1*1da177e4SLinus Torvalds /* 2*1da177e4SLinus Torvalds * NSA Security-Enhanced Linux (SELinux) security module 3*1da177e4SLinus Torvalds * 4*1da177e4SLinus Torvalds * This file contains the SELinux hook function implementations. 5*1da177e4SLinus Torvalds * 6*1da177e4SLinus Torvalds * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 7*1da177e4SLinus Torvalds * Chris Vance, <cvance@nai.com> 8*1da177e4SLinus Torvalds * Wayne Salamon, <wsalamon@nai.com> 9*1da177e4SLinus Torvalds * James Morris <jmorris@redhat.com> 10*1da177e4SLinus Torvalds * 11*1da177e4SLinus Torvalds * Copyright (C) 2001,2002 Networks Associates Technology, Inc. 12*1da177e4SLinus Torvalds * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com> 13*1da177e4SLinus Torvalds * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 14*1da177e4SLinus Torvalds * <dgoeddel@trustedcs.com> 15*1da177e4SLinus Torvalds * 16*1da177e4SLinus Torvalds * This program is free software; you can redistribute it and/or modify 17*1da177e4SLinus Torvalds * it under the terms of the GNU General Public License version 2, 18*1da177e4SLinus Torvalds * as published by the Free Software Foundation. 19*1da177e4SLinus Torvalds */ 20*1da177e4SLinus Torvalds 21*1da177e4SLinus Torvalds #include <linux/config.h> 22*1da177e4SLinus Torvalds #include <linux/module.h> 23*1da177e4SLinus Torvalds #include <linux/init.h> 24*1da177e4SLinus Torvalds #include <linux/kernel.h> 25*1da177e4SLinus Torvalds #include <linux/ptrace.h> 26*1da177e4SLinus Torvalds #include <linux/errno.h> 27*1da177e4SLinus Torvalds #include <linux/sched.h> 28*1da177e4SLinus Torvalds #include <linux/security.h> 29*1da177e4SLinus Torvalds #include <linux/xattr.h> 30*1da177e4SLinus Torvalds #include <linux/capability.h> 31*1da177e4SLinus Torvalds #include <linux/unistd.h> 32*1da177e4SLinus Torvalds #include <linux/mm.h> 33*1da177e4SLinus Torvalds #include <linux/mman.h> 34*1da177e4SLinus Torvalds #include <linux/slab.h> 35*1da177e4SLinus Torvalds #include <linux/pagemap.h> 36*1da177e4SLinus Torvalds #include <linux/swap.h> 37*1da177e4SLinus Torvalds #include <linux/smp_lock.h> 38*1da177e4SLinus Torvalds #include <linux/spinlock.h> 39*1da177e4SLinus Torvalds #include <linux/syscalls.h> 40*1da177e4SLinus Torvalds #include <linux/file.h> 41*1da177e4SLinus Torvalds #include <linux/namei.h> 42*1da177e4SLinus Torvalds #include <linux/mount.h> 43*1da177e4SLinus Torvalds #include <linux/ext2_fs.h> 44*1da177e4SLinus Torvalds #include <linux/proc_fs.h> 45*1da177e4SLinus Torvalds #include <linux/kd.h> 46*1da177e4SLinus Torvalds #include <linux/netfilter_ipv4.h> 47*1da177e4SLinus Torvalds #include <linux/netfilter_ipv6.h> 48*1da177e4SLinus Torvalds #include <linux/tty.h> 49*1da177e4SLinus Torvalds #include <net/icmp.h> 50*1da177e4SLinus Torvalds #include <net/ip.h> /* for sysctl_local_port_range[] */ 51*1da177e4SLinus Torvalds #include <net/tcp.h> /* struct or_callable used in sock_rcv_skb */ 52*1da177e4SLinus Torvalds #include <asm/uaccess.h> 53*1da177e4SLinus Torvalds #include <asm/semaphore.h> 54*1da177e4SLinus Torvalds #include <asm/ioctls.h> 55*1da177e4SLinus Torvalds #include <linux/bitops.h> 56*1da177e4SLinus Torvalds #include <linux/interrupt.h> 57*1da177e4SLinus Torvalds #include <linux/netdevice.h> /* for network interface checks */ 58*1da177e4SLinus Torvalds #include <linux/netlink.h> 59*1da177e4SLinus Torvalds #include <linux/tcp.h> 60*1da177e4SLinus Torvalds #include <linux/udp.h> 61*1da177e4SLinus Torvalds #include <linux/quota.h> 62*1da177e4SLinus Torvalds #include <linux/un.h> /* for Unix socket types */ 63*1da177e4SLinus Torvalds #include <net/af_unix.h> /* for Unix socket types */ 64*1da177e4SLinus Torvalds #include <linux/parser.h> 65*1da177e4SLinus Torvalds #include <linux/nfs_mount.h> 66*1da177e4SLinus Torvalds #include <net/ipv6.h> 67*1da177e4SLinus Torvalds #include <linux/hugetlb.h> 68*1da177e4SLinus Torvalds #include <linux/personality.h> 69*1da177e4SLinus Torvalds #include <linux/sysctl.h> 70*1da177e4SLinus Torvalds #include <linux/audit.h> 71*1da177e4SLinus Torvalds 72*1da177e4SLinus Torvalds #include "avc.h" 73*1da177e4SLinus Torvalds #include "objsec.h" 74*1da177e4SLinus Torvalds #include "netif.h" 75*1da177e4SLinus Torvalds 76*1da177e4SLinus Torvalds #define XATTR_SELINUX_SUFFIX "selinux" 77*1da177e4SLinus Torvalds #define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX 78*1da177e4SLinus Torvalds 79*1da177e4SLinus Torvalds extern unsigned int policydb_loaded_version; 80*1da177e4SLinus Torvalds extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm); 81*1da177e4SLinus Torvalds 82*1da177e4SLinus Torvalds #ifdef CONFIG_SECURITY_SELINUX_DEVELOP 83*1da177e4SLinus Torvalds int selinux_enforcing = 0; 84*1da177e4SLinus Torvalds 85*1da177e4SLinus Torvalds static int __init enforcing_setup(char *str) 86*1da177e4SLinus Torvalds { 87*1da177e4SLinus Torvalds selinux_enforcing = simple_strtol(str,NULL,0); 88*1da177e4SLinus Torvalds return 1; 89*1da177e4SLinus Torvalds } 90*1da177e4SLinus Torvalds __setup("enforcing=", enforcing_setup); 91*1da177e4SLinus Torvalds #endif 92*1da177e4SLinus Torvalds 93*1da177e4SLinus Torvalds #ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM 94*1da177e4SLinus Torvalds int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE; 95*1da177e4SLinus Torvalds 96*1da177e4SLinus Torvalds static int __init selinux_enabled_setup(char *str) 97*1da177e4SLinus Torvalds { 98*1da177e4SLinus Torvalds selinux_enabled = simple_strtol(str, NULL, 0); 99*1da177e4SLinus Torvalds return 1; 100*1da177e4SLinus Torvalds } 101*1da177e4SLinus Torvalds __setup("selinux=", selinux_enabled_setup); 102*1da177e4SLinus Torvalds #endif 103*1da177e4SLinus Torvalds 104*1da177e4SLinus Torvalds /* Original (dummy) security module. */ 105*1da177e4SLinus Torvalds static struct security_operations *original_ops = NULL; 106*1da177e4SLinus Torvalds 107*1da177e4SLinus Torvalds /* Minimal support for a secondary security module, 108*1da177e4SLinus Torvalds just to allow the use of the dummy or capability modules. 109*1da177e4SLinus Torvalds The owlsm module can alternatively be used as a secondary 110*1da177e4SLinus Torvalds module as long as CONFIG_OWLSM_FD is not enabled. */ 111*1da177e4SLinus Torvalds static struct security_operations *secondary_ops = NULL; 112*1da177e4SLinus Torvalds 113*1da177e4SLinus Torvalds /* Lists of inode and superblock security structures initialized 114*1da177e4SLinus Torvalds before the policy was loaded. */ 115*1da177e4SLinus Torvalds static LIST_HEAD(superblock_security_head); 116*1da177e4SLinus Torvalds static DEFINE_SPINLOCK(sb_security_lock); 117*1da177e4SLinus Torvalds 118*1da177e4SLinus Torvalds /* Allocate and free functions for each kind of security blob. */ 119*1da177e4SLinus Torvalds 120*1da177e4SLinus Torvalds static int task_alloc_security(struct task_struct *task) 121*1da177e4SLinus Torvalds { 122*1da177e4SLinus Torvalds struct task_security_struct *tsec; 123*1da177e4SLinus Torvalds 124*1da177e4SLinus Torvalds tsec = kmalloc(sizeof(struct task_security_struct), GFP_KERNEL); 125*1da177e4SLinus Torvalds if (!tsec) 126*1da177e4SLinus Torvalds return -ENOMEM; 127*1da177e4SLinus Torvalds 128*1da177e4SLinus Torvalds memset(tsec, 0, sizeof(struct task_security_struct)); 129*1da177e4SLinus Torvalds tsec->magic = SELINUX_MAGIC; 130*1da177e4SLinus Torvalds tsec->task = task; 131*1da177e4SLinus Torvalds tsec->osid = tsec->sid = tsec->ptrace_sid = SECINITSID_UNLABELED; 132*1da177e4SLinus Torvalds task->security = tsec; 133*1da177e4SLinus Torvalds 134*1da177e4SLinus Torvalds return 0; 135*1da177e4SLinus Torvalds } 136*1da177e4SLinus Torvalds 137*1da177e4SLinus Torvalds static void task_free_security(struct task_struct *task) 138*1da177e4SLinus Torvalds { 139*1da177e4SLinus Torvalds struct task_security_struct *tsec = task->security; 140*1da177e4SLinus Torvalds 141*1da177e4SLinus Torvalds if (!tsec || tsec->magic != SELINUX_MAGIC) 142*1da177e4SLinus Torvalds return; 143*1da177e4SLinus Torvalds 144*1da177e4SLinus Torvalds task->security = NULL; 145*1da177e4SLinus Torvalds kfree(tsec); 146*1da177e4SLinus Torvalds } 147*1da177e4SLinus Torvalds 148*1da177e4SLinus Torvalds static int inode_alloc_security(struct inode *inode) 149*1da177e4SLinus Torvalds { 150*1da177e4SLinus Torvalds struct task_security_struct *tsec = current->security; 151*1da177e4SLinus Torvalds struct inode_security_struct *isec; 152*1da177e4SLinus Torvalds 153*1da177e4SLinus Torvalds isec = kmalloc(sizeof(struct inode_security_struct), GFP_KERNEL); 154*1da177e4SLinus Torvalds if (!isec) 155*1da177e4SLinus Torvalds return -ENOMEM; 156*1da177e4SLinus Torvalds 157*1da177e4SLinus Torvalds memset(isec, 0, sizeof(struct inode_security_struct)); 158*1da177e4SLinus Torvalds init_MUTEX(&isec->sem); 159*1da177e4SLinus Torvalds INIT_LIST_HEAD(&isec->list); 160*1da177e4SLinus Torvalds isec->magic = SELINUX_MAGIC; 161*1da177e4SLinus Torvalds isec->inode = inode; 162*1da177e4SLinus Torvalds isec->sid = SECINITSID_UNLABELED; 163*1da177e4SLinus Torvalds isec->sclass = SECCLASS_FILE; 164*1da177e4SLinus Torvalds if (tsec && tsec->magic == SELINUX_MAGIC) 165*1da177e4SLinus Torvalds isec->task_sid = tsec->sid; 166*1da177e4SLinus Torvalds else 167*1da177e4SLinus Torvalds isec->task_sid = SECINITSID_UNLABELED; 168*1da177e4SLinus Torvalds inode->i_security = isec; 169*1da177e4SLinus Torvalds 170*1da177e4SLinus Torvalds return 0; 171*1da177e4SLinus Torvalds } 172*1da177e4SLinus Torvalds 173*1da177e4SLinus Torvalds static void inode_free_security(struct inode *inode) 174*1da177e4SLinus Torvalds { 175*1da177e4SLinus Torvalds struct inode_security_struct *isec = inode->i_security; 176*1da177e4SLinus Torvalds struct superblock_security_struct *sbsec = inode->i_sb->s_security; 177*1da177e4SLinus Torvalds 178*1da177e4SLinus Torvalds if (!isec || isec->magic != SELINUX_MAGIC) 179*1da177e4SLinus Torvalds return; 180*1da177e4SLinus Torvalds 181*1da177e4SLinus Torvalds spin_lock(&sbsec->isec_lock); 182*1da177e4SLinus Torvalds if (!list_empty(&isec->list)) 183*1da177e4SLinus Torvalds list_del_init(&isec->list); 184*1da177e4SLinus Torvalds spin_unlock(&sbsec->isec_lock); 185*1da177e4SLinus Torvalds 186*1da177e4SLinus Torvalds inode->i_security = NULL; 187*1da177e4SLinus Torvalds kfree(isec); 188*1da177e4SLinus Torvalds } 189*1da177e4SLinus Torvalds 190*1da177e4SLinus Torvalds static int file_alloc_security(struct file *file) 191*1da177e4SLinus Torvalds { 192*1da177e4SLinus Torvalds struct task_security_struct *tsec = current->security; 193*1da177e4SLinus Torvalds struct file_security_struct *fsec; 194*1da177e4SLinus Torvalds 195*1da177e4SLinus Torvalds fsec = kmalloc(sizeof(struct file_security_struct), GFP_ATOMIC); 196*1da177e4SLinus Torvalds if (!fsec) 197*1da177e4SLinus Torvalds return -ENOMEM; 198*1da177e4SLinus Torvalds 199*1da177e4SLinus Torvalds memset(fsec, 0, sizeof(struct file_security_struct)); 200*1da177e4SLinus Torvalds fsec->magic = SELINUX_MAGIC; 201*1da177e4SLinus Torvalds fsec->file = file; 202*1da177e4SLinus Torvalds if (tsec && tsec->magic == SELINUX_MAGIC) { 203*1da177e4SLinus Torvalds fsec->sid = tsec->sid; 204*1da177e4SLinus Torvalds fsec->fown_sid = tsec->sid; 205*1da177e4SLinus Torvalds } else { 206*1da177e4SLinus Torvalds fsec->sid = SECINITSID_UNLABELED; 207*1da177e4SLinus Torvalds fsec->fown_sid = SECINITSID_UNLABELED; 208*1da177e4SLinus Torvalds } 209*1da177e4SLinus Torvalds file->f_security = fsec; 210*1da177e4SLinus Torvalds 211*1da177e4SLinus Torvalds return 0; 212*1da177e4SLinus Torvalds } 213*1da177e4SLinus Torvalds 214*1da177e4SLinus Torvalds static void file_free_security(struct file *file) 215*1da177e4SLinus Torvalds { 216*1da177e4SLinus Torvalds struct file_security_struct *fsec = file->f_security; 217*1da177e4SLinus Torvalds 218*1da177e4SLinus Torvalds if (!fsec || fsec->magic != SELINUX_MAGIC) 219*1da177e4SLinus Torvalds return; 220*1da177e4SLinus Torvalds 221*1da177e4SLinus Torvalds file->f_security = NULL; 222*1da177e4SLinus Torvalds kfree(fsec); 223*1da177e4SLinus Torvalds } 224*1da177e4SLinus Torvalds 225*1da177e4SLinus Torvalds static int superblock_alloc_security(struct super_block *sb) 226*1da177e4SLinus Torvalds { 227*1da177e4SLinus Torvalds struct superblock_security_struct *sbsec; 228*1da177e4SLinus Torvalds 229*1da177e4SLinus Torvalds sbsec = kmalloc(sizeof(struct superblock_security_struct), GFP_KERNEL); 230*1da177e4SLinus Torvalds if (!sbsec) 231*1da177e4SLinus Torvalds return -ENOMEM; 232*1da177e4SLinus Torvalds 233*1da177e4SLinus Torvalds memset(sbsec, 0, sizeof(struct superblock_security_struct)); 234*1da177e4SLinus Torvalds init_MUTEX(&sbsec->sem); 235*1da177e4SLinus Torvalds INIT_LIST_HEAD(&sbsec->list); 236*1da177e4SLinus Torvalds INIT_LIST_HEAD(&sbsec->isec_head); 237*1da177e4SLinus Torvalds spin_lock_init(&sbsec->isec_lock); 238*1da177e4SLinus Torvalds sbsec->magic = SELINUX_MAGIC; 239*1da177e4SLinus Torvalds sbsec->sb = sb; 240*1da177e4SLinus Torvalds sbsec->sid = SECINITSID_UNLABELED; 241*1da177e4SLinus Torvalds sbsec->def_sid = SECINITSID_FILE; 242*1da177e4SLinus Torvalds sb->s_security = sbsec; 243*1da177e4SLinus Torvalds 244*1da177e4SLinus Torvalds return 0; 245*1da177e4SLinus Torvalds } 246*1da177e4SLinus Torvalds 247*1da177e4SLinus Torvalds static void superblock_free_security(struct super_block *sb) 248*1da177e4SLinus Torvalds { 249*1da177e4SLinus Torvalds struct superblock_security_struct *sbsec = sb->s_security; 250*1da177e4SLinus Torvalds 251*1da177e4SLinus Torvalds if (!sbsec || sbsec->magic != SELINUX_MAGIC) 252*1da177e4SLinus Torvalds return; 253*1da177e4SLinus Torvalds 254*1da177e4SLinus Torvalds spin_lock(&sb_security_lock); 255*1da177e4SLinus Torvalds if (!list_empty(&sbsec->list)) 256*1da177e4SLinus Torvalds list_del_init(&sbsec->list); 257*1da177e4SLinus Torvalds spin_unlock(&sb_security_lock); 258*1da177e4SLinus Torvalds 259*1da177e4SLinus Torvalds sb->s_security = NULL; 260*1da177e4SLinus Torvalds kfree(sbsec); 261*1da177e4SLinus Torvalds } 262*1da177e4SLinus Torvalds 263*1da177e4SLinus Torvalds #ifdef CONFIG_SECURITY_NETWORK 264*1da177e4SLinus Torvalds static int sk_alloc_security(struct sock *sk, int family, int priority) 265*1da177e4SLinus Torvalds { 266*1da177e4SLinus Torvalds struct sk_security_struct *ssec; 267*1da177e4SLinus Torvalds 268*1da177e4SLinus Torvalds if (family != PF_UNIX) 269*1da177e4SLinus Torvalds return 0; 270*1da177e4SLinus Torvalds 271*1da177e4SLinus Torvalds ssec = kmalloc(sizeof(*ssec), priority); 272*1da177e4SLinus Torvalds if (!ssec) 273*1da177e4SLinus Torvalds return -ENOMEM; 274*1da177e4SLinus Torvalds 275*1da177e4SLinus Torvalds memset(ssec, 0, sizeof(*ssec)); 276*1da177e4SLinus Torvalds ssec->magic = SELINUX_MAGIC; 277*1da177e4SLinus Torvalds ssec->sk = sk; 278*1da177e4SLinus Torvalds ssec->peer_sid = SECINITSID_UNLABELED; 279*1da177e4SLinus Torvalds sk->sk_security = ssec; 280*1da177e4SLinus Torvalds 281*1da177e4SLinus Torvalds return 0; 282*1da177e4SLinus Torvalds } 283*1da177e4SLinus Torvalds 284*1da177e4SLinus Torvalds static void sk_free_security(struct sock *sk) 285*1da177e4SLinus Torvalds { 286*1da177e4SLinus Torvalds struct sk_security_struct *ssec = sk->sk_security; 287*1da177e4SLinus Torvalds 288*1da177e4SLinus Torvalds if (sk->sk_family != PF_UNIX || ssec->magic != SELINUX_MAGIC) 289*1da177e4SLinus Torvalds return; 290*1da177e4SLinus Torvalds 291*1da177e4SLinus Torvalds sk->sk_security = NULL; 292*1da177e4SLinus Torvalds kfree(ssec); 293*1da177e4SLinus Torvalds } 294*1da177e4SLinus Torvalds #endif /* CONFIG_SECURITY_NETWORK */ 295*1da177e4SLinus Torvalds 296*1da177e4SLinus Torvalds /* The security server must be initialized before 297*1da177e4SLinus Torvalds any labeling or access decisions can be provided. */ 298*1da177e4SLinus Torvalds extern int ss_initialized; 299*1da177e4SLinus Torvalds 300*1da177e4SLinus Torvalds /* The file system's label must be initialized prior to use. */ 301*1da177e4SLinus Torvalds 302*1da177e4SLinus Torvalds static char *labeling_behaviors[6] = { 303*1da177e4SLinus Torvalds "uses xattr", 304*1da177e4SLinus Torvalds "uses transition SIDs", 305*1da177e4SLinus Torvalds "uses task SIDs", 306*1da177e4SLinus Torvalds "uses genfs_contexts", 307*1da177e4SLinus Torvalds "not configured for labeling", 308*1da177e4SLinus Torvalds "uses mountpoint labeling", 309*1da177e4SLinus Torvalds }; 310*1da177e4SLinus Torvalds 311*1da177e4SLinus Torvalds static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry); 312*1da177e4SLinus Torvalds 313*1da177e4SLinus Torvalds static inline int inode_doinit(struct inode *inode) 314*1da177e4SLinus Torvalds { 315*1da177e4SLinus Torvalds return inode_doinit_with_dentry(inode, NULL); 316*1da177e4SLinus Torvalds } 317*1da177e4SLinus Torvalds 318*1da177e4SLinus Torvalds enum { 319*1da177e4SLinus Torvalds Opt_context = 1, 320*1da177e4SLinus Torvalds Opt_fscontext = 2, 321*1da177e4SLinus Torvalds Opt_defcontext = 4, 322*1da177e4SLinus Torvalds }; 323*1da177e4SLinus Torvalds 324*1da177e4SLinus Torvalds static match_table_t tokens = { 325*1da177e4SLinus Torvalds {Opt_context, "context=%s"}, 326*1da177e4SLinus Torvalds {Opt_fscontext, "fscontext=%s"}, 327*1da177e4SLinus Torvalds {Opt_defcontext, "defcontext=%s"}, 328*1da177e4SLinus Torvalds }; 329*1da177e4SLinus Torvalds 330*1da177e4SLinus Torvalds #define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n" 331*1da177e4SLinus Torvalds 332*1da177e4SLinus Torvalds static int try_context_mount(struct super_block *sb, void *data) 333*1da177e4SLinus Torvalds { 334*1da177e4SLinus Torvalds char *context = NULL, *defcontext = NULL; 335*1da177e4SLinus Torvalds const char *name; 336*1da177e4SLinus Torvalds u32 sid; 337*1da177e4SLinus Torvalds int alloc = 0, rc = 0, seen = 0; 338*1da177e4SLinus Torvalds struct task_security_struct *tsec = current->security; 339*1da177e4SLinus Torvalds struct superblock_security_struct *sbsec = sb->s_security; 340*1da177e4SLinus Torvalds 341*1da177e4SLinus Torvalds if (!data) 342*1da177e4SLinus Torvalds goto out; 343*1da177e4SLinus Torvalds 344*1da177e4SLinus Torvalds name = sb->s_type->name; 345*1da177e4SLinus Torvalds 346*1da177e4SLinus Torvalds if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA) { 347*1da177e4SLinus Torvalds 348*1da177e4SLinus Torvalds /* NFS we understand. */ 349*1da177e4SLinus Torvalds if (!strcmp(name, "nfs")) { 350*1da177e4SLinus Torvalds struct nfs_mount_data *d = data; 351*1da177e4SLinus Torvalds 352*1da177e4SLinus Torvalds if (d->version < NFS_MOUNT_VERSION) 353*1da177e4SLinus Torvalds goto out; 354*1da177e4SLinus Torvalds 355*1da177e4SLinus Torvalds if (d->context[0]) { 356*1da177e4SLinus Torvalds context = d->context; 357*1da177e4SLinus Torvalds seen |= Opt_context; 358*1da177e4SLinus Torvalds } 359*1da177e4SLinus Torvalds } else 360*1da177e4SLinus Torvalds goto out; 361*1da177e4SLinus Torvalds 362*1da177e4SLinus Torvalds } else { 363*1da177e4SLinus Torvalds /* Standard string-based options. */ 364*1da177e4SLinus Torvalds char *p, *options = data; 365*1da177e4SLinus Torvalds 366*1da177e4SLinus Torvalds while ((p = strsep(&options, ",")) != NULL) { 367*1da177e4SLinus Torvalds int token; 368*1da177e4SLinus Torvalds substring_t args[MAX_OPT_ARGS]; 369*1da177e4SLinus Torvalds 370*1da177e4SLinus Torvalds if (!*p) 371*1da177e4SLinus Torvalds continue; 372*1da177e4SLinus Torvalds 373*1da177e4SLinus Torvalds token = match_token(p, tokens, args); 374*1da177e4SLinus Torvalds 375*1da177e4SLinus Torvalds switch (token) { 376*1da177e4SLinus Torvalds case Opt_context: 377*1da177e4SLinus Torvalds if (seen) { 378*1da177e4SLinus Torvalds rc = -EINVAL; 379*1da177e4SLinus Torvalds printk(KERN_WARNING SEL_MOUNT_FAIL_MSG); 380*1da177e4SLinus Torvalds goto out_free; 381*1da177e4SLinus Torvalds } 382*1da177e4SLinus Torvalds context = match_strdup(&args[0]); 383*1da177e4SLinus Torvalds if (!context) { 384*1da177e4SLinus Torvalds rc = -ENOMEM; 385*1da177e4SLinus Torvalds goto out_free; 386*1da177e4SLinus Torvalds } 387*1da177e4SLinus Torvalds if (!alloc) 388*1da177e4SLinus Torvalds alloc = 1; 389*1da177e4SLinus Torvalds seen |= Opt_context; 390*1da177e4SLinus Torvalds break; 391*1da177e4SLinus Torvalds 392*1da177e4SLinus Torvalds case Opt_fscontext: 393*1da177e4SLinus Torvalds if (seen & (Opt_context|Opt_fscontext)) { 394*1da177e4SLinus Torvalds rc = -EINVAL; 395*1da177e4SLinus Torvalds printk(KERN_WARNING SEL_MOUNT_FAIL_MSG); 396*1da177e4SLinus Torvalds goto out_free; 397*1da177e4SLinus Torvalds } 398*1da177e4SLinus Torvalds context = match_strdup(&args[0]); 399*1da177e4SLinus Torvalds if (!context) { 400*1da177e4SLinus Torvalds rc = -ENOMEM; 401*1da177e4SLinus Torvalds goto out_free; 402*1da177e4SLinus Torvalds } 403*1da177e4SLinus Torvalds if (!alloc) 404*1da177e4SLinus Torvalds alloc = 1; 405*1da177e4SLinus Torvalds seen |= Opt_fscontext; 406*1da177e4SLinus Torvalds break; 407*1da177e4SLinus Torvalds 408*1da177e4SLinus Torvalds case Opt_defcontext: 409*1da177e4SLinus Torvalds if (sbsec->behavior != SECURITY_FS_USE_XATTR) { 410*1da177e4SLinus Torvalds rc = -EINVAL; 411*1da177e4SLinus Torvalds printk(KERN_WARNING "SELinux: " 412*1da177e4SLinus Torvalds "defcontext option is invalid " 413*1da177e4SLinus Torvalds "for this filesystem type\n"); 414*1da177e4SLinus Torvalds goto out_free; 415*1da177e4SLinus Torvalds } 416*1da177e4SLinus Torvalds if (seen & (Opt_context|Opt_defcontext)) { 417*1da177e4SLinus Torvalds rc = -EINVAL; 418*1da177e4SLinus Torvalds printk(KERN_WARNING SEL_MOUNT_FAIL_MSG); 419*1da177e4SLinus Torvalds goto out_free; 420*1da177e4SLinus Torvalds } 421*1da177e4SLinus Torvalds defcontext = match_strdup(&args[0]); 422*1da177e4SLinus Torvalds if (!defcontext) { 423*1da177e4SLinus Torvalds rc = -ENOMEM; 424*1da177e4SLinus Torvalds goto out_free; 425*1da177e4SLinus Torvalds } 426*1da177e4SLinus Torvalds if (!alloc) 427*1da177e4SLinus Torvalds alloc = 1; 428*1da177e4SLinus Torvalds seen |= Opt_defcontext; 429*1da177e4SLinus Torvalds break; 430*1da177e4SLinus Torvalds 431*1da177e4SLinus Torvalds default: 432*1da177e4SLinus Torvalds rc = -EINVAL; 433*1da177e4SLinus Torvalds printk(KERN_WARNING "SELinux: unknown mount " 434*1da177e4SLinus Torvalds "option\n"); 435*1da177e4SLinus Torvalds goto out_free; 436*1da177e4SLinus Torvalds 437*1da177e4SLinus Torvalds } 438*1da177e4SLinus Torvalds } 439*1da177e4SLinus Torvalds } 440*1da177e4SLinus Torvalds 441*1da177e4SLinus Torvalds if (!seen) 442*1da177e4SLinus Torvalds goto out; 443*1da177e4SLinus Torvalds 444*1da177e4SLinus Torvalds if (context) { 445*1da177e4SLinus Torvalds rc = security_context_to_sid(context, strlen(context), &sid); 446*1da177e4SLinus Torvalds if (rc) { 447*1da177e4SLinus Torvalds printk(KERN_WARNING "SELinux: security_context_to_sid" 448*1da177e4SLinus Torvalds "(%s) failed for (dev %s, type %s) errno=%d\n", 449*1da177e4SLinus Torvalds context, sb->s_id, name, rc); 450*1da177e4SLinus Torvalds goto out_free; 451*1da177e4SLinus Torvalds } 452*1da177e4SLinus Torvalds 453*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, 454*1da177e4SLinus Torvalds FILESYSTEM__RELABELFROM, NULL); 455*1da177e4SLinus Torvalds if (rc) 456*1da177e4SLinus Torvalds goto out_free; 457*1da177e4SLinus Torvalds 458*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM, 459*1da177e4SLinus Torvalds FILESYSTEM__RELABELTO, NULL); 460*1da177e4SLinus Torvalds if (rc) 461*1da177e4SLinus Torvalds goto out_free; 462*1da177e4SLinus Torvalds 463*1da177e4SLinus Torvalds sbsec->sid = sid; 464*1da177e4SLinus Torvalds 465*1da177e4SLinus Torvalds if (seen & Opt_context) 466*1da177e4SLinus Torvalds sbsec->behavior = SECURITY_FS_USE_MNTPOINT; 467*1da177e4SLinus Torvalds } 468*1da177e4SLinus Torvalds 469*1da177e4SLinus Torvalds if (defcontext) { 470*1da177e4SLinus Torvalds rc = security_context_to_sid(defcontext, strlen(defcontext), &sid); 471*1da177e4SLinus Torvalds if (rc) { 472*1da177e4SLinus Torvalds printk(KERN_WARNING "SELinux: security_context_to_sid" 473*1da177e4SLinus Torvalds "(%s) failed for (dev %s, type %s) errno=%d\n", 474*1da177e4SLinus Torvalds defcontext, sb->s_id, name, rc); 475*1da177e4SLinus Torvalds goto out_free; 476*1da177e4SLinus Torvalds } 477*1da177e4SLinus Torvalds 478*1da177e4SLinus Torvalds if (sid == sbsec->def_sid) 479*1da177e4SLinus Torvalds goto out_free; 480*1da177e4SLinus Torvalds 481*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, 482*1da177e4SLinus Torvalds FILESYSTEM__RELABELFROM, NULL); 483*1da177e4SLinus Torvalds if (rc) 484*1da177e4SLinus Torvalds goto out_free; 485*1da177e4SLinus Torvalds 486*1da177e4SLinus Torvalds rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, 487*1da177e4SLinus Torvalds FILESYSTEM__ASSOCIATE, NULL); 488*1da177e4SLinus Torvalds if (rc) 489*1da177e4SLinus Torvalds goto out_free; 490*1da177e4SLinus Torvalds 491*1da177e4SLinus Torvalds sbsec->def_sid = sid; 492*1da177e4SLinus Torvalds } 493*1da177e4SLinus Torvalds 494*1da177e4SLinus Torvalds out_free: 495*1da177e4SLinus Torvalds if (alloc) { 496*1da177e4SLinus Torvalds kfree(context); 497*1da177e4SLinus Torvalds kfree(defcontext); 498*1da177e4SLinus Torvalds } 499*1da177e4SLinus Torvalds out: 500*1da177e4SLinus Torvalds return rc; 501*1da177e4SLinus Torvalds } 502*1da177e4SLinus Torvalds 503*1da177e4SLinus Torvalds static int superblock_doinit(struct super_block *sb, void *data) 504*1da177e4SLinus Torvalds { 505*1da177e4SLinus Torvalds struct superblock_security_struct *sbsec = sb->s_security; 506*1da177e4SLinus Torvalds struct dentry *root = sb->s_root; 507*1da177e4SLinus Torvalds struct inode *inode = root->d_inode; 508*1da177e4SLinus Torvalds int rc = 0; 509*1da177e4SLinus Torvalds 510*1da177e4SLinus Torvalds down(&sbsec->sem); 511*1da177e4SLinus Torvalds if (sbsec->initialized) 512*1da177e4SLinus Torvalds goto out; 513*1da177e4SLinus Torvalds 514*1da177e4SLinus Torvalds if (!ss_initialized) { 515*1da177e4SLinus Torvalds /* Defer initialization until selinux_complete_init, 516*1da177e4SLinus Torvalds after the initial policy is loaded and the security 517*1da177e4SLinus Torvalds server is ready to handle calls. */ 518*1da177e4SLinus Torvalds spin_lock(&sb_security_lock); 519*1da177e4SLinus Torvalds if (list_empty(&sbsec->list)) 520*1da177e4SLinus Torvalds list_add(&sbsec->list, &superblock_security_head); 521*1da177e4SLinus Torvalds spin_unlock(&sb_security_lock); 522*1da177e4SLinus Torvalds goto out; 523*1da177e4SLinus Torvalds } 524*1da177e4SLinus Torvalds 525*1da177e4SLinus Torvalds /* Determine the labeling behavior to use for this filesystem type. */ 526*1da177e4SLinus Torvalds rc = security_fs_use(sb->s_type->name, &sbsec->behavior, &sbsec->sid); 527*1da177e4SLinus Torvalds if (rc) { 528*1da177e4SLinus Torvalds printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n", 529*1da177e4SLinus Torvalds __FUNCTION__, sb->s_type->name, rc); 530*1da177e4SLinus Torvalds goto out; 531*1da177e4SLinus Torvalds } 532*1da177e4SLinus Torvalds 533*1da177e4SLinus Torvalds rc = try_context_mount(sb, data); 534*1da177e4SLinus Torvalds if (rc) 535*1da177e4SLinus Torvalds goto out; 536*1da177e4SLinus Torvalds 537*1da177e4SLinus Torvalds if (sbsec->behavior == SECURITY_FS_USE_XATTR) { 538*1da177e4SLinus Torvalds /* Make sure that the xattr handler exists and that no 539*1da177e4SLinus Torvalds error other than -ENODATA is returned by getxattr on 540*1da177e4SLinus Torvalds the root directory. -ENODATA is ok, as this may be 541*1da177e4SLinus Torvalds the first boot of the SELinux kernel before we have 542*1da177e4SLinus Torvalds assigned xattr values to the filesystem. */ 543*1da177e4SLinus Torvalds if (!inode->i_op->getxattr) { 544*1da177e4SLinus Torvalds printk(KERN_WARNING "SELinux: (dev %s, type %s) has no " 545*1da177e4SLinus Torvalds "xattr support\n", sb->s_id, sb->s_type->name); 546*1da177e4SLinus Torvalds rc = -EOPNOTSUPP; 547*1da177e4SLinus Torvalds goto out; 548*1da177e4SLinus Torvalds } 549*1da177e4SLinus Torvalds rc = inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0); 550*1da177e4SLinus Torvalds if (rc < 0 && rc != -ENODATA) { 551*1da177e4SLinus Torvalds if (rc == -EOPNOTSUPP) 552*1da177e4SLinus Torvalds printk(KERN_WARNING "SELinux: (dev %s, type " 553*1da177e4SLinus Torvalds "%s) has no security xattr handler\n", 554*1da177e4SLinus Torvalds sb->s_id, sb->s_type->name); 555*1da177e4SLinus Torvalds else 556*1da177e4SLinus Torvalds printk(KERN_WARNING "SELinux: (dev %s, type " 557*1da177e4SLinus Torvalds "%s) getxattr errno %d\n", sb->s_id, 558*1da177e4SLinus Torvalds sb->s_type->name, -rc); 559*1da177e4SLinus Torvalds goto out; 560*1da177e4SLinus Torvalds } 561*1da177e4SLinus Torvalds } 562*1da177e4SLinus Torvalds 563*1da177e4SLinus Torvalds if (strcmp(sb->s_type->name, "proc") == 0) 564*1da177e4SLinus Torvalds sbsec->proc = 1; 565*1da177e4SLinus Torvalds 566*1da177e4SLinus Torvalds sbsec->initialized = 1; 567*1da177e4SLinus Torvalds 568*1da177e4SLinus Torvalds if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) { 569*1da177e4SLinus Torvalds printk(KERN_INFO "SELinux: initialized (dev %s, type %s), unknown behavior\n", 570*1da177e4SLinus Torvalds sb->s_id, sb->s_type->name); 571*1da177e4SLinus Torvalds } 572*1da177e4SLinus Torvalds