xref: /openbmc/linux/security/selinux/selinuxfs.c (revision 2634682fdffd9ba6e74b76be8aa91cf8b2e05c41)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /* Updated: Karl MacMillan <kmacmillan@tresys.com>
3  *
4  *	Added conditional policy language extensions
5  *
6  *  Updated: Hewlett-Packard <paul@paul-moore.com>
7  *
8  *	Added support for the policy capability bitmap
9  *
10  * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
11  * Copyright (C) 2003 - 2004 Tresys Technology, LLC
12  * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
13  */
14 
15 #include <linux/kernel.h>
16 #include <linux/pagemap.h>
17 #include <linux/slab.h>
18 #include <linux/vmalloc.h>
19 #include <linux/fs.h>
20 #include <linux/fs_context.h>
21 #include <linux/mount.h>
22 #include <linux/mutex.h>
23 #include <linux/init.h>
24 #include <linux/string.h>
25 #include <linux/security.h>
26 #include <linux/major.h>
27 #include <linux/seq_file.h>
28 #include <linux/percpu.h>
29 #include <linux/audit.h>
30 #include <linux/uaccess.h>
31 #include <linux/kobject.h>
32 #include <linux/ctype.h>
33 
34 /* selinuxfs pseudo filesystem for exporting the security policy API.
35    Based on the proc code and the fs/nfsd/nfsctl.c code. */
36 
37 #include "flask.h"
38 #include "avc.h"
39 #include "avc_ss.h"
40 #include "security.h"
41 #include "objsec.h"
42 #include "conditional.h"
43 
44 enum sel_inos {
45 	SEL_ROOT_INO = 2,
46 	SEL_LOAD,	/* load policy */
47 	SEL_ENFORCE,	/* get or set enforcing status */
48 	SEL_CONTEXT,	/* validate context */
49 	SEL_ACCESS,	/* compute access decision */
50 	SEL_CREATE,	/* compute create labeling decision */
51 	SEL_RELABEL,	/* compute relabeling decision */
52 	SEL_USER,	/* compute reachable user contexts */
53 	SEL_POLICYVERS,	/* return policy version for this kernel */
54 	SEL_COMMIT_BOOLS, /* commit new boolean values */
55 	SEL_MLS,	/* return if MLS policy is enabled */
56 	SEL_DISABLE,	/* disable SELinux until next reboot */
57 	SEL_MEMBER,	/* compute polyinstantiation membership decision */
58 	SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */
59 	SEL_COMPAT_NET,	/* whether to use old compat network packet controls */
60 	SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */
61 	SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */
62 	SEL_STATUS,	/* export current status using mmap() */
63 	SEL_POLICY,	/* allow userspace to read the in kernel policy */
64 	SEL_VALIDATE_TRANS, /* compute validatetrans decision */
65 	SEL_INO_NEXT,	/* The next inode number to use */
66 };
67 
68 struct selinux_fs_info {
69 	struct dentry *bool_dir;
70 	unsigned int bool_num;
71 	char **bool_pending_names;
72 	unsigned int *bool_pending_values;
73 	struct dentry *class_dir;
74 	unsigned long last_class_ino;
75 	bool policy_opened;
76 	struct dentry *policycap_dir;
77 	struct mutex mutex;
78 	unsigned long last_ino;
79 	struct selinux_state *state;
80 	struct super_block *sb;
81 };
82 
83 static int selinux_fs_info_create(struct super_block *sb)
84 {
85 	struct selinux_fs_info *fsi;
86 
87 	fsi = kzalloc(sizeof(*fsi), GFP_KERNEL);
88 	if (!fsi)
89 		return -ENOMEM;
90 
91 	mutex_init(&fsi->mutex);
92 	fsi->last_ino = SEL_INO_NEXT - 1;
93 	fsi->state = &selinux_state;
94 	fsi->sb = sb;
95 	sb->s_fs_info = fsi;
96 	return 0;
97 }
98 
99 static void selinux_fs_info_free(struct super_block *sb)
100 {
101 	struct selinux_fs_info *fsi = sb->s_fs_info;
102 	int i;
103 
104 	if (fsi) {
105 		for (i = 0; i < fsi->bool_num; i++)
106 			kfree(fsi->bool_pending_names[i]);
107 		kfree(fsi->bool_pending_names);
108 		kfree(fsi->bool_pending_values);
109 	}
110 	kfree(sb->s_fs_info);
111 	sb->s_fs_info = NULL;
112 }
113 
114 #define SEL_INITCON_INO_OFFSET		0x01000000
115 #define SEL_BOOL_INO_OFFSET		0x02000000
116 #define SEL_CLASS_INO_OFFSET		0x04000000
117 #define SEL_POLICYCAP_INO_OFFSET	0x08000000
118 #define SEL_INO_MASK			0x00ffffff
119 
120 #define TMPBUFLEN	12
121 static ssize_t sel_read_enforce(struct file *filp, char __user *buf,
122 				size_t count, loff_t *ppos)
123 {
124 	struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
125 	char tmpbuf[TMPBUFLEN];
126 	ssize_t length;
127 
128 	length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
129 			   enforcing_enabled(fsi->state));
130 	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
131 }
132 
133 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
134 static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
135 				 size_t count, loff_t *ppos)
136 
137 {
138 	struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
139 	struct selinux_state *state = fsi->state;
140 	char *page = NULL;
141 	ssize_t length;
142 	int old_value, new_value;
143 
144 	if (count >= PAGE_SIZE)
145 		return -ENOMEM;
146 
147 	/* No partial writes. */
148 	if (*ppos != 0)
149 		return -EINVAL;
150 
151 	page = memdup_user_nul(buf, count);
152 	if (IS_ERR(page))
153 		return PTR_ERR(page);
154 
155 	length = -EINVAL;
156 	if (sscanf(page, "%d", &new_value) != 1)
157 		goto out;
158 
159 	new_value = !!new_value;
160 
161 	old_value = enforcing_enabled(state);
162 	if (new_value != old_value) {
163 		length = avc_has_perm(&selinux_state,
164 				      current_sid(), SECINITSID_SECURITY,
165 				      SECCLASS_SECURITY, SECURITY__SETENFORCE,
166 				      NULL);
167 		if (length)
168 			goto out;
169 		audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS,
170 			"enforcing=%d old_enforcing=%d auid=%u ses=%u"
171 			" enabled=1 old-enabled=1 lsm=selinux res=1",
172 			new_value, old_value,
173 			from_kuid(&init_user_ns, audit_get_loginuid(current)),
174 			audit_get_sessionid(current));
175 		enforcing_set(state, new_value);
176 		if (new_value)
177 			avc_ss_reset(state->avc, 0);
178 		selnl_notify_setenforce(new_value);
179 		selinux_status_update_setenforce(state, new_value);
180 		if (!new_value)
181 			call_blocking_lsm_notifier(LSM_POLICY_CHANGE, NULL);
182 	}
183 	length = count;
184 out:
185 	kfree(page);
186 	return length;
187 }
188 #else
189 #define sel_write_enforce NULL
190 #endif
191 
192 static const struct file_operations sel_enforce_ops = {
193 	.read		= sel_read_enforce,
194 	.write		= sel_write_enforce,
195 	.llseek		= generic_file_llseek,
196 };
197 
198 static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf,
199 					size_t count, loff_t *ppos)
200 {
201 	struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
202 	struct selinux_state *state = fsi->state;
203 	char tmpbuf[TMPBUFLEN];
204 	ssize_t length;
205 	ino_t ino = file_inode(filp)->i_ino;
206 	int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ?
