/security/selinux/hooks.c
C | 5579 lines | 4543 code | 1005 blank | 31 comment | 726 complexity | df3e1a3692524b5a2b543eb0165add05 MD5 | raw file
Possible License(s): GPL-2.0
Large files files are truncated, but you can click here to view the full file
- /*
- * NSA Security-Enhanced Linux (SELinux) security module
- *
- * This file contains the SELinux hook function implementations.
- *
- * Authors: Stephen Smalley, <sds@epoch.ncsc.mil>
- * Chris Vance, <cvance@nai.com>
- * Wayne Salamon, <wsalamon@nai.com>
- * James Morris <jmorris@redhat.com>
- *
- * Copyright (C) 2001,2002 Networks Associates Technology, Inc.
- * Copyright (C) 2003-2008 Red Hat, Inc., James Morris <jmorris@redhat.com>
- * Eric Paris <eparis@redhat.com>
- * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
- * <dgoeddel@trustedcs.com>
- * Copyright (C) 2006, 2007, 2009 Hewlett-Packard Development Company, L.P.
- * Paul Moore <paul@paul-moore.com>
- * Copyright (C) 2007 Hitachi Software Engineering Co., Ltd.
- * Yuichi Nakamura <ynakam@hitachisoft.jp>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2,
- * as published by the Free Software Foundation.
- */
- #include <linux/init.h>
- #include <linux/kd.h>
- #include <linux/kernel.h>
- #include <linux/tracehook.h>
- #include <linux/errno.h>
- #include <linux/sched.h>
- #include <linux/security.h>
- #include <linux/xattr.h>
- #include <linux/capability.h>
- #include <linux/unistd.h>
- #include <linux/mm.h>
- #include <linux/mman.h>
- #include <linux/slab.h>
- #include <linux/pagemap.h>
- #include <linux/proc_fs.h>
- #include <linux/swap.h>
- #include <linux/spinlock.h>
- #include <linux/syscalls.h>
- #include <linux/dcache.h>
- #include <linux/file.h>
- #include <linux/fdtable.h>
- #include <linux/namei.h>
- #include <linux/mount.h>
- #include <linux/netfilter_ipv4.h>
- #include <linux/netfilter_ipv6.h>
- #include <linux/tty.h>
- #include <net/icmp.h>
- #include <net/ip.h>
- #include <net/tcp.h>
- #include <net/net_namespace.h>
- #include <net/netlabel.h>
- #include <linux/uaccess.h>
- #include <asm/ioctls.h>
- #include <linux/atomic.h>
- #include <linux/bitops.h>
- #include <linux/interrupt.h>
- #include <linux/netdevice.h>
- #include <linux/netlink.h>
- #include <linux/tcp.h>
- #include <linux/udp.h>
- #include <linux/dccp.h>
- #include <linux/quota.h>
- #include <linux/un.h>
- #include <net/af_unix.h>
- #include <linux/parser.h>
- #include <linux/nfs_mount.h>
- #include <net/ipv6.h>
- #include <linux/hugetlb.h>
- #include <linux/personality.h>
- #include <linux/audit.h>
- #include <linux/string.h>
- #include <linux/selinux.h>
- #include <linux/mutex.h>
- #include <linux/posix-timers.h>
- #include <linux/syslog.h>
- #include <linux/user_namespace.h>
- #include <linux/export.h>
- #include <linux/msg.h>
- #include <linux/shm.h>
- #include "avc.h"
- #include "objsec.h"
- #include "netif.h"
- #include "netnode.h"
- #include "netport.h"
- #include "xfrm.h"
- #include "netlabel.h"
- #include "audit.h"
- #include "avc_ss.h"
- #define NUM_SEL_MNT_OPTS 5
- extern struct security_operations *security_ops;
- static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
- #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
- int selinux_enforcing;
- static int __init enforcing_setup(char *str)
- {
- unsigned long enforcing;
- if (!strict_strtoul(str, 0, &enforcing))
- selinux_enforcing = enforcing ? 1 : 0;
- return 1;
- }
- __setup("enforcing=", enforcing_setup);
- #endif
- #ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
- int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
- static int __init selinux_enabled_setup(char *str)
- {
- unsigned long enabled;
- if (!strict_strtoul(str, 0, &enabled))
- selinux_enabled = enabled ? 1 : 0;
- return 1;
- }
- __setup("selinux=", selinux_enabled_setup);
- #else
- int selinux_enabled = 1;
- #endif
- static struct kmem_cache *sel_inode_cache;
- static int selinux_secmark_enabled(void)
- {
- return (atomic_read(&selinux_secmark_refcount) > 0);
- }
- static void cred_init_security(void)
- {
- struct cred *cred = (struct cred *) current->real_cred;
- struct task_security_struct *tsec;
- tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
- if (!tsec)
- panic("SELinux: Failed to initialize initial task.\n");
- tsec->osid = tsec->sid = SECINITSID_KERNEL;
- cred->security = tsec;
- }
- static inline u32 cred_sid(const struct cred *cred)
- {
- const struct task_security_struct *tsec;
- tsec = cred->security;
- return tsec->sid;
- }
- static inline u32 task_sid(const struct task_struct *task)
- {
- u32 sid;
- rcu_read_lock();
- sid = cred_sid(__task_cred(task));
- rcu_read_unlock();
- return sid;
- }
- static inline u32 current_sid(void)
- {
- const struct task_security_struct *tsec = current_security();
- return tsec->sid;
- }
- static int inode_alloc_security(struct inode *inode)
- {
- struct inode_security_struct *isec;
- u32 sid = current_sid();
- isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
- if (!isec)
- return -ENOMEM;
- mutex_init(&isec->lock);
- INIT_LIST_HEAD(&isec->list);
- isec->inode = inode;
- isec->sid = SECINITSID_UNLABELED;
- isec->sclass = SECCLASS_FILE;
- isec->task_sid = sid;
- inode->i_security = isec;
- return 0;
- }
- static void inode_free_security(struct inode *inode)
- {
- struct inode_security_struct *isec = inode->i_security;
- struct superblock_security_struct *sbsec = inode->i_sb->s_security;
- spin_lock(&sbsec->isec_lock);
- if (!list_empty(&isec->list))
- list_del_init(&isec->list);
- spin_unlock(&sbsec->isec_lock);
- inode->i_security = NULL;
- kmem_cache_free(sel_inode_cache, isec);
- }
- static int file_alloc_security(struct file *file)
- {
- struct file_security_struct *fsec;
- u32 sid = current_sid();
- fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
- if (!fsec)
- return -ENOMEM;
- fsec->sid = sid;
- fsec->fown_sid = sid;
- file->f_security = fsec;
- return 0;
- }
- static void file_free_security(struct file *file)
- {
