1 /* Updated: Karl MacMillan <kmacmillan@tresys.com> 2 * 3 * Added conditional policy language extensions 4 * 5 * Updated: Hewlett-Packard <paul.moore@hp.com> 6 * 7 * Added support for the policy capability bitmap 8 * 9 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 10 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 11 * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 12 * This program is free software; you can redistribute it and/or modify 13 * it under the terms of the GNU General Public License as published by 14 * the Free Software Foundation, version 2. 15 */ 16 17 #include <linux/kernel.h> 18 #include <linux/pagemap.h> 19 #include <linux/slab.h> 20 #include <linux/vmalloc.h> 21 #include <linux/fs.h> 22 #include <linux/mutex.h> 23 #include <linux/init.h> 24 #include <linux/string.h> 25 #include <linux/security.h> 26 #include <linux/major.h> 27 #include <linux/seq_file.h> 28 #include <linux/percpu.h> 29 #include <linux/audit.h> 30 #include <asm/uaccess.h> 31 #include <asm/semaphore.h> 32 33 /* selinuxfs pseudo filesystem for exporting the security policy API. 34 Based on the proc code and the fs/nfsd/nfsctl.c code. */ 35 36 #include "flask.h" 37 #include "avc.h" 38 #include "avc_ss.h" 39 #include "security.h" 40 #include "objsec.h" 41 #include "conditional.h" 42 43 /* Policy capability filenames */ 44 static char *policycap_names[] = { 45 "network_peer_controls" 46 }; 47 48 unsigned int selinux_checkreqprot = CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE; 49 50 #ifdef CONFIG_SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT 51 #define SELINUX_COMPAT_NET_VALUE 0 52 #else 53 #define SELINUX_COMPAT_NET_VALUE 1 54 #endif 55 56 int selinux_compat_net = SELINUX_COMPAT_NET_VALUE; 57 58 static int __init checkreqprot_setup(char *str) 59 { 60 selinux_checkreqprot = simple_strtoul(str,NULL,0) ? 1 : 0; 61 return 1; 62 } 63 __setup("checkreqprot=", checkreqprot_setup); 64 65 static int __init selinux_compat_net_setup(char *str) 66 { 67 selinux_compat_net = simple_strtoul(str,NULL,0) ? 1 : 0; 68 return 1; 69 } 70 __setup("selinux_compat_net=", selinux_compat_net_setup); 71 72 73 static DEFINE_MUTEX(sel_mutex); 74 75 /* global data for booleans */ 76 static struct dentry *bool_dir = NULL; 77 static int bool_num = 0; 78 static char **bool_pending_names; 79 static int *bool_pending_values = NULL; 80 81 /* global data for classes */ 82 static struct dentry *class_dir = NULL; 83 static unsigned long last_class_ino; 84 85 /* global data for policy capabilities */ 86 static struct dentry *policycap_dir = NULL; 87 88 extern void selnl_notify_setenforce(int val); 89 90 /* Check whether a task is allowed to use a security operation. */ 91 static int task_has_security(struct task_struct *tsk, 92 u32 perms) 93 { 94 struct task_security_struct *tsec; 95 96 tsec = tsk->security; 97 if (!tsec) 98 return -EACCES; 99 100 return avc_has_perm(tsec->sid, SECINITSID_SECURITY, 101 SECCLASS_SECURITY, perms, NULL); 102 } 103 104 enum sel_inos { 105 SEL_ROOT_INO = 2, 106 SEL_LOAD, /* load policy */ 107 SEL_ENFORCE, /* get or set enforcing status */ 108 SEL_CONTEXT, /* validate context */ 109 SEL_ACCESS, /* compute access decision */ 110 SEL_CREATE, /* compute create labeling decision */ 111 SEL_RELABEL, /* compute relabeling decision */ 112 SEL_USER, /* compute reachable user contexts */ 113 SEL_POLICYVERS, /* return policy version for this kernel */ 114 SEL_COMMIT_BOOLS, /* commit new boolean values */ 115 SEL_MLS, /* return if MLS policy is enabled */ 116 SEL_DISABLE, /* disable SELinux until next reboot */ 117 SEL_MEMBER, /* compute polyinstantiation membership decision */ 118 SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */ 119 SEL_COMPAT_NET, /* whether to use old compat network packet controls */ 120 SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */ 121 SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */ 122 SEL_INO_NEXT, /* The next inode number to use */ 123 }; 124 125 