1 /* Updated: Karl MacMillan <kmacmillan@tresys.com> 2 * 3 * Added conditional policy language extensions 4 * 5 * Updated: Hewlett-Packard <paul@paul-moore.com> 6 * 7 * Added support for the policy capability bitmap 8 * 9 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 10 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 11 * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 12 * This program is free software; you can redistribute it and/or modify 13 * it under the terms of the GNU General Public License as published by 14 * the Free Software Foundation, version 2. 15 */ 16 17 #include <linux/kernel.h> 18 #include <linux/pagemap.h> 19 #include <linux/slab.h> 20 #include <linux/vmalloc.h> 21 #include <linux/fs.h> 22 #include <linux/mutex.h> 23 #include <linux/init.h> 24 #include <linux/string.h> 25 #include <linux/security.h> 26 #include <linux/major.h> 27 #include <linux/seq_file.h> 28 #include <linux/percpu.h> 29 #include <linux/audit.h> 30 #include <linux/uaccess.h> 31 #include <linux/kobject.h> 32 #include <linux/ctype.h> 33 34 /* selinuxfs pseudo filesystem for exporting the security policy API. 35 Based on the proc code and the fs/nfsd/nfsctl.c code. */ 36 37 #include "flask.h" 38 #include "avc.h" 39 #include "avc_ss.h" 40 #include "security.h" 41 #include "objsec.h" 42 #include "conditional.h" 43 44 unsigned int selinux_checkreqprot = CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE; 45 46 static int __init checkreqprot_setup(char *str) 47 { 48 unsigned long checkreqprot; 49 if (!kstrtoul(str, 0, &checkreqprot)) 50 selinux_checkreqprot = checkreqprot ? 1 : 0; 51 return 1; 52 } 53 __setup("checkreqprot=", checkreqprot_setup); 54 55 static DEFINE_MUTEX(sel_mutex); 56 57 /* global data for booleans */ 58 static struct dentry *bool_dir; 59 static int bool_num; 60 static char **bool_pending_names; 61 static int *bool_pending_values; 62 63 /* global data for classes */ 64 static struct dentry *class_dir; 65 static unsigned long last_class_ino; 66 67 static char policy_opened; 68 69 /* global data for policy capabilities */ 70 static struct dentry *policycap_dir; 71 72 enum sel_inos { 73 SEL_ROOT_INO = 2, 74 SEL_LOAD, /* load policy */ 75 SEL_ENFORCE, /* get or set enforcing status */ 76 SEL_CONTEXT, /* validate context */ 77 SEL_ACCESS, /* compute access decision */ 78 SEL_CREATE, /* compute create labeling decision */ 79 SEL_RELABEL, /* compute relabeling decision */ 80 SEL_USER, /* compute reachable user contexts */ 81 SEL_POLICYVERS, /* return policy version for this kernel */ 82 SEL_COMMIT_BOOLS, /* commit new boolean values */ 83 SEL_MLS, /* return if MLS policy is enabled */ 84 SEL_DISABLE, /* disable SELinux until next reboot */ 85 SEL_MEMBER, /* compute polyinstantiation membership decision */ 86 SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */ 87 SEL_COMPAT_NET, /* whether to use old compat network packet controls */ 88 SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */ 89 SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */ 90 SEL_STATUS, /* export current status using mmap() */ 91 SEL_POLICY, /* allow userspace to read the in kernel policy */ 92 SEL_VALIDATE_TRANS, /* compute validatetrans decision */ 93 SEL_INO_NEXT, /* The next inode number to use */ 94 }; 95 96 static unsigned long sel_last_ino = SEL_INO_NEXT - 1; 97 98 #define SEL_INITCON_INO_OFFSET 0x01000000 99 #define SEL_BOOL_INO_OFFSET 0x02000000 100 #define SEL_CLASS_INO_OFFSET 0x04000000 101 #define SEL_POLICYCAP_INO_OFFSET 0x08000000 102 #define SEL_INO_MASK 0x00ffffff 103 104 #define TMPBUFLEN 12 105 static ssize_t sel_read_enforce(struct file *filp, char __user *buf, 106 size_t count, loff_t *ppos) 107 { 108 char tmpbuf[TMPBUFLEN]; 109 ssize_t length; 110 111 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", selinux_enforcing); 112 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 113 } 114 115 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP 116 static ssize_t sel_write_enforce(struct file *file, const char __user *buf, 117 size_t count, loff_t *ppos) 118 119 { 120 char *page = NULL; 121 ssize_t length; 122 int new_value; 123 124 if (count >= PAGE_SIZE) 125 return -ENOMEM; 126 127 /* No partial writes. */ 128 if (*ppos != 0) 129 return -EINVAL; 130 131 page = memdup_user_nul(buf, count); 132 if (IS_ERR(page)) 133 return PTR_ERR(page); 134 135 length = -EINVAL; 136 if (sscanf(page, "%d", &new_value) != 1) 137 goto out; 138 139 new_value = !!new_value; 140 141 if (new_value != selinux_enforcing) { 142 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 143 SECCLASS_SECURITY, SECURITY__SETENFORCE, 144 NULL); 145 if (length) 146 goto out; 147 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, 148 "enforcing=%d old_enforcing=%d auid=%u ses=%u", 149 new_value, selinux_enforcing, 150 from_kuid(&init_user_ns, audit_get_loginuid(current)), 151 audit_get_sessionid(current)); 152 selinux_enforcing = new_value; 153 if (selinux_enforcing) 154 avc_ss_reset(0); 155 selnl_notify_setenforce(selinux_enforcing); 156 selinux_status_update_setenforce(selinux_enforcing); 157 if (!selinux_enforcing) 158 call_lsm_notifier(LSM_POLICY_CHANGE, NULL); 159 } 160 length = count; 161 out: 162 kfree(page); 163 return length; 164 } 165 #else 166 #define sel_write_enforce NULL 167 #endif 168 169 static const struct file_operations sel_enforce_ops = { 170 .read = sel_read_enforce, 171 .write = sel_write_enforce, 172 .llseek = generic_file_llseek, 173 }; 174 175 static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf, 176 size_t count, loff_t *ppos) 177 { 178 char tmpbuf[TMPBUFLEN]; 179 ssize_t length; 180 ino_t ino = file_inode(filp)->i_ino; 181 int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ? 