| avc.c (1a37079c236d55fb31ebbf4b59945dab8ec8764c) | avc.c (0188d5c025ca8fe756ba3193bd7d150139af5a88) |
|---|---|
| 1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * Implementation of the kernel access vector cache (AVC). 4 * 5 * Authors: Stephen Smalley, <sds@tycho.nsa.gov> 6 * James Morris <jmorris@redhat.com> 7 * 8 * Update: KaiGai, Kohei <kaigai@ak.jp.nec.com> --- 410 unchanged lines hidden (view full) --- 419{ 420 u32 audited, denied; 421 422 audited = avc_xperms_audit_required( 423 requested, avd, xpd, perm, result, &denied); 424 if (likely(!audited)) 425 return 0; 426 return slow_avc_audit(state, ssid, tsid, tclass, requested, | 1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * Implementation of the kernel access vector cache (AVC). 4 * 5 * Authors: Stephen Smalley, <sds@tycho.nsa.gov> 6 * James Morris <jmorris@redhat.com> 7 * 8 * Update: KaiGai, Kohei <kaigai@ak.jp.nec.com> --- 410 unchanged lines hidden (view full) --- 419{ 420 u32 audited, denied; 421 422 audited = avc_xperms_audit_required( 423 requested, avd, xpd, perm, result, &denied); 424 if (likely(!audited)) 425 return 0; 426 return slow_avc_audit(state, ssid, tsid, tclass, requested, |
| 427 audited, denied, result, ad, 0); | 427 audited, denied, result, ad); |
| 428} 429 430static void avc_node_free(struct rcu_head *rhead) 431{ 432 struct avc_node *node = container_of(rhead, struct avc_node, rhead); 433 avc_xperms_free(node->ae.xp_node); 434 kmem_cache_free(avc_node_cachep, node); 435 avc_cache_stats_incr(frees); --- 317 unchanged lines hidden (view full) --- 753 kfree(scontext); 754 } 755} 756 757/* This is the slow part of avc audit with big stack footprint */ 758noinline int slow_avc_audit(struct selinux_state *state, 759 u32 ssid, u32 tsid, u16 tclass, 760 u32 requested, u32 audited, u32 denied, int result, | 428} 429 430static void avc_node_free(struct rcu_head *rhead) 431{ 432 struct avc_node *node = container_of(rhead, struct avc_node, rhead); 433 avc_xperms_free(node->ae.xp_node); 434 kmem_cache_free(avc_node_cachep, node); 435 avc_cache_stats_incr(frees); --- 317 unchanged lines hidden (view full) --- 753 kfree(scontext); 754 } 755} 756 757/* This is the slow part of avc audit with big stack footprint */ 758noinline int slow_avc_audit(struct selinux_state *state, 759 u32 ssid, u32 tsid, u16 tclass, 760 u32 requested, u32 audited, u32 denied, int result, |
| 761 struct common_audit_data *a, 762 unsigned int flags) | 761 struct common_audit_data *a) |
| 763{ 764 struct common_audit_data stack_data; 765 struct selinux_audit_data sad; 766 767 if (WARN_ON(!tclass || tclass >= ARRAY_SIZE(secclass_map))) 768 return -EINVAL; 769 770 if (!a) { 771 a = &stack_data; 772 a->type = LSM_AUDIT_DATA_NONE; 773 } 774 | 762{ 763 struct common_audit_data stack_data; 764 struct selinux_audit_data sad; 765 766 if (WARN_ON(!tclass || tclass >= ARRAY_SIZE(secclass_map))) 767 return -EINVAL; 768 769 if (!a) { 770 a = &stack_data; 771 a->type = LSM_AUDIT_DATA_NONE; 772 } 773 |
| 775 /* 776 * When in a RCU walk do the audit on the RCU retry. This is because 777 * the collection of the dname in an inode audit message is not RCU 778 * safe. Note this may drop some audits when the situation changes 779 * during retry. However this is logically just as if the operation 780 * happened a little later. 781 */ 782 if ((a->type == LSM_AUDIT_DATA_INODE) && 783 (flags & MAY_NOT_BLOCK)) 784 return -ECHILD; 785 | |
| 786 sad.tclass = tclass; 787 sad.requested = requested; 788 sad.ssid = ssid; 789 sad.tsid = tsid; 790 sad.audited = audited; 791 sad.denied = denied; 792 sad.result = result; 793 sad.state = state; --- 56 unchanged lines hidden (view full) --- 850 unsigned long flag; 851 struct avc_node *pos, *node, *orig = NULL; 852 struct hlist_head *head; 853 spinlock_t *lock; 854 855 /* 856 * If we are in a non-blocking code path, e.g. VFS RCU walk, 857 * then we must not add permissions to a cache entry | 774 sad.tclass = tclass; 775 sad.requested = requested; 776 sad.ssid = ssid; 777 sad.tsid = tsid; 778 sad.audited = audited; 779 sad.denied = denied; 780 sad.result = result; 781 sad.state = state; --- 56 unchanged lines hidden (view full) --- 838 unsigned long flag; 839 struct avc_node *pos, *node, *orig = NULL; 840 struct hlist_head *head; 841 spinlock_t *lock; 842 843 /* 844 * If we are in a non-blocking code path, e.g. VFS RCU walk, 845 * then we must not add permissions to a cache entry |
| 858 * because we cannot safely audit the denial. Otherwise, | 846 * because we will not audit the denial. Otherwise, |
| 859 * during the subsequent blocking retry (e.g. VFS ref walk), we 860 * will find the permissions already granted in the cache entry 861 * and won't audit anything at all, leading to silent denials in 862 * permissive mode that only appear when in enforcing mode. 863 * | 847 * during the subsequent blocking retry (e.g. VFS ref walk), we 848 * will find the permissions already granted in the cache entry 849 * and won't audit anything at all, leading to silent denials in 850 * permissive mode that only appear when in enforcing mode. 851 * |
| 864 * See the corresponding handling in slow_avc_audit(), and the 865 * logic in selinux_inode_follow_link and selinux_inode_permission 866 * for the VFS MAY_NOT_BLOCK flag, which is transliterated into 867 * AVC_NONBLOCKING for avc_has_perm_noaudit(). | 852 * See the corresponding handling of MAY_NOT_BLOCK in avc_audit() 853 * and selinux_inode_permission(). |
| 868 */ 869 if (flags & AVC_NONBLOCKING) 870 return 0; 871 872 node = avc_alloc_node(avc); 873 if (!node) { 874 rc = -ENOMEM; 875 goto out; --- 375 unchanged lines hidden --- | 854 */ 855 if (flags & AVC_NONBLOCKING) 856 return 0; 857 858 node = avc_alloc_node(avc); 859 if (!node) { 860 rc = -ENOMEM; 861 goto out; --- 375 unchanged lines hidden --- |