static unsigned long sel_last_ino = SEL_INO_NEXT - 1; 126 127 #define SEL_INITCON_INO_OFFSET 0x01000000 128 #define SEL_BOOL_INO_OFFSET 0x02000000 129 #define SEL_CLASS_INO_OFFSET 0x04000000 130 #define SEL_POLICYCAP_INO_OFFSET 0x08000000 131 #define SEL_INO_MASK 0x00ffffff 132 133 #define TMPBUFLEN 12 134 static ssize_t sel_read_enforce(struct file *filp, char __user *buf, 135 size_t count, loff_t *ppos) 136 { 137 char tmpbuf[TMPBUFLEN]; 138 ssize_t length; 139 140 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", selinux_enforcing); 141 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 142 } 143 144 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP 145 static ssize_t sel_write_enforce(struct file * file, const char __user * buf, 146 size_t count, loff_t *ppos) 147 148 { 149 char *page; 150 ssize_t length; 151 int new_value; 152 153 if (count >= PAGE_SIZE) 154 return -ENOMEM; 155 if (*ppos != 0) { 156 /* No partial writes. */ 157 return -EINVAL; 158 } 159 page = (char*)get_zeroed_page(GFP_KERNEL); 160 if (!page) 161 return -ENOMEM; 162 length = -EFAULT; 163 if (copy_from_user(page, buf, count)) 164 goto out; 165 166 length = -EINVAL; 167 if (sscanf(page, "%d", &new_value) != 1) 168 goto out; 169 170 if (new_value != selinux_enforcing) { 171 length = task_has_security(current, SECURITY__SETENFORCE); 172 if (length) 173 goto out; 174 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, 175 "enforcing=%d old_enforcing=%d auid=%u ses=%u", 176 new_value, selinux_enforcing, 177 audit_get_loginuid(current), 178 audit_get_sessionid(current)); 179 selinux_enforcing = new_value; 180 if (selinux_enforcing) 181 avc_ss_reset(0); 182 selnl_notify_setenforce(selinux_enforcing); 183 } 184 length = count; 185 out: 186 free_page((unsigned long) page); 187 return length; 188 } 189 #else 190 #define sel_write_enforce NULL 191 #endif 192 193 static const struct file_operations sel_enforce_ops = { 194 .read = sel_read_enforce, 195 .write = sel_write_enforce, 196 }; 197 198 static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf, 199 size_t count, loff_t *ppos) 200 { 201 char tmpbuf[TMPBUFLEN]; 202 ssize_t length; 203 ino_t ino = filp->f_path.dentry->d_inode->i_ino; 204 int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ? 205 security_get_reject_unknown() : !security_get_allow_unknown(); 206 207 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown); 208 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 209 } 210 211 static const struct file_operations sel_handle_unknown_ops = { 212 .read = sel_read_handle_unknown, 213 }; 214 215 #ifdef CONFIG_SECURITY_SELINUX_DISABLE 216 static ssize_t sel_write_disable(struct file * file, const char __user * buf, 217 size_t count, loff_t *ppos) 218 219 { 220 char *page; 221 ssize_t length; 222 int new_value; 223 extern int selinux_disable(void); 224 225 if (count >= PAGE_SIZE) 226 return -ENOMEM; 227 if (*ppos != 0) { 228 /* No partial writes. */ 229 return -EINVAL; 230 } 231 page = (char*)get_zeroed_page(GFP_KERNEL); 232 if (!page) 233 return -ENOMEM; 234 length = -EFAULT; 235 if (copy_from_user(page, buf, count)) 236 goto out; 237 238 length = -EINVAL; 239 if (sscanf(page, "%d", &new_value) != 1) 240 goto out; 241 242 if (new_value) { 243 length = selinux_disable(); 244 if (length < 0) 245 goto out; 246 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, 247 "selinux=0 auid=%u ses=%u", 248 audit_get_loginuid(current), 249 audit_get_sessionid(current)); 250 } 251 252 length = count; 253 out: 254 free_page((unsigned long) page); 255 return length; 256 } 257 #else 258 #define sel_write_disable NULL 259 #endif 260 261 static const struct file_operations sel_disable_ops = { 262 .write = sel_write_disable, 263 }; 264 265 static ssize_t sel_read_policyvers(struct file *filp, char __user *buf, 266 size_t count, loff_t *ppos) 267 { 268 char tmpbuf[TMPBUFLEN]; 269 ssize_t length; 270 271 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX); 272 