else { 573*1da177e4SLinus Torvalds printk(KERN_INFO "SELinux: initialized (dev %s, type %s), %s\n", 574*1da177e4SLinus Torvalds sb->s_id, sb->s_type->name, 575*1da177e4SLinus Torvalds labeling_behaviors[sbsec->behavior-1]); 576*1da177e4SLinus Torvalds } 577*1da177e4SLinus Torvalds 578*1da177e4SLinus Torvalds /* Initialize the root inode. */ 579*1da177e4SLinus Torvalds rc = inode_doinit_with_dentry(sb->s_root->d_inode, sb->s_root); 580*1da177e4SLinus Torvalds 581*1da177e4SLinus Torvalds /* Initialize any other inodes associated with the superblock, e.g. 582*1da177e4SLinus Torvalds inodes created prior to initial policy load or inodes created 583*1da177e4SLinus Torvalds during get_sb by a pseudo filesystem that directly 584*1da177e4SLinus Torvalds populates itself. */ 585*1da177e4SLinus Torvalds spin_lock(&sbsec->isec_lock); 586*1da177e4SLinus Torvalds next_inode: 587*1da177e4SLinus Torvalds if (!list_empty(&sbsec->isec_head)) { 588*1da177e4SLinus Torvalds struct inode_security_struct *isec = 589*1da177e4SLinus Torvalds list_entry(sbsec->isec_head.next, 590*1da177e4SLinus Torvalds struct inode_security_struct, list); 591*1da177e4SLinus Torvalds struct inode *inode = isec->inode; 592*1da177e4SLinus Torvalds spin_unlock(&sbsec->isec_lock); 593*1da177e4SLinus Torvalds inode = igrab(inode); 594*1da177e4SLinus Torvalds if (inode) { 595*1da177e4SLinus Torvalds if (!IS_PRIVATE (inode)) 596*1da177e4SLinus Torvalds inode_doinit(inode); 597*1da177e4SLinus Torvalds iput(inode); 598*1da177e4SLinus Torvalds } 599*1da177e4SLinus Torvalds spin_lock(&sbsec->isec_lock); 600*1da177e4SLinus Torvalds list_del_init(&isec->list); 601*1da177e4SLinus Torvalds goto next_inode; 602*1da177e4SLinus Torvalds } 603*1da177e4SLinus Torvalds spin_unlock(&sbsec->isec_lock); 604*1da177e4SLinus Torvalds out: 605*1da177e4SLinus Torvalds up(&sbsec->sem); 606*1da177e4SLinus Torvalds return rc; 607*1da177e4SLinus Torvalds } 608*1da177e4SLinus Torvalds 609*1da177e4SLinus Torvalds static inline u16 inode_mode_to_security_class(umode_t mode) 610*1da177e4SLinus Torvalds { 611*1da177e4SLinus Torvalds switch (mode & S_IFMT) { 612*1da177e4SLinus Torvalds case S_IFSOCK: 613*1da177e4SLinus Torvalds return SECCLASS_SOCK_FILE; 614*1da177e4SLinus Torvalds case S_IFLNK: 615*1da177e4SLinus Torvalds return SECCLASS_LNK_FILE; 616*1da177e4SLinus Torvalds case S_IFREG: 617*1da177e4SLinus Torvalds return SECCLASS_FILE; 618*1da177e4SLinus Torvalds case S_IFBLK: 619*1da177e4SLinus Torvalds return SECCLASS_BLK_FILE; 620*1da177e4SLinus Torvalds case S_IFDIR: 621*1da177e4SLinus Torvalds return SECCLASS_DIR; 622*1da177e4SLinus Torvalds case S_IFCHR: 623*1da177e4SLinus Torvalds return SECCLASS_CHR_FILE; 624*1da177e4SLinus Torvalds case S_IFIFO: 625*1da177e4SLinus Torvalds return SECCLASS_FIFO_FILE; 626*1da177e4SLinus Torvalds 627*1da177e4SLinus Torvalds } 628*1da177e4SLinus Torvalds 629*1da177e4SLinus Torvalds return SECCLASS_FILE; 630*1da177e4SLinus Torvalds } 631*1da177e4SLinus Torvalds 632*1da177e4SLinus Torvalds static inline u16 socket_type_to_security_class(int family, int type, int protocol) 633*1da177e4SLinus Torvalds { 634*1da177e4SLinus Torvalds switch (family) { 635*1da177e4SLinus Torvalds case PF_UNIX: 636*1da177e4SLinus Torvalds switch (type) { 637*1da177e4SLinus Torvalds case SOCK_STREAM: 638*1da177e4SLinus Torvalds case SOCK_SEQPACKET: 639*1da177e4SLinus Torvalds return SECCLASS_UNIX_STREAM_SOCKET; 640*1da177e4SLinus Torvalds case SOCK_DGRAM: 641*1da177e4SLinus Torvalds return SECCLASS_UNIX_DGRAM_SOCKET; 642*1da177e4SLinus Torvalds } 643*1da177e4SLinus Torvalds break; 644*1da177e4SLinus Torvalds case PF_INET: 645*1da177e4SLinus Torvalds case PF_INET6: 646*1da177e4SLinus Torvalds switch (type) { 647*1da177e4SLinus Torvalds case SOCK_STREAM: 648*1da177e4SLinus Torvalds return SECCLASS_TCP_SOCKET; 649*1da177e4SLinus Torvalds case SOCK_DGRAM: 650*1da177e4SLinus Torvalds return SECCLASS_UDP_SOCKET; 651*1da177e4SLinus Torvalds case SOCK_RAW: 652*1da177e4SLinus Torvalds return SECCLASS_RAWIP_SOCKET; 653*1da177e4SLinus Torvalds } 654*1da177e4SLinus Torvalds break; 655*1da177e4SLinus Torvalds case PF_NETLINK: 656*1da177e4SLinus Torvalds switch (protocol) { 657*1da177e4SLinus Torvalds case NETLINK_ROUTE: 658*1da177e4SLinus Torvalds return SECCLASS_NETLINK_ROUTE_SOCKET; 659*1da177e4SLinus Torvalds case NETLINK_FIREWALL: 660*1da177e4SLinus Torvalds return SECCLASS_NETLINK_FIREWALL_SOCKET; 661*1da177e4SLinus Torvalds case NETLINK_TCPDIAG: 662*1da177e4SLinus Torvalds return SECCLASS_NETLINK_TCPDIAG_SOCKET; 663*1da177e4SLinus Torvalds case NETLINK_NFLOG: 664*1da177e4SLinus Torvalds return SECCLASS_NETLINK_NFLOG_SOCKET; 665*1da177e4SLinus Torvalds case NETLINK_XFRM: 666*1da177e4SLinus Torvalds return SECCLASS_NETLINK_XFRM_SOCKET; 667*1da177e4SLinus Torvalds case NETLINK_SELINUX: 668*1da177e4SLinus Torvalds return SECCLASS_NETLINK_SELINUX_SOCKET; 669*1da177e4SLinus Torvalds case NETLINK_AUDIT: 670*1da177e4SLinus Torvalds return SECCLASS_NETLINK_AUDIT_SOCKET; 671*1da177e4SLinus Torvalds case NETLINK_IP6_FW: 672*1da177e4SLinus Torvalds return SECCLASS_NETLINK_IP6FW_SOCKET; 673*1da177e4SLinus Torvalds case NETLINK_DNRTMSG: 674*1da177e4SLinus Torvalds return SECCLASS_NETLINK_DNRT_SOCKET; 675*1da177e4SLinus Torvalds default: 676*1da177e4SLinus Torvalds return SECCLASS_NETLINK_SOCKET; 677*1da177e4SLinus Torvalds } 678*1da177e4SLinus Torvalds case PF_PACKET: 679*1da177e4SLinus Torvalds return SECCLASS_PACKET_SOCKET; 680*1da177e4SLinus Torvalds case PF_KEY: 681*1da177e4SLinus Torvalds return SECCLASS_KEY_SOCKET; 682*1da177e4SLinus Torvalds } 683*1da177e4SLinus Torvalds 684*1da177e4SLinus Torvalds return SECCLASS_SOCKET; 685*1da177e4SLinus Torvalds } 686*1da177e4SLinus Torvalds 687*1da177e4SLinus Torvalds #ifdef CONFIG_PROC_FS 688*1da177e4SLinus Torvalds static int selinux_proc_get_sid(struct proc_dir_entry *de, 689*1da177e4SLinus Torvalds u16 tclass, 690*1da177e4SLinus Torvalds u32 *sid) 691*1da177e4SLinus Torvalds { 692*1da177e4SLinus Torvalds int buflen, rc; 693*1da177e4SLinus Torvalds char *buffer, *path, *end; 694*1da177e4SLinus Torvalds 695*1da177e4SLinus Torvalds buffer = (char*)__get_free_page(GFP_KERNEL); 696*1da177e4SLinus Torvalds if (!buffer) 697*1da177e4SLinus Torvalds return -ENOMEM; 698*1da177e4SLinus Torvalds 699*1da177e4SLinus Torvalds buflen = PAGE_SIZE; 700*1da177e4SLinus Torvalds end = buffer+buflen; 701*1da177e4SLinus Torvalds *--end = '\0'; 702*1da177e4SLinus Torvalds buflen--; 703*1da177e4SLinus Torvalds path = end-1; 704*1da177e4SLinus Torvalds *path = '/'; 705*1da177e4SLinus Torvalds while (de && de != de->parent) { 706*1da177e4SLinus Torvalds buflen -= de->namelen + 1; 707*1da177e4SLinus Torvalds if (buflen < 0) 708*1da177e4SLinus Torvalds break; 709*1da177e4SLinus Torvalds end -= de->namelen; 710*1da177e4SLinus Torvalds memcpy(end, de->name, de->namelen); 711*1da177e4SLinus Torvalds *--end = '/'; 712*1da177e4SLinus Torvalds path = end; 713*1da177e4SLinus Torvalds de = de->parent; 714*1da177e4SLinus Torvalds } 715*1da177e4SLinus Torvalds rc = security_genfs_sid("proc", path, tclass, sid); 716*1da177e4SLinus Torvalds free_page((unsigned long)buffer); 717*1da177e4SLinus Torvalds return rc; 718*1da177e4SLinus Torvalds } 719*1da177e4SLinus Torvalds #else 720*1da177e4SLinus Torvalds static int selinux_proc_get_sid(struct proc_dir_entry *de, 721*1da177e4SLinus Torvalds u16 tclass, 722*1da177e4SLinus Torvalds u32 *sid) 723*1da177e4SLinus Torvalds { 724*1da177e4SLinus Torvalds return -EINVAL; 725*1da177e4SLinus Torvalds } 726*1da177e4SLinus Torvalds #endif 727*1da177e4SLinus Torvalds 728*1da177e4SLinus Torvalds /* The inode's security attributes must be initialized before first use. */ 729*1da177e4SLinus Torvalds static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry) 730*1da177e4SLinus Torvalds { 731*1da177e4SLinus Torvalds struct superblock_security_struct *sbsec = NULL; 732*1da177e4SLinus Torvalds struct inode_security_struct *isec = inode->i_security; 733*1da177e4SLinus Torvalds u32 sid; 734*1da177e4SLinus Torvalds struct dentry *dentry; 735*1da177e4SLinus Torvalds #define INITCONTEXTLEN 255 736*1da177e4SLinus Torvalds char *context = NULL; 737*1da177e4SLinus Torvalds unsigned len = 0; 738*1da177e4SLinus Torvalds int rc = 0; 739*1da177e4SLinus Torvalds int hold_sem = 0; 740*1da177e4SLinus Torvalds 741*1da177e4SLinus Torvalds if (isec->initialized) 742*1da177e4SLinus Torvalds goto out; 743*1da177e4SLinus Torvalds 744*1da177e4SLinus Torvalds down(&isec->sem); 745*1da177e4SLinus Torvalds hold_sem = 1; 746*1da177e4SLinus Torvalds if (isec->initialized) 747*1da177e4SLinus Torvalds goto out; 748*1da177e4SLinus Torvalds 749*1da177e4SLinus Torvalds sbsec = inode->i_sb->s_security; 750*1da177e4SLinus Torvalds if (!sbsec->initialized) { 751*1da177e4SLinus Torvalds /* Defer initialization until selinux_complete_init, 752*1da177e4SLinus Torvalds after the initial policy is loaded and the security 753*1da177e4SLinus Torvalds server is ready to handle calls. */ 754*1da177e4SLinus Torvalds spin_lock(&sbsec->isec_lock); 755*1da177e4SLinus Torvalds if (list_empty(&isec->list)) 756*1da177e4SLinus Torvalds list_add(&isec->list, &sbsec->isec_head); 757*1da177e4SLinus Torvalds spin_unlock(&sbsec->isec_lock); 758*1da177e4SLinus Torvalds goto out; 759*1da177e4SLinus Torvalds } 760*1da177e4SLinus Torvalds 761*1da177e4SLinus Torvalds switch (sbsec->behavior) { 762*1da177e4SLinus Torvalds case SECURITY_FS_USE_XATTR: 763*1da177e4SLinus Torvalds if (!inode->i_op->getxattr) { 764*1da177e4SLinus Torvalds isec->sid = sbsec->def_sid; 765*1da177e4SLinus Torvalds break; 766*1da177e4SLinus Torvalds } 767*1da177e4SLinus Torvalds 768*1da177e4SLinus Torvalds /* Need a dentry, since the xattr API requires one. 769*1da177e4SLinus Torvalds Life would be simpler if we could just pass the inode. */ 770*1da177e4SLinus Torvalds if (opt_dentry) { 771*1da177e4SLinus Torvalds /* Called from d_instantiate or d_splice_alias. */ 772*1da177e4SLinus Torvalds dentry = dget(opt_dentry); 773*1da177e4SLinus Torvalds } else { 774*1da177e4SLinus Torvalds /* Called from selinux_complete_init, try to find a dentry. */ 775*1da177e4SLinus Torvalds dentry = d_find_alias(inode); 776*1da177e4SLinus Torvalds } 777*1da177e4SLinus Torvalds if (!dentry) { 778*1da177e4SLinus Torvalds printk(KERN_WARNING "%s: no dentry for dev=%s " 779*1da177e4SLinus Torvalds "ino=%ld\n", __FUNCTION__, inode->i_sb->s_id, 780*1da177e4SLinus Torvalds inode->i_ino); 781*1da177e4SLinus Torvalds goto out; 782*1da177e4SLinus Torvalds } 783*1da177e4SLinus Torvalds 784*1da177e4SLinus Torvalds len = INITCONTEXTLEN; 785*1da177e4SLinus Torvalds context = kmalloc(len, GFP_KERNEL); 786*1da177e4SLinus Torvalds if (!context) { 787*1da177e4SLinus Torvalds rc = -ENOMEM; 788*1da177e4SLinus Torvalds dput(dentry); 789*1da177e4SLinus Torvalds goto out; 790*1da177e4SLinus Torvalds } 791*1da177e4SLinus Torvalds rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX, 792*1da177e4SLinus Torvalds context, len); 793*1da177e4SLinus Torvalds if (rc == -ERANGE) { 794*1da177e4SLinus Torvalds /* Need a larger buffer. Query for the right size. */ 795*1da177e4SLinus Torvalds rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX, 796*1da177e4SLinus Torvalds NULL, 0); 797*1da177e4SLinus Torvalds if (rc < 0) { 798*1da177e4SLinus Torvalds dput(dentry); 799*1da177e4SLinus Torvalds goto out; 800*1da177e4SLinus Torvalds } 801*1da177e4SLinus Torvalds kfree(context); 802*1da177e4SLinus Torvalds len = rc; 803*1da177e4SLinus Torvalds context = kmalloc(len, GFP_KERNEL); 804*1da177e4SLinus Torvalds if (!context) { 805*1da177e4SLinus Torvalds rc = -ENOMEM; 806*1da177e4SLinus Torvalds dput(dentry); 807*1da177e4SLinus Torvalds goto out; 808*1da177e4SLinus Torvalds } 809*1da177e4SLinus Torvalds rc = inode->i_op->getxattr(dentry, 810*1da177e4SLinus Torvalds XATTR_NAME_SELINUX, 811*1da177e4SLinus Torvalds context, len); 812*1da177e4SLinus Torvalds } 813*1da177e4SLinus Torvalds dput(dentry); 814*1da177e4SLinus Torvalds if (rc < 0) { 815*1da177e4SLinus Torvalds if (rc != -ENODATA) { 816*1da177e4SLinus Torvalds printk(KERN_WARNING "%s: getxattr returned " 817*1da177e4SLinus Torvalds "%d for dev=%s ino=%ld\n", __FUNCTION__, 818*1da177e4SLinus Torvalds -rc, inode->i_sb->s_id, inode->i_ino); 819*1da177e4SLinus Torvalds kfree(context); 820*1da177e4SLinus Torvalds goto out; 821*1da177e4SLinus Torvalds } 822*1da177e4SLinus Torvalds /* Map ENODATA to the default file SID */ 823*1da177e4SLinus Torvalds sid = sbsec->def_sid; 824*1da177e4SLinus Torvalds rc = 0; 825*1da177e4SLinus Torvalds } else { 826*1da177e4SLinus Torvalds rc = security_context_to_sid(context, rc, &sid); 827*1da177e4SLinus Torvalds if (rc) { 828*1da177e4SLinus Torvalds printk(KERN_WARNING "%s: context_to_sid(%s) " 829*1da177e4SLinus Torvalds "returned %d for dev=%s ino=%ld\n", 830*1da177e4SLinus Torvalds __FUNCTION__, context, -rc, 831*1da177e4SLinus Torvalds inode->i_sb->s_id, inode->i_ino); 832*1da177e4SLinus Torvalds kfree(context); 833*1da177e4SLinus Torvalds /* Leave with the unlabeled SID */ 834*1da177e4SLinus Torvalds rc = 0; 835*1da177e4SLinus Torvalds break; 836*1da177e4SLinus Torvalds } 837*1da177e4SLinus Torvalds } 838*1da177e4SLinus Torvalds kfree(context); 839*1da177e4SLinus Torvalds isec->sid = sid; 840*1da177e4SLinus Torvalds break; 841*1da177e4SLinus Torvalds case SECURITY_FS_USE_TASK: 842*1da177e4SLinus Torvalds isec->sid = isec->task_sid; 843*1da177e4SLinus Torvalds break; 844*1da177e4SLinus Torvalds case SECURITY_FS_USE_TRANS: 845*1da177e4SLinus Torvalds /* Default to the fs SID. */ 846*1da177e4SLinus Torvalds isec->sid = sbsec->sid; 847*1da177e4SLinus Torvalds 848*1da177e4SLinus Torvalds /* Try to obtain a transition SID. */ 849*1da177e4SLinus Torvalds isec->sclass = inode_mode_to_security_class(inode->i_mode); 850*1da177e4SLinus Torvalds rc = security_transition_sid(isec->task_sid, 851*1da177e4SLinus Torvalds sbsec->sid, 852*1da177e4SLinus Torvalds isec->sclass, 853*1da177e4SLinus Torvalds &sid); 854*1da177e4SLinus Torvalds if (rc) 855*1da177e4SLinus Torvalds goto out; 856*1da177e4SLinus Torvalds isec->sid = sid; 857*1da177e4SLinus Torvalds break; 858*1da177e4SLinus Torvalds default: 859*1da177e4SLinus Torvalds /* Default to the fs SID. */ 860*1da177e4SLinus Torvalds isec->sid = sbsec->sid; 861*1da177e4SLinus Torvalds 862*1da177e4SLinus Torvalds if (sbsec->proc) { 863*1da177e4SLinus Torvalds struct proc_inode *proci = PROC_I(inode); 864*1da177e4SLinus Torvalds if (proci->pde) { 865*1da177e4SLinus Torvalds isec->sclass = inode_mode_to_security_class(inode->i_mode); 866*1da177e4SLinus Torvalds rc = selinux_proc_get_sid(proci->pde, 867*1da177e4SLinus Torvalds isec->sclass, 868*1da177e4SLinus Torvalds &sid); 869*1da177e4SLinus Torvalds if (rc) 870*1da177e4SLinus Torvalds goto out; 871*1da177e4SLinus Torvalds isec->sid = sid; 872*1da177e4SLinus Torvalds } 873*1da177e4SLinus Torvalds } 874*1da177e4SLinus Torvalds break; 875*1da177e4SLinus Torvalds } 876*1da177e4SLinus Torvalds 877*1da177e4SLinus Torvalds isec->initialized = 1; 878*1da177e4SLinus Torvalds 879*1da177e4SLinus Torvalds out: 880*1da177e4SLinus Torvalds if (isec->sclass == SECCLASS_FILE) 881*1da177e4SLinus Torvalds isec->sclass = inode_mode_to_security_class(inode->i_mode); 882*1da177e4SLinus Torvalds 883*1da177e4SLinus Torvalds if (hold_sem) 884*1da177e4SLinus Torvalds up(&isec->sem); 885*1da177e4SLinus Torvalds return rc; 886*1da177e4SLinus Torvalds } 887*1da177e4SLinus Torvalds 888*1da177e4SLinus Torvalds /* Convert a Linux signal to an access vector. */ 889*1da177e4SLinus Torvalds static inline u32 signal_to_av(int sig) 890*1da177e4SLinus Torvalds { 891*1da177e4SLinus Torvalds u32 perm = 0; 892*1da177e4SLinus Torvalds 893*1da177e4SLinus Torvalds switch (sig) { 894*1da177e4SLinus Torvalds case SIGCHLD: 895*1da177e4SLinus Torvalds /* Commonly granted from child to parent. */ 896*1da177e4SLinus Torvalds perm = PROCESS__SIGCHLD; 897*1da177e4SLinus Torvalds break; 898*1da177e4SLinus Torvalds case SIGKILL: 899*1da177e4SLinus Torvalds /* Cannot be caught or ignored */ 900*1da177e4SLinus Torvalds perm = PROCESS__SIGKILL; 901*1da177e4SLinus Torvalds break; 902*1da177e4SLinus Torvalds case SIGSTOP: 903*1da177e4SLinus Torvalds /* Cannot be caught or ignored */ 904*1da177e4SLinus Torvalds perm = PROCESS__SIGSTOP; 905*1da177e4SLinus Torvalds break; 906*1da177e4SLinus Torvalds default: 907*1da177e4SLinus Torvalds /* All other signals. */ 908*1da177e4SLinus Torvalds perm = PROCESS__SIGNAL; 909*1da177e4SLinus Torvalds break; 910*1da177e4SLinus Torvalds } 911*1da177e4SLinus Torvalds 912*1da177e4SLinus Torvalds return perm; 913*1da177e4SLinus Torvalds } 914*1da177e4SLinus Torvalds 915*1da177e4SLinus Torvalds /* Check permission betweeen a pair of tasks, e.g. signal checks, 916*1da177e4SLinus Torvalds fork check, ptrace check, etc. */ 917*1da177e4SLinus Torvalds static int task_has_perm(struct task_struct *tsk1, 918*1da177e4SLinus Torvalds struct task_struct *tsk2, 919*1da177e4SLinus Torvalds u32 perms) 920*1da177e4SLinus Torvalds { 921*1da177e4SLinus Torvalds struct task_security_struct *tsec1, *tsec2; 922*1da177e4SLinus Torvalds 923*1da177e4SLinus Torvalds tsec1 = tsk1->security; 924*1da177e4SLinus Torvalds tsec2 = tsk2->security; 925*1da177e4SLinus Torvalds return avc_has_perm(tsec1->sid, tsec2->sid, 926*1da177e4SLinus Torvalds SECCLASS_PROCESS, perms, NULL); 927*1da177e4SLinus Torvalds } 928*1da177e4SLinus Torvalds 929*1da177e4SLinus Torvalds /* Check whether a task is allowed to use a capability. */ 930*1da177e4SLinus Torvalds static int task_has_capability(struct task_struct *tsk, 931*1da177e4SLinus Torvalds int cap) 932*1da177e4SLinus Torvalds { 933*1da177e4SLinus Torvalds struct task_security_struct *tsec; 934*1da177e4SLinus Torvalds struct avc_audit_data ad; 935*1da177e4SLinus Torvalds 936*1da177e4SLinus Torvalds tsec = tsk->security; 937*1da177e4SLinus Torvalds 938*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad,CAP); 939*1da177e4SLinus Torvalds ad.tsk = tsk; 940*1da177e4SLinus Torvalds ad.u.cap = cap; 941*1da177e4SLinus Torvalds 942*1da177e4SLinus Torvalds return avc_has_perm(tsec->sid, tsec->sid, 943*1da177e4SLinus Torvalds SECCLASS_CAPABILITY, CAP_TO_MASK(cap), &ad); 944*1da177e4SLinus Torvalds } 945*1da177e4SLinus Torvalds 946*1da177e4SLinus Torvalds /* Check whether a task is allowed to use a system operation. */ 947*1da177e4SLinus Torvalds static int task_has_system(struct task_struct *tsk, 948*1da177e4SLinus Torvalds u32 perms) 949*1da177e4SLinus Torvalds { 950*1da177e4SLinus Torvalds struct task_security_struct *tsec; 951*1da177e4SLinus Torvalds 952*1da177e4SLinus Torvalds tsec = tsk->security; 953*1da177e4SLinus Torvalds 954*1da177e4SLinus Torvalds return avc_has_perm(tsec->sid, SECINITSID_KERNEL, 955*1da177e4SLinus Torvalds SECCLASS_SYSTEM, perms, NULL); 956*1da177e4SLinus Torvalds } 957*1da177e4SLinus Torvalds 958*1da177e4SLinus Torvalds /* Check whether a task has a particular permission to an inode. 959*1da177e4SLinus Torvalds The 'adp' parameter is optional and allows other audit 960*1da177e4SLinus Torvalds data to be passed (e.g. the dentry). */ 961*1da177e4SLinus Torvalds static int inode_has_perm(struct task_struct *tsk, 962*1da177e4SLinus Torvalds struct inode *inode, 963*1da177e4SLinus Torvalds u32 perms, 964*1da177e4SLinus Torvalds struct avc_audit_data *adp) 965*1da177e4SLinus Torvalds { 966*1da177e4SLinus Torvalds struct task_security_struct *tsec; 967*1da177e4SLinus Torvalds struct inode_security_struct *isec; 968*1da177e4SLinus Torvalds struct avc_audit_data ad; 969*1da177e4SLinus Torvalds 970*1da177e4SLinus Torvalds tsec = tsk->security; 971*1da177e4SLinus Torvalds isec = inode->i_security; 972*1da177e4SLinus Torvalds 973*1da177e4SLinus Torvalds if (!adp) { 974*1da177e4SLinus Torvalds adp = &ad; 975*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad, FS); 976*1da177e4SLinus Torvalds ad.u.fs.inode = inode; 977*1da177e4SLinus Torvalds } 978*1da177e4SLinus Torvalds 979*1da177e4SLinus Torvalds return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, adp); 980*1da177e4SLinus Torvalds } 981*1da177e4SLinus Torvalds 982*1da177e4SLinus Torvalds /* Same as inode_has_perm, but pass explicit audit data containing 983*1da177e4SLinus Torvalds the dentry to help the auditing code to more easily generate the 984*1da177e4SLinus Torvalds pathname if needed. */ 985*1da177e4SLinus Torvalds static inline int dentry_has_perm(struct task_struct *tsk, 986*1da177e4SLinus Torvalds struct vfsmount *mnt, 987*1da177e4SLinus Torvalds struct dentry *dentry, 988*1da177e4SLinus Torvalds u32 av) 989*1da177e4SLinus Torvalds { 990*1da177e4SLinus Torvalds struct inode *inode = dentry->d_inode; 991*1da177e4SLinus Torvalds struct avc_audit_data ad; 992*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad,FS); 993*1da177e4SLinus Torvalds ad.u.fs.mnt = mnt; 994*1da177e4SLinus Torvalds ad.u.fs.dentry = dentry; 995*1da177e4SLinus Torvalds return inode_has_perm(tsk, inode, av, &ad); 996*1da177e4SLinus Torvalds } 997*1da177e4SLinus Torvalds 998*1da177e4SLinus Torvalds /* Check whether a task can use an open file descriptor to 999*1da177e4SLinus Torvalds access an inode in a given way. Check access to the 1000*1da177e4SLinus Torvalds descriptor itself, and then use dentry_has_perm to 1001*1da177e4SLinus Torvalds check a particular permission to the file. 1002*1da177e4SLinus Torvalds Access to the descriptor is implicitly granted if it 1003*1da177e4SLinus Torvalds has the same SID as the process. If av is zero, then 1004*1da177e4SLinus Torvalds access to the file is not checked, e.g. for cases 1005*1da177e4SLinus Torvalds where only the descriptor is affected like seek. */ 1006*1da177e4SLinus Torvalds static inline int file_has_perm(struct task_struct *tsk, 1007*1da177e4SLinus Torvalds struct file *file, 1008*1da177e4SLinus Torvalds u32 av) 1009*1da177e4SLinus Torvalds { 1010*1da177e4SLinus Torvalds struct task_security_struct *tsec = tsk->security; 1011*1da177e4SLinus Torvalds struct file_security_struct *fsec = file->f_security; 1012*1da177e4SLinus Torvalds struct vfsmount *mnt = file->f_vfsmnt; 1013*1da177e4SLinus Torvalds struct dentry *dentry = file->f_dentry; 1014*1da177e4SLinus Torvalds struct inode *inode = dentry->d_inode; 1015*1da177e4SLinus Torvalds struct avc_audit_data ad; 1016*1da177e4SLinus Torvalds int rc; 1017*1da177e4SLinus Torvalds 1018*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad, FS); 1019*1da177e4SLinus Torvalds ad.u.fs.mnt = mnt; 1020*1da177e4SLinus Torvalds ad.u.fs.dentry = dentry; 1021*1da177e4SLinus Torvalds 1022*1da177e4SLinus Torvalds if (tsec->sid != fsec->sid) { 1023*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->sid, fsec->sid, 1024*1da177e4SLinus Torvalds SECCLASS_FD, 1025*1da177e4SLinus Torvalds FD__USE, 1026*1da177e4SLinus Torvalds &ad); 1027*1da177e4SLinus Torvalds if (rc) 1028*1da177e4SLinus Torvalds return rc; 1029*1da177e4SLinus Torvalds } 1030*1da177e4SLinus Torvalds 1031*1da177e4SLinus Torvalds /* av is zero if only checking access to the descriptor. */ 1032*1da177e4SLinus Torvalds if (av) 1033*1da177e4SLinus Torvalds return inode_has_perm(tsk, inode, av, &ad); 1034*1da177e4SLinus Torvalds 1035*1da177e4SLinus Torvalds return 0; 1036*1da177e4SLinus Torvalds } 1037*1da177e4SLinus Torvalds 1038*1da177e4SLinus Torvalds /* Check whether a task can create a file. */ 1039*1da177e4SLinus Torvalds static int may_create(struct inode *dir, 1040*1da177e4SLinus Torvalds struct dentry *dentry, 1041*1da177e4SLinus Torvalds u16 tclass) 1042*1da177e4SLinus Torvalds { 1043*1da177e4SLinus Torvalds struct task_security_struct *tsec; 1044*1da177e4SLinus Torvalds struct inode_security_struct *dsec; 1045*1da177e4SLinus Torvalds struct superblock_security_struct *sbsec; 1046*1da177e4SLinus Torvalds u32 newsid; 1047*1da177e4SLinus Torvalds struct avc_audit_data ad; 1048*1da177e4SLinus Torvalds int rc; 1049*1da177e4SLinus Torvalds 1050*1da177e4SLinus Torvalds tsec = current->security; 1051*1da177e4SLinus Torvalds dsec = dir->i_security; 1052*1da177e4SLinus Torvalds sbsec = dir->i_sb->s_security; 1053*1da177e4SLinus Torvalds 1054*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad, FS); 1055*1da177e4SLinus Torvalds ad.u.fs.dentry = dentry; 1056*1da177e4SLinus Torvalds 1057*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR, 1058*1da177e4SLinus Torvalds DIR__ADD_NAME | DIR__SEARCH, 1059*1da177e4SLinus Torvalds &ad); 1060*1da177e4SLinus Torvalds if (rc) 1061*1da177e4SLinus Torvalds return rc; 1062*1da177e4SLinus Torvalds 1063*1da177e4SLinus Torvalds if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) { 1064*1da177e4SLinus Torvalds newsid = tsec->create_sid; 1065*1da177e4SLinus Torvalds } else { 1066*1da177e4SLinus Torvalds rc = security_transition_sid(tsec->sid, dsec->sid, tclass, 1067*1da177e4SLinus Torvalds &newsid); 1068*1da177e4SLinus Torvalds if (rc) 1069*1da177e4SLinus Torvalds return rc; 1070*1da177e4SLinus Torvalds } 1071*1da177e4SLinus Torvalds 1072*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->sid, newsid, tclass, FILE__CREATE, &ad); 1073*1da177e4SLinus Torvalds if (rc) 1074*1da177e4SLinus Torvalds return rc; 1075*1da177e4SLinus Torvalds 1076*1da177e4SLinus Torvalds return avc_has_perm(newsid, sbsec->sid, 1077*1da177e4SLinus Torvalds SECCLASS_FILESYSTEM, 1078*1da177e4SLinus Torvalds FILESYSTEM__ASSOCIATE, &ad); 1079*1da177e4SLinus Torvalds } 1080*1da177e4SLinus Torvalds 1081*1da177e4SLinus Torvalds #define MAY_LINK 0 1082*1da177e4SLinus Torvalds #define MAY_UNLINK 1 1083*1da177e4SLinus Torvalds #define MAY_RMDIR 2 1084*1da177e4SLinus Torvalds 1085*1da177e4SLinus Torvalds /* Check whether a task can link, unlink, or rmdir a file/directory. */ 1086*1da177e4SLinus Torvalds static int may_link(struct inode *dir, 1087*1da177e4SLinus Torvalds struct dentry *dentry, 1088*1da177e4SLinus Torvalds int kind) 1089*1da177e4SLinus Torvalds 1090*1da177e4SLinus Torvalds { 1091*1da177e4SLinus Torvalds struct task_security_struct *tsec; 1092*1da177e4SLinus Torvalds struct inode_security_struct *dsec, *isec; 1093*1da177e4SLinus Torvalds struct avc_audit_data ad; 1094*1da177e4SLinus Torvalds u32 av; 1095*1da177e4SLinus Torvalds int rc; 1096*1da177e4SLinus Torvalds 1097*1da177e4SLinus Torvalds tsec = current->security; 1098*1da177e4SLinus Torvalds dsec = dir->i_security; 1099*1da177e4SLinus Torvalds isec = dentry->d_inode->i_security; 1100*1da177e4SLinus Torvalds 1101*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad, FS); 1102*1da177e4SLinus Torvalds ad.u.fs.dentry = dentry; 1103*1da177e4SLinus Torvalds 1104*1da177e4SLinus Torvalds av = DIR__SEARCH; 1105*1da177e4SLinus Torvalds av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME); 1106*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR, av, &ad); 1107*1da177e4SLinus Torvalds if (rc) 1108*1da177e4SLinus Torvalds return rc; 1109*1da177e4SLinus Torvalds 1110*1da177e4SLinus Torvalds switch (kind) { 1111*1da177e4SLinus Torvalds case MAY_LINK: 1112*1da177e4SLinus Torvalds av = FILE__LINK; 1113*1da177e4SLinus Torvalds break; 1114*1da177e4SLinus Torvalds case MAY_UNLINK: 1115*1da177e4SLinus Torvalds av = FILE__UNLINK; 1116*1da177e4SLinus Torvalds break; 1117*1da177e4SLinus Torvalds case MAY_RMDIR: 1118*1da177e4SLinus Torvalds av = DIR__RMDIR; 1119*1da177e4SLinus Torvalds break; 1120*1da177e4SLinus Torvalds default: 1121*1da177e4SLinus Torvalds printk(KERN_WARNING "may_link: unrecognized kind %d\n", kind); 1122*1da177e4SLinus Torvalds return 0; 1123*1da177e4SLinus Torvalds } 1124*1da177e4SLinus Torvalds 1125*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass, av, &ad); 1126*1da177e4SLinus Torvalds return rc; 1127*1da177e4SLinus Torvalds } 1128*1da177e4SLinus Torvalds 1129*1da177e4SLinus Torvalds static inline int may_rename(struct inode *old_dir, 1130*1da177e4SLinus Torvalds struct dentry *old_dentry, 1131*1da177e4SLinus Torvalds struct inode *new_dir, 1132*1da177e4SLinus Torvalds struct dentry *new_dentry) 1133*1da177e4SLinus Torvalds { 1134*1da177e4SLinus Torvalds struct task_security_struct *tsec; 1135*1da177e4SLinus Torvalds struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec; 1136*1da177e4SLinus Torvalds struct avc_audit_data ad; 1137*1da177e4SLinus Torvalds u32 av; 1138*1da177e4SLinus Torvalds int old_is_dir, new_is_dir; 1139*1da177e4SLinus Torvalds int rc; 1140*1da177e4SLinus Torvalds 1141*1da177e4SLinus Torvalds tsec = current->security; 1142*1da177e4SLinus Torvalds old_dsec = old_dir->i_security; 1143*1da177e4SLinus Torvalds old_isec = old_dentry->d_inode->i_security; 1144*1da177e4SLinus Torvalds old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode); 1145*1da177e4SLinus Torvalds new_dsec = new_dir->i_security; 1146*1da177e4SLinus Torvalds 1147*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad, FS); 1148*1da177e4SLinus Torvalds 1149*1da177e4SLinus Torvalds ad.u.fs.dentry = old_dentry; 1150*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->sid, old_dsec->sid, SECCLASS_DIR, 1151*1da177e4SLinus Torvalds DIR__REMOVE_NAME | DIR__SEARCH, &ad); 1152*1da177e4SLinus Torvalds if (rc) 1153*1da177e4SLinus Torvalds return rc; 