- struct file_security_struct *fsec = file->f_security;
- file->f_security = NULL;
- kfree(fsec);
- }
- static int superblock_alloc_security(struct super_block *sb)
- {
- struct superblock_security_struct *sbsec;
- sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
- if (!sbsec)
- return -ENOMEM;
- mutex_init(&sbsec->lock);
- INIT_LIST_HEAD(&sbsec->isec_head);
- spin_lock_init(&sbsec->isec_lock);
- sbsec->sb = sb;
- sbsec->sid = SECINITSID_UNLABELED;
- sbsec->def_sid = SECINITSID_FILE;
- sbsec->mntpoint_sid = SECINITSID_UNLABELED;
- sb->s_security = sbsec;
- return 0;
- }
- static void superblock_free_security(struct super_block *sb)
- {
- struct superblock_security_struct *sbsec = sb->s_security;
- sb->s_security = NULL;
- kfree(sbsec);
- }
- static const char *labeling_behaviors[6] = {
- "uses xattr",
- "uses transition SIDs",
- "uses task SIDs",
- "uses genfs_contexts",
- "not configured for labeling",
- "uses mountpoint labeling",
- };
- static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
- static inline int inode_doinit(struct inode *inode)
- {
- return inode_doinit_with_dentry(inode, NULL);
- }
- enum {
- Opt_error = -1,
- Opt_context = 1,
- Opt_fscontext = 2,
- Opt_defcontext = 3,
- Opt_rootcontext = 4,
- Opt_labelsupport = 5,
- };
- static const match_table_t tokens = {
- {Opt_context, CONTEXT_STR "%s"},
- {Opt_fscontext, FSCONTEXT_STR "%s"},
- {Opt_defcontext, DEFCONTEXT_STR "%s"},
- {Opt_rootcontext, ROOTCONTEXT_STR "%s"},
- {Opt_labelsupport, LABELSUPP_STR},
- {Opt_error, NULL},
- };
- #define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
- static int may_context_mount_sb_relabel(u32 sid,
- struct superblock_security_struct *sbsec,
- const struct cred *cred)
- {
- const struct task_security_struct *tsec = cred->security;
- int rc;
- rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
- FILESYSTEM__RELABELFROM, NULL);
- if (rc)
- return rc;
- rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
- FILESYSTEM__RELABELTO, NULL);
- return rc;
- }
- static int may_context_mount_inode_relabel(u32 sid,
- struct superblock_security_struct *sbsec,
- const struct cred *cred)
- {
- const struct task_security_struct *tsec = cred->security;
- int rc;
- rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
- FILESYSTEM__RELABELFROM, NULL);
- if (rc)
- return rc;
- rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
- FILESYSTEM__ASSOCIATE, NULL);
- return rc;
- }
- static int sb_finish_set_opts(struct super_block *sb)
- {
- struct superblock_security_struct *sbsec = sb->s_security;
- struct dentry *root = sb->s_root;
- struct inode *root_inode = root->d_inode;
- int rc = 0;
- if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
- if (!root_inode->i_op->getxattr) {
- printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
- "xattr support\n", sb->s_id, sb->s_type->name);
- rc = -EOPNOTSUPP;
- goto out;
- }
- rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
- if (rc < 0 && rc != -ENODATA) {
- if (rc == -EOPNOTSUPP)
- printk(KERN_WARNING "SELinux: (dev %s, type "
- "%s) has no security xattr handler\n",
- sb->s_id, sb->s_type->name);
- else
- printk(KERN_WARNING "SELinux: (dev %s, type "
- "%s) getxattr errno %d\n", sb->s_id,
- sb->s_type->name, -rc);
- goto out;
- }
- }
- sbsec->flags |= (SE_SBINITIALIZED | SE_SBLABELSUPP);
- if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
- printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
- sb->s_id, sb->s_type->name);
- else
- printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
- sb->s_id, sb->s_type->name,
- labeling_behaviors[sbsec->behavior-1]);
- if (sbsec->behavior == SECURITY_FS_USE_GENFS ||
- sbsec->behavior == SECURITY_FS_USE_MNTPOINT ||
- sbsec->behavior == SECURITY_FS_USE_NONE ||
- sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
- sbsec->flags &= ~SE_SBLABELSUPP;
-
- if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0)
- sbsec->flags |= SE_SBLABELSUPP;
-
- rc = inode_doinit_with_dentry(root_inode, root);
- spin_lock(&sbsec->isec_lock);
- next_inode:
- if (!list_empty(&sbsec->isec_head)) {
- struct inode_security_struct *isec =
- list_entry(sbsec->isec_head.next,
- struct inode_security_struct, list);
- struct inode *inode = isec->inode;
- spin_unlock(&sbsec->isec_lock);
- inode = igrab(inode);
- if (inode) {
- if (!IS_PRIVATE(inode))
- inode_doinit(inode);
- iput(inode);
- }
- spin_lock(&sbsec->isec_lock);
- list_del_init(&isec->list);
- goto next_inode;
- }
- spin_unlock(&sbsec->isec_lock);
- out:
- return rc;
- }
- static int selinux_get_mnt_opts(const struct super_block *sb,
- struct security_mnt_opts *opts)
- {
- int rc = 0, i;
- struct superblock_security_struct *sbsec = sb->s_security;
- char *context = NULL;
- u32 len;
- char tmp;
- security_init_mnt_opts(opts);
- if (!(sbsec->flags & SE_SBINITIALIZED))
- return -EINVAL;
- if (!ss_initialized)
- return -EINVAL;
- tmp = sbsec->flags & SE_MNTMASK;
-
- for (i = 0; i < 8; i++) {
- if (tmp & 0x01)
- opts->num_mnt_opts++;
- tmp >>= 1;
- }
-
- if (sbsec->flags & SE_SBLABELSUPP)
- opts->num_mnt_opts++;
- opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);
- if (!opts->mnt_opts) {
- rc = -ENOMEM;
- goto out_free;
- }
- opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC);
- if (!opts->mnt_opts_flags) {
- rc = -ENOMEM;
- goto out_free;
- }
- i = 0;
- if (sbsec->flags & FSCONTEXT_MNT) {
- rc = security_sid_to_context(sbsec->sid, &context, &len);
- if (rc)
- goto out_free;
- opts->mnt_opts[i] = context;
- opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;
- }
- if (sbsec->flags & CONTEXT_MNT) {
- rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);
- if (rc)
- goto out_free;
- opts->mnt_opts[i] = context;
- opts->mnt_opts_flags[i++] = CONTEXT_MNT;
- }
- if (sbsec->flags & DEFCONTEXT_MNT) {
- rc = security_sid_to_context(sbsec->def_sid, &context, &len);
- if (rc)
- goto out_free;
- opts->mnt_opts[i] = context;
- opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT;
- }
