1 /* 2 * Implementation of the kernel access vector cache (AVC). 3 * 4 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 5 * James Morris <jmorris@redhat.com> 6 * 7 * Update: KaiGai, Kohei <kaigai@ak.jp.nec.com> 8 * Replaced the avc_lock spinlock by RCU. 9 * 10 * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com> 11 * 12 * This program is free software; you can redistribute it and/or modify 13 * it under the terms of the GNU General Public License version 2, 14 * as published by the Free Software Foundation. 15 */ 16 #include <linux/types.h> 17 #include <linux/stddef.h> 18 #include <linux/kernel.h> 19 #include <linux/slab.h> 20 #include <linux/fs.h> 21 #include <linux/dcache.h> 22 #include <linux/init.h> 23 #include <linux/skbuff.h> 24 #include <linux/percpu.h> 25 #include <net/sock.h> 26 #include <linux/un.h> 27 #include <net/af_unix.h> 28 #include <linux/ip.h> 29 #include <linux/audit.h> 30 #include <linux/ipv6.h> 31 #include <net/ipv6.h> 32 #include "avc.h" 33 #include "avc_ss.h" 34 35 static const struct av_perm_to_string av_perm_to_string[] = { 36 #define S_(c, v, s) { c, v, s }, 37 #include "av_perm_to_string.h" 38 #undef S_ 39 }; 40 41 static const char *class_to_string[] = { 42 #define S_(s) s, 43 #include "class_to_string.h" 44 #undef S_ 45 }; 46 47 #define TB_(s) static const char *s[] = { 48 #define TE_(s) }; 49 #define S_(s) s, 50 #include "common_perm_to_string.h" 51 #undef TB_ 52 #undef TE_ 53 #undef S_ 54 55 static const struct av_inherit av_inherit[] = { 56 #define S_(c, i, b) { .tclass = c,\ 57 .common_pts = common_##i##_perm_to_string,\ 58 .common_base = b }, 59 #include "av_inherit.h" 60 #undef S_ 61 }; 62 63 const struct selinux_class_perm selinux_class_perm = { 64 .av_perm_to_string = av_perm_to_string, 65 .av_pts_len = ARRAY_SIZE(av_perm_to_string), 66 .class_to_string = class_to_string, 67 .cts_len = ARRAY_SIZE(class_to_string), 68 .av_inherit = av_inherit, 69 .av_inherit_len = ARRAY_SIZE(av_inherit) 70 }; 71 72 #define AVC_CACHE_SLOTS 512 73 #define AVC_DEF_CACHE_THRESHOLD 512 74 #define AVC_CACHE_RECLAIM 16 75 76 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 77 #define avc_cache_stats_incr(field) \ 78 do { \ 79 per_cpu(avc_cache_stats, get_cpu()).field++; \ 80 put_cpu(); \ 81 } while (0) 82 #else 83 #define avc_cache_stats_incr(field) do {} while (0) 84 #endif 85 86 struct avc_entry { 87 u32 ssid; 88 u32 tsid; 89 u16 tclass; 90 struct av_decision avd; 91 }; 92 93 struct avc_node { 94 struct avc_entry ae; 95 struct hlist_node list; /* anchored in avc_cache->slots[i] */ 96 struct rcu_head rhead; 97 }; 98 99 struct avc_cache { 100 struct hlist_head slots[AVC_CACHE_SLOTS]; /* head for avc_node->list */ 101 spinlock_t slots_lock[AVC_CACHE_SLOTS]; /* lock for writes */ 102 atomic_t lru_hint; /* LRU hint for reclaim scan */ 103 atomic_t active_nodes; 104 u32 latest_notif; /* latest revocation notification */ 105 }; 106 107 struct avc_callback_node { 108 int (*callback) (u32 event, u32 ssid, u32 tsid, 109 u16 tclass, u32 perms, 110 u32 *out_retained); 111 u32 events; 112 u32 ssid; 113 u32 tsid; 114 u16 tclass; 115 u32 perms; 116 struct avc_callback_node *next; 117 }; 118 119 /* Exported via selinufs */ 120 unsigned int avc_cache_threshold = AVC_DEF_CACHE_THRESHOLD; 121 122 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 123 DEFINE_PER_CPU(struct avc_cache_stats, avc_cache_stats) = { 0 }; 124 #endif 125 126 static struct avc_cache avc_cache; 127 static