182 security_get_reject_unknown() : !security_get_allow_unknown(); 183 184 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown); 185 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 186 } 187 188 static const struct file_operations sel_handle_unknown_ops = { 189 .read = sel_read_handle_unknown, 190 .llseek = generic_file_llseek, 191 }; 192 193 static int sel_open_handle_status(struct inode *inode, struct file *filp) 194 { 195 struct page *status = selinux_kernel_status_page(); 196 197 if (!status) 198 return -ENOMEM; 199 200 filp->private_data = status; 201 202 return 0; 203 } 204 205 static ssize_t sel_read_handle_status(struct file *filp, char __user *buf, 206 size_t count, loff_t *ppos) 207 { 208 struct page *status = filp->private_data; 209 210 BUG_ON(!status); 211 212 return simple_read_from_buffer(buf, count, ppos, 213 page_address(status), 214 sizeof(struct selinux_kernel_status)); 215 } 216 217 static int sel_mmap_handle_status(struct file *filp, 218 struct vm_area_struct *vma) 219 { 220 struct page *status = filp->private_data; 221 unsigned long size = vma->vm_end - vma->vm_start; 222 223 BUG_ON(!status); 224 225 /* only allows one page from the head */ 226 if (vma->vm_pgoff > 0 || size != PAGE_SIZE) 227 return -EIO; 228 /* disallow writable mapping */ 229 if (vma->vm_flags & VM_WRITE) 230 return -EPERM; 231 /* disallow mprotect() turns it into writable */ 232 vma->vm_flags &= ~VM_MAYWRITE; 233 234 return remap_pfn_range(vma, vma->vm_start, 235 page_to_pfn(status), 236 size, vma->vm_page_prot); 237 } 238 239 static const struct file_operations sel_handle_status_ops = { 240 .open = sel_open_handle_status, 241 .read = sel_read_handle_status, 242 .mmap = sel_mmap_handle_status, 243 .llseek = generic_file_llseek, 244 }; 245 246 #ifdef CONFIG_SECURITY_SELINUX_DISABLE 247 static ssize_t sel_write_disable(struct file *file, const char __user *buf, 248 size_t count, loff_t *ppos) 249 250 { 251 char *page; 252 ssize_t length; 253 int new_value; 254 255 if (count >= PAGE_SIZE) 256 return -ENOMEM; 257 258 /* No partial writes. */ 259 if (*ppos != 0) 260 return -EINVAL; 261 262 page = memdup_user_nul(buf, count); 263 if (IS_ERR(page)) 264 return PTR_ERR(page); 265 266 length = -EINVAL; 267 if (sscanf(page, "%d", &new_value) != 1) 268 goto out; 269 270 if (new_value) { 271 length = selinux_disable(); 272 if (length) 273 goto out; 274 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, 275 "selinux=0 auid=%u ses=%u", 276 from_kuid(&init_user_ns, audit_get_loginuid(current)), 277 audit_get_sessionid(current)); 278 } 279 280 length = count; 281 out: 282 kfree(page); 283 return length; 284 } 285 #else 286 #define sel_write_disable NULL 287 #endif 288 289 static const struct file_operations sel_disable_ops = { 290 .write = sel_write_disable, 291 .llseek = generic_file_llseek, 292 }; 293 294 static ssize_t sel_read_policyvers(struct file *filp, char __user *buf, 295 size_t count, loff_t *ppos) 296 { 297 char tmpbuf[TMPBUFLEN]; 298 ssize_t length; 299 300 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX); 301 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 302 } 303 304 static const struct file_operations sel_policyvers_ops = { 305 .read = sel_read_policyvers, 306 .llseek = generic_file_llseek, 307 }; 308 309 /* declaration for sel_write_load */ 310 static int sel_make_bools(void); 311 static int sel_make_classes(void); 312 static int sel_make_policycap(void); 313 314 /* declaration for sel_make_class_dirs */ 315 static struct dentry *sel_make_dir(struct dentry *dir, const char *name, 316 unsigned long *ino); 317 318 static ssize_t sel_read_mls(struct file *filp, char __user *buf, 319 size_t count, loff_t *ppos) 320 { 321 char tmpbuf[TMPBUFLEN]; 322 ssize_t length; 323 324 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", 325 security_mls_enabled()); 326 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 327 } 328 329 static const struct file_operations sel_mls_ops = { 330 .read = sel_read_mls, 331 .llseek = generic_file_llseek, 332 }; 333 334 struct policy_load_memory { 335 size_t len; 336 void *data; 337 }; 338 339 static int sel_open_policy(struct inode *inode, struct file *filp) 340 { 341 struct policy_load_memory *plm = NULL; 342 int rc; 343 344 BUG_ON(filp->private_data); 345 346 mutex_lock(&sel_mutex); 347 348 rc = avc_has_perm(current_sid(), SECINITSID_SECURITY, 349 SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL); 350 if (rc) 351 goto err; 352 353 rc = -EBUSY; 354 if (policy_opened) 355 goto err; 356 357 rc = -ENOMEM; 358 plm = kzalloc(sizeof(*plm), GFP_KERNEL); 359 if (!plm) 360 goto err; 361 362 if (i_size_read(inode) != security_policydb_len()) { 363 inode_lock(inode); 364 i_size_write(inode, security_policydb_len()); 365 inode_unlock(inode); 366 } 367 368 rc = security_read_policy(&plm->data, &plm->len); 369 if (rc) 370 goto err; 371 372 policy_opened = 1; 373 374 filp->private_data = plm; 375 376 mutex_unlock(&sel_mutex); 377 378 return 0; 379 err: 380 mutex_unlock(&sel_mutex); 381 382 if (plm) 383 vfree(plm->data); 384 kfree(plm); 385 return rc; 386 } 387 388 static int sel_release_policy(struct inode *inode, struct file *filp) 389 { 390 struct policy_load_memory *plm = filp->private_data; 391 392 BUG_ON(!plm); 393 394 policy_opened = 0; 395 396 vfree(plm->data); 397 kfree(plm); 398 399 return 0; 400 } 401 402 static ssize_t sel_read_policy(struct file *filp, char __user *buf, 403 size_t count, loff_t *ppos) 404 { 405 struct policy_load_memory *plm = filp->private_data; 406 int ret; 407 408 mutex_lock(&sel_mutex); 409 410 ret = avc_has_perm(current_sid(), SECINITSID_SECURITY, 411 SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL); 412 if (ret) 413 goto out; 414 415 ret = simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); 416 out: 417 mutex_unlock(&sel_mutex); 418 return ret; 419 } 420 421 static int sel_mmap_policy_fault(struct vm_fault *vmf) 422 { 423 struct policy_load_memory *plm = vmf->vma->vm_file->private_data; 424 unsigned long offset; 425 struct page *page; 426 427 if (vmf->flags & (FAULT_FLAG_MKWRITE | FAULT_FLAG_WRITE)) 428 return VM_FAULT_SIGBUS; 429 430 offset = vmf->pgoff << PAGE_SHIFT; 431 if (offset >= roundup(plm->len, PAGE_SIZE)) 432 return VM_FAULT_SIGBUS; 433 434 page = vmalloc_to_page(plm->data + offset); 435 get_page(page); 436 437 vmf->page = page; 438 439 return 0; 440 } 441 442 static const struct vm_operations_struct sel_mmap_policy_ops = { 443 .fault = sel_mmap_policy_fault, 444 .page_mkwrite = sel_mmap_policy_fault, 445 }; 446 447 static int sel_mmap_policy(struct file *filp, struct vm_area_struct *vma) 448 { 449 if (vma->vm_flags & VM_SHARED) { 450 /* do not allow mprotect to make mapping writable */ 451 vma->vm_flags &= ~VM_MAYWRITE; 452 453 if (vma->vm_flags & VM_WRITE) 454 return -EACCES; 455 } 456 457 vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP; 458 vma->vm_ops = &sel_mmap_policy_ops; 459 460 return 0; 461 } 462 463 static const struct file_operations sel_policy_ops = { 464 .open = sel_open_policy, 465 .read = sel_read_policy, 466 .mmap = sel_mmap_policy, 467 .release = sel_release_policy, 468 .llseek = generic_file_llseek, 469 }; 470 471 static ssize_t sel_write_load(struct file *file, const char __user *buf, 472 size_t count, loff_t *ppos) 473 474 { 475 ssize_t length; 476 void *data = NULL; 477 478 mutex_lock(&sel_mutex); 479 480 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 481 SECCLASS_SECURITY, SECURITY__LOAD_POLICY, NULL); 482 if (length) 483 goto out; 484 485 /* No partial writes. */ 486 length = -EINVAL; 487 if (*ppos != 0) 488 goto out; 489 490 length = -EFBIG; 491 if (count > 64 * 1024 * 1024) 492 goto out; 493 494 length = -ENOMEM; 495 data = vmalloc(count); 496 if (!data) 497 goto out; 498 499 length = -EFAULT; 500 if (copy_from_user(data, buf, count) != 0) 501 goto out; 502 503 length = security_load_policy(data, count); 504 if (length) { 505 pr_warn_ratelimited("SELinux: failed to load policy\n"); 506 goto out; 507 } 508 509 length = sel_make_bools(); 510 if (length) { 511 pr_err("SELinux: failed to load policy booleans\n"); 512 goto out1; 513 } 514 515 length = sel_make_classes(); 516 if (length) { 517 pr_err("SELinux: failed to load policy classes\n"); 518 goto out1; 519 } 520 521 length = sel_make_policycap(); 522 if (length) { 523 pr_err("SELinux: failed to load policy capabilities\n"); 524 goto out1; 525 } 526 527 length = count; 528 529 out1: 530 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, 531 "policy loaded auid=%u ses=%u", 532 from_kuid(&init_user_ns, audit_get_loginuid(current)), 533 audit_get_sessionid(current)); 534 out: 535 mutex_unlock(&sel_mutex); 536 vfree(data); 537 return length; 538 } 539 540 static const struct file_operations sel_load_ops = { 541 .write = sel_write_load, 542 .llseek = generic_file_llseek, 543 }; 544 545 static ssize_t sel_write_context(struct file *file, char *buf, size_t size) 546 { 547 char *canon = NULL; 548 u32 sid, len; 549 ssize_t length; 550 551 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 552 SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, NULL); 553 if (length) 554 goto out; 555 556 length = security_context_to_sid(buf, size, &sid, GFP_KERNEL); 557 if (length) 558 goto out; 559 560 length = security_sid_to_context(sid, &canon, &len); 561 if (length) 562 goto out; 563 564 length = -ERANGE; 565 if (len > SIMPLE_TRANSACTION_LIMIT) { 566 printk(KERN_ERR "SELinux: %s: context size (%u) exceeds " 567 "payload max\n", __func__, len); 568 goto out; 569 } 570 571 memcpy(buf, canon, len); 572 length = len; 573 out: 574 kfree(canon); 575 return length; 576 } 577 578 static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf, 579 size_t count, loff_t *ppos) 580 { 581 char tmpbuf[TMPBUFLEN]; 582 ssize_t length; 583 584 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", selinux_checkreqprot); 585 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 586 } 587 588 static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, 589 size_t count, loff_t *ppos) 590 { 591 char *page; 592 ssize_t length; 593 unsigned int new_value; 594 595 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 596 SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT, 597 NULL); 598 if (length) 599 return length; 600 601 if (count >= PAGE_SIZE) 602 return -ENOMEM; 603 604 /* No partial writes. */ 605 if (*ppos != 0) 606 return -EINVAL; 607 608 page = memdup_user_nul(buf, count); 609 if (IS_ERR(page)) 610 return PTR_ERR(page); 611 612 length = -EINVAL; 613 if (sscanf(page, "%u", &new_value) != 1) 614 goto out; 615 616 selinux_checkreqprot = new_value ? 1 : 0; 617 length = count; 618 out: 619 kfree(page); 620 return length; 621 } 622 static const struct file_operations sel_checkreqprot_ops = { 623 .read = sel_read_checkreqprot, 624 .write = sel_write_checkreqprot, 625 .llseek = generic_file_llseek, 626 }; 627 628 static ssize_t sel_write_validatetrans(struct file *file, 629 const char __user *buf, 630 size_t count, loff_t *ppos) 631 { 632 char *oldcon = NULL, *newcon = NULL, *taskcon = NULL; 633 char *req = NULL; 634 u32 osid, nsid, tsid; 635 u16 tclass; 636 int rc; 637 638 rc = avc_has_perm(current_sid(), SECINITSID_SECURITY, 639 SECCLASS_SECURITY, SECURITY__VALIDATE_TRANS, NULL); 640 if (rc) 641 goto out; 642 643 rc = -ENOMEM; 644 if (count >= PAGE_SIZE) 645 goto out; 646 647 /* No partial writes. */ 648 rc = -EINVAL; 649 if (*ppos != 0) 650 goto out; 651 652 req = memdup_user_nul(buf, count); 653 if (IS_ERR(req)) { 654 rc = PTR_ERR(req); 655 req = NULL; 656 goto out; 657 } 658 659 rc = -ENOMEM; 660 oldcon = kzalloc(count + 1, GFP_KERNEL); 661 if (!oldcon) 662 goto out; 663 664 newcon = kzalloc(count + 1, GFP_KERNEL); 665 if (!newcon) 666 goto out; 667 668 taskcon = kzalloc(count + 1, GFP_KERNEL); 669 if (!taskcon) 670 goto out; 671 672 rc = -EINVAL; 673 if (sscanf(req, "%s %s %hu %s", oldcon, newcon, &tclass, taskcon) != 4) 674 goto out; 675 676 rc = security_context_str_to_sid(oldcon, &osid, GFP_KERNEL); 677 if (rc) 678 goto out; 679 680 rc = security_context_str_to_sid(newcon, &nsid, GFP_KERNEL); 681 if (rc) 682 goto out; 683 684 rc = security_context_str_to_sid(taskcon, &tsid, GFP_KERNEL); 685 if (rc) 686 goto out; 687 688 rc = security_validate_transition_user(osid, nsid, tsid, tclass); 689 if (!rc) 690 rc = count; 691 out: 692 kfree(req); 693 kfree(oldcon); 694 kfree(newcon); 695 kfree(taskcon); 696 return rc; 697 } 698 699 static const struct file_operations sel_transition_ops = { 700 .write = sel_write_validatetrans, 701 .llseek = generic_file_llseek, 702 }; 703 704 /* 705 * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c 706 */ 707 static ssize_t sel_write_access(struct file *file, char *buf, size_t size); 708 static ssize_t sel_write_create(struct file *file, char *buf, size_t size); 709 static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size); 710 static ssize_t sel_write_user(struct file *file, char *buf, size_t size); 711 static ssize_t sel_write_member(struct file *file, char *buf, size_t size); 712 713 static ssize_t (*write_op[])(struct file *, char *, size_t) = { 