- if (sbsec->flags & ROOTCONTEXT_MNT) {
- struct inode *root = sbsec->sb->s_root->d_inode;
- struct inode_security_struct *isec = root->i_security;
- rc = security_sid_to_context(isec->sid, &context, &len);
- if (rc)
- goto out_free;
- opts->mnt_opts[i] = context;
- opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT;
- }
- if (sbsec->flags & SE_SBLABELSUPP) {
- opts->mnt_opts[i] = NULL;
- opts->mnt_opts_flags[i++] = SE_SBLABELSUPP;
- }
- BUG_ON(i != opts->num_mnt_opts);
- return 0;
- out_free:
- security_free_mnt_opts(opts);
- return rc;
- }
- static int bad_option(struct superblock_security_struct *sbsec, char flag,
- u32 old_sid, u32 new_sid)
- {
- char mnt_flags = sbsec->flags & SE_MNTMASK;
-
- if (sbsec->flags & SE_SBINITIALIZED)
- if (!(sbsec->flags & flag) ||
- (old_sid != new_sid))
- return 1;
- if (!(sbsec->flags & SE_SBINITIALIZED))
- if (mnt_flags & flag)
- return 1;
- return 0;
- }
- static int selinux_set_mnt_opts(struct super_block *sb,
- struct security_mnt_opts *opts)
- {
- const struct cred *cred = current_cred();
- int rc = 0, i;
- struct superblock_security_struct *sbsec = sb->s_security;
- const char *name = sb->s_type->name;
- struct inode *inode = sbsec->sb->s_root->d_inode;
- struct inode_security_struct *root_isec = inode->i_security;
- u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
- u32 defcontext_sid = 0;
- char **mount_options = opts->mnt_opts;
- int *flags = opts->mnt_opts_flags;
- int num_opts = opts->num_mnt_opts;
- mutex_lock(&sbsec->lock);
- if (!ss_initialized) {
- if (!num_opts) {
- goto out;
- }
- rc = -EINVAL;
- printk(KERN_WARNING "SELinux: Unable to set superblock options "
- "before the security server is initialized\n");
- goto out;
- }
- if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
- && (num_opts == 0))
- goto out;
- for (i = 0; i < num_opts; i++) {
- u32 sid;
- if (flags[i] == SE_SBLABELSUPP)
- continue;
- rc = security_context_to_sid(mount_options[i],
- strlen(mount_options[i]), &sid);
- if (rc) {
- printk(KERN_WARNING "SELinux: security_context_to_sid"
- "(%s) failed for (dev %s, type %s) errno=%d\n",
- mount_options[i], sb->s_id, name, rc);
- goto out;
- }
- switch (flags[i]) {
- case FSCONTEXT_MNT:
- fscontext_sid = sid;
- if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
- fscontext_sid))
- goto out_double_mount;
- sbsec->flags |= FSCONTEXT_MNT;
- break;
- case CONTEXT_MNT:
- context_sid = sid;
- if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
- context_sid))
- goto out_double_mount;
- sbsec->flags |= CONTEXT_MNT;
- break;
- case ROOTCONTEXT_MNT:
- rootcontext_sid = sid;
- if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
- rootcontext_sid))
- goto out_double_mount;
- sbsec->flags |= ROOTCONTEXT_MNT;
- break;
- case DEFCONTEXT_MNT:
- defcontext_sid = sid;
- if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
- defcontext_sid))
- goto out_double_mount;
- sbsec->flags |= DEFCONTEXT_MNT;
- break;
- default:
- rc = -EINVAL;
- goto out;
- }
- }
- if (sbsec->flags & SE_SBINITIALIZED) {
-
- if ((sbsec->flags & SE_MNTMASK) && !num_opts)
- goto out_double_mount;
- rc = 0;
- goto out;
- }
- if (strcmp(sb->s_type->name, "proc") == 0)
- sbsec->flags |= SE_SBPROC;
-
- rc = security_fs_use((sbsec->flags & SE_SBPROC) ? "proc" : sb->s_type->name, &sbsec->behavior, &sbsec->sid);
- if (rc) {
- printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
- __func__, sb->s_type->name, rc);
- goto out;
- }
-
- if (fscontext_sid) {
- rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
- if (rc)
- goto out;
- sbsec->sid = fscontext_sid;
- }
- if (context_sid) {
- if (!fscontext_sid) {
- rc = may_context_mount_sb_relabel(context_sid, sbsec,
- cred);
- if (rc)
- goto out;
- sbsec->sid = context_sid;
- } else {
- rc = may_context_mount_inode_relabel(context_sid, sbsec,
- cred);
- if (rc)
- goto out;
- }
- if (!rootcontext_sid)
- rootcontext_sid = context_sid;
- sbsec->mntpoint_sid = context_sid;
- sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
- }
- if (rootcontext_sid) {
- rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
- cred);
- if (rc)
- goto out;
- root_isec->sid = rootcontext_sid;
- root_isec->initialized = 1;
- }
- if (defcontext_sid) {
- if (sbsec->behavior != SECURITY_FS_USE_XATTR) {
- rc = -EINVAL;
- printk(KERN_WARNING "SELinux: defcontext option is "
- "invalid for this filesystem type\n");
- goto out;
- }
- if (defcontext_sid != sbsec->def_sid) {
- rc = may_context_mount_inode_relabel(defcontext_sid,
- sbsec, cred);
- if (rc)
- goto out;
- }
- sbsec->def_sid = defcontext_sid;
- }
- rc = sb_finish_set_opts(sb);
- out:
- mutex_unlock(&sbsec->lock);
- return rc;
- out_double_mount:
- rc = -EINVAL;
- printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
- "security settings for (dev %s, type %s)\n", sb->s_id, name);
- goto out;
- }
- static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
- struct super_block *newsb)
- {
- const struct superblock_security_struct *oldsbsec = oldsb->s_security;
- struct superblock_security_struct *newsbsec = newsb->s_security;
- int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
- int set_context = (oldsbsec->flags & CONTEXT_MNT);
- int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
- if (!ss_initialized)
- return;
-
- BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
-
- if (newsbsec->flags & SE_SBINITIALIZED)
- return;
- mutex_lock(&newsbsec->lock);
- newsbsec->flags = oldsbsec->flags;
- newsbsec->sid = oldsbsec->sid;
- newsbsec->def_sid = oldsbsec->def_sid;
- newsbsec->behavior = oldsbsec->behavior;
- if (set_context) {
- u32 sid = oldsbsec->mntpoint_sid;
- if (!set_fscontext)
- newsbsec->sid = sid;
- if (!set_rootcontext) {
- struct inode *newinode = newsb->s_root->d_inode;
- struct inode_security_struct *newisec = newinode->i_security;
- newisec->sid = sid;
- }
- newsbsec->mntpoint_sid = sid;
- }
- if (set_rootcontext) {
- const struct inode *oldinode = oldsb->s_root->d_inode;
- const struct inode_security_struct *oldisec = oldinode->i_security;