struct avc_callback_node *avc_callbacks; 128 static struct kmem_cache *avc_node_cachep; 129 130 static inline int avc_hash(u32 ssid, u32 tsid, u16 tclass) 131 { 132 return (ssid ^ (tsid<<2) ^ (tclass<<4)) & (AVC_CACHE_SLOTS - 1); 133 } 134 135 /** 136 * avc_dump_av - Display an access vector in human-readable form. 137 * @tclass: target security class 138 * @av: access vector 139 */ 140 static void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av) 141 { 142 const char **common_pts = NULL; 143 u32 common_base = 0; 144 int i, i2, perm; 145 146 if (av == 0) { 147 audit_log_format(ab, " null"); 148 return; 149 } 150 151 for (i = 0; i < ARRAY_SIZE(av_inherit); i++) { 152 if (av_inherit[i].tclass == tclass) { 153 common_pts = av_inherit[i].common_pts; 154 common_base = av_inherit[i].common_base; 155 break; 156 } 157 } 158 159 audit_log_format(ab, " {"); 160 i = 0; 161 perm = 1; 162 while (perm < common_base) { 163 if (perm & av) { 164 audit_log_format(ab, " %s", common_pts[i]); 165 av &= ~perm; 166 } 167 i++; 168 perm <<= 1; 169 } 170 171 while (i < sizeof(av) * 8) { 172 if (perm & av) { 173 for (i2 = 0; i2 < ARRAY_SIZE(av_perm_to_string); i2++) { 174 if ((av_perm_to_string[i2].tclass == tclass) && 175 (av_perm_to_string[i2].value == perm)) 176 break; 177 } 178 if (i2 < ARRAY_SIZE(av_perm_to_string)) { 179 audit_log_format(ab, " %s", 180 av_perm_to_string[i2].name); 181 av &= ~perm; 182 } 183 } 184 i++; 185 perm <<= 1; 186 } 187 188 if (av) 189 audit_log_format(ab, " 0x%x", av); 190 191 audit_log_format(ab, " }"); 192 } 193 194 /** 195 * avc_dump_query - Display a SID pair and a class in human-readable form. 196 * @ssid: source security identifier 197 * @tsid: target security identifier 198 * @tclass: target security class 199 */ 200 static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tclass) 201 { 202 int rc; 203 char *scontext; 204 u32 scontext_len; 205 206 rc = security_sid_to_context(ssid, &scontext, &scontext_len); 207 if (rc) 208 audit_log_format(ab, "ssid=%d", ssid); 209 else { 210 audit_log_format(ab, "scontext=%s", scontext); 211 kfree(scontext); 212 } 213 214 rc = security_sid_to_context(tsid, &scontext, &scontext_len); 215 if (rc) 216 audit_log_format(ab, " tsid=%d", tsid); 217 else { 218 audit_log_format(ab, " tcontext=%s", scontext); 219 kfree(scontext); 220 } 221 222 BUG_ON(tclass >= ARRAY_SIZE(class_to_string) || !class_to_string[tclass]); 223 audit_log_format(ab, " tclass=%s", class_to_string[tclass]); 224 } 225 226 /** 227 * avc_init - Initialize the AVC. 228 * 229 * Initialize the access vector cache. 230 */ 231 void __init avc_init(void) 232 { 233 int i; 234 235 for (i = 0; i < AVC_CACHE_SLOTS; i++) { 236 INIT_HLIST_HEAD(&avc_cache.slots[i]); 237 spin_lock_init(&avc_cache.slots_lock[i]); 238 } 239 atomic_set(&avc_cache.active_nodes, 0); 240 atomic_set(&avc_cache.lru_hint, 0); 241 242 avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node), 243 0, SLAB_PANIC, NULL); 244 245 audit_log(current->audit_context, GFP_KERNEL, AUDIT_KERNEL, "AVC INITIALIZED\n"); 246 } 247 248 int avc_get_hash_stats(char *page) 249 { 250 int i, chain_len, max_chain_len, slots_used; 251 struct avc_node *node; 252 struct hlist_head *head; 253 254 rcu_read_lock(); 255 256 slots_used = 0; 257 max_chain_len = 0; 258 for (i = 0; i < AVC_CACHE_SLOTS; i++) { 259 head = &avc_cache.slots[i]; 260 if (!hlist_empty(head)) { 261 struct hlist_node *next; 262 263 slots_used++; 264 chain_len = 0; 265 