hooks.c - OpenGrok cross reference for /openbmc/linux/security/selinux/hooks.c

Deleted Added

sdiffudifftextold (6b4f3d01..)new (6b6bc620..)

hooks.c (6b4f3d01052a479c7ebbe99d52a663558dc1be2a)	hooks.c (6b6bc6205d98796361962ee282a063f18ba8dc57)
1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@tycho.nsa.gov> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 53 unchanged lines hidden (view full) --- 62#include <linux/atomic.h> 63#include <linux/bitops.h> 64#include <linux/interrupt.h> 65#include <linux/netdevice.h> /* for network interface checks */ 66#include <net/netlink.h> 67#include <linux/tcp.h> 68#include <linux/udp.h> 69#include <linux/dccp.h>	1/* 2 * NSA Security-Enhanced Linux (SELinux) security module 3 * 4 * This file contains the SELinux hook function implementations. 5 * 6 * Authors: Stephen Smalley, <sds@tycho.nsa.gov> 7 * Chris Vance, <cvance@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com> --- 53 unchanged lines hidden (view full) --- 62#include <linux/atomic.h> 63#include <linux/bitops.h> 64#include <linux/interrupt.h> 65#include <linux/netdevice.h> /* for network interface checks */ 66#include <net/netlink.h> 67#include <linux/tcp.h> 68#include <linux/udp.h> 69#include <linux/dccp.h>
	70#include <linux/sctp.h> 71#include <net/sctp/structs.h>
70#include <linux/quota.h> 71#include <linux/un.h> /* for Unix socket types / 72#include <net/af_unix.h> / for Unix socket types / 73#include <linux/parser.h> 74#include <linux/nfs_mount.h> 75#include <net/ipv6.h> 76#include <linux/hugetlb.h> 77#include <linux/personality.h> --- 15 unchanged lines hidden* (view full) --- 93#include "netnode.h" 94#include "netport.h" 95#include "ibpkey.h" 96#include "xfrm.h" 97#include "netlabel.h" 98#include "audit.h" 99#include "avc_ss.h" 100	72#include <linux/quota.h> 73#include <linux/un.h> /* for Unix socket types / 74#include <net/af_unix.h> / for Unix socket types / 75#include <linux/parser.h> 76#include <linux/nfs_mount.h> 77#include <net/ipv6.h> 78#include <linux/hugetlb.h> 79#include <linux/personality.h> --- 15 unchanged lines hidden* (view full) --- 95#include "netnode.h" 96#include "netport.h" 97#include "ibpkey.h" 98#include "xfrm.h" 99#include "netlabel.h" 100#include "audit.h" 101#include "avc_ss.h" 102
	103struct selinux_state selinux_state; 104
101/* SECMARK reference count */ 102static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0); 103 104#ifdef CONFIG_SECURITY_SELINUX_DEVELOP	105/* SECMARK reference count */ 106static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0); 107 108#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
105int selinux_enforcing;	109static int selinux_enforcing_boot;
106 107static int __init enforcing_setup(char *str) 108{ 109 unsigned long enforcing; 110 if (!kstrtoul(str, 0, &enforcing))	110 111static int __init enforcing_setup(char *str) 112{ 113 unsigned long enforcing; 114 if (!kstrtoul(str, 0, &enforcing))
111 selinux_enforcing = enforcing ? 1 : 0;	115 selinux_enforcing_boot = enforcing ? 1 : 0;
112 return 1; 113} 114__setup("enforcing=", enforcing_setup);	116 return 1; 117} 118__setup("enforcing=", enforcing_setup);
	119#else 120#define selinux_enforcing_boot 1
115#endif 116 117#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM 118int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE; 119 120static int __init selinux_enabled_setup(char *str) 121{ 122 unsigned long enabled; 123 if (!kstrtoul(str, 0, &enabled)) 124 selinux_enabled = enabled ? 1 : 0; 125 return 1; 126} 127__setup("selinux=", selinux_enabled_setup); 128#else 129int selinux_enabled = 1; 130#endif 131	121#endif 122 123#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM 124int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE; 125 126static int __init selinux_enabled_setup(char *str) 127{ 128 unsigned long enabled; 129 if (!kstrtoul(str, 0, &enabled)) 130 selinux_enabled = enabled ? 1 : 0; 131 return 1; 132} 133__setup("selinux=", selinux_enabled_setup); 134#else 135int selinux_enabled = 1; 136#endif 137
	138static unsigned int selinux_checkreqprot_boot = 139 CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE; 140 141static int __init checkreqprot_setup(char *str) 142{ 143 unsigned long checkreqprot; 144 145 if (!kstrtoul(str, 0, &checkreqprot)) 146 selinux_checkreqprot_boot = checkreqprot ? 1 : 0; 147 return 1; 148} 149__setup("checkreqprot=", checkreqprot_setup); 150
132static struct kmem_cache sel_inode_cache; 133static struct kmem_cache file_security_cache; 134 135/** 136 * selinux_secmark_enabled - Check to see if SECMARK is currently enabled 137 * 138 * Description: 139 * This function checks the SECMARK reference counter to see if any SECMARK 140 * targets are currently configured, if the reference counter is greater than 141 * zero SECMARK is considered to be enabled. Returns true (1) if SECMARK is 142 * enabled, false (0) if SECMARK is disabled. If the always_check_network 143 * policy capability is enabled, SECMARK is always considered enabled. 144 * 145 */ 146static int selinux_secmark_enabled(void) 147{	151static struct kmem_cache sel_inode_cache; 152static struct kmem_cache file_security_cache; 153 154/** 155 * selinux_secmark_enabled - Check to see if SECMARK is currently enabled 156 * 157 * Description: 158 * This function checks the SECMARK reference counter to see if any SECMARK 159 * targets are currently configured, if the reference counter is greater than 160 * zero SECMARK is considered to be enabled. Returns true (1) if SECMARK is 161 * enabled, false (0) if SECMARK is disabled. If the always_check_network 162 * policy capability is enabled, SECMARK is always considered enabled. 163 * 164 */ 165static int selinux_secmark_enabled(void) 166{
148 return (selinux_policycap_alwaysnetwork \|\| atomic_read(&selinux_secmark_refcount));	167 return (selinux_policycap_alwaysnetwork() \|\| 168 atomic_read(&selinux_secmark_refcount));
149} 150 151/** 152 * selinux_peerlbl_enabled - Check to see if peer labeling is currently enabled 153 * 154 * Description: 155 * This function checks if NetLabel or labeled IPSEC is enabled. Returns true 156 * (1) if any are enabled or false (0) if neither are enabled. If the 157 * always_check_network policy capability is enabled, peer labeling 158 * is always considered enabled. 159 * 160 */ 161static int selinux_peerlbl_enabled(void) 162{	169} 170 171/** 172 * selinux_peerlbl_enabled - Check to see if peer labeling is currently enabled 173 * 174 * Description: 175 * This function checks if NetLabel or labeled IPSEC is enabled. Returns true 176 * (1) if any are enabled or false (0) if neither are enabled. If the 177 * always_check_network policy capability is enabled, peer labeling 178 * is always considered enabled. 179 * 180 */ 181static int selinux_peerlbl_enabled(void) 182{
163 return (selinux_policycap_alwaysnetwork \|\| netlbl_enabled() \|\| selinux_xfrm_enabled());	183 return (selinux_policycap_alwaysnetwork() \|\| 184 netlbl_enabled() \|\| selinux_xfrm_enabled());
164} 165 166static int selinux_netcache_avc_callback(u32 event) 167{ 168 if (event == AVC_CALLBACK_RESET) { 169 sel_netif_flush(); 170 sel_netnode_flush(); 171 sel_netport_flush(); --- 87 unchanged lines hidden (view full) --- 259static int __inode_security_revalidate(struct inode inode, 260 struct dentry opt_dentry, 261 bool may_sleep) 262{ 263 struct inode_security_struct *isec = inode->i_security; 264 265 might_sleep_if(may_sleep); 266	185} 186 187static int selinux_netcache_avc_callback(u32 event) 188{ 189 if (event == AVC_CALLBACK_RESET) { 190 sel_netif_flush(); 191 sel_netnode_flush(); 192 sel_netport_flush(); --- 87 unchanged lines hidden (view full) --- 280static int __inode_security_revalidate(struct inode inode, 281 struct dentry opt_dentry, 282 bool may_sleep) 283{ 284 struct inode_security_struct *isec = inode->i_security; 285 286 might_sleep_if(may_sleep); 287
267 if (ss_initialized && isec->initialized != LABEL_INITIALIZED) {	288 if (selinux_state.initialized && 289 isec->initialized != LABEL_INITIALIZED) {
268 if (!may_sleep) 269 return -ECHILD; 270 271 /* 272 * Try reloading the inode security label. This will fail if 273 * @opt_dentry is NULL and no dentry for this inode can be 274 * found; in that case, continue using the old label. 275 / --- 165 unchanged lines hidden* (view full) --- 441 442static int may_context_mount_sb_relabel(u32 sid, 443 struct superblock_security_struct sbsec, 444 const struct cred cred) 445{ 446 const struct task_security_struct *tsec = cred->security; 447 int rc; 448	290 if (!may_sleep) 291 return -ECHILD; 292 293 /* 294 * Try reloading the inode security label. This will fail if 295 * @opt_dentry is NULL and no dentry for this inode can be 296 * found; in that case, continue using the old label. 297 / --- 165 unchanged lines hidden* (view full) --- 463 464static int may_context_mount_sb_relabel(u32 sid, 465 struct superblock_security_struct sbsec, 466 const struct cred cred) 467{ 468 const struct task_security_struct *tsec = cred->security; 469 int rc; 470
449 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,	471 rc = avc_has_perm(&selinux_state, 472 tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
450 FILESYSTEM__RELABELFROM, NULL); 451 if (rc) 452 return rc; 453	473 FILESYSTEM__RELABELFROM, NULL); 474 if (rc) 475 return rc; 476
454 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,	477 rc = avc_has_perm(&selinux_state, 478 tsec->sid, sid, SECCLASS_FILESYSTEM,
455 FILESYSTEM__RELABELTO, NULL); 456 return rc; 457} 458 459static int may_context_mount_inode_relabel(u32 sid, 460 struct superblock_security_struct sbsec, 461 const struct cred cred) 462{ 463 const struct task_security_struct *tsec = cred->security; 464 int rc;	479 FILESYSTEM__RELABELTO, NULL); 480 return rc; 481} 482 483static int may_context_mount_inode_relabel(u32 sid, 484 struct superblock_security_struct sbsec, 485 const struct cred cred) 486{ 487 const struct task_security_struct *tsec = cred->security; 488 int rc;
465 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,	489 rc = avc_has_perm(&selinux_state, 490 tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
466 FILESYSTEM__RELABELFROM, NULL); 467 if (rc) 468 return rc; 469	491 FILESYSTEM__RELABELFROM, NULL); 492 if (rc) 493 return rc; 494
470 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,	495 rc = avc_has_perm(&selinux_state, 496 sid, sbsec->sid, SECCLASS_FILESYSTEM,
471 FILESYSTEM__ASSOCIATE, NULL); 472 return rc; 473} 474 475static int selinux_is_sblabel_mnt(struct super_block sb) 476{ 477 struct superblock_security_struct sbsec = sb->s_security; 478 479 return sbsec->behavior == SECURITY_FS_USE_XATTR \|\| 480 sbsec->behavior == SECURITY_FS_USE_TRANS \|\| 481 sbsec->behavior == SECURITY_FS_USE_TASK \|\| 482 sbsec->behavior == SECURITY_FS_USE_NATIVE \|\| 483 /* Special handling. Genfs but also in-core setxattr handler */ 484 !strcmp(sb->s_type->name, "sysfs") \|\| 485 !strcmp(sb->s_type->name, "pstore") \|\| 486 !strcmp(sb->s_type->name, "debugfs") \|\| 487 !strcmp(sb->s_type->name, "tracefs") \|\| 488 !strcmp(sb->s_type->name, "rootfs") \|\|	497 FILESYSTEM__ASSOCIATE, NULL); 498 return rc; 499} 500 501static int selinux_is_sblabel_mnt(struct super_block sb) 502{ 503 struct superblock_security_struct sbsec = sb->s_security; 504 505 return sbsec->behavior == SECURITY_FS_USE_XATTR \|\| 506 sbsec->behavior == SECURITY_FS_USE_TRANS \|\| 507 sbsec->behavior == SECURITY_FS_USE_TASK \|\| 508 sbsec->behavior == SECURITY_FS_USE_NATIVE \|\| 509 /* Special handling. Genfs but also in-core setxattr handler */ 510 !strcmp(sb->s_type->name, "sysfs") \|\| 511 !strcmp(sb->s_type->name, "pstore") \|\| 512 !strcmp(sb->s_type->name, "debugfs") \|\| 513 !strcmp(sb->s_type->name, "tracefs") \|\| 514 !strcmp(sb->s_type->name, "rootfs") \|\|
489 (selinux_policycap_cgroupseclabel &&	515 (selinux_policycap_cgroupseclabel() &&
490 (!strcmp(sb->s_type->name, "cgroup") \|\| 491 !strcmp(sb->s_type->name, "cgroup2"))); 492} 493 494static int sb_finish_set_opts(struct super_block sb) 495{ 496 struct superblock_security_struct sbsec = sb->s_security; 497 struct dentry root = sb->s_root; --- 83 unchanged lines hidden* (view full) --- 581 u32 len; 582 char tmp; 583 584 security_init_mnt_opts(opts); 585 586 if (!(sbsec->flags & SE_SBINITIALIZED)) 587 return -EINVAL; 588	516 (!strcmp(sb->s_type->name, "cgroup") \|\| 517 !strcmp(sb->s_type->name, "cgroup2"))); 518} 519 520static int sb_finish_set_opts(struct super_block sb) 521{ 522 struct superblock_security_struct sbsec = sb->s_security; 523 struct dentry root = sb->s_root; --- 83 unchanged lines hidden* (view full) --- 607 u32 len; 608 char tmp; 609 610 security_init_mnt_opts(opts); 611 612 if (!(sbsec->flags & SE_SBINITIALIZED)) 613 return -EINVAL; 614
589 if (!ss_initialized)	615 if (!selinux_state.initialized)
590 return -EINVAL; 591 592 /* make sure we always check enough bits to cover the mask / 593 BUILD_BUG_ON(SE_MNTMASK >= (1 << NUM_SEL_MNT_OPTS)); 594 595 tmp = sbsec->flags & SE_MNTMASK; 596 / count the number of mount options for this sb / 597 for (i = 0; i < NUM_SEL_MNT_OPTS; i++) { --- 14 unchanged lines hidden* (view full) --- 612 opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC); 613 if (!opts->mnt_opts_flags) { 614 rc = -ENOMEM; 615 goto out_free; 616 } 617 618 i = 0; 619 if (sbsec->flags & FSCONTEXT_MNT) {	616 return -EINVAL; 617 618 /* make sure we always check enough bits to cover the mask / 619 BUILD_BUG_ON(SE_MNTMASK >= (1 << NUM_SEL_MNT_OPTS)); 620 621 tmp = sbsec->flags & SE_MNTMASK; 622 / count the number of mount options for this sb / 623 for (i = 0; i < NUM_SEL_MNT_OPTS; i++) { --- 14 unchanged lines hidden* (view full) --- 638 opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC); 639 if (!opts->mnt_opts_flags) { 640 rc = -ENOMEM; 641 goto out_free; 642 } 643 644 i = 0; 645 if (sbsec->flags & FSCONTEXT_MNT) {
620 rc = security_sid_to_context(sbsec->sid, &context, &len);	646 rc = security_sid_to_context(&selinux_state, sbsec->sid, 647 &context, &len);
621 if (rc) 622 goto out_free; 623 opts->mnt_opts[i] = context; 624 opts->mnt_opts_flags[i++] = FSCONTEXT_MNT; 625 } 626 if (sbsec->flags & CONTEXT_MNT) {	648 if (rc) 649 goto out_free; 650 opts->mnt_opts[i] = context; 651 opts->mnt_opts_flags[i++] = FSCONTEXT_MNT; 652 } 653 if (sbsec->flags & CONTEXT_MNT) {
627 rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);	654 rc = security_sid_to_context(&selinux_state, 655 sbsec->mntpoint_sid, 656 &context, &len);
628 if (rc) 629 goto out_free; 630 opts->mnt_opts[i] = context; 631 opts->mnt_opts_flags[i++] = CONTEXT_MNT; 632 } 633 if (sbsec->flags & DEFCONTEXT_MNT) {	657 if (rc) 658 goto out_free; 659 opts->mnt_opts[i] = context; 660 opts->mnt_opts_flags[i++] = CONTEXT_MNT; 661 } 662 if (sbsec->flags & DEFCONTEXT_MNT) {
634 rc = security_sid_to_context(sbsec->def_sid, &context, &len);	663 rc = security_sid_to_context(&selinux_state, sbsec->def_sid, 664 &context, &len);
635 if (rc) 636 goto out_free; 637 opts->mnt_opts[i] = context; 638 opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT; 639 } 640 if (sbsec->flags & ROOTCONTEXT_MNT) { 641 struct dentry root = sbsec->sb->s_root; 642 struct inode_security_struct isec = backing_inode_security(root); 643	665 if (rc) 666 goto out_free; 667 opts->mnt_opts[i] = context; 668 opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT; 669 } 670 if (sbsec->flags & ROOTCONTEXT_MNT) { 671 struct dentry root = sbsec->sb->s_root; 672 struct inode_security_struct isec = backing_inode_security(root); 673
644 rc = security_sid_to_context(isec->sid, &context, &len);	674 rc = security_sid_to_context(&selinux_state, isec->sid, 675 &context, &len);
645 if (rc) 646 goto out_free; 647 opts->mnt_opts[i] = context; 648 opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT; 649 } 650 if (sbsec->flags & SBLABEL_MNT) { 651 opts->mnt_opts[i] = NULL; 652 opts->mnt_opts_flags[i++] = SBLABEL_MNT; --- 46 unchanged lines hidden (view full) --- 699 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0; 700 u32 defcontext_sid = 0; 701 char *mount_options = opts->mnt_opts; 702 int flags = opts->mnt_opts_flags; 703 int num_opts = opts->num_mnt_opts; 704 705 mutex_lock(&sbsec->lock); 706	676 if (rc) 677 goto out_free; 678 opts->mnt_opts[i] = context; 679 opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT; 680 } 681 if (sbsec->flags & SBLABEL_MNT) { 682 opts->mnt_opts[i] = NULL; 683 opts->mnt_opts_flags[i++] = SBLABEL_MNT; --- 46 unchanged lines hidden (view full) --- 730 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0; 731 u32 defcontext_sid = 0; 732 char *mount_options = opts->mnt_opts; 733 int flags = opts->mnt_opts_flags; 734 int num_opts = opts->num_mnt_opts; 735 736 mutex_lock(&sbsec->lock); 737
707 if (!ss_initialized) {	738 if (!selinux_state.initialized) {
708 if (!num_opts) { 709 /* Defer initialization until selinux_complete_init, 710 after the initial policy is loaded and the security 711 server is ready to handle calls. / 712 goto out; 713 } 714 rc = -EINVAL; 715 printk(KERN_WARNING "SELinux: Unable to set superblock options " --- 29 unchanged lines hidden* (view full) --- 745 * also check if someone is trying to mount the same sb more 746 * than once with different security options. 747 */ 748 for (i = 0; i < num_opts; i++) { 749 u32 sid; 750 751 if (flags[i] == SBLABEL_MNT) 752 continue;	739 if (!num_opts) { 740 /* Defer initialization until selinux_complete_init, 741 after the initial policy is loaded and the security 742 server is ready to handle calls. / 743 goto out; 744 } 745 rc = -EINVAL; 746 printk(KERN_WARNING "SELinux: Unable to set superblock options " --- 29 unchanged lines hidden* (view full) --- 776 * also check if someone is trying to mount the same sb more 777 * than once with different security options. 778 */ 779 for (i = 0; i < num_opts; i++) { 780 u32 sid; 781 782 if (flags[i] == SBLABEL_MNT) 783 continue;
753 rc = security_context_str_to_sid(mount_options[i], &sid, GFP_KERNEL);	784 rc = security_context_str_to_sid(&selinux_state, 785 mount_options[i], &sid, 786 GFP_KERNEL);
754 if (rc) { 755 printk(KERN_WARNING "SELinux: security_context_str_to_sid" 756 "(%s) failed for (dev %s, type %s) errno=%d\n", 757 mount_options[i], sb->s_id, name, rc); 758 goto out; 759 } 760 switch (flags[i]) { 761 case FSCONTEXT_MNT: --- 59 unchanged lines hidden (view full) --- 821 !strcmp(sb->s_type->name, "cgroup2")) 822 sbsec->flags \|= SE_SBGENFS; 823 824 if (!sbsec->behavior) { 825 /* 826 * Determine the labeling behavior to use for this 827 * filesystem type. 828 */	787 if (rc) { 788 printk(KERN_WARNING "SELinux: security_context_str_to_sid" 789 "(%s) failed for (dev %s, type %s) errno=%d\n", 790 mount_options[i], sb->s_id, name, rc); 791 goto out; 792 } 793 switch (flags[i]) { 794 case FSCONTEXT_MNT: --- 59 unchanged lines hidden (view full) --- 854 !strcmp(sb->s_type->name, "cgroup2")) 855 sbsec->flags \|= SE_SBGENFS; 856 857 if (!sbsec->behavior) { 858 /* 859 * Determine the labeling behavior to use for this 860 * filesystem type. 861 */
829 rc = security_fs_use(sb);	862 rc = security_fs_use(&selinux_state, sb);
830 if (rc) { 831 printk(KERN_WARNING 832 "%s: security_fs_use(%s) returned %d\n", 833 __func__, sb->s_type->name, rc); 834 goto out; 835 } 836 } 837 --- 8 unchanged lines hidden (view full) --- 846 strcmp(sb->s_type->name, "devpts")) { 847 if (context_sid \|\| fscontext_sid \|\| rootcontext_sid \|\| 848 defcontext_sid) { 849 rc = -EACCES; 850 goto out; 851 } 852 if (sbsec->behavior == SECURITY_FS_USE_XATTR) { 853 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;	863 if (rc) { 864 printk(KERN_WARNING 865 "%s: security_fs_use(%s) returned %d\n", 866 __func__, sb->s_type->name, rc); 867 goto out; 868 } 869 } 870 --- 8 unchanged lines hidden (view full) --- 879 strcmp(sb->s_type->name, "devpts")) { 880 if (context_sid \|\| fscontext_sid \|\| rootcontext_sid \|\| 881 defcontext_sid) { 882 rc = -EACCES; 883 goto out; 884 } 885 if (sbsec->behavior == SECURITY_FS_USE_XATTR) { 886 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
854 rc = security_transition_sid(current_sid(), current_sid(),	887 rc = security_transition_sid(&selinux_state, 888 current_sid(), 889 current_sid(),
855 SECCLASS_FILE, NULL, 856 &sbsec->mntpoint_sid); 857 if (rc) 858 goto out; 859 } 860 goto out_set_opts; 861 } 862 --- 119 unchanged lines hidden (view full) --- 982 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT); 983 int set_context = (oldsbsec->flags & CONTEXT_MNT); 984 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT); 985 986 /* 987 * if the parent was able to be mounted it clearly had no special lsm 988 * mount options. thus we can safely deal with this superblock later 989 */	890 SECCLASS_FILE, NULL, 891 &sbsec->mntpoint_sid); 892 if (rc) 893 goto out; 894 } 895 goto out_set_opts; 896 } 897 --- 119 unchanged lines hidden (view full) --- 1017 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT); 1018 int set_context = (oldsbsec->flags & CONTEXT_MNT); 1019 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT); 1020 1021 /* 1022 * if the parent was able to be mounted it clearly had no special lsm 1023 * mount options. thus we can safely deal with this superblock later 1024 */
990 if (!ss_initialized)	1025 if (!selinux_state.initialized)
991 return 0; 992 993 /* 994 * Specifying internal flags without providing a place to 995 * place the results is not allowed. 996 / 997 if (kern_flags && !set_kern_flags) 998 return -EINVAL; --- 10 unchanged lines hidden* (view full) --- 1009 newsbsec->flags = oldsbsec->flags; 1010 1011 newsbsec->sid = oldsbsec->sid; 1012 newsbsec->def_sid = oldsbsec->def_sid; 1013 newsbsec->behavior = oldsbsec->behavior; 1014 1015 if (newsbsec->behavior == SECURITY_FS_USE_NATIVE && 1016 !(kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context) {	1026 return 0; 1027 1028 /* 1029 * Specifying internal flags without providing a place to 1030 * place the results is not allowed. 1031 / 1032 if (kern_flags && !set_kern_flags) 1033 return -EINVAL; --- 10 unchanged lines hidden* (view full) --- 1044 newsbsec->flags = oldsbsec->flags; 1045 1046 newsbsec->sid = oldsbsec->sid; 1047 newsbsec->def_sid = oldsbsec->def_sid; 1048 newsbsec->behavior = oldsbsec->behavior; 1049 1050 if (newsbsec->behavior == SECURITY_FS_USE_NATIVE && 1051 !(kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context) {