207 		security_get_reject_unknown(state) :
208 		!security_get_allow_unknown(state);
209 
210 	length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown);
211 	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
212 }
213 
214 static const struct file_operations sel_handle_unknown_ops = {
215 	.read		= sel_read_handle_unknown,
216 	.llseek		= generic_file_llseek,
217 };
218 
219 static int sel_open_handle_status(struct inode *inode, struct file *filp)
220 {
221 	struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
222 	struct page    *status = selinux_kernel_status_page(fsi->state);
223 
224 	if (!status)
225 		return -ENOMEM;
226 
227 	filp->private_data = status;
228 
229 	return 0;
230 }
231 
232 static ssize_t sel_read_handle_status(struct file *filp, char __user *buf,
233 				      size_t count, loff_t *ppos)
234 {
235 	struct page    *status = filp->private_data;
236 
237 	BUG_ON(!status);
238 
239 	return simple_read_from_buffer(buf, count, ppos,
240 				       page_address(status),
241 				       sizeof(struct selinux_kernel_status));
242 }
243 
244 static int sel_mmap_handle_status(struct file *filp,
245 				  struct vm_area_struct *vma)
246 {
247 	struct page    *status = filp->private_data;
248 	unsigned long	size = vma->vm_end - vma->vm_start;
249 
250 	BUG_ON(!status);
251 
252 	/* only allows one page from the head */
253 	if (vma->vm_pgoff > 0 || size != PAGE_SIZE)
254 		return -EIO;
255 	/* disallow writable mapping */
256 	if (vma->vm_flags & VM_WRITE)
257 		return -EPERM;
258 	/* disallow mprotect() turns it into writable */
259 	vma->vm_flags &= ~VM_MAYWRITE;
260 
261 	return remap_pfn_range(vma, vma->vm_start,
262 			       page_to_pfn(status),
263 			       size, vma->vm_page_prot);
264 }
265 
266 static const struct file_operations sel_handle_status_ops = {
267 	.open		= sel_open_handle_status,
268 	.read		= sel_read_handle_status,
269 	.mmap		= sel_mmap_handle_status,
270 	.llseek		= generic_file_llseek,
271 };
272 
273 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
274 static ssize_t sel_write_disable(struct file *file, const char __user *buf,
275 				 size_t count, loff_t *ppos)
276 
277 {
278 	struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
279 	char *page;
280 	ssize_t length;
281 	int new_value;
282 	int enforcing;
283 
284 	/* NOTE: we are now officially considering runtime disable as
285 	 *       deprecated, and using it will become increasingly painful
286 	 *       (e.g. sleeping/blocking) as we progress through future
287 	 *       kernel releases until eventually it is removed
288 	 */
289 	pr_err("SELinux:  Runtime disable is deprecated, use selinux=0 on the kernel cmdline.\n");
290 
291 	if (count >= PAGE_SIZE)
292 		return -ENOMEM;
293 
294 	/* No partial writes. */
295 	if (*ppos != 0)
296 		return -EINVAL;
297 
298 	page = memdup_user_nul(buf, count);
299 	if (IS_ERR(page))
300 		return PTR_ERR(page);
301 
302 	length = -EINVAL;
303 	if (sscanf(page, "%d", &new_value) != 1)
304 		goto out;
305 
306 	if (new_value) {
307 		enforcing = enforcing_enabled(fsi->state);
308 		length = selinux_disable(fsi->state);
309 		if (length)
310 			goto out;
311 		audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS,
312 			"enforcing=%d old_enforcing=%d auid=%u ses=%u"
313 			" enabled=0 old-enabled=1 lsm=selinux res=1",
314 			enforcing, enforcing,
315 			from_kuid(&init_user_ns, audit_get_loginuid(current)),
316 			audit_get_sessionid(current));
317 	}
318 
319 	length = count;
320 out:
321 	kfree(page);
322 	return length;
323 }
324 #else
325 #define sel_write_disable NULL
326 #endif
327 
328 static const struct file_operations sel_disable_ops = {
329 	.write		= sel_write_disable,
330 	.llseek		= generic_file_llseek,
331 };
332 
333 static ssize_t sel_read_policyvers(struct file *filp, char __user *buf,
334 				   size_t count, loff_t *ppos)
335 {
336 	char tmpbuf[TMPBUFLEN];
337 	ssize_t length;
338 
339 	length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX);
340 	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
341 }
342 
343 static const struct file_operations sel_policyvers_ops = {
344 	.read		= sel_read_policyvers,
345 	.llseek		= generic_file_llseek,
346 };
347 
348 /* declaration for sel_write_load */
349 static int sel_make_bools(struct selinux_fs_info *fsi);
350 static int sel_make_classes(struct selinux_fs_info *fsi);
351 static int sel_make_policycap(struct selinux_fs_info *fsi);
352 
353 /* declaration for sel_make_class_dirs */
354 static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
355 			unsigned long *ino);
356 
357 static ssize_t sel_read_mls(struct file *filp, char __user *buf,
358 				size_t count, loff_t *ppos)
359 {
360 	struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
361 	char tmpbuf[TMPBUFLEN];
362 	ssize_t length;
363 
364 	length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
365 			   security_mls_enabled(fsi->state));
366 	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
367 }
368 
369 static const struct file_operations sel_mls_ops = {
370 	.read		= sel_read_mls,
371 	.llseek		= generic_file_llseek,
372 };
373 
374 struct policy_load_memory {
375 	size_t len;
376 	void *data;
377 };
378 
379 static int sel_open_policy(struct inode *inode, struct file *filp)
380 {
381 	struct selinux_fs_info *fsi = inode->i_sb->s_fs_info;
382 	struct selinux_state *state = fsi->state;
383 	struct policy_load_memory *plm = NULL;
384 	int rc;
385 
386 	BUG_ON(filp->private_data);
387 
388 	mutex_lock(&fsi->mutex);
389 
390 	rc = avc_has_perm(&selinux_state,
391 			  current_sid(), SECINITSID_SECURITY,
392 			  SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL);
393 	if (rc)
394 		goto err;
395 
396 	rc = -EBUSY;
397 	if (fsi->policy_opened)
398 		goto err;
399 
400 	rc = -ENOMEM;
401 	plm = kzalloc(sizeof(*plm), GFP_KERNEL);
402 	if (!plm)
403 		goto err;
404 
405 	if (i_size_read(inode) != security_policydb_len(state)) {
406 		inode_lock(inode);
407 		i_size_write(inode, security_policydb_len(state));
408 		inode_unlock(inode);
409 	}
410 
411 	rc = security_read_policy(state, &plm->data, &plm->len);
412 	if (rc)
413 		goto err;
414 
415 	fsi->policy_opened = 1;
416 
417 	filp->private_data = plm;
418 
419 	mutex_unlock(&fsi->mutex);
420 
421 	return 0;
422 err:
423 	mutex_unlock(&fsi->mutex);
424 
425 	if (plm)
426 		vfree(plm->data);
427 	kfree(plm);
428 	return rc;
429 }
430 
431 static int sel_release_policy(struct inode *inode, struct file *filp)
432 {
433 	struct selinux_fs_info *fsi = inode->i_sb->s_fs_info;
434 	struct policy_load_memory *plm = filp->private_data;
435 
436 	BUG_ON(!plm);
437 
438 	fsi->policy_opened = 0;
439 
440 	vfree(plm->data);
441 	kfree(plm);
442 
443 	return 0;
444 }
445 
446 static ssize_t sel_read_policy(struct file *filp, char __user *buf,
447 			       size_t count, loff_t *ppos)
448 {
449 	struct policy_load_memory *plm = filp->private_data;
450 	int ret;
451 
452 	ret = avc_has_perm(&selinux_state,
453 			   current_sid(), SECINITSID_SECURITY,
454 			  SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL);
455 	if (ret)
456 		return ret;
457 
458 	return simple_read_from_buffer(buf, count, ppos, plm->data, plm->len);
459 }
460 
461 static vm_fault_t sel_mmap_policy_fault(struct vm_fault *vmf)
462 {
463 	struct policy_load_memory *plm = vmf->vma->vm_file->private_data;
464 	unsigned long offset;
465 	struct page *page;
466 
467 	if (vmf->flags & (FAULT_FLAG_MKWRITE | FAULT_FLAG_WRITE))
468 		return VM_FAULT_SIGBUS;
469 
470 	offset = vmf->pgoff << PAGE_SHIFT;
471 	if (offset >= roundup(plm->len, PAGE_SIZE))
472 		return VM_FAULT_SIGBUS;
473 
474 	page = vmalloc_to_page(plm->data + offset);
475 	get_page(page);
476 
477 	vmf->page = page;
478 
479 	return 0;
480 }
481 
482 static const struct vm_operations_struct sel_mmap_policy_ops = {
483 	.fault = sel_mmap_policy_fault,
484 	.page_mkwrite = sel_mmap_policy_fault,
485 };
486 
487 static int sel_mmap_policy(struct file *filp, struct vm_area_struct *vma)
488 {
489 	if (vma->vm_flags & VM_SHARED) {
490 		/* do not allow mprotect to make mapping writable */
491 		vma->vm_flags &= ~VM_MAYWRITE;
492 
493 		if (vma->vm_flags & VM_WRITE)
494 			return -EACCES;
495 	}
496 
497 	vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP;
498 	vma->vm_ops = &sel_mmap_policy_ops;
499 
500 	return 0;
501 }
502 
503 static const struct file_operations sel_policy_ops = {
504 	.open		= sel_open_policy,
505 	.read		= sel_read_policy,
506 	.mmap		= sel_mmap_policy,