hlist_for_each_entry_rcu(node, next, head, list) 266 chain_len++; 267 if (chain_len > max_chain_len) 268 max_chain_len = chain_len; 269 } 270 } 271 272 rcu_read_unlock(); 273 274 return scnprintf(page, PAGE_SIZE, "entries: %d\nbuckets used: %d/%d\n" 275 "longest chain: %d\n", 276 atomic_read(&avc_cache.active_nodes), 277 slots_used, AVC_CACHE_SLOTS, max_chain_len); 278 } 279 280 static void avc_node_free(struct rcu_head *rhead) 281 { 282 struct avc_node *node = container_of(rhead, struct avc_node, rhead); 283 kmem_cache_free(avc_node_cachep, node); 284 avc_cache_stats_incr(frees); 285 } 286 287 static void avc_node_delete(struct avc_node *node) 288 { 289 hlist_del_rcu(&node->list); 290 call_rcu(&node->rhead, avc_node_free); 291 atomic_dec(&avc_cache.active_nodes); 292 } 293 294 static void avc_node_kill(struct avc_node *node) 295 { 296 kmem_cache_free(avc_node_cachep, node); 297 avc_cache_stats_incr(frees); 298 atomic_dec(&avc_cache.active_nodes); 299 } 300 301 static void avc_node_replace(struct avc_node *new, struct avc_node *old) 302 { 303 hlist_replace_rcu(&old->list, &new->list); 304 call_rcu(&old->rhead, avc_node_free); 305 atomic_dec(&avc_cache.active_nodes); 306 } 307 308 static inline int avc_reclaim_node(void) 309 { 310 struct avc_node *node; 311 int hvalue, try, ecx; 312 unsigned long flags; 313 struct hlist_head *head; 314 struct hlist_node *next; 315 spinlock_t *lock; 316 317 for (try = 0, ecx = 0; try < AVC_CACHE_SLOTS; try++) { 318 hvalue = atomic_inc_return(&avc_cache.lru_hint) & (AVC_CACHE_SLOTS - 1); 319 head = &avc_cache.slots[hvalue]; 320 lock = &avc_cache.slots_lock[hvalue]; 321 322 if (!spin_trylock_irqsave(lock, flags)) 323 continue; 324 325 rcu_read_lock(); 326 hlist_for_each_entry(node, next, head, list) { 327 avc_node_delete(node); 328 avc_cache_stats_incr(reclaims); 329 ecx++; 330 if (ecx >= AVC_CACHE_RECLAIM) { 331 rcu_read_unlock(); 332 spin_unlock_irqrestore(lock, flags); 333 goto out; 334 } 335 } 336 rcu_read_unlock(); 337 spin_unlock_irqrestore(lock, flags); 338 } 339 out: 340 return ecx; 341 } 342 343 static struct avc_node *avc_alloc_node(void) 344 { 345 struct avc_node *node; 346 347 node = kmem_cache_zalloc(avc_node_cachep, GFP_ATOMIC); 348 if (!node) 349 goto out; 350 351 INIT_RCU_HEAD(&node->rhead); 352 INIT_HLIST_NODE(&node->list); 353 avc_cache_stats_incr(allocations); 354 355 if (atomic_inc_return(&avc_cache.active_nodes) > avc_cache_threshold) 356 avc_reclaim_node(); 357 358 out: 359 return node; 360 } 361 362 static void avc_node_populate(struct avc_node *node, u32 ssid, u32 tsid, u16 tclass, struct av_decision *avd) 363 { 364 node->ae.ssid = ssid; 365 node->ae.tsid = tsid; 366 node->ae.tclass = tclass; 367 memcpy(&node->ae.avd, avd, sizeof(node->ae.avd)); 368 } 369 370 static inline struct avc_node *avc_search_node(u32 ssid, u32 tsid, u16 tclass) 371 { 372 struct avc_node *node, *ret = NULL; 373 int hvalue; 374 struct hlist_head *head; 375 struct hlist_node *next; 376 377 hvalue = avc_hash(ssid, tsid, tclass); 378 head = &avc_cache.slots[hvalue]; 379 hlist_for_each_entry_rcu(node, next, head, list) { 380 if (ssid == node->ae.ssid && 381 tclass == node->ae.tclass && 382 tsid == node->ae.tsid) { 383 ret = node; 384 break; 385 } 386 } 387 388 return ret; 389 } 390 391 /** 392 * avc_lookup - Look up an AVC entry. 