1017 rc = security_fs_use(newsb);	1052 rc = security_fs_use(&selinux_state, newsb);
1018 if (rc) 1019 goto out; 1020 } 1021 1022 if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !set_context) { 1023 newsbsec->behavior = SECURITY_FS_USE_NATIVE; 1024 set_kern_flags \|= SECURITY_LSM_NATIVE_LABELS; 1025 } --- 266 unchanged lines hidden* (view full) --- 1292 1293static inline int default_protocol_dgram(int protocol) 1294{ 1295 return (protocol == IPPROTO_IP \|\| protocol == IPPROTO_UDP); 1296} 1297 1298static inline u16 socket_type_to_security_class(int family, int type, int protocol) 1299{	1053 if (rc) 1054 goto out; 1055 } 1056 1057 if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !set_context) { 1058 newsbsec->behavior = SECURITY_FS_USE_NATIVE; 1059 set_kern_flags \|= SECURITY_LSM_NATIVE_LABELS; 1060 } --- 266 unchanged lines hidden* (view full) --- 1327 1328static inline int default_protocol_dgram(int protocol) 1329{ 1330 return (protocol == IPPROTO_IP \|\| protocol == IPPROTO_UDP); 1331} 1332 1333static inline u16 socket_type_to_security_class(int family, int type, int protocol) 1334{
1300 int extsockclass = selinux_policycap_extsockclass;	1335 int extsockclass = selinux_policycap_extsockclass();
1301 1302 switch (family) { 1303 case PF_UNIX: 1304 switch (type) { 1305 case SOCK_STREAM: 1306 case SOCK_SEQPACKET: 1307 return SECCLASS_UNIX_STREAM_SOCKET; 1308 case SOCK_DGRAM: --- 157 unchanged lines hidden (view full) --- 1466 /* each process gets a /proc/PID/ entry. Strip off the 1467 * PID part to get a valid selinux labeling. 1468 * e.g. /proc/1/net/rpc/nfs -> /net/rpc/nfs */ 1469 while (path[1] >= '0' && path[1] <= '9') { 1470 path[1] = '/'; 1471 path++; 1472 } 1473 }	1336 1337 switch (family) { 1338 case PF_UNIX: 1339 switch (type) { 1340 case SOCK_STREAM: 1341 case SOCK_SEQPACKET: 1342 return SECCLASS_UNIX_STREAM_SOCKET; 1343 case SOCK_DGRAM: --- 157 unchanged lines hidden (view full) --- 1501 /* each process gets a /proc/PID/ entry. Strip off the 1502 * PID part to get a valid selinux labeling. 1503 * e.g. /proc/1/net/rpc/nfs -> /net/rpc/nfs */ 1504 while (path[1] >= '0' && path[1] <= '9') { 1505 path[1] = '/'; 1506 path++; 1507 } 1508 }
1474 rc = security_genfs_sid(sb->s_type->name, path, tclass, sid);	1509 rc = security_genfs_sid(&selinux_state, sb->s_type->name, 1510 path, tclass, sid);
1475 } 1476 free_page((unsigned long)buffer); 1477 return rc; 1478} 1479 1480/* The inode's security attributes must be initialized before first use. / 1481static int inode_doinit_with_dentry(struct inode inode, struct dentry opt_dentry) 1482{ --- 101 unchanged lines hidden* (view full) --- 1584 -rc, inode->i_sb->s_id, inode->i_ino); 1585 kfree(context); 1586 goto out; 1587 } 1588 /* Map ENODATA to the default file SID */ 1589 sid = sbsec->def_sid; 1590 rc = 0; 1591 } else {	1511 } 1512 free_page((unsigned long)buffer); 1513 return rc; 1514} 1515 1516/* The inode's security attributes must be initialized before first use. / 1517static int inode_doinit_with_dentry(struct inode inode, struct dentry opt_dentry) 1518{ --- 101 unchanged lines hidden* (view full) --- 1620 -rc, inode->i_sb->s_id, inode->i_ino); 1621 kfree(context); 1622 goto out; 1623 } 1624 /* Map ENODATA to the default file SID */ 1625 sid = sbsec->def_sid; 1626 rc = 0; 1627 } else {
1592 rc = security_context_to_sid_default(context, rc, &sid,	1628 rc = security_context_to_sid_default(&selinux_state, 1629 context, rc, &sid,
1593 sbsec->def_sid, 1594 GFP_NOFS); 1595 if (rc) { 1596 char dev = inode->i_sb->s_id; 1597 unsigned long ino = inode->i_ino; 1598 1599 if (rc == -EINVAL) { 1600 if (printk_ratelimit()) --- 16 unchanged lines hidden* (view full) --- 1617 case SECURITY_FS_USE_TASK: 1618 sid = task_sid; 1619 break; 1620 case SECURITY_FS_USE_TRANS: 1621 /* Default to the fs SID. / 1622 sid = sbsec->sid; 1623 1624 / Try to obtain a transition SID. */	1630 sbsec->def_sid, 1631 GFP_NOFS); 1632 if (rc) { 1633 char dev = inode->i_sb->s_id; 1634 unsigned long ino = inode->i_ino; 1635 1636 if (rc == -EINVAL) { 1637 if (printk_ratelimit()) --- 16 unchanged lines hidden* (view full) --- 1654 case SECURITY_FS_USE_TASK: 1655 sid = task_sid; 1656 break; 1657 case SECURITY_FS_USE_TRANS: 1658 /* Default to the fs SID. / 1659 sid = sbsec->sid; 1660 1661 / Try to obtain a transition SID. */
1625 rc = security_transition_sid(task_sid, sid, sclass, NULL, &sid);	1662 rc = security_transition_sid(&selinux_state, task_sid, sid, 1663 sclass, NULL, &sid);
1626 if (rc) 1627 goto out; 1628 break; 1629 case SECURITY_FS_USE_MNTPOINT: 1630 sid = sbsec->mntpoint_sid; 1631 break; 1632 default: 1633 /* Default to the fs superblock SID. / --- 101 unchanged lines hidden* (view full) --- 1735 break; 1736 default: 1737 printk(KERN_ERR 1738 "SELinux: out of range capability %d\n", cap); 1739 BUG(); 1740 return -EINVAL; 1741 } 1742	1664 if (rc) 1665 goto out; 1666 break; 1667 case SECURITY_FS_USE_MNTPOINT: 1668 sid = sbsec->mntpoint_sid; 1669 break; 1670 default: 1671 /* Default to the fs superblock SID. / --- 101 unchanged lines hidden* (view full) --- 1773 break; 1774 default: 1775 printk(KERN_ERR 1776 "SELinux: out of range capability %d\n", cap); 1777 BUG(); 1778 return -EINVAL; 1779 } 1780
1743 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);	1781 rc = avc_has_perm_noaudit(&selinux_state, 1782 sid, sid, sclass, av, 0, &avd);
1744 if (audit == SECURITY_CAP_AUDIT) {	1783 if (audit == SECURITY_CAP_AUDIT) {
1745 int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad, 0);	1784 int rc2 = avc_audit(&selinux_state, 1785 sid, sid, sclass, av, &avd, rc, &ad, 0);
1746 if (rc2) 1747 return rc2; 1748 } 1749 return rc; 1750} 1751 1752/* Check whether a task has a particular permission to an inode. 1753 The 'adp' parameter is optional and allows other audit --- 9 unchanged lines hidden (view full) --- 1763 validate_creds(cred); 1764 1765 if (unlikely(IS_PRIVATE(inode))) 1766 return 0; 1767 1768 sid = cred_sid(cred); 1769 isec = inode->i_security; 1770	1786 if (rc2) 1787 return rc2; 1788 } 1789 return rc; 1790} 1791 1792/* Check whether a task has a particular permission to an inode. 1793 The 'adp' parameter is optional and allows other audit --- 9 unchanged lines hidden (view full) --- 1803 validate_creds(cred); 1804 1805 if (unlikely(IS_PRIVATE(inode))) 1806 return 0; 1807 1808 sid = cred_sid(cred); 1809 isec = inode->i_security; 1810
1771 return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp);	1811 return avc_has_perm(&selinux_state, 1812 sid, isec->sid, isec->sclass, perms, adp);
1772} 1773 1774/* Same as inode_has_perm, but pass explicit audit data containing 1775 the dentry to help the auditing code to more easily generate the 1776 pathname if needed. / 1777static inline int dentry_has_perm(const struct cred cred, 1778 struct dentry dentry, 1779 u32 av) --- 56 unchanged lines hidden* (view full) --- 1836 struct common_audit_data ad; 1837 u32 sid = cred_sid(cred); 1838 int rc; 1839 1840 ad.type = LSM_AUDIT_DATA_FILE; 1841 ad.u.file = file; 1842 1843 if (sid != fsec->sid) {	1813} 1814 1815/* Same as inode_has_perm, but pass explicit audit data containing 1816 the dentry to help the auditing code to more easily generate the 1817 pathname if needed. / 1818static inline int dentry_has_perm(const struct cred cred, 1819 struct dentry dentry, 1820 u32 av) --- 56 unchanged lines hidden* (view full) --- 1877 struct common_audit_data ad; 1878 u32 sid = cred_sid(cred); 1879 int rc; 1880 1881 ad.type = LSM_AUDIT_DATA_FILE; 1882 ad.u.file = file; 1883 1884 if (sid != fsec->sid) {
1844 rc = avc_has_perm(sid, fsec->sid,	1885 rc = avc_has_perm(&selinux_state, 1886 sid, fsec->sid,
1845 SECCLASS_FD, 1846 FD__USE, 1847 &ad); 1848 if (rc) 1849 goto out; 1850 } 1851 1852#ifdef CONFIG_BPF_SYSCALL --- 25 unchanged lines hidden (view full) --- 1878 if ((sbsec->flags & SE_SBINITIALIZED) && 1879 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) { 1880 _new_isid = sbsec->mntpoint_sid; 1881 } else if ((sbsec->flags & SBLABEL_MNT) && 1882 tsec->create_sid) { 1883 _new_isid = tsec->create_sid; 1884 } else { 1885 const struct inode_security_struct *dsec = inode_security(dir);	1887 SECCLASS_FD, 1888 FD__USE, 1889 &ad); 1890 if (rc) 1891 goto out; 1892 } 1893 1894#ifdef CONFIG_BPF_SYSCALL --- 25 unchanged lines hidden (view full) --- 1920 if ((sbsec->flags & SE_SBINITIALIZED) && 1921 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) { 1922 _new_isid = sbsec->mntpoint_sid; 1923 } else if ((sbsec->flags & SBLABEL_MNT) && 1924 tsec->create_sid) { 1925 _new_isid = tsec->create_sid; 1926 } else { 1927 const struct inode_security_struct *dsec = inode_security(dir);
1886 return security_transition_sid(tsec->sid, dsec->sid, tclass,	1928 return security_transition_sid(&selinux_state, tsec->sid, 1929 dsec->sid, tclass,
1887 name, _new_isid); 1888 } 1889 1890 return 0; 1891} 1892 1893/* Check whether a task can create a file. / 1894static int may_create(struct inode dir, --- 10 unchanged lines hidden (view full) --- 1905 dsec = inode_security(dir); 1906 sbsec = dir->i_sb->s_security; 1907 1908 sid = tsec->sid; 1909 1910 ad.type = LSM_AUDIT_DATA_DENTRY; 1911 ad.u.dentry = dentry; 1912	1930 name, _new_isid); 1931 } 1932 1933 return 0; 1934} 1935 1936/* Check whether a task can create a file. / 1937static int may_create(struct inode dir, --- 10 unchanged lines hidden (view full) --- 1948 dsec = inode_security(dir); 1949 sbsec = dir->i_sb->s_security; 1950 1951 sid = tsec->sid; 1952 1953 ad.type = LSM_AUDIT_DATA_DENTRY; 1954 ad.u.dentry = dentry; 1955
1913 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,	1956 rc = avc_has_perm(&selinux_state, 1957 sid, dsec->sid, SECCLASS_DIR,
1914 DIR__ADD_NAME \| DIR__SEARCH, 1915 &ad); 1916 if (rc) 1917 return rc; 1918 1919 rc = selinux_determine_inode_label(current_security(), dir, 1920 &dentry->d_name, tclass, &newsid); 1921 if (rc) 1922 return rc; 1923	1958 DIR__ADD_NAME \| DIR__SEARCH, 1959 &ad); 1960 if (rc) 1961 return rc; 1962 1963 rc = selinux_determine_inode_label(current_security(), dir, 1964 &dentry->d_name, tclass, &newsid); 1965 if (rc) 1966 return rc; 1967
1924 rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad);	1968 rc = avc_has_perm(&selinux_state, 1969 sid, newsid, tclass, FILE__CREATE, &ad);
1925 if (rc) 1926 return rc; 1927	1970 if (rc) 1971 return rc; 1972
1928 return avc_has_perm(newsid, sbsec->sid,	1973 return avc_has_perm(&selinux_state, 1974 newsid, sbsec->sid,
1929 SECCLASS_FILESYSTEM, 1930 FILESYSTEM__ASSOCIATE, &ad); 1931} 1932 1933#define MAY_LINK 0 1934#define MAY_UNLINK 1 1935#define MAY_RMDIR 2 1936 --- 12 unchanged lines hidden (view full) --- 1949 dsec = inode_security(dir); 1950 isec = backing_inode_security(dentry); 1951 1952 ad.type = LSM_AUDIT_DATA_DENTRY; 1953 ad.u.dentry = dentry; 1954 1955 av = DIR__SEARCH; 1956 av \|= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);	1975 SECCLASS_FILESYSTEM, 1976 FILESYSTEM__ASSOCIATE, &ad); 1977} 1978 1979#define MAY_LINK 0 1980#define MAY_UNLINK 1 1981#define MAY_RMDIR 2 1982 --- 12 unchanged lines hidden (view full) --- 1995 dsec = inode_security(dir); 1996 isec = backing_inode_security(dentry); 1997 1998 ad.type = LSM_AUDIT_DATA_DENTRY; 1999 ad.u.dentry = dentry; 2000 2001 av = DIR__SEARCH; 2002 av \|= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1957 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad);	2003 rc = avc_has_perm(&selinux_state, 2004 sid, dsec->sid, SECCLASS_DIR, av, &ad);
1958 if (rc) 1959 return rc; 1960 1961 switch (kind) { 1962 case MAY_LINK: 1963 av = FILE__LINK; 1964 break; 1965 case MAY_UNLINK: 1966 av = FILE__UNLINK; 1967 break; 1968 case MAY_RMDIR: 1969 av = DIR__RMDIR; 1970 break; 1971 default: 1972 printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n", 1973 __func__, kind); 1974 return 0; 1975 } 1976	2005 if (rc) 2006 return rc; 2007 2008 switch (kind) { 2009 case MAY_LINK: 2010 av = FILE__LINK; 2011 break; 2012 case MAY_UNLINK: 2013 av = FILE__UNLINK; 2014 break; 2015 case MAY_RMDIR: 2016 av = DIR__RMDIR; 2017 break; 2018 default: 2019 printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n", 2020 __func__, kind); 2021 return 0; 2022 } 2023
1977 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad);	2024 rc = avc_has_perm(&selinux_state, 2025 sid, isec->sid, isec->sclass, av, &ad);
1978 return rc; 1979} 1980 1981static inline int may_rename(struct inode old_dir, 1982 struct dentry old_dentry, 1983 struct inode new_dir, 1984 struct dentry new_dentry) 1985{ --- 7 unchanged lines hidden (view full) --- 1993 old_dsec = inode_security(old_dir); 1994 old_isec = backing_inode_security(old_dentry); 1995 old_is_dir = d_is_dir(old_dentry); 1996 new_dsec = inode_security(new_dir); 1997 1998 ad.type = LSM_AUDIT_DATA_DENTRY; 1999 2000 ad.u.dentry = old_dentry;	2026 return rc; 2027} 2028 2029static inline int may_rename(struct inode old_dir, 2030 struct dentry old_dentry, 2031 struct inode new_dir, 2032 struct dentry new_dentry) 2033{ --- 7 unchanged lines hidden (view full) --- 2041 old_dsec = inode_security(old_dir); 2042 old_isec = backing_inode_security(old_dentry); 2043 old_is_dir = d_is_dir(old_dentry); 2044 new_dsec = inode_security(new_dir); 2045 2046 ad.type = LSM_AUDIT_DATA_DENTRY; 2047 2048 ad.u.dentry = old_dentry;
2001 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,	2049 rc = avc_has_perm(&selinux_state, 2050 sid, old_dsec->sid, SECCLASS_DIR,
2002 DIR__REMOVE_NAME \| DIR__SEARCH, &ad); 2003 if (rc) 2004 return rc;	2051 DIR__REMOVE_NAME \| DIR__SEARCH, &ad); 2052 if (rc) 2053 return rc;
2005 rc = avc_has_perm(sid, old_isec->sid,	2054 rc = avc_has_perm(&selinux_state, 2055 sid, old_isec->sid,
2006 old_isec->sclass, FILE__RENAME, &ad); 2007 if (rc) 2008 return rc; 2009 if (old_is_dir && new_dir != old_dir) {	2056 old_isec->sclass, FILE__RENAME, &ad); 2057 if (rc) 2058 return rc; 2059 if (old_is_dir && new_dir != old_dir) {
2010 rc = avc_has_perm(sid, old_isec->sid,	2060 rc = avc_has_perm(&selinux_state, 2061 sid, old_isec->sid,
2011 old_isec->sclass, DIR__REPARENT, &ad); 2012 if (rc) 2013 return rc; 2014 } 2015 2016 ad.u.dentry = new_dentry; 2017 av = DIR__ADD_NAME \| DIR__SEARCH; 2018 if (d_is_positive(new_dentry)) 2019 av \|= DIR__REMOVE_NAME;	2062 old_isec->sclass, DIR__REPARENT, &ad); 2063 if (rc) 2064 return rc; 2065 } 2066 2067 ad.u.dentry = new_dentry; 2068 av = DIR__ADD_NAME \| DIR__SEARCH; 2069 if (d_is_positive(new_dentry)) 2070 av \|= DIR__REMOVE_NAME;
2020 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad);	2071 rc = avc_has_perm(&selinux_state, 2072 sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
2021 if (rc) 2022 return rc; 2023 if (d_is_positive(new_dentry)) { 2024 new_isec = backing_inode_security(new_dentry); 2025 new_is_dir = d_is_dir(new_dentry);	2073 if (rc) 2074 return rc; 2075 if (d_is_positive(new_dentry)) { 2076 new_isec = backing_inode_security(new_dentry); 2077 new_is_dir = d_is_dir(new_dentry);
2026 rc = avc_has_perm(sid, new_isec->sid,	2078 rc = avc_has_perm(&selinux_state, 2079 sid, new_isec->sid,
2027 new_isec->sclass, 2028 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad); 2029 if (rc) 2030 return rc; 2031 } 2032 2033 return 0; 2034} 2035 2036/* Check whether a task can perform a filesystem operation. / 2037static int superblock_has_perm(const struct cred cred, 2038 struct super_block sb, 2039 u32 perms, 2040 struct common_audit_data ad) 2041{ 2042 struct superblock_security_struct *sbsec; 2043 u32 sid = cred_sid(cred); 2044 2045 sbsec = sb->s_security;	2080 new_isec->sclass, 2081 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad); 2082 if (rc) 2083 return rc; 2084 } 2085 2086 return 0; 2087} 2088 2089/* Check whether a task can perform a filesystem operation. / 2090static int superblock_has_perm(const struct cred cred, 2091 struct super_block sb, 2092 u32 perms, 2093 struct common_audit_data ad) 2094{ 2095 struct superblock_security_struct *sbsec; 2096 u32 sid = cred_sid(cred); 2097 2098 sbsec = sb->s_security;
2046 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);	2099 return avc_has_perm(&selinux_state, 2100 sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
2047} 2048 2049/* Convert a Linux mode and permission mask to an access vector. / 2050static inline u32 file_mask_to_av(int mode, int mask) 2051{ 2052 u32 av = 0; 2053 2054 if (!S_ISDIR(mode)) { --- 46 unchanged lines hidden* (view full) --- 2101 * Convert a file to an access vector and include the correct open 2102 * open permission. 2103 / 2104static inline u32 open_file_to_av(struct file file) 2105{ 2106 u32 av = file_to_av(file); 2107 struct inode *inode = file_inode(file); 2108	2101} 2102 2103/* Convert a Linux mode and permission mask to an access vector. / 2104static inline u32 file_mask_to_av(int mode, int mask) 2105{ 2106 u32 av = 0; 2107 2108 if (!S_ISDIR(mode)) { --- 46 unchanged lines hidden* (view full) --- 2155 * Convert a file to an access vector and include the correct open 2156 * open permission. 2157 / 2158static inline u32 open_file_to_av(struct file file) 2159{ 2160 u32 av = file_to_av(file); 2161 struct inode *inode = file_inode(file); 2162
2109 if (selinux_policycap_openperm && inode->i_sb->s_magic != SOCKFS_MAGIC)	2163 if (selinux_policycap_openperm() && 2164 inode->i_sb->s_magic != SOCKFS_MAGIC)
2110 av \|= FILE__OPEN; 2111 2112 return av; 2113} 2114 2115/* Hook functions begin here. / 2116 2117static int selinux_binder_set_context_mgr(struct task_struct mgr) 2118{ 2119 u32 mysid = current_sid(); 2120 u32 mgrsid = task_sid(mgr); 2121	2165 av \|= FILE__OPEN; 2166 2167 return av; 2168} 2169 2170/* Hook functions begin here. / 2171 2172static int selinux_binder_set_context_mgr(struct task_struct mgr) 2173{ 2174 u32 mysid = current_sid(); 2175 u32 mgrsid = task_sid(mgr); 2176
2122 return avc_has_perm(mysid, mgrsid, SECCLASS_BINDER,	2177 return avc_has_perm(&selinux_state, 2178 mysid, mgrsid, SECCLASS_BINDER,
2123 BINDER__SET_CONTEXT_MGR, NULL); 2124} 2125 2126static int selinux_binder_transaction(struct task_struct from, 2127 struct task_struct to) 2128{ 2129 u32 mysid = current_sid(); 2130 u32 fromsid = task_sid(from); 2131 u32 tosid = task_sid(to); 2132 int rc; 2133 2134 if (mysid != fromsid) {	2179 BINDER__SET_CONTEXT_MGR, NULL); 2180} 2181 2182static int selinux_binder_transaction(struct task_struct from, 2183 struct task_struct to) 2184{ 2185 u32 mysid = current_sid(); 2186 u32 fromsid = task_sid(from); 2187 u32 tosid = task_sid(to); 2188 int rc; 2189 2190 if (mysid != fromsid) {
2135 rc = avc_has_perm(mysid, fromsid, SECCLASS_BINDER,	2191 rc = avc_has_perm(&selinux_state, 2192 mysid, fromsid, SECCLASS_BINDER,
2136 BINDER__IMPERSONATE, NULL); 2137 if (rc) 2138 return rc; 2139 } 2140	2193 BINDER__IMPERSONATE, NULL); 2194 if (rc) 2195 return rc; 2196 } 2197
2141 return avc_has_perm(fromsid, tosid, SECCLASS_BINDER, BINDER__CALL,	2198 return avc_has_perm(&selinux_state, 2199 fromsid, tosid, SECCLASS_BINDER, BINDER__CALL,
2142 NULL); 2143} 2144 2145static int selinux_binder_transfer_binder(struct task_struct from, 2146 struct task_struct to) 2147{ 2148 u32 fromsid = task_sid(from); 2149 u32 tosid = task_sid(to); 2150	2200 NULL); 2201} 2202 2203static int selinux_binder_transfer_binder(struct task_struct from, 2204 struct task_struct to) 2205{ 2206 u32 fromsid = task_sid(from); 2207 u32 tosid = task_sid(to); 2208
2151 return avc_has_perm(fromsid, tosid, SECCLASS_BINDER, BINDER__TRANSFER,	2209 return avc_has_perm(&selinux_state, 2210 fromsid, tosid, SECCLASS_BINDER, BINDER__TRANSFER,
2152 NULL); 2153} 2154 2155static int selinux_binder_transfer_file(struct task_struct from, 2156 struct task_struct to, 2157 struct file file) 2158{ 2159 u32 sid = task_sid(to); 2160 struct file_security_struct fsec = file->f_security; 2161 struct dentry dentry = file->f_path.dentry; 2162 struct inode_security_struct isec; 2163 struct common_audit_data ad; 2164 int rc; 2165 2166 ad.type = LSM_AUDIT_DATA_PATH; 2167 ad.u.path = file->f_path; 2168 2169 if (sid != fsec->sid) {	2211 NULL); 2212} 2213 2214static int selinux_binder_transfer_file(struct task_struct from, 2215 struct task_struct to, 2216 struct file file) 2217{ 2218 u32 sid = task_sid(to); 2219 struct file_security_struct fsec = file->f_security; 2220 struct dentry dentry = file->f_path.dentry; 2221 struct inode_security_struct isec; 2222 struct common_audit_data ad; 2223 int rc; 2224 2225 ad.type = LSM_AUDIT_DATA_PATH; 2226 ad.u.path = file->f_path; 2227 2228 if (sid != fsec->sid) {
2170 rc = avc_has_perm(sid, fsec->sid,	2229 rc = avc_has_perm(&selinux_state, 2230 sid, fsec->sid,
2171 SECCLASS_FD, 2172 FD__USE, 2173 &ad); 2174 if (rc) 2175 return rc; 2176 } 2177 2178#ifdef CONFIG_BPF_SYSCALL 2179 rc = bpf_fd_pass(file, sid); 2180 if (rc) 2181 return rc; 2182#endif 2183 2184 if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) 2185 return 0; 2186 2187 isec = backing_inode_security(dentry);	2231 SECCLASS_FD, 2232 FD__USE, 2233 &ad); 2234 if (rc) 2235 return rc; 2236 } 2237 2238#ifdef CONFIG_BPF_SYSCALL 2239 rc = bpf_fd_pass(file, sid); 2240 if (rc) 2241 return rc; 2242#endif 2243 2244 if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) 2245 return 0; 2246 2247 isec = backing_inode_security(dentry);
2188 return avc_has_perm(sid, isec->sid, isec->sclass, file_to_av(file),	2248 return avc_has_perm(&selinux_state, 2249 sid, isec->sid, isec->sclass, file_to_av(file),
2189 &ad); 2190} 2191 2192static int selinux_ptrace_access_check(struct task_struct *child, 2193 unsigned int mode) 2194{ 2195 u32 sid = current_sid(); 2196 u32 csid = task_sid(child); 2197 2198 if (mode & PTRACE_MODE_READ)	2250 &ad); 2251} 2252 2253static int selinux_ptrace_access_check(struct task_struct *child, 2254 unsigned int mode) 2255{ 2256 u32 sid = current_sid(); 2257 u32 csid = task_sid(child); 2258 2259 if (mode & PTRACE_MODE_READ)
2199 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);	2260 return avc_has_perm(&selinux_state, 2261 sid, csid, SECCLASS_FILE, FILE__READ, NULL);
2200	2262
2201 return avc_has_perm(sid, csid, SECCLASS_PROCESS, PROCESS__PTRACE, NULL);	2263 return avc_has_perm(&selinux_state, 2264 sid, csid, SECCLASS_PROCESS, PROCESS__PTRACE, NULL);