507 	.release	= sel_release_policy,
508 	.llseek		= generic_file_llseek,
509 };
510 
511 static int sel_make_policy_nodes(struct selinux_fs_info *fsi)
512 {
513 	int ret;
514 
515 	ret = sel_make_bools(fsi);
516 	if (ret) {
517 		pr_err("SELinux: failed to load policy booleans\n");
518 		return ret;
519 	}
520 
521 	ret = sel_make_classes(fsi);
522 	if (ret) {
523 		pr_err("SELinux: failed to load policy classes\n");
524 		return ret;
525 	}
526 
527 	ret = sel_make_policycap(fsi);
528 	if (ret) {
529 		pr_err("SELinux: failed to load policy capabilities\n");
530 		return ret;
531 	}
532 
533 	return 0;
534 }
535 
536 static ssize_t sel_write_load(struct file *file, const char __user *buf,
537 			      size_t count, loff_t *ppos)
538 
539 {
540 	struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
541 	ssize_t length;
542 	void *data = NULL;
543 
544 	mutex_lock(&fsi->mutex);
545 
546 	length = avc_has_perm(&selinux_state,
547 			      current_sid(), SECINITSID_SECURITY,
548 			      SECCLASS_SECURITY, SECURITY__LOAD_POLICY, NULL);
549 	if (length)
550 		goto out;
551 
552 	/* No partial writes. */
553 	length = -EINVAL;
554 	if (*ppos != 0)
555 		goto out;
556 
557 	length = -ENOMEM;
558 	data = vmalloc(count);
559 	if (!data)
560 		goto out;
561 
562 	length = -EFAULT;
563 	if (copy_from_user(data, buf, count) != 0)
564 		goto out;
565 
566 	length = security_load_policy(fsi->state, data, count);
567 	if (length) {
568 		pr_warn_ratelimited("SELinux: failed to load policy\n");
569 		goto out;
570 	}
571 
572 	length = sel_make_policy_nodes(fsi);
573 	if (length)
574 		goto out1;
575 
576 	length = count;
577 
578 out1:
579 	audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
580 		"auid=%u ses=%u lsm=selinux res=1",
581 		from_kuid(&init_user_ns, audit_get_loginuid(current)),
582 		audit_get_sessionid(current));
583 out:
584 	mutex_unlock(&fsi->mutex);
585 	vfree(data);
586 	return length;
587 }
588 
589 static const struct file_operations sel_load_ops = {
590 	.write		= sel_write_load,
591 	.llseek		= generic_file_llseek,
592 };
593 
594 static ssize_t sel_write_context(struct file *file, char *buf, size_t size)
595 {
596 	struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
597 	struct selinux_state *state = fsi->state;
598 	char *canon = NULL;
599 	u32 sid, len;
600 	ssize_t length;
601 
602 	length = avc_has_perm(&selinux_state,
603 			      current_sid(), SECINITSID_SECURITY,
604 			      SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, NULL);
605 	if (length)
606 		goto out;
607 
608 	length = security_context_to_sid(state, buf, size, &sid, GFP_KERNEL);
609 	if (length)
610 		goto out;
611 
612 	length = security_sid_to_context(state, sid, &canon, &len);
613 	if (length)
614 		goto out;
615 
616 	length = -ERANGE;
617 	if (len > SIMPLE_TRANSACTION_LIMIT) {
618 		pr_err("SELinux: %s:  context size (%u) exceeds "
619 			"payload max\n", __func__, len);
620 		goto out;
621 	}
622 
623 	memcpy(buf, canon, len);
624 	length = len;
625 out:
626 	kfree(canon);
627 	return length;
628 }
629 
630 static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf,
631 				     size_t count, loff_t *ppos)
632 {
633 	struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
634 	char tmpbuf[TMPBUFLEN];
635 	ssize_t length;
636 
637 	length = scnprintf(tmpbuf, TMPBUFLEN, "%u", fsi->state->checkreqprot);
638 	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
639 }
640 
641 static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
642 				      size_t count, loff_t *ppos)
643 {
644 	struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
645 	char *page;
646 	ssize_t length;
647 	unsigned int new_value;
648 
649 	length = avc_has_perm(&selinux_state,
650 			      current_sid(), SECINITSID_SECURITY,
651 			      SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT,
652 			      NULL);
653 	if (length)
654 		return length;
655 
656 	if (count >= PAGE_SIZE)
657 		return -ENOMEM;
658 
659 	/* No partial writes. */
660 	if (*ppos != 0)
661 		return -EINVAL;
662 
663 	page = memdup_user_nul(buf, count);
664 	if (IS_ERR(page))
665 		return PTR_ERR(page);
666 
667 	length = -EINVAL;
668 	if (sscanf(page, "%u", &new_value) != 1)
669 		goto out;
670 
671 	if (new_value) {
672 		char comm[sizeof(current->comm)];
673 
674 		memcpy(comm, current->comm, sizeof(comm));
675 		pr_warn_once("SELinux: %s (%d) set checkreqprot to 1. This is deprecated and will be rejected in a future kernel release.\n",
676 			     comm, current->pid);
677 	}
678 
679 	fsi->state->checkreqprot = new_value ? 1 : 0;
680 	length = count;
681 out:
682 	kfree(page);
683 	return length;
684 }
685 static const struct file_operations sel_checkreqprot_ops = {
686 	.read		= sel_read_checkreqprot,
687 	.write		= sel_write_checkreqprot,
688 	.llseek		= generic_file_llseek,
689 };
690 
691 static ssize_t sel_write_validatetrans(struct file *file,
692 					const char __user *buf,
693 					size_t count, loff_t *ppos)
694 {
695 	struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
696 	struct selinux_state *state = fsi->state;
697 	char *oldcon = NULL, *newcon = NULL, *taskcon = NULL;
698 	char *req = NULL;
699 	u32 osid, nsid, tsid;
700 	u16 tclass;
701 	int rc;
702 
703 	rc = avc_has_perm(&selinux_state,
704 			  current_sid(), SECINITSID_SECURITY,
705 			  SECCLASS_SECURITY, SECURITY__VALIDATE_TRANS, NULL);
706 	if (rc)
707 		goto out;
708 
709 	rc = -ENOMEM;
710 	if (count >= PAGE_SIZE)
711 		goto out;
712 
713 	/* No partial writes. */
714 	rc = -EINVAL;
715 	if (*ppos != 0)
716 		goto out;
717 
718 	req = memdup_user_nul(buf, count);
719 	if (IS_ERR(req)) {
720 		rc = PTR_ERR(req);
721 		req = NULL;
722 		goto out;
723 	}
724 
725 	rc = -ENOMEM;
726 	oldcon = kzalloc(count + 1, GFP_KERNEL);
727 	if (!oldcon)
728 		goto out;
729 
730 	newcon = kzalloc(count + 1, GFP_KERNEL);
731 	if (!newcon)
732 		goto out;
733 
734 	taskcon = kzalloc(count + 1, GFP_KERNEL);
735 	if (!taskcon)
736 		goto out;
737 
738 	rc = -EINVAL;
739 	if (sscanf(req, "%s %s %hu %s", oldcon, newcon, &tclass, taskcon) != 4)
740 		goto out;
741 
742 	rc = security_context_str_to_sid(state, oldcon, &osid, GFP_KERNEL);
743 	if (rc)
744 		goto out;
745 
746 	rc = security_context_str_to_sid(state, newcon, &nsid, GFP_KERNEL);
747 	if (rc)
748 		goto out;
749 
750 	rc = security_context_str_to_sid(state, taskcon, &tsid, GFP_KERNEL);
751 	if (rc)
752 		goto out;
753 
754 	rc = security_validate_transition_user(state, osid, nsid, tsid, tclass);
755 	if (!rc)
756 		rc = count;
757 out:
758 	kfree(req);
759 	kfree(oldcon);
760 	kfree(newcon);
761 	kfree(taskcon);
762 	return rc;
763 }
764 
765 static const struct file_operations sel_transition_ops = {
766 	.write		= sel_write_validatetrans,
767 	.llseek		= generic_file_llseek,
768 };
769 
770 /*
771  * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c
772  */
773 static ssize_t sel_write_access(struct file *file, char *buf, size_t size);
774 static ssize_t sel_write_create(struct file *file, char *buf, size_t size);
775 static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size);
776 static ssize_t sel_write_user(struct file *file, char *buf, size_t size);
777 static ssize_t sel_write_member(struct file *file, char *buf, size_t size);
778 
779 static ssize_t (*const write_op[])(struct file *, char *, size_t) = {
780 	[SEL_ACCESS] = sel_write_access,
781 	[SEL_CREATE] = sel_write_create,
782 	[SEL_RELABEL] = sel_write_relabel,
783 	[SEL_USER] = sel_write_user,
784 	[SEL_MEMBER] = sel_write_member,
785 	[SEL_CONTEXT] = sel_write_context,
786 };
787 
788 static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos)
789 {
790 	ino_t ino = file_inode(file)->i_ino;
791 	char *data;
792 	ssize_t rv;
793 
794 	if (ino >= ARRAY_SIZE(write_op) || !write_op[ino])
795 		return -EINVAL;
796 
797 	data = simple_transaction_get(file, buf, size);
798 	if (IS_ERR(data))
799 		return PTR_ERR(data);
800 
801 	rv = write_op[ino](file, data, size);
802 	if (rv > 0) {
803 		simple_transaction_set(file, rv);
804 		rv = size;
805 	}
806 	return rv;
807 }
808 
809 static const struct file_operations transaction_ops = {
810 	.write		= selinux_transaction_write,
811 	.read		= simple_transaction_read,
812 	.release	= simple_transaction_release,
813 	.llseek		= generic_file_llseek,
814 };
815 
816 /*
817  * payload - write methods
818  * If the method has a response, the response should be put in buf,
819  * and the length returned.  Otherwise return 0 or and -error.