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 273 } 274 275 static const struct file_operations sel_policyvers_ops = { 276 .read = sel_read_policyvers, 277 }; 278 279 /* declaration for sel_write_load */ 280 static int sel_make_bools(void); 281 static int sel_make_classes(void); 282 static int sel_make_policycap(void); 283 284 /* declaration for sel_make_class_dirs */ 285 static int sel_make_dir(struct inode *dir, struct dentry *dentry, 286 unsigned long *ino); 287 288 static ssize_t sel_read_mls(struct file *filp, char __user *buf, 289 size_t count, loff_t *ppos) 290 { 291 char tmpbuf[TMPBUFLEN]; 292 ssize_t length; 293 294 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", selinux_mls_enabled); 295 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 296 } 297 298 static const struct file_operations sel_mls_ops = { 299 .read = sel_read_mls, 300 }; 301 302 static ssize_t sel_write_load(struct file * file, const char __user * buf, 303 size_t count, loff_t *ppos) 304 305 { 306 int ret; 307 ssize_t length; 308 void *data = NULL; 309 310 mutex_lock(&sel_mutex); 311 312 length = task_has_security(current, SECURITY__LOAD_POLICY); 313 if (length) 314 goto out; 315 316 if (*ppos != 0) { 317 /* No partial writes. */ 318 length = -EINVAL; 319 goto out; 320 } 321 322 if ((count > 64 * 1024 * 1024) 323 || (data = vmalloc(count)) == NULL) { 324 length = -ENOMEM; 325 goto out; 326 } 327 328 length = -EFAULT; 329 if (copy_from_user(data, buf, count) != 0) 330 goto out; 331 332 length = security_load_policy(data, count); 333 if (length) 334 goto out; 335 336 ret = sel_make_bools(); 337 if (ret) { 338 length = ret; 339 goto out1; 340 } 341 342 ret = sel_make_classes(); 343 if (ret) { 344 length = ret; 345 goto out1; 346 } 347 348 ret = sel_make_policycap(); 349 if (ret) 350 length = ret; 351 else 352 length = count; 353 354 out1: 355 356 printk(KERN_INFO "SELinux: policy loaded with handle_unknown=%s\n", 357 (security_get_reject_unknown() ? "reject" : 358 (security_get_allow_unknown() ? "allow" : "deny"))); 359 360 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, 361 "policy loaded auid=%u ses=%u", 362 audit_get_loginuid(current), 363 audit_get_sessionid(current)); 364 out: 365 mutex_unlock(&sel_mutex); 366 vfree(data); 367 return length; 368 } 369 370 static const struct file_operations sel_load_ops = { 371 .write = sel_write_load, 372 }; 373 374 static ssize_t sel_write_context(struct file * file, char *buf, size_t size) 375 { 376 char *canon; 377 u32 sid, len; 378 ssize_t length; 379 380 length = task_has_security(current, SECURITY__CHECK_CONTEXT); 381 if (length) 382 return length; 383 384 length = security_context_to_sid(buf, size, &sid); 385 if (length < 0) 386 return length; 387 388 length = security_sid_to_context(sid, &canon, &len); 389 if (length < 0) 390 return length; 391 392 if (len > SIMPLE_TRANSACTION_LIMIT) { 393 printk(KERN_ERR "%s: context size (%u) exceeds payload " 394 "max\n", __FUNCTION__, len); 395 length = -ERANGE; 396 goto out; 397 } 398 399 memcpy(buf, canon, len); 400 length = len; 401 out: 402 kfree(canon); 403 return length; 404 } 405 406 static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf, 407 size_t count, loff_t *ppos) 408 { 409 char tmpbuf[TMPBUFLEN]; 410 ssize_t length; 411 412 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", selinux_checkreqprot); 413 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 414 } 415 416 static ssize_t sel_write_checkreqprot(struct file * file, const char __user * buf, 417 size_t count, loff_t *ppos) 418 { 419 char *page; 420 ssize_t length; 421 unsigned int new_value; 422 423 length = task_has_security(current, SECURITY__SETCHECKREQPROT); 424 if (length) 425 return length; 426 427 if (count >= PAGE_SIZE) 428 return -ENOMEM; 429 if (*ppos != 0) { 430 /* No partial writes. */ 431 return -EINVAL; 432 } 433 page = (char*)get_zeroed_page(GFP_KERNEL); 434 if (!page) 435 return -ENOMEM; 436 length = -EFAULT; 437 if (copy_from_user(page, buf, count)) 438 goto out; 439 440 length = -EINVAL; 441 if (sscanf(page, "%u", &new_value) != 1) 442 goto out; 443 444 selinux_checkreqprot = new_value ? 