1154*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->sid, old_isec->sid, 1155*1da177e4SLinus Torvalds old_isec->sclass, FILE__RENAME, &ad); 1156*1da177e4SLinus Torvalds if (rc) 1157*1da177e4SLinus Torvalds return rc; 1158*1da177e4SLinus Torvalds if (old_is_dir && new_dir != old_dir) { 1159*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->sid, old_isec->sid, 1160*1da177e4SLinus Torvalds old_isec->sclass, DIR__REPARENT, &ad); 1161*1da177e4SLinus Torvalds if (rc) 1162*1da177e4SLinus Torvalds return rc; 1163*1da177e4SLinus Torvalds } 1164*1da177e4SLinus Torvalds 1165*1da177e4SLinus Torvalds ad.u.fs.dentry = new_dentry; 1166*1da177e4SLinus Torvalds av = DIR__ADD_NAME | DIR__SEARCH; 1167*1da177e4SLinus Torvalds if (new_dentry->d_inode) 1168*1da177e4SLinus Torvalds av |= DIR__REMOVE_NAME; 1169*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->sid, new_dsec->sid, SECCLASS_DIR, av, &ad); 1170*1da177e4SLinus Torvalds if (rc) 1171*1da177e4SLinus Torvalds return rc; 1172*1da177e4SLinus Torvalds if (new_dentry->d_inode) { 1173*1da177e4SLinus Torvalds new_isec = new_dentry->d_inode->i_security; 1174*1da177e4SLinus Torvalds new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode); 1175*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->sid, new_isec->sid, 1176*1da177e4SLinus Torvalds new_isec->sclass, 1177*1da177e4SLinus Torvalds (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad); 1178*1da177e4SLinus Torvalds if (rc) 1179*1da177e4SLinus Torvalds return rc; 1180*1da177e4SLinus Torvalds } 1181*1da177e4SLinus Torvalds 1182*1da177e4SLinus Torvalds return 0; 1183*1da177e4SLinus Torvalds } 1184*1da177e4SLinus Torvalds 1185*1da177e4SLinus Torvalds /* Check whether a task can perform a filesystem operation. */ 1186*1da177e4SLinus Torvalds static int superblock_has_perm(struct task_struct *tsk, 1187*1da177e4SLinus Torvalds struct super_block *sb, 1188*1da177e4SLinus Torvalds u32 perms, 1189*1da177e4SLinus Torvalds struct avc_audit_data *ad) 1190*1da177e4SLinus Torvalds { 1191*1da177e4SLinus Torvalds struct task_security_struct *tsec; 1192*1da177e4SLinus Torvalds struct superblock_security_struct *sbsec; 1193*1da177e4SLinus Torvalds 1194*1da177e4SLinus Torvalds tsec = tsk->security; 1195*1da177e4SLinus Torvalds sbsec = sb->s_security; 1196*1da177e4SLinus Torvalds return avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, 1197*1da177e4SLinus Torvalds perms, ad); 1198*1da177e4SLinus Torvalds } 1199*1da177e4SLinus Torvalds 1200*1da177e4SLinus Torvalds /* Convert a Linux mode and permission mask to an access vector. */ 1201*1da177e4SLinus Torvalds static inline u32 file_mask_to_av(int mode, int mask) 1202*1da177e4SLinus Torvalds { 1203*1da177e4SLinus Torvalds u32 av = 0; 1204*1da177e4SLinus Torvalds 1205*1da177e4SLinus Torvalds if ((mode & S_IFMT) != S_IFDIR) { 1206*1da177e4SLinus Torvalds if (mask & MAY_EXEC) 1207*1da177e4SLinus Torvalds av |= FILE__EXECUTE; 1208*1da177e4SLinus Torvalds if (mask & MAY_READ) 1209*1da177e4SLinus Torvalds av |= FILE__READ; 1210*1da177e4SLinus Torvalds 1211*1da177e4SLinus Torvalds if (mask & MAY_APPEND) 1212*1da177e4SLinus Torvalds av |= FILE__APPEND; 1213*1da177e4SLinus Torvalds else if (mask & MAY_WRITE) 1214*1da177e4SLinus Torvalds av |= FILE__WRITE; 1215*1da177e4SLinus Torvalds 1216*1da177e4SLinus Torvalds } else { 1217*1da177e4SLinus Torvalds if (mask & MAY_EXEC) 1218*1da177e4SLinus Torvalds av |= DIR__SEARCH; 1219*1da177e4SLinus Torvalds if (mask & MAY_WRITE) 1220*1da177e4SLinus Torvalds av |= DIR__WRITE; 1221*1da177e4SLinus Torvalds if (mask & MAY_READ) 1222*1da177e4SLinus Torvalds av |= DIR__READ; 1223*1da177e4SLinus Torvalds } 1224*1da177e4SLinus Torvalds 1225*1da177e4SLinus Torvalds return av; 1226*1da177e4SLinus Torvalds } 1227*1da177e4SLinus Torvalds 1228*1da177e4SLinus Torvalds /* Convert a Linux file to an access vector. */ 1229*1da177e4SLinus Torvalds static inline u32 file_to_av(struct file *file) 1230*1da177e4SLinus Torvalds { 1231*1da177e4SLinus Torvalds u32 av = 0; 1232*1da177e4SLinus Torvalds 1233*1da177e4SLinus Torvalds if (file->f_mode & FMODE_READ) 1234*1da177e4SLinus Torvalds av |= FILE__READ; 1235*1da177e4SLinus Torvalds if (file->f_mode & FMODE_WRITE) { 1236*1da177e4SLinus Torvalds if (file->f_flags & O_APPEND) 1237*1da177e4SLinus Torvalds av |= FILE__APPEND; 1238*1da177e4SLinus Torvalds else 1239*1da177e4SLinus Torvalds av |= FILE__WRITE; 1240*1da177e4SLinus Torvalds } 1241*1da177e4SLinus Torvalds 1242*1da177e4SLinus Torvalds return av; 1243*1da177e4SLinus Torvalds } 1244*1da177e4SLinus Torvalds 1245*1da177e4SLinus Torvalds /* Set an inode's SID to a specified value. */ 1246*1da177e4SLinus Torvalds static int inode_security_set_sid(struct inode *inode, u32 sid) 1247*1da177e4SLinus Torvalds { 1248*1da177e4SLinus Torvalds struct inode_security_struct *isec = inode->i_security; 1249*1da177e4SLinus Torvalds struct superblock_security_struct *sbsec = inode->i_sb->s_security; 1250*1da177e4SLinus Torvalds 1251*1da177e4SLinus Torvalds if (!sbsec->initialized) { 1252*1da177e4SLinus Torvalds /* Defer initialization to selinux_complete_init. */ 1253*1da177e4SLinus Torvalds return 0; 1254*1da177e4SLinus Torvalds } 1255*1da177e4SLinus Torvalds 1256*1da177e4SLinus Torvalds down(&isec->sem); 1257*1da177e4SLinus Torvalds isec->sclass = inode_mode_to_security_class(inode->i_mode); 1258*1da177e4SLinus Torvalds isec->sid = sid; 1259*1da177e4SLinus Torvalds isec->initialized = 1; 1260*1da177e4SLinus Torvalds up(&isec->sem); 1261*1da177e4SLinus Torvalds return 0; 1262*1da177e4SLinus Torvalds } 1263*1da177e4SLinus Torvalds 1264*1da177e4SLinus Torvalds /* Set the security attributes on a newly created file. */ 1265*1da177e4SLinus Torvalds static int post_create(struct inode *dir, 1266*1da177e4SLinus Torvalds struct dentry *dentry) 1267*1da177e4SLinus Torvalds { 1268*1da177e4SLinus Torvalds 1269*1da177e4SLinus Torvalds struct task_security_struct *tsec; 1270*1da177e4SLinus Torvalds struct inode *inode; 1271*1da177e4SLinus Torvalds struct inode_security_struct *dsec; 1272*1da177e4SLinus Torvalds struct superblock_security_struct *sbsec; 1273*1da177e4SLinus Torvalds u32 newsid; 1274*1da177e4SLinus Torvalds char *context; 1275*1da177e4SLinus Torvalds unsigned int len; 1276*1da177e4SLinus Torvalds int rc; 1277*1da177e4SLinus Torvalds 1278*1da177e4SLinus Torvalds tsec = current->security; 1279*1da177e4SLinus Torvalds dsec = dir->i_security; 1280*1da177e4SLinus Torvalds sbsec = dir->i_sb->s_security; 1281*1da177e4SLinus Torvalds 1282*1da177e4SLinus Torvalds inode = dentry->d_inode; 1283*1da177e4SLinus Torvalds if (!inode) { 1284*1da177e4SLinus Torvalds /* Some file system types (e.g. NFS) may not instantiate 1285*1da177e4SLinus Torvalds a dentry for all create operations (e.g. symlink), 1286*1da177e4SLinus Torvalds so we have to check to see if the inode is non-NULL. */ 1287*1da177e4SLinus Torvalds printk(KERN_WARNING "post_create: no inode, dir (dev=%s, " 1288*1da177e4SLinus Torvalds "ino=%ld)\n", dir->i_sb->s_id, dir->i_ino); 1289*1da177e4SLinus Torvalds return 0; 1290*1da177e4SLinus Torvalds } 1291*1da177e4SLinus Torvalds 1292*1da177e4SLinus Torvalds if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) { 1293*1da177e4SLinus Torvalds newsid = tsec->create_sid; 1294*1da177e4SLinus Torvalds } else { 1295*1da177e4SLinus Torvalds rc = security_transition_sid(tsec->sid, dsec->sid, 1296*1da177e4SLinus Torvalds inode_mode_to_security_class(inode->i_mode), 1297*1da177e4SLinus Torvalds &newsid); 1298*1da177e4SLinus Torvalds if (rc) { 1299*1da177e4SLinus Torvalds printk(KERN_WARNING "post_create: " 1300*1da177e4SLinus Torvalds "security_transition_sid failed, rc=%d (dev=%s " 1301*1da177e4SLinus Torvalds "ino=%ld)\n", 1302*1da177e4SLinus Torvalds -rc, inode->i_sb->s_id, inode->i_ino); 1303*1da177e4SLinus Torvalds return rc; 1304*1da177e4SLinus Torvalds } 1305*1da177e4SLinus Torvalds } 1306*1da177e4SLinus Torvalds 1307*1da177e4SLinus Torvalds rc = inode_security_set_sid(inode, newsid); 1308*1da177e4SLinus Torvalds if (rc) { 1309*1da177e4SLinus Torvalds printk(KERN_WARNING "post_create: inode_security_set_sid " 1310*1da177e4SLinus Torvalds "failed, rc=%d (dev=%s ino=%ld)\n", 1311*1da177e4SLinus Torvalds -rc, inode->i_sb->s_id, inode->i_ino); 1312*1da177e4SLinus Torvalds return rc; 1313*1da177e4SLinus Torvalds } 1314*1da177e4SLinus Torvalds 1315*1da177e4SLinus Torvalds if (sbsec->behavior == SECURITY_FS_USE_XATTR && 1316*1da177e4SLinus Torvalds inode->i_op->setxattr) { 1317*1da177e4SLinus Torvalds /* Use extended attributes. */ 1318*1da177e4SLinus Torvalds rc = security_sid_to_context(newsid, &context, &len); 1319*1da177e4SLinus Torvalds if (rc) { 1320*1da177e4SLinus Torvalds printk(KERN_WARNING "post_create: sid_to_context " 1321*1da177e4SLinus Torvalds "failed, rc=%d (dev=%s ino=%ld)\n", 1322*1da177e4SLinus Torvalds -rc, inode->i_sb->s_id, inode->i_ino); 1323*1da177e4SLinus Torvalds return rc; 1324*1da177e4SLinus Torvalds } 1325*1da177e4SLinus Torvalds down(&inode->i_sem); 1326*1da177e4SLinus Torvalds rc = inode->i_op->setxattr(dentry, 1327*1da177e4SLinus Torvalds XATTR_NAME_SELINUX, 1328*1da177e4SLinus Torvalds context, len, 0); 1329*1da177e4SLinus Torvalds up(&inode->i_sem); 1330*1da177e4SLinus Torvalds kfree(context); 1331*1da177e4SLinus Torvalds if (rc < 0) { 1332*1da177e4SLinus Torvalds printk(KERN_WARNING "post_create: setxattr failed, " 1333*1da177e4SLinus Torvalds "rc=%d (dev=%s ino=%ld)\n", 1334*1da177e4SLinus Torvalds -rc, inode->i_sb->s_id, inode->i_ino); 1335*1da177e4SLinus Torvalds return rc; 1336*1da177e4SLinus Torvalds } 1337*1da177e4SLinus Torvalds } 1338*1da177e4SLinus Torvalds 1339*1da177e4SLinus Torvalds return 0; 1340*1da177e4SLinus Torvalds } 1341*1da177e4SLinus Torvalds 1342*1da177e4SLinus Torvalds 1343*1da177e4SLinus Torvalds /* Hook functions begin here. */ 1344*1da177e4SLinus Torvalds 1345*1da177e4SLinus Torvalds static int selinux_ptrace(struct task_struct *parent, struct task_struct *child) 1346*1da177e4SLinus Torvalds { 1347*1da177e4SLinus Torvalds struct task_security_struct *psec = parent->security; 1348*1da177e4SLinus Torvalds struct task_security_struct *csec = child->security; 1349*1da177e4SLinus Torvalds int rc; 1350*1da177e4SLinus Torvalds 1351*1da177e4SLinus Torvalds rc = secondary_ops->ptrace(parent,child); 1352*1da177e4SLinus Torvalds if (rc) 1353*1da177e4SLinus Torvalds return rc; 1354*1da177e4SLinus Torvalds 1355*1da177e4SLinus Torvalds rc = task_has_perm(parent, child, PROCESS__PTRACE); 1356*1da177e4SLinus Torvalds /* Save the SID of the tracing process for later use in apply_creds. */ 1357*1da177e4SLinus Torvalds if (!rc) 1358*1da177e4SLinus Torvalds csec->ptrace_sid = psec->sid; 1359*1da177e4SLinus Torvalds return rc; 1360*1da177e4SLinus Torvalds } 1361*1da177e4SLinus Torvalds 1362*1da177e4SLinus Torvalds static int selinux_capget(struct task_struct *target, kernel_cap_t *effective, 1363*1da177e4SLinus Torvalds kernel_cap_t *inheritable, kernel_cap_t *permitted) 1364*1da177e4SLinus Torvalds { 1365*1da177e4SLinus Torvalds int error; 1366*1da177e4SLinus Torvalds 1367*1da177e4SLinus Torvalds error = task_has_perm(current, target, PROCESS__GETCAP); 1368*1da177e4SLinus Torvalds if (error) 1369*1da177e4SLinus Torvalds return error; 1370*1da177e4SLinus Torvalds 1371*1da177e4SLinus Torvalds return secondary_ops->capget(target, effective, inheritable, permitted); 1372*1da177e4SLinus Torvalds } 1373*1da177e4SLinus Torvalds 1374*1da177e4SLinus Torvalds static int selinux_capset_check(struct task_struct *target, kernel_cap_t *effective, 1375*1da177e4SLinus Torvalds kernel_cap_t *inheritable, kernel_cap_t *permitted) 1376*1da177e4SLinus Torvalds { 1377*1da177e4SLinus Torvalds int error; 1378*1da177e4SLinus Torvalds 1379*1da177e4SLinus Torvalds error = secondary_ops->capset_check(target, effective, inheritable, permitted); 1380*1da177e4SLinus Torvalds if (error) 1381*1da177e4SLinus Torvalds return error; 1382*1da177e4SLinus Torvalds 1383*1da177e4SLinus Torvalds return task_has_perm(current, target, PROCESS__SETCAP); 1384*1da177e4SLinus Torvalds } 1385*1da177e4SLinus Torvalds 1386*1da177e4SLinus Torvalds static void selinux_capset_set(struct task_struct *target, kernel_cap_t *effective, 1387*1da177e4SLinus Torvalds kernel_cap_t *inheritable, kernel_cap_t *permitted) 1388*1da177e4SLinus Torvalds { 1389*1da177e4SLinus Torvalds secondary_ops->capset_set(target, effective, inheritable, permitted); 1390*1da177e4SLinus Torvalds } 1391*1da177e4SLinus Torvalds 1392*1da177e4SLinus Torvalds static int selinux_capable(struct task_struct *tsk, int cap) 1393*1da177e4SLinus Torvalds { 1394*1da177e4SLinus Torvalds int rc; 1395*1da177e4SLinus Torvalds 1396*1da177e4SLinus Torvalds rc = secondary_ops->capable(tsk, cap); 1397*1da177e4SLinus Torvalds if (rc) 1398*1da177e4SLinus Torvalds return rc; 1399*1da177e4SLinus Torvalds 1400*1da177e4SLinus Torvalds return task_has_capability(tsk,cap); 1401*1da177e4SLinus Torvalds } 1402*1da177e4SLinus Torvalds 1403*1da177e4SLinus Torvalds static int selinux_sysctl(ctl_table *table, int op) 1404*1da177e4SLinus Torvalds { 1405*1da177e4SLinus Torvalds int error = 0; 1406*1da177e4SLinus Torvalds u32 av; 1407*1da177e4SLinus Torvalds struct task_security_struct *tsec; 1408*1da177e4SLinus Torvalds u32 tsid; 1409*1da177e4SLinus Torvalds int rc; 1410*1da177e4SLinus Torvalds 1411*1da177e4SLinus Torvalds rc = secondary_ops->sysctl(table, op); 1412*1da177e4SLinus Torvalds if (rc) 1413*1da177e4SLinus Torvalds return rc; 1414*1da177e4SLinus Torvalds 1415*1da177e4SLinus Torvalds tsec = current->security; 1416*1da177e4SLinus Torvalds 1417*1da177e4SLinus Torvalds rc = selinux_proc_get_sid(table->de, (op == 001) ? 1418*1da177e4SLinus Torvalds SECCLASS_DIR : SECCLASS_FILE, &tsid); 1419*1da177e4SLinus Torvalds if (rc) { 1420*1da177e4SLinus Torvalds /* Default to the well-defined sysctl SID. */ 1421*1da177e4SLinus Torvalds tsid = SECINITSID_SYSCTL; 1422*1da177e4SLinus Torvalds } 1423*1da177e4SLinus Torvalds 1424*1da177e4SLinus Torvalds /* The op values are "defined" in sysctl.c, thereby creating 1425*1da177e4SLinus Torvalds * a bad coupling between this module and sysctl.c */ 1426*1da177e4SLinus Torvalds if(op == 001) { 1427*1da177e4SLinus Torvalds error = avc_has_perm(tsec->sid, tsid, 1428*1da177e4SLinus Torvalds SECCLASS_DIR, DIR__SEARCH, NULL); 1429*1da177e4SLinus Torvalds } else { 1430*1da177e4SLinus Torvalds av = 0; 1431*1da177e4SLinus Torvalds if (op & 004) 1432*1da177e4SLinus Torvalds av |= FILE__READ; 1433*1da177e4SLinus Torvalds if (op & 002) 1434*1da177e4SLinus Torvalds av |= FILE__WRITE; 1435*1da177e4SLinus Torvalds if (av) 1436*1da177e4SLinus Torvalds error = avc_has_perm(tsec->sid, tsid, 1437*1da177e4SLinus Torvalds SECCLASS_FILE, av, NULL); 1438*1da177e4SLinus Torvalds } 1439*1da177e4SLinus Torvalds 1440*1da177e4SLinus Torvalds return error; 1441*1da177e4SLinus Torvalds } 1442*1da177e4SLinus Torvalds 1443*1da177e4SLinus Torvalds static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb) 1444*1da177e4SLinus Torvalds { 1445*1da177e4SLinus Torvalds int rc = 0; 1446*1da177e4SLinus Torvalds 1447*1da177e4SLinus Torvalds if (!sb) 1448*1da177e4SLinus Torvalds return 0; 1449*1da177e4SLinus Torvalds 1450*1da177e4SLinus Torvalds switch (cmds) { 1451*1da177e4SLinus Torvalds case Q_SYNC: 1452*1da177e4SLinus Torvalds case Q_QUOTAON: 1453*1da177e4SLinus Torvalds case Q_QUOTAOFF: 1454*1da177e4SLinus Torvalds case Q_SETINFO: 1455*1da177e4SLinus Torvalds case Q_SETQUOTA: 1456*1da177e4SLinus Torvalds rc = superblock_has_perm(current, 1457*1da177e4SLinus Torvalds sb, 1458*1da177e4SLinus Torvalds FILESYSTEM__QUOTAMOD, NULL); 1459*1da177e4SLinus Torvalds break; 1460*1da177e4SLinus Torvalds case Q_GETFMT: 1461*1da177e4SLinus Torvalds case Q_GETINFO: 1462*1da177e4SLinus Torvalds case Q_GETQUOTA: 1463*1da177e4SLinus Torvalds rc = superblock_has_perm(current, 1464*1da177e4SLinus Torvalds sb, 1465*1da177e4SLinus Torvalds FILESYSTEM__QUOTAGET, NULL); 1466*1da177e4SLinus Torvalds break; 1467*1da177e4SLinus Torvalds default: 1468*1da177e4SLinus Torvalds rc = 0; /* let the kernel handle invalid cmds */ 1469*1da177e4SLinus Torvalds break; 1470*1da177e4SLinus Torvalds } 1471*1da177e4SLinus Torvalds return rc; 1472*1da177e4SLinus Torvalds } 1473*1da177e4SLinus Torvalds 1474*1da177e4SLinus Torvalds static int selinux_quota_on(struct dentry *dentry) 1475*1da177e4SLinus Torvalds { 1476*1da177e4SLinus Torvalds return dentry_has_perm(current, NULL, dentry, FILE__QUOTAON); 1477*1da177e4SLinus Torvalds } 1478*1da177e4SLinus Torvalds 1479*1da177e4SLinus Torvalds static int selinux_syslog(int type) 1480*1da177e4SLinus Torvalds { 1481*1da177e4SLinus Torvalds int rc; 1482*1da177e4SLinus Torvalds 1483*1da177e4SLinus Torvalds rc = secondary_ops->syslog(type); 1484*1da177e4SLinus Torvalds if (rc) 1485*1da177e4SLinus Torvalds return rc; 1486*1da177e4SLinus Torvalds 1487*1da177e4SLinus Torvalds switch (type) { 1488*1da177e4SLinus Torvalds case 3: /* Read last kernel messages */ 1489*1da177e4SLinus Torvalds case 10: /* Return size of the log buffer */ 1490*1da177e4SLinus Torvalds rc = task_has_system(current, SYSTEM__SYSLOG_READ); 1491*1da177e4SLinus Torvalds break; 1492*1da177e4SLinus Torvalds case 6: /* Disable logging to console */ 1493*1da177e4SLinus Torvalds case 7: /* Enable logging to console */ 1494*1da177e4SLinus Torvalds case 8: /* Set level of messages printed to console */ 1495*1da177e4SLinus Torvalds rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE); 1496*1da177e4SLinus Torvalds break; 1497*1da177e4SLinus Torvalds case 0: /* Close log */ 1498*1da177e4SLinus Torvalds case 1: /* Open log */ 1499*1da177e4SLinus Torvalds case 2: /* Read from log */ 1500*1da177e4SLinus Torvalds case 4: /* Read/clear last kernel messages */ 1501*1da177e4SLinus Torvalds case 5: /* Clear ring buffer */ 1502*1da177e4SLinus Torvalds default: 1503*1da177e4SLinus Torvalds rc = task_has_system(current, SYSTEM__SYSLOG_MOD); 1504*1da177e4SLinus Torvalds break; 1505*1da177e4SLinus Torvalds } 1506*1da177e4SLinus Torvalds return rc; 1507*1da177e4SLinus Torvalds } 1508*1da177e4SLinus Torvalds 1509*1da177e4SLinus Torvalds /* 1510*1da177e4SLinus Torvalds * Check that a process has enough memory to allocate a new virtual 1511*1da177e4SLinus Torvalds * mapping. 0 means there is enough memory for the allocation to 1512*1da177e4SLinus Torvalds * succeed and -ENOMEM implies there is not. 1513*1da177e4SLinus Torvalds * 1514*1da177e4SLinus Torvalds * Note that secondary_ops->capable and task_has_perm_noaudit return 0 1515*1da177e4SLinus Torvalds * if the capability is granted, but __vm_enough_memory requires 1 if 1516*1da177e4SLinus Torvalds * the capability is granted. 1517*1da177e4SLinus Torvalds * 1518*1da177e4SLinus Torvalds * Do not audit the selinux permission check, as this is applied to all 1519*1da177e4SLinus Torvalds * processes that allocate mappings. 1520*1da177e4SLinus Torvalds */ 1521*1da177e4SLinus Torvalds static int selinux_vm_enough_memory(long pages) 1522*1da177e4SLinus Torvalds { 1523*1da177e4SLinus Torvalds int rc, cap_sys_admin = 0; 1524*1da177e4SLinus Torvalds struct task_security_struct *tsec = current->security; 1525*1da177e4SLinus Torvalds 1526*1da177e4SLinus Torvalds rc = secondary_ops->capable(current, CAP_SYS_ADMIN); 1527*1da177e4SLinus Torvalds if (rc == 0) 1528*1da177e4SLinus Torvalds rc = avc_has_perm_noaudit(tsec->sid, tsec->sid, 1529*1da177e4SLinus Torvalds SECCLASS_CAPABILITY, 1530*1da177e4SLinus Torvalds CAP_TO_MASK(CAP_SYS_ADMIN), 1531*1da177e4SLinus Torvalds NULL); 1532*1da177e4SLinus Torvalds 1533*1da177e4SLinus Torvalds if (rc == 0) 1534*1da177e4SLinus Torvalds cap_sys_admin = 1; 1535*1da177e4SLinus Torvalds 1536*1da177e4SLinus Torvalds return __vm_enough_memory(pages, cap_sys_admin); 1537*1da177e4SLinus Torvalds } 1538*1da177e4SLinus Torvalds 1539*1da177e4SLinus Torvalds /* binprm security operations */ 1540*1da177e4SLinus Torvalds 1541*1da177e4SLinus Torvalds static int selinux_bprm_alloc_security(struct linux_binprm *bprm) 1542*1da177e4SLinus Torvalds { 1543*1da177e4SLinus Torvalds struct bprm_security_struct *bsec; 1544*1da177e4SLinus Torvalds 1545*1da177e4SLinus Torvalds bsec = kmalloc(sizeof(struct bprm_security_struct), GFP_KERNEL); 1546*1da177e4SLinus Torvalds if (!bsec) 1547*1da177e4SLinus Torvalds return -ENOMEM; 1548*1da177e4SLinus Torvalds 1549*1da177e4SLinus Torvalds memset(bsec, 0, sizeof *bsec); 1550*1da177e4SLinus Torvalds bsec->magic = SELINUX_MAGIC; 1551*1da177e4SLinus Torvalds bsec->bprm = bprm; 1552*1da177e4SLinus Torvalds bsec->sid = SECINITSID_UNLABELED; 1553*1da177e4SLinus Torvalds bsec->set = 0; 1554*1da177e4SLinus Torvalds 1555*1da177e4SLinus Torvalds bprm->security = bsec; 1556*1da177e4SLinus Torvalds return 0; 1557*1da177e4SLinus Torvalds } 1558*1da177e4SLinus Torvalds 1559*1da177e4SLinus Torvalds static int selinux_bprm_set_security(struct linux_binprm *bprm) 1560*1da177e4SLinus Torvalds { 1561*1da177e4SLinus Torvalds struct task_security_struct *tsec; 1562*1da177e4SLinus Torvalds struct inode *inode = bprm->file->f_dentry->d_inode; 1563*1da177e4SLinus Torvalds struct inode_security_struct *isec; 1564*1da177e4SLinus Torvalds struct bprm_security_struct *bsec; 1565*1da177e4SLinus Torvalds u32 newsid; 1566*1da177e4SLinus Torvalds struct avc_audit_data ad; 1567*1da177e4SLinus Torvalds int rc; 1568*1da177e4SLinus Torvalds 1569*1da177e4SLinus Torvalds rc = secondary_ops->bprm_set_security(bprm); 1570*1da177e4SLinus Torvalds if (rc) 1571*1da177e4SLinus Torvalds return rc; 1572*1da177e4SLinus Torvalds 1573*1da177e4SLinus Torvalds bsec = bprm->security; 1574*1da177e4SLinus Torvalds 1575*1da177e4SLinus Torvalds if (bsec->set) 1576*1da177e4SLinus Torvalds return 0; 1577*1da177e4SLinus Torvalds 1578*1da177e4SLinus Torvalds tsec = current->security; 1579*1da177e4SLinus Torvalds isec = inode->i_security; 1580*1da177e4SLinus Torvalds 1581*1da177e4SLinus Torvalds /* Default to the current task SID. */ 1582*1da177e4SLinus Torvalds bsec->sid = tsec->sid; 1583*1da177e4SLinus Torvalds 1584*1da177e4SLinus Torvalds /* Reset create SID on execve. */ 1585*1da177e4SLinus Torvalds tsec->create_sid = 0; 1586*1da177e4SLinus Torvalds 1587*1da177e4SLinus Torvalds if (tsec->exec_sid) { 1588*1da177e4SLinus Torvalds newsid = tsec->exec_sid; 1589*1da177e4SLinus Torvalds /* Reset exec SID on execve. */ 1590*1da177e4SLinus Torvalds tsec->exec_sid = 0; 1591*1da177e4SLinus Torvalds } else { 1592*1da177e4SLinus Torvalds /* Check for a default transition on this program. */ 1593*1da177e4SLinus Torvalds rc = security_transition_sid(tsec->sid, isec->sid, 1594*1da177e4SLinus Torvalds SECCLASS_PROCESS, &newsid); 1595*1da177e4SLinus Torvalds if (rc) 1596*1da177e4SLinus Torvalds return rc; 1597*1da177e4SLinus Torvalds } 1598*1da177e4SLinus Torvalds 1599*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad, FS); 1600*1da177e4SLinus Torvalds ad.u.fs.mnt = bprm->file->f_vfsmnt; 1601*1da177e4SLinus Torvalds ad.u.fs.dentry = bprm->file->f_dentry; 1602*1da177e4SLinus Torvalds 1603*1da177e4SLinus Torvalds if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID) 1604*1da177e4SLinus Torvalds newsid = tsec->sid; 1605*1da177e4SLinus Torvalds 1606*1da177e4SLinus Torvalds if (tsec->sid == newsid) { 1607*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->sid, isec->sid, 1608*1da177e4SLinus Torvalds SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad); 1609*1da177e4SLinus Torvalds if (rc) 1610*1da177e4SLinus Torvalds return rc; 1611*1da177e4SLinus Torvalds } else { 1612*1da177e4SLinus Torvalds /* Check permissions for the transition. */ 1613*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->sid, newsid, 1614*1da177e4SLinus Torvalds SECCLASS_PROCESS, PROCESS__TRANSITION, &ad); 1615*1da177e4SLinus Torvalds if (rc) 1616*1da177e4SLinus Torvalds return rc; 1617*1da177e4SLinus Torvalds 1618*1da177e4SLinus Torvalds rc = avc_has_perm(newsid, isec->sid, 1619*1da177e4SLinus Torvalds SECCLASS_FILE, FILE__ENTRYPOINT, &ad); 1620*1da177e4SLinus Torvalds if (rc) 1621*1da177e4SLinus Torvalds return rc; 1622*1da177e4SLinus Torvalds 1623*1da177e4SLinus Torvalds /* Clear any possibly unsafe personality bits on exec: */ 1624*1da177e4SLinus Torvalds current->personality &= ~PER_CLEAR_ON_SETID; 1625*1da177e4SLinus Torvalds 1626*1da177e4SLinus Torvalds /* Set the security field to the new SID. */ 1627*1da177e4SLinus Torvalds bsec->sid = newsid; 1628*1da177e4SLinus Torvalds } 1629*1da177e4SLinus Torvalds 1630*1da177e4SLinus Torvalds bsec->set = 1; 1631*1da177e4SLinus Torvalds return 0; 1632*1da177e4SLinus Torvalds } 1633*1da177e4SLinus Torvalds 1634*1da177e4SLinus Torvalds static int selinux_bprm_check_security (struct linux_binprm *bprm) 1635*1da177e4SLinus Torvalds { 1636*1da177e4SLinus Torvalds return secondary_ops->bprm_check_security(bprm); 1637*1da177e4SLinus Torvalds } 1638*1da177e4SLinus Torvalds 1639*1da177e4SLinus Torvalds 1640*1da177e4SLinus Torvalds static int selinux_bprm_secureexec (struct linux_binprm *bprm) 1641*1da177e4SLinus Torvalds { 1642*1da177e4SLinus Torvalds struct task_security_struct *tsec = current->security; 1643*1da177e4SLinus Torvalds int atsecure = 0; 1644*1da177e4SLinus Torvalds 1645*1da177e4SLinus Torvalds if (tsec->osid != tsec->sid) { 1646*1da177e4SLinus Torvalds /* Enable secure mode for SIDs transitions unless 1647*1da177e4SLinus Torvalds the noatsecure permission is granted between 1648*1da177e4SLinus Torvalds the two SIDs, i.e. ahp returns 0. */ 1649*1da177e4SLinus Torvalds atsecure = avc_has_perm(tsec->osid, tsec->sid, 1650*1da177e4SLinus Torvalds SECCLASS_PROCESS, 1651*1da177e4SLinus Torvalds PROCESS__NOATSECURE, NULL); 1652*1da177e4SLinus Torvalds } 1653*1da177e4SLinus Torvalds 1654*1da177e4SLinus Torvalds return (atsecure || secondary_ops->bprm_secureexec(bprm)); 1655*1da177e4SLinus Torvalds } 1656*1da177e4SLinus Torvalds 1657*1da177e4SLinus Torvalds static void selinux_bprm_free_security(struct linux_binprm *bprm) 1658*1da177e4SLinus Torvalds { 1659*1da177e4SLinus Torvalds struct bprm_security_struct *bsec = bprm->security; 1660*1da177e4SLinus Torvalds bprm->security = NULL; 1661*1da177e4SLinus Torvalds kfree(bsec); 1662*1da177e4SLinus Torvalds } 1663*1da177e4SLinus Torvalds 1664*1da177e4SLinus Torvalds extern struct vfsmount *selinuxfs_mount; 1665*1da177e4SLinus Torvalds extern struct dentry *selinux_null; 1666*1da177e4SLinus Torvalds 1667*1da177e4SLinus Torvalds /* Derived from fs/exec.c:flush_old_files. */ 1668*1da177e4SLinus Torvalds static inline void flush_unauthorized_files(struct files_struct * files) 1669*1da177e4SLinus Torvalds { 1670*1da177e4SLinus Torvalds struct avc_audit_data ad; 1671*1da177e4SLinus Torvalds struct file *file, *devnull = NULL; 1672*1da177e4SLinus Torvalds struct tty_struct *tty = current->signal->tty; 1673*1da177e4SLinus Torvalds long j = -1; 1674*1da177e4SLinus Torvalds 1675*1da177e4SLinus Torvalds if (tty) { 1676*1da177e4SLinus Torvalds file_list_lock(); 1677*1da177e4SLinus Torvalds file = list_entry(tty->tty_files.next, typeof(*file), f_list); 1678*1da177e4SLinus Torvalds if (file) { 1679*1da177e4SLinus Torvalds /* Revalidate access to controlling tty. 1680*1da177e4SLinus Torvalds Use inode_has_perm on the tty inode directly rather 1681*1da177e4SLinus Torvalds than using file_has_perm, as this particular open 1682*1da177e4SLinus Torvalds file may belong to another process and we are only 1683*1da177e4SLinus Torvalds interested in the inode-based check here. */ 1684*1da177e4SLinus Torvalds struct inode *inode = file->f_dentry->d_inode; 1685*1da177e4SLinus Torvalds if (inode_has_perm(current, inode, 1686*1da177e4SLinus Torvalds FILE__READ | FILE__WRITE, NULL)) { 1687*1da177e4SLinus Torvalds /* Reset controlling tty. */ 1688*1da177e4SLinus Torvalds current->signal->tty = NULL; 1689*1da177e4SLinus Torvalds current->signal->tty_old_pgrp = 0; 1690*1da177e4SLinus Torvalds } 1691*1da177e4SLinus Torvalds } 1692*1da177e4SLinus Torvalds file_list_unlock(); 1693*1da177e4SLinus Torvalds } 1694*1da177e4SLinus Torvalds 1695*1da177e4SLinus Torvalds /* Revalidate access to inherited open files. */ 1696*1da177e4SLinus Torvalds 1697*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad,FS); 1698*1da177e4SLinus Torvalds 1699*1da177e4SLinus Torvalds spin_lock(&files->file_lock); 1700*1da177e4SLinus Torvalds for (;;) { 1701*1da177e4SLinus Torvalds unsigned long set, i; 1702*1da177e4SLinus Torvalds int fd; 1703*1da177e4SLinus Torvalds 1704*1da177e4SLinus Torvalds j++; 1705*1da177e4SLinus Torvalds i = j * __NFDBITS; 1706*1da177e4SLinus Torvalds if (i >= files->max_fds || i >= files->max_fdset) 1707*1da177e4SLinus Torvalds break; 1708*1da177e4SLinus Torvalds set = files->open_fds->fds_bits[j]; 1709*1da177e4SLinus Torvalds if (!set) 1710*1da177e4SLinus Torvalds continue; 1711*1da177e4SLinus Torvalds spin_unlock(&files->file_lock); 1712*1da177e4SLinus Torvalds for ( ; set ; i++,set >>= 1) { 1713*1da177e4SLinus Torvalds if (set & 1) { 1714*1da177e4SLinus Torvalds file = fget(i); 1715*1da177e4SLinus Torvalds if (!file) 1716*1da177e4SLinus Torvalds continue; 1717*1da177e4SLinus Torvalds if (file_has_perm(current, 1718*1da177e4SLinus Torvalds file, 1719*1da177e4SLinus