714 [SEL_ACCESS] = sel_write_access, 715 [SEL_CREATE] = sel_write_create, 716 [SEL_RELABEL] = sel_write_relabel, 717 [SEL_USER] = sel_write_user, 718 [SEL_MEMBER] = sel_write_member, 719 [SEL_CONTEXT] = sel_write_context, 720 }; 721 722 static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos) 723 { 724 ino_t ino = file_inode(file)->i_ino; 725 char *data; 726 ssize_t rv; 727 728 if (ino >= ARRAY_SIZE(write_op) || !write_op[ino]) 729 return -EINVAL; 730 731 data = simple_transaction_get(file, buf, size); 732 if (IS_ERR(data)) 733 return PTR_ERR(data); 734 735 rv = write_op[ino](file, data, size); 736 if (rv > 0) { 737 simple_transaction_set(file, rv); 738 rv = size; 739 } 740 return rv; 741 } 742 743 static const struct file_operations transaction_ops = { 744 .write = selinux_transaction_write, 745 .read = simple_transaction_read, 746 .release = simple_transaction_release, 747 .llseek = generic_file_llseek, 748 }; 749 750 /* 751 * payload - write methods 752 * If the method has a response, the response should be put in buf, 753 * and the length returned. Otherwise return 0 or and -error. 754 */ 755 756 static ssize_t sel_write_access(struct file *file, char *buf, size_t size) 757 { 758 char *scon = NULL, *tcon = NULL; 759 u32 ssid, tsid; 760 u16 tclass; 761 struct av_decision avd; 762 ssize_t length; 763 764 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 765 SECCLASS_SECURITY, SECURITY__COMPUTE_AV, NULL); 766 if (length) 767 goto out; 768 769 length = -ENOMEM; 770 scon = kzalloc(size + 1, GFP_KERNEL); 771 if (!scon) 772 goto out; 773 774 length = -ENOMEM; 775 tcon = kzalloc(size + 1, GFP_KERNEL); 776 if (!tcon) 777 goto out; 778 779 length = -EINVAL; 780 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 781 goto out; 782 783 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL); 784 if (length) 785 goto out; 786 787 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL); 788 if (length) 789 goto out; 790 791 security_compute_av_user(ssid, tsid, tclass, &avd); 792 793 length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT, 794 "%x %x %x %x %u %x", 795 avd.allowed, 0xffffffff, 796 avd.auditallow, avd.auditdeny, 797 avd.seqno, avd.flags); 798 out: 799 kfree(tcon); 800 kfree(scon); 801 return length; 802 } 803 804 static ssize_t sel_write_create(struct file *file, char *buf, size_t size) 805 { 806 char *scon = NULL, *tcon = NULL; 807 char *namebuf = NULL, *objname = NULL; 808 u32 ssid, tsid, newsid; 809 u16 tclass; 810 ssize_t length; 811 char *newcon = NULL; 812 u32 len; 813 int nargs; 814 815 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 816 SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, 817 NULL); 818 if (length) 819 goto out; 820 821 length = -ENOMEM; 822 scon = kzalloc(size + 1, GFP_KERNEL); 823 if (!scon) 824 goto out; 825 826 length = -ENOMEM; 827 tcon = kzalloc(size + 1, GFP_KERNEL); 828 if (!tcon) 829 goto out; 830 831 length = -ENOMEM; 832 namebuf = kzalloc(size + 1, GFP_KERNEL); 833 if (!namebuf) 834 goto out; 835 836 length = -EINVAL; 837 nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf); 838 if (nargs < 3 || nargs > 4) 839 goto out; 840 if (nargs == 4) { 841 /* 842 * If and when the name of new object to be queried contains 843 * either whitespace or multibyte characters, they shall be 844 * encoded based on the percentage-encoding rule. 845 * If not encoded, the sscanf logic picks up only left-half 846 * of the supplied name; splitted by a whitespace unexpectedly. 847 */ 848 char *r, *w; 849 int c1, c2; 850 851 r = w = namebuf; 852 do { 853 c1 = *r++; 854 if (c1 == '+') 855 c1 = ' '; 856 else if (c1 == '%') { 857 c1 = hex_to_bin(*r++); 858 if (c1 < 0) 859 goto out; 860 c2 = hex_to_bin(*r++); 861 if (c2 < 0) 862 goto out; 863 c1 = (c1 << 4) | c2; 864 } 865 *w++ = c1; 866 } while (c1 != '\0'); 867 868 objname = namebuf; 869 } 870 871 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL); 872 if (length) 873 goto out; 874 875 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL); 876 if (length) 877 goto out; 878 879 length = security_transition_sid_user(ssid, tsid, tclass, 880 objname, &newsid); 881 if (length) 882 goto out; 883 884 length = security_sid_to_context(newsid, &newcon, &len); 885 if (length) 886 goto out; 887 888 length = -ERANGE; 889 if (len > SIMPLE_TRANSACTION_LIMIT) { 890 printk(KERN_ERR "SELinux: %s: context size (%u) exceeds " 891 "payload max\n", __func__, len); 892 goto out; 893 } 894 895 memcpy(buf, newcon, len); 896 length = len; 897 out: 898 kfree(newcon); 899 kfree(namebuf); 900 kfree(tcon); 901 kfree(scon); 902 return length; 903 } 904 905 static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size) 906 { 907 char *scon = NULL, *tcon = NULL; 908 u32 ssid, tsid, newsid; 909 u16 tclass; 910 ssize_t length; 911 char *newcon = NULL; 912 u32 len; 913 914 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 915 SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, 916 NULL); 917 if (length) 918 goto out; 919 920 length = -ENOMEM; 921 scon = kzalloc(size + 1, GFP_KERNEL); 922 if (!scon) 923 goto out; 924 925 length = -ENOMEM; 926 tcon = kzalloc(size + 1, GFP_KERNEL); 927 if (!tcon) 928 goto out; 929 930 length = -EINVAL; 931 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 932 goto out; 933 934 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL); 935 if (length) 936 goto out; 937 938 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL); 939 if (length) 940 goto out; 941 942 length = security_change_sid(ssid, tsid, tclass, &newsid); 943 if (length) 944 goto out; 945 946 length = security_sid_to_context(newsid, &newcon, &len); 947 if (length) 948 goto out; 949 950 length = -ERANGE; 951 if (len > SIMPLE_TRANSACTION_LIMIT) 952 goto out; 953 954 memcpy(buf, newcon, len); 955 length = len; 956 out: 957 kfree(newcon); 958 kfree(tcon); 959 kfree(scon); 960 return length; 961 } 962 963 static ssize_t sel_write_user(struct file *file, char *buf, size_t size) 964 { 965 char *con = NULL, *user = NULL, *ptr; 966 u32 sid, *sids = NULL; 967 ssize_t length; 968 char *newcon; 969 int i, rc; 970 u32 len, nsids; 971 972 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 973 SECCLASS_SECURITY, SECURITY__COMPUTE_USER, 974 NULL); 975 if (length) 976 goto out; 977 978 length = -ENOMEM; 979 con = kzalloc(size + 1, GFP_KERNEL); 980 if (!con) 981 goto out; 982 983 length = -ENOMEM; 984 user = kzalloc(size + 1, GFP_KERNEL); 985 if (!user) 986 goto out; 987 988 length = -EINVAL; 989 if (sscanf(buf, "%s %s", con, user) != 2) 990 goto out; 991 992 length = security_context_str_to_sid(con, &sid, GFP_KERNEL); 993 if (length) 994 goto out; 995 996 length = security_get_user_sids(sid, user, &sids, &nsids); 997 if (length) 998 goto out; 999 1000 length = sprintf(buf, "%u", nsids) + 1; 1001 ptr = buf + length; 1002 for (i = 0; i < nsids; i++) { 1003 rc = security_sid_to_context(sids[i], &newcon, &len); 1004 if (rc) { 1005 length = rc; 1006 goto out; 1007 } 1008 if ((length + len) >= SIMPLE_TRANSACTION_LIMIT) { 1009 kfree(newcon); 1010 length = -ERANGE; 1011 goto out; 1012 } 1013 memcpy(ptr, newcon, len); 1014 kfree(newcon); 1015 ptr += len; 1016 length += len; 1017 } 1018 out: 1019 kfree(sids); 1020 kfree(user); 1021 kfree(con); 1022 return length; 1023 } 1024 1025 static ssize_t sel_write_member(struct file *file, char *buf, size_t size) 1026 { 1027 char *scon = NULL, *tcon = NULL; 1028 u32 ssid, tsid, newsid; 1029 u16 tclass; 1030 ssize_t length; 1031 char *newcon = NULL; 1032 u32 len; 1033 1034 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1035 SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, 1036 NULL); 1037 if (length) 1038 goto out; 1039 1040 length = -ENOMEM; 1041 scon = kzalloc(size + 1, GFP_KERNEL); 1042 if (!scon) 1043 goto out; 1044 1045 length = -ENOMEM; 1046 tcon = kzalloc(size + 1, GFP_KERNEL); 1047 if (!tcon) 1048 goto out; 1049 1050 length = -EINVAL; 1051 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 1052 goto out; 1053 1054 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL); 1055 if (length) 1056 goto out; 1057 1058 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL); 1059 if (length) 1060 goto out; 1061 1062 length = security_member_sid(ssid, tsid, tclass, &newsid); 1063 if (length) 1064 goto out; 1065 1066 length = security_sid_to_context(newsid, &newcon, &len); 1067 if (length) 1068 goto out; 1069 1070 length = -ERANGE; 1071 if (len > SIMPLE_TRANSACTION_LIMIT) { 1072 printk(KERN_ERR "SELinux: %s: context size (%u) exceeds " 1073 "payload max\n", __func__, len); 1074 goto out; 1075 } 1076 1077 memcpy(buf, newcon, len); 1078 length = len; 1079 out: 1080 kfree(newcon); 1081 kfree(tcon); 1082 kfree(scon); 1083 return length; 1084 } 1085 1086 static struct inode *sel_make_inode(struct super_block *sb, int mode) 1087 { 1088 struct inode *ret = new_inode(sb); 1089 1090 if (ret) { 1091 ret->i_mode = mode; 1092 ret->i_atime = ret->i_mtime = ret->i_ctime = current_time(ret); 1093 } 1094 return ret; 1095 } 1096 1097 static ssize_t sel_read_bool(struct file *filep, char __user *buf, 1098 size_t count, loff_t *ppos) 1099 { 1100 char *page = NULL; 1101 ssize_t length; 1102 ssize_t ret; 1103 int cur_enforcing; 1104 unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; 1105 const char *name = filep->f_path.dentry->d_name.name; 1106 1107 mutex_lock(&sel_mutex); 1108 1109 ret = -EINVAL; 1110 if (index >= bool_num || strcmp(name, bool_pending_names[index])) 1111 goto out; 1112 1113 ret = -ENOMEM; 1114 page = (char *)get_zeroed_page(GFP_KERNEL); 1115 if (!page) 1116 goto out; 1117 1118 cur_enforcing = security_get_bool_value(index); 1119 if (cur_enforcing < 0) { 1120 ret = cur_enforcing; 1121 goto out; 1122 } 1123 length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing, 1124 bool_pending_values[index]); 1125 ret = simple_read_from_buffer(buf, count, ppos, page, length); 1126 out: 1127 mutex_unlock(&sel_mutex); 1128 free_page((unsigned long)page); 1129 return ret; 1130 } 1131 1132 static ssize_t sel_write_bool(struct file *filep, const char __user *buf, 1133 size_t count, loff_t *ppos) 1134 { 1135 char *page = NULL; 1136 ssize_t length; 1137 int new_value; 1138 unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; 1139 const char *name = filep->f_path.dentry->d_name.name; 1140 1141 mutex_lock(&sel_mutex); 1142 1143 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1144 SECCLASS_SECURITY, SECURITY__SETBOOL, 1145 NULL); 1146 if (length) 1147 goto out; 1148 1149 length = -EINVAL; 1150 if (index >= bool_num || strcmp(name, bool_pending_names[index])) 1151 goto out; 1152 1153 length = -ENOMEM; 1154 if (count >= PAGE_SIZE) 1155 goto out; 1156 1157 /* No partial writes. */ 1158 length = -EINVAL; 1159 if (*ppos != 0) 1160 goto out; 1161 1162 page = memdup_user_nul(buf, count); 1163 if (IS_ERR(page)) { 1164 length = PTR_ERR(page); 1165 page = NULL; 1166 goto out; 1167 } 1168 1169 length = -EINVAL; 1170 if (sscanf(page, "%d", &new_value) != 1) 1171 goto out; 1172 1173 if (new_value) 1174 new_value = 1; 1175 1176 bool_pending_values[index] = new_value; 1177 length = count; 1178 1179 out: 1180 mutex_unlock(&sel_mutex); 1181 kfree(page); 1182 return length; 1183 } 1184 1185 static const struct file_operations sel_bool_ops = { 1186 .read = sel_read_bool, 1187 .write = sel_write_bool, 1188 .llseek = generic_file_llseek, 1189 }; 1190 1191 static ssize_t sel_commit_bools_write(struct file *filep, 1192 const char __user *buf, 1193 size_t count, loff_t *ppos) 1194 { 1195 char *page = NULL; 1196 ssize_t length; 1197 int new_value; 1198 1199 mutex_lock(&sel_mutex); 1200 1201 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1202 SECCLASS_SECURITY, SECURITY__SETBOOL, 1203 NULL); 1204 if (length) 1205 goto out; 1206 1207 length = -ENOMEM; 1208 if (count >= PAGE_SIZE) 1209 goto out; 1210 1211 /* No partial writes. */ 1212 length = -EINVAL; 1213 if (*ppos != 0) 1214 goto out; 1215 1216 page = memdup_user_nul(buf, count); 1217 if (IS_ERR(page)) { 1218 length = PTR_ERR(page); 1219 page = NULL; 1220 goto out; 1221 } 1222 1223 length = -EINVAL; 1224 if (sscanf(page, "%d", &new_value) != 1) 1225 goto out; 1226 1227 length = 0; 1228 if (new_value && bool_pending_values) 1229 length = security_set_bools(bool_num, bool_pending_values); 1230 1231 if (!length) 1232 length = count; 1233 1234 out: 1235 mutex_unlock(&sel_mutex); 1236 kfree(page); 1237 return length; 1238 } 1239 1240 static const struct file_operations sel_commit_bools_ops = { 1241 .write = sel_commit_bools_write, 1242 .llseek = generic_file_llseek, 1243 }; 1244 