820  */
821 
822 static ssize_t sel_write_access(struct file *file, char *buf, size_t size)
823 {
824 	struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
825 	struct selinux_state *state = fsi->state;
826 	char *scon = NULL, *tcon = NULL;
827 	u32 ssid, tsid;
828 	u16 tclass;
829 	struct av_decision avd;
830 	ssize_t length;
831 
832 	length = avc_has_perm(&selinux_state,
833 			      current_sid(), SECINITSID_SECURITY,
834 			      SECCLASS_SECURITY, SECURITY__COMPUTE_AV, NULL);
835 	if (length)
836 		goto out;
837 
838 	length = -ENOMEM;
839 	scon = kzalloc(size + 1, GFP_KERNEL);
840 	if (!scon)
841 		goto out;
842 
843 	length = -ENOMEM;
844 	tcon = kzalloc(size + 1, GFP_KERNEL);
845 	if (!tcon)
846 		goto out;
847 
848 	length = -EINVAL;
849 	if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
850 		goto out;
851 
852 	length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL);
853 	if (length)
854 		goto out;
855 
856 	length = security_context_str_to_sid(state, tcon, &tsid, GFP_KERNEL);
857 	if (length)
858 		goto out;
859 
860 	security_compute_av_user(state, ssid, tsid, tclass, &avd);
861 
862 	length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT,
863 			  "%x %x %x %x %u %x",
864 			  avd.allowed, 0xffffffff,
865 			  avd.auditallow, avd.auditdeny,
866 			  avd.seqno, avd.flags);
867 out:
868 	kfree(tcon);
869 	kfree(scon);
870 	return length;
871 }
872 
873 static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
874 {
875 	struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
876 	struct selinux_state *state = fsi->state;
877 	char *scon = NULL, *tcon = NULL;
878 	char *namebuf = NULL, *objname = NULL;
879 	u32 ssid, tsid, newsid;
880 	u16 tclass;
881 	ssize_t length;
882 	char *newcon = NULL;
883 	u32 len;
884 	int nargs;
885 
886 	length = avc_has_perm(&selinux_state,
887 			      current_sid(), SECINITSID_SECURITY,
888 			      SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE,
889 			      NULL);
890 	if (length)
891 		goto out;
892 
893 	length = -ENOMEM;
894 	scon = kzalloc(size + 1, GFP_KERNEL);
895 	if (!scon)
896 		goto out;
897 
898 	length = -ENOMEM;
899 	tcon = kzalloc(size + 1, GFP_KERNEL);
900 	if (!tcon)
901 		goto out;
902 
903 	length = -ENOMEM;
904 	namebuf = kzalloc(size + 1, GFP_KERNEL);
905 	if (!namebuf)
906 		goto out;
907 
908 	length = -EINVAL;
909 	nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf);
910 	if (nargs < 3 || nargs > 4)
911 		goto out;
912 	if (nargs == 4) {
913 		/*
914 		 * If and when the name of new object to be queried contains
915 		 * either whitespace or multibyte characters, they shall be
916 		 * encoded based on the percentage-encoding rule.
917 		 * If not encoded, the sscanf logic picks up only left-half
918 		 * of the supplied name; splitted by a whitespace unexpectedly.
919 		 */
920 		char   *r, *w;
921 		int     c1, c2;
922 
923 		r = w = namebuf;
924 		do {
925 			c1 = *r++;
926 			if (c1 == '+')
927 				c1 = ' ';
928 			else if (c1 == '%') {
929 				c1 = hex_to_bin(*r++);
930 				if (c1 < 0)
931 					goto out;
932 				c2 = hex_to_bin(*r++);
933 				if (c2 < 0)
934 					goto out;
935 				c1 = (c1 << 4) | c2;
936 			}
937 			*w++ = c1;
938 		} while (c1 != '\0');
939 
940 		objname = namebuf;
941 	}
942 
943 	length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL);
944 	if (length)
945 		goto out;
946 
947 	length = security_context_str_to_sid(state, tcon, &tsid, GFP_KERNEL);
948 	if (length)
949 		goto out;
950 
951 	length = security_transition_sid_user(state, ssid, tsid, tclass,
952 					      objname, &newsid);
953 	if (length)
954 		goto out;
955 
956 	length = security_sid_to_context(state, newsid, &newcon, &len);
957 	if (length)
958 		goto out;
959 
960 	length = -ERANGE;
961 	if (len > SIMPLE_TRANSACTION_LIMIT) {
962 		pr_err("SELinux: %s:  context size (%u) exceeds "
963 			"payload max\n", __func__, len);
964 		goto out;
965 	}
966 
967 	memcpy(buf, newcon, len);
968 	length = len;
969 out:
970 	kfree(newcon);
971 	kfree(namebuf);
972 	kfree(tcon);
973 	kfree(scon);
974 	return length;
975 }
976 
977 static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size)
978 {
979 	struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
980 	struct selinux_state *state = fsi->state;
981 	char *scon = NULL, *tcon = NULL;
982 	u32 ssid, tsid, newsid;
983 	u16 tclass;
984 	ssize_t length;
985 	char *newcon = NULL;
986 	u32 len;
987 
988 	length = avc_has_perm(&selinux_state,
989 			      current_sid(), SECINITSID_SECURITY,
990 			      SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL,
991 			      NULL);
992 	if (length)
993 		goto out;
994 
995 	length = -ENOMEM;
996 	scon = kzalloc(size + 1, GFP_KERNEL);
997 	if (!scon)
998 		goto out;
999 
1000 	length = -ENOMEM;
1001 	tcon = kzalloc(size + 1, GFP_KERNEL);
1002 	if (!tcon)
1003 		goto out;
1004 
1005 	length = -EINVAL;
1006 	if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
1007 		goto out;
1008 
1009 	length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL);
1010 	if (length)
1011 		goto out;
1012 
1013 	length = security_context_str_to_sid(state, tcon, &tsid, GFP_KERNEL);
1014 	if (length)
1015 		goto out;
1016 
1017 	length = security_change_sid(state, ssid, tsid, tclass, &newsid);
1018 	if (length)
1019 		goto out;
1020 
1021 	length = security_sid_to_context(state, newsid, &newcon, &len);
1022 	if (length)
1023 		goto out;
1024 
1025 	length = -ERANGE;
1026 	if (len > SIMPLE_TRANSACTION_LIMIT)
1027 		goto out;
1028 
1029 	memcpy(buf, newcon, len);
1030 	length = len;
1031 out:
1032 	kfree(newcon);
1033 	kfree(tcon);
1034 	kfree(scon);
1035 	return length;
1036 }
1037 
1038 static ssize_t sel_write_user(struct file *file, char *buf, size_t size)
1039 {
1040 	struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
1041 	struct selinux_state *state = fsi->state;
1042 	char *con = NULL, *user = NULL, *ptr;
1043 	u32 sid, *sids = NULL;
1044 	ssize_t length;
1045 	char *newcon;
1046 	int i, rc;
1047 	u32 len, nsids;
1048 
1049 	length = avc_has_perm(&selinux_state,
1050 			      current_sid(), SECINITSID_SECURITY,
1051 			      SECCLASS_SECURITY, SECURITY__COMPUTE_USER,
1052 			      NULL);
1053 	if (length)
1054 		goto out;
1055 
1056 	length = -ENOMEM;
1057 	con = kzalloc(size + 1, GFP_KERNEL);
1058 	if (!con)
1059 		goto out;
1060 
1061 	length = -ENOMEM;
1062 	user = kzalloc(size + 1, GFP_KERNEL);
1063 	if (!user)
1064 		goto out;
1065 
1066 	length = -EINVAL;
1067 	if (sscanf(buf, "%s %s", con, user) != 2)
1068 		goto out;
1069 
1070 	length = security_context_str_to_sid(state, con, &sid, GFP_KERNEL);
1071 	if (length)
1072 		goto out;
1073 
1074 	length = security_get_user_sids(state, sid, user, &sids, &nsids);
1075 	if (length)
1076 		goto out;
1077 
1078 	length = sprintf(buf, "%u", nsids) + 1;
1079 	ptr = buf + length;
1080 	for (i = 0; i < nsids; i++) {
1081 		rc = security_sid_to_context(state, sids[i], &newcon, &len);
1082 		if (rc) {
1083 			length = rc;
1084 			goto out;
1085 		}
1086 		if ((length + len) >= SIMPLE_TRANSACTION_LIMIT) {
1087 			kfree(newcon);
1088 			length = -ERANGE;
1089 			goto out;
1090 		}
1091 		memcpy(ptr, newcon, len);
1092 		kfree(newcon);
1093 		ptr += len;
1094 		length += len;
1095 	}
1096 out:
1097 	kfree(sids);
1098 	kfree(user);
1099 	kfree(con);
1100 	return length;
1101 }
1102 
1103 static ssize_t sel_write_member(struct file *file, char *buf, size_t size)
1104 {