Torvalds file_to_av(file))) { 1720*1da177e4SLinus Torvalds sys_close(i); 1721*1da177e4SLinus Torvalds fd = get_unused_fd(); 1722*1da177e4SLinus Torvalds if (fd != i) { 1723*1da177e4SLinus Torvalds if (fd >= 0) 1724*1da177e4SLinus Torvalds put_unused_fd(fd); 1725*1da177e4SLinus Torvalds fput(file); 1726*1da177e4SLinus Torvalds continue; 1727*1da177e4SLinus Torvalds } 1728*1da177e4SLinus Torvalds if (devnull) { 1729*1da177e4SLinus Torvalds atomic_inc(&devnull->f_count); 1730*1da177e4SLinus Torvalds } else { 1731*1da177e4SLinus Torvalds devnull = dentry_open(dget(selinux_null), mntget(selinuxfs_mount), O_RDWR); 1732*1da177e4SLinus Torvalds if (!devnull) { 1733*1da177e4SLinus Torvalds put_unused_fd(fd); 1734*1da177e4SLinus Torvalds fput(file); 1735*1da177e4SLinus Torvalds continue; 1736*1da177e4SLinus Torvalds } 1737*1da177e4SLinus Torvalds } 1738*1da177e4SLinus Torvalds fd_install(fd, devnull); 1739*1da177e4SLinus Torvalds } 1740*1da177e4SLinus Torvalds fput(file); 1741*1da177e4SLinus Torvalds } 1742*1da177e4SLinus Torvalds } 1743*1da177e4SLinus Torvalds spin_lock(&files->file_lock); 1744*1da177e4SLinus Torvalds 1745*1da177e4SLinus Torvalds } 1746*1da177e4SLinus Torvalds spin_unlock(&files->file_lock); 1747*1da177e4SLinus Torvalds } 1748*1da177e4SLinus Torvalds 1749*1da177e4SLinus Torvalds static void selinux_bprm_apply_creds(struct linux_binprm *bprm, int unsafe) 1750*1da177e4SLinus Torvalds { 1751*1da177e4SLinus Torvalds struct task_security_struct *tsec; 1752*1da177e4SLinus Torvalds struct bprm_security_struct *bsec; 1753*1da177e4SLinus Torvalds u32 sid; 1754*1da177e4SLinus Torvalds int rc; 1755*1da177e4SLinus Torvalds 1756*1da177e4SLinus Torvalds secondary_ops->bprm_apply_creds(bprm, unsafe); 1757*1da177e4SLinus Torvalds 1758*1da177e4SLinus Torvalds tsec = current->security; 1759*1da177e4SLinus Torvalds 1760*1da177e4SLinus Torvalds bsec = bprm->security; 1761*1da177e4SLinus Torvalds sid = bsec->sid; 1762*1da177e4SLinus Torvalds 1763*1da177e4SLinus Torvalds tsec->osid = tsec->sid; 1764*1da177e4SLinus Torvalds bsec->unsafe = 0; 1765*1da177e4SLinus Torvalds if (tsec->sid != sid) { 1766*1da177e4SLinus Torvalds /* Check for shared state. If not ok, leave SID 1767*1da177e4SLinus Torvalds unchanged and kill. */ 1768*1da177e4SLinus Torvalds if (unsafe & LSM_UNSAFE_SHARE) { 1769*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS, 1770*1da177e4SLinus Torvalds PROCESS__SHARE, NULL); 1771*1da177e4SLinus Torvalds if (rc) { 1772*1da177e4SLinus Torvalds bsec->unsafe = 1; 1773*1da177e4SLinus Torvalds return; 1774*1da177e4SLinus Torvalds } 1775*1da177e4SLinus Torvalds } 1776*1da177e4SLinus Torvalds 1777*1da177e4SLinus Torvalds /* Check for ptracing, and update the task SID if ok. 1778*1da177e4SLinus Torvalds Otherwise, leave SID unchanged and kill. */ 1779*1da177e4SLinus Torvalds if (unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) { 1780*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->ptrace_sid, sid, 1781*1da177e4SLinus Torvalds SECCLASS_PROCESS, PROCESS__PTRACE, 1782*1da177e4SLinus Torvalds NULL); 1783*1da177e4SLinus Torvalds if (rc) { 1784*1da177e4SLinus Torvalds bsec->unsafe = 1; 1785*1da177e4SLinus Torvalds return; 1786*1da177e4SLinus Torvalds } 1787*1da177e4SLinus Torvalds } 1788*1da177e4SLinus Torvalds tsec->sid = sid; 1789*1da177e4SLinus Torvalds } 1790*1da177e4SLinus Torvalds } 1791*1da177e4SLinus Torvalds 1792*1da177e4SLinus Torvalds /* 1793*1da177e4SLinus Torvalds * called after apply_creds without the task lock held 1794*1da177e4SLinus Torvalds */ 1795*1da177e4SLinus Torvalds static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm) 1796*1da177e4SLinus Torvalds { 1797*1da177e4SLinus Torvalds struct task_security_struct *tsec; 1798*1da177e4SLinus Torvalds struct rlimit *rlim, *initrlim; 1799*1da177e4SLinus Torvalds struct itimerval itimer; 1800*1da177e4SLinus Torvalds struct bprm_security_struct *bsec; 1801*1da177e4SLinus Torvalds int rc, i; 1802*1da177e4SLinus Torvalds 1803*1da177e4SLinus Torvalds tsec = current->security; 1804*1da177e4SLinus Torvalds bsec = bprm->security; 1805*1da177e4SLinus Torvalds 1806*1da177e4SLinus Torvalds if (bsec->unsafe) { 1807*1da177e4SLinus Torvalds force_sig_specific(SIGKILL, current); 1808*1da177e4SLinus Torvalds return; 1809*1da177e4SLinus Torvalds } 1810*1da177e4SLinus Torvalds if (tsec->osid == tsec->sid) 1811*1da177e4SLinus Torvalds return; 1812*1da177e4SLinus Torvalds 1813*1da177e4SLinus Torvalds /* Close files for which the new task SID is not authorized. */ 1814*1da177e4SLinus Torvalds flush_unauthorized_files(current->files); 1815*1da177e4SLinus Torvalds 1816*1da177e4SLinus Torvalds /* Check whether the new SID can inherit signal state 1817*1da177e4SLinus Torvalds from the old SID. If not, clear itimers to avoid 1818*1da177e4SLinus Torvalds subsequent signal generation and flush and unblock 1819*1da177e4SLinus Torvalds signals. This must occur _after_ the task SID has 1820*1da177e4SLinus Torvalds been updated so that any kill done after the flush 1821*1da177e4SLinus Torvalds will be checked against the new SID. */ 1822*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS, 1823*1da177e4SLinus Torvalds PROCESS__SIGINH, NULL); 1824*1da177e4SLinus Torvalds if (rc) { 1825*1da177e4SLinus Torvalds memset(&itimer, 0, sizeof itimer); 1826*1da177e4SLinus Torvalds for (i = 0; i < 3; i++) 1827*1da177e4SLinus Torvalds do_setitimer(i, &itimer, NULL); 1828*1da177e4SLinus Torvalds flush_signals(current); 1829*1da177e4SLinus Torvalds spin_lock_irq(¤t->sighand->siglock); 1830*1da177e4SLinus Torvalds flush_signal_handlers(current, 1); 1831*1da177e4SLinus Torvalds sigemptyset(¤t->blocked); 1832*1da177e4SLinus Torvalds recalc_sigpending(); 1833*1da177e4SLinus Torvalds spin_unlock_irq(¤t->sighand->siglock); 1834*1da177e4SLinus Torvalds } 1835*1da177e4SLinus Torvalds 1836*1da177e4SLinus Torvalds /* Check whether the new SID can inherit resource limits 1837*1da177e4SLinus Torvalds from the old SID. If not, reset all soft limits to 1838*1da177e4SLinus Torvalds the lower of the current task's hard limit and the init 1839*1da177e4SLinus Torvalds task's soft limit. Note that the setting of hard limits 1840*1da177e4SLinus Torvalds (even to lower them) can be controlled by the setrlimit 1841*1da177e4SLinus Torvalds check. The inclusion of the init task's soft limit into 1842*1da177e4SLinus Torvalds the computation is to avoid resetting soft limits higher 1843*1da177e4SLinus Torvalds than the default soft limit for cases where the default 1844*1da177e4SLinus Torvalds is lower than the hard limit, e.g. RLIMIT_CORE or 1845*1da177e4SLinus Torvalds RLIMIT_STACK.*/ 1846*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS, 1847*1da177e4SLinus Torvalds PROCESS__RLIMITINH, NULL); 1848*1da177e4SLinus Torvalds if (rc) { 1849*1da177e4SLinus Torvalds for (i = 0; i < RLIM_NLIMITS; i++) { 1850*1da177e4SLinus Torvalds rlim = current->signal->rlim + i; 1851*1da177e4SLinus Torvalds initrlim = init_task.signal->rlim+i; 1852*1da177e4SLinus Torvalds rlim->rlim_cur = min(rlim->rlim_max,initrlim->rlim_cur); 1853*1da177e4SLinus Torvalds } 1854*1da177e4SLinus Torvalds if (current->signal->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) { 1855*1da177e4SLinus Torvalds /* 1856*1da177e4SLinus Torvalds * This will cause RLIMIT_CPU calculations 1857*1da177e4SLinus Torvalds * to be refigured. 1858*1da177e4SLinus Torvalds */ 1859*1da177e4SLinus Torvalds current->it_prof_expires = jiffies_to_cputime(1); 1860*1da177e4SLinus Torvalds } 1861*1da177e4SLinus Torvalds } 1862*1da177e4SLinus Torvalds 1863*1da177e4SLinus Torvalds /* Wake up the parent if it is waiting so that it can 1864*1da177e4SLinus Torvalds recheck wait permission to the new task SID. */ 1865*1da177e4SLinus Torvalds wake_up_interruptible(¤t->parent->signal->wait_chldexit); 1866*1da177e4SLinus Torvalds } 1867*1da177e4SLinus Torvalds 1868*1da177e4SLinus Torvalds /* superblock security operations */ 1869*1da177e4SLinus Torvalds 1870*1da177e4SLinus Torvalds static int selinux_sb_alloc_security(struct super_block *sb) 1871*1da177e4SLinus Torvalds { 1872*1da177e4SLinus Torvalds return superblock_alloc_security(sb); 1873*1da177e4SLinus Torvalds } 1874*1da177e4SLinus Torvalds 1875*1da177e4SLinus Torvalds static void selinux_sb_free_security(struct super_block *sb) 1876*1da177e4SLinus Torvalds { 1877*1da177e4SLinus Torvalds superblock_free_security(sb); 1878*1da177e4SLinus Torvalds } 1879*1da177e4SLinus Torvalds 1880*1da177e4SLinus Torvalds static inline int match_prefix(char *prefix, int plen, char *option, int olen) 1881*1da177e4SLinus Torvalds { 1882*1da177e4SLinus Torvalds if (plen > olen) 1883*1da177e4SLinus Torvalds return 0; 1884*1da177e4SLinus Torvalds 1885*1da177e4SLinus Torvalds return !memcmp(prefix, option, plen); 1886*1da177e4SLinus Torvalds } 1887*1da177e4SLinus Torvalds 1888*1da177e4SLinus Torvalds static inline int selinux_option(char *option, int len) 1889*1da177e4SLinus Torvalds { 1890*1da177e4SLinus Torvalds return (match_prefix("context=", sizeof("context=")-1, option, len) || 1891*1da177e4SLinus Torvalds match_prefix("fscontext=", sizeof("fscontext=")-1, option, len) || 1892*1da177e4SLinus Torvalds match_prefix("defcontext=", sizeof("defcontext=")-1, option, len)); 1893*1da177e4SLinus Torvalds } 1894*1da177e4SLinus Torvalds 1895*1da177e4SLinus Torvalds static inline void take_option(char **to, char *from, int *first, int len) 1896*1da177e4SLinus Torvalds { 1897*1da177e4SLinus Torvalds if (!*first) { 1898*1da177e4SLinus Torvalds **to = ','; 1899*1da177e4SLinus Torvalds *to += 1; 1900*1da177e4SLinus Torvalds } 1901*1da177e4SLinus Torvalds else 1902*1da177e4SLinus Torvalds *first = 0; 1903*1da177e4SLinus Torvalds memcpy(*to, from, len); 1904*1da177e4SLinus Torvalds *to += len; 1905*1da177e4SLinus Torvalds } 1906*1da177e4SLinus Torvalds 1907*1da177e4SLinus Torvalds static int selinux_sb_copy_data(struct file_system_type *type, void *orig, void *copy) 1908*1da177e4SLinus Torvalds { 1909*1da177e4SLinus Torvalds int fnosec, fsec, rc = 0; 1910*1da177e4SLinus Torvalds char *in_save, *in_curr, *in_end; 1911*1da177e4SLinus Torvalds char *sec_curr, *nosec_save, *nosec; 1912*1da177e4SLinus Torvalds 1913*1da177e4SLinus Torvalds in_curr = orig; 1914*1da177e4SLinus Torvalds sec_curr = copy; 1915*1da177e4SLinus Torvalds 1916*1da177e4SLinus Torvalds /* Binary mount data: just copy */ 1917*1da177e4SLinus Torvalds if (type->fs_flags & FS_BINARY_MOUNTDATA) { 1918*1da177e4SLinus Torvalds copy_page(sec_curr, in_curr); 1919*1da177e4SLinus Torvalds goto out; 1920*1da177e4SLinus Torvalds } 1921*1da177e4SLinus Torvalds 1922*1da177e4SLinus Torvalds nosec = (char *)get_zeroed_page(GFP_KERNEL); 1923*1da177e4SLinus Torvalds if (!nosec) { 1924*1da177e4SLinus Torvalds rc = -ENOMEM; 1925*1da177e4SLinus Torvalds goto out; 1926*1da177e4SLinus Torvalds } 1927*1da177e4SLinus Torvalds 1928*1da177e4SLinus Torvalds nosec_save = nosec; 1929*1da177e4SLinus Torvalds fnosec = fsec = 1; 1930*1da177e4SLinus Torvalds in_save = in_end = orig; 1931*1da177e4SLinus Torvalds 1932*1da177e4SLinus Torvalds do { 1933*1da177e4SLinus Torvalds if (*in_end == ',' || *in_end == '\0') { 1934*1da177e4SLinus Torvalds int len = in_end - in_curr; 1935*1da177e4SLinus Torvalds 1936*1da177e4SLinus Torvalds if (selinux_option(in_curr, len)) 1937*1da177e4SLinus Torvalds take_option(&sec_curr, in_curr, &fsec, len); 1938*1da177e4SLinus Torvalds else 1939*1da177e4SLinus Torvalds take_option(&nosec, in_curr, &fnosec, len); 1940*1da177e4SLinus Torvalds 1941*1da177e4SLinus Torvalds in_curr = in_end + 1; 1942*1da177e4SLinus Torvalds } 1943*1da177e4SLinus Torvalds } while (*in_end++); 1944*1da177e4SLinus Torvalds 1945*1da177e4SLinus Torvalds copy_page(in_save, nosec_save); 1946*1da177e4SLinus Torvalds out: 1947*1da177e4SLinus Torvalds return rc; 1948*1da177e4SLinus Torvalds } 1949*1da177e4SLinus Torvalds 1950*1da177e4SLinus Torvalds static int selinux_sb_kern_mount(struct super_block *sb, void *data) 1951*1da177e4SLinus Torvalds { 1952*1da177e4SLinus Torvalds struct avc_audit_data ad; 1953*1da177e4SLinus Torvalds int rc; 1954*1da177e4SLinus Torvalds 1955*1da177e4SLinus Torvalds rc = superblock_doinit(sb, data); 1956*1da177e4SLinus Torvalds if (rc) 1957*1da177e4SLinus Torvalds return rc; 1958*1da177e4SLinus Torvalds 1959*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad,FS); 1960*1da177e4SLinus Torvalds ad.u.fs.dentry = sb->s_root; 1961*1da177e4SLinus Torvalds return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad); 1962*1da177e4SLinus Torvalds } 1963*1da177e4SLinus Torvalds 1964*1da177e4SLinus Torvalds static int selinux_sb_statfs(struct super_block *sb) 1965*1da177e4SLinus Torvalds { 1966*1da177e4SLinus Torvalds struct avc_audit_data ad; 1967*1da177e4SLinus Torvalds 1968*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad,FS); 1969*1da177e4SLinus Torvalds ad.u.fs.dentry = sb->s_root; 1970*1da177e4SLinus Torvalds return superblock_has_perm(current, sb, FILESYSTEM__GETATTR, &ad); 1971*1da177e4SLinus Torvalds } 1972*1da177e4SLinus Torvalds 1973*1da177e4SLinus Torvalds static int selinux_mount(char * dev_name, 1974*1da177e4SLinus Torvalds struct nameidata *nd, 1975*1da177e4SLinus Torvalds char * type, 1976*1da177e4SLinus Torvalds unsigned long flags, 1977*1da177e4SLinus Torvalds void * data) 1978*1da177e4SLinus Torvalds { 1979*1da177e4SLinus Torvalds int rc; 1980*1da177e4SLinus Torvalds 1981*1da177e4SLinus Torvalds rc = secondary_ops->sb_mount(dev_name, nd, type, flags, data); 1982*1da177e4SLinus Torvalds if (rc) 1983*1da177e4SLinus Torvalds return rc; 1984*1da177e4SLinus Torvalds 1985*1da177e4SLinus Torvalds if (flags & MS_REMOUNT) 1986*1da177e4SLinus Torvalds return superblock_has_perm(current, nd->mnt->mnt_sb, 1987*1da177e4SLinus Torvalds FILESYSTEM__REMOUNT, NULL); 1988*1da177e4SLinus Torvalds else 1989*1da177e4SLinus Torvalds return dentry_has_perm(current, nd->mnt, nd->dentry, 1990*1da177e4SLinus Torvalds FILE__MOUNTON); 1991*1da177e4SLinus Torvalds } 1992*1da177e4SLinus Torvalds 1993*1da177e4SLinus Torvalds static int selinux_umount(struct vfsmount *mnt, int flags) 1994*1da177e4SLinus Torvalds { 1995*1da177e4SLinus Torvalds int rc; 1996*1da177e4SLinus Torvalds 1997*1da177e4SLinus Torvalds rc = secondary_ops->sb_umount(mnt, flags); 1998*1da177e4SLinus Torvalds if (rc) 1999*1da177e4SLinus Torvalds return rc; 2000*1da177e4SLinus Torvalds 2001*1da177e4SLinus Torvalds return superblock_has_perm(current,mnt->mnt_sb, 2002*1da177e4SLinus Torvalds FILESYSTEM__UNMOUNT,NULL); 2003*1da177e4SLinus Torvalds } 2004*1da177e4SLinus Torvalds 2005*1da177e4SLinus Torvalds /* inode security operations */ 2006*1da177e4SLinus Torvalds 2007*1da177e4SLinus Torvalds static int selinux_inode_alloc_security(struct inode *inode) 2008*1da177e4SLinus Torvalds { 2009*1da177e4SLinus Torvalds return inode_alloc_security(inode); 2010*1da177e4SLinus Torvalds } 2011*1da177e4SLinus Torvalds 2012*1da177e4SLinus Torvalds static void selinux_inode_free_security(struct inode *inode) 2013*1da177e4SLinus Torvalds { 2014*1da177e4SLinus Torvalds inode_free_security(inode); 2015*1da177e4SLinus Torvalds } 2016*1da177e4SLinus Torvalds 2017*1da177e4SLinus Torvalds static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask) 2018*1da177e4SLinus Torvalds { 2019*1da177e4SLinus Torvalds return may_create(dir, dentry, SECCLASS_FILE); 2020*1da177e4SLinus Torvalds } 2021*1da177e4SLinus Torvalds 2022*1da177e4SLinus Torvalds static void selinux_inode_post_create(struct inode *dir, struct dentry *dentry, int mask) 2023*1da177e4SLinus Torvalds { 2024*1da177e4SLinus Torvalds post_create(dir, dentry); 2025*1da177e4SLinus Torvalds } 2026*1da177e4SLinus Torvalds 2027*1da177e4SLinus Torvalds static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry) 2028*1da177e4SLinus Torvalds { 2029*1da177e4SLinus Torvalds int rc; 2030*1da177e4SLinus Torvalds 2031*1da177e4SLinus Torvalds rc = secondary_ops->inode_link(old_dentry,dir,new_dentry); 2032*1da177e4SLinus Torvalds if (rc) 2033*1da177e4SLinus Torvalds return rc; 2034*1da177e4SLinus Torvalds return may_link(dir, old_dentry, MAY_LINK); 2035*1da177e4SLinus Torvalds } 2036*1da177e4SLinus Torvalds 2037*1da177e4SLinus Torvalds static void selinux_inode_post_link(struct dentry *old_dentry, struct inode *inode, struct dentry *new_dentry) 2038*1da177e4SLinus Torvalds { 2039*1da177e4SLinus Torvalds return; 2040*1da177e4SLinus Torvalds } 2041*1da177e4SLinus Torvalds 2042*1da177e4SLinus Torvalds static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry) 2043*1da177e4SLinus Torvalds { 2044*1da177e4SLinus Torvalds int rc; 2045*1da177e4SLinus Torvalds 2046*1da177e4SLinus Torvalds rc = secondary_ops->inode_unlink(dir, dentry); 2047*1da177e4SLinus Torvalds if (rc) 2048*1da177e4SLinus Torvalds return rc; 2049*1da177e4SLinus Torvalds return may_link(dir, dentry, MAY_UNLINK); 2050*1da177e4SLinus Torvalds } 2051*1da177e4SLinus Torvalds 2052*1da177e4SLinus Torvalds static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name) 2053*1da177e4SLinus Torvalds { 2054*1da177e4SLinus Torvalds return may_create(dir, dentry, SECCLASS_LNK_FILE); 2055*1da177e4SLinus Torvalds } 2056*1da177e4SLinus Torvalds 2057*1da177e4SLinus Torvalds static void selinux_inode_post_symlink(struct inode *dir, struct dentry *dentry, const char *name) 2058*1da177e4SLinus Torvalds { 2059*1da177e4SLinus Torvalds post_create(dir, dentry); 2060*1da177e4SLinus Torvalds } 2061*1da177e4SLinus Torvalds 2062*1da177e4SLinus Torvalds static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask) 2063*1da177e4SLinus Torvalds { 2064*1da177e4SLinus Torvalds return may_create(dir, dentry, SECCLASS_DIR); 2065*1da177e4SLinus Torvalds } 2066*1da177e4SLinus Torvalds 2067*1da177e4SLinus Torvalds static void selinux_inode_post_mkdir(struct inode *dir, struct dentry *dentry, int mask) 2068*1da177e4SLinus Torvalds { 2069*1da177e4SLinus Torvalds post_create(dir, dentry); 2070*1da177e4SLinus Torvalds } 2071*1da177e4SLinus Torvalds 2072*1da177e4SLinus Torvalds static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry) 2073*1da177e4SLinus Torvalds { 2074*1da177e4SLinus Torvalds return may_link(dir, dentry, MAY_RMDIR); 2075*1da177e4SLinus Torvalds } 2076*1da177e4SLinus Torvalds 2077*1da177e4SLinus Torvalds static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) 2078*1da177e4SLinus Torvalds { 2079*1da177e4SLinus Torvalds int rc; 2080*1da177e4SLinus Torvalds 2081*1da177e4SLinus Torvalds rc = secondary_ops->inode_mknod(dir, dentry, mode, dev); 2082*1da177e4SLinus Torvalds if (rc) 2083*1da177e4SLinus Torvalds return rc; 2084*1da177e4SLinus Torvalds 2085*1da177e4SLinus Torvalds return may_create(dir, dentry, inode_mode_to_security_class(mode)); 2086*1da177e4SLinus Torvalds } 2087*1da177e4SLinus Torvalds 2088*1da177e4SLinus Torvalds static void selinux_inode_post_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) 2089*1da177e4SLinus Torvalds { 2090*1da177e4SLinus Torvalds post_create(dir, dentry); 2091*1da177e4SLinus Torvalds } 2092*1da177e4SLinus Torvalds 2093*1da177e4SLinus Torvalds static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry, 2094*1da177e4SLinus Torvalds struct inode *new_inode, struct dentry *new_dentry) 2095*1da177e4SLinus Torvalds { 2096*1da177e4SLinus Torvalds return may_rename(old_inode, old_dentry, new_inode, new_dentry); 2097*1da177e4SLinus Torvalds } 2098*1da177e4SLinus Torvalds 2099*1da177e4SLinus Torvalds static void selinux_inode_post_rename(struct inode *old_inode, struct dentry *old_dentry, 2100*1da177e4SLinus Torvalds struct inode *new_inode, struct dentry *new_dentry) 2101*1da177e4SLinus Torvalds { 2102*1da177e4SLinus Torvalds return; 2103*1da177e4SLinus Torvalds } 2104*1da177e4SLinus Torvalds 2105*1da177e4SLinus Torvalds static int selinux_inode_readlink(struct dentry *dentry) 2106*1da177e4SLinus Torvalds { 2107*1da177e4SLinus Torvalds return dentry_has_perm(current, NULL, dentry, FILE__READ); 2108*1da177e4SLinus Torvalds } 2109*1da177e4SLinus Torvalds 2110*1da177e4SLinus Torvalds static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata) 2111*1da177e4SLinus Torvalds { 2112*1da177e4SLinus Torvalds int rc; 2113*1da177e4SLinus Torvalds 2114*1da177e4SLinus Torvalds rc = secondary_ops->inode_follow_link(dentry,nameidata); 2115*1da177e4SLinus Torvalds if (rc) 2116*1da177e4SLinus Torvalds return rc; 2117*1da177e4SLinus Torvalds return dentry_has_perm(current, NULL, dentry, FILE__READ); 2118*1da177e4SLinus Torvalds } 2119*1da177e4SLinus Torvalds 2120*1da177e4SLinus Torvalds static int selinux_inode_permission(struct inode *inode, int mask, 2121*1da177e4SLinus Torvalds struct nameidata *nd) 2122*1da177e4SLinus Torvalds { 2123*1da177e4SLinus Torvalds int rc; 2124*1da177e4SLinus Torvalds 2125*1da177e4SLinus Torvalds rc = secondary_ops->inode_permission(inode, mask, nd); 2126*1da177e4SLinus Torvalds if (rc) 2127*1da177e4SLinus Torvalds return rc; 2128*1da177e4SLinus Torvalds 2129*1da177e4SLinus Torvalds if (!mask) { 2130*1da177e4SLinus Torvalds /* No permission to check. Existence test. */ 2131*1da177e4SLinus Torvalds return 0; 2132*1da177e4SLinus Torvalds } 2133*1da177e4SLinus Torvalds 2134*1da177e4SLinus Torvalds return inode_has_perm(current, inode, 2135*1da177e4SLinus Torvalds file_mask_to_av(inode->i_mode, mask), NULL); 2136*1da177e4SLinus Torvalds } 2137*1da177e4SLinus Torvalds 2138*1da177e4SLinus Torvalds static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) 2139*1da177e4SLinus Torvalds { 2140*1da177e4SLinus Torvalds int rc; 2141*1da177e4SLinus Torvalds 2142*1da177e4SLinus Torvalds rc = secondary_ops->inode_setattr(dentry, iattr); 2143*1da177e4SLinus Torvalds if (rc) 2144*1da177e4SLinus Torvalds return rc; 2145*1da177e4SLinus Torvalds 2146*1da177e4SLinus Torvalds if (iattr->ia_valid & ATTR_FORCE) 2147*1da177e4SLinus Torvalds return 0; 2148*1da177e4SLinus Torvalds 2149*1da177e4SLinus Torvalds if (iattr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | 2150*1da177e4SLinus Torvalds ATTR_ATIME_SET | ATTR_MTIME_SET)) 2151*1da177e4SLinus Torvalds return dentry_has_perm(current, NULL, dentry, FILE__SETATTR); 2152*1da177e4SLinus Torvalds 2153*1da177e4SLinus Torvalds return dentry_has_perm(current, NULL, dentry, FILE__WRITE); 2154*1da177e4SLinus Torvalds } 2155*1da177e4SLinus Torvalds 2156*1da177e4SLinus Torvalds static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) 2157*1da177e4SLinus Torvalds { 2158*1da177e4SLinus Torvalds return dentry_has_perm(current, mnt, dentry, FILE__GETATTR); 2159*1da177e4SLinus Torvalds } 2160*1da177e4SLinus Torvalds 2161*1da177e4SLinus Torvalds static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags) 2162*1da177e4SLinus Torvalds { 2163*1da177e4SLinus Torvalds struct task_security_struct *tsec = current->security; 2164*1da177e4SLinus Torvalds struct inode *inode = dentry->d_inode; 2165*1da177e4SLinus Torvalds struct inode_security_struct *isec = inode->i_security; 2166*1da177e4SLinus Torvalds struct superblock_security_struct *sbsec; 2167*1da177e4SLinus Torvalds struct avc_audit_data ad; 2168*1da177e4SLinus Torvalds u32 newsid; 2169*1da177e4SLinus Torvalds int rc = 0; 2170*1da177e4SLinus Torvalds 2171*1da177e4SLinus Torvalds if (strcmp(name, XATTR_NAME_SELINUX)) { 2172*1da177e4SLinus Torvalds if (!strncmp(name, XATTR_SECURITY_PREFIX, 2173*1da177e4SLinus Torvalds sizeof XATTR_SECURITY_PREFIX - 1) && 2174*1da177e4SLinus Torvalds !capable(CAP_SYS_ADMIN)) { 2175*1da177e4SLinus Torvalds /* A different attribute in the security namespace. 2176*1da177e4SLinus Torvalds Restrict to administrator. */ 2177*1da177e4SLinus Torvalds return -EPERM; 2178*1da177e4SLinus Torvalds } 2179*1da177e4SLinus Torvalds 2180*1da177e4SLinus Torvalds /* Not an attribute we recognize, so just check the 2181*1da177e4SLinus Torvalds ordinary setattr permission. */ 2182*1da177e4SLinus Torvalds return dentry_has_perm(current, NULL, dentry, FILE__SETATTR); 2183*1da177e4SLinus Torvalds } 2184*1da177e4SLinus Torvalds 2185*1da177e4SLinus Torvalds sbsec = inode->i_sb->s_security; 2186*1da177e4SLinus Torvalds if (sbsec->behavior == SECURITY_FS_USE_MNTPOINT) 2187*1da177e4SLinus Torvalds return -EOPNOTSUPP; 2188*1da177e4SLinus Torvalds 2189*1da177e4SLinus Torvalds if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) 2190*1da177e4SLinus Torvalds return -EPERM; 2191*1da177e4SLinus Torvalds 2192*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad,FS); 2193*1da177e4SLinus Torvalds ad.u.fs.dentry = dentry; 2194*1da177e4SLinus Torvalds 2195*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass, 2196*1da177e4SLinus Torvalds FILE__RELABELFROM, &ad); 2197*1da177e4SLinus Torvalds if (rc) 2198*1da177e4SLinus Torvalds return rc; 2199*1da177e4SLinus Torvalds 2200*1da177e4SLinus Torvalds rc = security_context_to_sid(value, size, &newsid); 2201*1da177e4SLinus Torvalds if (rc) 2202*1da177e4SLinus Torvalds return rc; 2203*1da177e4SLinus Torvalds 2204*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->sid, newsid, isec->sclass, 2205*1da177e4SLinus Torvalds FILE__RELABELTO, &ad); 2206*1da177e4SLinus Torvalds if (rc) 2207*1da177e4SLinus Torvalds return rc; 2208*1da177e4SLinus Torvalds 2209*1da177e4SLinus Torvalds rc = security_validate_transition(isec->sid, newsid, tsec->sid, 2210*1da177e4SLinus Torvalds isec->sclass); 2211*1da177e4SLinus Torvalds if (rc) 2212*1da177e4SLinus Torvalds return rc; 2213*1da177e4SLinus Torvalds 2214*1da177e4SLinus Torvalds return avc_has_perm(newsid, 2215*1da177e4SLinus Torvalds sbsec->sid, 2216*1da177e4SLinus Torvalds SECCLASS_FILESYSTEM, 2217*1da177e4SLinus Torvalds FILESYSTEM__ASSOCIATE, 2218*1da177e4SLinus Torvalds &ad); 2219*1da177e4SLinus Torvalds } 2220*1da177e4SLinus Torvalds 2221*1da177e4SLinus Torvalds static void selinux_inode_post_setxattr(struct dentry *dentry, char *name, 2222*1da177e4SLinus Torvalds void *value, size_t size, int flags) 2223*1da177e4SLinus Torvalds { 2224*1da177e4SLinus Torvalds struct inode *inode = dentry->d_inode; 2225*1da177e4SLinus Torvalds struct inode_security_struct *isec = inode->i_security; 2226*1da177e4SLinus Torvalds u32 newsid; 2227*1da177e4SLinus Torvalds int rc; 2228*1da177e4SLinus Torvalds 2229*1da177e4SLinus Torvalds if (strcmp(name, XATTR_NAME_SELINUX)) { 2230*1da177e4SLinus Torvalds /* Not an attribute we recognize, so nothing to do. */ 2231*1da177e4SLinus Torvalds return; 2232*1da177e4SLinus Torvalds } 2233*1da177e4SLinus Torvalds 2234*1da177e4SLinus Torvalds rc = security_context_to_sid(value, size, &newsid); 2235*1da177e4SLinus Torvalds if (rc) { 2236*1da177e4SLinus Torvalds printk(KERN_WARNING "%s: unable to obtain SID for context " 2237*1da177e4SLinus Torvalds "%s, rc=%d\n", __FUNCTION__, (char*)value, -rc); 2238*1da177e4SLinus Torvalds return; 2239*1da177e4SLinus Torvalds } 2240*1da177e4SLinus Torvalds 2241*1da177e4SLinus Torvalds isec->sid = newsid; 2242*1da177e4SLinus Torvalds return; 2243*1da177e4SLinus Torvalds } 2244*1da177e4SLinus Torvalds 2245*1da177e4SLinus Torvalds static int selinux_inode_getxattr (struct dentry *dentry, char *name) 2246*1da177e4SLinus Torvalds { 2247*1da177e4SLinus Torvalds struct inode *inode = dentry->d_inode; 2248*1da177e4SLinus Torvalds struct superblock_security_struct *sbsec = inode->i_sb->s_security; 2249*1da177e4SLinus Torvalds 2250*1da177e4SLinus Torvalds if (sbsec->behavior == SECURITY_FS_USE_MNTPOINT) 2251*1da177e4SLinus Torvalds return -EOPNOTSUPP; 2252*1da177e4SLinus Torvalds 2253*1da177e4SLinus Torvalds return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); 2254*1da177e4SLinus Torvalds } 2255*1da177e4SLinus Torvalds 2256*1da177e4SLinus Torvalds static int selinux_inode_listxattr (struct dentry *dentry) 2257*1da177e4SLinus Torvalds { 2258*1da177e4SLinus Torvalds return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); 2259*1da177e4SLinus Torvalds } 2260*1da177e4SLinus Torvalds 2261*1da177e4SLinus Torvalds static int selinux_inode_removexattr (struct dentry *dentry, char *name) 2262*1da177e4SLinus Torvalds { 2263*1da177e4SLinus Torvalds if (strcmp(name, XATTR_NAME_SELINUX)) { 2264*1da177e4SLinus Torvalds if (!strncmp(name, XATTR_SECURITY_PREFIX, 2265*1da177e4SLinus Torvalds sizeof XATTR_SECURITY_PREFIX - 1) && 2266*1da177e4SLinus Torvalds !capable(CAP_SYS_ADMIN)) { 2267*1da177e4SLinus Torvalds /* A different attribute in the security namespace. 2268*1da177e4SLinus Torvalds Restrict to administrator. */ 2269*1da177e4SLinus Torvalds return -EPERM; 2270*1da177e4SLinus Torvalds } 2271*1da177e4SLinus Torvalds 2272*1da177e4SLinus Torvalds /* Not an attribute we recognize, so just check the 2273*1da177e4SLinus Torvalds ordinary setattr permission. Might want a separate 2274*1da177e4SLinus Torvalds permission for removexattr. */ 2275*1da177e4SLinus Torvalds return dentry_has_perm(current, NULL, dentry, FILE__SETATTR); 2276*1da177e4SLinus Torvalds } 2277*1da177e4SLinus Torvalds 2278*1da177e4SLinus Torvalds /* No one is allowed to remove a SELinux security label. 