2202} 2203 2204static int selinux_ptrace_traceme(struct task_struct *parent) 2205{	2265} 2266 2267static int selinux_ptrace_traceme(struct task_struct *parent) 2268{
2206 return avc_has_perm(task_sid(parent), current_sid(), SECCLASS_PROCESS,	2269 return avc_has_perm(&selinux_state, 2270 task_sid(parent), current_sid(), SECCLASS_PROCESS,
2207 PROCESS__PTRACE, NULL); 2208} 2209 2210static int selinux_capget(struct task_struct target, kernel_cap_t effective, 2211 kernel_cap_t inheritable, kernel_cap_t permitted) 2212{	2271 PROCESS__PTRACE, NULL); 2272} 2273 2274static int selinux_capget(struct task_struct target, kernel_cap_t effective, 2275 kernel_cap_t inheritable, kernel_cap_t permitted) 2276{
2213 return avc_has_perm(current_sid(), task_sid(target), SECCLASS_PROCESS,	2277 return avc_has_perm(&selinux_state, 2278 current_sid(), task_sid(target), SECCLASS_PROCESS,
2214 PROCESS__GETCAP, NULL); 2215} 2216 2217static int selinux_capset(struct cred new, const struct cred old, 2218 const kernel_cap_t effective, 2219 const kernel_cap_t inheritable, 2220 const kernel_cap_t *permitted) 2221{	2279 PROCESS__GETCAP, NULL); 2280} 2281 2282static int selinux_capset(struct cred new, const struct cred old, 2283 const kernel_cap_t effective, 2284 const kernel_cap_t inheritable, 2285 const kernel_cap_t *permitted) 2286{
2222 return avc_has_perm(cred_sid(old), cred_sid(new), SECCLASS_PROCESS,	2287 return avc_has_perm(&selinux_state, 2288 cred_sid(old), cred_sid(new), SECCLASS_PROCESS,
2223 PROCESS__SETCAP, NULL); 2224} 2225 2226/* 2227 * (This comment used to live with the selinux_task_setuid hook, 2228 * which was removed). 2229 * 2230 * Since setuid only affects the current process, and since the SELinux --- 43 unchanged lines hidden (view full) --- 2274 return dentry_has_perm(cred, dentry, FILE__QUOTAON); 2275} 2276 2277static int selinux_syslog(int type) 2278{ 2279 switch (type) { 2280 case SYSLOG_ACTION_READ_ALL: /* Read last kernel messages / 2281 case SYSLOG_ACTION_SIZE_BUFFER: / Return size of the log buffer */	2289 PROCESS__SETCAP, NULL); 2290} 2291 2292/* 2293 * (This comment used to live with the selinux_task_setuid hook, 2294 * which was removed). 2295 * 2296 * Since setuid only affects the current process, and since the SELinux --- 43 unchanged lines hidden (view full) --- 2340 return dentry_has_perm(cred, dentry, FILE__QUOTAON); 2341} 2342 2343static int selinux_syslog(int type) 2344{ 2345 switch (type) { 2346 case SYSLOG_ACTION_READ_ALL: /* Read last kernel messages / 2347 case SYSLOG_ACTION_SIZE_BUFFER: / Return size of the log buffer */
2282 return avc_has_perm(current_sid(), SECINITSID_KERNEL,	2348 return avc_has_perm(&selinux_state, 2349 current_sid(), SECINITSID_KERNEL,
2283 SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, NULL); 2284 case SYSLOG_ACTION_CONSOLE_OFF: /* Disable logging to console / 2285 case SYSLOG_ACTION_CONSOLE_ON: / Enable logging to console / 2286 / Set level of messages printed to console */ 2287 case SYSLOG_ACTION_CONSOLE_LEVEL:	2350 SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, NULL); 2351 case SYSLOG_ACTION_CONSOLE_OFF: /* Disable logging to console / 2352 case SYSLOG_ACTION_CONSOLE_ON: / Enable logging to console / 2353 / Set level of messages printed to console */ 2354 case SYSLOG_ACTION_CONSOLE_LEVEL:
2288 return avc_has_perm(current_sid(), SECINITSID_KERNEL,	2355 return avc_has_perm(&selinux_state, 2356 current_sid(), SECINITSID_KERNEL,
2289 SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, 2290 NULL); 2291 } 2292 /* All other syslog types */	2357 SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, 2358 NULL); 2359 } 2360 /* All other syslog types */
2293 return avc_has_perm(current_sid(), SECINITSID_KERNEL,	2361 return avc_has_perm(&selinux_state, 2362 current_sid(), SECINITSID_KERNEL,
2294 SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, NULL); 2295} 2296 2297/* 2298 * Check that a process has enough memory to allocate a new virtual 2299 * mapping. 0 means there is enough memory for the allocation to 2300 * succeed and -ENOMEM implies there is not. 2301 * --- 44 unchanged lines hidden (view full) --- 2346 return 0; /* No change in credentials / 2347 2348 / 2349 * If the policy enables the nnp_nosuid_transition policy capability, 2350 * then we permit transitions under NNP or nosuid if the 2351 * policy allows the corresponding permission between 2352 * the old and new contexts. 2353 */	2363 SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, NULL); 2364} 2365 2366/* 2367 * Check that a process has enough memory to allocate a new virtual 2368 * mapping. 0 means there is enough memory for the allocation to 2369 * succeed and -ENOMEM implies there is not. 2370 * --- 44 unchanged lines hidden (view full) --- 2415 return 0; /* No change in credentials / 2416 2417 / 2418 * If the policy enables the nnp_nosuid_transition policy capability, 2419 * then we permit transitions under NNP or nosuid if the 2420 * policy allows the corresponding permission between 2421 * the old and new contexts. 2422 */
2354 if (selinux_policycap_nnp_nosuid_transition) {	2423 if (selinux_policycap_nnp_nosuid_transition()) {
2355 av = 0; 2356 if (nnp) 2357 av \|= PROCESS2__NNP_TRANSITION; 2358 if (nosuid) 2359 av \|= PROCESS2__NOSUID_TRANSITION;	2424 av = 0; 2425 if (nnp) 2426 av \|= PROCESS2__NNP_TRANSITION; 2427 if (nosuid) 2428 av \|= PROCESS2__NOSUID_TRANSITION;
2360 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,	2429 rc = avc_has_perm(&selinux_state, 2430 old_tsec->sid, new_tsec->sid,
2361 SECCLASS_PROCESS2, av, NULL); 2362 if (!rc) 2363 return 0; 2364 } 2365 2366 /* 2367 * We also permit NNP or nosuid transitions to bounded SIDs, 2368 * i.e. SIDs that are guaranteed to only be allowed a subset 2369 * of the permissions of the current SID. 2370 */	2431 SECCLASS_PROCESS2, av, NULL); 2432 if (!rc) 2433 return 0; 2434 } 2435 2436 /* 2437 * We also permit NNP or nosuid transitions to bounded SIDs, 2438 * i.e. SIDs that are guaranteed to only be allowed a subset 2439 * of the permissions of the current SID. 2440 */
2371 rc = security_bounded_transition(old_tsec->sid, new_tsec->sid);	2441 rc = security_bounded_transition(&selinux_state, old_tsec->sid, 2442 new_tsec->sid);
2372 if (!rc) 2373 return 0; 2374 2375 /* 2376 * On failure, preserve the errno values for NNP vs nosuid. 2377 * NNP: Operation not permitted for caller. 2378 * nosuid: Permission denied to file. 2379 / --- 35 unchanged lines hidden* (view full) --- 2415 new_tsec->exec_sid = 0; 2416 2417 /* Fail on NNP or nosuid if not an allowed transition. / 2418 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec); 2419 if (rc) 2420 return rc; 2421 } else { 2422 / Check for a default transition on this program. */	2443 if (!rc) 2444 return 0; 2445 2446 /* 2447 * On failure, preserve the errno values for NNP vs nosuid. 2448 * NNP: Operation not permitted for caller. 2449 * nosuid: Permission denied to file. 2450 / --- 35 unchanged lines hidden* (view full) --- 2486 new_tsec->exec_sid = 0; 2487 2488 /* Fail on NNP or nosuid if not an allowed transition. / 2489 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec); 2490 if (rc) 2491 return rc; 2492 } else { 2493 / Check for a default transition on this program. */
2423 rc = security_transition_sid(old_tsec->sid, isec->sid, 2424 SECCLASS_PROCESS, NULL,	2494 rc = security_transition_sid(&selinux_state, old_tsec->sid, 2495 isec->sid, SECCLASS_PROCESS, NULL,
2425 &new_tsec->sid); 2426 if (rc) 2427 return rc; 2428 2429 /* 2430 * Fallback to old SID on NNP or nosuid if not an allowed 2431 * transition. 2432 */ 2433 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec); 2434 if (rc) 2435 new_tsec->sid = old_tsec->sid; 2436 } 2437 2438 ad.type = LSM_AUDIT_DATA_FILE; 2439 ad.u.file = bprm->file; 2440 2441 if (new_tsec->sid == old_tsec->sid) {	2496 &new_tsec->sid); 2497 if (rc) 2498 return rc; 2499 2500 /* 2501 * Fallback to old SID on NNP or nosuid if not an allowed 2502 * transition. 2503 */ 2504 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec); 2505 if (rc) 2506 new_tsec->sid = old_tsec->sid; 2507 } 2508 2509 ad.type = LSM_AUDIT_DATA_FILE; 2510 ad.u.file = bprm->file; 2511 2512 if (new_tsec->sid == old_tsec->sid) {
2442 rc = avc_has_perm(old_tsec->sid, isec->sid,	2513 rc = avc_has_perm(&selinux_state, 2514 old_tsec->sid, isec->sid,
2443 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad); 2444 if (rc) 2445 return rc; 2446 } else { 2447 /* Check permissions for the transition. */	2515 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad); 2516 if (rc) 2517 return rc; 2518 } else { 2519 /* Check permissions for the transition. */
2448 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,	2520 rc = avc_has_perm(&selinux_state, 2521 old_tsec->sid, new_tsec->sid,
2449 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad); 2450 if (rc) 2451 return rc; 2452	2522 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad); 2523 if (rc) 2524 return rc; 2525
2453 rc = avc_has_perm(new_tsec->sid, isec->sid,	2526 rc = avc_has_perm(&selinux_state, 2527 new_tsec->sid, isec->sid,
2454 SECCLASS_FILE, FILE__ENTRYPOINT, &ad); 2455 if (rc) 2456 return rc; 2457 2458 /* Check for shared state */ 2459 if (bprm->unsafe & LSM_UNSAFE_SHARE) {	2528 SECCLASS_FILE, FILE__ENTRYPOINT, &ad); 2529 if (rc) 2530 return rc; 2531 2532 /* Check for shared state */ 2533 if (bprm->unsafe & LSM_UNSAFE_SHARE) {
2460 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,	2534 rc = avc_has_perm(&selinux_state, 2535 old_tsec->sid, new_tsec->sid,
2461 SECCLASS_PROCESS, PROCESS__SHARE, 2462 NULL); 2463 if (rc) 2464 return -EPERM; 2465 } 2466 2467 /* Make sure that anyone attempting to ptrace over a task that 2468 * changes its SID has the appropriate permit */ 2469 if (bprm->unsafe & LSM_UNSAFE_PTRACE) { 2470 u32 ptsid = ptrace_parent_sid(); 2471 if (ptsid != 0) {	2536 SECCLASS_PROCESS, PROCESS__SHARE, 2537 NULL); 2538 if (rc) 2539 return -EPERM; 2540 } 2541 2542 /* Make sure that anyone attempting to ptrace over a task that 2543 * changes its SID has the appropriate permit */ 2544 if (bprm->unsafe & LSM_UNSAFE_PTRACE) { 2545 u32 ptsid = ptrace_parent_sid(); 2546 if (ptsid != 0) {
2472 rc = avc_has_perm(ptsid, new_tsec->sid,	2547 rc = avc_has_perm(&selinux_state, 2548 ptsid, new_tsec->sid,
2473 SECCLASS_PROCESS, 2474 PROCESS__PTRACE, NULL); 2475 if (rc) 2476 return -EPERM; 2477 } 2478 } 2479 2480 /* Clear any possibly unsafe personality bits on exec: / 2481 bprm->per_clear \|= PER_CLEAR_ON_SETID; 2482 2483 / Enable secure mode for SIDs transitions unless 2484 the noatsecure permission is granted between 2485 the two SIDs, i.e. ahp returns 0. */	2549 SECCLASS_PROCESS, 2550 PROCESS__PTRACE, NULL); 2551 if (rc) 2552 return -EPERM; 2553 } 2554 } 2555 2556 /* Clear any possibly unsafe personality bits on exec: / 2557 bprm->per_clear \|= PER_CLEAR_ON_SETID; 2558 2559 / Enable secure mode for SIDs transitions unless 2560 the noatsecure permission is granted between 2561 the two SIDs, i.e. ahp returns 0. */
2486 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,	2562 rc = avc_has_perm(&selinux_state, 2563 old_tsec->sid, new_tsec->sid,
2487 SECCLASS_PROCESS, PROCESS__NOATSECURE, 2488 NULL); 2489 bprm->secureexec \|= !!rc; 2490 } 2491 2492 return 0; 2493} 2494 --- 75 unchanged lines hidden (view full) --- 2570 * task's hard limit and the init task's soft limit. 2571 * 2572 * Note that the setting of hard limits (even to lower them) can be 2573 * controlled by the setrlimit check. The inclusion of the init task's 2574 * soft limit into the computation is to avoid resetting soft limits 2575 * higher than the default soft limit for cases where the default is 2576 * lower than the hard limit, e.g. RLIMIT_CORE or RLIMIT_STACK. 2577 */	2564 SECCLASS_PROCESS, PROCESS__NOATSECURE, 2565 NULL); 2566 bprm->secureexec \|= !!rc; 2567 } 2568 2569 return 0; 2570} 2571 --- 75 unchanged lines hidden (view full) --- 2647 * task's hard limit and the init task's soft limit. 2648 * 2649 * Note that the setting of hard limits (even to lower them) can be 2650 * controlled by the setrlimit check. The inclusion of the init task's 2651 * soft limit into the computation is to avoid resetting soft limits 2652 * higher than the default soft limit for cases where the default is 2653 * lower than the hard limit, e.g. RLIMIT_CORE or RLIMIT_STACK. 2654 */
2578 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,	2655 rc = avc_has_perm(&selinux_state, 2656 new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2579 PROCESS__RLIMITINH, NULL); 2580 if (rc) { 2581 /* protect against do_prlimit() / 2582 task_lock(current); 2583 for (i = 0; i < RLIM_NLIMITS; i++) { 2584 rlim = current->signal->rlim + i; 2585 initrlim = init_task.signal->rlim + i; 2586 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); --- 23 unchanged lines hidden* (view full) --- 2610 2611 /* Check whether the new SID can inherit signal state from the old SID. 2612 * If not, clear itimers to avoid subsequent signal generation and 2613 * flush and unblock signals. 2614 * 2615 * This must occur _after_ the task SID has been updated so that any 2616 * kill done after the flush will be checked against the new SID. 2617 */	2657 PROCESS__RLIMITINH, NULL); 2658 if (rc) { 2659 /* protect against do_prlimit() / 2660 task_lock(current); 2661 for (i = 0; i < RLIM_NLIMITS; i++) { 2662 rlim = current->signal->rlim + i; 2663 initrlim = init_task.signal->rlim + i; 2664 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); --- 23 unchanged lines hidden* (view full) --- 2688 2689 /* Check whether the new SID can inherit signal state from the old SID. 2690 * If not, clear itimers to avoid subsequent signal generation and 2691 * flush and unblock signals. 2692 * 2693 * This must occur _after_ the task SID has been updated so that any 2694 * kill done after the flush will be checked against the new SID. 2695 */
2618 rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);	2696 rc = avc_has_perm(&selinux_state, 2697 osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2619 if (rc) { 2620 if (IS_ENABLED(CONFIG_POSIX_TIMERS)) { 2621 memset(&itimer, 0, sizeof itimer); 2622 for (i = 0; i < 3; i++) 2623 do_setitimer(i, &itimer, NULL); 2624 } 2625 spin_lock_irq(&current->sighand->siglock); 2626 if (!fatal_signal_pending(current)) { --- 147 unchanged lines hidden (view full) --- 2774 mount_options = opts.mnt_opts; 2775 flags = opts.mnt_opts_flags; 2776 2777 for (i = 0; i < opts.num_mnt_opts; i++) { 2778 u32 sid; 2779 2780 if (flags[i] == SBLABEL_MNT) 2781 continue;	2698 if (rc) { 2699 if (IS_ENABLED(CONFIG_POSIX_TIMERS)) { 2700 memset(&itimer, 0, sizeof itimer); 2701 for (i = 0; i < 3; i++) 2702 do_setitimer(i, &itimer, NULL); 2703 } 2704 spin_lock_irq(&current->sighand->siglock); 2705 if (!fatal_signal_pending(current)) { --- 147 unchanged lines hidden (view full) --- 2853 mount_options = opts.mnt_opts; 2854 flags = opts.mnt_opts_flags; 2855 2856 for (i = 0; i < opts.num_mnt_opts; i++) { 2857 u32 sid; 2858 2859 if (flags[i] == SBLABEL_MNT) 2860 continue;
2782 rc = security_context_str_to_sid(mount_options[i], &sid, GFP_KERNEL);	2861 rc = security_context_str_to_sid(&selinux_state, 2862 mount_options[i], &sid, 2863 GFP_KERNEL);
2783 if (rc) { 2784 printk(KERN_WARNING "SELinux: security_context_str_to_sid" 2785 "(%s) failed for (dev %s, type %s) errno=%d\n", 2786 mount_options[i], sb->s_id, sb->s_type->name, rc); 2787 goto out_free_opts; 2788 } 2789 rc = -EINVAL; 2790 switch (flags[i]) { --- 108 unchanged lines hidden (view full) --- 2899 2900 rc = selinux_determine_inode_label(current_security(), 2901 d_inode(dentry->d_parent), name, 2902 inode_mode_to_security_class(mode), 2903 &newsid); 2904 if (rc) 2905 return rc; 2906	2864 if (rc) { 2865 printk(KERN_WARNING "SELinux: security_context_str_to_sid" 2866 "(%s) failed for (dev %s, type %s) errno=%d\n", 2867 mount_options[i], sb->s_id, sb->s_type->name, rc); 2868 goto out_free_opts; 2869 } 2870 rc = -EINVAL; 2871 switch (flags[i]) { --- 108 unchanged lines hidden (view full) --- 2980 2981 rc = selinux_determine_inode_label(current_security(), 2982 d_inode(dentry->d_parent), name, 2983 inode_mode_to_security_class(mode), 2984 &newsid); 2985 if (rc) 2986 return rc; 2987
2907 return security_sid_to_context(newsid, (char **)ctx, ctxlen);	2988 return security_sid_to_context(&selinux_state, newsid, (char **)ctx, 2989 ctxlen);
2908} 2909 2910static int selinux_dentry_create_files_as(struct dentry dentry, int mode, 2911 struct qstr name, 2912 const struct cred old, 2913 struct cred new) 2914{ 2915 u32 newsid; --- 37 unchanged lines hidden (view full) --- 2953 /* Possibly defer initialization to selinux_complete_init. / 2954 if (sbsec->flags & SE_SBINITIALIZED) { 2955 struct inode_security_struct isec = inode->i_security; 2956 isec->sclass = inode_mode_to_security_class(inode->i_mode); 2957 isec->sid = newsid; 2958 isec->initialized = LABEL_INITIALIZED; 2959 } 2960	2990} 2991 2992static int selinux_dentry_create_files_as(struct dentry dentry, int mode, 2993 struct qstr name, 2994 const struct cred old, 2995 struct cred new) 2996{ 2997 u32 newsid; --- 37 unchanged lines hidden (view full) --- 3035 /* Possibly defer initialization to selinux_complete_init. / 3036 if (sbsec->flags & SE_SBINITIALIZED) { 3037 struct inode_security_struct isec = inode->i_security; 3038 isec->sclass = inode_mode_to_security_class(inode->i_mode); 3039 isec->sid = newsid; 3040 isec->initialized = LABEL_INITIALIZED; 3041 } 3042
2961 if (!ss_initialized \|\| !(sbsec->flags & SBLABEL_MNT))	3043 if (!selinux_state.initialized \|\| !(sbsec->flags & SBLABEL_MNT))
2962 return -EOPNOTSUPP; 2963 2964 if (name) 2965 *name = XATTR_SELINUX_SUFFIX; 2966 2967 if (value && len) {	3044 return -EOPNOTSUPP; 3045 3046 if (name) 3047 *name = XATTR_SELINUX_SUFFIX; 3048 3049 if (value && len) {
2968 rc = security_sid_to_context_force(newsid, &context, &clen);	3050 rc = security_sid_to_context_force(&selinux_state, newsid, 3051 &context, &clen);
2969 if (rc) 2970 return rc; 2971 value = context; 2972 len = clen; 2973 } 2974 2975 return 0; 2976} --- 58 unchanged lines hidden (view full) --- 3035 3036 ad.type = LSM_AUDIT_DATA_DENTRY; 3037 ad.u.dentry = dentry; 3038 sid = cred_sid(cred); 3039 isec = inode_security_rcu(inode, rcu); 3040 if (IS_ERR(isec)) 3041 return PTR_ERR(isec); 3042	3052 if (rc) 3053 return rc; 3054 value = context; 3055 len = clen; 3056 } 3057 3058 return 0; 3059} --- 58 unchanged lines hidden (view full) --- 3118 3119 ad.type = LSM_AUDIT_DATA_DENTRY; 3120 ad.u.dentry = dentry; 3121 sid = cred_sid(cred); 3122 isec = inode_security_rcu(inode, rcu); 3123 if (IS_ERR(isec)) 3124 return PTR_ERR(isec); 3125
3043 return avc_has_perm_flags(sid, isec->sid, isec->sclass, FILE__READ, &ad,	3126 return avc_has_perm_flags(&selinux_state, 3127 sid, isec->sid, isec->sclass, FILE__READ, &ad,
3044 rcu ? MAY_NOT_BLOCK : 0); 3045} 3046 3047static noinline int audit_inode_permission(struct inode inode, 3048 u32 perms, u32 audited, u32 denied, 3049 int result, 3050 unsigned flags) 3051{ 3052 struct common_audit_data ad; 3053 struct inode_security_struct isec = inode->i_security; 3054 int rc; 3055 3056 ad.type = LSM_AUDIT_DATA_INODE; 3057 ad.u.inode = inode; 3058	3128 rcu ? MAY_NOT_BLOCK : 0); 3129} 3130 3131static noinline int audit_inode_permission(struct inode inode, 3132 u32 perms, u32 audited, u32 denied, 3133 int result, 3134 unsigned flags) 3135{ 3136 struct common_audit_data ad; 3137 struct inode_security_struct isec = inode->i_security; 3138 int rc; 3139 3140 ad.type = LSM_AUDIT_DATA_INODE; 3141 ad.u.inode = inode; 3142
3059 rc = slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms,	3143 rc = slow_avc_audit(&selinux_state, 3144 current_sid(), isec->sid, isec->sclass, perms,
3060 audited, denied, result, &ad, flags); 3061 if (rc) 3062 return rc; 3063 return 0; 3064} 3065 3066static int selinux_inode_permission(struct inode inode, int mask) 3067{ --- 21 unchanged lines hidden* (view full) --- 3089 3090 perms = file_mask_to_av(inode->i_mode, mask); 3091 3092 sid = cred_sid(cred); 3093 isec = inode_security_rcu(inode, flags & MAY_NOT_BLOCK); 3094 if (IS_ERR(isec)) 3095 return PTR_ERR(isec); 3096	3145 audited, denied, result, &ad, flags); 3146 if (rc) 3147 return rc; 3148 return 0; 3149} 3150 3151static int selinux_inode_permission(struct inode inode, int mask) 3152{ --- 21 unchanged lines hidden* (view full) --- 3174 3175 perms = file_mask_to_av(inode->i_mode, mask); 3176 3177 sid = cred_sid(cred); 3178 isec = inode_security_rcu(inode, flags & MAY_NOT_BLOCK); 3179 if (IS_ERR(isec)) 3180 return PTR_ERR(isec); 3181
3097 rc = avc_has_perm_noaudit(sid, isec->sid, isec->sclass, perms, 0, &avd);	3182 rc = avc_has_perm_noaudit(&selinux_state, 3183 sid, isec->sid, isec->sclass, perms, 0, &avd);
3098 audited = avc_audit_required(perms, &avd, rc, 3099 from_access ? FILE__AUDIT_ACCESS : 0, 3100 &denied); 3101 if (likely(!audited)) 3102 return rc; 3103 3104 rc2 = audit_inode_permission(inode, perms, audited, denied, rc, flags); 3105 if (rc2) --- 15 unchanged lines hidden (view full) --- 3121 if (!ia_valid) 3122 return 0; 3123 } 3124 3125 if (ia_valid & (ATTR_MODE \| ATTR_UID \| ATTR_GID \| 3126 ATTR_ATIME_SET \| ATTR_MTIME_SET \| ATTR_TIMES_SET)) 3127 return dentry_has_perm(cred, dentry, FILE__SETATTR); 3128	3184 audited = avc_audit_required(perms, &avd, rc, 3185 from_access ? FILE__AUDIT_ACCESS : 0, 3186 &denied); 3187 if (likely(!audited)) 3188 return rc; 3189 3190 rc2 = audit_inode_permission(inode, perms, audited, denied, rc, flags); 3191 if (rc2) --- 15 unchanged lines hidden (view full) --- 3207 if (!ia_valid) 3208 return 0; 3209 } 3210 3211 if (ia_valid & (ATTR_MODE \| ATTR_UID \| ATTR_GID \| 3212 ATTR_ATIME_SET \| ATTR_MTIME_SET \| ATTR_TIMES_SET)) 3213 return dentry_has_perm(cred, dentry, FILE__SETATTR); 3214
3129 if (selinux_policycap_openperm &&	3215 if (selinux_policycap_openperm() &&