393 * @ssid: source security identifier 394 * @tsid: target security identifier 395 * @tclass: target security class 396 * 397 * Look up an AVC entry that is valid for the 398 * (@ssid, @tsid), interpreting the permissions 399 * based on @tclass. If a valid AVC entry exists, 400 * then this function return the avc_node. 401 * Otherwise, this function returns NULL. 402 */ 403 static struct avc_node *avc_lookup(u32 ssid, u32 tsid, u16 tclass) 404 { 405 struct avc_node *node; 406 407 avc_cache_stats_incr(lookups); 408 node = avc_search_node(ssid, tsid, tclass); 409 410 if (node) 411 avc_cache_stats_incr(hits); 412 else 413 avc_cache_stats_incr(misses); 414 415 return node; 416 } 417 418 static int avc_latest_notif_update(int seqno, int is_insert) 419 { 420 int ret = 0; 421 static DEFINE_SPINLOCK(notif_lock); 422 unsigned long flag; 423 424 spin_lock_irqsave(¬if_lock, flag); 425 if (is_insert) { 426 if (seqno < avc_cache.latest_notif) { 427 printk(KERN_WARNING "SELinux: avc: seqno %d < latest_notif %d\n", 428 seqno, avc_cache.latest_notif); 429 ret = -EAGAIN; 430 } 431 } else { 432 if (seqno > avc_cache.latest_notif) 433 avc_cache.latest_notif = seqno; 434 } 435 spin_unlock_irqrestore(¬if_lock, flag); 436 437 return ret; 438 } 439 440 /** 441 * avc_insert - Insert an AVC entry. 442 * @ssid: source security identifier 443 * @tsid: target security identifier 444 * @tclass: target security class 445 * @avd: resulting av decision 446 * 447 * Insert an AVC entry for the SID pair 448 * (@ssid, @tsid) and class @tclass. 449 * The access vectors and the sequence number are 450 * normally provided by the security server in 451 * response to a security_compute_av() call. If the 452 * sequence number @avd->seqno is not less than the latest 453 * revocation notification, then the function copies 454 * the access vectors into a cache entry, returns 455 * avc_node inserted. Otherwise, this function returns NULL. 456 */ 457 static struct avc_node *avc_insert(u32 ssid, u32 tsid, u16 tclass, struct av_decision *avd) 458 { 459 struct avc_node *pos, *node = NULL; 460 int hvalue; 461 unsigned long flag; 462 463 if (avc_latest_notif_update(avd->seqno, 1)) 464 goto out; 465 466 node = avc_alloc_node(); 467 if (node) { 468 struct hlist_head *head; 469 struct hlist_node *next; 470 spinlock_t *lock; 471 472 hvalue = avc_hash(ssid, tsid, tclass); 473 avc_node_populate(node, ssid, tsid, tclass, avd); 474 475 head = &avc_cache.slots[hvalue]; 476 lock = &avc_cache.slots_lock[hvalue]; 477 478 spin_lock_irqsave(lock, flag); 479 hlist_for_each_entry(pos, next, head, list) { 480 if (pos->ae.ssid == ssid && 481 pos->ae.tsid == tsid && 482 pos->ae.tclass == tclass) { 483 avc_node_replace(node, pos); 484 goto found; 485 } 486 } 487 hlist_add_head_rcu(&node->list, head); 488 found: 489 spin_unlock_irqrestore(lock, flag); 490 } 491 out: 492 return node; 493 } 494 495 /** 496 * avc_audit_pre_callback - SELinux specific information 497 * will be called by generic audit code 498 * @ab: the audit buffer 499 * @a: audit_data 500 */ 501 static void avc_audit_pre_callback(struct audit_buffer *ab, void *a) 502 { 503 struct common_audit_data *ad = a; 504 audit_log_format(ab, "avc: %s ", 505 ad->selinux_audit_data.denied ? "denied" : "granted"); 506 avc_dump_av(ab, ad->selinux_audit_data.tclass, 507 ad->selinux_audit_data.audited); 508 audit_log_format(ab, " for "); 509 } 510 511 /** 512 * avc_audit_post_callback - SELinux specific information 513 * will be called by generic audit code 514 * @ab: the audit buffer 515 * @a: audit_data 516 */ 517 static void avc_audit_post_callback(struct audit_buffer *ab, void *a) 518 { 519 struct common_audit_data *ad = a; 520 audit_log_format(ab, " "); 521 avc_dump_query(ab, ad->selinux_audit_data.ssid, 522 ad->selinux_audit_data.tsid, 523 ad->selinux_audit_data.tclass); 524 } 525 526 /** 527 * avc_audit - Audit the granting or denial of permissions. 