- struct inode *newinode = newsb->s_root->d_inode;
- struct inode_security_struct *newisec = newinode->i_security;
- newisec->sid = oldisec->sid;
- }
- sb_finish_set_opts(newsb);
- mutex_unlock(&newsbsec->lock);
- }
- static int selinux_parse_opts_str(char *options,
- struct security_mnt_opts *opts)
- {
- char *p;
- char *context = NULL, *defcontext = NULL;
- char *fscontext = NULL, *rootcontext = NULL;
- int rc, num_mnt_opts = 0;
- opts->num_mnt_opts = 0;
-
- while ((p = strsep(&options, "|")) != NULL) {
- int token;
- substring_t args[MAX_OPT_ARGS];
- if (!*p)
- continue;
- token = match_token(p, tokens, args);
- switch (token) {
- case Opt_context:
- if (context || defcontext) {
- rc = -EINVAL;
- printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
- goto out_err;
- }
- context = match_strdup(&args[0]);
- if (!context) {
- rc = -ENOMEM;
- goto out_err;
- }
- break;
- case Opt_fscontext:
- if (fscontext) {
- rc = -EINVAL;
- printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
- goto out_err;
- }
- fscontext = match_strdup(&args[0]);
- if (!fscontext) {
- rc = -ENOMEM;
- goto out_err;
- }
- break;
- case Opt_rootcontext:
- if (rootcontext) {
- rc = -EINVAL;
- printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
- goto out_err;
- }
- rootcontext = match_strdup(&args[0]);
- if (!rootcontext) {
- rc = -ENOMEM;
- goto out_err;
- }
- break;
- case Opt_defcontext:
- if (context || defcontext) {
- rc = -EINVAL;
- printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
- goto out_err;
- }
- defcontext = match_strdup(&args[0]);
- if (!defcontext) {
- rc = -ENOMEM;
- goto out_err;
- }
- break;
- case Opt_labelsupport:
- break;
- default:
- rc = -EINVAL;
- printk(KERN_WARNING "SELinux: unknown mount option\n");
- goto out_err;
- }
- }
- rc = -ENOMEM;
- opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_ATOMIC);
- if (!opts->mnt_opts)
- goto out_err;
- opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), GFP_ATOMIC);
- if (!opts->mnt_opts_flags) {
- kfree(opts->mnt_opts);
- goto out_err;
- }
- if (fscontext) {
- opts->mnt_opts[num_mnt_opts] = fscontext;
- opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT;
- }
- if (context) {
- opts->mnt_opts[num_mnt_opts] = context;
- opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT;
- }
- if (rootcontext) {
- opts->mnt_opts[num_mnt_opts] = rootcontext;
- opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT;
- }
- if (defcontext) {
- opts->mnt_opts[num_mnt_opts] = defcontext;
- opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT;
- }
- opts->num_mnt_opts = num_mnt_opts;
- return 0;
- out_err:
- kfree(context);
- kfree(defcontext);
- kfree(fscontext);
- kfree(rootcontext);
- return rc;
- }
- static int superblock_doinit(struct super_block *sb, void *data)
- {
- int rc = 0;
- char *options = data;
- struct security_mnt_opts opts;
- security_init_mnt_opts(&opts);
- if (!data)
- goto out;
- BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);
- rc = selinux_parse_opts_str(options, &opts);
- if (rc)
- goto out_err;
- out:
- rc = selinux_set_mnt_opts(sb, &opts);
- out_err:
- security_free_mnt_opts(&opts);
- return rc;
- }
- static void selinux_write_opts(struct seq_file *m,
- struct security_mnt_opts *opts)
- {
- int i;
- char *prefix;
- for (i = 0; i < opts->num_mnt_opts; i++) {
- char *has_comma;
- if (opts->mnt_opts[i])
- has_comma = strchr(opts->mnt_opts[i], ',');
- else
- has_comma = NULL;
- switch (opts->mnt_opts_flags[i]) {
- case CONTEXT_MNT:
- prefix = CONTEXT_STR;
- break;
- case FSCONTEXT_MNT:
- prefix = FSCONTEXT_STR;
- break;
- case ROOTCONTEXT_MNT:
- prefix = ROOTCONTEXT_STR;
- break;
- case DEFCONTEXT_MNT:
- prefix = DEFCONTEXT_STR;
- break;
- case SE_SBLABELSUPP:
- seq_putc(m, ',');
- seq_puts(m, LABELSUPP_STR);
- continue;
- default:
- BUG();
- return;
- };
-
- seq_putc(m, ',');
- seq_puts(m, prefix);
- if (has_comma)
- seq_putc(m, '\"');
- seq_puts(m, opts->mnt_opts[i]);
- if (has_comma)
- seq_putc(m, '\"');
- }
- }
- static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
- {
- struct security_mnt_opts opts;
- int rc;
- rc = selinux_get_mnt_opts(sb, &opts);
- if (rc) {
-
- if (rc == -EINVAL)
- rc = 0;
- return rc;
- }
- selinux_write_opts(m, &opts);
- security_free_mnt_opts(&opts);
- return rc;
- }
- static inline u16 inode_mode_to_security_class(umode_t mode)
- {
- switch (mode & S_IFMT) {
- case S_IFSOCK:
- return SECCLASS_SOCK_FILE;
- case S_IFLNK:
- return SECCLASS_LNK_FILE;
- case S_IFREG:
- return SECCLASS_FILE;
- case S_IFBLK:
- return SECCLASS_BLK_FILE;
- case S_IFDIR:
- return SECCLASS_DIR;
- case S_IFCHR:
- return SECCLASS_CHR_FILE;
- case S_IFIFO:
- return SECCLASS_FIFO_FILE;
- }
- return SECCLASS_FILE;
- }
- static inline int default_protocol_stream(int protocol)
- {
- return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
- }
- static inline int default_protocol_dgram(int protocol)
- {
- return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
- }
- static inline u16 socket_type_to_security_class(int family, int type, int protocol)
- {
- switch (family) {
- case PF_UNIX:
- switch (type) {
- case SOCK_STREAM:
- case SOCK_SEQPACKET:
- return SECCLASS_UNIX_STREAM_SOCKET;
- case SOCK_DGRAM:
- return SECCLASS_UNIX_DGRAM_SOCKET;
- }
- break;
- case PF_INET:
- case PF_INET6:
- switch (type) {
- case SOCK_STREAM:
- if (default_protocol_stream(protocol))
- return SECCLASS_TCP_SOCKET;
- else
- return SECCLASS_RAWIP_SOCKET;
- case SOCK_DGRAM:
- if (default_protocol_dgram(protocol))
- return SECCLASS_UDP_SOCKET;
- else
- return SECCLASS_RAWIP_SOCKET;
- case SOCK_DCCP:
- return SECCLASS_DCCP_SOCKET;
- default:
- return SECCLASS_RAWIP_SOCKET;
- }
- break;
- case PF_NETLINK:
- switch (protocol) {
- case NETLINK_ROUTE:
- return SECCLASS_NETLINK_ROUTE_SOCKET;
- case NETLINK_FIREWALL:
- return SECCLASS_NETLINK_FIREWALL_SOCKET;
- case NETLINK_SOCK_DIAG:
- return SECCLASS_NETLINK_TCPDIAG_SOCKET;
- case NETLINK_NFLOG:
- return SECCLASS_NETLINK_NFLOG_SOCKET;
- case NETLINK_XFRM:
- return SECCLASS_NETLINK_XFRM_SOCKET;
- case NETLINK_SELINUX:
- return SECCLASS_NETLINK_SELINUX_SOCKET;
- case NETLINK_AUDIT:
- return SECCLASS_NETLINK_AUDIT_SOCKET;
- case NETLINK_IP6_FW:
- return SECCLASS_NETLINK_IP6FW_SOCKET;
- case NETLINK_DNRTMSG:
- return SECCLASS_NETLINK_DNRT_SOCKET;
- case NETLINK_KOBJECT_UEVENT:
- return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
- default:
- return SECCLASS_NETLINK_SOCKET;
- }
- case PF_PACKET:
- return SECCLASS_PACKET_SOCKET;
- case PF_KEY:
- return SECCLASS_KEY_SOCKET;
- case PF_APPLETALK:
- return SECCLASS_APPLETALK_SOCKET;
- }
- return SECCLASS_SOCKET;
- }
- #ifdef CONFIG_PROC_FS
- static int selinux_proc_get_sid(struct dentry *dentry,
- u16 tclass,
- u32 *sid)
- {
- int rc;
- char *buffer, *path;
- buffer = (char *)__get_free_page(GFP_KERNEL);
- if (!buffer)
- return -ENOMEM;
- path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
- if (IS_ERR(path))
- rc = PTR_ERR(path);
- else {
- while (path[1] >= '0' && path[1] <= '9') {
- path[1] = '/';
- path++;
- }
- rc = security_genfs_sid("proc", path, tclass, sid);
- }
- free_page((unsigned long)buffer);
- return rc;
- }
- #else
- static int selinux_proc_get_sid(struct dentry *dentry,
- u16 tclass,
- u32 *sid)
- {
- return -EINVAL;
- }
- #endif
- static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
- {
- struct superblock_security_struct *sbsec = NULL;
- struct inode_security_struct *isec = inode->i_security;
- u32 sid;
- struct dentry *dentry;
- #define INITCONTEXTLEN 255
- char *context = NULL;
- unsigned len = 0;
- int rc = 0;
- if (isec->initialized)
- goto out;
- mutex_lock(&isec->lock);
- if (isec->initialized)
- goto out_unlock;
- sbsec = inode->i_sb->s_security;
- if (!(sbsec->flags & SE_SBINITIALIZED)) {
- spin_lock(&sbsec->isec_lock);
- if (list_empty(&isec->list))
- list_add(&isec->list, &sbsec->isec_head);
- spin_unlock(&sbsec->isec_lock);
- goto out_unlock;
- }
- switch (sbsec->behavior) {
- case SECURITY_FS_USE_XATTR:
- if (!inode->i_op->getxattr) {
- isec->sid = sbsec->def_sid;
- break;
- }
- if (opt_dentry) {
-
- dentry = dget(opt_dentry);
- } else {
-
- dentry = d_find_alias(inode);
- }
- if (!dentry) {
- goto out_unlock;
- }
- len = INITCONTEXTLEN;
- context = kmalloc(len+1, GFP_NOFS);
- if (!context) {
- rc = -ENOMEM;
- dput(dentry);
- goto out_unlock;
- }
- context[len] = '\0';
- rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
- context, len);
- if (rc == -ERANGE) {
- kfree(context);
-
- rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
- NULL, 0);
- if (rc < 0) {
- dput(dentry);
- goto out_unlock;
- }
- len = rc;
- context = kmalloc(len+1, GFP_NOFS);
- if (!context) {
- rc = -ENOMEM;
- dput(dentry);
- goto out_unlock;
- }
- context[len] = '\0';
- rc = inode->i_op->getxattr(dentry,
- XATTR_NAME_SELINUX,
- context, len);
- }
- dput(dentry);
- if (rc < 0) {
- if (rc != -ENODATA) {
- printk(KERN_WARNING "SELinux: %s: getxattr returned "
- "%d for dev=%s ino=%ld\n", __func__,
- -rc, inode->i_sb->s_id, inode->i_ino);
- kfree(context);
- goto out_unlock;
- }
-
- sid = sbsec->def_sid;
- rc = 0;
- } else {
- rc = security_context_to_sid_default(context, rc, &sid,
- sbsec->def_sid,
- GFP_NOFS);
- if (rc) {
- char *dev = inode->i_sb->s_id;
- unsigned long ino = inode->i_ino;
- if (rc == -EINVAL) {
- if (printk_ratelimit())
- printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid "
- "context=%s. This indicates you may need to relabel the inode or the "
- "filesystem in question.\n", ino, dev, context);
- } else {
- printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
- "returned %d for dev=%s ino=%ld\n",
- __func__, context, -rc, dev, ino);
- }
- kfree(context);
-
- rc = 0;
- break;
- }
- }
- kfree(context);
- isec->sid = sid;
- break;
- case SECURITY_FS_USE_TASK:
- isec->sid = isec->task_sid;
- break;
- case SECURITY_FS_USE_TRANS:
-
- isec->sid = sbsec->sid;
-
- isec->sclass = inode_mode_to_security_class(inode->i_mode);
- rc = security_transition_sid(isec->task_sid, sbsec->sid,
- isec->sclass, NULL, &sid);
- if (rc)
- goto out_unlock;
- isec->sid = sid;
- break;
- case SECURITY_FS_USE_MNTPOINT:
- isec->sid = sbsec->mntpoint_sid;
- break;
- default:
-
- isec->sid = sbsec->sid;
- if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {
- if (opt_dentry) {
- isec->sclass = inode_mode_to_security_class(inode->i_mode);
- rc = selinux_proc_get_sid(opt_dentry,
- isec->sclass,
- &sid);
- if (rc)
- goto out_unlock;
- isec->sid = sid;
- }
- }
- break;
- }
- isec->initialized = 1;
- out_unlock:
- mutex_unlock(&isec->lock);
- out:
- if (isec->sclass == SECCLASS_FILE)
- isec->sclass = inode_mode_to_security_class(inode->i_mode);
- return rc;
- }
- static inline u32 signal_to_av(int sig)
- {
- u32 perm = 0;
- switch (sig) {
- case SIGCHLD:
-
- perm = PROCESS__SIGCHLD;
- break;
- case SIGKILL:
-
- perm = PROCESS__SIGKILL;
- break;
- case SIGSTOP:
-
- perm = PROCESS__SIGSTOP;
- break;
- default:
-
- perm = PROCESS__SIGNAL;
- break;
- }
- return perm;
- }
- static int cred_has_perm(const struct cred *actor,
- const struct cred *target,
- u32 perms)
- {
- u32 asid = cred_sid(actor), tsid = cred_sid(target);
- return avc_has_perm(asid, tsid, SECCLASS_PROCESS, perms, NULL);
- }
- static int task_has_perm(const struct task_struct *tsk1,
- const struct task_struct *tsk2,
- u32 perms)
- {
- const struct task_security_struct *__tsec1, *__tsec2;
- u32 sid1, sid2;
- rcu_read_lock();
- __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid;
- __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid;
- rcu_read_unlock();
- return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL);
- }
- static int current_has_perm(const struct task_struct *tsk,
- u32 perms)
- {
- u32 sid, tsid;
- sid = current_sid();
- tsid = task_sid(tsk);
- return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL);
- }
- #if CAP_LAST_CAP > 63
- #error Fix SELinux to handle capabilities > 63.