3130 inode->i_sb->s_magic != SOCKFS_MAGIC && 3131 (ia_valid & ATTR_SIZE) && 3132 !(ia_valid & ATTR_FILE)) 3133 av \|= FILE__OPEN; 3134 3135 return dentry_has_perm(cred, dentry, av); 3136} 3137 --- 40 unchanged lines hidden (view full) --- 3178 3179 if (!inode_owner_or_capable(inode)) 3180 return -EPERM; 3181 3182 ad.type = LSM_AUDIT_DATA_DENTRY; 3183 ad.u.dentry = dentry; 3184 3185 isec = backing_inode_security(dentry);	3216 inode->i_sb->s_magic != SOCKFS_MAGIC && 3217 (ia_valid & ATTR_SIZE) && 3218 !(ia_valid & ATTR_FILE)) 3219 av \|= FILE__OPEN; 3220 3221 return dentry_has_perm(cred, dentry, av); 3222} 3223 --- 40 unchanged lines hidden (view full) --- 3264 3265 if (!inode_owner_or_capable(inode)) 3266 return -EPERM; 3267 3268 ad.type = LSM_AUDIT_DATA_DENTRY; 3269 ad.u.dentry = dentry; 3270 3271 isec = backing_inode_security(dentry);
3186 rc = avc_has_perm(sid, isec->sid, isec->sclass,	3272 rc = avc_has_perm(&selinux_state, 3273 sid, isec->sid, isec->sclass,
3187 FILE__RELABELFROM, &ad); 3188 if (rc) 3189 return rc; 3190	3274 FILE__RELABELFROM, &ad); 3275 if (rc) 3276 return rc; 3277
3191 rc = security_context_to_sid(value, size, &newsid, GFP_KERNEL);	3278 rc = security_context_to_sid(&selinux_state, value, size, &newsid, 3279 GFP_KERNEL);
3192 if (rc == -EINVAL) { 3193 if (!has_cap_mac_admin(true)) { 3194 struct audit_buffer ab; 3195 size_t audit_size; 3196 3197 / We strip a nul only if it is at the end, otherwise the 3198 * context contains a nul and we should audit that / 3199 if (value) { --- 8 unchanged lines hidden* (view full) --- 3208 } 3209 ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR); 3210 audit_log_format(ab, "op=setxattr invalid_context="); 3211 audit_log_n_untrustedstring(ab, value, audit_size); 3212 audit_log_end(ab); 3213 3214 return rc; 3215 }	3280 if (rc == -EINVAL) { 3281 if (!has_cap_mac_admin(true)) { 3282 struct audit_buffer ab; 3283 size_t audit_size; 3284 3285 / We strip a nul only if it is at the end, otherwise the 3286 * context contains a nul and we should audit that / 3287 if (value) { --- 8 unchanged lines hidden* (view full) --- 3296 } 3297 ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR); 3298 audit_log_format(ab, "op=setxattr invalid_context="); 3299 audit_log_n_untrustedstring(ab, value, audit_size); 3300 audit_log_end(ab); 3301 3302 return rc; 3303 }
3216 rc = security_context_to_sid_force(value, size, &newsid);	3304 rc = security_context_to_sid_force(&selinux_state, value, 3305 size, &newsid);
3217 } 3218 if (rc) 3219 return rc; 3220	3306 } 3307 if (rc) 3308 return rc; 3309
3221 rc = avc_has_perm(sid, newsid, isec->sclass,	3310 rc = avc_has_perm(&selinux_state, 3311 sid, newsid, isec->sclass,
3222 FILE__RELABELTO, &ad); 3223 if (rc) 3224 return rc; 3225	3312 FILE__RELABELTO, &ad); 3313 if (rc) 3314 return rc; 3315
3226 rc = security_validate_transition(isec->sid, newsid, sid, 3227 isec->sclass);	3316 rc = security_validate_transition(&selinux_state, isec->sid, newsid, 3317 sid, isec->sclass);
3228 if (rc) 3229 return rc; 3230	3318 if (rc) 3319 return rc; 3320
3231 return avc_has_perm(newsid,	3321 return avc_has_perm(&selinux_state, 3322 newsid,
3232 sbsec->sid, 3233 SECCLASS_FILESYSTEM, 3234 FILESYSTEM__ASSOCIATE, 3235 &ad); 3236} 3237 3238static void selinux_inode_post_setxattr(struct dentry dentry, const char name, 3239 const void value, size_t size, --- 4 unchanged lines hidden* (view full) --- 3244 u32 newsid; 3245 int rc; 3246 3247 if (strcmp(name, XATTR_NAME_SELINUX)) { 3248 /* Not an attribute we recognize, so nothing to do. */ 3249 return; 3250 } 3251	3323 sbsec->sid, 3324 SECCLASS_FILESYSTEM, 3325 FILESYSTEM__ASSOCIATE, 3326 &ad); 3327} 3328 3329static void selinux_inode_post_setxattr(struct dentry dentry, const char name, 3330 const void value, size_t size, --- 4 unchanged lines hidden* (view full) --- 3335 u32 newsid; 3336 int rc; 3337 3338 if (strcmp(name, XATTR_NAME_SELINUX)) { 3339 /* Not an attribute we recognize, so nothing to do. */ 3340 return; 3341 } 3342
3252 rc = security_context_to_sid_force(value, size, &newsid);	3343 rc = security_context_to_sid_force(&selinux_state, value, size, 3344 &newsid);
3253 if (rc) { 3254 printk(KERN_ERR "SELinux: unable to map context to SID" 3255 "for (%s, %lu), rc=%d\n", 3256 inode->i_sb->s_id, inode->i_ino, -rc); 3257 return; 3258 } 3259 3260 isec = backing_inode_security(dentry); --- 58 unchanged lines hidden (view full) --- 3319 * use the in-core value under current policy. 3320 * Use the non-auditing forms of the permission checks since 3321 * getxattr may be called by unprivileged processes commonly 3322 * and lack of permission just means that we fall back to the 3323 * in-core context value, not a denial. 3324 */ 3325 isec = inode_security(inode); 3326 if (has_cap_mac_admin(false))	3345 if (rc) { 3346 printk(KERN_ERR "SELinux: unable to map context to SID" 3347 "for (%s, %lu), rc=%d\n", 3348 inode->i_sb->s_id, inode->i_ino, -rc); 3349 return; 3350 } 3351 3352 isec = backing_inode_security(dentry); --- 58 unchanged lines hidden (view full) --- 3411 * use the in-core value under current policy. 3412 * Use the non-auditing forms of the permission checks since 3413 * getxattr may be called by unprivileged processes commonly 3414 * and lack of permission just means that we fall back to the 3415 * in-core context value, not a denial. 3416 */ 3417 isec = inode_security(inode); 3418 if (has_cap_mac_admin(false))
3327 error = security_sid_to_context_force(isec->sid, &context,	3419 error = security_sid_to_context_force(&selinux_state, 3420 isec->sid, &context,
3328 &size); 3329 else	3421 &size); 3422 else
3330 error = security_sid_to_context(isec->sid, &context, &size);	3423 error = security_sid_to_context(&selinux_state, isec->sid, 3424 &context, &size);
3331 if (error) 3332 return error; 3333 error = size; 3334 if (alloc) { 3335 buffer = context; 3336 goto out_nofree; 3337 } 3338 kfree(context); --- 9 unchanged lines hidden* (view full) --- 3348 int rc; 3349 3350 if (strcmp(name, XATTR_SELINUX_SUFFIX)) 3351 return -EOPNOTSUPP; 3352 3353 if (!value \|\| !size) 3354 return -EACCES; 3355	3425 if (error) 3426 return error; 3427 error = size; 3428 if (alloc) { 3429 buffer = context; 3430 goto out_nofree; 3431 } 3432 kfree(context); --- 9 unchanged lines hidden* (view full) --- 3442 int rc; 3443 3444 if (strcmp(name, XATTR_SELINUX_SUFFIX)) 3445 return -EOPNOTSUPP; 3446 3447 if (!value \|\| !size) 3448 return -EACCES; 3449
3356 rc = security_context_to_sid(value, size, &newsid, GFP_KERNEL);	3450 rc = security_context_to_sid(&selinux_state, value, size, &newsid, 3451 GFP_KERNEL);
3357 if (rc) 3358 return rc; 3359 3360 spin_lock(&isec->lock); 3361 isec->sclass = inode_mode_to_security_class(inode->i_mode); 3362 isec->sid = newsid; 3363 isec->initialized = LABEL_INITIALIZED; 3364 spin_unlock(&isec->lock); --- 72 unchanged lines hidden (view full) --- 3437 u32 sid = current_sid(); 3438 3439 if (!mask) 3440 /* No permission to check. Existence test. */ 3441 return 0; 3442 3443 isec = inode_security(inode); 3444 if (sid == fsec->sid && fsec->isid == isec->sid &&	3452 if (rc) 3453 return rc; 3454 3455 spin_lock(&isec->lock); 3456 isec->sclass = inode_mode_to_security_class(inode->i_mode); 3457 isec->sid = newsid; 3458 isec->initialized = LABEL_INITIALIZED; 3459 spin_unlock(&isec->lock); --- 72 unchanged lines hidden (view full) --- 3532 u32 sid = current_sid(); 3533 3534 if (!mask) 3535 /* No permission to check. Existence test. */ 3536 return 0; 3537 3538 isec = inode_security(inode); 3539 if (sid == fsec->sid && fsec->isid == isec->sid &&
3445 fsec->pseqno == avc_policy_seqno())	3540 fsec->pseqno == avc_policy_seqno(&selinux_state))
3446 /* No change since file_open check. / 3447 return 0; 3448 3449 return selinux_revalidate_file_permission(file, mask); 3450} 3451 3452static int selinux_file_alloc_security(struct file file) 3453{ --- 23 unchanged lines hidden (view full) --- 3477 u8 xperm = cmd & 0xff; 3478 3479 ad.type = LSM_AUDIT_DATA_IOCTL_OP; 3480 ad.u.op = &ioctl; 3481 ad.u.op->cmd = cmd; 3482 ad.u.op->path = file->f_path; 3483 3484 if (ssid != fsec->sid) {	3541 /* No change since file_open check. / 3542 return 0; 3543 3544 return selinux_revalidate_file_permission(file, mask); 3545} 3546 3547static int selinux_file_alloc_security(struct file file) 3548{ --- 23 unchanged lines hidden (view full) --- 3572 u8 xperm = cmd & 0xff; 3573 3574 ad.type = LSM_AUDIT_DATA_IOCTL_OP; 3575 ad.u.op = &ioctl; 3576 ad.u.op->cmd = cmd; 3577 ad.u.op->path = file->f_path; 3578 3579 if (ssid != fsec->sid) {
3485 rc = avc_has_perm(ssid, fsec->sid,	3580 rc = avc_has_perm(&selinux_state, 3581 ssid, fsec->sid,
3486 SECCLASS_FD, 3487 FD__USE, 3488 &ad); 3489 if (rc) 3490 goto out; 3491 } 3492 3493 if (unlikely(IS_PRIVATE(inode))) 3494 return 0; 3495 3496 isec = inode_security(inode);	3582 SECCLASS_FD, 3583 FD__USE, 3584 &ad); 3585 if (rc) 3586 goto out; 3587 } 3588 3589 if (unlikely(IS_PRIVATE(inode))) 3590 return 0; 3591 3592 isec = inode_security(inode);
3497 rc = avc_has_extended_perms(ssid, isec->sid, isec->sclass, 3498 requested, driver, xperm, &ad);	3593 rc = avc_has_extended_perms(&selinux_state, 3594 ssid, isec->sid, isec->sclass, 3595 requested, driver, xperm, &ad);
3499out: 3500 return rc; 3501} 3502 3503static int selinux_file_ioctl(struct file file, unsigned int cmd, 3504 unsigned long arg) 3505{ 3506 const struct cred cred = current_cred(); --- 51 unchanged lines hidden (view full) --- 3558 if (default_noexec && 3559 (prot & PROT_EXEC) && (!file \|\| IS_PRIVATE(file_inode(file)) \|\| 3560 (!shared && (prot & PROT_WRITE)))) { 3561 /* 3562 * We are making executable an anonymous mapping or a 3563 * private file mapping that will also be writable. 3564 * This has an additional check. 3565 */	3596out: 3597 return rc; 3598} 3599 3600static int selinux_file_ioctl(struct file file, unsigned int cmd, 3601 unsigned long arg) 3602{ 3603 const struct cred cred = current_cred(); --- 51 unchanged lines hidden (view full) --- 3655 if (default_noexec && 3656 (prot & PROT_EXEC) && (!file \|\| IS_PRIVATE(file_inode(file)) \|\| 3657 (!shared && (prot & PROT_WRITE)))) { 3658 /* 3659 * We are making executable an anonymous mapping or a 3660 * private file mapping that will also be writable. 3661 * This has an additional check. 3662 */
3566 rc = avc_has_perm(sid, sid, SECCLASS_PROCESS,	3663 rc = avc_has_perm(&selinux_state, 3664 sid, sid, SECCLASS_PROCESS,
3567 PROCESS__EXECMEM, NULL); 3568 if (rc) 3569 goto error; 3570 } 3571 3572 if (file) { 3573 /* read access is always possible with a mapping / 3574 u32 av = FILE__READ; --- 13 unchanged lines hidden* (view full) --- 3588} 3589 3590static int selinux_mmap_addr(unsigned long addr) 3591{ 3592 int rc = 0; 3593 3594 if (addr < CONFIG_LSM_MMAP_MIN_ADDR) { 3595 u32 sid = current_sid();	3665 PROCESS__EXECMEM, NULL); 3666 if (rc) 3667 goto error; 3668 } 3669 3670 if (file) { 3671 /* read access is always possible with a mapping / 3672 u32 av = FILE__READ; --- 13 unchanged lines hidden* (view full) --- 3686} 3687 3688static int selinux_mmap_addr(unsigned long addr) 3689{ 3690 int rc = 0; 3691 3692 if (addr < CONFIG_LSM_MMAP_MIN_ADDR) { 3693 u32 sid = current_sid();
3596 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,	3694 rc = avc_has_perm(&selinux_state, 3695 sid, sid, SECCLASS_MEMPROTECT,
3597 MEMPROTECT__MMAP_ZERO, NULL); 3598 } 3599 3600 return rc; 3601} 3602 3603static int selinux_mmap_file(struct file file, unsigned long reqprot, 3604 unsigned long prot, unsigned long flags) --- 5 unchanged lines hidden* (view full) --- 3610 ad.type = LSM_AUDIT_DATA_FILE; 3611 ad.u.file = file; 3612 rc = inode_has_perm(current_cred(), file_inode(file), 3613 FILE__MAP, &ad); 3614 if (rc) 3615 return rc; 3616 } 3617	3696 MEMPROTECT__MMAP_ZERO, NULL); 3697 } 3698 3699 return rc; 3700} 3701 3702static int selinux_mmap_file(struct file file, unsigned long reqprot, 3703 unsigned long prot, unsigned long flags) --- 5 unchanged lines hidden* (view full) --- 3709 ad.type = LSM_AUDIT_DATA_FILE; 3710 ad.u.file = file; 3711 rc = inode_has_perm(current_cred(), file_inode(file), 3712 FILE__MAP, &ad); 3713 if (rc) 3714 return rc; 3715 } 3716
3618 if (selinux_checkreqprot)	3717 if (selinux_state.checkreqprot)
3619 prot = reqprot; 3620 3621 return file_map_prot_check(file, prot, 3622 (flags & MAP_TYPE) == MAP_SHARED); 3623} 3624 3625static int selinux_file_mprotect(struct vm_area_struct vma, 3626 unsigned long reqprot, 3627 unsigned long prot) 3628{ 3629 const struct cred cred = current_cred(); 3630 u32 sid = cred_sid(cred); 3631	3718 prot = reqprot; 3719 3720 return file_map_prot_check(file, prot, 3721 (flags & MAP_TYPE) == MAP_SHARED); 3722} 3723 3724static int selinux_file_mprotect(struct vm_area_struct vma, 3725 unsigned long reqprot, 3726 unsigned long prot) 3727{ 3728 const struct cred cred = current_cred(); 3729 u32 sid = cred_sid(cred); 3730
3632 if (selinux_checkreqprot)	3731 if (selinux_state.checkreqprot)
3633 prot = reqprot; 3634 3635 if (default_noexec && 3636 (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) { 3637 int rc = 0; 3638 if (vma->vm_start >= vma->vm_mm->start_brk && 3639 vma->vm_end <= vma->vm_mm->brk) {	3732 prot = reqprot; 3733 3734 if (default_noexec && 3735 (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) { 3736 int rc = 0; 3737 if (vma->vm_start >= vma->vm_mm->start_brk && 3738 vma->vm_end <= vma->vm_mm->brk) {
3640 rc = avc_has_perm(sid, sid, SECCLASS_PROCESS,	3739 rc = avc_has_perm(&selinux_state, 3740 sid, sid, SECCLASS_PROCESS,
3641 PROCESS__EXECHEAP, NULL); 3642 } else if (!vma->vm_file && 3643 ((vma->vm_start <= vma->vm_mm->start_stack && 3644 vma->vm_end >= vma->vm_mm->start_stack) \|\| 3645 vma_is_stack_for_current(vma))) {	3741 PROCESS__EXECHEAP, NULL); 3742 } else if (!vma->vm_file && 3743 ((vma->vm_start <= vma->vm_mm->start_stack && 3744 vma->vm_end >= vma->vm_mm->start_stack) \|\| 3745 vma_is_stack_for_current(vma))) {
3646 rc = avc_has_perm(sid, sid, SECCLASS_PROCESS,	3746 rc = avc_has_perm(&selinux_state, 3747 sid, sid, SECCLASS_PROCESS,
3647 PROCESS__EXECSTACK, NULL); 3648 } else if (vma->vm_file && vma->anon_vma) { 3649 /* 3650 * We are making executable a file mapping that has 3651 * had some COW done. Since pages might have been 3652 * written, check ability to execute the possibly 3653 * modified content. This typically should only 3654 * occur for text relocations. --- 75 unchanged lines hidden (view full) --- 3730 3731 fsec = file->f_security; 3732 3733 if (!signum) 3734 perm = signal_to_av(SIGIO); /* as per send_sigio_to_task */ 3735 else 3736 perm = signal_to_av(signum); 3737	3748 PROCESS__EXECSTACK, NULL); 3749 } else if (vma->vm_file && vma->anon_vma) { 3750 /* 3751 * We are making executable a file mapping that has 3752 * had some COW done. Since pages might have been 3753 * written, check ability to execute the possibly 3754 * modified content. This typically should only 3755 * occur for text relocations. --- 75 unchanged lines hidden (view full) --- 3831 3832 fsec = file->f_security; 3833 3834 if (!signum) 3835 perm = signal_to_av(SIGIO); /* as per send_sigio_to_task */ 3836 else 3837 perm = signal_to_av(signum); 3838
3738 return avc_has_perm(fsec->fown_sid, sid,	3839 return avc_has_perm(&selinux_state, 3840 fsec->fown_sid, sid,
3739 SECCLASS_PROCESS, perm, NULL); 3740} 3741 3742static int selinux_file_receive(struct file file) 3743{ 3744 const struct cred cred = current_cred(); 3745 3746 return file_has_perm(cred, file, file_to_av(file)); --- 9 unchanged lines hidden (view full) --- 3756 /* 3757 * Save inode label and policy sequence number 3758 * at open-time so that selinux_file_permission 3759 * can determine whether revalidation is necessary. 3760 * Task label is already saved in the file security 3761 * struct as its SID. 3762 */ 3763 fsec->isid = isec->sid;	3841 SECCLASS_PROCESS, perm, NULL); 3842} 3843 3844static int selinux_file_receive(struct file file) 3845{ 3846 const struct cred cred = current_cred(); 3847 3848 return file_has_perm(cred, file, file_to_av(file)); --- 9 unchanged lines hidden (view full) --- 3858 /* 3859 * Save inode label and policy sequence number 3860 * at open-time so that selinux_file_permission 3861 * can determine whether revalidation is necessary. 3862 * Task label is already saved in the file security 3863 * struct as its SID. 3864 */ 3865 fsec->isid = isec->sid;
3764 fsec->pseqno = avc_policy_seqno();	3866 fsec->pseqno = avc_policy_seqno(&selinux_state);
3765 /* 3766 * Since the inode label or policy seqno may have changed 3767 * between the selinux_inode_permission check and the saving 3768 * of state above, recheck that access is still permitted. 3769 * Otherwise, access might never be revalidated against the 3770 * new inode label or new policy. 3771 * This check is not redundant - do not remove. 3772 / 3773 return file_path_has_perm(cred, file, open_file_to_av(file)); 3774} 3775 3776/ task security operations / 3777 3778static int selinux_task_alloc(struct task_struct task, 3779 unsigned long clone_flags) 3780{ 3781 u32 sid = current_sid(); 3782	3867 /* 3868 * Since the inode label or policy seqno may have changed 3869 * between the selinux_inode_permission check and the saving 3870 * of state above, recheck that access is still permitted. 3871 * Otherwise, access might never be revalidated against the 3872 * new inode label or new policy. 3873 * This check is not redundant - do not remove. 3874 / 3875 return file_path_has_perm(cred, file, open_file_to_av(file)); 3876} 3877 3878/ task security operations / 3879 3880static int selinux_task_alloc(struct task_struct task, 3881 unsigned long clone_flags) 3882{ 3883 u32 sid = current_sid(); 3884
3783 return avc_has_perm(sid, sid, SECCLASS_PROCESS, PROCESS__FORK, NULL);	3885 return avc_has_perm(&selinux_state, 3886 sid, sid, SECCLASS_PROCESS, PROCESS__FORK, NULL);
3784} 3785 3786/* 3787 * allocate the SELinux part of blank credentials 3788 / 3789static int selinux_cred_alloc_blank(struct cred cred, gfp_t gfp) 3790{ 3791 struct task_security_struct tsec; --- 57 unchanged lines hidden* (view full) --- 3849 * - all the creation contexts are set to unlabelled 3850 / 3851static int selinux_kernel_act_as(struct cred new, u32 secid) 3852{ 3853 struct task_security_struct *tsec = new->security; 3854 u32 sid = current_sid(); 3855 int ret; 3856	3887} 3888 3889/* 3890 * allocate the SELinux part of blank credentials 3891 / 3892static int selinux_cred_alloc_blank(struct cred cred, gfp_t gfp) 3893{ 3894 struct task_security_struct tsec; --- 57 unchanged lines hidden* (view full) --- 3952 * - all the creation contexts are set to unlabelled 3953 / 3954static int selinux_kernel_act_as(struct cred new, u32 secid) 3955{ 3956 struct task_security_struct *tsec = new->security; 3957 u32 sid = current_sid(); 3958 int ret; 3959
3857 ret = avc_has_perm(sid, secid,	3960 ret = avc_has_perm(&selinux_state, 3961 sid, secid,
3858 SECCLASS_KERNEL_SERVICE, 3859 KERNEL_SERVICE__USE_AS_OVERRIDE, 3860 NULL); 3861 if (ret == 0) { 3862 tsec->sid = secid; 3863 tsec->create_sid = 0; 3864 tsec->keycreate_sid = 0; 3865 tsec->sockcreate_sid = 0; --- 7 unchanged lines hidden (view full) --- 3873 / 3874static int selinux_kernel_create_files_as(struct cred new, struct inode inode) 3875{ 3876 struct inode_security_struct isec = inode_security(inode); 3877 struct task_security_struct *tsec = new->security; 3878 u32 sid = current_sid(); 3879 int ret; 3880	3962 SECCLASS_KERNEL_SERVICE, 3963 KERNEL_SERVICE__USE_AS_OVERRIDE, 3964 NULL); 3965 if (ret == 0) { 3966 tsec->sid = secid; 3967 tsec->create_sid = 0; 3968 tsec->keycreate_sid = 0; 3969 tsec->sockcreate_sid = 0; --- 7 unchanged lines hidden (view full) --- 3977 / 3978static int selinux_kernel_create_files_as(struct cred new, struct inode inode) 3979{ 3980 struct inode_security_struct isec = inode_security(inode); 3981 struct task_security_struct *tsec = new->security; 3982 u32 sid = current_sid(); 3983 int ret; 3984
3881 ret = avc_has_perm(sid, isec->sid,	3985 ret = avc_has_perm(&selinux_state, 3986 sid, isec->sid,
3882 SECCLASS_KERNEL_SERVICE, 3883 KERNEL_SERVICE__CREATE_FILES_AS, 3884 NULL); 3885 3886 if (ret == 0) 3887 tsec->create_sid = isec->sid; 3888 return ret; 3889} 3890 3891static int selinux_kernel_module_request(char *kmod_name) 3892{ 3893 struct common_audit_data ad; 3894 3895 ad.type = LSM_AUDIT_DATA_KMOD; 3896 ad.u.kmod_name = kmod_name; 3897	3987 SECCLASS_KERNEL_SERVICE, 3988 KERNEL_SERVICE__CREATE_FILES_AS, 3989 NULL); 3990 3991 if (ret == 0) 3992 tsec->create_sid = isec->sid; 3993 return ret; 3994} 3995 3996static int selinux_kernel_module_request(char *kmod_name) 3997{ 3998 struct common_audit_data ad; 3999 4000 ad.type = LSM_AUDIT_DATA_KMOD; 4001 ad.u.kmod_name = kmod_name; 4002
3898 return avc_has_perm(current_sid(), SECINITSID_KERNEL, SECCLASS_SYSTEM,	4003 return avc_has_perm(&selinux_state, 4004 current_sid(), SECINITSID_KERNEL, SECCLASS_SYSTEM,
3899 SYSTEM__MODULE_REQUEST, &ad); 3900} 3901 3902static int selinux_kernel_module_from_file(struct file file) 3903{ 3904 struct common_audit_data ad; 3905 struct inode_security_struct isec; 3906 struct file_security_struct fsec; 3907 u32 sid = current_sid(); 3908 int rc; 3909 3910 / init_module */ 3911 if (file == NULL)	4005 SYSTEM__MODULE_REQUEST, &ad); 4006} 4007 4008static int selinux_kernel_module_from_file(struct file file) 4009{ 4010 struct common_audit_data ad; 4011 struct inode_security_struct isec; 4012 struct file_security_struct fsec; 4013 u32 sid = current_sid(); 4014 int rc; 4015 4016 / init_module */ 4017 if (file == NULL)
3912 return avc_has_perm(sid, sid, SECCLASS_SYSTEM,	4018 return avc_has_perm(&selinux_state, 4019 sid, sid, SECCLASS_SYSTEM,
3913 SYSTEM__MODULE_LOAD, NULL); 3914 3915 /* finit_module */ 3916 3917 ad.type = LSM_AUDIT_DATA_FILE; 3918 ad.u.file = file; 3919 3920 fsec = file->f_security; 3921 if (sid != fsec->sid) {	4020 SYSTEM__MODULE_LOAD, NULL); 4021 4022 /* finit_module */ 4023 4024 ad.type = LSM_AUDIT_DATA_FILE; 4025 ad.u.file = file; 4026 4027 fsec = file->f_security; 4028 if (sid != fsec->sid) {
3922 rc = avc_has_perm(sid, fsec->sid, SECCLASS_FD, FD__USE, &ad);	4029 rc = avc_has_perm(&selinux_state, 4030 sid, fsec->sid, SECCLASS_FD, FD__USE, &ad);
3923 if (rc) 3924 return rc; 3925 } 3926 3927 isec = inode_security(file_inode(file));	4031 if (rc) 4032 return rc; 4033 } 4034 4035 isec = inode_security(file_inode(file));
3928 return avc_has_perm(sid, isec->sid, SECCLASS_SYSTEM,	4036 return avc_has_perm(&selinux_state, 4037 sid, isec->sid, SECCLASS_SYSTEM,