1245 static void sel_remove_entries(struct dentry *de) 1246 { 1247 d_genocide(de); 1248 shrink_dcache_parent(de); 1249 } 1250 1251 #define BOOL_DIR_NAME "booleans" 1252 1253 static int sel_make_bools(void) 1254 { 1255 int i, ret; 1256 ssize_t len; 1257 struct dentry *dentry = NULL; 1258 struct dentry *dir = bool_dir; 1259 struct inode *inode = NULL; 1260 struct inode_security_struct *isec; 1261 char **names = NULL, *page; 1262 int num; 1263 int *values = NULL; 1264 u32 sid; 1265 1266 /* remove any existing files */ 1267 for (i = 0; i < bool_num; i++) 1268 kfree(bool_pending_names[i]); 1269 kfree(bool_pending_names); 1270 kfree(bool_pending_values); 1271 bool_num = 0; 1272 bool_pending_names = NULL; 1273 bool_pending_values = NULL; 1274 1275 sel_remove_entries(dir); 1276 1277 ret = -ENOMEM; 1278 page = (char *)get_zeroed_page(GFP_KERNEL); 1279 if (!page) 1280 goto out; 1281 1282 ret = security_get_bools(&num, &names, &values); 1283 if (ret) 1284 goto out; 1285 1286 for (i = 0; i < num; i++) { 1287 ret = -ENOMEM; 1288 dentry = d_alloc_name(dir, names[i]); 1289 if (!dentry) 1290 goto out; 1291 1292 ret = -ENOMEM; 1293 inode = sel_make_inode(dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR); 1294 if (!inode) 1295 goto out; 1296 1297 ret = -ENAMETOOLONG; 1298 len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]); 1299 if (len >= PAGE_SIZE) 1300 goto out; 1301 1302 isec = (struct inode_security_struct *)inode->i_security; 1303 ret = security_genfs_sid("selinuxfs", page, SECCLASS_FILE, &sid); 1304 if (ret) { 1305 pr_warn_ratelimited("SELinux: no sid found, defaulting to security isid for %s\n", 1306 page); 1307 sid = SECINITSID_SECURITY; 1308 } 1309 1310 isec->sid = sid; 1311 isec->initialized = LABEL_INITIALIZED; 1312 inode->i_fop = &sel_bool_ops; 1313 inode->i_ino = i|SEL_BOOL_INO_OFFSET; 1314 d_add(dentry, inode); 1315 } 1316 bool_num = num; 1317 bool_pending_names = names; 1318 bool_pending_values = values; 1319 1320 free_page((unsigned long)page); 1321 return 0; 1322 out: 1323 free_page((unsigned long)page); 1324 1325 if (names) { 1326 for (i = 0; i < num; i++) 1327 kfree(names[i]); 1328 kfree(names); 1329 } 1330 kfree(values); 1331 sel_remove_entries(dir); 1332 1333 return ret; 1334 } 1335 1336 #define NULL_FILE_NAME "null" 1337 1338 struct path selinux_null; 1339 1340 static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf, 1341 size_t count, loff_t *ppos) 1342 { 1343 char tmpbuf[TMPBUFLEN]; 1344 ssize_t length; 1345 1346 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", avc_cache_threshold); 1347 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 1348 } 1349 1350 static ssize_t sel_write_avc_cache_threshold(struct file *file, 1351 const char __user *buf, 1352 size_t count, loff_t *ppos) 1353 1354 { 1355 char *page; 1356 ssize_t ret; 1357 unsigned int new_value; 1358 1359 ret = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1360 SECCLASS_SECURITY, SECURITY__SETSECPARAM, 1361 NULL); 1362 if (ret) 1363 return ret; 1364 1365 if (count >= PAGE_SIZE) 1366 return -ENOMEM; 1367 1368 /* No partial writes. */ 1369 if (*ppos != 0) 1370 return -EINVAL; 1371 1372 page = memdup_user_nul(buf, count); 1373 if (IS_ERR(page)) 1374 return PTR_ERR(page); 1375 1376 ret = -EINVAL; 1377 if (sscanf(page, "%u", &new_value) != 1) 1378 goto out; 1379 1380 avc_cache_threshold = new_value; 1381 1382 ret = count; 1383 out: 1384 kfree(page); 1385 return ret; 1386 } 1387 1388 static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf, 1389 size_t count, loff_t *ppos) 1390 { 1391 char *page; 1392 ssize_t length; 1393 1394 page = (char *)__get_free_page(GFP_KERNEL); 1395 if (!page) 1396 return -ENOMEM; 1397 1398 length = avc_get_hash_stats(page); 1399 if (length >= 0) 1400 length = simple_read_from_buffer(buf, count, ppos, page, length); 1401 free_page((unsigned long)page); 1402 1403 return length; 1404 } 1405 1406 static const struct file_operations sel_avc_cache_threshold_ops = { 1407 .read = sel_read_avc_cache_threshold, 1408 .write = sel_write_avc_cache_threshold, 1409 .llseek = generic_file_llseek, 1410 }; 1411 1412 static const struct file_operations sel_avc_hash_stats_ops = { 1413 .read = sel_read_avc_hash_stats, 1414 .llseek = generic_file_llseek, 1415 }; 1416 1417 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 1418 static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx) 1419 { 1420 int cpu; 1421 1422 for (cpu = *idx; cpu < nr_cpu_ids; ++cpu) { 1423 if (!cpu_possible(cpu)) 1424 continue; 1425 *idx = cpu + 1; 1426 return &per_cpu(avc_cache_stats, cpu); 1427 } 1428 return NULL; 1429 } 1430 1431 static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos) 1432 { 1433 loff_t n = *pos - 1; 1434 1435 if (*pos == 0) 1436 return SEQ_START_TOKEN; 1437 1438 return sel_avc_get_stat_idx(&n); 1439 } 1440 1441 static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos) 1442 { 1443 return sel_avc_get_stat_idx(pos); 1444 } 1445 1446 static int sel_avc_stats_seq_show(struct seq_file *seq, void *v) 1447 { 1448 struct avc_cache_stats *st = v; 1449 1450 if (v == SEQ_START_TOKEN) { 1451 seq_puts(seq, 1452 "lookups hits misses allocations reclaims frees\n"); 1453 } else { 1454 unsigned int lookups = st->lookups; 1455 unsigned int misses = st->misses; 1456 unsigned int hits = lookups - misses; 1457 seq_printf(seq, "%u %u %u %u %u %u\n", lookups, 1458 hits, misses, st->allocations, 1459 st->reclaims, st->frees); 1460 } 1461 return 0; 1462 } 1463 1464 static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v) 1465 { } 1466 1467 static const struct seq_operations sel_avc_cache_stats_seq_ops = { 1468 .start = sel_avc_stats_seq_start, 1469 .next = sel_avc_stats_seq_next, 1470 .show = sel_avc_stats_seq_show, 1471 .stop = sel_avc_stats_seq_stop, 1472 }; 1473 1474 static int sel_open_avc_cache_stats(struct inode *inode, struct file *file) 1475 { 1476 return seq_open(file, &sel_avc_cache_stats_seq_ops); 1477 } 1478 1479 static const struct file_operations sel_avc_cache_stats_ops = { 1480 .open = sel_open_avc_cache_stats, 1481 .read = seq_read, 1482 .llseek = seq_lseek, 1483 .release = seq_release, 1484 }; 1485 #endif 1486 1487 static int sel_make_avc_files(struct dentry *dir) 1488 { 1489 int i; 1490 static const struct tree_descr files[] = { 1491 { "cache_threshold", 