2279*1da177e4SLinus Torvalds You can change the label, but all data must be labeled. */ 2280*1da177e4SLinus Torvalds return -EACCES; 2281*1da177e4SLinus Torvalds } 2282*1da177e4SLinus Torvalds 2283*1da177e4SLinus Torvalds static int selinux_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size) 2284*1da177e4SLinus Torvalds { 2285*1da177e4SLinus Torvalds struct inode_security_struct *isec = inode->i_security; 2286*1da177e4SLinus Torvalds char *context; 2287*1da177e4SLinus Torvalds unsigned len; 2288*1da177e4SLinus Torvalds int rc; 2289*1da177e4SLinus Torvalds 2290*1da177e4SLinus Torvalds /* Permission check handled by selinux_inode_getxattr hook.*/ 2291*1da177e4SLinus Torvalds 2292*1da177e4SLinus Torvalds if (strcmp(name, XATTR_SELINUX_SUFFIX)) 2293*1da177e4SLinus Torvalds return -EOPNOTSUPP; 2294*1da177e4SLinus Torvalds 2295*1da177e4SLinus Torvalds rc = security_sid_to_context(isec->sid, &context, &len); 2296*1da177e4SLinus Torvalds if (rc) 2297*1da177e4SLinus Torvalds return rc; 2298*1da177e4SLinus Torvalds 2299*1da177e4SLinus Torvalds if (!buffer || !size) { 2300*1da177e4SLinus Torvalds kfree(context); 2301*1da177e4SLinus Torvalds return len; 2302*1da177e4SLinus Torvalds } 2303*1da177e4SLinus Torvalds if (size < len) { 2304*1da177e4SLinus Torvalds kfree(context); 2305*1da177e4SLinus Torvalds return -ERANGE; 2306*1da177e4SLinus Torvalds } 2307*1da177e4SLinus Torvalds memcpy(buffer, context, len); 2308*1da177e4SLinus Torvalds kfree(context); 2309*1da177e4SLinus Torvalds return len; 2310*1da177e4SLinus Torvalds } 2311*1da177e4SLinus Torvalds 2312*1da177e4SLinus Torvalds static int selinux_inode_setsecurity(struct inode *inode, const char *name, 2313*1da177e4SLinus Torvalds const void *value, size_t size, int flags) 2314*1da177e4SLinus Torvalds { 2315*1da177e4SLinus Torvalds struct inode_security_struct *isec = inode->i_security; 2316*1da177e4SLinus Torvalds u32 newsid; 2317*1da177e4SLinus Torvalds int rc; 2318*1da177e4SLinus Torvalds 2319*1da177e4SLinus Torvalds if (strcmp(name, XATTR_SELINUX_SUFFIX)) 2320*1da177e4SLinus Torvalds return -EOPNOTSUPP; 2321*1da177e4SLinus Torvalds 2322*1da177e4SLinus Torvalds if (!value || !size) 2323*1da177e4SLinus Torvalds return -EACCES; 2324*1da177e4SLinus Torvalds 2325*1da177e4SLinus Torvalds rc = security_context_to_sid((void*)value, size, &newsid); 2326*1da177e4SLinus Torvalds if (rc) 2327*1da177e4SLinus Torvalds return rc; 2328*1da177e4SLinus Torvalds 2329*1da177e4SLinus Torvalds isec->sid = newsid; 2330*1da177e4SLinus Torvalds return 0; 2331*1da177e4SLinus Torvalds } 2332*1da177e4SLinus Torvalds 2333*1da177e4SLinus Torvalds static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size) 2334*1da177e4SLinus Torvalds { 2335*1da177e4SLinus Torvalds const int len = sizeof(XATTR_NAME_SELINUX); 2336*1da177e4SLinus Torvalds if (buffer && len <= buffer_size) 2337*1da177e4SLinus Torvalds memcpy(buffer, XATTR_NAME_SELINUX, len); 2338*1da177e4SLinus Torvalds return len; 2339*1da177e4SLinus Torvalds } 2340*1da177e4SLinus Torvalds 2341*1da177e4SLinus Torvalds /* file security operations */ 2342*1da177e4SLinus Torvalds 2343*1da177e4SLinus Torvalds static int selinux_file_permission(struct file *file, int mask) 2344*1da177e4SLinus Torvalds { 2345*1da177e4SLinus Torvalds struct inode *inode = file->f_dentry->d_inode; 2346*1da177e4SLinus Torvalds 2347*1da177e4SLinus Torvalds if (!mask) { 2348*1da177e4SLinus Torvalds /* No permission to check. Existence test. */ 2349*1da177e4SLinus Torvalds return 0; 2350*1da177e4SLinus Torvalds } 2351*1da177e4SLinus Torvalds 2352*1da177e4SLinus Torvalds /* file_mask_to_av won't add FILE__WRITE if MAY_APPEND is set */ 2353*1da177e4SLinus Torvalds if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE)) 2354*1da177e4SLinus Torvalds mask |= MAY_APPEND; 2355*1da177e4SLinus Torvalds 2356*1da177e4SLinus Torvalds return file_has_perm(current, file, 2357*1da177e4SLinus Torvalds file_mask_to_av(inode->i_mode, mask)); 2358*1da177e4SLinus Torvalds } 2359*1da177e4SLinus Torvalds 2360*1da177e4SLinus Torvalds static int selinux_file_alloc_security(struct file *file) 2361*1da177e4SLinus Torvalds { 2362*1da177e4SLinus Torvalds return file_alloc_security(file); 2363*1da177e4SLinus Torvalds } 2364*1da177e4SLinus Torvalds 2365*1da177e4SLinus Torvalds static void selinux_file_free_security(struct file *file) 2366*1da177e4SLinus Torvalds { 2367*1da177e4SLinus Torvalds file_free_security(file); 2368*1da177e4SLinus Torvalds } 2369*1da177e4SLinus Torvalds 2370*1da177e4SLinus Torvalds static int selinux_file_ioctl(struct file *file, unsigned int cmd, 2371*1da177e4SLinus Torvalds unsigned long arg) 2372*1da177e4SLinus Torvalds { 2373*1da177e4SLinus Torvalds int error = 0; 2374*1da177e4SLinus Torvalds 2375*1da177e4SLinus Torvalds switch (cmd) { 2376*1da177e4SLinus Torvalds case FIONREAD: 2377*1da177e4SLinus Torvalds /* fall through */ 2378*1da177e4SLinus Torvalds case FIBMAP: 2379*1da177e4SLinus Torvalds /* fall through */ 2380*1da177e4SLinus Torvalds case FIGETBSZ: 2381*1da177e4SLinus Torvalds /* fall through */ 2382*1da177e4SLinus Torvalds case EXT2_IOC_GETFLAGS: 2383*1da177e4SLinus Torvalds /* fall through */ 2384*1da177e4SLinus Torvalds case EXT2_IOC_GETVERSION: 2385*1da177e4SLinus Torvalds error = file_has_perm(current, file, FILE__GETATTR); 2386*1da177e4SLinus Torvalds break; 2387*1da177e4SLinus Torvalds 2388*1da177e4SLinus Torvalds case EXT2_IOC_SETFLAGS: 2389*1da177e4SLinus Torvalds /* fall through */ 2390*1da177e4SLinus Torvalds case EXT2_IOC_SETVERSION: 2391*1da177e4SLinus Torvalds error = file_has_perm(current, file, FILE__SETATTR); 2392*1da177e4SLinus Torvalds break; 2393*1da177e4SLinus Torvalds 2394*1da177e4SLinus Torvalds /* sys_ioctl() checks */ 2395*1da177e4SLinus Torvalds case FIONBIO: 2396*1da177e4SLinus Torvalds /* fall through */ 2397*1da177e4SLinus Torvalds case FIOASYNC: 2398*1da177e4SLinus Torvalds error = file_has_perm(current, file, 0); 2399*1da177e4SLinus Torvalds break; 2400*1da177e4SLinus Torvalds 2401*1da177e4SLinus Torvalds case KDSKBENT: 2402*1da177e4SLinus Torvalds case KDSKBSENT: 2403*1da177e4SLinus Torvalds error = task_has_capability(current,CAP_SYS_TTY_CONFIG); 2404*1da177e4SLinus Torvalds break; 2405*1da177e4SLinus Torvalds 2406*1da177e4SLinus Torvalds /* default case assumes that the command will go 2407*1da177e4SLinus Torvalds * to the file's ioctl() function. 2408*1da177e4SLinus Torvalds */ 2409*1da177e4SLinus Torvalds default: 2410*1da177e4SLinus Torvalds error = file_has_perm(current, file, FILE__IOCTL); 2411*1da177e4SLinus Torvalds 2412*1da177e4SLinus Torvalds } 2413*1da177e4SLinus Torvalds return error; 2414*1da177e4SLinus Torvalds } 2415*1da177e4SLinus Torvalds 2416*1da177e4SLinus Torvalds static int file_map_prot_check(struct file *file, unsigned long prot, int shared) 2417*1da177e4SLinus Torvalds { 2418*1da177e4SLinus Torvalds #ifndef CONFIG_PPC32 2419*1da177e4SLinus Torvalds if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) { 2420*1da177e4SLinus Torvalds /* 2421*1da177e4SLinus Torvalds * We are making executable an anonymous mapping or a 2422*1da177e4SLinus Torvalds * private file mapping that will also be writable. 2423*1da177e4SLinus Torvalds * This has an additional check. 2424*1da177e4SLinus Torvalds */ 2425*1da177e4SLinus Torvalds int rc = task_has_perm(current, current, PROCESS__EXECMEM); 2426*1da177e4SLinus Torvalds if (rc) 2427*1da177e4SLinus Torvalds return rc; 2428*1da177e4SLinus Torvalds } 2429*1da177e4SLinus Torvalds #endif 2430*1da177e4SLinus Torvalds 2431*1da177e4SLinus Torvalds if (file) { 2432*1da177e4SLinus Torvalds /* read access is always possible with a mapping */ 2433*1da177e4SLinus Torvalds u32 av = FILE__READ; 2434*1da177e4SLinus Torvalds 2435*1da177e4SLinus Torvalds /* write access only matters if the mapping is shared */ 2436*1da177e4SLinus Torvalds if (shared && (prot & PROT_WRITE)) 2437*1da177e4SLinus Torvalds av |= FILE__WRITE; 2438*1da177e4SLinus Torvalds 2439*1da177e4SLinus Torvalds if (prot & PROT_EXEC) 2440*1da177e4SLinus Torvalds av |= FILE__EXECUTE; 2441*1da177e4SLinus Torvalds 2442*1da177e4SLinus Torvalds return file_has_perm(current, file, av); 2443*1da177e4SLinus Torvalds } 2444*1da177e4SLinus Torvalds return 0; 2445*1da177e4SLinus Torvalds } 2446*1da177e4SLinus Torvalds 2447*1da177e4SLinus Torvalds static int selinux_file_mmap(struct file *file, unsigned long reqprot, 2448*1da177e4SLinus Torvalds unsigned long prot, unsigned long flags) 2449*1da177e4SLinus Torvalds { 2450*1da177e4SLinus Torvalds int rc; 2451*1da177e4SLinus Torvalds 2452*1da177e4SLinus Torvalds rc = secondary_ops->file_mmap(file, reqprot, prot, flags); 2453*1da177e4SLinus Torvalds if (rc) 2454*1da177e4SLinus Torvalds return rc; 2455*1da177e4SLinus Torvalds 2456*1da177e4SLinus Torvalds if (selinux_checkreqprot) 2457*1da177e4SLinus Torvalds prot = reqprot; 2458*1da177e4SLinus Torvalds 2459*1da177e4SLinus Torvalds return file_map_prot_check(file, prot, 2460*1da177e4SLinus Torvalds (flags & MAP_TYPE) == MAP_SHARED); 2461*1da177e4SLinus Torvalds } 2462*1da177e4SLinus Torvalds 2463*1da177e4SLinus Torvalds static int selinux_file_mprotect(struct vm_area_struct *vma, 2464*1da177e4SLinus Torvalds unsigned long reqprot, 2465*1da177e4SLinus Torvalds unsigned long prot) 2466*1da177e4SLinus Torvalds { 2467*1da177e4SLinus Torvalds int rc; 2468*1da177e4SLinus Torvalds 2469*1da177e4SLinus Torvalds rc = secondary_ops->file_mprotect(vma, reqprot, prot); 2470*1da177e4SLinus Torvalds if (rc) 2471*1da177e4SLinus Torvalds return rc; 2472*1da177e4SLinus Torvalds 2473*1da177e4SLinus Torvalds if (selinux_checkreqprot) 2474*1da177e4SLinus Torvalds prot = reqprot; 2475*1da177e4SLinus Torvalds 2476*1da177e4SLinus Torvalds #ifndef CONFIG_PPC32 2477*1da177e4SLinus Torvalds if (vma->vm_file != NULL && vma->anon_vma != NULL && (prot & PROT_EXEC)) { 2478*1da177e4SLinus Torvalds /* 2479*1da177e4SLinus Torvalds * We are making executable a file mapping that has 2480*1da177e4SLinus Torvalds * had some COW done. Since pages might have been written, 2481*1da177e4SLinus Torvalds * check ability to execute the possibly modified content. 2482*1da177e4SLinus Torvalds * This typically should only occur for text relocations. 2483*1da177e4SLinus Torvalds */ 2484*1da177e4SLinus Torvalds int rc = file_has_perm(current, vma->vm_file, FILE__EXECMOD); 2485*1da177e4SLinus Torvalds if (rc) 2486*1da177e4SLinus Torvalds return rc; 2487*1da177e4SLinus Torvalds } 2488*1da177e4SLinus Torvalds #endif 2489*1da177e4SLinus Torvalds 2490*1da177e4SLinus Torvalds return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED); 2491*1da177e4SLinus Torvalds } 2492*1da177e4SLinus Torvalds 2493*1da177e4SLinus Torvalds static int selinux_file_lock(struct file *file, unsigned int cmd) 2494*1da177e4SLinus Torvalds { 2495*1da177e4SLinus Torvalds return file_has_perm(current, file, FILE__LOCK); 2496*1da177e4SLinus Torvalds } 2497*1da177e4SLinus Torvalds 2498*1da177e4SLinus Torvalds static int selinux_file_fcntl(struct file *file, unsigned int cmd, 2499*1da177e4SLinus Torvalds unsigned long arg) 2500*1da177e4SLinus Torvalds { 2501*1da177e4SLinus Torvalds int err = 0; 2502*1da177e4SLinus Torvalds 2503*1da177e4SLinus Torvalds switch (cmd) { 2504*1da177e4SLinus Torvalds case F_SETFL: 2505*1da177e4SLinus Torvalds if (!file->f_dentry || !file->f_dentry->d_inode) { 2506*1da177e4SLinus Torvalds err = -EINVAL; 2507*1da177e4SLinus Torvalds break; 2508*1da177e4SLinus Torvalds } 2509*1da177e4SLinus Torvalds 2510*1da177e4SLinus Torvalds if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) { 2511*1da177e4SLinus Torvalds err = file_has_perm(current, file,FILE__WRITE); 2512*1da177e4SLinus Torvalds break; 2513*1da177e4SLinus Torvalds } 2514*1da177e4SLinus Torvalds /* fall through */ 2515*1da177e4SLinus Torvalds case F_SETOWN: 2516*1da177e4SLinus Torvalds case F_SETSIG: 2517*1da177e4SLinus Torvalds case F_GETFL: 2518*1da177e4SLinus Torvalds case F_GETOWN: 2519*1da177e4SLinus Torvalds case F_GETSIG: 2520*1da177e4SLinus Torvalds /* Just check FD__USE permission */ 2521*1da177e4SLinus Torvalds err = file_has_perm(current, file, 0); 2522*1da177e4SLinus Torvalds break; 2523*1da177e4SLinus Torvalds case F_GETLK: 2524*1da177e4SLinus Torvalds case F_SETLK: 2525*1da177e4SLinus Torvalds case F_SETLKW: 2526*1da177e4SLinus Torvalds #if BITS_PER_LONG == 32 2527*1da177e4SLinus Torvalds case F_GETLK64: 2528*1da177e4SLinus Torvalds case F_SETLK64: 2529*1da177e4SLinus Torvalds case F_SETLKW64: 2530*1da177e4SLinus Torvalds #endif 2531*1da177e4SLinus Torvalds if (!file->f_dentry || !file->f_dentry->d_inode) { 2532*1da177e4SLinus Torvalds err = -EINVAL; 2533*1da177e4SLinus Torvalds break; 2534*1da177e4SLinus Torvalds } 2535*1da177e4SLinus Torvalds err = file_has_perm(current, file, FILE__LOCK); 2536*1da177e4SLinus Torvalds break; 2537*1da177e4SLinus Torvalds } 2538*1da177e4SLinus Torvalds 2539*1da177e4SLinus Torvalds return err; 2540*1da177e4SLinus Torvalds } 2541*1da177e4SLinus Torvalds 2542*1da177e4SLinus Torvalds static int selinux_file_set_fowner(struct file *file) 2543*1da177e4SLinus Torvalds { 2544*1da177e4SLinus Torvalds struct task_security_struct *tsec; 2545*1da177e4SLinus Torvalds struct file_security_struct *fsec; 2546*1da177e4SLinus Torvalds 2547*1da177e4SLinus Torvalds tsec = current->security; 2548*1da177e4SLinus Torvalds fsec = file->f_security; 2549*1da177e4SLinus Torvalds fsec->fown_sid = tsec->sid; 2550*1da177e4SLinus Torvalds 2551*1da177e4SLinus Torvalds return 0; 2552*1da177e4SLinus Torvalds } 2553*1da177e4SLinus Torvalds 2554*1da177e4SLinus Torvalds static int selinux_file_send_sigiotask(struct task_struct *tsk, 2555*1da177e4SLinus Torvalds struct fown_struct *fown, int signum) 2556*1da177e4SLinus Torvalds { 2557*1da177e4SLinus Torvalds struct file *file; 2558*1da177e4SLinus Torvalds u32 perm; 2559*1da177e4SLinus Torvalds struct task_security_struct *tsec; 2560*1da177e4SLinus Torvalds struct file_security_struct *fsec; 2561*1da177e4SLinus Torvalds 2562*1da177e4SLinus Torvalds /* struct fown_struct is never outside the context of a struct file */ 2563*1da177e4SLinus Torvalds file = (struct file *)((long)fown - offsetof(struct file,f_owner)); 2564*1da177e4SLinus Torvalds 2565*1da177e4SLinus Torvalds tsec = tsk->security; 2566*1da177e4SLinus Torvalds fsec = file->f_security; 2567*1da177e4SLinus Torvalds 2568*1da177e4SLinus Torvalds if (!signum) 2569*1da177e4SLinus Torvalds perm = signal_to_av(SIGIO); /* as per send_sigio_to_task */ 2570*1da177e4SLinus Torvalds else 2571*1da177e4SLinus Torvalds perm = signal_to_av(signum); 2572*1da177e4SLinus Torvalds 2573*1da177e4SLinus Torvalds return avc_has_perm(fsec->fown_sid, tsec->sid, 2574*1da177e4SLinus Torvalds SECCLASS_PROCESS, perm, NULL); 2575*1da177e4SLinus Torvalds } 2576*1da177e4SLinus Torvalds 2577*1da177e4SLinus Torvalds static int selinux_file_receive(struct file *file) 2578*1da177e4SLinus Torvalds { 2579*1da177e4SLinus Torvalds return file_has_perm(current, file, file_to_av(file)); 2580*1da177e4SLinus Torvalds } 2581*1da177e4SLinus Torvalds 2582*1da177e4SLinus Torvalds /* task security operations */ 2583*1da177e4SLinus Torvalds 2584*1da177e4SLinus Torvalds static int selinux_task_create(unsigned long clone_flags) 2585*1da177e4SLinus Torvalds { 2586*1da177e4SLinus Torvalds int rc; 2587*1da177e4SLinus Torvalds 2588*1da177e4SLinus Torvalds rc = secondary_ops->task_create(clone_flags); 2589*1da177e4SLinus Torvalds if (rc) 2590*1da177e4SLinus Torvalds return rc; 2591*1da177e4SLinus Torvalds 2592*1da177e4SLinus Torvalds return task_has_perm(current, current, PROCESS__FORK); 2593*1da177e4SLinus Torvalds } 2594*1da177e4SLinus Torvalds 2595*1da177e4SLinus Torvalds static int selinux_task_alloc_security(struct task_struct *tsk) 2596*1da177e4SLinus Torvalds { 2597*1da177e4SLinus Torvalds struct task_security_struct *tsec1, *tsec2; 2598*1da177e4SLinus Torvalds int rc; 2599*1da177e4SLinus Torvalds 2600*1da177e4SLinus Torvalds tsec1 = current->security; 2601*1da177e4SLinus Torvalds 2602*1da177e4SLinus Torvalds rc = task_alloc_security(tsk); 2603*1da177e4SLinus Torvalds if (rc) 2604*1da177e4SLinus Torvalds return rc; 2605*1da177e4SLinus Torvalds tsec2 = tsk->security; 2606*1da177e4SLinus Torvalds 2607*1da177e4SLinus Torvalds tsec2->osid = tsec1->osid; 2608*1da177e4SLinus Torvalds tsec2->sid = tsec1->sid; 2609*1da177e4SLinus Torvalds 2610*1da177e4SLinus Torvalds /* Retain the exec and create SIDs across fork */ 2611*1da177e4SLinus Torvalds tsec2->exec_sid = tsec1->exec_sid; 2612*1da177e4SLinus Torvalds tsec2->create_sid = tsec1->create_sid; 2613*1da177e4SLinus Torvalds 2614*1da177e4SLinus Torvalds /* Retain ptracer SID across fork, if any. 2615*1da177e4SLinus Torvalds This will be reset by the ptrace hook upon any 2616*1da177e4SLinus Torvalds subsequent ptrace_attach operations. */ 2617*1da177e4SLinus Torvalds tsec2->ptrace_sid = tsec1->ptrace_sid; 2618*1da177e4SLinus Torvalds 2619*1da177e4SLinus Torvalds return 0; 2620*1da177e4SLinus Torvalds } 2621*1da177e4SLinus Torvalds 2622*1da177e4SLinus Torvalds static void selinux_task_free_security(struct task_struct *tsk) 2623*1da177e4SLinus Torvalds { 2624*1da177e4SLinus Torvalds task_free_security(tsk); 2625*1da177e4SLinus Torvalds } 2626*1da177e4SLinus Torvalds 2627*1da177e4SLinus Torvalds static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) 2628*1da177e4SLinus Torvalds { 2629*1da177e4SLinus Torvalds /* Since setuid only affects the current process, and 2630*1da177e4SLinus Torvalds since the SELinux controls are not based on the Linux 2631*1da177e4SLinus Torvalds identity attributes, SELinux does not need to control 2632*1da177e4SLinus Torvalds this operation. However, SELinux does control the use 2633*1da177e4SLinus Torvalds of the CAP_SETUID and CAP_SETGID capabilities using the 2634*1da177e4SLinus Torvalds capable hook. */ 2635*1da177e4SLinus Torvalds return 0; 2636*1da177e4SLinus Torvalds } 2637*1da177e4SLinus Torvalds 2638*1da177e4SLinus Torvalds static int selinux_task_post_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) 2639*1da177e4SLinus Torvalds { 2640*1da177e4SLinus Torvalds return secondary_ops->task_post_setuid(id0,id1,id2,flags); 2641*1da177e4SLinus Torvalds } 2642*1da177e4SLinus Torvalds 2643*1da177e4SLinus Torvalds static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) 2644*1da177e4SLinus Torvalds { 2645*1da177e4SLinus Torvalds /* See the comment for setuid above. */ 2646*1da177e4SLinus Torvalds return 0; 2647*1da177e4SLinus Torvalds } 2648*1da177e4SLinus Torvalds 2649*1da177e4SLinus Torvalds static int selinux_task_setpgid(struct task_struct *p, pid_t pgid) 2650*1da177e4SLinus Torvalds { 2651*1da177e4SLinus Torvalds return task_has_perm(current, p, PROCESS__SETPGID); 2652*1da177e4SLinus Torvalds } 2653*1da177e4SLinus Torvalds 2654*1da177e4SLinus Torvalds static int selinux_task_getpgid(struct task_struct *p) 2655*1da177e4SLinus Torvalds { 2656*1da177e4SLinus Torvalds return task_has_perm(current, p, PROCESS__GETPGID); 2657*1da177e4SLinus Torvalds } 2658*1da177e4SLinus Torvalds 2659*1da177e4SLinus Torvalds static int selinux_task_getsid(struct task_struct *p) 2660*1da177e4SLinus Torvalds { 2661*1da177e4SLinus Torvalds return task_has_perm(current, p, PROCESS__GETSESSION); 2662*1da177e4SLinus Torvalds } 2663*1da177e4SLinus Torvalds 2664*1da177e4SLinus Torvalds static int selinux_task_setgroups(struct group_info *group_info) 2665*1da177e4SLinus Torvalds { 2666*1da177e4SLinus Torvalds /* See the comment for setuid above. */ 2667*1da177e4SLinus Torvalds return 0; 2668*1da177e4SLinus Torvalds } 2669*1da177e4SLinus Torvalds 2670*1da177e4SLinus Torvalds static int selinux_task_setnice(struct task_struct *p, int nice) 2671*1da177e4SLinus Torvalds { 2672*1da177e4SLinus Torvalds int rc; 2673*1da177e4SLinus Torvalds 2674*1da177e4SLinus Torvalds rc = secondary_ops->task_setnice(p, nice); 2675*1da177e4SLinus Torvalds if (rc) 2676*1da177e4SLinus Torvalds return rc; 2677*1da177e4SLinus Torvalds 2678*1da177e4SLinus Torvalds return task_has_perm(current,p, PROCESS__SETSCHED); 2679*1da177e4SLinus Torvalds } 2680*1da177e4SLinus Torvalds 2681*1da177e4SLinus Torvalds static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim) 2682*1da177e4SLinus Torvalds { 2683*1da177e4SLinus Torvalds struct rlimit *old_rlim = current->signal->rlim + resource; 2684*1da177e4SLinus Torvalds int rc; 2685*1da177e4SLinus Torvalds 2686*1da177e4SLinus Torvalds rc = secondary_ops->task_setrlimit(resource, new_rlim); 2687*1da177e4SLinus Torvalds if (rc) 2688*1da177e4SLinus Torvalds return rc; 2689*1da177e4SLinus Torvalds 2690*1da177e4SLinus Torvalds /* Control the ability to change the hard limit (whether 2691*1da177e4SLinus Torvalds lowering or raising it), so that the hard limit can 2692*1da177e4SLinus Torvalds later be used as a safe reset point for the soft limit 2693*1da177e4SLinus Torvalds upon context transitions. See selinux_bprm_apply_creds. */ 2694*1da177e4SLinus Torvalds if (old_rlim->rlim_max != new_rlim->rlim_max) 2695*1da177e4SLinus Torvalds return task_has_perm(current, current, PROCESS__SETRLIMIT); 2696*1da177e4SLinus Torvalds 2697*1da177e4SLinus Torvalds return 0; 2698*1da177e4SLinus Torvalds } 2699*1da177e4SLinus Torvalds 2700*1da177e4SLinus Torvalds static int selinux_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp) 2701*1da177e4SLinus Torvalds { 2702*1da177e4SLinus Torvalds return task_has_perm(current, p, PROCESS__SETSCHED); 2703*1da177e4SLinus Torvalds } 2704*1da177e4SLinus Torvalds 2705*1da177e4SLinus Torvalds static int selinux_task_getscheduler(struct task_struct *p) 2706*1da177e4SLinus Torvalds { 2707*1da177e4SLinus Torvalds return task_has_perm(current, p, PROCESS__GETSCHED); 2708*1da177e4SLinus Torvalds } 2709*1da177e4SLinus Torvalds 2710*1da177e4SLinus Torvalds static int selinux_task_kill(struct task_struct *p, struct siginfo *info, int sig) 2711*1da177e4SLinus Torvalds { 2712*1da177e4SLinus Torvalds u32 perm; 2713*1da177e4SLinus Torvalds int rc; 2714*1da177e4SLinus Torvalds 2715*1da177e4SLinus Torvalds rc = secondary_ops->task_kill(p, info, sig); 2716*1da177e4SLinus Torvalds if (rc) 2717*1da177e4SLinus Torvalds return rc; 2718*1da177e4SLinus Torvalds 2719*1da177e4SLinus Torvalds if (info && ((unsigned long)info == 1 || 2720*1da177e4SLinus Torvalds (unsigned long)info == 2 || SI_FROMKERNEL(info))) 2721*1da177e4SLinus Torvalds return 0; 2722*1da177e4SLinus Torvalds 2723*1da177e4SLinus Torvalds if (!sig) 2724*1da177e4SLinus Torvalds perm = PROCESS__SIGNULL; /* null signal; existence test */ 2725*1da177e4SLinus Torvalds else 2726*1da177e4SLinus Torvalds perm = signal_to_av(sig); 2727*1da177e4SLinus Torvalds 2728*1da177e4SLinus Torvalds return task_has_perm(current, p, perm); 2729*1da177e4SLinus Torvalds } 2730*1da177e4SLinus Torvalds 2731*1da177e4SLinus Torvalds static int selinux_task_prctl(int option, 2732*1da177e4SLinus Torvalds unsigned long arg2, 2733*1da177e4SLinus Torvalds unsigned long arg3, 2734*1da177e4SLinus Torvalds unsigned long arg4, 2735*1da177e4SLinus Torvalds unsigned long arg5) 2736*1da177e4SLinus Torvalds { 2737*1da177e4SLinus Torvalds /* The current prctl operations do not appear to require 2738*1da177e4SLinus Torvalds any SELinux controls since they merely observe or modify 2739*1da177e4SLinus Torvalds the state of the current process. */ 2740*1da177e4SLinus Torvalds return 0; 2741*1da177e4SLinus Torvalds } 2742*1da177e4SLinus Torvalds 2743*1da177e4SLinus Torvalds static int selinux_task_wait(struct task_struct *p) 2744*1da177e4SLinus Torvalds { 2745*1da177e4SLinus Torvalds u32 perm; 2746*1da177e4SLinus Torvalds 2747*1da177e4SLinus Torvalds perm = signal_to_av(p->exit_signal); 2748*1da177e4SLinus Torvalds 2749*1da177e4SLinus Torvalds return task_has_perm(p, current, perm); 2750*1da177e4SLinus Torvalds } 2751*1da177e4SLinus Torvalds 2752*1da177e4SLinus Torvalds static void selinux_task_reparent_to_init(struct task_struct *p) 2753*1da177e4SLinus Torvalds { 2754*1da177e4SLinus Torvalds struct task_security_struct *tsec; 2755*1da177e4SLinus Torvalds 2756*1da177e4SLinus Torvalds secondary_ops->task_reparent_to_init(p); 2757*1da177e4SLinus Torvalds 2758*1da177e4SLinus Torvalds tsec = p->security; 2759*1da177e4SLinus Torvalds tsec->osid = tsec->sid; 2760*1da177e4SLinus Torvalds tsec->sid = SECINITSID_KERNEL; 2761*1da177e4SLinus Torvalds return; 2762*1da177e4SLinus Torvalds } 2763*1da177e4SLinus Torvalds 2764*1da177e4SLinus Torvalds static void selinux_task_to_inode(struct task_struct *p, 2765*1da177e4SLinus Torvalds struct inode *inode) 2766*1da177e4SLinus Torvalds { 2767*1da177e4SLinus Torvalds struct task_security_struct *tsec = p->security; 2768*1da177e4SLinus Torvalds struct inode_security_struct *isec = inode->i_security; 2769*1da177e4SLinus Torvalds 2770*1da177e4SLinus Torvalds isec->sid = tsec->sid; 2771*1da177e4SLinus Torvalds isec->initialized = 1; 2772*1da177e4SLinus Torvalds return; 2773*1da177e4SLinus Torvalds } 2774*1da177e4SLinus Torvalds 2775*1da177e4SLinus Torvalds #ifdef CONFIG_SECURITY_NETWORK 2776*1da177e4SLinus Torvalds 2777*1da177e4SLinus Torvalds /* Returns error only if unable to parse addresses */ 2778*1da177e4SLinus Torvalds static int selinux_parse_skb_ipv4(struct sk_buff *skb, struct avc_audit_data *ad) 2779*1da177e4SLinus Torvalds { 2780*1da177e4SLinus Torvalds int offset, ihlen, ret = -EINVAL; 2781*1da177e4SLinus Torvalds struct iphdr _iph, *ih; 2782*1da177e4SLinus Torvalds 2783*1da177e4SLinus Torvalds offset = skb->nh.raw - skb->data; 2784*1da177e4SLinus Torvalds ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph); 2785*1da177e4SLinus Torvalds if (ih == NULL) 2786*1da177e4SLinus Torvalds goto out; 2787*1da177e4SLinus Torvalds 2788*1da177e4SLinus Torvalds ihlen = ih->ihl * 4; 2789*1da177e4SLinus Torvalds if (ihlen < sizeof(_iph)) 2790*1da177e4SLinus Torvalds goto out; 2791*1da177e4SLinus Torvalds 2792*1da177e4SLinus Torvalds ad->u.net.v4info.saddr = ih->saddr; 2793*1da177e4SLinus Torvalds ad->u.net.v4info.daddr = ih->daddr; 2794*1da177e4SLinus Torvalds ret = 0; 2795*1da177e4SLinus Torvalds 2796*1da177e4SLinus Torvalds switch (ih->protocol) { 2797*1da177e4SLinus Torvalds case IPPROTO_TCP: { 2798*1da177e4SLinus Torvalds struct tcphdr _tcph, *th; 2799*1da177e4SLinus Torvalds 2800*1da177e4SLinus Torvalds if (ntohs(ih->frag_off) & IP_OFFSET) 2801*1da177e4SLinus Torvalds break; 2802*1da177e4SLinus Torvalds 2803*1da177e4SLinus Torvalds offset += ihlen; 2804*1da177e4SLinus Torvalds th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); 2805*1da177e4SLinus Torvalds if (th == NULL) 2806*1da177e4SLinus Torvalds break; 2807*1da177e4SLinus Torvalds 2808*1da177e4SLinus Torvalds ad->u.net.sport = th->source; 2809*1da177e4SLinus Torvalds ad->u.net.dport = th->dest; 2810*1da177e4SLinus Torvalds break; 2811*1da177e4SLinus Torvalds } 2812*1da177e4SLinus Torvalds 2813*1da177e4SLinus Torvalds case IPPROTO_UDP: { 2814*1da177e4SLinus Torvalds struct udphdr _udph, *uh; 2815*1da177e4SLinus Torvalds 2816*1da177e4SLinus Torvalds if (ntohs(ih->frag_off) & IP_OFFSET) 2817*1da177e4SLinus Torvalds break; 2818*1da177e4SLinus Torvalds 2819*1da177e4SLinus Torvalds offset += ihlen; 2820*1da177e4SLinus Torvalds uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); 2821*1da177e4SLinus Torvalds if (uh == NULL) 2822*1da177e4SLinus Torvalds break; 2823*1da177e4SLinus Torvalds 2824*1da177e4SLinus Torvalds ad->u.net.sport = uh->source; 2825*1da177e4SLinus Torvalds ad->u.net.dport = uh->dest; 2826*1da177e4SLinus Torvalds break; 2827*1da177e4SLinus Torvalds } 2828*1da177e4SLinus Torvalds 2829*1da177e4SLinus Torvalds default: 2830*1da177e4SLinus Torvalds break; 2831*1da177e4SLinus Torvalds } 2832*1da177e4SLinus Torvalds out: 2833*1da177e4SLinus Torvalds return ret; 2834*1da177e4SLinus Torvalds } 2835*1da177e4SLinus Torvalds 2836*1da177e4SLinus Torvalds #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 2837*1da177e4SLinus Torvalds 2838*1da177e4SLinus Torvalds /* Returns error only if unable to parse addresses */ 2839*1da177e4SLinus Torvalds static int selinux_parse_skb_ipv6(struct sk_buff *skb, struct avc_audit_data *ad) 2840*1da177e4SLinus Torvalds { 2841*1da177e4SLinus Torvalds u8 nexthdr; 2842*1da177e4SLinus Torvalds int ret = -EINVAL, offset; 2843*1da177e4SLinus Torvalds struct ipv6hdr _ipv6h, *ip6; 2844*1da177e4SLinus Torvalds 2845*1da177e4SLinus Torvalds offset = skb->nh.raw - skb->data; 2846*1da177e4SLinus Torvalds ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); 2847*1da177e4SLinus Torvalds if (ip6 == NULL) 2848*1da177e4SLinus Torvalds goto out; 2849*1da177e4SLinus Torvalds 2850*1da177e4SLinus Torvalds ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr); 2851*1da177e4SLinus Torvalds ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr); 2852*1da177e4SLinus Torvalds ret = 0; 2853*1da177e4SLinus Torvalds 2854*1da177e4SLinus Torvalds nexthdr = ip6->nexthdr; 2855*1da177e4SLinus Torvalds offset += sizeof(_ipv6h); 2856*1da177e4SLinus Torvalds offset = ipv6_skip_exthdr(skb, offset, &nexthdr, 2857*1da177e4SLinus Torvalds skb->tail - skb->head - offset); 2858*1da177e4SLinus Torvalds if (offset < 0) 2859*1da177e4SLinus Torvalds goto out; 2860*1da177e4SLinus Torvalds 2861*1da177e4SLinus Torvalds switch (nexthdr) { 2862*1da177e4SLinus Torvalds case IPPROTO_TCP: { 2863*1da177e4SLinus Torvalds struct tcphdr _tcph, *th; 2864*1da177e4SLinus Torvalds 2865*1da177e4SLinus Torvalds