3929 SYSTEM__MODULE_LOAD, &ad); 3930} 3931 3932static int selinux_kernel_read_file(struct file file, 3933 enum kernel_read_file_id id) 3934{ 3935 int rc = 0; 3936 --- 5 unchanged lines hidden* (view full) --- 3942 break; 3943 } 3944 3945 return rc; 3946} 3947 3948static int selinux_task_setpgid(struct task_struct *p, pid_t pgid) 3949{	4038 SYSTEM__MODULE_LOAD, &ad); 4039} 4040 4041static int selinux_kernel_read_file(struct file file, 4042 enum kernel_read_file_id id) 4043{ 4044 int rc = 0; 4045 --- 5 unchanged lines hidden* (view full) --- 4051 break; 4052 } 4053 4054 return rc; 4055} 4056 4057static int selinux_task_setpgid(struct task_struct *p, pid_t pgid) 4058{
3950 return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS,	4059 return avc_has_perm(&selinux_state, 4060 current_sid(), task_sid(p), SECCLASS_PROCESS,
3951 PROCESS__SETPGID, NULL); 3952} 3953 3954static int selinux_task_getpgid(struct task_struct *p) 3955{	4061 PROCESS__SETPGID, NULL); 4062} 4063 4064static int selinux_task_getpgid(struct task_struct *p) 4065{
3956 return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS,	4066 return avc_has_perm(&selinux_state, 4067 current_sid(), task_sid(p), SECCLASS_PROCESS,
3957 PROCESS__GETPGID, NULL); 3958} 3959 3960static int selinux_task_getsid(struct task_struct *p) 3961{	4068 PROCESS__GETPGID, NULL); 4069} 4070 4071static int selinux_task_getsid(struct task_struct *p) 4072{
3962 return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS,	4073 return avc_has_perm(&selinux_state, 4074 current_sid(), task_sid(p), SECCLASS_PROCESS,
3963 PROCESS__GETSESSION, NULL); 3964} 3965 3966static void selinux_task_getsecid(struct task_struct p, u32 secid) 3967{ 3968 secid = task_sid(p); 3969} 3970 3971static int selinux_task_setnice(struct task_struct p, int nice) 3972{	4075 PROCESS__GETSESSION, NULL); 4076} 4077 4078static void selinux_task_getsecid(struct task_struct p, u32 secid) 4079{ 4080 secid = task_sid(p); 4081} 4082 4083static int selinux_task_setnice(struct task_struct p, int nice) 4084{
3973 return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS,	4085 return avc_has_perm(&selinux_state, 4086 current_sid(), task_sid(p), SECCLASS_PROCESS,
3974 PROCESS__SETSCHED, NULL); 3975} 3976 3977static int selinux_task_setioprio(struct task_struct *p, int ioprio) 3978{	4087 PROCESS__SETSCHED, NULL); 4088} 4089 4090static int selinux_task_setioprio(struct task_struct *p, int ioprio) 4091{
3979 return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS,	4092 return avc_has_perm(&selinux_state, 4093 current_sid(), task_sid(p), SECCLASS_PROCESS,
3980 PROCESS__SETSCHED, NULL); 3981} 3982 3983static int selinux_task_getioprio(struct task_struct *p) 3984{	4094 PROCESS__SETSCHED, NULL); 4095} 4096 4097static int selinux_task_getioprio(struct task_struct *p) 4098{
3985 return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS,	4099 return avc_has_perm(&selinux_state, 4100 current_sid(), task_sid(p), SECCLASS_PROCESS,
3986 PROCESS__GETSCHED, NULL); 3987} 3988 3989static int selinux_task_prlimit(const struct cred cred, const struct cred tcred, 3990 unsigned int flags) 3991{ 3992 u32 av = 0; 3993 3994 if (!flags) 3995 return 0; 3996 if (flags & LSM_PRLIMIT_WRITE) 3997 av \|= PROCESS__SETRLIMIT; 3998 if (flags & LSM_PRLIMIT_READ) 3999 av \|= PROCESS__GETRLIMIT;	4101 PROCESS__GETSCHED, NULL); 4102} 4103 4104static int selinux_task_prlimit(const struct cred cred, const struct cred tcred, 4105 unsigned int flags) 4106{ 4107 u32 av = 0; 4108 4109 if (!flags) 4110 return 0; 4111 if (flags & LSM_PRLIMIT_WRITE) 4112 av \|= PROCESS__SETRLIMIT; 4113 if (flags & LSM_PRLIMIT_READ) 4114 av \|= PROCESS__GETRLIMIT;
4000 return avc_has_perm(cred_sid(cred), cred_sid(tcred),	4115 return avc_has_perm(&selinux_state, 4116 cred_sid(cred), cred_sid(tcred),
4001 SECCLASS_PROCESS, av, NULL); 4002} 4003 4004static int selinux_task_setrlimit(struct task_struct p, unsigned int resource, 4005 struct rlimit new_rlim) 4006{ 4007 struct rlimit old_rlim = p->signal->rlim + resource; 4008 4009 / Control the ability to change the hard limit (whether 4010 lowering or raising it), so that the hard limit can 4011 later be used as a safe reset point for the soft limit 4012 upon context transitions. See selinux_bprm_committing_creds. */ 4013 if (old_rlim->rlim_max != new_rlim->rlim_max)	4117 SECCLASS_PROCESS, av, NULL); 4118} 4119 4120static int selinux_task_setrlimit(struct task_struct p, unsigned int resource, 4121 struct rlimit new_rlim) 4122{ 4123 struct rlimit old_rlim = p->signal->rlim + resource; 4124 4125 / Control the ability to change the hard limit (whether 4126 lowering or raising it), so that the hard limit can 4127 later be used as a safe reset point for the soft limit 4128 upon context transitions. See selinux_bprm_committing_creds. */ 4129 if (old_rlim->rlim_max != new_rlim->rlim_max)
4014 return avc_has_perm(current_sid(), task_sid(p),	4130 return avc_has_perm(&selinux_state, 4131 current_sid(), task_sid(p),
4015 SECCLASS_PROCESS, PROCESS__SETRLIMIT, NULL); 4016 4017 return 0; 4018} 4019 4020static int selinux_task_setscheduler(struct task_struct *p) 4021{	4132 SECCLASS_PROCESS, PROCESS__SETRLIMIT, NULL); 4133 4134 return 0; 4135} 4136 4137static int selinux_task_setscheduler(struct task_struct *p) 4138{
4022 return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS,	4139 return avc_has_perm(&selinux_state, 4140 current_sid(), task_sid(p), SECCLASS_PROCESS,
4023 PROCESS__SETSCHED, NULL); 4024} 4025 4026static int selinux_task_getscheduler(struct task_struct *p) 4027{	4141 PROCESS__SETSCHED, NULL); 4142} 4143 4144static int selinux_task_getscheduler(struct task_struct *p) 4145{
4028 return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS,	4146 return avc_has_perm(&selinux_state, 4147 current_sid(), task_sid(p), SECCLASS_PROCESS,
4029 PROCESS__GETSCHED, NULL); 4030} 4031 4032static int selinux_task_movememory(struct task_struct *p) 4033{	4148 PROCESS__GETSCHED, NULL); 4149} 4150 4151static int selinux_task_movememory(struct task_struct *p) 4152{
4034 return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS,	4153 return avc_has_perm(&selinux_state, 4154 current_sid(), task_sid(p), SECCLASS_PROCESS,
4035 PROCESS__SETSCHED, NULL); 4036} 4037 4038static int selinux_task_kill(struct task_struct p, struct siginfo info,	4155 PROCESS__SETSCHED, NULL); 4156} 4157 4158static int selinux_task_kill(struct task_struct p, struct siginfo info,
4039 int sig, const struct cred *cred)	4159 int sig, u32 secid)
4040{	4160{
4041 u32 secid;
4042 u32 perm; 4043 4044 if (!sig) 4045 perm = PROCESS__SIGNULL; /* null signal; existence test */ 4046 else 4047 perm = signal_to_av(sig);	4161 u32 perm; 4162 4163 if (!sig) 4164 perm = PROCESS__SIGNULL; /* null signal; existence test */ 4165 else 4166 perm = signal_to_av(sig);
4048 if (!cred)	4167 if (!secid)
4049 secid = current_sid();	4168 secid = current_sid();
4050 else 4051 secid = cred_sid(cred); 4052 return avc_has_perm(secid, task_sid(p), SECCLASS_PROCESS, perm, NULL);	4169 return avc_has_perm(&selinux_state, 4170 secid, task_sid(p), SECCLASS_PROCESS, perm, NULL);
4053} 4054 4055static void selinux_task_to_inode(struct task_struct p, 4056 struct inode inode) 4057{ 4058 struct inode_security_struct isec = inode->i_security; 4059 u32 sid = task_sid(p); 4060 --- 71 unchanged lines hidden* (view full) --- 4132 if (dh == NULL) 4133 break; 4134 4135 ad->u.net->sport = dh->dccph_sport; 4136 ad->u.net->dport = dh->dccph_dport; 4137 break; 4138 } 4139	4171} 4172 4173static void selinux_task_to_inode(struct task_struct p, 4174 struct inode inode) 4175{ 4176 struct inode_security_struct isec = inode->i_security; 4177 u32 sid = task_sid(p); 4178 --- 71 unchanged lines hidden* (view full) --- 4250 if (dh == NULL) 4251 break; 4252 4253 ad->u.net->sport = dh->dccph_sport; 4254 ad->u.net->dport = dh->dccph_dport; 4255 break; 4256 } 4257
	4258#if IS_ENABLED(CONFIG_IP_SCTP) 4259 case IPPROTO_SCTP: { 4260 struct sctphdr _sctph, *sh; 4261 4262 if (ntohs(ih->frag_off) & IP_OFFSET) 4263 break; 4264 4265 offset += ihlen; 4266 sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph); 4267 if (sh == NULL) 4268 break; 4269 4270 ad->u.net->sport = sh->source; 4271 ad->u.net->dport = sh->dest; 4272 break; 4273 } 4274#endif
4140 default: 4141 break; 4142 } 4143out: 4144 return ret; 4145} 4146 4147#if IS_ENABLED(CONFIG_IPV6) --- 57 unchanged lines hidden (view full) --- 4205 if (dh == NULL) 4206 break; 4207 4208 ad->u.net->sport = dh->dccph_sport; 4209 ad->u.net->dport = dh->dccph_dport; 4210 break; 4211 } 4212	4275 default: 4276 break; 4277 } 4278out: 4279 return ret; 4280} 4281 4282#if IS_ENABLED(CONFIG_IPV6) --- 57 unchanged lines hidden (view full) --- 4340 if (dh == NULL) 4341 break; 4342 4343 ad->u.net->sport = dh->dccph_sport; 4344 ad->u.net->dport = dh->dccph_dport; 4345 break; 4346 } 4347
	4348#if IS_ENABLED(CONFIG_IP_SCTP) 4349 case IPPROTO_SCTP: { 4350 struct sctphdr _sctph, *sh; 4351 4352 sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph); 4353 if (sh == NULL) 4354 break; 4355 4356 ad->u.net->sport = sh->source; 4357 ad->u.net->dport = sh->dest; 4358 break; 4359 } 4360#endif
4213 /* includes fragments / 4214 default: 4215 break; 4216 } 4217out: 4218 return ret; 4219} 4220 --- 64 unchanged lines hidden* (view full) --- 4285 4286 err = selinux_xfrm_skb_sid(skb, &xfrm_sid); 4287 if (unlikely(err)) 4288 return -EACCES; 4289 err = selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid); 4290 if (unlikely(err)) 4291 return -EACCES; 4292	4361 /* includes fragments / 4362 default: 4363 break; 4364 } 4365out: 4366 return ret; 4367} 4368 --- 64 unchanged lines hidden* (view full) --- 4433 4434 err = selinux_xfrm_skb_sid(skb, &xfrm_sid); 4435 if (unlikely(err)) 4436 return -EACCES; 4437 err = selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid); 4438 if (unlikely(err)) 4439 return -EACCES; 4440
4293 err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);	4441 err = security_net_peersid_resolve(&selinux_state, nlbl_sid, 4442 nlbl_type, xfrm_sid, sid);
4294 if (unlikely(err)) { 4295 printk(KERN_WARNING 4296 "SELinux: failure in selinux_skb_peerlbl_sid()," 4297 " unable to determine packet's peer label\n"); 4298 return -EACCES; 4299 } 4300 4301 return 0; --- 11 unchanged lines hidden (view full) --- 4313 * of @sk_sid. Returns zero on success, negative values on failure. 4314 * 4315 / 4316static int selinux_conn_sid(u32 sk_sid, u32 skb_sid, u32 conn_sid) 4317{ 4318 int err = 0; 4319 4320 if (skb_sid != SECSID_NULL)	4443 if (unlikely(err)) { 4444 printk(KERN_WARNING 4445 "SELinux: failure in selinux_skb_peerlbl_sid()," 4446 " unable to determine packet's peer label\n"); 4447 return -EACCES; 4448 } 4449 4450 return 0; --- 11 unchanged lines hidden (view full) --- 4462 * of @sk_sid. Returns zero on success, negative values on failure. 4463 * 4464 / 4465static int selinux_conn_sid(u32 sk_sid, u32 skb_sid, u32 conn_sid) 4466{ 4467 int err = 0; 4468 4469 if (skb_sid != SECSID_NULL)
4321 err = security_sid_mls_copy(sk_sid, skb_sid, conn_sid);	4470 err = security_sid_mls_copy(&selinux_state, sk_sid, skb_sid, 4471 conn_sid);
4322 else 4323 conn_sid = sk_sid; 4324 4325 return err; 4326} 4327 4328/ socket security operations / 4329 4330static int socket_sockcreate_sid(const struct task_security_struct tsec, 4331 u16 secclass, u32 socksid) 4332{ 4333 if (tsec->sockcreate_sid > SECSID_NULL) { 4334 socksid = tsec->sockcreate_sid; 4335 return 0; 4336 } 4337	4472 else 4473 conn_sid = sk_sid; 4474 4475 return err; 4476} 4477 4478/ socket security operations / 4479 4480static int socket_sockcreate_sid(const struct task_security_struct tsec, 4481 u16 secclass, u32 socksid) 4482{ 4483 if (tsec->sockcreate_sid > SECSID_NULL) { 4484 socksid = tsec->sockcreate_sid; 4485 return 0; 4486 } 4487
4338 return security_transition_sid(tsec->sid, tsec->sid, secclass, NULL, 4339 socksid);	4488 return security_transition_sid(&selinux_state, tsec->sid, tsec->sid, 4489 secclass, NULL, socksid);
4340} 4341 4342static int sock_has_perm(struct sock sk, u32 perms) 4343{ 4344 struct sk_security_struct sksec = sk->sk_security; 4345 struct common_audit_data ad; 4346 struct lsm_network_audit net = {0,}; 4347 4348 if (sksec->sid == SECINITSID_KERNEL) 4349 return 0; 4350 4351 ad.type = LSM_AUDIT_DATA_NET; 4352 ad.u.net = &net; 4353 ad.u.net->sk = sk; 4354	4490} 4491 4492static int sock_has_perm(struct sock sk, u32 perms) 4493{ 4494 struct sk_security_struct sksec = sk->sk_security; 4495 struct common_audit_data ad; 4496 struct lsm_network_audit net = {0,}; 4497 4498 if (sksec->sid == SECINITSID_KERNEL) 4499 return 0; 4500 4501 ad.type = LSM_AUDIT_DATA_NET; 4502 ad.u.net = &net; 4503 ad.u.net->sk = sk; 4504
4355 return avc_has_perm(current_sid(), sksec->sid, sksec->sclass, perms,	4505 return avc_has_perm(&selinux_state, 4506 current_sid(), sksec->sid, sksec->sclass, perms,
4356 &ad); 4357} 4358 4359static int selinux_socket_create(int family, int type, 4360 int protocol, int kern) 4361{ 4362 const struct task_security_struct *tsec = current_security(); 4363 u32 newsid; 4364 u16 secclass; 4365 int rc; 4366 4367 if (kern) 4368 return 0; 4369 4370 secclass = socket_type_to_security_class(family, type, protocol); 4371 rc = socket_sockcreate_sid(tsec, secclass, &newsid); 4372 if (rc) 4373 return rc; 4374	4507 &ad); 4508} 4509 4510static int selinux_socket_create(int family, int type, 4511 int protocol, int kern) 4512{ 4513 const struct task_security_struct *tsec = current_security(); 4514 u32 newsid; 4515 u16 secclass; 4516 int rc; 4517 4518 if (kern) 4519 return 0; 4520 4521 secclass = socket_type_to_security_class(family, type, protocol); 4522 rc = socket_sockcreate_sid(tsec, secclass, &newsid); 4523 if (rc) 4524 return rc; 4525
4375 return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);	4526 return avc_has_perm(&selinux_state, 4527 tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
4376} 4377 4378static int selinux_socket_post_create(struct socket sock, int family, 4379 int type, int protocol, int kern) 4380{ 4381 const struct task_security_struct tsec = current_security(); 4382 struct inode_security_struct isec = inode_security_novalidate(SOCK_INODE(sock)); 4383 struct sk_security_struct sksec; --- 10 unchanged lines hidden (view full) --- 4394 isec->sclass = sclass; 4395 isec->sid = sid; 4396 isec->initialized = LABEL_INITIALIZED; 4397 4398 if (sock->sk) { 4399 sksec = sock->sk->sk_security; 4400 sksec->sclass = sclass; 4401 sksec->sid = sid;	4528} 4529 4530static int selinux_socket_post_create(struct socket sock, int family, 4531 int type, int protocol, int kern) 4532{ 4533 const struct task_security_struct tsec = current_security(); 4534 struct inode_security_struct isec = inode_security_novalidate(SOCK_INODE(sock)); 4535 struct sk_security_struct sksec; --- 10 unchanged lines hidden (view full) --- 4546 isec->sclass = sclass; 4547 isec->sid = sid; 4548 isec->initialized = LABEL_INITIALIZED; 4549 4550 if (sock->sk) { 4551 sksec = sock->sk->sk_security; 4552 sksec->sclass = sclass; 4553 sksec->sid = sid;
	4554 /* Allows detection of the first association on this socket */ 4555 if (sksec->sclass == SECCLASS_SCTP_SOCKET) 4556 sksec->sctp_assoc_state = SCTP_ASSOC_UNSET; 4557
4402 err = selinux_netlbl_socket_post_create(sock->sk, family); 4403 } 4404 4405 return err; 4406} 4407 4408/* Range of port numbers used to automatically bind. 4409 Need to determine whether we should perform a name_bind --- 4 unchanged lines hidden (view full) --- 4414 struct sock *sk = sock->sk; 4415 u16 family; 4416 int err; 4417 4418 err = sock_has_perm(sk, SOCKET__BIND); 4419 if (err) 4420 goto out; 4421	4558 err = selinux_netlbl_socket_post_create(sock->sk, family); 4559 } 4560 4561 return err; 4562} 4563 4564/* Range of port numbers used to automatically bind. 4565 Need to determine whether we should perform a name_bind --- 4 unchanged lines hidden (view full) --- 4570 struct sock *sk = sock->sk; 4571 u16 family; 4572 int err; 4573 4574 err = sock_has_perm(sk, SOCKET__BIND); 4575 if (err) 4576 goto out; 4577
4422 /* 4423 * If PF_INET or PF_INET6, check name_bind permission for the port. 4424 * Multiple address binding for SCTP is not supported yet: we just 4425 * check the first address now. 4426 */	4578 /* If PF_INET or PF_INET6, check name_bind permission for the port. */
4427 family = sk->sk_family; 4428 if (family == PF_INET \|\| family == PF_INET6) { 4429 char addrp; 4430 struct sk_security_struct sksec = sk->sk_security; 4431 struct common_audit_data ad; 4432 struct lsm_network_audit net = {0,}; 4433 struct sockaddr_in addr4 = NULL; 4434 struct sockaddr_in6 addr6 = NULL; 4435 unsigned short snum; 4436 u32 sid, node_perm; 4437	4579 family = sk->sk_family; 4580 if (family == PF_INET \|\| family == PF_INET6) { 4581 char addrp; 4582 struct sk_security_struct sksec = sk->sk_security; 4583 struct common_audit_data ad; 4584 struct lsm_network_audit net = {0,}; 4585 struct sockaddr_in addr4 = NULL; 4586 struct sockaddr_in6 addr6 = NULL; 4587 unsigned short snum; 4588 u32 sid, node_perm; 4589
4438 if (family == PF_INET) { 4439 if (addrlen < sizeof(struct sockaddr_in)) { 4440 err = -EINVAL; 4441 goto out; 4442 }	4590 /* 4591 * sctp_bindx(3) calls via selinux_sctp_bind_connect() 4592 * that validates multiple binding addresses. Because of this 4593 * need to check address->sa_family as it is possible to have 4594 * sk->sk_family = PF_INET6 with addr->sa_family = AF_INET. 4595 */ 4596 switch (address->sa_family) { 4597 case AF_INET: 4598 if (addrlen < sizeof(struct sockaddr_in)) 4599 return -EINVAL;
4443 addr4 = (struct sockaddr_in )address; 4444 snum = ntohs(addr4->sin_port); 4445 addrp = (char )&addr4->sin_addr.s_addr;	4600 addr4 = (struct sockaddr_in )address; 4601 snum = ntohs(addr4->sin_port); 4602 addrp = (char )&addr4->sin_addr.s_addr;
4446 } else { 4447 if (addrlen < SIN6_LEN_RFC2133) { 4448 err = -EINVAL; 4449 goto out; 4450 }	4603 break; 4604 case AF_INET6: 4605 if (addrlen < SIN6_LEN_RFC2133) 4606 return -EINVAL;
4451 addr6 = (struct sockaddr_in6 )address; 4452 snum = ntohs(addr6->sin6_port); 4453 addrp = (char )&addr6->sin6_addr.s6_addr;	4607 addr6 = (struct sockaddr_in6 )address; 4608 snum = ntohs(addr6->sin6_port); 4609 addrp = (char )&addr6->sin6_addr.s6_addr;
	4610 break; 4611 default: 4612 /* Note that SCTP services expect -EINVAL, whereas 4613 * others expect -EAFNOSUPPORT. 4614 */ 4615 if (sksec->sclass == SECCLASS_SCTP_SOCKET) 4616 return -EINVAL; 4617 else 4618 return -EAFNOSUPPORT;
4454 } 4455 4456 if (snum) { 4457 int low, high; 4458 4459 inet_get_local_port_range(sock_net(sk), &low, &high); 4460 4461 if (snum < max(inet_prot_sock(sock_net(sk)), low) \|\| 4462 snum > high) { 4463 err = sel_netport_sid(sk->sk_protocol, 4464 snum, &sid); 4465 if (err) 4466 goto out; 4467 ad.type = LSM_AUDIT_DATA_NET; 4468 ad.u.net = &net; 4469 ad.u.net->sport = htons(snum); 4470 ad.u.net->family = family;	4619 } 4620 4621 if (snum) { 4622 int low, high; 4623 4624 inet_get_local_port_range(sock_net(sk), &low, &high); 4625 4626 if (snum < max(inet_prot_sock(sock_net(sk)), low) \|\| 4627 snum > high) { 4628 err = sel_netport_sid(sk->sk_protocol, 4629 snum, &sid); 4630 if (err) 4631 goto out; 4632 ad.type = LSM_AUDIT_DATA_NET; 4633 ad.u.net = &net; 4634 ad.u.net->sport = htons(snum); 4635 ad.u.net->family = family;
4471 err = avc_has_perm(sksec->sid, sid,	4636 err = avc_has_perm(&selinux_state, 4637 sksec->sid, sid,
4472 sksec->sclass, 4473 SOCKET__NAME_BIND, &ad); 4474 if (err) 4475 goto out; 4476 } 4477 } 4478 4479 switch (sksec->sclass) { --- 4 unchanged lines hidden (view full) --- 4484 case SECCLASS_UDP_SOCKET: 4485 node_perm = UDP_SOCKET__NODE_BIND; 4486 break; 4487 4488 case SECCLASS_DCCP_SOCKET: 4489 node_perm = DCCP_SOCKET__NODE_BIND; 4490 break; 4491	4638 sksec->sclass, 4639 SOCKET__NAME_BIND, &ad); 4640 if (err) 4641 goto out; 4642 } 4643 } 4644 4645 switch (sksec->sclass) { --- 4 unchanged lines hidden (view full) --- 4650 case SECCLASS_UDP_SOCKET: 4651 node_perm = UDP_SOCKET__NODE_BIND; 4652 break; 4653 4654 case SECCLASS_DCCP_SOCKET: 4655 node_perm = DCCP_SOCKET__NODE_BIND; 4656 break; 4657
	4658 case SECCLASS_SCTP_SOCKET: 4659 node_perm = SCTP_SOCKET__NODE_BIND; 4660 break; 4661
4492 default: 4493 node_perm = RAWIP_SOCKET__NODE_BIND; 4494 break; 4495 } 4496 4497 err = sel_netnode_sid(addrp, family, &sid); 4498 if (err) 4499 goto out; 4500 4501 ad.type = LSM_AUDIT_DATA_NET; 4502 ad.u.net = &net; 4503 ad.u.net->sport = htons(snum); 4504 ad.u.net->family = family; 4505	4662 default: 4663 node_perm = RAWIP_SOCKET__NODE_BIND; 4664 break; 4665 } 4666 4667 err = sel_netnode_sid(addrp, family, &sid); 4668 if (err) 4669 goto out; 4670 4671 ad.type = LSM_AUDIT_DATA_NET; 4672 ad.u.net = &net; 4673 ad.u.net->sport = htons(snum); 4674 ad.u.net->family = family; 4675
4506 if (family == PF_INET)	4676 if (address->sa_family == AF_INET)
4507 ad.u.net->v4info.saddr = addr4->sin_addr.s_addr; 4508 else 4509 ad.u.net->v6info.saddr = addr6->sin6_addr; 4510	4677 ad.u.net->v4info.saddr = addr4->sin_addr.s_addr; 4678 else 4679 ad.u.net->v6info.saddr = addr6->sin6_addr; 4680
4511 err = avc_has_perm(sksec->sid, sid,	4681 err = avc_has_perm(&selinux_state, 4682 sksec->sid, sid,
4512 sksec->sclass, node_perm, &ad); 4513 if (err) 4514 goto out; 4515 } 4516out: 4517 return err; 4518} 4519	4683 sksec->sclass, node_perm, &ad); 4684 if (err) 4685 goto out; 4686 } 4687out: 4688 return err; 4689} 4690
4520static int selinux_socket_connect(struct socket sock, struct sockaddr address, int addrlen)	4691/* This supports connect(2) and SCTP connect services such as sctp_connectx(3) 4692 * and sctp_sendmsg(3) as described in Documentation/security/LSM-sctp.txt 4693 / 4694static int selinux_socket_connect_helper(struct socket sock, 4695 struct sockaddr *address, int addrlen)
4521{ 4522 struct sock sk = sock->sk; 4523 struct sk_security_struct sksec = sk->sk_security; 4524 int err; 4525 4526 err = sock_has_perm(sk, SOCKET__CONNECT); 4527 if (err) 4528 return err; 4529 4530 /*	4696{ 4697 struct sock sk = sock->sk; 4698 struct sk_security_struct sksec = sk->sk_security; 4699 int err; 4700 4701 err = sock_has_perm(sk, SOCKET__CONNECT); 4702 if (err) 4703 return err; 4704 4705 /*
4531 * If a TCP or DCCP socket, check name_connect permission for the port.	4706 * If a TCP, DCCP or SCTP socket, check name_connect permission 4707 * for the port.