528 * @ssid: source security identifier 529 * @tsid: target security identifier 530 * @tclass: target security class 531 * @requested: requested permissions 532 * @avd: access vector decisions 533 * @result: result from avc_has_perm_noaudit 534 * @a: auxiliary audit data 535 * 536 * Audit the granting or denial of permissions in accordance 537 * with the policy. This function is typically called by 538 * avc_has_perm() after a permission check, but can also be 539 * called directly by callers who use avc_has_perm_noaudit() 540 * in order to separate the permission check from the auditing. 541 * For example, this separation is useful when the permission check must 542 * be performed under a lock, to allow the lock to be released 543 * before calling the auditing code. 544 */ 545 void avc_audit(u32 ssid, u32 tsid, 546 u16 tclass, u32 requested, 547 struct av_decision *avd, int result, struct common_audit_data *a) 548 { 549 struct common_audit_data stack_data; 550 u32 denied, audited; 551 denied = requested & ~avd->allowed; 552 if (denied) { 553 audited = denied; 554 if (!(audited & avd->auditdeny)) 555 return; 556 } else if (result) { 557 audited = denied = requested; 558 } else { 559 audited = requested; 560 if (!(audited & avd->auditallow)) 561 return; 562 } 563 if (!a) { 564 a = &stack_data; 565 memset(a, 0, sizeof(*a)); 566 a->type = LSM_AUDIT_NO_AUDIT; 567 } 568 a->selinux_audit_data.tclass = tclass; 569 a->selinux_audit_data.requested = requested; 570 a->selinux_audit_data.ssid = ssid; 571 a->selinux_audit_data.tsid = tsid; 572 a->selinux_audit_data.audited = audited; 573 a->selinux_audit_data.denied = denied; 574 a->lsm_pre_audit = avc_audit_pre_callback; 575 a->lsm_post_audit = avc_audit_post_callback; 576 common_lsm_audit(a); 577 } 578 579 /** 580 * avc_add_callback - Register a callback for security events. 581 * @callback: callback function 582 * @events: security events 583 * @ssid: source security identifier or %SECSID_WILD 584 * @tsid: target security identifier or %SECSID_WILD 585 * @tclass: target security class 586 * @perms: permissions 587 * 588 * Register a callback function for events in the set @events 589 * related to the SID pair (@ssid, @tsid) and 590 * and the permissions @perms, interpreting 591 * @perms based on @tclass. Returns %0 on success or 592 * -%ENOMEM if insufficient memory exists to add the callback. 593 */ 594 int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid, 595 u16 tclass, u32 perms, 596 u32 *out_retained), 597 u32 events, u32 ssid, u32 tsid, 598 u16 tclass, u32 perms) 599 { 600 struct avc_callback_node *c; 601 int rc = 0; 602 603 c = kmalloc(sizeof(*c), GFP_ATOMIC); 604 if (!c) { 605 rc = -ENOMEM; 606 goto out; 607 } 608 609 c->callback = callback; 610 c->events = events; 611 c->ssid = ssid; 612 c->tsid = tsid; 613 c->perms = perms; 614 c->next = avc_callbacks; 615 avc_callbacks = c; 616 out: 617 return rc; 618 } 619 620 static inline int avc_sidcmp(u32 x, u32 y) 621 { 622 return (x == y || x == SECSID_WILD || y == SECSID_WILD); 623 } 624 625 /** 626 * avc_update_node Update an AVC entry 627 * @event : Updating event 628 * @perms : Permission mask bits 629 * @ssid,@tsid,@tclass : identifier of an AVC entry 630 * @seqno : sequence number when decision was made 631 * 632 * if a valid AVC entry doesn't exist,this function returns -ENOENT. 