- #endif
- static int cred_has_capability(const struct cred *cred,
- int cap, int audit)
- {
- struct common_audit_data ad;
- struct selinux_audit_data sad = {0,};
- struct av_decision avd;
- u16 sclass;
- u32 sid = cred_sid(cred);
- u32 av = CAP_TO_MASK(cap);
- int rc;
- COMMON_AUDIT_DATA_INIT(&ad, CAP);
- ad.selinux_audit_data = &sad;
- ad.tsk = current;
- ad.u.cap = cap;
- switch (CAP_TO_INDEX(cap)) {
- case 0:
- sclass = SECCLASS_CAPABILITY;
- break;
- case 1:
- sclass = SECCLASS_CAPABILITY2;
- break;
- default:
- printk(KERN_ERR
- "SELinux: out of range capability %d\n", cap);
- BUG();
- return -EINVAL;
- }
- rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
- if (audit == SECURITY_CAP_AUDIT) {
- int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad, 0);
- if (rc2)
- return rc2;
- }
- return rc;
- }
- static int task_has_system(struct task_struct *tsk,
- u32 perms)
- {
- u32 sid = task_sid(tsk);
- return avc_has_perm(sid, SECINITSID_KERNEL,
- SECCLASS_SYSTEM, perms, NULL);
- }
- static int inode_has_perm(const struct cred *cred,
- struct inode *inode,
- u32 perms,
- struct common_audit_data *adp,
- unsigned flags)
- {
- struct inode_security_struct *isec;
- u32 sid;
- validate_creds(cred);
- if (unlikely(IS_PRIVATE(inode)))
- return 0;
- sid = cred_sid(cred);
- isec = inode->i_security;
- if (unlikely(isec == NULL)) {
- printk(KERN_WARNING "SELinux: inode->i_security is NULL, return 0 to aovid access isec this NULL pointer");
- return 0;
- }
- return avc_has_perm_flags(sid, isec->sid, isec->sclass, perms, adp, flags);
- }
- static int inode_has_perm_noadp(const struct cred *cred,
- struct inode *inode,
- u32 perms,
- unsigned flags)
- {
- struct common_audit_data ad;
- struct selinux_audit_data sad = {0,};
- COMMON_AUDIT_DATA_INIT(&ad, INODE);
- ad.u.inode = inode;
- ad.selinux_audit_data = &sad;
- return inode_has_perm(cred, inode, perms, &ad, flags);
- }
- static inline int dentry_has_perm(const struct cred *cred,
- struct dentry *dentry,
- u32 av)
- {
- struct inode *inode = dentry->d_inode;
- struct common_audit_data ad;
- struct selinux_audit_data sad = {0,};
- COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
- ad.u.dentry = dentry;
- ad.selinux_audit_data = &sad;
- return inode_has_perm(cred, inode, av, &ad, 0);
- }
- static inline int path_has_perm(const struct cred *cred,
- struct path *path,
- u32 av)
- {
- struct inode *inode = path->dentry->d_inode;
- struct common_audit_data ad;
- struct selinux_audit_data sad = {0,};
- COMMON_AUDIT_DATA_INIT(&ad, PATH);
- ad.u.path = *path;
- ad.selinux_audit_data = &sad;
- return inode_has_perm(cred, inode, av, &ad, 0);
- }
- static int file_has_perm(const struct cred *cred,
- struct file *file,
- u32 av)
- {
- struct file_security_struct *fsec = file->f_security;
- struct inode *inode = file->f_path.dentry->d_inode;
- struct common_audit_data ad;
- struct selinux_audit_data sad = {0,};
- u32 sid = cred_sid(cred);
- int rc;
- COMMON_AUDIT_DATA_INIT(&ad, PATH);
- ad.u.path = file->f_path;
- ad.selinux_audit_data = &sad;
- if (sid != fsec->sid) {
- rc = avc_has_perm(sid, fsec->sid,
- SECCLASS_FD,
- FD__USE,
- &ad);
- if (rc)
- goto out;
- }
-
- rc = 0;
- if (av)
- rc = inode_has_perm(cred, inode, av, &ad, 0);
- out:
- return rc;
- }
- static int may_create(struct inode *dir,
- struct dentry *dentry,
- u16 tclass)
- {
- const struct task_security_struct *tsec = current_security();
- struct inode_security_struct *dsec;
- struct superblock_security_struct *sbsec;
- u32 sid, newsid;
- struct common_audit_data ad;
- struct selinux_audit_data sad = {0,};
- int rc;
- dsec = dir->i_security;
- sbsec = dir->i_sb->s_security;
- sid = tsec->sid;
- newsid = tsec->create_sid;
- COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
- ad.u.dentry = dentry;
- ad.selinux_audit_data = &sad;
- rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,
- DIR__ADD_NAME | DIR__SEARCH,
- &ad);
- if (rc)
- return rc;
- if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
- rc = security_transition_sid(sid, dsec->sid, tclass,
- &dentry->d_name, &newsid);
- if (rc)
- return rc;
- }
- rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad);
- if (rc)
- return rc;
- return avc_has_perm(newsid, sbsec->sid,
- SECCLASS_FILESYSTEM,
- FILESYSTEM__ASSOCIATE, &ad);
- }
- static int may_create_key(u32 ksid,
- struct task_struct *ctx)
- {
- u32 sid = task_sid(ctx);
- return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
- }
- #define MAY_LINK 0
- #define MAY_UNLINK 1
- #define MAY_RMDIR 2
- static int may_link(struct inode *dir,
- struct dentry *dentry,
- int kind)
- {
- struct inode_security_struct *dsec, *isec;
- struct common_audit_data ad;
- struct selinux_audit_data sad = {0,};
- u32 sid = current_sid();
- u32 av;
- int rc;
- dsec = dir->i_security;
- isec = dentry->d_inode->i_security;
- COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
- ad.u.dentry = dentry;
- ad.selinux_audit_data = &sad;
- av = DIR__SEARCH;
- av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
- rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad);
- if (rc)
- return rc;
- switch (kind) {
- case MAY_LINK:
- av = FILE__LINK;
- break;
- case MAY_UNLINK:
- av = FILE__UNLINK;
- break;
- case MAY_RMDIR:
- av = DIR__RMDIR;
- break;
- default:
- printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
- __func__, kind);
- return 0;
- }
- rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad);
- return rc;
- }
- static inline int may_rename(struct inode *old_dir,
- struct dentry *old_dentry,
- struct inode *new_dir,
- struct dentry *new_dentry)
- {
- struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
- struct common_audit_data ad;
- struct selinux_audit_data sad = {0,};
- u32 sid = current_sid();
- u32 av;
- int old_is_dir, new_is_dir;
- int rc;
- old_dsec = old_dir->i_security;
- old_isec = old_dentry->d_inode->i_security;
- old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
- new_dsec = new_dir->i_security;
- COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
- ad.selinux_audit_data = &sad;
- ad.u.dentry = old_dentry;
- rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,
- DIR__REMOVE_NAME | DIR__SEARCH, &ad);
- if (rc)
- return rc;
- rc = avc_has_perm(sid, old_isec->sid,
- old_isec->sclass, FILE__RENAME, &ad);
- if (rc)
- return rc;
- if (old_is_dir && new_dir != old_dir) {
- rc = avc_has_perm(sid, old_isec->sid,
- old_isec->sclass, DIR__REPARENT, &ad);
- if (rc)
- return rc;
- }
- ad.u.dentry = new_dentry;
- av = DIR__ADD_NAME | DIR__SEARCH;
- if (new_dentry->d_inode)
- av |= DIR__REMOVE_NAME;
- rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
- if (rc)
- return rc;
- if (new_dentry->d_inode) {