1492 &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR }, 1493 { "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO }, 1494 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 1495 { "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO }, 1496 #endif 1497 }; 1498 1499 for (i = 0; i < ARRAY_SIZE(files); i++) { 1500 struct inode *inode; 1501 struct dentry *dentry; 1502 1503 dentry = d_alloc_name(dir, files[i].name); 1504 if (!dentry) 1505 return -ENOMEM; 1506 1507 inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode); 1508 if (!inode) 1509 return -ENOMEM; 1510 1511 inode->i_fop = files[i].ops; 1512 inode->i_ino = ++sel_last_ino; 1513 d_add(dentry, inode); 1514 } 1515 1516 return 0; 1517 } 1518 1519 static ssize_t sel_read_initcon(struct file *file, char __user *buf, 1520 size_t count, loff_t *ppos) 1521 { 1522 char *con; 1523 u32 sid, len; 1524 ssize_t ret; 1525 1526 sid = file_inode(file)->i_ino&SEL_INO_MASK; 1527 ret = security_sid_to_context(sid, &con, &len); 1528 if (ret) 1529 return ret; 1530 1531 ret = simple_read_from_buffer(buf, count, ppos, con, len); 1532 kfree(con); 1533 return ret; 1534 } 1535 1536 static const struct file_operations sel_initcon_ops = { 1537 .read = sel_read_initcon, 1538 .llseek = generic_file_llseek, 1539 }; 1540 1541 static int sel_make_initcon_files(struct dentry *dir) 1542 { 1543 int i; 1544 1545 for (i = 1; i <= SECINITSID_NUM; i++) { 1546 struct inode *inode; 1547 struct dentry *dentry; 1548 dentry = d_alloc_name(dir, security_get_initial_sid_context(i)); 1549 if (!dentry) 1550 return -ENOMEM; 1551 1552 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1553 if (!inode) 1554 return -ENOMEM; 1555 1556 inode->i_fop = &sel_initcon_ops; 1557 inode->i_ino = i|SEL_INITCON_INO_OFFSET; 1558 d_add(dentry, inode); 1559 } 1560 1561 return 0; 1562 } 1563 1564 static inline unsigned long sel_class_to_ino(u16 class) 1565 { 1566 return (class * (SEL_VEC_MAX + 1)) | SEL_CLASS_INO_OFFSET; 1567 } 1568 1569 static inline u16 sel_ino_to_class(unsigned long ino) 1570 { 1571 return (ino & SEL_INO_MASK) / (SEL_VEC_MAX + 1); 1572 } 1573 1574 static inline unsigned long sel_perm_to_ino(u16 class, u32 perm) 1575 { 1576 return (class * (SEL_VEC_MAX + 1) + perm) | SEL_CLASS_INO_OFFSET; 1577 } 1578 1579 static inline u32 sel_ino_to_perm(unsigned long ino) 1580 { 1581 return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1); 1582 } 1583 1584 static ssize_t sel_read_class(struct file *file, char __user *buf, 1585 size_t count, loff_t *ppos) 1586 { 1587 unsigned long ino = file_inode(file)->i_ino; 1588 char res[TMPBUFLEN]; 1589 ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_class(ino)); 1590 return simple_read_from_buffer(buf, count, ppos, res, len); 1591 } 1592 1593 static const struct file_operations sel_class_ops = { 1594 .read = sel_read_class, 1595 .llseek = generic_file_llseek, 1596 }; 1597 1598 static ssize_t sel_read_perm(struct file *file, char __user *buf, 1599 size_t count, loff_t *ppos) 1600 { 1601 unsigned long ino = file_inode(file)->i_ino; 1602 char res[TMPBUFLEN]; 1603 ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino)); 1604 return simple_read_from_buffer(buf, count, ppos, res, len); 1605 } 1606 1607 static const struct file_operations sel_perm_ops = { 1608 .read = sel_read_perm, 1609 .llseek = generic_file_llseek, 1610 }; 1611 1612 static ssize_t sel_read_policycap(struct file *file, char __user *buf, 1613 size_t count, loff_t *ppos) 1614 { 1615 int value; 1616 char tmpbuf[TMPBUFLEN]; 1617 ssize_t length; 1618 unsigned long i_ino = file_inode(file)->i_ino; 1619 1620 value = security_policycap_supported(i_ino & SEL_INO_MASK); 1621 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value); 1622 1623 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 1624 } 1625 1626 static const struct file_operations sel_policycap_ops = { 1627 .read = sel_read_policycap, 1628 .llseek = generic_file_llseek, 1629 }; 1630 1631 static int sel_make_perm_files(char *objclass, int classvalue, 1632 struct dentry *dir) 1633 { 1634 int i, rc, nperms; 1635 char **perms; 1636 1637 rc = security_get_permissions(objclass, &perms, &nperms); 1638 if (rc) 1639 return rc; 1640 1641 for (i = 0; i < nperms; i++) { 1642 struct inode *inode; 1643 struct dentry *dentry; 1644 1645 rc = -ENOMEM; 1646 dentry = d_alloc_name(dir, perms[i]); 1647 if (!dentry) 1648 goto out; 1649 1650 rc = -ENOMEM; 1651 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1652 if (!inode) 1653 goto out; 1654 1655 inode->i_fop = &sel_perm_ops; 1656 /* i+1 since perm values are 1-indexed */ 1657 inode->i_ino = sel_perm_to_ino(classvalue, i + 1); 1658 d_add(dentry, inode); 1659 } 1660 rc = 0; 1661 out: 1662 for (i = 0; i < nperms; i++) 1663 kfree(perms[i]); 1664 kfree(perms); 1665 return rc; 1666 } 1667 1668 static int sel_make_class_dir_entries(char *classname, int index, 1669 struct dentry *dir) 1670 { 1671 struct dentry *dentry = NULL; 1672 struct inode *inode = NULL; 1673 int rc; 1674 1675 dentry = d_alloc_name(dir, "index"); 1676 if (!dentry) 1677 return -ENOMEM; 1678 1679 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1680 if (!inode) 1681 return -ENOMEM; 1682 1683 inode->i_fop = &sel_class_ops; 1684 inode->i_ino = sel_class_to_ino(index); 1685 d_add(dentry, inode); 1686 1687 dentry = sel_make_dir(dir, "perms", &last_class_ino); 1688 if (IS_ERR(dentry)) 1689 return PTR_ERR(dentry); 1690 1691 rc = sel_make_perm_files(classname, index, dentry); 1692 1693 return rc; 1694 } 1695 1696 static int sel_make_classes(void) 1697 { 1698 int rc, nclasses, i; 1699 char **classes; 1700 1701 /* delete any existing entries */ 1702 sel_remove_entries(class_dir); 1703 1704 rc = security_get_classes(&classes, &nclasses); 1705 if (rc) 1706 return rc; 1707 1708 /* +2 since classes are 1-indexed */ 1709 last_class_ino = sel_class_to_ino(nclasses + 2); 1710 1711 for (i = 0; i < nclasses; i++) { 1712 struct dentry *class_name_dir; 1713 1714 class_name_dir = sel_make_dir(class_dir, classes[i], 1715 &last_class_ino); 1716 if (IS_ERR(class_name_dir)) { 1717 rc = PTR_ERR(class_name_dir); 1718 goto out; 1719 } 1720 1721 /* i+1 since class values are 1-indexed */ 1722 rc = sel_make_class_dir_entries(classes[i], i + 1, 1723 class_name_dir); 1724 if (rc) 1725 goto out; 