633 * if kmalloc() called internal returns NULL, this function returns -ENOMEM. 634 * otherwise, this function update the AVC entry. The original AVC-entry object 635 * will release later by RCU. 636 */ 637 static int avc_update_node(u32 event, u32 perms, u32 ssid, u32 tsid, u16 tclass, 638 u32 seqno) 639 { 640 int hvalue, rc = 0; 641 unsigned long flag; 642 struct avc_node *pos, *node, *orig = NULL; 643 struct hlist_head *head; 644 struct hlist_node *next; 645 spinlock_t *lock; 646 647 node = avc_alloc_node(); 648 if (!node) { 649 rc = -ENOMEM; 650 goto out; 651 } 652 653 /* Lock the target slot */ 654 hvalue = avc_hash(ssid, tsid, tclass); 655 656 head = &avc_cache.slots[hvalue]; 657 lock = &avc_cache.slots_lock[hvalue]; 658 659 spin_lock_irqsave(lock, flag); 660 661 hlist_for_each_entry(pos, next, head, list) { 662 if (ssid == pos->ae.ssid && 663 tsid == pos->ae.tsid && 664 tclass == pos->ae.tclass && 665 seqno == pos->ae.avd.seqno){ 666 orig = pos; 667 break; 668 } 669 } 670 671 if (!orig) { 672 rc = -ENOENT; 673 avc_node_kill(node); 674 goto out_unlock; 675 } 676 677 /* 678 * Copy and replace original node. 679 */ 680 681 avc_node_populate(node, ssid, tsid, tclass, &orig->ae.avd); 682 683 switch (event) { 684 case AVC_CALLBACK_GRANT: 685 node->ae.avd.allowed |= perms; 686 break; 687 case AVC_CALLBACK_TRY_REVOKE: 688 case AVC_CALLBACK_REVOKE: 689 node->ae.avd.allowed &= ~perms; 690 break; 691 case AVC_CALLBACK_AUDITALLOW_ENABLE: 692 node->ae.avd.auditallow |= perms; 693 break; 694 case AVC_CALLBACK_AUDITALLOW_DISABLE: 695 node->ae.avd.auditallow &= ~perms; 696 break; 697 case AVC_CALLBACK_AUDITDENY_ENABLE: 698 node->ae.avd.auditdeny |= perms; 699 break; 700 case AVC_CALLBACK_AUDITDENY_DISABLE: 701 node->ae.avd.auditdeny &= ~perms; 702 break; 703 } 704 avc_node_replace(node, orig); 705 out_unlock: 706 spin_unlock_irqrestore(lock, flag); 707 out: 708 return rc; 709 } 710 711 /** 712 * avc_flush - Flush the cache 713 */ 714 static void avc_flush(void) 715 { 716 struct hlist_head *head; 717 struct hlist_node *next; 718 struct avc_node *node; 719 spinlock_t *lock; 720 unsigned long flag; 721 int i; 722 723 for (i = 0; i < AVC_CACHE_SLOTS; i++) { 724 head = &avc_cache.slots[i]; 725 lock = &avc_cache.slots_lock[i]; 726 727 spin_lock_irqsave(lock, flag); 728 /* 729 * With preemptable RCU, the outer spinlock does not 730 * prevent RCU grace periods from ending. 731 */ 732 rcu_read_lock(); 733 hlist_for_each_entry(node, next, head, list) 734 avc_node_delete(node); 735 rcu_read_unlock(); 736 spin_unlock_irqrestore(lock, flag); 737 } 738 } 739 740 /** 741 * avc_ss_reset - Flush the cache and revalidate migrated permissions. 742 * @seqno: policy sequence number 743 */ 744 int avc_ss_reset(u32 seqno) 745 { 746 struct avc_callback_node *c; 747 int rc = 0, tmprc; 748 749 avc_flush(); 750 751 for (c = avc_callbacks; c; c = c->next) { 752 if (c->events & AVC_CALLBACK_RESET) { 753 tmprc = c->callback(AVC_CALLBACK_RESET, 754 0, 0, 0, 0, NULL); 755 /* save the first error encountered for the return 756 value and continue processing the callbacks */ 757 if (!rc) 758 rc = tmprc; 759 } 760 } 761 762 avc_latest_notif_update(seqno, 0); 763 return rc; 764 } 765 766 /** 767 * avc_has_perm_noaudit - Check permissions but perform no auditing. 