- new_isec = new_dentry->d_inode->i_security;
- new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
- rc = avc_has_perm(sid, new_isec->sid,
- new_isec->sclass,
- (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
- if (rc)
- return rc;
- }
- return 0;
- }
- static int superblock_has_perm(const struct cred *cred,
- struct super_block *sb,
- u32 perms,
- struct common_audit_data *ad)
- {
- struct superblock_security_struct *sbsec;
- u32 sid = cred_sid(cred);
- sbsec = sb->s_security;
- return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
- }
- static inline u32 file_mask_to_av(int mode, int mask)
- {
- u32 av = 0;
- if (!S_ISDIR(mode)) {
- if (mask & MAY_EXEC)
- av |= FILE__EXECUTE;
- if (mask & MAY_READ)
- av |= FILE__READ;
- if (mask & MAY_APPEND)
- av |= FILE__APPEND;
- else if (mask & MAY_WRITE)
- av |= FILE__WRITE;
- } else {
- if (mask & MAY_EXEC)
- av |= DIR__SEARCH;
- if (mask & MAY_WRITE)
- av |= DIR__WRITE;
- if (mask & MAY_READ)
- av |= DIR__READ;
- }
- return av;
- }
- static inline u32 file_to_av(struct file *file)
- {
- u32 av = 0;
- if (file->f_mode & FMODE_READ)
- av |= FILE__READ;
- if (file->f_mode & FMODE_WRITE) {
- if (file->f_flags & O_APPEND)
- av |= FILE__APPEND;
- else
- av |= FILE__WRITE;
- }
- if (!av) {
- av = FILE__IOCTL;
- }
- return av;
- }
- static inline u32 open_file_to_av(struct file *file)
- {
- u32 av = file_to_av(file);
- if (selinux_policycap_openperm)
- av |= FILE__OPEN;
- return av;
- }
- static int selinux_binder_set_context_mgr(struct task_struct *mgr)
- {
- u32 mysid = current_sid();
- u32 mgrsid = task_sid(mgr);
- return avc_has_perm(mysid, mgrsid, SECCLASS_BINDER, BINDER__SET_CONTEXT_MGR, NULL);
- }
- static int selinux_binder_transaction(struct task_struct *from, struct task_struct *to)
- {
- u32 mysid = current_sid();
- u32 fromsid = task_sid(from);
- u32 tosid = task_sid(to);
- int rc;
- if (mysid != fromsid) {
- rc = avc_has_perm(mysid, fromsid, SECCLASS_BINDER, BINDER__IMPERSONATE, NULL);
- if (rc)
- return rc;
- }
- return avc_has_perm(fromsid, tosid, SECCLASS_BINDER, BINDER__CALL, NULL);
- }
- static int selinux_binder_transfer_binder(struct task_struct *from, struct task_struct *to)
- {
- u32 fromsid = task_sid(from);
- u32 tosid = task_sid(to);
- return avc_has_perm(fromsid, tosid, SECCLASS_BINDER, BINDER__TRANSFER, NULL);
- }
- static int selinux_binder_transfer_file(struct task_struct *from, struct task_struct *to, struct file *file)
- {
- u32 sid = task_sid(to);
- struct file_security_struct *fsec = file->f_security;
- struct inode *inode = file->f_path.dentry->d_inode;
- struct inode_security_struct *isec = inode->i_security;
- struct common_audit_data ad;
- struct selinux_audit_data sad = {0,};
- int rc;
- COMMON_AUDIT_DATA_INIT(&ad, PATH);
- ad.u.path = file->f_path;
- ad.selinux_audit_data = &sad;
- if (sid != fsec->sid) {
- rc = avc_has_perm(sid, fsec->sid,
- SECCLASS_FD,
- FD__USE,
- &ad);
- if (rc)
- return rc;
- }
- if (unlikely(IS_PRIVATE(inode)))
- return 0;
- return avc_has_perm(sid, isec->sid, isec->sclass, file_to_av(file),
- &ad);
- }
- static int selinux_ptrace_access_check(struct task_struct *child,
- unsigned int mode)
- {
- int rc;
- rc = cap_ptrace_access_check(child, mode);
- if (rc)
- return rc;
- if (mode & PTRACE_MODE_READ) {
- u32 sid = current_sid();
- u32 csid = task_sid(child);
- return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);
- }
- return current_has_perm(child, PROCESS__PTRACE);
- }
- static int selinux_ptrace_traceme(struct task_struct *parent)
- {
- int rc;
- rc = cap_ptrace_traceme(parent);
- if (rc)
- return rc;
- return task_has_perm(parent, current, PROCESS__PTRACE);
- }
- static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
- kernel_cap_t *inheritable, kernel_cap_t *permitted)
- {
- int error;
- error = current_has_perm(target, PROCESS__GETCAP);
- if (error)
- return error;
- return cap_capget(target, effective, inheritable, permitted);
- }
- static int selinux_capset(struct cred *new, const struct cred *old,
- const kernel_cap_t *effective,
- const kernel_cap_t *inheritable,
- const kernel_cap_t *permitted)
- {
- int error;
- error = cap_capset(new, old,
- effective, inheritable, permitted);
- if (error)
- return error;
- return cred_has_perm(old, new, PROCESS__SETCAP);
- }
- static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
- int cap, int audit)
- {
- int rc;
- rc = cap_capable(cred, ns, cap, audit);
- if (rc)
- return rc;
- return cred_has_capability(cred, cap, audit);
- }
- static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
- {
- const struct cred *cred = current_cred();
- int rc = 0;
- if (!sb)
- return 0;
- switch (cmds) {
- case Q_SYNC:
- case Q_QUOTAON:
- case Q_QUOTAOFF:
- case Q_SETINFO:
- case Q_SETQUOTA:
- rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
- break;
- case Q_GETFMT:
- case Q_GETINFO:
- case Q_GETQUOTA:
- rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
- break;
- default:
- rc = 0;
- break;
- }
- return rc;
- }
- static int selinux_quota_on(struct dentry *dentry)
- {
- const struct cred *cred = current_cred();
- return dentry_has_perm(cred, dentry, FILE__QUOTAON);
- }
- static int selinux_syslog(int type)
- {
- int rc;
- switch (type) {
- case SYSLOG_ACTION_READ_ALL:
- case SYSLOG_ACTION_SIZE_BUFFER:
- rc = task_has_system(current, SYSTEM__SYSLOG_READ);
- break;
- case SYSLOG_ACTION_CONSOLE_OFF:
- case SYSLOG_ACTION_CONSOLE_ON:
-
- case SYSLOG_ACTION_CONSOLE_LEVEL:
- rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
- break;
- case SYSLOG_ACTION_CLOSE:
- case SYSLOG_ACTION_OPEN:
- case SYSLOG_ACTION_READ:
- case SYSLOG_ACTION_READ_CLEAR:
- case SYSLOG_ACTION_CLEAR:
- default:
- rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
- break;
- }
- return rc;
- }
- static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
- {
- int rc, cap_sys_admin = 0;
- rc = selinux_capable(current_cred(), &init_user_ns, CAP_SYS_ADMIN,
- SECURITY_CAP_NOAUDIT);
- if (rc == 0)
- cap_sys_admin = 1;
- return __vm_enough_memory(mm, pages, cap_sys_admin);
- }
- static int selinux_bprm_set_creds(struct linux_binprm *bprm)
- {
- const struct task_security_struct *old_tsec;
- struct task_security_struct *new_tsec;
- struct inode_security_struct *isec;
- struct common_audit_data ad;
- struct selinux_audit_data sad = {0,};
- struct inode *inode = bprm->file->f_path.dentry->d_inode;
- int rc;
- rc = cap_bprm_set_creds(bprm);
- if (rc)
- return rc;
- if (bprm->cred_prepared)
- return 0;
- old_tsec = current_security();
- new_tsec = bprm->cred->security;
- isec = inode->i_security;
-
- new_tsec->sid = old_tsec->sid;
- new_tsec->osid = old_tsec->sid;
-
- new_tsec->create_sid = 0;
- new_tsec->keycreate_sid = 0;
- new_tsec->sockcreate_sid = 0;