4532 */ 4533 if (sksec->sclass == SECCLASS_TCP_SOCKET \|\|	4708 */ 4709 if (sksec->sclass == SECCLASS_TCP_SOCKET \|\|
4534 sksec->sclass == SECCLASS_DCCP_SOCKET) {	4710 sksec->sclass == SECCLASS_DCCP_SOCKET \|\| 4711 sksec->sclass == SECCLASS_SCTP_SOCKET) {
4535 struct common_audit_data ad; 4536 struct lsm_network_audit net = {0,}; 4537 struct sockaddr_in addr4 = NULL; 4538 struct sockaddr_in6 addr6 = NULL; 4539 unsigned short snum; 4540 u32 sid, perm; 4541	4712 struct common_audit_data ad; 4713 struct lsm_network_audit net = {0,}; 4714 struct sockaddr_in addr4 = NULL; 4715 struct sockaddr_in6 addr6 = NULL; 4716 unsigned short snum; 4717 u32 sid, perm; 4718
4542 if (sk->sk_family == PF_INET) {	4719 /* sctp_connectx(3) calls via selinux_sctp_bind_connect() 4720 * that validates multiple connect addresses. Because of this 4721 * need to check address->sa_family as it is possible to have 4722 * sk->sk_family = PF_INET6 with addr->sa_family = AF_INET. 4723 */ 4724 switch (address->sa_family) { 4725 case AF_INET:
4543 addr4 = (struct sockaddr_in *)address; 4544 if (addrlen < sizeof(struct sockaddr_in)) 4545 return -EINVAL; 4546 snum = ntohs(addr4->sin_port);	4726 addr4 = (struct sockaddr_in *)address; 4727 if (addrlen < sizeof(struct sockaddr_in)) 4728 return -EINVAL; 4729 snum = ntohs(addr4->sin_port);
4547 } else {	4730 break; 4731 case AF_INET6:
4548 addr6 = (struct sockaddr_in6 *)address; 4549 if (addrlen < SIN6_LEN_RFC2133) 4550 return -EINVAL; 4551 snum = ntohs(addr6->sin6_port);	4732 addr6 = (struct sockaddr_in6 *)address; 4733 if (addrlen < SIN6_LEN_RFC2133) 4734 return -EINVAL; 4735 snum = ntohs(addr6->sin6_port);
	4736 break; 4737 default: 4738 /* Note that SCTP services expect -EINVAL, whereas 4739 * others expect -EAFNOSUPPORT. 4740 */ 4741 if (sksec->sclass == SECCLASS_SCTP_SOCKET) 4742 return -EINVAL; 4743 else 4744 return -EAFNOSUPPORT;
4552 } 4553 4554 err = sel_netport_sid(sk->sk_protocol, snum, &sid); 4555 if (err)	4745 } 4746 4747 err = sel_netport_sid(sk->sk_protocol, snum, &sid); 4748 if (err)
4556 goto out;	4749 return err;
4557	4750
4558 perm = (sksec->sclass == SECCLASS_TCP_SOCKET) ? 4559 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;	4751 switch (sksec->sclass) { 4752 case SECCLASS_TCP_SOCKET: 4753 perm = TCP_SOCKET__NAME_CONNECT; 4754 break; 4755 case SECCLASS_DCCP_SOCKET: 4756 perm = DCCP_SOCKET__NAME_CONNECT; 4757 break; 4758 case SECCLASS_SCTP_SOCKET: 4759 perm = SCTP_SOCKET__NAME_CONNECT; 4760 break; 4761 }
4560 4561 ad.type = LSM_AUDIT_DATA_NET; 4562 ad.u.net = &net; 4563 ad.u.net->dport = htons(snum); 4564 ad.u.net->family = sk->sk_family;	4762 4763 ad.type = LSM_AUDIT_DATA_NET; 4764 ad.u.net = &net; 4765 ad.u.net->dport = htons(snum); 4766 ad.u.net->family = sk->sk_family;
4565 err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad);	4767 err = avc_has_perm(&selinux_state, 4768 sksec->sid, sid, sksec->sclass, perm, &ad);
4566 if (err)	4769 if (err)
4567 goto out;	4770 return err;
4568 } 4569	4771 } 4772
4570 err = selinux_netlbl_socket_connect(sk, address);	4773 return 0; 4774}
4571	4775
4572out: 4573 return err;	4776/* Supports connect(2), see comments in selinux_socket_connect_helper() / 4777static int selinux_socket_connect(struct socket sock, 4778 struct sockaddr address, int addrlen) 4779{ 4780 int err; 4781 struct sock sk = sock->sk; 4782 4783 err = selinux_socket_connect_helper(sock, address, addrlen); 4784 if (err) 4785 return err; 4786 4787 return selinux_netlbl_socket_connect(sk, address);
4574} 4575 4576static int selinux_socket_listen(struct socket sock, int backlog) 4577{ 4578 return sock_has_perm(sock->sk, SOCKET__LISTEN); 4579} 4580 4581static int selinux_socket_accept(struct socket sock, struct socket newsock) --- 76 unchanged lines hidden* (view full) --- 4658 struct common_audit_data ad; 4659 struct lsm_network_audit net = {0,}; 4660 int err; 4661 4662 ad.type = LSM_AUDIT_DATA_NET; 4663 ad.u.net = &net; 4664 ad.u.net->sk = other; 4665	4788} 4789 4790static int selinux_socket_listen(struct socket sock, int backlog) 4791{ 4792 return sock_has_perm(sock->sk, SOCKET__LISTEN); 4793} 4794 4795static int selinux_socket_accept(struct socket sock, struct socket newsock) --- 76 unchanged lines hidden* (view full) --- 4872 struct common_audit_data ad; 4873 struct lsm_network_audit net = {0,}; 4874 int err; 4875 4876 ad.type = LSM_AUDIT_DATA_NET; 4877 ad.u.net = &net; 4878 ad.u.net->sk = other; 4879
4666 err = avc_has_perm(sksec_sock->sid, sksec_other->sid,	4880 err = avc_has_perm(&selinux_state, 4881 sksec_sock->sid, sksec_other->sid,
4667 sksec_other->sclass, 4668 UNIX_STREAM_SOCKET__CONNECTTO, &ad); 4669 if (err) 4670 return err; 4671 4672 /* server child socket */ 4673 sksec_new->peer_sid = sksec_sock->sid;	4882 sksec_other->sclass, 4883 UNIX_STREAM_SOCKET__CONNECTTO, &ad); 4884 if (err) 4885 return err; 4886 4887 /* server child socket */ 4888 sksec_new->peer_sid = sksec_sock->sid;
4674 err = security_sid_mls_copy(sksec_other->sid, sksec_sock->sid, 4675 &sksec_new->sid);	4889 err = security_sid_mls_copy(&selinux_state, sksec_other->sid, 4890 sksec_sock->sid, &sksec_new->sid);
4676 if (err) 4677 return err; 4678 4679 /* connecting socket / 4680 sksec_sock->peer_sid = sksec_new->sid; 4681 4682 return 0; 4683} --- 5 unchanged lines hidden* (view full) --- 4689 struct sk_security_struct *osec = other->sk->sk_security; 4690 struct common_audit_data ad; 4691 struct lsm_network_audit net = {0,}; 4692 4693 ad.type = LSM_AUDIT_DATA_NET; 4694 ad.u.net = &net; 4695 ad.u.net->sk = other->sk; 4696	4891 if (err) 4892 return err; 4893 4894 /* connecting socket / 4895 sksec_sock->peer_sid = sksec_new->sid; 4896 4897 return 0; 4898} --- 5 unchanged lines hidden* (view full) --- 4904 struct sk_security_struct *osec = other->sk->sk_security; 4905 struct common_audit_data ad; 4906 struct lsm_network_audit net = {0,}; 4907 4908 ad.type = LSM_AUDIT_DATA_NET; 4909 ad.u.net = &net; 4910 ad.u.net->sk = other->sk; 4911
4697 return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,	4912 return avc_has_perm(&selinux_state, 4913 ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,
4698 &ad); 4699} 4700 4701static int selinux_inet_sys_rcv_skb(struct net ns, int ifindex, 4702 char addrp, u16 family, u32 peer_sid, 4703 struct common_audit_data *ad) 4704{ 4705 int err; 4706 u32 if_sid; 4707 u32 node_sid; 4708 4709 err = sel_netif_sid(ns, ifindex, &if_sid); 4710 if (err) 4711 return err;	4914 &ad); 4915} 4916 4917static int selinux_inet_sys_rcv_skb(struct net ns, int ifindex, 4918 char addrp, u16 family, u32 peer_sid, 4919 struct common_audit_data *ad) 4920{ 4921 int err; 4922 u32 if_sid; 4923 u32 node_sid; 4924 4925 err = sel_netif_sid(ns, ifindex, &if_sid); 4926 if (err) 4927 return err;
4712 err = avc_has_perm(peer_sid, if_sid,	4928 err = avc_has_perm(&selinux_state, 4929 peer_sid, if_sid,
4713 SECCLASS_NETIF, NETIF__INGRESS, ad); 4714 if (err) 4715 return err; 4716 4717 err = sel_netnode_sid(addrp, family, &node_sid); 4718 if (err) 4719 return err;	4930 SECCLASS_NETIF, NETIF__INGRESS, ad); 4931 if (err) 4932 return err; 4933 4934 err = sel_netnode_sid(addrp, family, &node_sid); 4935 if (err) 4936 return err;
4720 return avc_has_perm(peer_sid, node_sid,	4937 return avc_has_perm(&selinux_state, 4938 peer_sid, node_sid,
4721 SECCLASS_NODE, NODE__RECVFROM, ad); 4722} 4723 4724static int selinux_sock_rcv_skb_compat(struct sock sk, struct sk_buff skb, 4725 u16 family) 4726{ 4727 int err = 0; 4728 struct sk_security_struct sksec = sk->sk_security; --- 6 unchanged lines hidden* (view full) --- 4735 ad.u.net = &net; 4736 ad.u.net->netif = skb->skb_iif; 4737 ad.u.net->family = family; 4738 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL); 4739 if (err) 4740 return err; 4741 4742 if (selinux_secmark_enabled()) {	4939 SECCLASS_NODE, NODE__RECVFROM, ad); 4940} 4941 4942static int selinux_sock_rcv_skb_compat(struct sock sk, struct sk_buff skb, 4943 u16 family) 4944{ 4945 int err = 0; 4946 struct sk_security_struct sksec = sk->sk_security; --- 6 unchanged lines hidden* (view full) --- 4953 ad.u.net = &net; 4954 ad.u.net->netif = skb->skb_iif; 4955 ad.u.net->family = family; 4956 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL); 4957 if (err) 4958 return err; 4959 4960 if (selinux_secmark_enabled()) {
4743 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,	4961 err = avc_has_perm(&selinux_state, 4962 sk_sid, skb->secmark, SECCLASS_PACKET,
4744 PACKET__RECV, &ad); 4745 if (err) 4746 return err; 4747 } 4748 4749 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad); 4750 if (err) 4751 return err; --- 20 unchanged lines hidden (view full) --- 4772 /* Handle mapped IPv4 packets arriving via IPv6 sockets / 4773 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) 4774 family = PF_INET; 4775 4776 / If any sort of compatibility mode is enabled then handoff processing 4777 * to the selinux_sock_rcv_skb_compat() function to deal with the 4778 * special handling. We do this in an attempt to keep this function 4779 * as fast and as clean as possible. */	4963 PACKET__RECV, &ad); 4964 if (err) 4965 return err; 4966 } 4967 4968 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad); 4969 if (err) 4970 return err; --- 20 unchanged lines hidden (view full) --- 4991 /* Handle mapped IPv4 packets arriving via IPv6 sockets / 4992 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) 4993 family = PF_INET; 4994 4995 / If any sort of compatibility mode is enabled then handoff processing 4996 * to the selinux_sock_rcv_skb_compat() function to deal with the 4997 * special handling. We do this in an attempt to keep this function 4998 * as fast and as clean as possible. */
4780 if (!selinux_policycap_netpeer)	4999 if (!selinux_policycap_netpeer())
4781 return selinux_sock_rcv_skb_compat(sk, skb, family); 4782 4783 secmark_active = selinux_secmark_enabled(); 4784 peerlbl_active = selinux_peerlbl_enabled(); 4785 if (!secmark_active && !peerlbl_active) 4786 return 0; 4787 4788 ad.type = LSM_AUDIT_DATA_NET; --- 11 unchanged lines hidden (view full) --- 4800 if (err) 4801 return err; 4802 err = selinux_inet_sys_rcv_skb(sock_net(sk), skb->skb_iif, 4803 addrp, family, peer_sid, &ad); 4804 if (err) { 4805 selinux_netlbl_err(skb, family, err, 0); 4806 return err; 4807 }	5000 return selinux_sock_rcv_skb_compat(sk, skb, family); 5001 5002 secmark_active = selinux_secmark_enabled(); 5003 peerlbl_active = selinux_peerlbl_enabled(); 5004 if (!secmark_active && !peerlbl_active) 5005 return 0; 5006 5007 ad.type = LSM_AUDIT_DATA_NET; --- 11 unchanged lines hidden (view full) --- 5019 if (err) 5020 return err; 5021 err = selinux_inet_sys_rcv_skb(sock_net(sk), skb->skb_iif, 5022 addrp, family, peer_sid, &ad); 5023 if (err) { 5024 selinux_netlbl_err(skb, family, err, 0); 5025 return err; 5026 }
4808 err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,	5027 err = avc_has_perm(&selinux_state, 5028 sk_sid, peer_sid, SECCLASS_PEER,
4809 PEER__RECV, &ad); 4810 if (err) { 4811 selinux_netlbl_err(skb, family, err, 0); 4812 return err; 4813 } 4814 } 4815 4816 if (secmark_active) {	5029 PEER__RECV, &ad); 5030 if (err) { 5031 selinux_netlbl_err(skb, family, err, 0); 5032 return err; 5033 } 5034 } 5035 5036 if (secmark_active) {
4817 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,	5037 err = avc_has_perm(&selinux_state, 5038 sk_sid, skb->secmark, SECCLASS_PACKET,
4818 PACKET__RECV, &ad); 4819 if (err) 4820 return err; 4821 } 4822 4823 return err; 4824} 4825 4826static int selinux_socket_getpeersec_stream(struct socket sock, char __user optval, 4827 int __user optlen, unsigned len) 4828{ 4829 int err = 0; 4830 char scontext; 4831 u32 scontext_len; 4832 struct sk_security_struct *sksec = sock->sk->sk_security; 4833 u32 peer_sid = SECSID_NULL; 4834 4835 if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET \|\|	5039 PACKET__RECV, &ad); 5040 if (err) 5041 return err; 5042 } 5043 5044 return err; 5045} 5046 5047static int selinux_socket_getpeersec_stream(struct socket sock, char __user optval, 5048 int __user optlen, unsigned len) 5049{ 5050 int err = 0; 5051 char scontext; 5052 u32 scontext_len; 5053 struct sk_security_struct *sksec = sock->sk->sk_security; 5054 u32 peer_sid = SECSID_NULL; 5055 5056 if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET \|\|
4836 sksec->sclass == SECCLASS_TCP_SOCKET)	5057 sksec->sclass == SECCLASS_TCP_SOCKET \|\| 5058 sksec->sclass == SECCLASS_SCTP_SOCKET)
4837 peer_sid = sksec->peer_sid; 4838 if (peer_sid == SECSID_NULL) 4839 return -ENOPROTOOPT; 4840	5059 peer_sid = sksec->peer_sid; 5060 if (peer_sid == SECSID_NULL) 5061 return -ENOPROTOOPT; 5062
4841 err = security_sid_to_context(peer_sid, &scontext, &scontext_len);	5063 err = security_sid_to_context(&selinux_state, peer_sid, &scontext, 5064 &scontext_len);
4842 if (err) 4843 return err; 4844 4845 if (scontext_len > len) { 4846 err = -ERANGE; 4847 goto out_len; 4848 } 4849 --- 91 unchanged lines hidden (view full) --- 4941 struct sk_security_struct *sksec = sk->sk_security; 4942 4943 if (sk->sk_family == PF_INET \|\| sk->sk_family == PF_INET6 \|\| 4944 sk->sk_family == PF_UNIX) 4945 isec->sid = sksec->sid; 4946 sksec->sclass = isec->sclass; 4947} 4948	5065 if (err) 5066 return err; 5067 5068 if (scontext_len > len) { 5069 err = -ERANGE; 5070 goto out_len; 5071 } 5072 --- 91 unchanged lines hidden (view full) --- 5164 struct sk_security_struct *sksec = sk->sk_security; 5165 5166 if (sk->sk_family == PF_INET \|\| sk->sk_family == PF_INET6 \|\| 5167 sk->sk_family == PF_UNIX) 5168 isec->sid = sksec->sid; 5169 sksec->sclass = isec->sclass; 5170} 5171
	5172/* Called whenever SCTP receives an INIT chunk. This happens when an incoming 5173 * connect(2), sctp_connectx(3) or sctp_sendmsg(3) (with no association 5174 * already present). 5175 / 5176static int selinux_sctp_assoc_request(struct sctp_endpoint ep, 5177 struct sk_buff skb) 5178{ 5179 struct sk_security_struct sksec = ep->base.sk->sk_security; 5180 struct common_audit_data ad; 5181 struct lsm_network_audit net = {0,}; 5182 u8 peerlbl_active; 5183 u32 peer_sid = SECINITSID_UNLABELED; 5184 u32 conn_sid; 5185 int err = 0; 5186 5187 if (!selinux_policycap_extsockclass()) 5188 return 0; 5189 5190 peerlbl_active = selinux_peerlbl_enabled(); 5191 5192 if (peerlbl_active) { 5193 /* This will return peer_sid = SECSID_NULL if there are 5194 * no peer labels, see security_net_peersid_resolve(). 5195 / 5196 err = selinux_skb_peerlbl_sid(skb, ep->base.sk->sk_family, 5197 &peer_sid); 5198 if (err) 5199 return err; 5200 5201 if (peer_sid == SECSID_NULL) 5202 peer_sid = SECINITSID_UNLABELED; 5203 } 5204 5205 if (sksec->sctp_assoc_state == SCTP_ASSOC_UNSET) { 5206 sksec->sctp_assoc_state = SCTP_ASSOC_SET; 5207 5208 / Here as first association on socket. As the peer SID 5209 * was allowed by peer recv (and the netif/node checks), 5210 * then it is approved by policy and used as the primary 5211 * peer SID for getpeercon(3). 5212 / 5213 sksec->peer_sid = peer_sid; 5214 } else if (sksec->peer_sid != peer_sid) { 5215 / Other association peer SIDs are checked to enforce 5216 * consistency among the peer SIDs. 5217 / 5218 ad.type = LSM_AUDIT_DATA_NET; 5219 ad.u.net = &net; 5220 ad.u.net->sk = ep->base.sk; 5221 err = avc_has_perm(&selinux_state, 5222 sksec->peer_sid, peer_sid, sksec->sclass, 5223 SCTP_SOCKET__ASSOCIATION, &ad); 5224 if (err) 5225 return err; 5226 } 5227 5228 / Compute the MLS component for the connection and store 5229 * the information in ep. This will be used by SCTP TCP type 5230 * sockets and peeled off connections as they cause a new 5231 * socket to be generated. selinux_sctp_sk_clone() will then 5232 * plug this into the new socket. 5233 / 5234 err = selinux_conn_sid(sksec->sid, peer_sid, &conn_sid); 5235 if (err) 5236 return err; 5237 5238 ep->secid = conn_sid; 5239 ep->peer_secid = peer_sid; 5240 5241 / Set any NetLabel labels including CIPSO/CALIPSO options. / 5242 return selinux_netlbl_sctp_assoc_request(ep, skb); 5243} 5244 5245/ Check if sctp IPv4/IPv6 addresses are valid for binding or connecting 5246 * based on their @optname. 5247 / 5248static int selinux_sctp_bind_connect(struct sock sk, int optname, 5249 struct sockaddr address, 5250 int addrlen) 5251{ 5252 int len, err = 0, walk_size = 0; 5253 void addr_buf; 5254 struct sockaddr addr; 5255 struct socket sock; 5256 5257 if (!selinux_policycap_extsockclass()) 5258 return 0; 5259 5260 /* Process one or more addresses that may be IPv4 or IPv6 / 5261 sock = sk->sk_socket; 5262 addr_buf = address; 5263 5264 while (walk_size < addrlen) { 5265 addr = addr_buf; 5266 switch (addr->sa_family) { 5267 case AF_INET: 5268 len = sizeof(struct sockaddr_in); 5269 break; 5270 case AF_INET6: 5271 len = sizeof(struct sockaddr_in6); 5272 break; 5273 default: 5274 return -EAFNOSUPPORT; 5275 } 5276 5277 err = -EINVAL; 5278 switch (optname) { 5279 / Bind checks / 5280 case SCTP_PRIMARY_ADDR: 5281 case SCTP_SET_PEER_PRIMARY_ADDR: 5282 case SCTP_SOCKOPT_BINDX_ADD: 5283 err = selinux_socket_bind(sock, addr, len); 5284 break; 5285 / Connect checks / 5286 case SCTP_SOCKOPT_CONNECTX: 5287 case SCTP_PARAM_SET_PRIMARY: 5288 case SCTP_PARAM_ADD_IP: 5289 case SCTP_SENDMSG_CONNECT: 5290 err = selinux_socket_connect_helper(sock, addr, len); 5291 if (err) 5292 return err; 5293 5294 / As selinux_sctp_bind_connect() is called by the 5295 * SCTP protocol layer, the socket is already locked, 5296 * therefore selinux_netlbl_socket_connect_locked() is 5297 * is called here. The situations handled are: 5298 * sctp_connectx(3), sctp_sendmsg(3), sendmsg(2), 5299 * whenever a new IP address is added or when a new 5300 * primary address is selected. 5301 * Note that an SCTP connect(2) call happens before 5302 * the SCTP protocol layer and is handled via 5303 * selinux_socket_connect(). 5304 / 5305 err = selinux_netlbl_socket_connect_locked(sk, addr); 5306 break; 5307 } 5308 5309 if (err) 5310 return err; 5311 5312 addr_buf += len; 5313 walk_size += len; 5314 } 5315 5316 return 0; 5317} 5318 5319/ Called whenever a new socket is created by accept(2) or sctp_peeloff(3). / 5320static void selinux_sctp_sk_clone(struct sctp_endpoint ep, struct sock sk, 5321 struct sock newsk) 5322{ 5323 struct sk_security_struct sksec = sk->sk_security; 5324 struct sk_security_struct newsksec = newsk->sk_security; 5325 5326 /* If policy does not support SECCLASS_SCTP_SOCKET then call 5327 * the non-sctp clone version. 5328 */ 5329 if (!selinux_policycap_extsockclass()) 5330 return selinux_sk_clone_security(sk, newsk); 5331 5332 newsksec->sid = ep->secid; 5333 newsksec->peer_sid = ep->peer_secid; 5334 newsksec->sclass = sksec->sclass; 5335 selinux_netlbl_sctp_sk_clone(sk, newsk); 5336} 5337
4949static int selinux_inet_conn_request(struct sock sk, struct sk_buff skb, 4950 struct request_sock req) 4951{ 4952 struct sk_security_struct sksec = sk->sk_security; 4953 int err; 4954 u16 family = req->rsk_ops->family; 4955 u32 connsid; 4956 u32 peersid; --- 42 unchanged lines hidden (view full) --- 4999static int selinux_secmark_relabel_packet(u32 sid) 5000{ 5001 const struct task_security_struct *__tsec; 5002 u32 tsid; 5003 5004 __tsec = current_security(); 5005 tsid = __tsec->sid; 5006	5338static int selinux_inet_conn_request(struct sock sk, struct sk_buff skb, 5339 struct request_sock req) 5340{ 5341 struct sk_security_struct sksec = sk->sk_security; 5342 int err; 5343 u16 family = req->rsk_ops->family; 5344 u32 connsid; 5345 u32 peersid; --- 42 unchanged lines hidden (view full) --- 5388static int selinux_secmark_relabel_packet(u32 sid) 5389{ 5390 const struct task_security_struct *__tsec; 5391 u32 tsid; 5392 5393 __tsec = current_security(); 5394 tsid = __tsec->sid; 5395
5007 return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, NULL);	5396 return avc_has_perm(&selinux_state, 5397 tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, 5398 NULL);
5008} 5009 5010static void selinux_secmark_refcount_inc(void) 5011{ 5012 atomic_inc(&selinux_secmark_refcount); 5013} 5014 5015static void selinux_secmark_refcount_dec(void) --- 31 unchanged lines hidden (view full) --- 5047 5048 /* we aren't taking into account the "sockcreate" SID since the socket 5049 * that is being created here is not a socket in the traditional sense, 5050 * instead it is a private sock, accessible only to the kernel, and 5051 * representing a wide range of network traffic spanning multiple 5052 * connections unlike traditional sockets - check the TUN driver to 5053 * get a better understanding of why this socket is special */ 5054	5399} 5400 5401static void selinux_secmark_refcount_inc(void) 5402{ 5403 atomic_inc(&selinux_secmark_refcount); 5404} 5405 5406static void selinux_secmark_refcount_dec(void) --- 31 unchanged lines hidden (view full) --- 5438 5439 /* we aren't taking into account the "sockcreate" SID since the socket 5440 * that is being created here is not a socket in the traditional sense, 5441 * instead it is a private sock, accessible only to the kernel, and 5442 * representing a wide range of network traffic spanning multiple 5443 * connections unlike traditional sockets - check the TUN driver to 5444 * get a better understanding of why this socket is special */ 5445
5055 return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,	5446 return avc_has_perm(&selinux_state, 5447 sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
5056 NULL); 5057} 5058 5059static int selinux_tun_dev_attach_queue(void security) 5060{ 5061 struct tun_security_struct tunsec = security; 5062	5448 NULL); 5449} 5450 5451static int selinux_tun_dev_attach_queue(void security) 5452{ 5453 struct tun_security_struct tunsec = security; 5454
5063 return avc_has_perm(current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET,	5455 return avc_has_perm(&selinux_state, 5456 current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET,
5064 TUN_SOCKET__ATTACH_QUEUE, NULL); 5065} 5066 5067static int selinux_tun_dev_attach(struct sock sk, void security) 5068{ 5069 struct tun_security_struct tunsec = security; 5070 struct sk_security_struct sksec = sk->sk_security; 5071 --- 11 unchanged lines hidden (view full) --- 5083} 5084 5085static int selinux_tun_dev_open(void security) 5086{ 5087 struct tun_security_struct tunsec = security; 5088 u32 sid = current_sid(); 5089 int err; 5090	5457 TUN_SOCKET__ATTACH_QUEUE, NULL); 5458} 5459 5460static int selinux_tun_dev_attach(struct sock sk, void security) 5461{ 5462 struct tun_security_struct tunsec = security; 5463 struct sk_security_struct sksec = sk->sk_security; 5464 --- 11 unchanged lines hidden (view full) --- 5476} 5477 5478static int selinux_tun_dev_open(void security) 5479{ 5480 struct tun_security_struct tunsec = security; 5481 u32 sid = current_sid(); 5482 int err; 5483