1105 	struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
1106 	struct selinux_state *state = fsi->state;
1107 	char *scon = NULL, *tcon = NULL;
1108 	u32 ssid, tsid, newsid;
1109 	u16 tclass;
1110 	ssize_t length;
1111 	char *newcon = NULL;
1112 	u32 len;
1113 
1114 	length = avc_has_perm(&selinux_state,
1115 			      current_sid(), SECINITSID_SECURITY,
1116 			      SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER,
1117 			      NULL);
1118 	if (length)
1119 		goto out;
1120 
1121 	length = -ENOMEM;
1122 	scon = kzalloc(size + 1, GFP_KERNEL);
1123 	if (!scon)
1124 		goto out;
1125 
1126 	length = -ENOMEM;
1127 	tcon = kzalloc(size + 1, GFP_KERNEL);
1128 	if (!tcon)
1129 		goto out;
1130 
1131 	length = -EINVAL;
1132 	if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
1133 		goto out;
1134 
1135 	length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL);
1136 	if (length)
1137 		goto out;
1138 
1139 	length = security_context_str_to_sid(state, tcon, &tsid, GFP_KERNEL);
1140 	if (length)
1141 		goto out;
1142 
1143 	length = security_member_sid(state, ssid, tsid, tclass, &newsid);
1144 	if (length)
1145 		goto out;
1146 
1147 	length = security_sid_to_context(state, newsid, &newcon, &len);
1148 	if (length)
1149 		goto out;
1150 
1151 	length = -ERANGE;
1152 	if (len > SIMPLE_TRANSACTION_LIMIT) {
1153 		pr_err("SELinux: %s:  context size (%u) exceeds "
1154 			"payload max\n", __func__, len);
1155 		goto out;
1156 	}
1157 
1158 	memcpy(buf, newcon, len);
1159 	length = len;
1160 out:
1161 	kfree(newcon);
1162 	kfree(tcon);
1163 	kfree(scon);
1164 	return length;
1165 }
1166 
1167 static struct inode *sel_make_inode(struct super_block *sb, int mode)
1168 {
1169 	struct inode *ret = new_inode(sb);
1170 
1171 	if (ret) {
1172 		ret->i_mode = mode;
1173 		ret->i_atime = ret->i_mtime = ret->i_ctime = current_time(ret);
1174 	}
1175 	return ret;
1176 }
1177 
1178 static ssize_t sel_read_bool(struct file *filep, char __user *buf,
1179 			     size_t count, loff_t *ppos)
1180 {
1181 	struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info;
1182 	char *page = NULL;
1183 	ssize_t length;
1184 	ssize_t ret;
1185 	int cur_enforcing;
1186 	unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
1187 	const char *name = filep->f_path.dentry->d_name.name;
1188 
1189 	mutex_lock(&fsi->mutex);
1190 
1191 	ret = -EINVAL;
1192 	if (index >= fsi->bool_num || strcmp(name,
1193 					     fsi->bool_pending_names[index]))
1194 		goto out_unlock;
1195 
1196 	ret = -ENOMEM;
1197 	page = (char *)get_zeroed_page(GFP_KERNEL);
1198 	if (!page)
1199 		goto out_unlock;
1200 
1201 	cur_enforcing = security_get_bool_value(fsi->state, index);
1202 	if (cur_enforcing < 0) {
1203 		ret = cur_enforcing;
1204 		goto out_unlock;
1205 	}
1206 	length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing,
1207 			  fsi->bool_pending_values[index]);
1208 	mutex_unlock(&fsi->mutex);
1209 	ret = simple_read_from_buffer(buf, count, ppos, page, length);
1210 out_free:
1211 	free_page((unsigned long)page);
1212 	return ret;
1213 
1214 out_unlock:
1215 	mutex_unlock(&fsi->mutex);
1216 	goto out_free;
1217 }
1218 
1219 static ssize_t sel_write_bool(struct file *filep, const char __user *buf,
1220 			      size_t count, loff_t *ppos)
1221 {
1222 	struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info;
1223 	char *page = NULL;
1224 	ssize_t length;
1225 	int new_value;
1226 	unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
1227 	const char *name = filep->f_path.dentry->d_name.name;
1228 
1229 	if (count >= PAGE_SIZE)
1230 		return -ENOMEM;
1231 
1232 	/* No partial writes. */
1233 	if (*ppos != 0)
1234 		return -EINVAL;
1235 
1236 	page = memdup_user_nul(buf, count);
1237 	if (IS_ERR(page))
1238 		return PTR_ERR(page);
1239 
1240 	mutex_lock(&fsi->mutex);
1241 
1242 	length = avc_has_perm(&selinux_state,
1243 			      current_sid(), SECINITSID_SECURITY,
1244 			      SECCLASS_SECURITY, SECURITY__SETBOOL,
1245 			      NULL);
1246 	if (length)
1247 		goto out;
1248 
1249 	length = -EINVAL;
1250 	if (index >= fsi->bool_num || strcmp(name,
1251 					     fsi->bool_pending_names[index]))
1252 		goto out;
1253 
1254 	length = -EINVAL;
1255 	if (sscanf(page, "%d", &new_value) != 1)
1256 		goto out;
1257 
1258 	if (new_value)
1259 		new_value = 1;
1260 
1261 	fsi->bool_pending_values[index] = new_value;
1262 	length = count;
1263 
1264 out:
1265 	mutex_unlock(&fsi->mutex);
1266 	kfree(page);
1267 	return length;
1268 }
1269 
1270 static const struct file_operations sel_bool_ops = {
1271 	.read		= sel_read_bool,
1272 	.write		= sel_write_bool,
1273 	.llseek		= generic_file_llseek,
1274 };
1275 
1276 static ssize_t sel_commit_bools_write(struct file *filep,
1277 				      const char __user *buf,
1278 				      size_t count, loff_t *ppos)
1279 {
1280 	struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info;
1281 	char *page = NULL;
1282 	ssize_t length;
1283 	int new_value;
1284 
1285 	if (count >= PAGE_SIZE)
1286 		return -ENOMEM;
1287 
1288 	/* No partial writes. */
1289 	if (*ppos != 0)
1290 		return -EINVAL;
1291 
1292 	page = memdup_user_nul(buf, count);
1293 	if (IS_ERR(page))
1294 		return PTR_ERR(page);
1295 
1296 	mutex_lock(&fsi->mutex);
1297 
1298 	length = avc_has_perm(&selinux_state,
1299 			      current_sid(), SECINITSID_SECURITY,
1300 			      SECCLASS_SECURITY, SECURITY__SETBOOL,
1301 			      NULL);
1302 	if (length)
1303 		goto out;
1304 
1305 	length = -EINVAL;
1306 	if (sscanf(page, "%d", &new_value) != 1)
1307 		goto out;
1308 
1309 	length = 0;
1310 	if (new_value && fsi->bool_pending_values)
1311 		length = security_set_bools(fsi->state, fsi->bool_num,
1312 					    fsi->bool_pending_values);
1313 
1314 	if (!length)
1315 		length = count;
1316 
1317 out:
1318 	mutex_unlock(&fsi->mutex);
1319 	kfree(page);
1320 	return length;
1321 }
1322 
1323 static const struct file_operations sel_commit_bools_ops = {
1324 	.write		= sel_commit_bools_write,
1325 	.llseek		= generic_file_llseek,
1326 };
1327 
1328 static void sel_remove_entries(struct dentry *de)
1329 {
1330 	d_genocide(de);
1331 	shrink_dcache_parent(de);
1332 }
1333 
1334 #define BOOL_DIR_NAME "booleans"
1335 
1336 static int sel_make_bools(struct selinux_fs_info *fsi)
1337 {
1338 	int ret;
1339 	ssize_t len;
1340 	struct dentry *dentry = NULL;
1341 	struct dentry *dir = fsi->bool_dir;
1342 	struct inode *inode = NULL;
1343 	struct inode_security_struct *isec;
1344 	char **names = NULL, *page;
1345 	u32 i, num;
1346 	int *values = NULL;
1347 	u32 sid;
1348 
1349 	/* remove any existing files */
1350 	for (i = 0; i < fsi->bool_num; i++)
1351 		kfree(fsi->bool_pending_names[i]);
1352 	kfree(fsi->bool_pending_names);
1353 	kfree(fsi->bool_pending_values);
1354 	fsi->bool_num = 0;
1355 	fsi->bool_pending_names = NULL;
1356 	fsi->bool_pending_values = NULL;
1357 
1358 	sel_remove_entries(dir);
1359 
1360 	ret = -ENOMEM;
1361 	page = (char *)get_zeroed_page(GFP_KERNEL);
1362 	if (!page)
1363 		goto out;
1364 
1365 	ret = security_get_bools(fsi->state, &num, &names, &values);
1366 	if (ret)
1367 		goto out;
1368 
1369 	for (i = 0; i < num; i++) {
1370 		ret = -ENOMEM;
1371 		dentry = d_alloc_name(dir, names[i]);
1372 		if (!dentry)
1373 			goto out;
1374 
1375 		ret = -ENOMEM;
1376 		inode = sel_make_inode(dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR);
1377 		if (!inode) {
1378 			dput(dentry);
1379 			goto out;
1380 		}
1381 
1382 		ret = -ENAMETOOLONG;