- if (old_tsec->exec_sid) {
- new_tsec->sid = old_tsec->exec_sid;
-
- new_tsec->exec_sid = 0;
- } else {
-
- rc = security_transition_sid(old_tsec->sid, isec->sid,
- SECCLASS_PROCESS, NULL,
- &new_tsec->sid);
- if (rc)
- return rc;
- }
- COMMON_AUDIT_DATA_INIT(&ad, PATH);
- ad.selinux_audit_data = &sad;
- ad.u.path = bprm->file->f_path;
- if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
- new_tsec->sid = old_tsec->sid;
- if (new_tsec->sid == old_tsec->sid) {
- rc = avc_has_perm(old_tsec->sid, isec->sid,
- SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
- if (rc)
- return rc;
- } else {
-
- rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
- SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
- if (rc)
- return rc;
- rc = avc_has_perm(new_tsec->sid, isec->sid,
- SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
- if (rc)
- return rc;
-
- if (bprm->unsafe & LSM_UNSAFE_SHARE) {
- rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
- SECCLASS_PROCESS, PROCESS__SHARE,
- NULL);
- if (rc)
- return -EPERM;
- }
- if (bprm->unsafe &
- (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
- struct task_struct *tracer;
- struct task_security_struct *sec;
- u32 ptsid = 0;
- rcu_read_lock();
- tracer = ptrace_parent(current);
- if (likely(tracer != NULL)) {
- sec = __task_cred(tracer)->security;
- ptsid = sec->sid;
- }
- rcu_read_unlock();
- if (ptsid != 0) {
- rc = avc_has_perm(ptsid, new_tsec->sid,
- SECCLASS_PROCESS,
- PROCESS__PTRACE, NULL);
- if (rc)
- return -EPERM;
- }
- }
-
- bprm->per_clear |= PER_CLEAR_ON_SETID;
- }
- return 0;
- }
- static int selinux_bprm_secureexec(struct linux_binprm *bprm)
- {
- const struct task_security_struct *tsec = current_security();
- u32 sid, osid;
- int atsecure = 0;
- sid = tsec->sid;
- osid = tsec->osid;
- if (osid != sid) {
- atsecure = avc_has_perm(osid, sid,
- SECCLASS_PROCESS,
- PROCESS__NOATSECURE, NULL);
- }
- return (atsecure || cap_bprm_secureexec(bprm));
- }
- static inline void flush_unauthorized_files(const struct cred *cred,
- struct files_struct *files)
- {
- struct common_audit_data ad;
- struct selinux_audit_data sad = {0,};
- struct file *file, *devnull = NULL;
- struct tty_struct *tty;
- struct fdtable *fdt;
- long j = -1;
- int drop_tty = 0;
- tty = get_current_tty();
- if (tty) {
- spin_lock(&tty_files_lock);
- if (!list_empty(&tty->tty_files)) {
- struct tty_file_private *file_priv;
- struct inode *inode;
- file_priv = list_first_entry(&tty->tty_files,
- struct tty_file_private, list);
- file = file_priv->file;
- inode = file->f_path.dentry->d_inode;
- if (inode_has_perm_noadp(cred, inode,
- FILE__READ | FILE__WRITE, 0)) {
- drop_tty = 1;
- }
- }
- spin_unlock(&tty_files_lock);
- tty_kref_put(tty);
- }
-
- if (drop_tty)
- no_tty();
-
- COMMON_AUDIT_DATA_INIT(&ad, INODE);
- ad.selinux_audit_data = &sad;
- spin_lock(&files->file_lock);
- for (;;) {
- unsigned long set, i;
- int fd;
- j++;
- i = j * BITS_PER_LONG;
- fdt = files_fdtable(files);
- if (i >= fdt->max_fds)
- break;
- set = fdt->open_fds[j];
- if (!set)
- continue;
- spin_unlock(&files->file_lock);
- for ( ; set ; i++, set >>= 1) {
- if (set & 1) {
- file = fget(i);
- if (!file)
- continue;
- if (file_has_perm(cred,
- file,
- file_to_av(file))) {
- sys_close(i);
- fd = get_unused_fd();
- if (fd != i) {
- if (fd >= 0)
- put_unused_fd(fd);
- fput(file);
- continue;
- }
- if (devnull) {
- get_file(devnull);
- } else {
- devnull = dentry_open(
- dget(selinux_null),
- mntget(selinuxfs_mount),
- O_RDWR, cred);
- if (IS_ERR(devnull)) {
- devnull = NULL;
- put_unused_fd(fd);
- fput(file);
- continue;
- }
- }
- fd_install(fd, devnull);
- }
- fput(file);
- }
- }
- spin_lock(&files->file_lock);
- }
- spin_unlock(&files->file_lock);
- }
- static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
- {
- struct task_security_struct *new_tsec;
- struct rlimit *rlim, *initrlim;
- int rc, i;
- new_tsec = bprm->cred->security;
- if (new_tsec->sid == new_tsec->osid)
- return;
-
- flush_unauthorized_files(bprm->cred, current->files);
-
- current->pdeath_signal = 0;
- rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
- PROCESS__RLIMITINH, NULL);
- if (rc) {
-
- task_lock(current);
- for (i = 0; i < RLIM_NLIMITS; i++) {
- rlim = current->signal->rlim + i;
- initrlim = init_task.signal->rlim + i;
- rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
- }
- task_unlock(current);
- update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
- }
- }
- static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
- {
- const struct task_security_struct *tsec = current_security();
- struct itimerval itimer;
- u32 osid, sid;
- int rc, i;
- osid = tsec->osid;
- sid = tsec->sid;
- if (sid == osid)
- return;
- rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
- if (rc) {
- memset(&itimer, 0, sizeof itimer);
- for (i = 0; i < 3; i++)
- do_setitimer(i, &itimer, NULL);
- spin_lock_irq(¤t->sighand->siglock);
- if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) {
- __flush_signals(current);
- flush_signal_handlers(current, 1);
- sigemptyset(¤t->blocked);
- }
- spin_unlock_irq(¤t->sighand->siglock);
- }
- read_lock(&tasklist_lock);
- __wake_up_parent(current, current->real_parent);
- read_unlock(&tasklist_lock);
- }
- static int selinux_sb_alloc_security(struct super_block *sb)
- {
- return superblock_alloc_security(sb);
- }
- static void selinux_sb_free_security(struct super_block *sb)
- {
- superblock_free_security(sb);
- }
- static inline int match_prefix(char *prefix, int plen, char *option, int olen)
- {
- if (plen > olen)
- return 0;
- return !memcmp(prefix, option, plen);
- }
- static inline int selinux_option(char *option, int len)
- {
- return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) ||
- match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) ||
- match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) ||
- match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len) ||
- match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len));
- }
- static inline void take_option(char **to, char *from, int *first, int len)
- {
- if (!*first) {
- **to = ',';
- *to += 1;
- } else
- *first = 0;
- memcpy(*to, from, len);
- *to += len;
- }
- static inline void take_selinux_option(char **to, char *from, int *first,
- int len)
- {
- int current_size = 0;
- if (!*first) {
- **to = '|';
- *to += 1;
- } else
- *first = 0;
- while (current_size < len) {
- if (*from != '"') {
- **to = *from;
- *to += 1;
- }
- from += 1;
- current_size += 1;
- }
- }
- static int selinux_sb_copy_data(char *orig, char *copy)
- {
- int fnosec, fsec, rc = 0;
- char *in_save, *in_cur…
Large files files are truncated, but you can click here to view the full file