5091 err = avc_has_perm(sid, tunsec->sid, SECCLASS_TUN_SOCKET,	5484 err = avc_has_perm(&selinux_state, 5485 sid, tunsec->sid, SECCLASS_TUN_SOCKET,
5092 TUN_SOCKET__RELABELFROM, NULL); 5093 if (err) 5094 return err;	5486 TUN_SOCKET__RELABELFROM, NULL); 5487 if (err) 5488 return err;
5095 err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET,	5489 err = avc_has_perm(&selinux_state, 5490 sid, sid, SECCLASS_TUN_SOCKET,
5096 TUN_SOCKET__RELABELTO, NULL); 5097 if (err) 5098 return err; 5099 tunsec->sid = sid; 5100 5101 return 0; 5102} 5103 --- 14 unchanged lines hidden (view full) --- 5118 if (err) { 5119 if (err == -EINVAL) { 5120 pr_warn_ratelimited("SELinux: unrecognized netlink" 5121 " message: protocol=%hu nlmsg_type=%hu sclass=%s" 5122 " pig=%d comm=%s\n", 5123 sk->sk_protocol, nlh->nlmsg_type, 5124 secclass_map[sksec->sclass - 1].name, 5125 task_pid_nr(current), current->comm);	5491 TUN_SOCKET__RELABELTO, NULL); 5492 if (err) 5493 return err; 5494 tunsec->sid = sid; 5495 5496 return 0; 5497} 5498 --- 14 unchanged lines hidden (view full) --- 5513 if (err) { 5514 if (err == -EINVAL) { 5515 pr_warn_ratelimited("SELinux: unrecognized netlink" 5516 " message: protocol=%hu nlmsg_type=%hu sclass=%s" 5517 " pig=%d comm=%s\n", 5518 sk->sk_protocol, nlh->nlmsg_type, 5519 secclass_map[sksec->sclass - 1].name, 5520 task_pid_nr(current), current->comm);
5126 if (!selinux_enforcing \|\| security_get_allow_unknown())	5521 if (!enforcing_enabled(&selinux_state) \|\| 5522 security_get_allow_unknown(&selinux_state))
5127 err = 0; 5128 } 5129 5130 /* Ignore / 5131 if (err == -ENOENT) 5132 err = 0; 5133 goto out; 5134 } --- 13 unchanged lines hidden* (view full) --- 5148 char *addrp; 5149 u32 peer_sid; 5150 struct common_audit_data ad; 5151 struct lsm_network_audit net = {0,}; 5152 u8 secmark_active; 5153 u8 netlbl_active; 5154 u8 peerlbl_active; 5155	5523 err = 0; 5524 } 5525 5526 /* Ignore / 5527 if (err == -ENOENT) 5528 err = 0; 5529 goto out; 5530 } --- 13 unchanged lines hidden* (view full) --- 5544 char *addrp; 5545 u32 peer_sid; 5546 struct common_audit_data ad; 5547 struct lsm_network_audit net = {0,}; 5548 u8 secmark_active; 5549 u8 netlbl_active; 5550 u8 peerlbl_active; 5551
5156 if (!selinux_policycap_netpeer)	5552 if (!selinux_policycap_netpeer())
5157 return NF_ACCEPT; 5158 5159 secmark_active = selinux_secmark_enabled(); 5160 netlbl_active = netlbl_enabled(); 5161 peerlbl_active = selinux_peerlbl_enabled(); 5162 if (!secmark_active && !peerlbl_active) 5163 return NF_ACCEPT; 5164 --- 12 unchanged lines hidden (view full) --- 5177 addrp, family, peer_sid, &ad); 5178 if (err) { 5179 selinux_netlbl_err(skb, family, err, 1); 5180 return NF_DROP; 5181 } 5182 } 5183 5184 if (secmark_active)	5553 return NF_ACCEPT; 5554 5555 secmark_active = selinux_secmark_enabled(); 5556 netlbl_active = netlbl_enabled(); 5557 peerlbl_active = selinux_peerlbl_enabled(); 5558 if (!secmark_active && !peerlbl_active) 5559 return NF_ACCEPT; 5560 --- 12 unchanged lines hidden (view full) --- 5573 addrp, family, peer_sid, &ad); 5574 if (err) { 5575 selinux_netlbl_err(skb, family, err, 1); 5576 return NF_DROP; 5577 } 5578 } 5579 5580 if (secmark_active)
5185 if (avc_has_perm(peer_sid, skb->secmark,	5581 if (avc_has_perm(&selinux_state, 5582 peer_sid, skb->secmark,
5186 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad)) 5187 return NF_DROP; 5188 5189 if (netlbl_active) 5190 /* we do this in the FORWARD path and not the POST_ROUTING 5191 * path because we want to make sure we apply the necessary 5192 * labeling before IPsec is applied so we can leverage AH 5193 * protection / --- 95 unchanged lines hidden* (view full) --- 5289 ad.type = LSM_AUDIT_DATA_NET; 5290 ad.u.net = &net; 5291 ad.u.net->netif = ifindex; 5292 ad.u.net->family = family; 5293 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto)) 5294 return NF_DROP; 5295 5296 if (selinux_secmark_enabled())	5583 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad)) 5584 return NF_DROP; 5585 5586 if (netlbl_active) 5587 /* we do this in the FORWARD path and not the POST_ROUTING 5588 * path because we want to make sure we apply the necessary 5589 * labeling before IPsec is applied so we can leverage AH 5590 * protection / --- 95 unchanged lines hidden* (view full) --- 5686 ad.type = LSM_AUDIT_DATA_NET; 5687 ad.u.net = &net; 5688 ad.u.net->netif = ifindex; 5689 ad.u.net->family = family; 5690 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto)) 5691 return NF_DROP; 5692 5693 if (selinux_secmark_enabled())
5297 if (avc_has_perm(sksec->sid, skb->secmark,	5694 if (avc_has_perm(&selinux_state, 5695 sksec->sid, skb->secmark,
5298 SECCLASS_PACKET, PACKET__SEND, &ad)) 5299 return NF_DROP_ERR(-ECONNREFUSED); 5300 5301 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto)) 5302 return NF_DROP_ERR(-ECONNREFUSED); 5303 5304 return NF_ACCEPT; 5305} --- 11 unchanged lines hidden (view full) --- 5317 char addrp; 5318 u8 secmark_active; 5319 u8 peerlbl_active; 5320 5321 / If any sort of compatibility mode is enabled then handoff processing 5322 * to the selinux_ip_postroute_compat() function to deal with the 5323 * special handling. We do this in an attempt to keep this function 5324 * as fast and as clean as possible. */	5696 SECCLASS_PACKET, PACKET__SEND, &ad)) 5697 return NF_DROP_ERR(-ECONNREFUSED); 5698 5699 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto)) 5700 return NF_DROP_ERR(-ECONNREFUSED); 5701 5702 return NF_ACCEPT; 5703} --- 11 unchanged lines hidden (view full) --- 5715 char addrp; 5716 u8 secmark_active; 5717 u8 peerlbl_active; 5718 5719 / If any sort of compatibility mode is enabled then handoff processing 5720 * to the selinux_ip_postroute_compat() function to deal with the 5721 * special handling. We do this in an attempt to keep this function 5722 * as fast and as clean as possible. */
5325 if (!selinux_policycap_netpeer)	5723 if (!selinux_policycap_netpeer())
5326 return selinux_ip_postroute_compat(skb, ifindex, family); 5327 5328 secmark_active = selinux_secmark_enabled(); 5329 peerlbl_active = selinux_peerlbl_enabled(); 5330 if (!secmark_active && !peerlbl_active) 5331 return NF_ACCEPT; 5332 5333 sk = skb_to_full_sk(skb); --- 78 unchanged lines hidden (view full) --- 5412 ad.type = LSM_AUDIT_DATA_NET; 5413 ad.u.net = &net; 5414 ad.u.net->netif = ifindex; 5415 ad.u.net->family = family; 5416 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL)) 5417 return NF_DROP; 5418 5419 if (secmark_active)	5724 return selinux_ip_postroute_compat(skb, ifindex, family); 5725 5726 secmark_active = selinux_secmark_enabled(); 5727 peerlbl_active = selinux_peerlbl_enabled(); 5728 if (!secmark_active && !peerlbl_active) 5729 return NF_ACCEPT; 5730 5731 sk = skb_to_full_sk(skb); --- 78 unchanged lines hidden (view full) --- 5810 ad.type = LSM_AUDIT_DATA_NET; 5811 ad.u.net = &net; 5812 ad.u.net->netif = ifindex; 5813 ad.u.net->family = family; 5814 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL)) 5815 return NF_DROP; 5816 5817 if (secmark_active)
5420 if (avc_has_perm(peer_sid, skb->secmark,	5818 if (avc_has_perm(&selinux_state, 5819 peer_sid, skb->secmark,
5421 SECCLASS_PACKET, secmark_perm, &ad)) 5422 return NF_DROP_ERR(-ECONNREFUSED); 5423 5424 if (peerlbl_active) { 5425 u32 if_sid; 5426 u32 node_sid; 5427 5428 if (sel_netif_sid(dev_net(outdev), ifindex, &if_sid)) 5429 return NF_DROP;	5820 SECCLASS_PACKET, secmark_perm, &ad)) 5821 return NF_DROP_ERR(-ECONNREFUSED); 5822 5823 if (peerlbl_active) { 5824 u32 if_sid; 5825 u32 node_sid; 5826 5827 if (sel_netif_sid(dev_net(outdev), ifindex, &if_sid)) 5828 return NF_DROP;
5430 if (avc_has_perm(peer_sid, if_sid,	5829 if (avc_has_perm(&selinux_state, 5830 peer_sid, if_sid,
5431 SECCLASS_NETIF, NETIF__EGRESS, &ad)) 5432 return NF_DROP_ERR(-ECONNREFUSED); 5433 5434 if (sel_netnode_sid(addrp, family, &node_sid)) 5435 return NF_DROP;	5831 SECCLASS_NETIF, NETIF__EGRESS, &ad)) 5832 return NF_DROP_ERR(-ECONNREFUSED); 5833 5834 if (sel_netnode_sid(addrp, family, &node_sid)) 5835 return NF_DROP;
5436 if (avc_has_perm(peer_sid, node_sid,	5836 if (avc_has_perm(&selinux_state, 5837 peer_sid, node_sid,
5437 SECCLASS_NODE, NODE__SENDTO, &ad)) 5438 return NF_DROP_ERR(-ECONNREFUSED); 5439 } 5440 5441 return NF_ACCEPT; 5442} 5443 5444static unsigned int selinux_ipv4_postroute(void priv, --- 71 unchanged lines hidden* (view full) --- 5516 struct common_audit_data ad; 5517 u32 sid = current_sid(); 5518 5519 isec = ipc_perms->security; 5520 5521 ad.type = LSM_AUDIT_DATA_IPC; 5522 ad.u.ipc_id = ipc_perms->key; 5523	5838 SECCLASS_NODE, NODE__SENDTO, &ad)) 5839 return NF_DROP_ERR(-ECONNREFUSED); 5840 } 5841 5842 return NF_ACCEPT; 5843} 5844 5845static unsigned int selinux_ipv4_postroute(void priv, --- 71 unchanged lines hidden* (view full) --- 5917 struct common_audit_data ad; 5918 u32 sid = current_sid(); 5919 5920 isec = ipc_perms->security; 5921 5922 ad.type = LSM_AUDIT_DATA_IPC; 5923 ad.u.ipc_id = ipc_perms->key; 5924
5524 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);	5925 return avc_has_perm(&selinux_state, 5926 sid, isec->sid, isec->sclass, perms, &ad);
5525} 5526 5527static int selinux_msg_msg_alloc_security(struct msg_msg msg) 5528{ 5529 return msg_msg_alloc_security(msg); 5530} 5531 5532static void selinux_msg_msg_free_security(struct msg_msg msg) --- 13 unchanged lines hidden (view full) --- 5546 if (rc) 5547 return rc; 5548 5549 isec = msq->q_perm.security; 5550 5551 ad.type = LSM_AUDIT_DATA_IPC; 5552 ad.u.ipc_id = msq->q_perm.key; 5553	5927} 5928 5929static int selinux_msg_msg_alloc_security(struct msg_msg msg) 5930{ 5931 return msg_msg_alloc_security(msg); 5932} 5933 5934static void selinux_msg_msg_free_security(struct msg_msg msg) --- 13 unchanged lines hidden (view full) --- 5948 if (rc) 5949 return rc; 5950 5951 isec = msq->q_perm.security; 5952 5953 ad.type = LSM_AUDIT_DATA_IPC; 5954 ad.u.ipc_id = msq->q_perm.key; 5955
5554 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,	5956 rc = avc_has_perm(&selinux_state, 5957 sid, isec->sid, SECCLASS_MSGQ,
5555 MSGQ__CREATE, &ad); 5556 if (rc) { 5557 ipc_free_security(&msq->q_perm); 5558 return rc; 5559 } 5560 return 0; 5561} 5562 --- 8 unchanged lines hidden (view full) --- 5571 struct common_audit_data ad; 5572 u32 sid = current_sid(); 5573 5574 isec = msq->q_perm.security; 5575 5576 ad.type = LSM_AUDIT_DATA_IPC; 5577 ad.u.ipc_id = msq->q_perm.key; 5578	5958 MSGQ__CREATE, &ad); 5959 if (rc) { 5960 ipc_free_security(&msq->q_perm); 5961 return rc; 5962 } 5963 return 0; 5964} 5965 --- 8 unchanged lines hidden (view full) --- 5974 struct common_audit_data ad; 5975 u32 sid = current_sid(); 5976 5977 isec = msq->q_perm.security; 5978 5979 ad.type = LSM_AUDIT_DATA_IPC; 5980 ad.u.ipc_id = msq->q_perm.key; 5981
5579 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,	5982 return avc_has_perm(&selinux_state, 5983 sid, isec->sid, SECCLASS_MSGQ,
5580 MSGQ__ASSOCIATE, &ad); 5581} 5582 5583static int selinux_msg_queue_msgctl(struct msg_queue msq, int cmd) 5584{ 5585 int err; 5586 int perms; 5587 5588 switch (cmd) { 5589 case IPC_INFO: 5590 case MSG_INFO: 5591 / No specific object, just general system-wide information. */	5984 MSGQ__ASSOCIATE, &ad); 5985} 5986 5987static int selinux_msg_queue_msgctl(struct msg_queue msq, int cmd) 5988{ 5989 int err; 5990 int perms; 5991 5992 switch (cmd) { 5993 case IPC_INFO: 5994 case MSG_INFO: 5995 / No specific object, just general system-wide information. */
5592 return avc_has_perm(current_sid(), SECINITSID_KERNEL,	5996 return avc_has_perm(&selinux_state, 5997 current_sid(), SECINITSID_KERNEL,
5593 SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL); 5594 case IPC_STAT: 5595 case MSG_STAT: 5596 perms = MSGQ__GETATTR \| MSGQ__ASSOCIATE; 5597 break; 5598 case IPC_SET: 5599 perms = MSGQ__SETATTR; 5600 break; --- 22 unchanged lines hidden (view full) --- 5623 /* 5624 * First time through, need to assign label to the message 5625 / 5626 if (msec->sid == SECINITSID_UNLABELED) { 5627 / 5628 * Compute new sid based on current process and 5629 * message queue this message will be stored in 5630 */	5998 SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL); 5999 case IPC_STAT: 6000 case MSG_STAT: 6001 perms = MSGQ__GETATTR \| MSGQ__ASSOCIATE; 6002 break; 6003 case IPC_SET: 6004 perms = MSGQ__SETATTR; 6005 break; --- 22 unchanged lines hidden (view full) --- 6028 /* 6029 * First time through, need to assign label to the message 6030 / 6031 if (msec->sid == SECINITSID_UNLABELED) { 6032 / 6033 * Compute new sid based on current process and 6034 * message queue this message will be stored in 6035 */
5631 rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG, 5632 NULL, &msec->sid);	6036 rc = security_transition_sid(&selinux_state, sid, isec->sid, 6037 SECCLASS_MSG, NULL, &msec->sid);
5633 if (rc) 5634 return rc; 5635 } 5636 5637 ad.type = LSM_AUDIT_DATA_IPC; 5638 ad.u.ipc_id = msq->q_perm.key; 5639 5640 /* Can this process write to the queue? */	6038 if (rc) 6039 return rc; 6040 } 6041 6042 ad.type = LSM_AUDIT_DATA_IPC; 6043 ad.u.ipc_id = msq->q_perm.key; 6044 6045 /* Can this process write to the queue? */
5641 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,	6046 rc = avc_has_perm(&selinux_state, 6047 sid, isec->sid, SECCLASS_MSGQ,
5642 MSGQ__WRITE, &ad); 5643 if (!rc) 5644 /* Can this process send the message */	6048 MSGQ__WRITE, &ad); 6049 if (!rc) 6050 /* Can this process send the message */
5645 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG,	6051 rc = avc_has_perm(&selinux_state, 6052 sid, msec->sid, SECCLASS_MSG,
5646 MSG__SEND, &ad); 5647 if (!rc) 5648 /* Can the message be put in the queue? */	6053 MSG__SEND, &ad); 6054 if (!rc) 6055 /* Can the message be put in the queue? */
5649 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ,	6056 rc = avc_has_perm(&selinux_state, 6057 msec->sid, isec->sid, SECCLASS_MSGQ,
5650 MSGQ__ENQUEUE, &ad); 5651 5652 return rc; 5653} 5654 5655static int selinux_msg_queue_msgrcv(struct msg_queue msq, struct msg_msg msg, 5656 struct task_struct target, 5657 long type, int mode) --- 5 unchanged lines hidden* (view full) --- 5663 int rc; 5664 5665 isec = msq->q_perm.security; 5666 msec = msg->security; 5667 5668 ad.type = LSM_AUDIT_DATA_IPC; 5669 ad.u.ipc_id = msq->q_perm.key; 5670	6058 MSGQ__ENQUEUE, &ad); 6059 6060 return rc; 6061} 6062 6063static int selinux_msg_queue_msgrcv(struct msg_queue msq, struct msg_msg msg, 6064 struct task_struct target, 6065 long type, int mode) --- 5 unchanged lines hidden* (view full) --- 6071 int rc; 6072 6073 isec = msq->q_perm.security; 6074 msec = msg->security; 6075 6076 ad.type = LSM_AUDIT_DATA_IPC; 6077 ad.u.ipc_id = msq->q_perm.key; 6078
5671 rc = avc_has_perm(sid, isec->sid,	6079 rc = avc_has_perm(&selinux_state, 6080 sid, isec->sid,
5672 SECCLASS_MSGQ, MSGQ__READ, &ad); 5673 if (!rc)	6081 SECCLASS_MSGQ, MSGQ__READ, &ad); 6082 if (!rc)
5674 rc = avc_has_perm(sid, msec->sid,	6083 rc = avc_has_perm(&selinux_state, 6084 sid, msec->sid,
5675 SECCLASS_MSG, MSG__RECEIVE, &ad); 5676 return rc; 5677} 5678 5679/* Shared Memory security operations / 5680static int selinux_shm_alloc_security(struct shmid_kernel shp) 5681{ 5682 struct ipc_security_struct isec; --- 5 unchanged lines hidden* (view full) --- 5688 if (rc) 5689 return rc; 5690 5691 isec = shp->shm_perm.security; 5692 5693 ad.type = LSM_AUDIT_DATA_IPC; 5694 ad.u.ipc_id = shp->shm_perm.key; 5695	6085 SECCLASS_MSG, MSG__RECEIVE, &ad); 6086 return rc; 6087} 6088 6089/* Shared Memory security operations / 6090static int selinux_shm_alloc_security(struct shmid_kernel shp) 6091{ 6092 struct ipc_security_struct isec; --- 5 unchanged lines hidden* (view full) --- 6098 if (rc) 6099 return rc; 6100 6101 isec = shp->shm_perm.security; 6102 6103 ad.type = LSM_AUDIT_DATA_IPC; 6104 ad.u.ipc_id = shp->shm_perm.key; 6105
5696 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,	6106 rc = avc_has_perm(&selinux_state, 6107 sid, isec->sid, SECCLASS_SHM,
5697 SHM__CREATE, &ad); 5698 if (rc) { 5699 ipc_free_security(&shp->shm_perm); 5700 return rc; 5701 } 5702 return 0; 5703} 5704 --- 8 unchanged lines hidden (view full) --- 5713 struct common_audit_data ad; 5714 u32 sid = current_sid(); 5715 5716 isec = shp->shm_perm.security; 5717 5718 ad.type = LSM_AUDIT_DATA_IPC; 5719 ad.u.ipc_id = shp->shm_perm.key; 5720	6108 SHM__CREATE, &ad); 6109 if (rc) { 6110 ipc_free_security(&shp->shm_perm); 6111 return rc; 6112 } 6113 return 0; 6114} 6115 --- 8 unchanged lines hidden (view full) --- 6124 struct common_audit_data ad; 6125 u32 sid = current_sid(); 6126 6127 isec = shp->shm_perm.security; 6128 6129 ad.type = LSM_AUDIT_DATA_IPC; 6130 ad.u.ipc_id = shp->shm_perm.key; 6131
5721 return avc_has_perm(sid, isec->sid, SECCLASS_SHM,	6132 return avc_has_perm(&selinux_state, 6133 sid, isec->sid, SECCLASS_SHM,
5722 SHM__ASSOCIATE, &ad); 5723} 5724 5725/* Note, at this point, shp is locked down / 5726static int selinux_shm_shmctl(struct shmid_kernel shp, int cmd) 5727{ 5728 int perms; 5729 int err; 5730 5731 switch (cmd) { 5732 case IPC_INFO: 5733 case SHM_INFO: 5734 /* No specific object, just general system-wide information. */	6134 SHM__ASSOCIATE, &ad); 6135} 6136 6137/* Note, at this point, shp is locked down / 6138static int selinux_shm_shmctl(struct shmid_kernel shp, int cmd) 6139{ 6140 int perms; 6141 int err; 6142 6143 switch (cmd) { 6144 case IPC_INFO: 6145 case SHM_INFO: 6146 /* No specific object, just general system-wide information. */
5735 return avc_has_perm(current_sid(), SECINITSID_KERNEL,	6147 return avc_has_perm(&selinux_state, 6148 current_sid(), SECINITSID_KERNEL,
5736 SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL); 5737 case IPC_STAT: 5738 case SHM_STAT: 5739 perms = SHM__GETATTR \| SHM__ASSOCIATE; 5740 break; 5741 case IPC_SET: 5742 perms = SHM__SETATTR; 5743 break; --- 37 unchanged lines hidden (view full) --- 5781 if (rc) 5782 return rc; 5783 5784 isec = sma->sem_perm.security; 5785 5786 ad.type = LSM_AUDIT_DATA_IPC; 5787 ad.u.ipc_id = sma->sem_perm.key; 5788	6149 SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL); 6150 case IPC_STAT: 6151 case SHM_STAT: 6152 perms = SHM__GETATTR \| SHM__ASSOCIATE; 6153 break; 6154 case IPC_SET: 6155 perms = SHM__SETATTR; 6156 break; --- 37 unchanged lines hidden (view full) --- 6194 if (rc) 6195 return rc; 6196 6197 isec = sma->sem_perm.security; 6198 6199 ad.type = LSM_AUDIT_DATA_IPC; 6200 ad.u.ipc_id = sma->sem_perm.key; 6201
5789 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM,	6202 rc = avc_has_perm(&selinux_state, 6203 sid, isec->sid, SECCLASS_SEM,
5790 SEM__CREATE, &ad); 5791 if (rc) { 5792 ipc_free_security(&sma->sem_perm); 5793 return rc; 5794 } 5795 return 0; 5796} 5797 --- 8 unchanged lines hidden (view full) --- 5806 struct common_audit_data ad; 5807 u32 sid = current_sid(); 5808 5809 isec = sma->sem_perm.security; 5810 5811 ad.type = LSM_AUDIT_DATA_IPC; 5812 ad.u.ipc_id = sma->sem_perm.key; 5813	6204 SEM__CREATE, &ad); 6205 if (rc) { 6206 ipc_free_security(&sma->sem_perm); 6207 return rc; 6208 } 6209 return 0; 6210} 6211 --- 8 unchanged lines hidden (view full) --- 6220 struct common_audit_data ad; 6221 u32 sid = current_sid(); 6222 6223 isec = sma->sem_perm.security; 6224 6225 ad.type = LSM_AUDIT_DATA_IPC; 6226 ad.u.ipc_id = sma->sem_perm.key; 6227
5814 return avc_has_perm(sid, isec->sid, SECCLASS_SEM,	6228 return avc_has_perm(&selinux_state, 6229 sid, isec->sid, SECCLASS_SEM,
5815 SEM__ASSOCIATE, &ad); 5816} 5817 5818/* Note, at this point, sma is locked down / 5819static int selinux_sem_semctl(struct sem_array sma, int cmd) 5820{ 5821 int err; 5822 u32 perms; 5823 5824 switch (cmd) { 5825 case IPC_INFO: 5826 case SEM_INFO: 5827 /* No specific object, just general system-wide information. */	6230 SEM__ASSOCIATE, &ad); 6231} 6232 6233/* Note, at this point, sma is locked down / 6234static int selinux_sem_semctl(struct sem_array sma, int cmd) 6235{ 6236 int err; 6237 u32 perms; 6238 6239 switch (cmd) { 6240 case IPC_INFO: 6241 case SEM_INFO: 6242 /* No specific object, just general system-wide information. */
5828 return avc_has_perm(current_sid(), SECINITSID_KERNEL,	6243 return avc_has_perm(&selinux_state, 6244 current_sid(), SECINITSID_KERNEL,
5829 SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL); 5830 case GETPID: 5831 case GETNCNT: 5832 case GETZCNT: 5833 perms = SEM__GETATTR; 5834 break; 5835 case GETVAL: 5836 case GETALL: --- 69 unchanged lines hidden (view full) --- 5906 u32 sid; 5907 int error; 5908 unsigned len; 5909 5910 rcu_read_lock(); 5911 __tsec = __task_cred(p)->security; 5912 5913 if (current != p) {	6245 SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL); 6246 case GETPID: 6247 case GETNCNT: 6248 case GETZCNT: 6249 perms = SEM__GETATTR; 6250 break; 6251 case GETVAL: 6252 case GETALL: --- 69 unchanged lines hidden (view full) --- 6322 u32 sid; 6323 int error; 6324 unsigned len; 6325 6326 rcu_read_lock(); 6327 __tsec = __task_cred(p)->security; 6328 6329 if (current != p) {
5914 error = avc_has_perm(current_sid(), __tsec->sid,	6330 error = avc_has_perm(&selinux_state, 6331 current_sid(), __tsec->sid,
5915 SECCLASS_PROCESS, PROCESS__GETATTR, NULL); 5916 if (error) 5917 goto bad; 5918 } 5919 5920 if (!strcmp(name, "current")) 5921 sid = __tsec->sid; 5922 else if (!strcmp(name, "prev")) --- 10 unchanged lines hidden (view full) --- 5933 error = -EINVAL; 5934 goto bad; 5935 } 5936 rcu_read_unlock(); 5937 5938 if (!sid) 5939 return 0; 5940	6332 SECCLASS_PROCESS, PROCESS__GETATTR, NULL); 6333 if (error) 6334 goto bad; 6335 } 6336 6337 if (!strcmp(name, "current")) 6338 sid = __tsec->sid; 6339 else if (!strcmp(name, "prev")) --- 10 unchanged lines hidden (view full) --- 6350 error = -EINVAL; 6351 goto bad; 6352 } 6353 rcu_read_unlock(); 6354 6355 if (!sid) 6356 return 0; 6357
5941 error = security_sid_to_context(sid, value, &len);	6358 error = security_sid_to_context(&selinux_state, sid, value, &len);
5942 if (error) 5943 return error; 5944 return len; 5945 5946bad: 5947 rcu_read_unlock(); 5948 return error; 5949} --- 5 unchanged lines hidden (view full) --- 5955 u32 mysid = current_sid(), sid = 0, ptsid; 5956 int error; 5957 char str = value; 5958 5959 / 5960 * Basic control over ability to set these attributes at all. 5961 */ 5962 if (!strcmp(name, "exec"))	6359 if (error) 6360 return error; 6361 return len; 6362 6363bad: 6364 rcu_read_unlock(); 6365 return error; 6366} --- 5 unchanged lines hidden (view full) --- 6372 u32 mysid = current_sid(), sid = 0, ptsid; 6373 int error; 6374 char str = value; 6375 6376 / 6377 * Basic control over ability to set these attributes at all. 6378 */ 6379 if (!strcmp(name, "exec"))
5963 error = avc_has_perm(mysid, mysid, SECCLASS_PROCESS,	6380 error = avc_has_perm(&selinux_state, 6381 mysid, mysid, SECCLASS_PROCESS,
5964 PROCESS__SETEXEC, NULL); 5965 else if (!strcmp(name, "fscreate"))	6382 PROCESS__SETEXEC, NULL); 6383 else if (!strcmp(name, "fscreate"))