th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); 2866*1da177e4SLinus Torvalds if (th == NULL) 2867*1da177e4SLinus Torvalds break; 2868*1da177e4SLinus Torvalds 2869*1da177e4SLinus Torvalds ad->u.net.sport = th->source; 2870*1da177e4SLinus Torvalds ad->u.net.dport = th->dest; 2871*1da177e4SLinus Torvalds break; 2872*1da177e4SLinus Torvalds } 2873*1da177e4SLinus Torvalds 2874*1da177e4SLinus Torvalds case IPPROTO_UDP: { 2875*1da177e4SLinus Torvalds struct udphdr _udph, *uh; 2876*1da177e4SLinus Torvalds 2877*1da177e4SLinus Torvalds uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); 2878*1da177e4SLinus Torvalds if (uh == NULL) 2879*1da177e4SLinus Torvalds break; 2880*1da177e4SLinus Torvalds 2881*1da177e4SLinus Torvalds ad->u.net.sport = uh->source; 2882*1da177e4SLinus Torvalds ad->u.net.dport = uh->dest; 2883*1da177e4SLinus Torvalds break; 2884*1da177e4SLinus Torvalds } 2885*1da177e4SLinus Torvalds 2886*1da177e4SLinus Torvalds /* includes fragments */ 2887*1da177e4SLinus Torvalds default: 2888*1da177e4SLinus Torvalds break; 2889*1da177e4SLinus Torvalds } 2890*1da177e4SLinus Torvalds out: 2891*1da177e4SLinus Torvalds return ret; 2892*1da177e4SLinus Torvalds } 2893*1da177e4SLinus Torvalds 2894*1da177e4SLinus Torvalds #endif /* IPV6 */ 2895*1da177e4SLinus Torvalds 2896*1da177e4SLinus Torvalds static int selinux_parse_skb(struct sk_buff *skb, struct avc_audit_data *ad, 2897*1da177e4SLinus Torvalds char **addrp, int *len, int src) 2898*1da177e4SLinus Torvalds { 2899*1da177e4SLinus Torvalds int ret = 0; 2900*1da177e4SLinus Torvalds 2901*1da177e4SLinus Torvalds switch (ad->u.net.family) { 2902*1da177e4SLinus Torvalds case PF_INET: 2903*1da177e4SLinus Torvalds ret = selinux_parse_skb_ipv4(skb, ad); 2904*1da177e4SLinus Torvalds if (ret || !addrp) 2905*1da177e4SLinus Torvalds break; 2906*1da177e4SLinus Torvalds *len = 4; 2907*1da177e4SLinus Torvalds *addrp = (char *)(src ? &ad->u.net.v4info.saddr : 2908*1da177e4SLinus Torvalds &ad->u.net.v4info.daddr); 2909*1da177e4SLinus Torvalds break; 2910*1da177e4SLinus Torvalds 2911*1da177e4SLinus Torvalds #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 2912*1da177e4SLinus Torvalds case PF_INET6: 2913*1da177e4SLinus Torvalds ret = selinux_parse_skb_ipv6(skb, ad); 2914*1da177e4SLinus Torvalds if (ret || !addrp) 2915*1da177e4SLinus Torvalds break; 2916*1da177e4SLinus Torvalds *len = 16; 2917*1da177e4SLinus Torvalds *addrp = (char *)(src ? &ad->u.net.v6info.saddr : 2918*1da177e4SLinus Torvalds &ad->u.net.v6info.daddr); 2919*1da177e4SLinus Torvalds break; 2920*1da177e4SLinus Torvalds #endif /* IPV6 */ 2921*1da177e4SLinus Torvalds default: 2922*1da177e4SLinus Torvalds break; 2923*1da177e4SLinus Torvalds } 2924*1da177e4SLinus Torvalds 2925*1da177e4SLinus Torvalds return ret; 2926*1da177e4SLinus Torvalds } 2927*1da177e4SLinus Torvalds 2928*1da177e4SLinus Torvalds /* socket security operations */ 2929*1da177e4SLinus Torvalds static int socket_has_perm(struct task_struct *task, struct socket *sock, 2930*1da177e4SLinus Torvalds u32 perms) 2931*1da177e4SLinus Torvalds { 2932*1da177e4SLinus Torvalds struct inode_security_struct *isec; 2933*1da177e4SLinus Torvalds struct task_security_struct *tsec; 2934*1da177e4SLinus Torvalds struct avc_audit_data ad; 2935*1da177e4SLinus Torvalds int err = 0; 2936*1da177e4SLinus Torvalds 2937*1da177e4SLinus Torvalds tsec = task->security; 2938*1da177e4SLinus Torvalds isec = SOCK_INODE(sock)->i_security; 2939*1da177e4SLinus Torvalds 2940*1da177e4SLinus Torvalds if (isec->sid == SECINITSID_KERNEL) 2941*1da177e4SLinus Torvalds goto out; 2942*1da177e4SLinus Torvalds 2943*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad,NET); 2944*1da177e4SLinus Torvalds ad.u.net.sk = sock->sk; 2945*1da177e4SLinus Torvalds err = avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad); 2946*1da177e4SLinus Torvalds 2947*1da177e4SLinus Torvalds out: 2948*1da177e4SLinus Torvalds return err; 2949*1da177e4SLinus Torvalds } 2950*1da177e4SLinus Torvalds 2951*1da177e4SLinus Torvalds static int selinux_socket_create(int family, int type, 2952*1da177e4SLinus Torvalds int protocol, int kern) 2953*1da177e4SLinus Torvalds { 2954*1da177e4SLinus Torvalds int err = 0; 2955*1da177e4SLinus Torvalds struct task_security_struct *tsec; 2956*1da177e4SLinus Torvalds 2957*1da177e4SLinus Torvalds if (kern) 2958*1da177e4SLinus Torvalds goto out; 2959*1da177e4SLinus Torvalds 2960*1da177e4SLinus Torvalds tsec = current->security; 2961*1da177e4SLinus Torvalds err = avc_has_perm(tsec->sid, tsec->sid, 2962*1da177e4SLinus Torvalds socket_type_to_security_class(family, type, 2963*1da177e4SLinus Torvalds protocol), SOCKET__CREATE, NULL); 2964*1da177e4SLinus Torvalds 2965*1da177e4SLinus Torvalds out: 2966*1da177e4SLinus Torvalds return err; 2967*1da177e4SLinus Torvalds } 2968*1da177e4SLinus Torvalds 2969*1da177e4SLinus Torvalds static void selinux_socket_post_create(struct socket *sock, int family, 2970*1da177e4SLinus Torvalds int type, int protocol, int kern) 2971*1da177e4SLinus Torvalds { 2972*1da177e4SLinus Torvalds struct inode_security_struct *isec; 2973*1da177e4SLinus Torvalds struct task_security_struct *tsec; 2974*1da177e4SLinus Torvalds 2975*1da177e4SLinus Torvalds isec = SOCK_INODE(sock)->i_security; 2976*1da177e4SLinus Torvalds 2977*1da177e4SLinus Torvalds tsec = current->security; 2978*1da177e4SLinus Torvalds isec->sclass = socket_type_to_security_class(family, type, protocol); 2979*1da177e4SLinus Torvalds isec->sid = kern ? SECINITSID_KERNEL : tsec->sid; 2980*1da177e4SLinus Torvalds isec->initialized = 1; 2981*1da177e4SLinus Torvalds 2982*1da177e4SLinus Torvalds return; 2983*1da177e4SLinus Torvalds } 2984*1da177e4SLinus Torvalds 2985*1da177e4SLinus Torvalds /* Range of port numbers used to automatically bind. 2986*1da177e4SLinus Torvalds Need to determine whether we should perform a name_bind 2987*1da177e4SLinus Torvalds permission check between the socket and the port number. */ 2988*1da177e4SLinus Torvalds #define ip_local_port_range_0 sysctl_local_port_range[0] 2989*1da177e4SLinus Torvalds #define ip_local_port_range_1 sysctl_local_port_range[1] 2990*1da177e4SLinus Torvalds 2991*1da177e4SLinus Torvalds static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen) 2992*1da177e4SLinus Torvalds { 2993*1da177e4SLinus Torvalds u16 family; 2994*1da177e4SLinus Torvalds int err; 2995*1da177e4SLinus Torvalds 2996*1da177e4SLinus Torvalds err = socket_has_perm(current, sock, SOCKET__BIND); 2997*1da177e4SLinus Torvalds if (err) 2998*1da177e4SLinus Torvalds goto out; 2999*1da177e4SLinus Torvalds 3000*1da177e4SLinus Torvalds /* 3001*1da177e4SLinus Torvalds * If PF_INET or PF_INET6, check name_bind permission for the port. 3002*1da177e4SLinus Torvalds */ 3003*1da177e4SLinus Torvalds family = sock->sk->sk_family; 3004*1da177e4SLinus Torvalds if (family == PF_INET || family == PF_INET6) { 3005*1da177e4SLinus Torvalds char *addrp; 3006*1da177e4SLinus Torvalds struct inode_security_struct *isec; 3007*1da177e4SLinus Torvalds struct task_security_struct *tsec; 3008*1da177e4SLinus Torvalds struct avc_audit_data ad; 3009*1da177e4SLinus Torvalds struct sockaddr_in *addr4 = NULL; 3010*1da177e4SLinus Torvalds struct sockaddr_in6 *addr6 = NULL; 3011*1da177e4SLinus Torvalds unsigned short snum; 3012*1da177e4SLinus Torvalds struct sock *sk = sock->sk; 3013*1da177e4SLinus Torvalds u32 sid, node_perm, addrlen; 3014*1da177e4SLinus Torvalds 3015*1da177e4SLinus Torvalds tsec = current->security; 3016*1da177e4SLinus Torvalds isec = SOCK_INODE(sock)->i_security; 3017*1da177e4SLinus Torvalds 3018*1da177e4SLinus Torvalds if (family == PF_INET) { 3019*1da177e4SLinus Torvalds addr4 = (struct sockaddr_in *)address; 3020*1da177e4SLinus Torvalds snum = ntohs(addr4->sin_port); 3021*1da177e4SLinus Torvalds addrlen = sizeof(addr4->sin_addr.s_addr); 3022*1da177e4SLinus Torvalds addrp = (char *)&addr4->sin_addr.s_addr; 3023*1da177e4SLinus Torvalds } else { 3024*1da177e4SLinus Torvalds addr6 = (struct sockaddr_in6 *)address; 3025*1da177e4SLinus Torvalds snum = ntohs(addr6->sin6_port); 3026*1da177e4SLinus Torvalds addrlen = sizeof(addr6->sin6_addr.s6_addr); 3027*1da177e4SLinus Torvalds addrp = (char *)&addr6->sin6_addr.s6_addr; 3028*1da177e4SLinus Torvalds } 3029*1da177e4SLinus Torvalds 3030*1da177e4SLinus Torvalds if (snum&&(snum < max(PROT_SOCK,ip_local_port_range_0) || 3031*1da177e4SLinus Torvalds snum > ip_local_port_range_1)) { 3032*1da177e4SLinus Torvalds err = security_port_sid(sk->sk_family, sk->sk_type, 3033*1da177e4SLinus Torvalds sk->sk_protocol, snum, &sid); 3034*1da177e4SLinus Torvalds if (err) 3035*1da177e4SLinus Torvalds goto out; 3036*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad,NET); 3037*1da177e4SLinus Torvalds ad.u.net.sport = htons(snum); 3038*1da177e4SLinus Torvalds ad.u.net.family = family; 3039*1da177e4SLinus Torvalds err = avc_has_perm(isec->sid, sid, 3040*1da177e4SLinus Torvalds isec->sclass, 3041*1da177e4SLinus Torvalds SOCKET__NAME_BIND, &ad); 3042*1da177e4SLinus Torvalds if (err) 3043*1da177e4SLinus Torvalds goto out; 3044*1da177e4SLinus Torvalds } 3045*1da177e4SLinus Torvalds 3046*1da177e4SLinus Torvalds switch(sk->sk_protocol) { 3047*1da177e4SLinus Torvalds case IPPROTO_TCP: 3048*1da177e4SLinus Torvalds node_perm = TCP_SOCKET__NODE_BIND; 3049*1da177e4SLinus Torvalds break; 3050*1da177e4SLinus Torvalds 3051*1da177e4SLinus Torvalds case IPPROTO_UDP: 3052*1da177e4SLinus Torvalds node_perm = UDP_SOCKET__NODE_BIND; 3053*1da177e4SLinus Torvalds break; 3054*1da177e4SLinus Torvalds 3055*1da177e4SLinus Torvalds default: 3056*1da177e4SLinus Torvalds node_perm = RAWIP_SOCKET__NODE_BIND; 3057*1da177e4SLinus Torvalds break; 3058*1da177e4SLinus Torvalds } 3059*1da177e4SLinus Torvalds 3060*1da177e4SLinus Torvalds err = security_node_sid(family, addrp, addrlen, &sid); 3061*1da177e4SLinus Torvalds if (err) 3062*1da177e4SLinus Torvalds goto out; 3063*1da177e4SLinus Torvalds 3064*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad,NET); 3065*1da177e4SLinus Torvalds ad.u.net.sport = htons(snum); 3066*1da177e4SLinus Torvalds ad.u.net.family = family; 3067*1da177e4SLinus Torvalds 3068*1da177e4SLinus Torvalds if (family == PF_INET) 3069*1da177e4SLinus Torvalds ad.u.net.v4info.saddr = addr4->sin_addr.s_addr; 3070*1da177e4SLinus Torvalds else 3071*1da177e4SLinus Torvalds ipv6_addr_copy(&ad.u.net.v6info.saddr, &addr6->sin6_addr); 3072*1da177e4SLinus Torvalds 3073*1da177e4SLinus Torvalds err = avc_has_perm(isec->sid, sid, 3074*1da177e4SLinus Torvalds isec->sclass, node_perm, &ad); 3075*1da177e4SLinus Torvalds if (err) 3076*1da177e4SLinus Torvalds goto out; 3077*1da177e4SLinus Torvalds } 3078*1da177e4SLinus Torvalds out: 3079*1da177e4SLinus Torvalds return err; 3080*1da177e4SLinus Torvalds } 3081*1da177e4SLinus Torvalds 3082*1da177e4SLinus Torvalds static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen) 3083*1da177e4SLinus Torvalds { 3084*1da177e4SLinus Torvalds struct inode_security_struct *isec; 3085*1da177e4SLinus Torvalds int err; 3086*1da177e4SLinus Torvalds 3087*1da177e4SLinus Torvalds err = socket_has_perm(current, sock, SOCKET__CONNECT); 3088*1da177e4SLinus Torvalds if (err) 3089*1da177e4SLinus Torvalds return err; 3090*1da177e4SLinus Torvalds 3091*1da177e4SLinus Torvalds /* 3092*1da177e4SLinus Torvalds * If a TCP socket, check name_connect permission for the port. 3093*1da177e4SLinus Torvalds */ 3094*1da177e4SLinus Torvalds isec = SOCK_INODE(sock)->i_security; 3095*1da177e4SLinus Torvalds if (isec->sclass == SECCLASS_TCP_SOCKET) { 3096*1da177e4SLinus Torvalds struct sock *sk = sock->sk; 3097*1da177e4SLinus Torvalds struct avc_audit_data ad; 3098*1da177e4SLinus Torvalds struct sockaddr_in *addr4 = NULL; 3099*1da177e4SLinus Torvalds struct sockaddr_in6 *addr6 = NULL; 3100*1da177e4SLinus Torvalds unsigned short snum; 3101*1da177e4SLinus Torvalds u32 sid; 3102*1da177e4SLinus Torvalds 3103*1da177e4SLinus Torvalds if (sk->sk_family == PF_INET) { 3104*1da177e4SLinus Torvalds addr4 = (struct sockaddr_in *)address; 3105*1da177e4SLinus Torvalds if (addrlen != sizeof(struct sockaddr_in)) 3106*1da177e4SLinus Torvalds return -EINVAL; 3107*1da177e4SLinus Torvalds snum = ntohs(addr4->sin_port); 3108*1da177e4SLinus Torvalds } else { 3109*1da177e4SLinus Torvalds addr6 = (struct sockaddr_in6 *)address; 3110*1da177e4SLinus Torvalds if (addrlen != sizeof(struct sockaddr_in6)) 3111*1da177e4SLinus Torvalds return -EINVAL; 3112*1da177e4SLinus Torvalds snum = ntohs(addr6->sin6_port); 3113*1da177e4SLinus Torvalds } 3114*1da177e4SLinus Torvalds 3115*1da177e4SLinus Torvalds err = security_port_sid(sk->sk_family, sk->sk_type, 3116*1da177e4SLinus Torvalds sk->sk_protocol, snum, &sid); 3117*1da177e4SLinus Torvalds if (err) 3118*1da177e4SLinus Torvalds goto out; 3119*1da177e4SLinus Torvalds 3120*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad,NET); 3121*1da177e4SLinus Torvalds ad.u.net.dport = htons(snum); 3122*1da177e4SLinus Torvalds ad.u.net.family = sk->sk_family; 3123*1da177e4SLinus Torvalds err = avc_has_perm(isec->sid, sid, isec->sclass, 3124*1da177e4SLinus Torvalds TCP_SOCKET__NAME_CONNECT, &ad); 3125*1da177e4SLinus Torvalds if (err) 3126*1da177e4SLinus Torvalds goto out; 3127*1da177e4SLinus Torvalds } 3128*1da177e4SLinus Torvalds 3129*1da177e4SLinus Torvalds out: 3130*1da177e4SLinus Torvalds return err; 3131*1da177e4SLinus Torvalds } 3132*1da177e4SLinus Torvalds 3133*1da177e4SLinus Torvalds static int selinux_socket_listen(struct socket *sock, int backlog) 3134*1da177e4SLinus Torvalds { 3135*1da177e4SLinus Torvalds return socket_has_perm(current, sock, SOCKET__LISTEN); 3136*1da177e4SLinus Torvalds } 3137*1da177e4SLinus Torvalds 3138*1da177e4SLinus Torvalds static int selinux_socket_accept(struct socket *sock, struct socket *newsock) 3139*1da177e4SLinus Torvalds { 3140*1da177e4SLinus Torvalds int err; 3141*1da177e4SLinus Torvalds struct inode_security_struct *isec; 3142*1da177e4SLinus Torvalds struct inode_security_struct *newisec; 3143*1da177e4SLinus Torvalds 3144*1da177e4SLinus Torvalds err = socket_has_perm(current, sock, SOCKET__ACCEPT); 3145*1da177e4SLinus Torvalds if (err) 3146*1da177e4SLinus Torvalds return err; 3147*1da177e4SLinus Torvalds 3148*1da177e4SLinus Torvalds newisec = SOCK_INODE(newsock)->i_security; 3149*1da177e4SLinus Torvalds 3150*1da177e4SLinus Torvalds isec = SOCK_INODE(sock)->i_security; 3151*1da177e4SLinus Torvalds newisec->sclass = isec->sclass; 3152*1da177e4SLinus Torvalds newisec->sid = isec->sid; 3153*1da177e4SLinus Torvalds newisec->initialized = 1; 3154*1da177e4SLinus Torvalds 3155*1da177e4SLinus Torvalds return 0; 3156*1da177e4SLinus Torvalds } 3157*1da177e4SLinus Torvalds 3158*1da177e4SLinus Torvalds static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg, 3159*1da177e4SLinus Torvalds int size) 3160*1da177e4SLinus Torvalds { 3161*1da177e4SLinus Torvalds return socket_has_perm(current, sock, SOCKET__WRITE); 3162*1da177e4SLinus Torvalds } 3163*1da177e4SLinus Torvalds 3164*1da177e4SLinus Torvalds static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg, 3165*1da177e4SLinus Torvalds int size, int flags) 3166*1da177e4SLinus Torvalds { 3167*1da177e4SLinus Torvalds return socket_has_perm(current, sock, SOCKET__READ); 3168*1da177e4SLinus Torvalds } 3169*1da177e4SLinus Torvalds 3170*1da177e4SLinus Torvalds static int selinux_socket_getsockname(struct socket *sock) 3171*1da177e4SLinus Torvalds { 3172*1da177e4SLinus Torvalds return socket_has_perm(current, sock, SOCKET__GETATTR); 3173*1da177e4SLinus Torvalds } 3174*1da177e4SLinus Torvalds 3175*1da177e4SLinus Torvalds static int selinux_socket_getpeername(struct socket *sock) 3176*1da177e4SLinus Torvalds { 3177*1da177e4SLinus Torvalds return socket_has_perm(current, sock, SOCKET__GETATTR); 3178*1da177e4SLinus Torvalds } 3179*1da177e4SLinus Torvalds 3180*1da177e4SLinus Torvalds static int selinux_socket_setsockopt(struct socket *sock,int level,int optname) 3181*1da177e4SLinus Torvalds { 3182*1da177e4SLinus Torvalds return socket_has_perm(current, sock, SOCKET__SETOPT); 3183*1da177e4SLinus Torvalds } 3184*1da177e4SLinus Torvalds 3185*1da177e4SLinus Torvalds static int selinux_socket_getsockopt(struct socket *sock, int level, 3186*1da177e4SLinus Torvalds int optname) 3187*1da177e4SLinus Torvalds { 3188*1da177e4SLinus Torvalds return socket_has_perm(current, sock, SOCKET__GETOPT); 3189*1da177e4SLinus Torvalds } 3190*1da177e4SLinus Torvalds 3191*1da177e4SLinus Torvalds static int selinux_socket_shutdown(struct socket *sock, int how) 3192*1da177e4SLinus Torvalds { 3193*1da177e4SLinus Torvalds return socket_has_perm(current, sock, SOCKET__SHUTDOWN); 3194*1da177e4SLinus Torvalds } 3195*1da177e4SLinus Torvalds 3196*1da177e4SLinus Torvalds static int selinux_socket_unix_stream_connect(struct socket *sock, 3197*1da177e4SLinus Torvalds struct socket *other, 3198*1da177e4SLinus Torvalds struct sock *newsk) 3199*1da177e4SLinus Torvalds { 3200*1da177e4SLinus Torvalds struct sk_security_struct *ssec; 3201*1da177e4SLinus Torvalds struct inode_security_struct *isec; 3202*1da177e4SLinus Torvalds struct inode_security_struct *other_isec; 3203*1da177e4SLinus Torvalds struct avc_audit_data ad; 3204*1da177e4SLinus Torvalds int err; 3205*1da177e4SLinus Torvalds 3206*1da177e4SLinus Torvalds err = secondary_ops->unix_stream_connect(sock, other, newsk); 3207*1da177e4SLinus Torvalds if (err) 3208*1da177e4SLinus Torvalds return err; 3209*1da177e4SLinus Torvalds 3210*1da177e4SLinus Torvalds isec = SOCK_INODE(sock)->i_security; 3211*1da177e4SLinus Torvalds other_isec = SOCK_INODE(other)->i_security; 3212*1da177e4SLinus Torvalds 3213*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad,NET); 3214*1da177e4SLinus Torvalds ad.u.net.sk = other->sk; 3215*1da177e4SLinus Torvalds 3216*1da177e4SLinus Torvalds err = avc_has_perm(isec->sid, other_isec->sid, 3217*1da177e4SLinus Torvalds isec->sclass, 3218*1da177e4SLinus Torvalds UNIX_STREAM_SOCKET__CONNECTTO, &ad); 3219*1da177e4SLinus Torvalds if (err) 3220*1da177e4SLinus Torvalds return err; 3221*1da177e4SLinus Torvalds 3222*1da177e4SLinus Torvalds /* connecting socket */ 3223*1da177e4SLinus Torvalds ssec = sock->sk->sk_security; 3224*1da177e4SLinus Torvalds ssec->peer_sid = other_isec->sid; 3225*1da177e4SLinus Torvalds 3226*1da177e4SLinus Torvalds /* server child socket */ 3227*1da177e4SLinus Torvalds ssec = newsk->sk_security; 3228*1da177e4SLinus Torvalds ssec->peer_sid = isec->sid; 3229*1da177e4SLinus Torvalds 3230*1da177e4SLinus Torvalds return 0; 3231*1da177e4SLinus Torvalds } 3232*1da177e4SLinus Torvalds 3233*1da177e4SLinus Torvalds static int selinux_socket_unix_may_send(struct socket *sock, 3234*1da177e4SLinus Torvalds struct socket *other) 3235*1da177e4SLinus Torvalds { 3236*1da177e4SLinus Torvalds struct inode_security_struct *isec; 3237*1da177e4SLinus Torvalds struct inode_security_struct *other_isec; 3238*1da177e4SLinus Torvalds struct avc_audit_data ad; 3239*1da177e4SLinus Torvalds int err; 3240*1da177e4SLinus Torvalds 3241*1da177e4SLinus Torvalds isec = SOCK_INODE(sock)->i_security; 3242*1da177e4SLinus Torvalds other_isec = SOCK_INODE(other)->i_security; 3243*1da177e4SLinus Torvalds 3244*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad,NET); 3245*1da177e4SLinus Torvalds ad.u.net.sk = other->sk; 3246*1da177e4SLinus Torvalds 3247*1da177e4SLinus Torvalds err = avc_has_perm(isec->sid, other_isec->sid, 3248*1da177e4SLinus Torvalds isec->sclass, SOCKET__SENDTO, &ad); 3249*1da177e4SLinus Torvalds if (err) 3250*1da177e4SLinus Torvalds return err; 3251*1da177e4SLinus Torvalds 3252*1da177e4SLinus Torvalds return 0; 3253*1da177e4SLinus Torvalds } 3254*1da177e4SLinus Torvalds 3255*1da177e4SLinus Torvalds static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 3256*1da177e4SLinus Torvalds { 3257*1da177e4SLinus Torvalds u16 family; 3258*1da177e4SLinus Torvalds char *addrp; 3259*1da177e4SLinus Torvalds int len, err = 0; 3260*1da177e4SLinus Torvalds u32 netif_perm, node_perm, node_sid, if_sid, recv_perm = 0; 3261*1da177e4SLinus Torvalds u32 sock_sid = 0; 3262*1da177e4SLinus Torvalds u16 sock_class = 0; 3263*1da177e4SLinus Torvalds struct socket *sock; 3264*1da177e4SLinus Torvalds struct net_device *dev; 3265*1da177e4SLinus Torvalds struct avc_audit_data ad; 3266*1da177e4SLinus Torvalds 3267*1da177e4SLinus Torvalds family = sk->sk_family; 3268*1da177e4SLinus Torvalds if (family != PF_INET && family != PF_INET6) 3269*1da177e4SLinus Torvalds goto out; 3270*1da177e4SLinus Torvalds 3271*1da177e4SLinus Torvalds /* Handle mapped IPv4 packets arriving via IPv6 sockets */ 3272*1da177e4SLinus Torvalds if (family == PF_INET6 && skb->protocol == ntohs(ETH_P_IP)) 3273*1da177e4SLinus Torvalds family = PF_INET; 3274*1da177e4SLinus Torvalds 3275*1da177e4SLinus Torvalds read_lock_bh(&sk->sk_callback_lock); 3276*1da177e4SLinus Torvalds sock = sk->sk_socket; 3277*1da177e4SLinus Torvalds if (sock) { 3278*1da177e4SLinus Torvalds struct inode *inode; 3279*1da177e4SLinus Torvalds inode = SOCK_INODE(sock); 3280*1da177e4SLinus Torvalds if (inode) { 3281*1da177e4SLinus Torvalds struct inode_security_struct *isec; 3282*1da177e4SLinus Torvalds isec = inode->i_security; 3283*1da177e4SLinus Torvalds sock_sid = isec->sid; 3284*1da177e4SLinus Torvalds sock_class = isec->sclass; 3285*1da177e4SLinus Torvalds } 3286*1da177e4SLinus Torvalds } 3287*1da177e4SLinus Torvalds read_unlock_bh(&sk->sk_callback_lock); 3288*1da177e4SLinus Torvalds if (!sock_sid) 3289*1da177e4SLinus Torvalds goto out; 3290*1da177e4SLinus Torvalds 3291*1da177e4SLinus Torvalds dev = skb->dev; 3292*1da177e4SLinus Torvalds if (!dev) 3293*1da177e4SLinus Torvalds goto out; 3294*1da177e4SLinus Torvalds 3295*1da177e4SLinus Torvalds err = sel_netif_sids(dev, &if_sid, NULL); 3296*1da177e4SLinus Torvalds if (err) 3297*1da177e4SLinus Torvalds goto out; 3298*1da177e4SLinus Torvalds 3299*1da177e4SLinus Torvalds switch (sock_class) { 3300*1da177e4SLinus Torvalds case SECCLASS_UDP_SOCKET: 3301*1da177e4SLinus Torvalds netif_perm = NETIF__UDP_RECV; 3302*1da177e4SLinus Torvalds node_perm = NODE__UDP_RECV; 3303*1da177e4SLinus Torvalds recv_perm = UDP_SOCKET__RECV_MSG; 3304*1da177e4SLinus Torvalds break; 3305*1da177e4SLinus Torvalds 3306*1da177e4SLinus Torvalds case SECCLASS_TCP_SOCKET: 3307*1da177e4SLinus Torvalds netif_perm = NETIF__TCP_RECV; 3308*1da177e4SLinus Torvalds node_perm = NODE__TCP_RECV; 3309*1da177e4SLinus Torvalds recv_perm = TCP_SOCKET__RECV_MSG; 3310*1da177e4SLinus Torvalds break; 3311*1da177e4SLinus Torvalds 3312*1da177e4SLinus Torvalds default: 3313*1da177e4SLinus Torvalds netif_perm = NETIF__RAWIP_RECV; 3314*1da177e4SLinus Torvalds node_perm = NODE__RAWIP_RECV; 3315*1da177e4SLinus Torvalds break; 3316*1da177e4SLinus Torvalds } 3317*1da177e4SLinus Torvalds 3318*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad, NET); 3319*1da177e4SLinus Torvalds ad.u.net.netif = dev->name; 3320*1da177e4SLinus Torvalds ad.u.net.family = family; 3321*1da177e4SLinus Torvalds 3322*1da177e4SLinus Torvalds err = selinux_parse_skb(skb, &ad, &addrp, &len, 1); 3323*1da177e4SLinus Torvalds if (err) 3324*1da177e4SLinus Torvalds goto out; 3325*1da177e4SLinus Torvalds 3326*1da177e4SLinus Torvalds err = avc_has_perm(sock_sid, if_sid, SECCLASS_NETIF, netif_perm, &ad); 3327*1da177e4SLinus Torvalds if (err) 3328*1da177e4SLinus Torvalds goto out; 3329*1da177e4SLinus Torvalds 3330*1da177e4SLinus Torvalds /* Fixme: this lookup is inefficient */ 3331*1da177e4SLinus Torvalds err = security_node_sid(family, addrp, len, &node_sid); 3332*1da177e4SLinus Torvalds if (err) 3333*1da177e4SLinus Torvalds goto out; 3334*1da177e4SLinus Torvalds 3335*1da177e4SLinus Torvalds err = avc_has_perm(sock_sid, node_sid, SECCLASS_NODE, node_perm, &ad); 3336*1da177e4SLinus Torvalds if (err) 3337*1da177e4SLinus Torvalds goto out; 3338*1da177e4SLinus Torvalds 3339*1da177e4SLinus Torvalds if (recv_perm) { 3340*1da177e4SLinus Torvalds u32 port_sid; 3341*1da177e4SLinus Torvalds 3342*1da177e4SLinus Torvalds /* Fixme: make this more efficient */ 3343*1da177e4SLinus Torvalds err = security_port_sid(sk->sk_family, sk->sk_type, 3344*1da177e4SLinus Torvalds sk->sk_protocol, ntohs(ad.u.net.sport), 3345*1da177e4SLinus Torvalds &port_sid); 3346*1da177e4SLinus Torvalds if (err) 3347*1da177e4SLinus Torvalds goto out; 3348*1da177e4SLinus Torvalds 3349*1da177e4SLinus Torvalds err = avc_has_perm(sock_sid, port_sid, 3350*1da177e4SLinus Torvalds sock_class, recv_perm, &ad); 3351*1da177e4SLinus Torvalds } 3352*1da177e4SLinus Torvalds out: 3353*1da177e4SLinus Torvalds return err; 3354*1da177e4SLinus Torvalds } 3355*1da177e4SLinus Torvalds 3356*1da177e4SLinus Torvalds static int selinux_socket_getpeersec(struct socket *sock, char __user *optval, 3357*1da177e4SLinus Torvalds int __user *optlen, unsigned len) 3358*1da177e4SLinus Torvalds { 3359*1da177e4SLinus Torvalds int err = 0; 3360*1da177e4SLinus Torvalds char *scontext; 3361*1da177e4SLinus Torvalds u32 scontext_len; 3362*1da177e4SLinus Torvalds struct sk_security_struct *ssec; 3363*1da177e4SLinus Torvalds struct inode_security_struct *isec; 3364*1da177e4SLinus Torvalds 3365*1da177e4SLinus Torvalds isec = SOCK_INODE(sock)->i_security; 3366*1da177e4SLinus Torvalds if (isec->sclass != SECCLASS_UNIX_STREAM_SOCKET) { 3367*1da177e4SLinus Torvalds err = -ENOPROTOOPT; 3368*1da177e4SLinus Torvalds goto out; 3369*1da177e4SLinus Torvalds } 3370*1da177e4SLinus Torvalds 3371*1da177e4SLinus Torvalds ssec = sock->sk->sk_security; 3372*1da177e4SLinus Torvalds 3373*1da177e4SLinus Torvalds err = security_sid_to_context(ssec->peer_sid, &scontext, &scontext_len); 3374*1da177e4SLinus Torvalds if (err) 3375*1da177e4SLinus Torvalds goto out; 3376*1da177e4SLinus Torvalds 3377*1da177e4SLinus Torvalds if (scontext_len > len) { 3378*1da177e4SLinus Torvalds err = -ERANGE; 3379*1da177e4SLinus Torvalds goto out_len; 3380*1da177e4SLinus Torvalds } 3381*1da177e4SLinus Torvalds 3382*1da177e4SLinus Torvalds if (copy_to_user(optval, scontext, scontext_len)) 3383*1da177e4SLinus Torvalds err = -EFAULT; 3384*1da177e4SLinus Torvalds 3385*1da177e4SLinus Torvalds out_len: 3386*1da177e4SLinus Torvalds if (put_user(scontext_len, optlen)) 3387*1da177e4SLinus Torvalds err = -EFAULT; 3388*1da177e4SLinus Torvalds 3389*1da177e4SLinus Torvalds kfree(scontext); 3390*1da177e4SLinus Torvalds out: 3391*1da177e4SLinus Torvalds return err; 3392*1da177e4SLinus Torvalds } 3393*1da177e4SLinus Torvalds 3394*1da177e4SLinus Torvalds static int selinux_sk_alloc_security(struct sock *sk, int family, int priority) 3395*1da177e4SLinus Torvalds { 3396*1da177e4SLinus Torvalds return sk_alloc_security(sk, family, priority); 3397*1da177e4SLinus Torvalds } 3398*1da177e4SLinus Torvalds 3399*1da177e4SLinus Torvalds static void selinux_sk_free_security(struct sock *sk) 3400*1da177e4SLinus Torvalds { 3401*1da177e4SLinus Torvalds sk_free_security(sk); 3402*1da177e4SLinus Torvalds } 3403*1da177e4SLinus Torvalds 3404*1da177e4SLinus Torvalds static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) 3405*1da177e4SLinus Torvalds { 3406*1da177e4SLinus Torvalds int err = 0; 3407*1da177e4SLinus Torvalds u32 perm; 3408*1da177e4SLinus Torvalds struct nlmsghdr *nlh; 3409*1da177e4SLinus Torvalds struct socket *sock = sk->sk_socket; 3410*1da177e4SLinus Torvalds struct inode_security_struct *isec = SOCK_INODE(sock)->i_security; 3411*1da177e4SLinus Torvalds 3412*1da177e4SLinus Torvalds if (skb->len < NLMSG_SPACE(0)) { 3413*1da177e4SLinus Torvalds err = -EINVAL; 3414*1da177e4SLinus Torvalds goto out; 3415*1da177e4SLinus Torvalds } 3416*1da177e4SLinus Torvalds nlh = (struct nlmsghdr *)skb->data; 3417*1da177e4SLinus Torvalds 3418*1da177e4SLinus Torvalds err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm); 3419*1da177e4SLinus Torvalds if (err) { 3420*1da177e4SLinus Torvalds if (err == -EINVAL) { 3421*1da177e4SLinus Torvalds audit_log(current->audit_context, 3422*1da177e4SLinus Torvalds "SELinux: unrecognized netlink message" 3423*1da177e4SLinus Torvalds " type=%hu for sclass=%hu\n", 3424*1da177e4SLinus Torvalds nlh->nlmsg_type, isec->sclass); 3425*1da177e4SLinus Torvalds if (!selinux_enforcing) 3426*1da177e4SLinus Torvalds err = 0; 3427*1da177e4SLinus Torvalds } 3428*1da177e4SLinus Torvalds 3429*1da177e4SLinus Torvalds /* Ignore */ 3430*1da177e4SLinus Torvalds if (err == -ENOENT) 3431*1da177e4SLinus Torvalds err = 0; 3432*1da177e4SLinus Torvalds goto out; 3433*1da177e4SLinus Torvalds } 3434*1da177e4SLinus Torvalds 3435*1da177e4SLinus Torvalds err = socket_has_perm(current, sock, perm); 3436*1da177e4SLinus Torvalds out: 3437*1da177e4SLinus Torvalds return err; 3438*1da177e4SLinus Torvalds } 3439*1da177e4SLinus Torvalds 3440*1da177e4SLinus Torvalds #ifdef CONFIG_NETFILTER 3441*1da177e4SLinus Torvalds 3442*1da177e4SLinus Torvalds static unsigned int selinux_ip_postroute_last(unsigned int hooknum, 3443*1da177e4SLinus Torvalds struct sk_buff **pskb, 3444*1da177e4SLinus Torvalds const struct net_device *in, 3445*1da177e4SLinus Torvalds const struct net_device *out, 3446*1da177e4SLinus Torvalds int (*okfn)(struct sk_buff *), 3447*1da177e4SLinus Torvalds u16 family) 3448*1da177e4SLinus Torvalds { 3449*1da177e4SLinus Torvalds char *addrp; 3450*1da177e4SLinus Torvalds int len, err = NF_ACCEPT; 