1383 		len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]);
1384 		if (len >= PAGE_SIZE) {
1385 			dput(dentry);
1386 			iput(inode);
1387 			goto out;
1388 		}
1389 
1390 		isec = selinux_inode(inode);
1391 		ret = security_genfs_sid(fsi->state, "selinuxfs", page,
1392 					 SECCLASS_FILE, &sid);
1393 		if (ret) {
1394 			pr_warn_ratelimited("SELinux: no sid found, defaulting to security isid for %s\n",
1395 					   page);
1396 			sid = SECINITSID_SECURITY;
1397 		}
1398 
1399 		isec->sid = sid;
1400 		isec->initialized = LABEL_INITIALIZED;
1401 		inode->i_fop = &sel_bool_ops;
1402 		inode->i_ino = i|SEL_BOOL_INO_OFFSET;
1403 		d_add(dentry, inode);
1404 	}
1405 	fsi->bool_num = num;
1406 	fsi->bool_pending_names = names;
1407 	fsi->bool_pending_values = values;
1408 
1409 	free_page((unsigned long)page);
1410 	return 0;
1411 out:
1412 	free_page((unsigned long)page);
1413 
1414 	if (names) {
1415 		for (i = 0; i < num; i++)
1416 			kfree(names[i]);
1417 		kfree(names);
1418 	}
1419 	kfree(values);
1420 	sel_remove_entries(dir);
1421 
1422 	return ret;
1423 }
1424 
1425 static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf,
1426 					    size_t count, loff_t *ppos)
1427 {
1428 	struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
1429 	struct selinux_state *state = fsi->state;
1430 	char tmpbuf[TMPBUFLEN];
1431 	ssize_t length;
1432 
1433 	length = scnprintf(tmpbuf, TMPBUFLEN, "%u",
1434 			   avc_get_cache_threshold(state->avc));
1435 	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
1436 }
1437 
1438 static ssize_t sel_write_avc_cache_threshold(struct file *file,
1439 					     const char __user *buf,
1440 					     size_t count, loff_t *ppos)
1441 
1442 {
1443 	struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
1444 	struct selinux_state *state = fsi->state;
1445 	char *page;
1446 	ssize_t ret;
1447 	unsigned int new_value;
1448 
1449 	ret = avc_has_perm(&selinux_state,
1450 			   current_sid(), SECINITSID_SECURITY,
1451 			   SECCLASS_SECURITY, SECURITY__SETSECPARAM,
1452 			   NULL);
1453 	if (ret)
1454 		return ret;
1455 
1456 	if (count >= PAGE_SIZE)
1457 		return -ENOMEM;
1458 
1459 	/* No partial writes. */
1460 	if (*ppos != 0)
1461 		return -EINVAL;
1462 
1463 	page = memdup_user_nul(buf, count);
1464 	if (IS_ERR(page))
1465 		return PTR_ERR(page);
1466 
1467 	ret = -EINVAL;
1468 	if (sscanf(page, "%u", &new_value) != 1)
1469 		goto out;
1470 
1471 	avc_set_cache_threshold(state->avc, new_value);
1472 
1473 	ret = count;
1474 out:
1475 	kfree(page);
1476 	return ret;
1477 }
1478 
1479 static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf,
1480 				       size_t count, loff_t *ppos)
1481 {
1482 	struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
1483 	struct selinux_state *state = fsi->state;
1484 	char *page;
1485 	ssize_t length;
1486 
1487 	page = (char *)__get_free_page(GFP_KERNEL);
1488 	if (!page)
1489 		return -ENOMEM;
1490 
1491 	length = avc_get_hash_stats(state->avc, page);
1492 	if (length >= 0)
1493 		length = simple_read_from_buffer(buf, count, ppos, page, length);
1494 	free_page((unsigned long)page);
1495 
1496 	return length;
1497 }
1498 
1499 static ssize_t sel_read_sidtab_hash_stats(struct file *filp, char __user *buf,
1500 					size_t count, loff_t *ppos)
1501 {
1502 	struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
1503 	struct selinux_state *state = fsi->state;
1504 	char *page;
1505 	ssize_t length;
1506 
1507 	page = (char *)__get_free_page(GFP_KERNEL);
1508 	if (!page)
1509 		return -ENOMEM;
1510 
1511 	length = security_sidtab_hash_stats(state, page);
1512 	if (length >= 0)
1513 		length = simple_read_from_buffer(buf, count, ppos, page,
1514 						length);
1515 	free_page((unsigned long)page);
1516 
1517 	return length;
1518 }
1519 
1520 static const struct file_operations sel_sidtab_hash_stats_ops = {
1521 	.read		= sel_read_sidtab_hash_stats,
1522 	.llseek		= generic_file_llseek,
1523 };
1524 
1525 static const struct file_operations sel_avc_cache_threshold_ops = {
1526 	.read		= sel_read_avc_cache_threshold,
1527 	.write		= sel_write_avc_cache_threshold,
1528 	.llseek		= generic_file_llseek,
1529 };
1530 
1531 static const struct file_operations sel_avc_hash_stats_ops = {
1532 	.read		= sel_read_avc_hash_stats,
1533 	.llseek		= generic_file_llseek,
1534 };
1535 
1536 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
1537 static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx)
1538 {
1539 	int cpu;
1540 
1541 	for (cpu = *idx; cpu < nr_cpu_ids; ++cpu) {
1542 		if (!cpu_possible(cpu))
1543 			continue;
1544 		*idx = cpu + 1;
1545 		return &per_cpu(avc_cache_stats, cpu);
1546 	}
1547 	(*idx)++;
1548 	return NULL;
1549 }
1550 
1551 static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos)
1552 {
1553 	loff_t n = *pos - 1;
1554 
1555 	if (*pos == 0)
1556 		return SEQ_START_TOKEN;
1557 
1558 	return sel_avc_get_stat_idx(&n);
1559 }
1560 
1561 static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1562 {
1563 	return sel_avc_get_stat_idx(pos);
1564 }
1565 
1566 static int sel_avc_stats_seq_show(struct seq_file *seq, void *v)
1567 {
1568 	struct avc_cache_stats *st = v;
1569 
1570 	if (v == SEQ_START_TOKEN) {
1571 		seq_puts(seq,
1572 			 "lookups hits misses allocations reclaims frees\n");
1573 	} else {
1574 		unsigned int lookups = st->lookups;
1575 		unsigned int misses = st->misses;
1576 		unsigned int hits = lookups - misses;
1577 		seq_printf(seq, "%u %u %u %u %u %u\n", lookups,
1578 			   hits, misses, st->allocations,
1579 			   st->reclaims, st->frees);
1580 	}
1581 	return 0;
1582 }
1583 
1584 static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v)
1585 { }
1586 
1587 static const struct seq_operations sel_avc_cache_stats_seq_ops = {
1588 	.start		= sel_avc_stats_seq_start,
1589 	.next		= sel_avc_stats_seq_next,
1590 	.show		= sel_avc_stats_seq_show,
1591 	.stop		= sel_avc_stats_seq_stop,
1592 };
1593 
1594 static int sel_open_avc_cache_stats(struct inode *inode, struct file *file)
1595 {
1596 	return seq_open(file, &sel_avc_cache_stats_seq_ops);
1597 }
1598 
1599 static const struct file_operations sel_avc_cache_stats_ops = {
1600 	.open		= sel_open_avc_cache_stats,
1601 	.read		= seq_read,
1602 	.llseek		= seq_lseek,
1603 	.release	= seq_release,
1604 };
1605 #endif
1606 
1607 static int sel_make_avc_files(struct dentry *dir)
1608 {
1609 	struct super_block *sb = dir->d_sb;
1610 	struct selinux_fs_info *fsi = sb->s_fs_info;
1611 	int i;
1612 	static const struct tree_descr files[] = {
1613 		{ "cache_threshold",
1614 		  &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR },
1615 		{ "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO },
1616 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
1617 		{ "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO },
1618 #endif
1619 	};
1620 
1621 	for (i = 0; i < ARRAY_SIZE(files); i++) {
1622 		struct inode *inode;
1623 		struct dentry *dentry;
1624 
1625 		dentry = d_alloc_name(dir, files[i].name);
1626 		if (!dentry)
1627 			return -ENOMEM;
1628 
1629 		inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode);
1630 		if (!inode) {
1631 			dput(dentry);
1632 			return -ENOMEM;
1633 		}
1634 
1635 		inode->i_fop = files[i].ops;
1636 		inode->i_ino = ++fsi->last_ino;
1637 		d_add(dentry, inode);
1638 	}
1639 
1640 	return 0;
1641 }
1642 
1643 static int sel_make_ss_files(struct dentry *dir)
1644 {
1645 	struct super_block *sb = dir->d_sb;
1646 	struct selinux_fs_info *fsi = sb->s_fs_info;