5966 error = avc_has_perm(mysid, mysid, SECCLASS_PROCESS,	6384 error = avc_has_perm(&selinux_state, 6385 mysid, mysid, SECCLASS_PROCESS,
5967 PROCESS__SETFSCREATE, NULL); 5968 else if (!strcmp(name, "keycreate"))	6386 PROCESS__SETFSCREATE, NULL); 6387 else if (!strcmp(name, "keycreate"))
5969 error = avc_has_perm(mysid, mysid, SECCLASS_PROCESS,	6388 error = avc_has_perm(&selinux_state, 6389 mysid, mysid, SECCLASS_PROCESS,
5970 PROCESS__SETKEYCREATE, NULL); 5971 else if (!strcmp(name, "sockcreate"))	6390 PROCESS__SETKEYCREATE, NULL); 6391 else if (!strcmp(name, "sockcreate"))
5972 error = avc_has_perm(mysid, mysid, SECCLASS_PROCESS,	6392 error = avc_has_perm(&selinux_state, 6393 mysid, mysid, SECCLASS_PROCESS,
5973 PROCESS__SETSOCKCREATE, NULL); 5974 else if (!strcmp(name, "current"))	6394 PROCESS__SETSOCKCREATE, NULL); 6395 else if (!strcmp(name, "current"))
5975 error = avc_has_perm(mysid, mysid, SECCLASS_PROCESS,	6396 error = avc_has_perm(&selinux_state, 6397 mysid, mysid, SECCLASS_PROCESS,
5976 PROCESS__SETCURRENT, NULL); 5977 else 5978 error = -EINVAL; 5979 if (error) 5980 return error; 5981 5982 /* Obtain a SID for the context, if one was specified. */ 5983 if (size && str[0] && str[0] != '\n') { 5984 if (str[size-1] == '\n') { 5985 str[size-1] = 0; 5986 size--; 5987 }	6398 PROCESS__SETCURRENT, NULL); 6399 else 6400 error = -EINVAL; 6401 if (error) 6402 return error; 6403 6404 /* Obtain a SID for the context, if one was specified. */ 6405 if (size && str[0] && str[0] != '\n') { 6406 if (str[size-1] == '\n') { 6407 str[size-1] = 0; 6408 size--; 6409 }
5988 error = security_context_to_sid(value, size, &sid, GFP_KERNEL);	6410 error = security_context_to_sid(&selinux_state, value, size, 6411 &sid, GFP_KERNEL);
5989 if (error == -EINVAL && !strcmp(name, "fscreate")) { 5990 if (!has_cap_mac_admin(true)) { 5991 struct audit_buffer ab; 5992 size_t audit_size; 5993 5994 / We strip a nul only if it is at the end, otherwise the 5995 * context contains a nul and we should audit that */ 5996 if (str[size - 1] == '\0') 5997 audit_size = size - 1; 5998 else 5999 audit_size = size; 6000 ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR); 6001 audit_log_format(ab, "op=fscreate invalid_context="); 6002 audit_log_n_untrustedstring(ab, value, audit_size); 6003 audit_log_end(ab); 6004 6005 return error; 6006 }	6412 if (error == -EINVAL && !strcmp(name, "fscreate")) { 6413 if (!has_cap_mac_admin(true)) { 6414 struct audit_buffer ab; 6415 size_t audit_size; 6416 6417 / We strip a nul only if it is at the end, otherwise the 6418 * context contains a nul and we should audit that */ 6419 if (str[size - 1] == '\0') 6420 audit_size = size - 1; 6421 else 6422 audit_size = size; 6423 ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR); 6424 audit_log_format(ab, "op=fscreate invalid_context="); 6425 audit_log_n_untrustedstring(ab, value, audit_size); 6426 audit_log_end(ab); 6427 6428 return error; 6429 }
6007 error = security_context_to_sid_force(value, size, 6008 &sid);	6430 error = security_context_to_sid_force( 6431 &selinux_state, 6432 value, size, &sid);
6009 } 6010 if (error) 6011 return error; 6012 } 6013 6014 new = prepare_creds(); 6015 if (!new) 6016 return -ENOMEM; --- 5 unchanged lines hidden (view full) --- 6022 checks and may_create for the file creation checks. The 6023 operation will then fail if the context is not permitted. */ 6024 tsec = new->security; 6025 if (!strcmp(name, "exec")) { 6026 tsec->exec_sid = sid; 6027 } else if (!strcmp(name, "fscreate")) { 6028 tsec->create_sid = sid; 6029 } else if (!strcmp(name, "keycreate")) {	6433 } 6434 if (error) 6435 return error; 6436 } 6437 6438 new = prepare_creds(); 6439 if (!new) 6440 return -ENOMEM; --- 5 unchanged lines hidden (view full) --- 6446 checks and may_create for the file creation checks. The 6447 operation will then fail if the context is not permitted. */ 6448 tsec = new->security; 6449 if (!strcmp(name, "exec")) { 6450 tsec->exec_sid = sid; 6451 } else if (!strcmp(name, "fscreate")) { 6452 tsec->create_sid = sid; 6453 } else if (!strcmp(name, "keycreate")) {
6030 error = avc_has_perm(mysid, sid, SECCLASS_KEY, KEY__CREATE,	6454 error = avc_has_perm(&selinux_state, 6455 mysid, sid, SECCLASS_KEY, KEY__CREATE,
6031 NULL); 6032 if (error) 6033 goto abort_change; 6034 tsec->keycreate_sid = sid; 6035 } else if (!strcmp(name, "sockcreate")) { 6036 tsec->sockcreate_sid = sid; 6037 } else if (!strcmp(name, "current")) { 6038 error = -EINVAL; 6039 if (sid == 0) 6040 goto abort_change; 6041 6042 /* Only allow single threaded processes to change context */ 6043 error = -EPERM; 6044 if (!current_is_single_threaded()) {	6456 NULL); 6457 if (error) 6458 goto abort_change; 6459 tsec->keycreate_sid = sid; 6460 } else if (!strcmp(name, "sockcreate")) { 6461 tsec->sockcreate_sid = sid; 6462 } else if (!strcmp(name, "current")) { 6463 error = -EINVAL; 6464 if (sid == 0) 6465 goto abort_change; 6466 6467 /* Only allow single threaded processes to change context */ 6468 error = -EPERM; 6469 if (!current_is_single_threaded()) {
6045 error = security_bounded_transition(tsec->sid, sid);	6470 error = security_bounded_transition(&selinux_state, 6471 tsec->sid, sid);
6046 if (error) 6047 goto abort_change; 6048 } 6049 6050 /* Check permissions for the transition. */	6472 if (error) 6473 goto abort_change; 6474 } 6475 6476 /* Check permissions for the transition. */
6051 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,	6477 error = avc_has_perm(&selinux_state, 6478 tsec->sid, sid, SECCLASS_PROCESS,
6052 PROCESS__DYNTRANSITION, NULL); 6053 if (error) 6054 goto abort_change; 6055 6056 /* Check for ptracing, and update the task SID if ok. 6057 Otherwise, leave SID unchanged and fail. */ 6058 ptsid = ptrace_parent_sid(); 6059 if (ptsid != 0) {	6479 PROCESS__DYNTRANSITION, NULL); 6480 if (error) 6481 goto abort_change; 6482 6483 /* Check for ptracing, and update the task SID if ok. 6484 Otherwise, leave SID unchanged and fail. */ 6485 ptsid = ptrace_parent_sid(); 6486 if (ptsid != 0) {
6060 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,	6487 error = avc_has_perm(&selinux_state, 6488 ptsid, sid, SECCLASS_PROCESS,
6061 PROCESS__PTRACE, NULL); 6062 if (error) 6063 goto abort_change; 6064 } 6065 6066 tsec->sid = sid; 6067 } else { 6068 error = -EINVAL; --- 10 unchanged lines hidden (view full) --- 6079 6080static int selinux_ismaclabel(const char name) 6081{ 6082 return (strcmp(name, XATTR_SELINUX_SUFFIX) == 0); 6083} 6084 6085static int selinux_secid_to_secctx(u32 secid, char secdata, u32 seclen) 6086{	6489 PROCESS__PTRACE, NULL); 6490 if (error) 6491 goto abort_change; 6492 } 6493 6494 tsec->sid = sid; 6495 } else { 6496 error = -EINVAL; --- 10 unchanged lines hidden (view full) --- 6507 6508static int selinux_ismaclabel(const char name) 6509{ 6510 return (strcmp(name, XATTR_SELINUX_SUFFIX) == 0); 6511} 6512 6513static int selinux_secid_to_secctx(u32 secid, char secdata, u32 seclen) 6514{
6087 return security_sid_to_context(secid, secdata, seclen);	6515 return security_sid_to_context(&selinux_state, secid, 6516 secdata, seclen);
6088} 6089 6090static int selinux_secctx_to_secid(const char secdata, u32 seclen, u32 secid) 6091{	6517} 6518 6519static int selinux_secctx_to_secid(const char secdata, u32 seclen, u32 secid) 6520{
6092 return security_context_to_sid(secdata, seclen, secid, GFP_KERNEL);	6521 return security_context_to_sid(&selinux_state, secdata, seclen, 6522 secid, GFP_KERNEL);
6093} 6094 6095static void selinux_release_secctx(char secdata, u32 seclen) 6096{ 6097 kfree(secdata); 6098} 6099 6100static void selinux_inode_invalidate_secctx(struct inode inode) --- 75 unchanged lines hidden (view full) --- 6176 if (perm == 0) 6177 return 0; 6178 6179 sid = cred_sid(cred); 6180 6181 key = key_ref_to_ptr(key_ref); 6182 ksec = key->security; 6183	6523} 6524 6525static void selinux_release_secctx(char secdata, u32 seclen) 6526{ 6527 kfree(secdata); 6528} 6529 6530static void selinux_inode_invalidate_secctx(struct inode inode) --- 75 unchanged lines hidden (view full) --- 6606 if (perm == 0) 6607 return 0; 6608 6609 sid = cred_sid(cred); 6610 6611 key = key_ref_to_ptr(key_ref); 6612 ksec = key->security; 6613
6184 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL);	6614 return avc_has_perm(&selinux_state, 6615 sid, ksec->sid, SECCLASS_KEY, perm, NULL);
6185} 6186 6187static int selinux_key_getsecurity(struct key key, char _buffer) 6188{ 6189 struct key_security_struct ksec = key->security; 6190 char *context = NULL; 6191 unsigned len; 6192 int rc; 6193	6616} 6617 6618static int selinux_key_getsecurity(struct key key, char _buffer) 6619{ 6620 struct key_security_struct ksec = key->security; 6621 char *context = NULL; 6622 unsigned len; 6623 int rc; 6624
6194 rc = security_sid_to_context(ksec->sid, &context, &len);	6625 rc = security_sid_to_context(&selinux_state, ksec->sid, 6626 &context, &len);
6195 if (!rc) 6196 rc = len; 6197 _buffer = context; 6198 return rc; 6199} 6200#endif 6201 6202#ifdef CONFIG_SECURITY_INFINIBAND --- 8 unchanged lines hidden* (view full) --- 6211 err = sel_ib_pkey_sid(subnet_prefix, pkey_val, &sid); 6212 if (err) 6213 return err; 6214 6215 ad.type = LSM_AUDIT_DATA_IBPKEY; 6216 ibpkey.subnet_prefix = subnet_prefix; 6217 ibpkey.pkey = pkey_val; 6218 ad.u.ibpkey = &ibpkey;	6627 if (!rc) 6628 rc = len; 6629 _buffer = context; 6630 return rc; 6631} 6632#endif 6633 6634#ifdef CONFIG_SECURITY_INFINIBAND --- 8 unchanged lines hidden* (view full) --- 6643 err = sel_ib_pkey_sid(subnet_prefix, pkey_val, &sid); 6644 if (err) 6645 return err; 6646 6647 ad.type = LSM_AUDIT_DATA_IBPKEY; 6648 ibpkey.subnet_prefix = subnet_prefix; 6649 ibpkey.pkey = pkey_val; 6650 ad.u.ibpkey = &ibpkey;
6219 return avc_has_perm(sec->sid, sid,	6651 return avc_has_perm(&selinux_state, 6652 sec->sid, sid,
6220 SECCLASS_INFINIBAND_PKEY, 6221 INFINIBAND_PKEY__ACCESS, &ad); 6222} 6223 6224static int selinux_ib_endport_manage_subnet(void ib_sec, const char dev_name, 6225 u8 port_num) 6226{ 6227 struct common_audit_data ad; 6228 int err; 6229 u32 sid = 0; 6230 struct ib_security_struct *sec = ib_sec; 6231 struct lsm_ibendport_audit ibendport; 6232	6653 SECCLASS_INFINIBAND_PKEY, 6654 INFINIBAND_PKEY__ACCESS, &ad); 6655} 6656 6657static int selinux_ib_endport_manage_subnet(void ib_sec, const char dev_name, 6658 u8 port_num) 6659{ 6660 struct common_audit_data ad; 6661 int err; 6662 u32 sid = 0; 6663 struct ib_security_struct *sec = ib_sec; 6664 struct lsm_ibendport_audit ibendport; 6665
6233 err = security_ib_endport_sid(dev_name, port_num, &sid);	6666 err = security_ib_endport_sid(&selinux_state, dev_name, port_num, 6667 &sid);
6234 6235 if (err) 6236 return err; 6237 6238 ad.type = LSM_AUDIT_DATA_IBENDPORT; 6239 strncpy(ibendport.dev_name, dev_name, sizeof(ibendport.dev_name)); 6240 ibendport.port = port_num; 6241 ad.u.ibendport = &ibendport;	6668 6669 if (err) 6670 return err; 6671 6672 ad.type = LSM_AUDIT_DATA_IBENDPORT; 6673 strncpy(ibendport.dev_name, dev_name, sizeof(ibendport.dev_name)); 6674 ibendport.port = port_num; 6675 ad.u.ibendport = &ibendport;
6242 return avc_has_perm(sec->sid, sid,	6676 return avc_has_perm(&selinux_state, 6677 sec->sid, sid,
6243 SECCLASS_INFINIBAND_ENDPORT, 6244 INFINIBAND_ENDPORT__MANAGE_SUBNET, &ad); 6245} 6246 6247static int selinux_ib_alloc_security(void *ib_sec) 6248{ 6249 struct ib_security_struct sec; 6250 --- 16 unchanged lines hidden (view full) --- 6267static int selinux_bpf(int cmd, union bpf_attr *attr, 6268 unsigned int size) 6269{ 6270 u32 sid = current_sid(); 6271 int ret; 6272 6273 switch (cmd) { 6274 case BPF_MAP_CREATE:	6678 SECCLASS_INFINIBAND_ENDPORT, 6679 INFINIBAND_ENDPORT__MANAGE_SUBNET, &ad); 6680} 6681 6682static int selinux_ib_alloc_security(void *ib_sec) 6683{ 6684 struct ib_security_struct sec; 6685 --- 16 unchanged lines hidden (view full) --- 6702static int selinux_bpf(int cmd, union bpf_attr *attr, 6703 unsigned int size) 6704{ 6705 u32 sid = current_sid(); 6706 int ret; 6707 6708 switch (cmd) { 6709 case BPF_MAP_CREATE:
6275 ret = avc_has_perm(sid, sid, SECCLASS_BPF, BPF__MAP_CREATE,	6710 ret = avc_has_perm(&selinux_state, 6711 sid, sid, SECCLASS_BPF, BPF__MAP_CREATE,
6276 NULL); 6277 break; 6278 case BPF_PROG_LOAD:	6712 NULL); 6713 break; 6714 case BPF_PROG_LOAD:
6279 ret = avc_has_perm(sid, sid, SECCLASS_BPF, BPF__PROG_LOAD,	6715 ret = avc_has_perm(&selinux_state, 6716 sid, sid, SECCLASS_BPF, BPF__PROG_LOAD,
6280 NULL); 6281 break; 6282 default: 6283 ret = 0; 6284 break; 6285 } 6286 6287 return ret; --- 23 unchanged lines hidden (view full) --- 6311 struct bpf_security_struct bpfsec; 6312 struct bpf_prog prog; 6313 struct bpf_map *map; 6314 int ret; 6315 6316 if (file->f_op == &bpf_map_fops) { 6317 map = file->private_data; 6318 bpfsec = map->security;	6717 NULL); 6718 break; 6719 default: 6720 ret = 0; 6721 break; 6722 } 6723 6724 return ret; --- 23 unchanged lines hidden (view full) --- 6748 struct bpf_security_struct bpfsec; 6749 struct bpf_prog prog; 6750 struct bpf_map *map; 6751 int ret; 6752 6753 if (file->f_op == &bpf_map_fops) { 6754 map = file->private_data; 6755 bpfsec = map->security;
6319 ret = avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF,	6756 ret = avc_has_perm(&selinux_state, 6757 sid, bpfsec->sid, SECCLASS_BPF,
6320 bpf_map_fmode_to_av(file->f_mode), NULL); 6321 if (ret) 6322 return ret; 6323 } else if (file->f_op == &bpf_prog_fops) { 6324 prog = file->private_data; 6325 bpfsec = prog->aux->security;	6758 bpf_map_fmode_to_av(file->f_mode), NULL); 6759 if (ret) 6760 return ret; 6761 } else if (file->f_op == &bpf_prog_fops) { 6762 prog = file->private_data; 6763 bpfsec = prog->aux->security;
6326 ret = avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF,	6764 ret = avc_has_perm(&selinux_state, 6765 sid, bpfsec->sid, SECCLASS_BPF,
6327 BPF__PROG_RUN, NULL); 6328 if (ret) 6329 return ret; 6330 } 6331 return 0; 6332} 6333 6334static int selinux_bpf_map(struct bpf_map map, fmode_t fmode) 6335{ 6336 u32 sid = current_sid(); 6337 struct bpf_security_struct bpfsec; 6338 6339 bpfsec = map->security;	6766 BPF__PROG_RUN, NULL); 6767 if (ret) 6768 return ret; 6769 } 6770 return 0; 6771} 6772 6773static int selinux_bpf_map(struct bpf_map map, fmode_t fmode) 6774{ 6775 u32 sid = current_sid(); 6776 struct bpf_security_struct bpfsec; 6777 6778 bpfsec = map->security;
6340 return avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF,	6779 return avc_has_perm(&selinux_state, 6780 sid, bpfsec->sid, SECCLASS_BPF,
6341 bpf_map_fmode_to_av(fmode), NULL); 6342} 6343 6344static int selinux_bpf_prog(struct bpf_prog prog) 6345{ 6346 u32 sid = current_sid(); 6347 struct bpf_security_struct bpfsec; 6348 6349 bpfsec = prog->aux->security;	6781 bpf_map_fmode_to_av(fmode), NULL); 6782} 6783 6784static int selinux_bpf_prog(struct bpf_prog prog) 6785{ 6786 u32 sid = current_sid(); 6787 struct bpf_security_struct bpfsec; 6788 6789 bpfsec = prog->aux->security;
6350 return avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF,	6790 return avc_has_perm(&selinux_state, 6791 sid, bpfsec->sid, SECCLASS_BPF,
6351 BPF__PROG_RUN, NULL); 6352} 6353 6354static int selinux_bpf_map_alloc(struct bpf_map map) 6355{ 6356 struct bpf_security_struct bpfsec; 6357 6358 bpfsec = kzalloc(sizeof(bpfsec), GFP_KERNEL); --- 202 unchanged lines hidden* (view full) --- 6561 LSM_HOOK_INIT(socket_getpeersec_stream, 6562 selinux_socket_getpeersec_stream), 6563 LSM_HOOK_INIT(socket_getpeersec_dgram, selinux_socket_getpeersec_dgram), 6564 LSM_HOOK_INIT(sk_alloc_security, selinux_sk_alloc_security), 6565 LSM_HOOK_INIT(sk_free_security, selinux_sk_free_security), 6566 LSM_HOOK_INIT(sk_clone_security, selinux_sk_clone_security), 6567 LSM_HOOK_INIT(sk_getsecid, selinux_sk_getsecid), 6568 LSM_HOOK_INIT(sock_graft, selinux_sock_graft),	6792 BPF__PROG_RUN, NULL); 6793} 6794 6795static int selinux_bpf_map_alloc(struct bpf_map map) 6796{ 6797 struct bpf_security_struct bpfsec; 6798 6799 bpfsec = kzalloc(sizeof(bpfsec), GFP_KERNEL); --- 202 unchanged lines hidden* (view full) --- 7002 LSM_HOOK_INIT(socket_getpeersec_stream, 7003 selinux_socket_getpeersec_stream), 7004 LSM_HOOK_INIT(socket_getpeersec_dgram, selinux_socket_getpeersec_dgram), 7005 LSM_HOOK_INIT(sk_alloc_security, selinux_sk_alloc_security), 7006 LSM_HOOK_INIT(sk_free_security, selinux_sk_free_security), 7007 LSM_HOOK_INIT(sk_clone_security, selinux_sk_clone_security), 7008 LSM_HOOK_INIT(sk_getsecid, selinux_sk_getsecid), 7009 LSM_HOOK_INIT(sock_graft, selinux_sock_graft),
	7010 LSM_HOOK_INIT(sctp_assoc_request, selinux_sctp_assoc_request), 7011 LSM_HOOK_INIT(sctp_sk_clone, selinux_sctp_sk_clone), 7012 LSM_HOOK_INIT(sctp_bind_connect, selinux_sctp_bind_connect),
6569 LSM_HOOK_INIT(inet_conn_request, selinux_inet_conn_request), 6570 LSM_HOOK_INIT(inet_csk_clone, selinux_inet_csk_clone), 6571 LSM_HOOK_INIT(inet_conn_established, selinux_inet_conn_established), 6572 LSM_HOOK_INIT(secmark_relabel_packet, selinux_secmark_relabel_packet), 6573 LSM_HOOK_INIT(secmark_refcount_inc, selinux_secmark_refcount_inc), 6574 LSM_HOOK_INIT(secmark_refcount_dec, selinux_secmark_refcount_dec), 6575 LSM_HOOK_INIT(req_classify_flow, selinux_req_classify_flow), 6576 LSM_HOOK_INIT(tun_dev_alloc_security, selinux_tun_dev_alloc_security), --- 59 unchanged lines hidden (view full) --- 6636 6637 if (!selinux_enabled) { 6638 printk(KERN_INFO "SELinux: Disabled at boot.\n"); 6639 return 0; 6640 } 6641 6642 printk(KERN_INFO "SELinux: Initializing.\n"); 6643	7013 LSM_HOOK_INIT(inet_conn_request, selinux_inet_conn_request), 7014 LSM_HOOK_INIT(inet_csk_clone, selinux_inet_csk_clone), 7015 LSM_HOOK_INIT(inet_conn_established, selinux_inet_conn_established), 7016 LSM_HOOK_INIT(secmark_relabel_packet, selinux_secmark_relabel_packet), 7017 LSM_HOOK_INIT(secmark_refcount_inc, selinux_secmark_refcount_inc), 7018 LSM_HOOK_INIT(secmark_refcount_dec, selinux_secmark_refcount_dec), 7019 LSM_HOOK_INIT(req_classify_flow, selinux_req_classify_flow), 7020 LSM_HOOK_INIT(tun_dev_alloc_security, selinux_tun_dev_alloc_security), --- 59 unchanged lines hidden (view full) --- 7080 7081 if (!selinux_enabled) { 7082 printk(KERN_INFO "SELinux: Disabled at boot.\n"); 7083 return 0; 7084 } 7085 7086 printk(KERN_INFO "SELinux: Initializing.\n"); 7087
	7088 memset(&selinux_state, 0, sizeof(selinux_state)); 7089 enforcing_set(&selinux_state, selinux_enforcing_boot); 7090 selinux_state.checkreqprot = selinux_checkreqprot_boot; 7091 selinux_ss_init(&selinux_state.ss); 7092 selinux_avc_init(&selinux_state.avc); 7093
6644 /* Set the security state for the initial task. */ 6645 cred_init_security(); 6646 6647 default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC); 6648 6649 sel_inode_cache = kmem_cache_create("selinux_inode_security", 6650 sizeof(struct inode_security_struct), 6651 0, SLAB_PANIC, NULL); 6652 file_security_cache = kmem_cache_create("selinux_file_security", 6653 sizeof(struct file_security_struct), 6654 0, SLAB_PANIC, NULL); 6655 avc_init(); 6656	7094 /* Set the security state for the initial task. */ 7095 cred_init_security(); 7096 7097 default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC); 7098 7099 sel_inode_cache = kmem_cache_create("selinux_inode_security", 7100 sizeof(struct inode_security_struct), 7101 0, SLAB_PANIC, NULL); 7102 file_security_cache = kmem_cache_create("selinux_file_security", 7103 sizeof(struct file_security_struct), 7104 0, SLAB_PANIC, NULL); 7105 avc_init(); 7106
	7107 avtab_cache_init(); 7108 7109 ebitmap_cache_init(); 7110 7111 hashtab_cache_init(); 7112
6657 security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), "selinux"); 6658 6659 if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET)) 6660 panic("SELinux: Unable to register AVC netcache callback\n"); 6661 6662 if (avc_add_callback(selinux_lsm_notifier_avc_callback, AVC_CALLBACK_RESET)) 6663 panic("SELinux: Unable to register AVC LSM notifier callback\n"); 6664	7113 security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), "selinux"); 7114 7115 if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET)) 7116 panic("SELinux: Unable to register AVC netcache callback\n"); 7117 7118 if (avc_add_callback(selinux_lsm_notifier_avc_callback, AVC_CALLBACK_RESET)) 7119 panic("SELinux: Unable to register AVC LSM notifier callback\n"); 7120
6665 if (selinux_enforcing)	7121 if (selinux_enforcing_boot)
6666 printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n"); 6667 else 6668 printk(KERN_DEBUG "SELinux: Starting in permissive mode\n"); 6669 6670 return 0; 6671} 6672 6673static void delayed_superblock_init(struct super_block sb, void unused) --- 104 unchanged lines hidden (view full) --- 6778 6779#ifdef CONFIG_SECURITY_SELINUX_DISABLE 6780#define selinux_nf_ip_exit() 6781#endif 6782 6783#endif /* CONFIG_NETFILTER */ 6784 6785#ifdef CONFIG_SECURITY_SELINUX_DISABLE	7122 printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n"); 7123 else 7124 printk(KERN_DEBUG "SELinux: Starting in permissive mode\n"); 7125 7126 return 0; 7127} 7128 7129static void delayed_superblock_init(struct super_block sb, void unused) --- 104 unchanged lines hidden (view full) --- 7234 7235#ifdef CONFIG_SECURITY_SELINUX_DISABLE 7236#define selinux_nf_ip_exit() 7237#endif 7238 7239#endif /* CONFIG_NETFILTER */ 7240 7241#ifdef CONFIG_SECURITY_SELINUX_DISABLE
6786static int selinux_disabled; 6787 6788int selinux_disable(void)	7242int selinux_disable(struct selinux_state *state)
6789{	7243{
6790 if (ss_initialized) {	7244 if (state->initialized) {
6791 /* Not permitted after initial policy load. */ 6792 return -EINVAL; 6793 } 6794	7245 /* Not permitted after initial policy load. */ 7246 return -EINVAL; 7247 } 7248
6795 if (selinux_disabled) {	7249 if (state->disabled) {
6796 /* Only do this once. */ 6797 return -EINVAL; 6798 } 6799	7250 /* Only do this once. */ 7251 return -EINVAL; 7252 } 7253
	7254 state->disabled = 1; 7255
6800 printk(KERN_INFO "SELinux: Disabled at runtime.\n"); 6801	7256 printk(KERN_INFO "SELinux: Disabled at runtime.\n"); 7257
6802 selinux_disabled = 1;
6803 selinux_enabled = 0; 6804 6805 security_delete_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks)); 6806 6807 /* Try to destroy the avc node cache / 6808 avc_disable(); 6809 6810 / Unregister netfilter hooks. / 6811 selinux_nf_ip_exit(); 6812 6813 / Unregister selinuxfs. */ 6814 exit_sel_fs(); 6815 6816 return 0; 6817} 6818#endif	7258 selinux_enabled = 0; 7259 7260 security_delete_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks)); 7261 7262 /* Try to destroy the avc node cache / 7263 avc_disable(); 7264 7265 / Unregister netfilter hooks. / 7266 selinux_nf_ip_exit(); 7267 7268 / Unregister selinuxfs. */ 7269 exit_sel_fs(); 7270 7271 return 0; 7272} 7273#endif