3451*1da177e4SLinus Torvalds u32 netif_perm, node_perm, node_sid, if_sid, send_perm = 0; 3452*1da177e4SLinus Torvalds struct sock *sk; 3453*1da177e4SLinus Torvalds struct socket *sock; 3454*1da177e4SLinus Torvalds struct inode *inode; 3455*1da177e4SLinus Torvalds struct sk_buff *skb = *pskb; 3456*1da177e4SLinus Torvalds struct inode_security_struct *isec; 3457*1da177e4SLinus Torvalds struct avc_audit_data ad; 3458*1da177e4SLinus Torvalds struct net_device *dev = (struct net_device *)out; 3459*1da177e4SLinus Torvalds 3460*1da177e4SLinus Torvalds sk = skb->sk; 3461*1da177e4SLinus Torvalds if (!sk) 3462*1da177e4SLinus Torvalds goto out; 3463*1da177e4SLinus Torvalds 3464*1da177e4SLinus Torvalds sock = sk->sk_socket; 3465*1da177e4SLinus Torvalds if (!sock) 3466*1da177e4SLinus Torvalds goto out; 3467*1da177e4SLinus Torvalds 3468*1da177e4SLinus Torvalds inode = SOCK_INODE(sock); 3469*1da177e4SLinus Torvalds if (!inode) 3470*1da177e4SLinus Torvalds goto out; 3471*1da177e4SLinus Torvalds 3472*1da177e4SLinus Torvalds err = sel_netif_sids(dev, &if_sid, NULL); 3473*1da177e4SLinus Torvalds if (err) 3474*1da177e4SLinus Torvalds goto out; 3475*1da177e4SLinus Torvalds 3476*1da177e4SLinus Torvalds isec = inode->i_security; 3477*1da177e4SLinus Torvalds 3478*1da177e4SLinus Torvalds switch (isec->sclass) { 3479*1da177e4SLinus Torvalds case SECCLASS_UDP_SOCKET: 3480*1da177e4SLinus Torvalds netif_perm = NETIF__UDP_SEND; 3481*1da177e4SLinus Torvalds node_perm = NODE__UDP_SEND; 3482*1da177e4SLinus Torvalds send_perm = UDP_SOCKET__SEND_MSG; 3483*1da177e4SLinus Torvalds break; 3484*1da177e4SLinus Torvalds 3485*1da177e4SLinus Torvalds case SECCLASS_TCP_SOCKET: 3486*1da177e4SLinus Torvalds netif_perm = NETIF__TCP_SEND; 3487*1da177e4SLinus Torvalds node_perm = NODE__TCP_SEND; 3488*1da177e4SLinus Torvalds send_perm = TCP_SOCKET__SEND_MSG; 3489*1da177e4SLinus Torvalds break; 3490*1da177e4SLinus Torvalds 3491*1da177e4SLinus Torvalds default: 3492*1da177e4SLinus Torvalds netif_perm = NETIF__RAWIP_SEND; 3493*1da177e4SLinus Torvalds node_perm = NODE__RAWIP_SEND; 3494*1da177e4SLinus Torvalds break; 3495*1da177e4SLinus Torvalds } 3496*1da177e4SLinus Torvalds 3497*1da177e4SLinus Torvalds 3498*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad, NET); 3499*1da177e4SLinus Torvalds ad.u.net.netif = dev->name; 3500*1da177e4SLinus Torvalds ad.u.net.family = family; 3501*1da177e4SLinus Torvalds 3502*1da177e4SLinus Torvalds err = selinux_parse_skb(skb, &ad, &addrp, 3503*1da177e4SLinus Torvalds &len, 0) ? NF_DROP : NF_ACCEPT; 3504*1da177e4SLinus Torvalds if (err != NF_ACCEPT) 3505*1da177e4SLinus Torvalds goto out; 3506*1da177e4SLinus Torvalds 3507*1da177e4SLinus Torvalds err = avc_has_perm(isec->sid, if_sid, SECCLASS_NETIF, 3508*1da177e4SLinus Torvalds netif_perm, &ad) ? NF_DROP : NF_ACCEPT; 3509*1da177e4SLinus Torvalds if (err != NF_ACCEPT) 3510*1da177e4SLinus Torvalds goto out; 3511*1da177e4SLinus Torvalds 3512*1da177e4SLinus Torvalds /* Fixme: this lookup is inefficient */ 3513*1da177e4SLinus Torvalds err = security_node_sid(family, addrp, len, 3514*1da177e4SLinus Torvalds &node_sid) ? NF_DROP : NF_ACCEPT; 3515*1da177e4SLinus Torvalds if (err != NF_ACCEPT) 3516*1da177e4SLinus Torvalds goto out; 3517*1da177e4SLinus Torvalds 3518*1da177e4SLinus Torvalds err = avc_has_perm(isec->sid, node_sid, SECCLASS_NODE, 3519*1da177e4SLinus Torvalds node_perm, &ad) ? NF_DROP : NF_ACCEPT; 3520*1da177e4SLinus Torvalds if (err != NF_ACCEPT) 3521*1da177e4SLinus Torvalds goto out; 3522*1da177e4SLinus Torvalds 3523*1da177e4SLinus Torvalds if (send_perm) { 3524*1da177e4SLinus Torvalds u32 port_sid; 3525*1da177e4SLinus Torvalds 3526*1da177e4SLinus Torvalds /* Fixme: make this more efficient */ 3527*1da177e4SLinus Torvalds err = security_port_sid(sk->sk_family, 3528*1da177e4SLinus Torvalds sk->sk_type, 3529*1da177e4SLinus Torvalds sk->sk_protocol, 3530*1da177e4SLinus Torvalds ntohs(ad.u.net.dport), 3531*1da177e4SLinus Torvalds &port_sid) ? NF_DROP : NF_ACCEPT; 3532*1da177e4SLinus Torvalds if (err != NF_ACCEPT) 3533*1da177e4SLinus Torvalds goto out; 3534*1da177e4SLinus Torvalds 3535*1da177e4SLinus Torvalds err = avc_has_perm(isec->sid, port_sid, isec->sclass, 3536*1da177e4SLinus Torvalds send_perm, &ad) ? NF_DROP : NF_ACCEPT; 3537*1da177e4SLinus Torvalds } 3538*1da177e4SLinus Torvalds 3539*1da177e4SLinus Torvalds out: 3540*1da177e4SLinus Torvalds return err; 3541*1da177e4SLinus Torvalds } 3542*1da177e4SLinus Torvalds 3543*1da177e4SLinus Torvalds static unsigned int selinux_ipv4_postroute_last(unsigned int hooknum, 3544*1da177e4SLinus Torvalds struct sk_buff **pskb, 3545*1da177e4SLinus Torvalds const struct net_device *in, 3546*1da177e4SLinus Torvalds const struct net_device *out, 3547*1da177e4SLinus Torvalds int (*okfn)(struct sk_buff *)) 3548*1da177e4SLinus Torvalds { 3549*1da177e4SLinus Torvalds return selinux_ip_postroute_last(hooknum, pskb, in, out, okfn, PF_INET); 3550*1da177e4SLinus Torvalds } 3551*1da177e4SLinus Torvalds 3552*1da177e4SLinus Torvalds #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 3553*1da177e4SLinus Torvalds 3554*1da177e4SLinus Torvalds static unsigned int selinux_ipv6_postroute_last(unsigned int hooknum, 3555*1da177e4SLinus Torvalds struct sk_buff **pskb, 3556*1da177e4SLinus Torvalds const struct net_device *in, 3557*1da177e4SLinus Torvalds const struct net_device *out, 3558*1da177e4SLinus Torvalds int (*okfn)(struct sk_buff *)) 3559*1da177e4SLinus Torvalds { 3560*1da177e4SLinus Torvalds return selinux_ip_postroute_last(hooknum, pskb, in, out, okfn, PF_INET6); 3561*1da177e4SLinus Torvalds } 3562*1da177e4SLinus Torvalds 3563*1da177e4SLinus Torvalds #endif /* IPV6 */ 3564*1da177e4SLinus Torvalds 3565*1da177e4SLinus Torvalds #endif /* CONFIG_NETFILTER */ 3566*1da177e4SLinus Torvalds 3567*1da177e4SLinus Torvalds #else 3568*1da177e4SLinus Torvalds 3569*1da177e4SLinus Torvalds static inline int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) 3570*1da177e4SLinus Torvalds { 3571*1da177e4SLinus Torvalds return 0; 3572*1da177e4SLinus Torvalds } 3573*1da177e4SLinus Torvalds 3574*1da177e4SLinus Torvalds #endif /* CONFIG_SECURITY_NETWORK */ 3575*1da177e4SLinus Torvalds 3576*1da177e4SLinus Torvalds static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb) 3577*1da177e4SLinus Torvalds { 3578*1da177e4SLinus Torvalds struct task_security_struct *tsec; 3579*1da177e4SLinus Torvalds struct av_decision avd; 3580*1da177e4SLinus Torvalds int err; 3581*1da177e4SLinus Torvalds 3582*1da177e4SLinus Torvalds err = secondary_ops->netlink_send(sk, skb); 3583*1da177e4SLinus Torvalds if (err) 3584*1da177e4SLinus Torvalds return err; 3585*1da177e4SLinus Torvalds 3586*1da177e4SLinus Torvalds tsec = current->security; 3587*1da177e4SLinus Torvalds 3588*1da177e4SLinus Torvalds avd.allowed = 0; 3589*1da177e4SLinus Torvalds avc_has_perm_noaudit(tsec->sid, tsec->sid, 3590*1da177e4SLinus Torvalds SECCLASS_CAPABILITY, ~0, &avd); 3591*1da177e4SLinus Torvalds cap_mask(NETLINK_CB(skb).eff_cap, avd.allowed); 3592*1da177e4SLinus Torvalds 3593*1da177e4SLinus Torvalds if (policydb_loaded_version >= POLICYDB_VERSION_NLCLASS) 3594*1da177e4SLinus Torvalds err = selinux_nlmsg_perm(sk, skb); 3595*1da177e4SLinus Torvalds 3596*1da177e4SLinus Torvalds return err; 3597*1da177e4SLinus Torvalds } 3598*1da177e4SLinus Torvalds 3599*1da177e4SLinus Torvalds static int selinux_netlink_recv(struct sk_buff *skb) 3600*1da177e4SLinus Torvalds { 3601*1da177e4SLinus Torvalds if (!cap_raised(NETLINK_CB(skb).eff_cap, CAP_NET_ADMIN)) 3602*1da177e4SLinus Torvalds return -EPERM; 3603*1da177e4SLinus Torvalds return 0; 3604*1da177e4SLinus Torvalds } 3605*1da177e4SLinus Torvalds 3606*1da177e4SLinus Torvalds static int ipc_alloc_security(struct task_struct *task, 3607*1da177e4SLinus Torvalds struct kern_ipc_perm *perm, 3608*1da177e4SLinus Torvalds u16 sclass) 3609*1da177e4SLinus Torvalds { 3610*1da177e4SLinus Torvalds struct task_security_struct *tsec = task->security; 3611*1da177e4SLinus Torvalds struct ipc_security_struct *isec; 3612*1da177e4SLinus Torvalds 3613*1da177e4SLinus Torvalds isec = kmalloc(sizeof(struct ipc_security_struct), GFP_KERNEL); 3614*1da177e4SLinus Torvalds if (!isec) 3615*1da177e4SLinus Torvalds return -ENOMEM; 3616*1da177e4SLinus Torvalds 3617*1da177e4SLinus Torvalds memset(isec, 0, sizeof(struct ipc_security_struct)); 3618*1da177e4SLinus Torvalds isec->magic = SELINUX_MAGIC; 3619*1da177e4SLinus Torvalds isec->sclass = sclass; 3620*1da177e4SLinus Torvalds isec->ipc_perm = perm; 3621*1da177e4SLinus Torvalds if (tsec) { 3622*1da177e4SLinus Torvalds isec->sid = tsec->sid; 3623*1da177e4SLinus Torvalds } else { 3624*1da177e4SLinus Torvalds isec->sid = SECINITSID_UNLABELED; 3625*1da177e4SLinus Torvalds } 3626*1da177e4SLinus Torvalds perm->security = isec; 3627*1da177e4SLinus Torvalds 3628*1da177e4SLinus Torvalds return 0; 3629*1da177e4SLinus Torvalds } 3630*1da177e4SLinus Torvalds 3631*1da177e4SLinus Torvalds static void ipc_free_security(struct kern_ipc_perm *perm) 3632*1da177e4SLinus Torvalds { 3633*1da177e4SLinus Torvalds struct ipc_security_struct *isec = perm->security; 3634*1da177e4SLinus Torvalds if (!isec || isec->magic != SELINUX_MAGIC) 3635*1da177e4SLinus Torvalds return; 3636*1da177e4SLinus Torvalds 3637*1da177e4SLinus Torvalds perm->security = NULL; 3638*1da177e4SLinus Torvalds kfree(isec); 3639*1da177e4SLinus Torvalds } 3640*1da177e4SLinus Torvalds 3641*1da177e4SLinus Torvalds static int msg_msg_alloc_security(struct msg_msg *msg) 3642*1da177e4SLinus Torvalds { 3643*1da177e4SLinus Torvalds struct msg_security_struct *msec; 3644*1da177e4SLinus Torvalds 3645*1da177e4SLinus Torvalds msec = kmalloc(sizeof(struct msg_security_struct), GFP_KERNEL); 3646*1da177e4SLinus Torvalds if (!msec) 3647*1da177e4SLinus Torvalds return -ENOMEM; 3648*1da177e4SLinus Torvalds 3649*1da177e4SLinus Torvalds memset(msec, 0, sizeof(struct msg_security_struct)); 3650*1da177e4SLinus Torvalds msec->magic = SELINUX_MAGIC; 3651*1da177e4SLinus Torvalds msec->msg = msg; 3652*1da177e4SLinus Torvalds msec->sid = SECINITSID_UNLABELED; 3653*1da177e4SLinus Torvalds msg->security = msec; 3654*1da177e4SLinus Torvalds 3655*1da177e4SLinus Torvalds return 0; 3656*1da177e4SLinus Torvalds } 3657*1da177e4SLinus Torvalds 3658*1da177e4SLinus Torvalds static void msg_msg_free_security(struct msg_msg *msg) 3659*1da177e4SLinus Torvalds { 3660*1da177e4SLinus Torvalds struct msg_security_struct *msec = msg->security; 3661*1da177e4SLinus Torvalds if (!msec || msec->magic != SELINUX_MAGIC) 3662*1da177e4SLinus Torvalds return; 3663*1da177e4SLinus Torvalds 3664*1da177e4SLinus Torvalds msg->security = NULL; 3665*1da177e4SLinus Torvalds kfree(msec); 3666*1da177e4SLinus Torvalds } 3667*1da177e4SLinus Torvalds 3668*1da177e4SLinus Torvalds static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, 3669*1da177e4SLinus Torvalds u16 sclass, u32 perms) 3670*1da177e4SLinus Torvalds { 3671*1da177e4SLinus Torvalds struct task_security_struct *tsec; 3672*1da177e4SLinus Torvalds struct ipc_security_struct *isec; 3673*1da177e4SLinus Torvalds struct avc_audit_data ad; 3674*1da177e4SLinus Torvalds 3675*1da177e4SLinus Torvalds tsec = current->security; 3676*1da177e4SLinus Torvalds isec = ipc_perms->security; 3677*1da177e4SLinus Torvalds 3678*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad, IPC); 3679*1da177e4SLinus Torvalds ad.u.ipc_id = ipc_perms->key; 3680*1da177e4SLinus Torvalds 3681*1da177e4SLinus Torvalds return avc_has_perm(tsec->sid, isec->sid, sclass, perms, &ad); 3682*1da177e4SLinus Torvalds } 3683*1da177e4SLinus Torvalds 3684*1da177e4SLinus Torvalds static int selinux_msg_msg_alloc_security(struct msg_msg *msg) 3685*1da177e4SLinus Torvalds { 3686*1da177e4SLinus Torvalds return msg_msg_alloc_security(msg); 3687*1da177e4SLinus Torvalds } 3688*1da177e4SLinus Torvalds 3689*1da177e4SLinus Torvalds static void selinux_msg_msg_free_security(struct msg_msg *msg) 3690*1da177e4SLinus Torvalds { 3691*1da177e4SLinus Torvalds msg_msg_free_security(msg); 3692*1da177e4SLinus Torvalds } 3693*1da177e4SLinus Torvalds 3694*1da177e4SLinus Torvalds /* message queue security operations */ 3695*1da177e4SLinus Torvalds static int selinux_msg_queue_alloc_security(struct msg_queue *msq) 3696*1da177e4SLinus Torvalds { 3697*1da177e4SLinus Torvalds struct task_security_struct *tsec; 3698*1da177e4SLinus Torvalds struct ipc_security_struct *isec; 3699*1da177e4SLinus Torvalds struct avc_audit_data ad; 3700*1da177e4SLinus Torvalds int rc; 3701*1da177e4SLinus Torvalds 3702*1da177e4SLinus Torvalds rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ); 3703*1da177e4SLinus Torvalds if (rc) 3704*1da177e4SLinus Torvalds return rc; 3705*1da177e4SLinus Torvalds 3706*1da177e4SLinus Torvalds tsec = current->security; 3707*1da177e4SLinus Torvalds isec = msq->q_perm.security; 3708*1da177e4SLinus Torvalds 3709*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad, IPC); 3710*1da177e4SLinus Torvalds ad.u.ipc_id = msq->q_perm.key; 3711*1da177e4SLinus Torvalds 3712*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ, 3713*1da177e4SLinus Torvalds MSGQ__CREATE, &ad); 3714*1da177e4SLinus Torvalds if (rc) { 3715*1da177e4SLinus Torvalds ipc_free_security(&msq->q_perm); 3716*1da177e4SLinus Torvalds return rc; 3717*1da177e4SLinus Torvalds } 3718*1da177e4SLinus Torvalds return 0; 3719*1da177e4SLinus Torvalds } 3720*1da177e4SLinus Torvalds 3721*1da177e4SLinus Torvalds static void selinux_msg_queue_free_security(struct msg_queue *msq) 3722*1da177e4SLinus Torvalds { 3723*1da177e4SLinus Torvalds ipc_free_security(&msq->q_perm); 3724*1da177e4SLinus Torvalds } 3725*1da177e4SLinus Torvalds 3726*1da177e4SLinus Torvalds static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg) 3727*1da177e4SLinus Torvalds { 3728*1da177e4SLinus Torvalds struct task_security_struct *tsec; 3729*1da177e4SLinus Torvalds struct ipc_security_struct *isec; 3730*1da177e4SLinus Torvalds struct avc_audit_data ad; 3731*1da177e4SLinus Torvalds 3732*1da177e4SLinus Torvalds tsec = current->security; 3733*1da177e4SLinus Torvalds isec = msq->q_perm.security; 3734*1da177e4SLinus Torvalds 3735*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad, IPC); 3736*1da177e4SLinus Torvalds ad.u.ipc_id = msq->q_perm.key; 3737*1da177e4SLinus Torvalds 3738*1da177e4SLinus Torvalds return avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ, 3739*1da177e4SLinus Torvalds MSGQ__ASSOCIATE, &ad); 3740*1da177e4SLinus Torvalds } 3741*1da177e4SLinus Torvalds 3742*1da177e4SLinus Torvalds static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd) 3743*1da177e4SLinus Torvalds { 3744*1da177e4SLinus Torvalds int err; 3745*1da177e4SLinus Torvalds int perms; 3746*1da177e4SLinus Torvalds 3747*1da177e4SLinus Torvalds switch(cmd) { 3748*1da177e4SLinus Torvalds case IPC_INFO: 3749*1da177e4SLinus Torvalds case MSG_INFO: 3750*1da177e4SLinus Torvalds /* No specific object, just general system-wide information. */ 3751*1da177e4SLinus Torvalds return task_has_system(current, SYSTEM__IPC_INFO); 3752*1da177e4SLinus Torvalds case IPC_STAT: 3753*1da177e4SLinus Torvalds case MSG_STAT: 3754*1da177e4SLinus Torvalds perms = MSGQ__GETATTR | MSGQ__ASSOCIATE; 3755*1da177e4SLinus Torvalds break; 3756*1da177e4SLinus Torvalds case IPC_SET: 3757*1da177e4SLinus Torvalds perms = MSGQ__SETATTR; 3758*1da177e4SLinus Torvalds break; 3759*1da177e4SLinus Torvalds case IPC_RMID: 3760*1da177e4SLinus Torvalds perms = MSGQ__DESTROY; 3761*1da177e4SLinus Torvalds break; 3762*1da177e4SLinus Torvalds default: 3763*1da177e4SLinus Torvalds return 0; 3764*1da177e4SLinus Torvalds } 3765*1da177e4SLinus Torvalds 3766*1da177e4SLinus Torvalds err = ipc_has_perm(&msq->q_perm, SECCLASS_MSGQ, perms); 3767*1da177e4SLinus Torvalds return err; 3768*1da177e4SLinus Torvalds } 3769*1da177e4SLinus Torvalds 3770*1da177e4SLinus Torvalds static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg) 3771*1da177e4SLinus Torvalds { 3772*1da177e4SLinus Torvalds struct task_security_struct *tsec; 3773*1da177e4SLinus Torvalds struct ipc_security_struct *isec; 3774*1da177e4SLinus Torvalds struct msg_security_struct *msec; 3775*1da177e4SLinus Torvalds struct avc_audit_data ad; 3776*1da177e4SLinus Torvalds int rc; 3777*1da177e4SLinus Torvalds 3778*1da177e4SLinus Torvalds tsec = current->security; 3779*1da177e4SLinus Torvalds isec = msq->q_perm.security; 3780*1da177e4SLinus Torvalds msec = msg->security; 3781*1da177e4SLinus Torvalds 3782*1da177e4SLinus Torvalds /* 3783*1da177e4SLinus Torvalds * First time through, need to assign label to the message 3784*1da177e4SLinus Torvalds */ 3785*1da177e4SLinus Torvalds if (msec->sid == SECINITSID_UNLABELED) { 3786*1da177e4SLinus Torvalds /* 3787*1da177e4SLinus Torvalds * Compute new sid based on current process and 3788*1da177e4SLinus Torvalds * message queue this message will be stored in 3789*1da177e4SLinus Torvalds */ 3790*1da177e4SLinus Torvalds rc = security_transition_sid(tsec->sid, 3791*1da177e4SLinus Torvalds isec->sid, 3792*1da177e4SLinus Torvalds SECCLASS_MSG, 3793*1da177e4SLinus Torvalds &msec->sid); 3794*1da177e4SLinus Torvalds if (rc) 3795*1da177e4SLinus Torvalds return rc; 3796*1da177e4SLinus Torvalds } 3797*1da177e4SLinus Torvalds 3798*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad, IPC); 3799*1da177e4SLinus Torvalds ad.u.ipc_id = msq->q_perm.key; 3800*1da177e4SLinus Torvalds 3801*1da177e4SLinus Torvalds /* Can this process write to the queue? */ 3802*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ, 3803*1da177e4SLinus Torvalds MSGQ__WRITE, &ad); 3804*1da177e4SLinus Torvalds if (!rc) 3805*1da177e4SLinus Torvalds /* Can this process send the message */ 3806*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->sid, msec->sid, 3807*1da177e4SLinus Torvalds SECCLASS_MSG, MSG__SEND, &ad); 3808*1da177e4SLinus Torvalds if (!rc) 3809*1da177e4SLinus Torvalds /* Can the message be put in the queue? */ 3810*1da177e4SLinus Torvalds rc = avc_has_perm(msec->sid, isec->sid, 3811*1da177e4SLinus Torvalds SECCLASS_MSGQ, MSGQ__ENQUEUE, &ad); 3812*1da177e4SLinus Torvalds 3813*1da177e4SLinus Torvalds return rc; 3814*1da177e4SLinus Torvalds } 3815*1da177e4SLinus Torvalds 3816*1da177e4SLinus Torvalds static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, 3817*1da177e4SLinus Torvalds struct task_struct *target, 3818*1da177e4SLinus Torvalds long type, int mode) 3819*1da177e4SLinus Torvalds { 3820*1da177e4SLinus Torvalds struct task_security_struct *tsec; 3821*1da177e4SLinus Torvalds struct ipc_security_struct *isec; 3822*1da177e4SLinus Torvalds struct msg_security_struct *msec; 3823*1da177e4SLinus Torvalds struct avc_audit_data ad; 3824*1da177e4SLinus Torvalds int rc; 3825*1da177e4SLinus Torvalds 3826*1da177e4SLinus Torvalds tsec = target->security; 3827*1da177e4SLinus Torvalds isec = msq->q_perm.security; 3828*1da177e4SLinus Torvalds msec = msg->security; 3829*1da177e4SLinus Torvalds 3830*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad, IPC); 3831*1da177e4SLinus Torvalds ad.u.ipc_id = msq->q_perm.key; 3832*1da177e4SLinus Torvalds 3833*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->sid, isec->sid, 3834*1da177e4SLinus Torvalds SECCLASS_MSGQ, MSGQ__READ, &ad); 3835*1da177e4SLinus Torvalds if (!rc) 3836*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->sid, msec->sid, 3837*1da177e4SLinus Torvalds SECCLASS_MSG, MSG__RECEIVE, &ad); 3838*1da177e4SLinus Torvalds return rc; 3839*1da177e4SLinus Torvalds } 3840*1da177e4SLinus Torvalds 3841*1da177e4SLinus Torvalds /* Shared Memory security operations */ 3842*1da177e4SLinus Torvalds static int selinux_shm_alloc_security(struct shmid_kernel *shp) 3843*1da177e4SLinus Torvalds { 3844*1da177e4SLinus Torvalds struct task_security_struct *tsec; 3845*1da177e4SLinus Torvalds struct ipc_security_struct *isec; 3846*1da177e4SLinus Torvalds struct avc_audit_data ad; 3847*1da177e4SLinus Torvalds int rc; 3848*1da177e4SLinus Torvalds 3849*1da177e4SLinus Torvalds rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM); 3850*1da177e4SLinus Torvalds if (rc) 3851*1da177e4SLinus Torvalds return rc; 3852*1da177e4SLinus Torvalds 3853*1da177e4SLinus Torvalds tsec = current->security; 3854*1da177e4SLinus Torvalds isec = shp->shm_perm.security; 3855*1da177e4SLinus Torvalds 3856*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad, IPC); 3857*1da177e4SLinus Torvalds ad.u.ipc_id = shp->shm_perm.key; 3858*1da177e4SLinus Torvalds 3859*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM, 3860*1da177e4SLinus Torvalds SHM__CREATE, &ad); 3861*1da177e4SLinus Torvalds if (rc) { 3862*1da177e4SLinus Torvalds ipc_free_security(&shp->shm_perm); 3863*1da177e4SLinus Torvalds return rc; 3864*1da177e4SLinus Torvalds } 3865*1da177e4SLinus Torvalds return 0; 3866*1da177e4SLinus Torvalds } 3867*1da177e4SLinus Torvalds 3868*1da177e4SLinus Torvalds static void selinux_shm_free_security(struct shmid_kernel *shp) 3869*1da177e4SLinus Torvalds { 3870*1da177e4SLinus Torvalds ipc_free_security(&shp->shm_perm); 3871*1da177e4SLinus Torvalds } 3872*1da177e4SLinus Torvalds 3873*1da177e4SLinus Torvalds static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg) 3874*1da177e4SLinus Torvalds { 3875*1da177e4SLinus Torvalds struct task_security_struct *tsec; 3876*1da177e4SLinus Torvalds struct ipc_security_struct *isec; 3877*1da177e4SLinus Torvalds struct avc_audit_data ad; 3878*1da177e4SLinus Torvalds 3879*1da177e4SLinus Torvalds tsec = current->security; 3880*1da177e4SLinus Torvalds isec = shp->shm_perm.security; 3881*1da177e4SLinus Torvalds 3882*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad, IPC); 3883*1da177e4SLinus Torvalds ad.u.ipc_id = shp->shm_perm.key; 3884*1da177e4SLinus Torvalds 3885*1da177e4SLinus Torvalds return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM, 3886*1da177e4SLinus Torvalds SHM__ASSOCIATE, &ad); 3887*1da177e4SLinus Torvalds } 3888*1da177e4SLinus Torvalds 3889*1da177e4SLinus Torvalds /* Note, at this point, shp is locked down */ 3890*1da177e4SLinus Torvalds static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd) 3891*1da177e4SLinus Torvalds { 3892*1da177e4SLinus Torvalds int perms; 3893*1da177e4SLinus Torvalds int err; 3894*1da177e4SLinus Torvalds 3895*1da177e4SLinus Torvalds switch(cmd) { 3896*1da177e4SLinus Torvalds case IPC_INFO: 3897*1da177e4SLinus Torvalds case SHM_INFO: 3898*1da177e4SLinus Torvalds /* No specific object, just general system-wide information. */ 3899*1da177e4SLinus Torvalds return task_has_system(current, SYSTEM__IPC_INFO); 3900*1da177e4SLinus Torvalds case IPC_STAT: 3901*1da177e4SLinus Torvalds case SHM_STAT: 3902*1da177e4SLinus Torvalds perms = SHM__GETATTR | SHM__ASSOCIATE; 3903*1da177e4SLinus Torvalds break; 3904*1da177e4SLinus Torvalds case IPC_SET: 3905*1da177e4SLinus Torvalds perms = SHM__SETATTR; 3906*1da177e4SLinus Torvalds break; 3907*1da177e4SLinus Torvalds case SHM_LOCK: 3908*1da177e4SLinus Torvalds case SHM_UNLOCK: 3909*1da177e4SLinus Torvalds perms = SHM__LOCK; 3910*1da177e4SLinus Torvalds break; 3911*1da177e4SLinus Torvalds case IPC_RMID: 3912*1da177e4SLinus Torvalds perms = SHM__DESTROY; 3913*1da177e4SLinus Torvalds break; 3914*1da177e4SLinus Torvalds default: 3915*1da177e4SLinus Torvalds return 0; 3916*1da177e4SLinus Torvalds } 3917*1da177e4SLinus Torvalds 3918*1da177e4SLinus Torvalds err = ipc_has_perm(&shp->shm_perm, SECCLASS_SHM, perms); 3919*1da177e4SLinus Torvalds return err; 3920*1da177e4SLinus Torvalds } 3921*1da177e4SLinus Torvalds 3922*1da177e4SLinus Torvalds static int selinux_shm_shmat(struct shmid_kernel *shp, 3923*1da177e4SLinus Torvalds char __user *shmaddr, int shmflg) 3924*1da177e4SLinus Torvalds { 3925*1da177e4SLinus Torvalds u32 perms; 3926*1da177e4SLinus Torvalds int rc; 3927*1da177e4SLinus Torvalds 3928*1da177e4SLinus Torvalds rc = secondary_ops->shm_shmat(shp, shmaddr, shmflg); 3929*1da177e4SLinus Torvalds if (rc) 3930*1da177e4SLinus Torvalds return rc; 3931*1da177e4SLinus Torvalds 3932*1da177e4SLinus Torvalds if (shmflg & SHM_RDONLY) 3933*1da177e4SLinus Torvalds perms = SHM__READ; 3934*1da177e4SLinus Torvalds else 3935*1da177e4SLinus Torvalds perms = SHM__READ | SHM__WRITE; 3936*1da177e4SLinus Torvalds 3937*1da177e4SLinus Torvalds return ipc_has_perm(&shp->shm_perm, SECCLASS_SHM, perms); 3938*1da177e4SLinus Torvalds } 3939*1da177e4SLinus Torvalds 3940*1da177e4SLinus Torvalds /* Semaphore security operations */ 3941*1da177e4SLinus Torvalds static int selinux_sem_alloc_security(struct sem_array *sma) 3942*1da177e4SLinus Torvalds { 3943*1da177e4SLinus Torvalds struct task_security_struct *tsec; 3944*1da177e4SLinus Torvalds struct ipc_security_struct *isec; 3945*1da177e4SLinus Torvalds struct avc_audit_data ad; 3946*1da177e4SLinus Torvalds int rc; 3947*1da177e4SLinus Torvalds 3948*1da177e4SLinus Torvalds rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM); 3949*1da177e4SLinus Torvalds if (rc) 3950*1da177e4SLinus Torvalds return rc; 3951*1da177e4SLinus Torvalds 3952*1da177e4SLinus Torvalds tsec = current->security; 3953*1da177e4SLinus Torvalds isec = sma->sem_perm.security; 3954*1da177e4SLinus Torvalds 3955*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad, IPC); 3956*1da177e4SLinus Torvalds ad.u.ipc_id = sma->sem_perm.key; 3957*1da177e4SLinus Torvalds 3958*1da177e4SLinus Torvalds rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM, 3959*1da177e4SLinus Torvalds SEM__CREATE, &ad); 3960*1da177e4SLinus Torvalds if (rc) { 3961*1da177e4SLinus Torvalds ipc_free_security(&sma->sem_perm); 3962*1da177e4SLinus Torvalds return rc; 3963*1da177e4SLinus Torvalds } 3964*1da177e4SLinus Torvalds return 0; 3965*1da177e4SLinus Torvalds } 3966*1da177e4SLinus Torvalds 3967*1da177e4SLinus Torvalds static void selinux_sem_free_security(struct sem_array *sma) 3968*1da177e4SLinus Torvalds { 3969*1da177e4SLinus Torvalds ipc_free_security(&sma->sem_perm); 3970*1da177e4SLinus Torvalds } 3971*1da177e4SLinus Torvalds 3972*1da177e4SLinus Torvalds static int selinux_sem_associate(struct sem_array *sma, int semflg) 3973*1da177e4SLinus Torvalds { 3974*1da177e4SLinus Torvalds struct task_security_struct *tsec; 3975*1da177e4SLinus Torvalds struct ipc_security_struct *isec; 3976*1da177e4SLinus Torvalds struct avc_audit_data ad; 3977*1da177e4SLinus Torvalds 3978*1da177e4SLinus Torvalds tsec = current->security; 3979*1da177e4SLinus Torvalds isec = sma->sem_perm.security; 3980*1da177e4SLinus Torvalds 3981*1da177e4SLinus Torvalds AVC_AUDIT_DATA_INIT(&ad, IPC); 3982*1da177e4SLinus Torvalds ad.u.ipc_id = sma->sem_perm.key; 3983*1da177e4SLinus Torvalds 3984*1da177e4SLinus Torvalds return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM, 3985*1da177e4SLinus Torvalds SEM__ASSOCIATE, &ad); 3986*1da177e4SLinus Torvalds } 3987*1da177e4SLinus Torvalds 3988*1da177e4SLinus Torvalds /* Note, at this point, sma is locked down */ 3989*1da177e4SLinus Torvalds static int selinux_sem_semctl(struct sem_array *sma, int cmd) 3990*1da177e4SLinus Torvalds { 3991*1da177e4SLinus Torvalds int err; 3992*1da177e4SLinus Torvalds u32 perms; 3993*1da177e4SLinus Torvalds 3994*1da177e4SLinus Torvalds switch(cmd) { 3995*1da177e4SLinus Torvalds case IPC_INFO: 3996*1da177e4SLinus Torvalds case SEM_INFO: 3997*1da177e4SLinus Torvalds /* No specific object, just general system-wide information. */ 3998*1da177e4SLinus Torvalds return task_has_system(current, SYSTEM__IPC_INFO); 3999*1da177e4SLinus Torvalds case GETPID: 4000*1da177e4SLinus Torvalds case GETNCNT: 4001*1da177e4SLinus Torvalds case GETZCNT: 4002*1da177e4SLinus Torvalds perms = SEM__GETATTR; 4003*1da177e4SLinus Torvalds break; 4004*1da177e4SLinus Torvalds case GETVAL: 4005*1da177e4SLinus Torvalds case GETALL: 4006*1da177e4SLinus Torvalds perms = SEM__READ; 4007*1da177e4SLinus Torvalds break; 4008*1da177e4SLinus Torvalds case SETVAL: 4009*1da177e4SLinus Torvalds case SETALL: 4010*1da177e4SLinus Torvalds perms = SEM__WRITE; 4011*1da177e4SLinus Torvalds break; 4012*1da177e4SLinus Torvalds case IPC_RMID: 4013*1da177e4SLinus Torvalds perms = SEM__DESTROY; 4014*1da177e4SLinus Torvalds break; 4015*1da177e4SLinus Torvalds case IPC_SET: 4016*1da177e4SLinus Torvalds perms = SEM__SETATTR; 4017*1da177e4SLinus Torvalds break; 4018*1da177e4SLinus Torvalds case IPC_STAT: 4019*1da177e4SLinus Torvalds case SEM_STAT: 4020*1da177e4SLinus Torvalds perms = SEM__GETATTR | SEM__ASSOCIATE; 4021*1da177e4SLinus Torvalds break; 4022*1da177e4SLinus Torvalds default: 4023*1da177e4SLinus Torvalds return 0; 4024*1da177e4SLinus Torvalds } 4025*1da177e4SLinus Torvalds 4026*1da177e4SLinus Torvalds err = ipc_has_perm(&sma->sem_perm, SECCLASS_SEM, perms); 4027*1da177e4SLinus Torvalds return err; 4028*1da177e4SLinus Torvalds } 4029*1da177e4SLinus Torvalds 4030*1da177e4SLinus Torvalds static int selinux_sem_semop(struct sem_array *sma, 4031*1da177e4SLinus Torvalds struct sembuf *sops, unsigned nsops, int alter) 4032*1da177e4SLinus Torvalds { 4033*1da177e4SLinus Torvalds u32 perms; 4034*1da177e4SLinus Torvalds 4035*1da177e4SLinus Torvalds if (alter) 4036*1da177e4SLinus Torvalds perms = SEM__READ | SEM__WRITE; 4037*1da177e4SLinus Torvalds else 4038*1da177e4SLinus Torvalds perms = SEM__READ; 4039*1da177e4SLinus Torvalds 4040*1da177e4SLinus Torvalds return ipc_has_perm(&sma->sem_perm, SECCLASS_SEM, perms); 4041*1da177e4SLinus Torvalds } 4042*1da177e4SLinus Torvalds 4043*1da177e4SLinus Torvalds static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag) 4044*1da177e4SLinus Torvalds { 4045*1da177e4SLinus Torvalds struct ipc_security_struct *isec = ipcp->security; 4046*1da177e4SLinus Torvalds u16 sclass = SECCLASS_IPC; 4047*1da177e4SLinus Torvalds u32 av = 0; 4048*1da177e4SLinus Torvalds 4049*1da177e4SLinus Torvalds if (isec && isec->magic == SELINUX_MAGIC) 4050*1da177e4SLinus Torvalds sclass = isec->sclass; 4051*1da177e4SLinus Torvalds 4052*1da177e4SLinus Torvalds av = 0; 4053*1da177e4SLinus Torvalds if (flag & S_IRUGO) 4054*1da177e4SLinus Torvalds av |= IPC__UNIX_READ; 4055*1da177e4SLinus Torvalds if (flag & S_IWUGO) 4056*1da177e4SLinus Torvalds av |= IPC__UNIX_WRITE; 4057*1da177e4SLinus Torvalds 4058*1da177e4SLinus Torvalds if (av == 0) 4059*1da177e4SLinus Torvalds return 0; 4060*1da177e4SLinus Torvalds 4061*1da177e4SLinus Torvalds return ipc_has_perm(ipcp, sclass, av); 4062*1da177e4SLinus Torvalds } 4063*1da177e4SLinus Torvalds 4064*1da177e4SLinus Torvalds /* module stacking operations */ 4065*1da177e4SLinus Torvalds static int selinux_register_security (const char *name, struct security_operations *ops) 4066*1da177e4SLinus Torvalds { 4067*1da177e4SLinus Torvalds if (secondary_ops != original_ops) { 4068*1da177e4SLinus Torvalds printk(KERN_INFO "%s: There is already a secondary security " 4069*1da177e4SLinus Torvalds "module registered.