1647 	int i;
1648 	static struct tree_descr files[] = {
1649 		{ "sidtab_hash_stats", &sel_sidtab_hash_stats_ops, S_IRUGO },
1650 	};
1651 
1652 	for (i = 0; i < ARRAY_SIZE(files); i++) {
1653 		struct inode *inode;
1654 		struct dentry *dentry;
1655 
1656 		dentry = d_alloc_name(dir, files[i].name);
1657 		if (!dentry)
1658 			return -ENOMEM;
1659 
1660 		inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode);
1661 		if (!inode) {
1662 			dput(dentry);
1663 			return -ENOMEM;
1664 		}
1665 
1666 		inode->i_fop = files[i].ops;
1667 		inode->i_ino = ++fsi->last_ino;
1668 		d_add(dentry, inode);
1669 	}
1670 
1671 	return 0;
1672 }
1673 
1674 static ssize_t sel_read_initcon(struct file *file, char __user *buf,
1675 				size_t count, loff_t *ppos)
1676 {
1677 	struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
1678 	char *con;
1679 	u32 sid, len;
1680 	ssize_t ret;
1681 
1682 	sid = file_inode(file)->i_ino&SEL_INO_MASK;
1683 	ret = security_sid_to_context(fsi->state, sid, &con, &len);
1684 	if (ret)
1685 		return ret;
1686 
1687 	ret = simple_read_from_buffer(buf, count, ppos, con, len);
1688 	kfree(con);
1689 	return ret;
1690 }
1691 
1692 static const struct file_operations sel_initcon_ops = {
1693 	.read		= sel_read_initcon,
1694 	.llseek		= generic_file_llseek,
1695 };
1696 
1697 static int sel_make_initcon_files(struct dentry *dir)
1698 {
1699 	int i;
1700 
1701 	for (i = 1; i <= SECINITSID_NUM; i++) {
1702 		struct inode *inode;
1703 		struct dentry *dentry;
1704 		const char *s = security_get_initial_sid_context(i);
1705 
1706 		if (!s)
1707 			continue;
1708 		dentry = d_alloc_name(dir, s);
1709 		if (!dentry)
1710 			return -ENOMEM;
1711 
1712 		inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1713 		if (!inode) {
1714 			dput(dentry);
1715 			return -ENOMEM;
1716 		}
1717 
1718 		inode->i_fop = &sel_initcon_ops;
1719 		inode->i_ino = i|SEL_INITCON_INO_OFFSET;
1720 		d_add(dentry, inode);
1721 	}
1722 
1723 	return 0;
1724 }
1725 
1726 static inline unsigned long sel_class_to_ino(u16 class)
1727 {
1728 	return (class * (SEL_VEC_MAX + 1)) | SEL_CLASS_INO_OFFSET;
1729 }
1730 
1731 static inline u16 sel_ino_to_class(unsigned long ino)
1732 {
1733 	return (ino & SEL_INO_MASK) / (SEL_VEC_MAX + 1);
1734 }
1735 
1736 static inline unsigned long sel_perm_to_ino(u16 class, u32 perm)
1737 {
1738 	return (class * (SEL_VEC_MAX + 1) + perm) | SEL_CLASS_INO_OFFSET;
1739 }
1740 
1741 static inline u32 sel_ino_to_perm(unsigned long ino)
1742 {
1743 	return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1);
1744 }
1745 
1746 static ssize_t sel_read_class(struct file *file, char __user *buf,
1747 				size_t count, loff_t *ppos)
1748 {
1749 	unsigned long ino = file_inode(file)->i_ino;
1750 	char res[TMPBUFLEN];
1751 	ssize_t len = scnprintf(res, sizeof(res), "%d", sel_ino_to_class(ino));
1752 	return simple_read_from_buffer(buf, count, ppos, res, len);
1753 }
1754 
1755 static const struct file_operations sel_class_ops = {
1756 	.read		= sel_read_class,
1757 	.llseek		= generic_file_llseek,
1758 };
1759 
1760 static ssize_t sel_read_perm(struct file *file, char __user *buf,
1761 				size_t count, loff_t *ppos)
1762 {
1763 	unsigned long ino = file_inode(file)->i_ino;
1764 	char res[TMPBUFLEN];
1765 	ssize_t len = scnprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino));
1766 	return simple_read_from_buffer(buf, count, ppos, res, len);
1767 }
1768 
1769 static const struct file_operations sel_perm_ops = {
1770 	.read		= sel_read_perm,
1771 	.llseek		= generic_file_llseek,
1772 };
1773 
1774 static ssize_t sel_read_policycap(struct file *file, char __user *buf,
1775 				  size_t count, loff_t *ppos)
1776 {
1777 	struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
1778 	int value;
1779 	char tmpbuf[TMPBUFLEN];
1780 	ssize_t length;
1781 	unsigned long i_ino = file_inode(file)->i_ino;
1782 
1783 	value = security_policycap_supported(fsi->state, i_ino & SEL_INO_MASK);
1784 	length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value);
1785 
1786 	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
1787 }
1788 
1789 static const struct file_operations sel_policycap_ops = {
1790 	.read		= sel_read_policycap,
1791 	.llseek		= generic_file_llseek,
1792 };
1793 
1794 static int sel_make_perm_files(char *objclass, int classvalue,
1795 				struct dentry *dir)
1796 {
1797 	struct selinux_fs_info *fsi = dir->d_sb->s_fs_info;
1798 	int i, rc, nperms;
1799 	char **perms;
1800 
1801 	rc = security_get_permissions(fsi->state, objclass, &perms, &nperms);
1802 	if (rc)
1803 		return rc;
1804 
1805 	for (i = 0; i < nperms; i++) {
1806 		struct inode *inode;
1807 		struct dentry *dentry;
1808 
1809 		rc = -ENOMEM;
1810 		dentry = d_alloc_name(dir, perms[i]);
1811 		if (!dentry)
1812 			goto out;
1813 
1814 		rc = -ENOMEM;
1815 		inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1816 		if (!inode) {
1817 			dput(dentry);
1818 			goto out;
1819 		}
1820 
1821 		inode->i_fop = &sel_perm_ops;
1822 		/* i+1 since perm values are 1-indexed */
1823 		inode->i_ino = sel_perm_to_ino(classvalue, i + 1);
1824 		d_add(dentry, inode);
1825 	}
1826 	rc = 0;
1827 out:
1828 	for (i = 0; i < nperms; i++)
1829 		kfree(perms[i]);
1830 	kfree(perms);
1831 	return rc;
1832 }
1833 
1834 static int sel_make_class_dir_entries(char *classname, int index,
1835 					struct dentry *dir)
1836 {
1837 	struct super_block *sb = dir->d_sb;
1838 	struct selinux_fs_info *fsi = sb->s_fs_info;
1839 	struct dentry *dentry = NULL;
1840 	struct inode *inode = NULL;
1841 	int rc;
1842 
1843 	dentry = d_alloc_name(dir, "index");
1844 	if (!dentry)
1845 		return -ENOMEM;
1846 
1847 	inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1848 	if (!inode) {
1849 		dput(dentry);
1850 		return -ENOMEM;
1851 	}
1852 
1853 	inode->i_fop = &sel_class_ops;
1854 	inode->i_ino = sel_class_to_ino(index);
1855 	d_add(dentry, inode);
1856 
1857 	dentry = sel_make_dir(dir, "perms", &fsi->last_class_ino);
1858 	if (IS_ERR(dentry))
1859 		return PTR_ERR(dentry);
1860 
1861 	rc = sel_make_perm_files(classname, index, dentry);
1862 
1863 	return rc;
1864 }
1865 
1866 static int sel_make_classes(struct selinux_fs_info *fsi)
1867 {
1868 
1869 	int rc, nclasses, i;
1870 	char **classes;
1871 
1872 	/* delete any existing entries */
1873 	sel_remove_entries(fsi->class_dir);
1874 
1875 	rc = security_get_classes(fsi->state, &classes, &nclasses);
1876 	if (rc)
1877 		return rc;
1878 
1879 	/* +2 since classes are 1-indexed */
1880 	fsi->last_class_ino = sel_class_to_ino(nclasses + 2);
1881 
1882 	for (i = 0; i < nclasses; i++) {
1883 		struct dentry *class_name_dir;
1884 
1885 		class_name_dir = sel_make_dir(fsi->class_dir, classes[i],
1886 					      &fsi->last_class_ino);
1887 		if (IS_ERR(class_name_dir)) {
1888 			rc = PTR_ERR(class_name_dir);
1889 			goto out;
1890 		}
1891 
1892 		/* i+1 since class values are 1-indexed */
1893 		rc = sel_make_class_dir_entries(classes[i], i + 1,
1894 				class_name_dir);
1895 		if (rc)
1896 			goto out;
1897 	}
1898 	rc = 0;
1899 out:
1900 	for (i = 0; i < nclasses; i++)
1901 		kfree(classes[i]);
1902 	kfree(classes);
1903 	return rc;
1904 }
1905 
1906 static int sel_make_policycap(struct selinux_fs_info *fsi)
1907 {
1908 	unsigned int iter;
1909 	struct dentry *dentry = NULL;
1910 	struct inode *inode = NULL;
1911 
1912 	sel_remove_entries(fsi->policycap_dir);
1913 
1914 	for (iter = 0; iter <= POLICYDB_CAPABILITY_MAX; iter++) {