768 * @ssid: source security identifier 769 * @tsid: target security identifier 770 * @tclass: target security class 771 * @requested: requested permissions, interpreted based on @tclass 772 * @flags: AVC_STRICT or 0 773 * @avd: access vector decisions 774 * 775 * Check the AVC to determine whether the @requested permissions are granted 776 * for the SID pair (@ssid, @tsid), interpreting the permissions 777 * based on @tclass, and call the security server on a cache miss to obtain 778 * a new decision and add it to the cache. Return a copy of the decisions 779 * in @avd. Return %0 if all @requested permissions are granted, 780 * -%EACCES if any permissions are denied, or another -errno upon 781 * other errors. This function is typically called by avc_has_perm(), 782 * but may also be called directly to separate permission checking from 783 * auditing, e.g. in cases where a lock must be held for the check but 784 * should be released for the auditing. 785 */ 786 int avc_has_perm_noaudit(u32 ssid, u32 tsid, 787 u16 tclass, u32 requested, 788 unsigned flags, 789 struct av_decision *in_avd) 790 { 791 struct avc_node *node; 792 struct av_decision avd_entry, *avd; 793 int rc = 0; 794 u32 denied; 795 796 BUG_ON(!requested); 797 798 rcu_read_lock(); 799 800 node = avc_lookup(ssid, tsid, tclass); 801 if (!node) { 802 rcu_read_unlock(); 803 804 if (in_avd) 805 avd = in_avd; 806 else 807 avd = &avd_entry; 808 809 rc = security_compute_av(ssid, tsid, tclass, requested, avd); 810 if (rc) 811 goto out; 812 rcu_read_lock(); 813 node = avc_insert(ssid, tsid, tclass, avd); 814 } else { 815 if (in_avd) 816 memcpy(in_avd, &node->ae.avd, sizeof(*in_avd)); 817 avd = &node->ae.avd; 818 } 819 820 denied = requested & ~(avd->allowed); 821 822 if (denied) { 823 if (flags & AVC_STRICT) 824 rc = -EACCES; 825 else if (!selinux_enforcing || (avd->flags & AVD_FLAGS_PERMISSIVE)) 826 avc_update_node(AVC_CALLBACK_GRANT, requested, ssid, 827 tsid, tclass, avd->seqno); 828 else 829 rc = -EACCES; 830 } 831 832 rcu_read_unlock(); 833 out: 834 return rc; 835 } 836 837 /** 838 * avc_has_perm - Check permissions and perform any appropriate auditing. 839 * @ssid: source security identifier 840 * @tsid: target security identifier 841 * @tclass: target security class 842 * @requested: requested permissions, interpreted based on @tclass 843 * @auditdata: auxiliary audit data 844 * 845 * Check the AVC to determine whether the @requested permissions are granted 846 * for the SID pair (@ssid, @tsid), interpreting the permissions 847 * based on @tclass, and call the security server on a cache miss to obtain 848 * a new decision and add it to the cache. Audit the granting or denial of 849 * permissions in accordance with the policy. Return %0 if all @requested 850 * permissions are granted, -%EACCES if any permissions are denied, or 851 * another -errno upon other errors. 852 */ 853 int avc_has_perm(u32 ssid, u32 tsid, u16 tclass, 854 u32 requested, struct common_audit_data *auditdata) 855 { 856 struct av_decision avd; 857 int rc; 858 859 rc = avc_has_perm_noaudit(ssid, tsid, tclass, requested, 0, &avd); 860 avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata); 861 return rc; 862 } 863 864 u32 avc_policy_seqno(void) 865 { 866 return avc_cache.latest_notif; 867 } 868 869 void avc_disable(void) 870 { 871 avc_flush(); 872 synchronize_rcu(); 873 if (avc_node_cachep) 874 kmem_cache_destroy(avc_node_cachep); 875 } 876