task.signal->rlim + i;
    2128. 

  2128. 			rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
    2129. 

  2129. 		}
    2130. 

  2130. 		task_unlock(current);
    2131. 

  2131. 		update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
    2132. 

  2132. 	}
    2133. 

  2133. }
    2134. 

  2134. 

  2135. static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
    2136. 

  2136. {
    2137. 

  2137. 	const struct task_security_struct *tsec = current_security();
    2138. 

  2138. 	struct itimerval itimer;
    2139. 

  2139. 	u32 osid, sid;
    2140. 

  2140. 	int rc, i;
    2141. 

  2141. 

  2142. 	osid = tsec->osid;
    2143. 

  2143. 	sid = tsec->sid;
    2144. 

  2144. 

  2145. 	if (sid == osid)
    2146. 

  2146. 		return;
    2147. 

  2147. 

  2148. 	rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
    2149. 

  2149. 	if (rc) {
    2150. 

  2150. 		memset(&itimer, 0, sizeof itimer);
    2151. 

  2151. 		for (i = 0; i < 3; i++)
    2152. 

  2152. 			do_setitimer(i, &itimer, NULL);
    2153. 

  2153. 		spin_lock_irq(&current->sighand->siglock);
    2154. 

  2154. 		if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) {
    2155. 

  2155. 			__flush_signals(current);
    2156. 

  2156. 			flush_signal_handlers(current, 1);
    2157. 

  2157. 			sigemptyset(&current->blocked);
    2158. 

  2158. 		}
    2159. 

  2159. 		spin_unlock_irq(&current->sighand->siglock);
    2160. 

  2160. 	}
    2161. 

  2161. 

  2162. 	read_lock(&tasklist_lock);
    2163. 

  2163. 	__wake_up_parent(current, current->real_parent);
    2164. 

  2164. 	read_unlock(&tasklist_lock);
    2165. 

  2165. }
    2166. 

  2166. 

  2167. 

  2168. static int selinux_sb_alloc_security(struct super_block *sb)
    2169. 

  2169. {
    2170. 

  2170. 	return superblock_alloc_security(sb);
    2171. 

  2171. }
    2172. 

  2172. 

  2173. static void selinux_sb_free_security(struct super_block *sb)
    2174. 

  2174. {
    2175. 

  2175. 	superblock_free_security(sb);
    2176. 

  2176. }
    2177. 

  2177. 

  2178. static inline int match_prefix(char *prefix, int plen, char *option, int olen)
    2179. 

  2179. {
    2180. 

  2180. 	if (plen > olen)
    2181. 

  2181. 		return 0;
    2182. 

  2182. 

  2183. 	return !memcmp(prefix, option, plen);
    2184. 

  2184. }
    2185. 

  2185. 

  2186. static inline int selinux_option(char *option, int len)
    2187. 

  2187. {
    2188. 

  2188. 	return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) ||
    2189. 

  2189. 		match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) ||
    2190. 

  2190. 		match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) ||
    2191. 

  2191. 		match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len) ||
    2192. 

  2192. 		match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len));
    2193. 

  2193. }
    2194. 

  2194. 

  2195. static inline void take_option(char **to, char *from, int *first, int len)
    2196. 

  2196. {
    2197. 

  2197. 	if (!*first) {
    2198. 

  2198. 		**to = ',';
    2199. 

  2199. 		*to += 1;
    2200. 

  2200. 	} else
    2201. 

  2201. 		*first = 0;
    2202. 

  2202. 	memcpy(*to, from, len);
    2203. 

  2203. 	*to += len;
    2204. 

  2204. }
    2205. 

  2205. 

  2206. static inline void take_selinux_option(char **to, char *from, int *first,
    2207. 

  2207. 				       int len)
    2208. 

  2208. {
    2209. 

  2209. 	int current_size = 0;
    2210. 

  2210. 

  2211. 	if (!*first) {
    2212. 

  2212. 		**to = '|';
    2213. 

  2213. 		*to += 1;
    2214. 

  2214. 	} else
    2215. 

  2215. 		*first = 0;
    2216. 

  2216. 

  2217. 	while (current_size < len) {
    2218. 

  2218. 		if (*from != '"') {
    2219. 

  2219. 			**to = *from;
    2220. 

  2220. 			*to += 1;
    2221. 

  2221. 		}
    2222. 

  2222. 		from += 1;
    2223. 

  2223. 		current_size += 1;
    2224. 

  2224. 	}
    2225. 

  2225. }
    2226. 

  2226. 

  2227. static int selinux_sb_copy_data(char *orig, char *copy)
    2228. 

  2228. {
    2229. 

  2229. 	int fnosec, fsec, rc = 0;
    2230. 

  2230. 	char *in_save, *in_cur
    2231.

Large files files are truncated, but you can click here to view the full file