1915 		if (iter < ARRAY_SIZE(selinux_policycap_names))
1916 			dentry = d_alloc_name(fsi->policycap_dir,
1917 					      selinux_policycap_names[iter]);
1918 		else
1919 			dentry = d_alloc_name(fsi->policycap_dir, "unknown");
1920 
1921 		if (dentry == NULL)
1922 			return -ENOMEM;
1923 
1924 		inode = sel_make_inode(fsi->sb, S_IFREG | 0444);
1925 		if (inode == NULL) {
1926 			dput(dentry);
1927 			return -ENOMEM;
1928 		}
1929 
1930 		inode->i_fop = &sel_policycap_ops;
1931 		inode->i_ino = iter | SEL_POLICYCAP_INO_OFFSET;
1932 		d_add(dentry, inode);
1933 	}
1934 
1935 	return 0;
1936 }
1937 
1938 static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
1939 			unsigned long *ino)
1940 {
1941 	struct dentry *dentry = d_alloc_name(dir, name);
1942 	struct inode *inode;
1943 
1944 	if (!dentry)
1945 		return ERR_PTR(-ENOMEM);
1946 
1947 	inode = sel_make_inode(dir->d_sb, S_IFDIR | S_IRUGO | S_IXUGO);
1948 	if (!inode) {
1949 		dput(dentry);
1950 		return ERR_PTR(-ENOMEM);
1951 	}
1952 
1953 	inode->i_op = &simple_dir_inode_operations;
1954 	inode->i_fop = &simple_dir_operations;
1955 	inode->i_ino = ++(*ino);
1956 	/* directory inodes start off with i_nlink == 2 (for "." entry) */
1957 	inc_nlink(inode);
1958 	d_add(dentry, inode);
1959 	/* bump link count on parent directory, too */
1960 	inc_nlink(d_inode(dir));
1961 
1962 	return dentry;
1963 }
1964 
1965 #define NULL_FILE_NAME "null"
1966 
1967 static int sel_fill_super(struct super_block *sb, struct fs_context *fc)
1968 {
1969 	struct selinux_fs_info *fsi;
1970 	int ret;
1971 	struct dentry *dentry;
1972 	struct inode *inode;
1973 	struct inode_security_struct *isec;
1974 
1975 	static const struct tree_descr selinux_files[] = {
1976 		[SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR},
1977 		[SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR},
1978 		[SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO},
1979 		[SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO},
1980 		[SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO},
1981 		[SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO},
1982 		[SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO},
1983 		[SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO},
1984 		[SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR},
1985 		[SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO},
1986 		[SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR},
1987 		[SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO},
1988 		[SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR},
1989 		[SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO},
1990 		[SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO},
1991 		[SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO},
1992 		[SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO},
1993 		[SEL_VALIDATE_TRANS] = {"validatetrans", &sel_transition_ops,
1994 					S_IWUGO},
1995 		/* last one */ {""}
1996 	};
1997 
1998 	ret = selinux_fs_info_create(sb);
1999 	if (ret)
2000 		goto err;
2001 
2002 	ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);
2003 	if (ret)
2004 		goto err;
2005 
2006 	fsi = sb->s_fs_info;
2007 	fsi->bool_dir = sel_make_dir(sb->s_root, BOOL_DIR_NAME, &fsi->last_ino);
2008 	if (IS_ERR(fsi->bool_dir)) {
2009 		ret = PTR_ERR(fsi->bool_dir);
2010 		fsi->bool_dir = NULL;
2011 		goto err;
2012 	}
2013 
2014 	ret = -ENOMEM;
2015 	dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME);
2016 	if (!dentry)
2017 		goto err;
2018 
2019 	ret = -ENOMEM;
2020 	inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO);
2021 	if (!inode) {
2022 		dput(dentry);
2023 		goto err;
2024 	}
2025 
2026 	inode->i_ino = ++fsi->last_ino;
2027 	isec = selinux_inode(inode);
2028 	isec->sid = SECINITSID_DEVNULL;
2029 	isec->sclass = SECCLASS_CHR_FILE;
2030 	isec->initialized = LABEL_INITIALIZED;
2031 
2032 	init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3));
2033 	d_add(dentry, inode);
2034 
2035 	dentry = sel_make_dir(sb->s_root, "avc", &fsi->last_ino);
2036 	if (IS_ERR(dentry)) {
2037 		ret = PTR_ERR(dentry);
2038 		goto err;
2039 	}
2040 
2041 	ret = sel_make_avc_files(dentry);
2042 
2043 	dentry = sel_make_dir(sb->s_root, "ss", &fsi->last_ino);
2044 	if (IS_ERR(dentry)) {
2045 		ret = PTR_ERR(dentry);
2046 		goto err;
2047 	}
2048 
2049 	ret = sel_make_ss_files(dentry);
2050 	if (ret)
2051 		goto err;
2052 
2053 	dentry = sel_make_dir(sb->s_root, "initial_contexts", &fsi->last_ino);
2054 	if (IS_ERR(dentry)) {
2055 		ret = PTR_ERR(dentry);
2056 		goto err;
2057 	}
2058 
2059 	ret = sel_make_initcon_files(dentry);
2060 	if (ret)
2061 		goto err;
2062 
2063 	fsi->class_dir = sel_make_dir(sb->s_root, "class", &fsi->last_ino);
2064 	if (IS_ERR(fsi->class_dir)) {
2065 		ret = PTR_ERR(fsi->class_dir);
2066 		fsi->class_dir = NULL;
2067 		goto err;
2068 	}
2069 
2070 	fsi->policycap_dir = sel_make_dir(sb->s_root, "policy_capabilities",
2071 					  &fsi->last_ino);
2072 	if (IS_ERR(fsi->policycap_dir)) {
2073 		ret = PTR_ERR(fsi->policycap_dir);
2074 		fsi->policycap_dir = NULL;
2075 		goto err;
2076 	}
2077 
2078 	ret = sel_make_policy_nodes(fsi);
2079 	if (ret)
2080 		goto err;
2081 	return 0;
2082 err:
2083 	pr_err("SELinux: %s:  failed while creating inodes\n",
2084 		__func__);
2085 
2086 	selinux_fs_info_free(sb);
2087 
2088 	return ret;
2089 }
2090 
2091 static int sel_get_tree(struct fs_context *fc)
2092 {
2093 	return get_tree_single(fc, sel_fill_super);
2094 }
2095 
2096 static const struct fs_context_operations sel_context_ops = {
2097 	.get_tree	= sel_get_tree,
2098 };
2099 
2100 static int sel_init_fs_context(struct fs_context *fc)
2101 {
2102 	fc->ops = &sel_context_ops;
2103 	return 0;
2104 }
2105 
2106 static void sel_kill_sb(struct super_block *sb)
2107 {
2108 	selinux_fs_info_free(sb);
2109 	kill_litter_super(sb);
2110 }
2111 
2112 static struct file_system_type sel_fs_type = {
2113 	.name		= "selinuxfs",
2114 	.init_fs_context = sel_init_fs_context,
2115 	.kill_sb	= sel_kill_sb,
2116 };
2117 
2118 struct vfsmount *selinuxfs_mount;
2119 struct path selinux_null;
2120 
2121 static int __init init_sel_fs(void)
2122 {
2123 	struct qstr null_name = QSTR_INIT(NULL_FILE_NAME,
2124 					  sizeof(NULL_FILE_NAME)-1);
2125 	int err;
2126 
2127 	if (!selinux_enabled_boot)
2128 		return 0;
2129 
2130 	err = sysfs_create_mount_point(fs_kobj, "selinux");
2131 	if (err)
2132 		return err;
2133 
2134 	err = register_filesystem(&sel_fs_type);
2135 	if (err) {
2136 		sysfs_remove_mount_point(fs_kobj, "selinux");
2137 		return err;
2138 	}
2139 
2140 	selinux_null.mnt = selinuxfs_mount = kern_mount(&sel_fs_type);
2141 	if (IS_ERR(selinuxfs_mount)) {
2142 		pr_err("selinuxfs:  could not mount!\n");
2143 		err = PTR_ERR(selinuxfs_mount);
2144 		selinuxfs_mount = NULL;
2145 	}
2146 	selinux_null.dentry = d_hash_and_lookup(selinux_null.mnt->mnt_root,
2147 						&null_name);
2148 	if (IS_ERR(selinux_null.dentry)) {
2149 		pr_err("selinuxfs:  could not lookup null!\n");
2150 		err = PTR_ERR(selinux_null.dentry);
2151 		selinux_null.dentry = NULL;
2152 	}
2153 
2154 	return err;
2155 }
2156 
2157 __initcall(init_sel_fs);
2158 
2159 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
2160 void exit_sel_fs(void)
2161 {
2162 	sysfs_remove_mount_point(fs_kobj, "selinux");
2163 	dput(selinux_null.dentry);
2164 	kern_unmount(selinuxfs_mount);
2165 	unregister_filesystem(&sel_fs_type);
2166 }
2167 #endif
2168