\n", __FUNCTION__); 4070*1da177e4SLinus Torvalds return -EINVAL; 4071*1da177e4SLinus Torvalds } 4072*1da177e4SLinus Torvalds 4073*1da177e4SLinus Torvalds secondary_ops = ops; 4074*1da177e4SLinus Torvalds 4075*1da177e4SLinus Torvalds printk(KERN_INFO "%s: Registering secondary module %s\n", 4076*1da177e4SLinus Torvalds __FUNCTION__, 4077*1da177e4SLinus Torvalds name); 4078*1da177e4SLinus Torvalds 4079*1da177e4SLinus Torvalds return 0; 4080*1da177e4SLinus Torvalds } 4081*1da177e4SLinus Torvalds 4082*1da177e4SLinus Torvalds static int selinux_unregister_security (const char *name, struct security_operations *ops) 4083*1da177e4SLinus Torvalds { 4084*1da177e4SLinus Torvalds if (ops != secondary_ops) { 4085*1da177e4SLinus Torvalds printk (KERN_INFO "%s: trying to unregister a security module " 4086*1da177e4SLinus Torvalds "that is not registered.\n", __FUNCTION__); 4087*1da177e4SLinus Torvalds return -EINVAL; 4088*1da177e4SLinus Torvalds } 4089*1da177e4SLinus Torvalds 4090*1da177e4SLinus Torvalds secondary_ops = original_ops; 4091*1da177e4SLinus Torvalds 4092*1da177e4SLinus Torvalds return 0; 4093*1da177e4SLinus Torvalds } 4094*1da177e4SLinus Torvalds 4095*1da177e4SLinus Torvalds static void selinux_d_instantiate (struct dentry *dentry, struct inode *inode) 4096*1da177e4SLinus Torvalds { 4097*1da177e4SLinus Torvalds if (inode) 4098*1da177e4SLinus Torvalds inode_doinit_with_dentry(inode, dentry); 4099*1da177e4SLinus Torvalds } 4100*1da177e4SLinus Torvalds 4101*1da177e4SLinus Torvalds static int selinux_getprocattr(struct task_struct *p, 4102*1da177e4SLinus Torvalds char *name, void *value, size_t size) 4103*1da177e4SLinus Torvalds { 4104*1da177e4SLinus Torvalds struct task_security_struct *tsec; 4105*1da177e4SLinus Torvalds u32 sid, len; 4106*1da177e4SLinus Torvalds char *context; 4107*1da177e4SLinus Torvalds int error; 4108*1da177e4SLinus Torvalds 4109*1da177e4SLinus Torvalds if (current != p) { 4110*1da177e4SLinus Torvalds error = task_has_perm(current, p, PROCESS__GETATTR); 4111*1da177e4SLinus Torvalds if (error) 4112*1da177e4SLinus Torvalds return error; 4113*1da177e4SLinus Torvalds } 4114*1da177e4SLinus Torvalds 4115*1da177e4SLinus Torvalds if (!size) 4116*1da177e4SLinus Torvalds return -ERANGE; 4117*1da177e4SLinus Torvalds 4118*1da177e4SLinus Torvalds tsec = p->security; 4119*1da177e4SLinus Torvalds 4120*1da177e4SLinus Torvalds if (!strcmp(name, "current")) 4121*1da177e4SLinus Torvalds sid = tsec->sid; 4122*1da177e4SLinus Torvalds else if (!strcmp(name, "prev")) 4123*1da177e4SLinus Torvalds sid = tsec->osid; 4124*1da177e4SLinus Torvalds else if (!strcmp(name, "exec")) 4125*1da177e4SLinus Torvalds sid = tsec->exec_sid; 4126*1da177e4SLinus Torvalds else if (!strcmp(name, "fscreate")) 4127*1da177e4SLinus Torvalds sid = tsec->create_sid; 4128*1da177e4SLinus Torvalds else 4129*1da177e4SLinus Torvalds return -EINVAL; 4130*1da177e4SLinus Torvalds 4131*1da177e4SLinus Torvalds if (!sid) 4132*1da177e4SLinus Torvalds return 0; 4133*1da177e4SLinus Torvalds 4134*1da177e4SLinus Torvalds error = security_sid_to_context(sid, &context, &len); 4135*1da177e4SLinus Torvalds if (error) 4136*1da177e4SLinus Torvalds return error; 4137*1da177e4SLinus Torvalds if (len > size) { 4138*1da177e4SLinus Torvalds kfree(context); 4139*1da177e4SLinus Torvalds return -ERANGE; 4140*1da177e4SLinus Torvalds } 4141*1da177e4SLinus Torvalds memcpy(value, context, len); 4142*1da177e4SLinus Torvalds kfree(context); 4143*1da177e4SLinus Torvalds return len; 4144*1da177e4SLinus Torvalds } 4145*1da177e4SLinus Torvalds 4146*1da177e4SLinus Torvalds static int selinux_setprocattr(struct task_struct *p, 4147*1da177e4SLinus Torvalds char *name, void *value, size_t size) 4148*1da177e4SLinus Torvalds { 4149*1da177e4SLinus Torvalds struct task_security_struct *tsec; 4150*1da177e4SLinus Torvalds u32 sid = 0; 4151*1da177e4SLinus Torvalds int error; 4152*1da177e4SLinus Torvalds char *str = value; 4153*1da177e4SLinus Torvalds 4154*1da177e4SLinus Torvalds if (current != p) { 4155*1da177e4SLinus Torvalds /* SELinux only allows a process to change its own 4156*1da177e4SLinus Torvalds security attributes. */ 4157*1da177e4SLinus Torvalds return -EACCES; 4158*1da177e4SLinus Torvalds } 4159*1da177e4SLinus Torvalds 4160*1da177e4SLinus Torvalds /* 4161*1da177e4SLinus Torvalds * Basic control over ability to set these attributes at all. 4162*1da177e4SLinus Torvalds * current == p, but we'll pass them separately in case the 4163*1da177e4SLinus Torvalds * above restriction is ever removed. 4164*1da177e4SLinus Torvalds */ 4165*1da177e4SLinus Torvalds if (!strcmp(name, "exec")) 4166*1da177e4SLinus Torvalds error = task_has_perm(current, p, PROCESS__SETEXEC); 4167*1da177e4SLinus Torvalds else if (!strcmp(name, "fscreate")) 4168*1da177e4SLinus Torvalds error = task_has_perm(current, p, PROCESS__SETFSCREATE); 4169*1da177e4SLinus Torvalds else if (!strcmp(name, "current")) 4170*1da177e4SLinus Torvalds error = task_has_perm(current, p, PROCESS__SETCURRENT); 4171*1da177e4SLinus Torvalds else 4172*1da177e4SLinus Torvalds error = -EINVAL; 4173*1da177e4SLinus Torvalds if (error) 4174*1da177e4SLinus Torvalds return error; 4175*1da177e4SLinus Torvalds 4176*1da177e4SLinus Torvalds /* Obtain a SID for the context, if one was specified. */ 4177*1da177e4SLinus Torvalds if (size && str[1] && str[1] != '\n') { 4178*1da177e4SLinus Torvalds if (str[size-1] == '\n') { 4179*1da177e4SLinus Torvalds str[size-1] = 0; 4180*1da177e4SLinus Torvalds size--; 4181*1da177e4SLinus Torvalds } 4182*1da177e4SLinus Torvalds error = security_context_to_sid(value, size, &sid); 4183*1da177e4SLinus Torvalds if (error) 4184*1da177e4SLinus Torvalds return error; 4185*1da177e4SLinus Torvalds } 4186*1da177e4SLinus Torvalds 4187*1da177e4SLinus Torvalds /* Permission checking based on the specified context is 4188*1da177e4SLinus Torvalds performed during the actual operation (execve, 4189*1da177e4SLinus Torvalds open/mkdir/...), when we know the full context of the 4190*1da177e4SLinus Torvalds operation. See selinux_bprm_set_security for the execve 4191*1da177e4SLinus Torvalds checks and may_create for the file creation checks. The 4192*1da177e4SLinus Torvalds operation will then fail if the context is not permitted. */ 4193*1da177e4SLinus Torvalds tsec = p->security; 4194*1da177e4SLinus Torvalds if (!strcmp(name, "exec")) 4195*1da177e4SLinus Torvalds tsec->exec_sid = sid; 4196*1da177e4SLinus Torvalds else if (!strcmp(name, "fscreate")) 4197*1da177e4SLinus Torvalds tsec->create_sid = sid; 4198*1da177e4SLinus Torvalds else if (!strcmp(name, "current")) { 4199*1da177e4SLinus Torvalds struct av_decision avd; 4200*1da177e4SLinus Torvalds 4201*1da177e4SLinus Torvalds if (sid == 0) 4202*1da177e4SLinus Torvalds return -EINVAL; 4203*1da177e4SLinus Torvalds 4204*1da177e4SLinus Torvalds /* Only allow single threaded processes to change context */ 4205*1da177e4SLinus Torvalds if (atomic_read(&p->mm->mm_users) != 1) { 4206*1da177e4SLinus Torvalds struct task_struct *g, *t; 4207*1da177e4SLinus Torvalds struct mm_struct *mm = p->mm; 4208*1da177e4SLinus Torvalds read_lock(&tasklist_lock); 4209*1da177e4SLinus Torvalds do_each_thread(g, t) 4210*1da177e4SLinus Torvalds if (t->mm == mm && t != p) { 4211*1da177e4SLinus Torvalds read_unlock(&tasklist_lock); 4212*1da177e4SLinus Torvalds return -EPERM; 4213*1da177e4SLinus Torvalds } 4214*1da177e4SLinus Torvalds while_each_thread(g, t); 4215*1da177e4SLinus Torvalds read_unlock(&tasklist_lock); 4216*1da177e4SLinus Torvalds } 4217*1da177e4SLinus Torvalds 4218*1da177e4SLinus Torvalds /* Check permissions for the transition. */ 4219*1da177e4SLinus Torvalds error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS, 4220*1da177e4SLinus Torvalds PROCESS__DYNTRANSITION, NULL); 4221*1da177e4SLinus Torvalds if (error) 4222*1da177e4SLinus Torvalds return error; 4223*1da177e4SLinus Torvalds 4224*1da177e4SLinus Torvalds /* Check for ptracing, and update the task SID if ok. 4225*1da177e4SLinus Torvalds Otherwise, leave SID unchanged and fail. */ 4226*1da177e4SLinus Torvalds task_lock(p); 4227*1da177e4SLinus Torvalds if (p->ptrace & PT_PTRACED) { 4228*1da177e4SLinus Torvalds error = avc_has_perm_noaudit(tsec->ptrace_sid, sid, 4229*1da177e4SLinus Torvalds SECCLASS_PROCESS, 4230*1da177e4SLinus Torvalds PROCESS__PTRACE, &avd); 4231*1da177e4SLinus Torvalds if (!error) 4232*1da177e4SLinus Torvalds tsec->sid = sid; 4233*1da177e4SLinus Torvalds task_unlock(p); 4234*1da177e4SLinus Torvalds avc_audit(tsec->ptrace_sid, sid, SECCLASS_PROCESS, 4235*1da177e4SLinus Torvalds PROCESS__PTRACE, &avd, error, NULL); 4236*1da177e4SLinus Torvalds if (error) 4237*1da177e4SLinus Torvalds return error; 4238*1da177e4SLinus Torvalds } else { 4239*1da177e4SLinus Torvalds tsec->sid = sid; 4240*1da177e4SLinus Torvalds task_unlock(p); 4241*1da177e4SLinus Torvalds } 4242*1da177e4SLinus Torvalds } 4243*1da177e4SLinus Torvalds else 4244*1da177e4SLinus Torvalds return -EINVAL; 4245*1da177e4SLinus Torvalds 4246*1da177e4SLinus Torvalds return size; 4247*1da177e4SLinus Torvalds } 4248*1da177e4SLinus Torvalds 4249*1da177e4SLinus Torvalds static struct security_operations selinux_ops = { 4250*1da177e4SLinus Torvalds .ptrace = selinux_ptrace, 4251*1da177e4SLinus Torvalds .capget = selinux_capget, 4252*1da177e4SLinus Torvalds .capset_check = selinux_capset_check, 4253*1da177e4SLinus Torvalds .capset_set = selinux_capset_set, 4254*1da177e4SLinus Torvalds .sysctl = selinux_sysctl, 4255*1da177e4SLinus Torvalds .capable = selinux_capable, 4256*1da177e4SLinus Torvalds .quotactl = selinux_quotactl, 4257*1da177e4SLinus Torvalds .quota_on = selinux_quota_on, 4258*1da177e4SLinus Torvalds .syslog = selinux_syslog, 4259*1da177e4SLinus Torvalds .vm_enough_memory = selinux_vm_enough_memory, 4260*1da177e4SLinus Torvalds 4261*1da177e4SLinus Torvalds .netlink_send = selinux_netlink_send, 4262*1da177e4SLinus Torvalds .netlink_recv = selinux_netlink_recv, 4263*1da177e4SLinus Torvalds 4264*1da177e4SLinus Torvalds .bprm_alloc_security = selinux_bprm_alloc_security, 4265*1da177e4SLinus Torvalds .bprm_free_security = selinux_bprm_free_security, 4266*1da177e4SLinus Torvalds .bprm_apply_creds = selinux_bprm_apply_creds, 4267*1da177e4SLinus Torvalds .bprm_post_apply_creds = selinux_bprm_post_apply_creds, 4268*1da177e4SLinus Torvalds .bprm_set_security = selinux_bprm_set_security, 4269*1da177e4SLinus Torvalds .bprm_check_security = selinux_bprm_check_security, 4270*1da177e4SLinus Torvalds .bprm_secureexec = selinux_bprm_secureexec, 4271*1da177e4SLinus Torvalds 4272*1da177e4SLinus Torvalds .sb_alloc_security = selinux_sb_alloc_security, 4273*1da177e4SLinus Torvalds .sb_free_security = selinux_sb_free_security, 4274*1da177e4SLinus Torvalds .sb_copy_data = selinux_sb_copy_data, 4275*1da177e4SLinus Torvalds .sb_kern_mount = selinux_sb_kern_mount, 4276*1da177e4SLinus Torvalds .sb_statfs = selinux_sb_statfs, 4277*1da177e4SLinus Torvalds .sb_mount = selinux_mount, 4278*1da177e4SLinus Torvalds .sb_umount = selinux_umount, 4279*1da177e4SLinus Torvalds 4280*1da177e4SLinus Torvalds .inode_alloc_security = selinux_inode_alloc_security, 4281*1da177e4SLinus Torvalds .inode_free_security = selinux_inode_free_security, 4282*1da177e4SLinus Torvalds .inode_create = selinux_inode_create, 4283*1da177e4SLinus Torvalds .inode_post_create = selinux_inode_post_create, 4284*1da177e4SLinus Torvalds .inode_link = selinux_inode_link, 4285*1da177e4SLinus Torvalds .inode_post_link = selinux_inode_post_link, 4286*1da177e4SLinus Torvalds .inode_unlink = selinux_inode_unlink, 4287*1da177e4SLinus Torvalds .inode_symlink = selinux_inode_symlink, 4288*1da177e4SLinus Torvalds .inode_post_symlink = selinux_inode_post_symlink, 4289*1da177e4SLinus Torvalds .inode_mkdir = selinux_inode_mkdir, 4290*1da177e4SLinus Torvalds .inode_post_mkdir = selinux_inode_post_mkdir, 4291*1da177e4SLinus Torvalds .inode_rmdir = selinux_inode_rmdir, 4292*1da177e4SLinus Torvalds .inode_mknod = selinux_inode_mknod, 4293*1da177e4SLinus Torvalds .inode_post_mknod = selinux_inode_post_mknod, 4294*1da177e4SLinus Torvalds .inode_rename = selinux_inode_rename, 4295*1da177e4SLinus Torvalds .inode_post_rename = selinux_inode_post_rename, 4296*1da177e4SLinus Torvalds .inode_readlink = selinux_inode_readlink, 4297*1da177e4SLinus Torvalds .inode_follow_link = selinux_inode_follow_link, 4298*1da177e4SLinus Torvalds .inode_permission = selinux_inode_permission, 4299*1da177e4SLinus Torvalds .inode_setattr = selinux_inode_setattr, 4300*1da177e4SLinus Torvalds .inode_getattr = selinux_inode_getattr, 4301*1da177e4SLinus Torvalds .inode_setxattr = selinux_inode_setxattr, 4302*1da177e4SLinus Torvalds .inode_post_setxattr = selinux_inode_post_setxattr, 4303*1da177e4SLinus Torvalds .inode_getxattr = selinux_inode_getxattr, 4304*1da177e4SLinus Torvalds .inode_listxattr = selinux_inode_listxattr, 4305*1da177e4SLinus Torvalds .inode_removexattr = selinux_inode_removexattr, 4306*1da177e4SLinus Torvalds .inode_getsecurity = selinux_inode_getsecurity, 4307*1da177e4SLinus Torvalds .inode_setsecurity = selinux_inode_setsecurity, 4308*1da177e4SLinus Torvalds .inode_listsecurity = selinux_inode_listsecurity, 4309*1da177e4SLinus Torvalds 4310*1da177e4SLinus Torvalds .file_permission = selinux_file_permission, 4311*1da177e4SLinus Torvalds .file_alloc_security = selinux_file_alloc_security, 4312*1da177e4SLinus Torvalds .file_free_security = selinux_file_free_security, 4313*1da177e4SLinus Torvalds .file_ioctl = selinux_file_ioctl, 4314*1da177e4SLinus Torvalds .file_mmap = selinux_file_mmap, 4315*1da177e4SLinus Torvalds .file_mprotect = selinux_file_mprotect, 4316*1da177e4SLinus Torvalds .file_lock = selinux_file_lock, 4317*1da177e4SLinus Torvalds .file_fcntl = selinux_file_fcntl, 4318*1da177e4SLinus Torvalds .file_set_fowner = selinux_file_set_fowner, 4319*1da177e4SLinus Torvalds .file_send_sigiotask = selinux_file_send_sigiotask, 4320*1da177e4SLinus Torvalds .file_receive = selinux_file_receive, 4321*1da177e4SLinus Torvalds 4322*1da177e4SLinus Torvalds .task_create = selinux_task_create, 4323*1da177e4SLinus Torvalds .task_alloc_security = selinux_task_alloc_security, 4324*1da177e4SLinus Torvalds .task_free_security = selinux_task_free_security, 4325*1da177e4SLinus Torvalds .task_setuid = selinux_task_setuid, 4326*1da177e4SLinus Torvalds .task_post_setuid = selinux_task_post_setuid, 4327*1da177e4SLinus Torvalds .task_setgid = selinux_task_setgid, 4328*1da177e4SLinus Torvalds .task_setpgid = selinux_task_setpgid, 4329*1da177e4SLinus Torvalds .task_getpgid = selinux_task_getpgid, 4330*1da177e4SLinus Torvalds .task_getsid = selinux_task_getsid, 4331*1da177e4SLinus Torvalds .task_setgroups = selinux_task_setgroups, 4332*1da177e4SLinus Torvalds .task_setnice = selinux_task_setnice, 4333*1da177e4SLinus Torvalds .task_setrlimit = selinux_task_setrlimit, 4334*1da177e4SLinus Torvalds .task_setscheduler = selinux_task_setscheduler, 4335*1da177e4SLinus Torvalds .task_getscheduler = selinux_task_getscheduler, 4336*1da177e4SLinus Torvalds .task_kill = selinux_task_kill, 4337*1da177e4SLinus Torvalds .task_wait = selinux_task_wait, 4338*1da177e4SLinus Torvalds .task_prctl = selinux_task_prctl, 4339*1da177e4SLinus Torvalds .task_reparent_to_init = selinux_task_reparent_to_init, 4340*1da177e4SLinus Torvalds .task_to_inode = selinux_task_to_inode, 4341*1da177e4SLinus Torvalds 4342*1da177e4SLinus Torvalds .ipc_permission = selinux_ipc_permission, 4343*1da177e4SLinus Torvalds 4344*1da177e4SLinus Torvalds .msg_msg_alloc_security = selinux_msg_msg_alloc_security, 4345*1da177e4SLinus Torvalds .msg_msg_free_security = selinux_msg_msg_free_security, 4346*1da177e4SLinus Torvalds 4347*1da177e4SLinus Torvalds .msg_queue_alloc_security = selinux_msg_queue_alloc_security, 4348*1da177e4SLinus Torvalds .msg_queue_free_security = selinux_msg_queue_free_security, 4349*1da177e4SLinus Torvalds .msg_queue_associate = selinux_msg_queue_associate, 4350*1da177e4SLinus Torvalds .msg_queue_msgctl = selinux_msg_queue_msgctl, 4351*1da177e4SLinus Torvalds .msg_queue_msgsnd = selinux_msg_queue_msgsnd, 4352*1da177e4SLinus Torvalds .msg_queue_msgrcv = selinux_msg_queue_msgrcv, 4353*1da177e4SLinus Torvalds 4354*1da177e4SLinus Torvalds .shm_alloc_security = selinux_shm_alloc_security, 4355*1da177e4SLinus Torvalds .shm_free_security = selinux_shm_free_security, 4356*1da177e4SLinus Torvalds .shm_associate = selinux_shm_associate, 4357*1da177e4SLinus Torvalds .shm_shmctl = selinux_shm_shmctl, 4358*1da177e4SLinus Torvalds .shm_shmat = selinux_shm_shmat, 4359*1da177e4SLinus Torvalds 4360*1da177e4SLinus Torvalds .sem_alloc_security = selinux_sem_alloc_security, 4361*1da177e4SLinus Torvalds .sem_free_security = selinux_sem_free_security, 4362*1da177e4SLinus Torvalds .sem_associate = selinux_sem_associate, 4363*1da177e4SLinus Torvalds .sem_semctl = selinux_sem_semctl, 4364*1da177e4SLinus Torvalds .sem_semop = selinux_sem_semop, 4365*1da177e4SLinus Torvalds 4366*1da177e4SLinus Torvalds .register_security = selinux_register_security, 4367*1da177e4SLinus Torvalds .unregister_security = selinux_unregister_security, 4368*1da177e4SLinus Torvalds 4369*1da177e4SLinus Torvalds .d_instantiate = selinux_d_instantiate, 4370*1da177e4SLinus Torvalds 4371*1da177e4SLinus Torvalds .getprocattr = selinux_getprocattr, 4372*1da177e4SLinus Torvalds .setprocattr = selinux_setprocattr, 4373*1da177e4SLinus Torvalds 4374*1da177e4SLinus Torvalds #ifdef CONFIG_SECURITY_NETWORK 4375*1da177e4SLinus Torvalds .unix_stream_connect = selinux_socket_unix_stream_connect, 4376*1da177e4SLinus Torvalds .unix_may_send = selinux_socket_unix_may_send, 4377*1da177e4SLinus Torvalds 4378*1da177e4SLinus Torvalds .socket_create = selinux_socket_create, 4379*1da177e4SLinus Torvalds .socket_post_create = selinux_socket_post_create, 4380*1da177e4SLinus Torvalds .socket_bind = selinux_socket_bind, 4381*1da177e4SLinus Torvalds .socket_connect = selinux_socket_connect, 4382*1da177e4SLinus Torvalds .socket_listen = selinux_socket_listen, 4383*1da177e4SLinus Torvalds .socket_accept = selinux_socket_accept, 4384*1da177e4SLinus Torvalds .socket_sendmsg = selinux_socket_sendmsg, 4385*1da177e4SLinus Torvalds .socket_recvmsg = selinux_socket_recvmsg, 4386*1da177e4SLinus Torvalds .socket_getsockname = selinux_socket_getsockname, 4387*1da177e4SLinus Torvalds .socket_getpeername = selinux_socket_getpeername, 4388*1da177e4SLinus Torvalds .socket_getsockopt = selinux_socket_getsockopt, 4389*1da177e4SLinus Torvalds .socket_setsockopt = selinux_socket_setsockopt, 4390*1da177e4SLinus Torvalds .socket_shutdown = selinux_socket_shutdown, 4391*1da177e4SLinus Torvalds .socket_sock_rcv_skb = selinux_socket_sock_rcv_skb, 4392*1da177e4SLinus Torvalds .socket_getpeersec = selinux_socket_getpeersec, 4393*1da177e4SLinus Torvalds .sk_alloc_security = selinux_sk_alloc_security, 4394*1da177e4SLinus Torvalds .sk_free_security = selinux_sk_free_security, 4395*1da177e4SLinus Torvalds #endif 4396*1da177e4SLinus Torvalds }; 4397*1da177e4SLinus Torvalds 4398*1da177e4SLinus Torvalds static __init int selinux_init(void) 4399*1da177e4SLinus Torvalds { 4400*1da177e4SLinus Torvalds struct task_security_struct *tsec; 4401*1da177e4SLinus Torvalds 4402*1da177e4SLinus Torvalds if (!selinux_enabled) { 4403*1da177e4SLinus Torvalds printk(KERN_INFO "SELinux: Disabled at boot.\n"); 4404*1da177e4SLinus Torvalds return 0; 4405*1da177e4SLinus Torvalds } 4406*1da177e4SLinus Torvalds 4407*1da177e4SLinus Torvalds printk(KERN_INFO "SELinux: Initializing.\n"); 4408*1da177e4SLinus Torvalds 4409*1da177e4SLinus Torvalds /* Set the security state for the initial task. */ 4410*1da177e4SLinus Torvalds if (task_alloc_security(current)) 4411*1da177e4SLinus Torvalds panic("SELinux: Failed to initialize initial task.\n"); 4412*1da177e4SLinus Torvalds tsec = current->security; 4413*1da177e4SLinus Torvalds tsec->osid = tsec->sid = SECINITSID_KERNEL; 4414*1da177e4SLinus Torvalds 4415*1da177e4SLinus Torvalds avc_init(); 4416*1da177e4SLinus Torvalds 4417*1da177e4SLinus Torvalds original_ops = secondary_ops = security_ops; 4418*1da177e4SLinus Torvalds if (!secondary_ops) 4419*1da177e4SLinus Torvalds panic ("SELinux: No initial security operations\n"); 4420*1da177e4SLinus Torvalds if (register_security (&selinux_ops)) 4421*1da177e4SLinus Torvalds panic("SELinux: Unable to register with kernel.\n"); 4422*1da177e4SLinus Torvalds 4423*1da177e4SLinus Torvalds if (selinux_enforcing) { 4424*1da177e4SLinus Torvalds printk(KERN_INFO "SELinux: Starting in enforcing mode\n"); 4425*1da177e4SLinus Torvalds } else { 4426*1da177e4SLinus Torvalds printk(KERN_INFO "SELinux: Starting in permissive mode\n"); 4427*1da177e4SLinus Torvalds } 4428*1da177e4SLinus Torvalds return 0; 4429*1da177e4SLinus Torvalds } 4430*1da177e4SLinus Torvalds 4431*1da177e4SLinus Torvalds void selinux_complete_init(void) 4432*1da177e4SLinus Torvalds { 4433*1da177e4SLinus Torvalds printk(KERN_INFO "SELinux: Completing initialization.\n"); 4434*1da177e4SLinus Torvalds 4435*1da177e4SLinus Torvalds /* Set up any superblocks initialized prior to the policy load. */ 4436*1da177e4SLinus Torvalds printk(KERN_INFO "SELinux: Setting up existing superblocks.\n"); 4437*1da177e4SLinus Torvalds spin_lock(&sb_security_lock); 4438*1da177e4SLinus Torvalds next_sb: 4439*1da177e4SLinus Torvalds if (!list_empty(&superblock_security_head)) { 4440*1da177e4SLinus Torvalds struct superblock_security_struct *sbsec = 4441*1da177e4SLinus Torvalds list_entry(superblock_security_head.next, 4442*1da177e4SLinus Torvalds struct superblock_security_struct, 4443*1da177e4SLinus Torvalds list); 4444*1da177e4SLinus Torvalds struct super_block *sb = sbsec->sb; 4445*1da177e4SLinus Torvalds spin_lock(&sb_lock); 4446*1da177e4SLinus Torvalds sb->s_count++; 4447*1da177e4SLinus Torvalds spin_unlock(&sb_lock); 4448*1da177e4SLinus Torvalds spin_unlock(&sb_security_lock); 4449*1da177e4SLinus Torvalds down_read(&sb->s_umount); 4450*1da177e4SLinus Torvalds if (sb->s_root) 4451*1da177e4SLinus Torvalds superblock_doinit(sb, NULL); 4452*1da177e4SLinus Torvalds drop_super(sb); 4453*1da177e4SLinus Torvalds spin_lock(&sb_security_lock); 4454*1da177e4SLinus Torvalds list_del_init(&sbsec->list); 4455*1da177e4SLinus Torvalds goto next_sb; 4456*1da177e4SLinus Torvalds } 4457*1da177e4SLinus Torvalds spin_unlock(&sb_security_lock); 4458*1da177e4SLinus Torvalds } 4459*1da177e4SLinus Torvalds 4460*1da177e4SLinus Torvalds /* SELinux requires early initialization in order to label 4461*1da177e4SLinus Torvalds all processes and objects when they are created. */ 4462*1da177e4SLinus Torvalds security_initcall(selinux_init); 4463*1da177e4SLinus Torvalds 4464*1da177e4SLinus Torvalds #if defined(CONFIG_SECURITY_NETWORK) && defined(CONFIG_NETFILTER) 4465*1da177e4SLinus Torvalds 4466*1da177e4SLinus Torvalds static struct nf_hook_ops selinux_ipv4_op = { 4467*1da177e4SLinus Torvalds .hook = selinux_ipv4_postroute_last, 4468*1da177e4SLinus Torvalds .owner = THIS_MODULE, 4469*1da177e4SLinus Torvalds .pf = PF_INET, 4470*1da177e4SLinus Torvalds .hooknum = NF_IP_POST_ROUTING, 4471*1da177e4SLinus Torvalds .priority = NF_IP_PRI_SELINUX_LAST, 4472*1da177e4SLinus Torvalds }; 4473*1da177e4SLinus Torvalds 4474*1da177e4SLinus Torvalds #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 4475*1da177e4SLinus Torvalds 4476*1da177e4SLinus Torvalds static struct nf_hook_ops selinux_ipv6_op = { 4477*1da177e4SLinus Torvalds .hook = selinux_ipv6_postroute_last, 4478*1da177e4SLinus Torvalds .owner = THIS_MODULE, 4479*1da177e4SLinus Torvalds .pf = PF_INET6, 4480*1da177e4SLinus Torvalds .hooknum = NF_IP6_POST_ROUTING, 4481*1da177e4SLinus Torvalds .priority = NF_IP6_PRI_SELINUX_LAST, 4482*1da177e4SLinus Torvalds }; 4483*1da177e4SLinus Torvalds 4484*1da177e4SLinus Torvalds #endif /* IPV6 */ 4485*1da177e4SLinus Torvalds 4486*1da177e4SLinus Torvalds static int __init selinux_nf_ip_init(void) 4487*1da177e4SLinus Torvalds { 4488*1da177e4SLinus Torvalds int err = 0; 4489*1da177e4SLinus Torvalds 4490*1da177e4SLinus Torvalds if (!selinux_enabled) 4491*1da177e4SLinus Torvalds goto out; 4492*1da177e4SLinus Torvalds 4493*1da177e4SLinus Torvalds printk(KERN_INFO "SELinux: Registering netfilter hooks\n"); 4494*1da177e4SLinus Torvalds 4495*1da177e4SLinus Torvalds err = nf_register_hook(&selinux_ipv4_op); 4496*1da177e4SLinus Torvalds if (err) 4497*1da177e4SLinus Torvalds panic("SELinux: nf_register_hook for IPv4: error %d\n", err); 4498*1da177e4SLinus Torvalds 4499*1da177e4SLinus Torvalds #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 4500*1da177e4SLinus Torvalds 4501*1da177e4SLinus Torvalds err = nf_register_hook(&selinux_ipv6_op); 4502*1da177e4SLinus Torvalds if (err) 4503*1da177e4SLinus Torvalds panic("SELinux: nf_register_hook for IPv6: error %d\n", err); 4504*1da177e4SLinus Torvalds 4505*1da177e4SLinus Torvalds #endif /* IPV6 */ 4506*1da177e4SLinus Torvalds out: 4507*1da177e4SLinus Torvalds return err; 4508*1da177e4SLinus Torvalds } 4509*1da177e4SLinus Torvalds 4510*1da177e4SLinus Torvalds __initcall(selinux_nf_ip_init); 4511*1da177e4SLinus Torvalds 4512*1da177e4SLinus Torvalds #ifdef CONFIG_SECURITY_SELINUX_DISABLE 4513*1da177e4SLinus Torvalds static void selinux_nf_ip_exit(void) 4514*1da177e4SLinus Torvalds { 4515*1da177e4SLinus Torvalds printk(KERN_INFO "SELinux: Unregistering netfilter hooks\n"); 4516*1da177e4SLinus Torvalds 4517*1da177e4SLinus Torvalds nf_unregister_hook(&selinux_ipv4_op); 4518*1da177e4SLinus Torvalds #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 4519*1da177e4SLinus Torvalds nf_unregister_hook(&selinux_ipv6_op); 4520*1da177e4SLinus Torvalds #endif /* IPV6 */ 4521*1da177e4SLinus Torvalds } 4522*1da177e4SLinus Torvalds #endif 4523*1da177e4SLinus Torvalds 4524*1da177e4SLinus Torvalds #else /* CONFIG_SECURITY_NETWORK && CONFIG_NETFILTER */ 4525*1da177e4SLinus Torvalds 4526*1da177e4SLinus Torvalds #ifdef CONFIG_SECURITY_SELINUX_DISABLE 4527*1da177e4SLinus Torvalds #define selinux_nf_ip_exit() 4528*1da177e4SLinus Torvalds #endif 4529*1da177e4SLinus Torvalds 4530*1da177e4SLinus Torvalds #endif /* CONFIG_SECURITY_NETWORK && CONFIG_NETFILTER */ 4531*1da177e4SLinus Torvalds 4532*1da177e4SLinus Torvalds #ifdef CONFIG_SECURITY_SELINUX_DISABLE 4533*1da177e4SLinus Torvalds int selinux_disable(void) 4534*1da177e4SLinus Torvalds { 4535*1da177e4SLinus Torvalds extern void exit_sel_fs(void); 4536*1da177e4SLinus Torvalds static int selinux_disabled = 0; 4537*1da177e4SLinus Torvalds 4538*1da177e4SLinus Torvalds if (ss_initialized) { 4539*1da177e4SLinus Torvalds /* Not permitted after initial policy load. */ 4540*1da177e4SLinus Torvalds return -EINVAL; 4541*1da177e4SLinus Torvalds } 4542*1da177e4SLinus Torvalds 4543*1da177e4SLinus Torvalds if (selinux_disabled) { 4544*1da177e4SLinus Torvalds /* Only do this once. */ 4545*1da177e4SLinus Torvalds return -EINVAL; 4546*1da177e4SLinus Torvalds } 4547*1da177e4SLinus Torvalds 4548*1da177e4SLinus Torvalds printk(KERN_INFO "SELinux: Disabled at runtime.\n"); 4549*1da177e4SLinus Torvalds 4550*1da177e4SLinus Torvalds selinux_disabled = 1; 4551*1da177e4SLinus Torvalds 4552*1da177e4SLinus Torvalds /* Reset security_ops to the secondary module, dummy or capability. */ 4553*1da177e4SLinus Torvalds security_ops = secondary_ops; 4554*1da177e4SLinus Torvalds 4555*1da177e4SLinus Torvalds /* Unregister netfilter hooks. */ 4556*1da177e4SLinus Torvalds selinux_nf_ip_exit(); 4557*1da177e4SLinus Torvalds 4558*1da177e4SLinus Torvalds /* Unregister selinuxfs. */ 4559*1da177e4SLinus Torvalds exit_sel_fs(); 4560*1da177e4SLinus Torvalds 4561*1da177e4SLinus Torvalds return 0; 4562*1da177e4SLinus Torvalds } 4563*1da177e4SLinus Torvalds #endif 4564*1da177e4SLinus Torvalds 4565*1da177e4SLinus Torvalds 4566