1726 } 1727 rc = 0; 1728 out: 1729 for (i = 0; i < nclasses; i++) 1730 kfree(classes[i]); 1731 kfree(classes); 1732 return rc; 1733 } 1734 1735 static int sel_make_policycap(void) 1736 { 1737 unsigned int iter; 1738 struct dentry *dentry = NULL; 1739 struct inode *inode = NULL; 1740 1741 sel_remove_entries(policycap_dir); 1742 1743 for (iter = 0; iter <= POLICYDB_CAPABILITY_MAX; iter++) { 1744 if (iter < ARRAY_SIZE(selinux_policycap_names)) 1745 dentry = d_alloc_name(policycap_dir, 1746 selinux_policycap_names[iter]); 1747 else 1748 dentry = d_alloc_name(policycap_dir, "unknown"); 1749 1750 if (dentry == NULL) 1751 return -ENOMEM; 1752 1753 inode = sel_make_inode(policycap_dir->d_sb, S_IFREG | S_IRUGO); 1754 if (inode == NULL) 1755 return -ENOMEM; 1756 1757 inode->i_fop = &sel_policycap_ops; 1758 inode->i_ino = iter | SEL_POLICYCAP_INO_OFFSET; 1759 d_add(dentry, inode); 1760 } 1761 1762 return 0; 1763 } 1764 1765 static struct dentry *sel_make_dir(struct dentry *dir, const char *name, 1766 unsigned long *ino) 1767 { 1768 struct dentry *dentry = d_alloc_name(dir, name); 1769 struct inode *inode; 1770 1771 if (!dentry) 1772 return ERR_PTR(-ENOMEM); 1773 1774 inode = sel_make_inode(dir->d_sb, S_IFDIR | S_IRUGO | S_IXUGO); 1775 if (!inode) { 1776 dput(dentry); 1777 return ERR_PTR(-ENOMEM); 1778 } 1779 1780 inode->i_op = &simple_dir_inode_operations; 1781 inode->i_fop = &simple_dir_operations; 1782 inode->i_ino = ++(*ino); 1783 /* directory inodes start off with i_nlink == 2 (for "." entry) */ 1784 inc_nlink(inode); 1785 d_add(dentry, inode); 1786 /* bump link count on parent directory, too */ 1787 inc_nlink(d_inode(dir)); 1788 1789 return dentry; 1790 } 1791 1792 static int sel_fill_super(struct super_block *sb, void *data, int silent) 1793 { 1794 int ret; 1795 struct dentry *dentry; 1796 struct inode *inode; 1797 struct inode_security_struct *isec; 1798 1799 static const struct tree_descr selinux_files[] = { 1800 [SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR}, 1801 [SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR}, 1802 [SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO}, 1803 [SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO}, 1804 [SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO}, 1805 [SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO}, 1806 [SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO}, 1807 [SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO}, 1808 [SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR}, 1809 [SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO}, 1810 [SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR}, 1811 [SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO}, 1812 [SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR}, 1813 [SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO}, 1814 [SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO}, 1815 [SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO}, 1816 [SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO}, 1817 [SEL_VALIDATE_TRANS] = {"validatetrans", &sel_transition_ops, 1818 S_IWUGO}, 1819 /* last one */ {""} 1820 }; 1821 ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files); 1822 if (ret) 1823 goto err; 1824 1825 bool_dir = sel_make_dir(sb->s_root, BOOL_DIR_NAME, &sel_last_ino); 1826 if (IS_ERR(bool_dir)) { 1827 ret = PTR_ERR(bool_dir); 1828 bool_dir = NULL; 1829 goto err; 1830 } 1831 1832 ret = -ENOMEM; 1833 dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME); 1834 if (!dentry) 1835 goto err; 1836 1837 ret = -ENOMEM; 1838 inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO); 1839 if (!inode) 1840 goto err; 1841 1842 inode->i_ino = ++sel_last_ino; 1843 isec = (struct inode_security_struct *)inode->i_security; 1844 isec->sid = SECINITSID_DEVNULL; 1845 isec->sclass = SECCLASS_CHR_FILE; 1846 isec->initialized = LABEL_INITIALIZED; 1847 1848 init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3)); 1849 d_add(dentry, inode); 1850 selinux_null.dentry = dentry; 1851 1852 dentry = sel_make_dir(sb->s_root, "avc", &sel_last_ino); 1853 if (IS_ERR(dentry)) { 1854 ret = PTR_ERR(dentry); 1855 goto err; 1856 } 1857 1858 ret = sel_make_avc_files(dentry); 1859 if (ret) 1860 goto err; 1861 1862 dentry = sel_make_dir(sb->s_root, "initial_contexts", &sel_last_ino); 1863 if (IS_ERR(dentry)) { 1864 ret = PTR_ERR(dentry); 1865 goto err; 1866 } 1867 1868 ret = sel_make_initcon_files(dentry); 1869 if (ret) 1870 goto err; 1871 1872 class_dir = sel_make_dir(sb->s_root, "class", &sel_last_ino); 1873 if (IS_ERR(class_dir)) { 1874 ret = PTR_ERR(class_dir); 1875 class_dir = NULL; 1876 goto err; 1877 } 1878 1879 policycap_dir = sel_make_dir(sb->s_root, "policy_capabilities", &sel_last_ino); 1880 if (IS_ERR(policycap_dir)) { 1881 ret = PTR_ERR(policycap_dir); 1882 policycap_dir = NULL; 1883 goto err; 1884 } 1885 return 0; 1886 err: 1887 printk(KERN_ERR "SELinux: %s: failed while creating inodes\n", 1888 __func__); 1889 return ret; 1890 } 1891 1892 static struct dentry *sel_mount(struct file_system_type *fs_type, 1893 int flags, const char *dev_name, void *data) 1894 { 1895 return mount_single(fs_type, flags, data, sel_fill_super); 1896 } 1897 1898 static struct file_system_type sel_fs_type = { 1899 .name = "selinuxfs", 1900 .mount = sel_mount, 1901 .kill_sb = kill_litter_super, 1902 }; 1903 1904 struct vfsmount *selinuxfs_mount; 1905 1906 static int __init init_sel_fs(void) 1907 { 1908 int err; 1909 1910 if (!selinux_enabled) 1911 return 0; 1912 1913 err = sysfs_create_mount_point(fs_kobj, "selinux"); 1914 if (err) 1915 return err; 1916 1917 err = register_filesystem(&sel_fs_type); 1918 if (err) { 1919 sysfs_remove_mount_point(fs_kobj, "selinux"); 1920 return err; 1921 } 1922 1923 selinux_null.mnt = selinuxfs_mount = kern_mount(&sel_fs_type); 1924 if (IS_ERR(selinuxfs_mount)) { 1925 printk(KERN_ERR "selinuxfs: could not mount!\n"); 1926 err = PTR_ERR(selinuxfs_mount); 1927 selinuxfs_mount = NULL; 1928 } 1929 1930 return err; 1931 } 1932 1933 __initcall(init_sel_fs); 1934 1935 #ifdef CONFIG_SECURITY_SELINUX_DISABLE 1936 void exit_sel_fs(void) 1937 { 1938 sysfs_remove_mount_point(fs_kobj, "selinux"); 1939 kern_unmount(selinuxfs_mount); 1940 unregister_filesystem(&sel_fs_type); 1941 } 1942 #endif 1943