1 : 0; 445 length = count; 446 out: 447 free_page((unsigned long) page); 448 return length; 449 } 450 static const struct file_operations sel_checkreqprot_ops = { 451 .read = sel_read_checkreqprot, 452 .write = sel_write_checkreqprot, 453 }; 454 455 static ssize_t sel_read_compat_net(struct file *filp, char __user *buf, 456 size_t count, loff_t *ppos) 457 { 458 char tmpbuf[TMPBUFLEN]; 459 ssize_t length; 460 461 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", selinux_compat_net); 462 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 463 } 464 465 static ssize_t sel_write_compat_net(struct file * file, const char __user * buf, 466 size_t count, loff_t *ppos) 467 { 468 char *page; 469 ssize_t length; 470 int new_value; 471 472 length = task_has_security(current, SECURITY__LOAD_POLICY); 473 if (length) 474 return length; 475 476 if (count >= PAGE_SIZE) 477 return -ENOMEM; 478 if (*ppos != 0) { 479 /* No partial writes. */ 480 return -EINVAL; 481 } 482 page = (char*)get_zeroed_page(GFP_KERNEL); 483 if (!page) 484 return -ENOMEM; 485 length = -EFAULT; 486 if (copy_from_user(page, buf, count)) 487 goto out; 488 489 length = -EINVAL; 490 if (sscanf(page, "%d", &new_value) != 1) 491 goto out; 492 493 selinux_compat_net = new_value ? 1 : 0; 494 length = count; 495 out: 496 free_page((unsigned long) page); 497 return length; 498 } 499 static const struct file_operations sel_compat_net_ops = { 500 .read = sel_read_compat_net, 501 .write = sel_write_compat_net, 502 }; 503 504 /* 505 * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c 506 */ 507 static ssize_t sel_write_access(struct file * file, char *buf, size_t size); 508 static ssize_t sel_write_create(struct file * file, char *buf, size_t size); 509 static ssize_t sel_write_relabel(struct file * file, char *buf, size_t size); 510 static ssize_t sel_write_user(struct file * file, char *buf, size_t size); 511 static ssize_t sel_write_member(struct file * file, char *buf, size_t size); 512 513 static ssize_t (*write_op[])(struct file *, char *, size_t) = { 514 [SEL_ACCESS] = sel_write_access, 515 [SEL_CREATE] = sel_write_create, 516 [SEL_RELABEL] = sel_write_relabel, 517 [SEL_USER] = sel_write_user, 518 [SEL_MEMBER] = sel_write_member, 519 [SEL_CONTEXT] = sel_write_context, 520 }; 521 522 static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos) 523 { 524 ino_t ino = file->f_path.dentry->d_inode->i_ino; 525 char *data; 526 ssize_t rv; 527 528 if (ino >= ARRAY_SIZE(write_op) || !write_op[ino]) 529 return -EINVAL; 530 531 data = simple_transaction_get(file, buf, size); 532 if (IS_ERR(data)) 533 return PTR_ERR(data); 534 535 rv = write_op[ino](file, data, size); 536 if (rv>0) { 537 simple_transaction_set(file, rv); 538 rv = size; 539 } 540 return rv; 541 } 542 543 static const struct file_operations transaction_ops = { 544 .write = selinux_transaction_write, 545 .read = simple_transaction_read, 546 .release = simple_transaction_release, 547 }; 548 549 /* 550 * payload - write methods 551 * If the method has a response, the response should be put in buf, 552 * and the length returned. Otherwise return 0 or and -error. 553 */ 554 555 static ssize_t sel_write_access(struct file * file, char *buf, size_t size) 556 { 557 char *scon, *tcon; 558 u32 ssid, tsid; 559 u16 tclass; 560 u32 req; 561 struct av_decision avd; 562 ssize_t length; 563 564 length = task_has_security(current, SECURITY__COMPUTE_AV); 565 if (length) 566 return length; 567 568 length = -ENOMEM; 569 scon = kzalloc(size+1, GFP_KERNEL); 570 if (!scon) 571 return length; 572 573 tcon = kzalloc(size+1, GFP_KERNEL); 574 if (!tcon) 575 goto out; 576 577 length = -EINVAL; 578 if (sscanf(buf, "%s %s %hu %x", scon, tcon, &tclass, &req) != 4) 579 goto out2; 580 581 length = security_context_to_sid(scon, strlen(scon)+1, &ssid); 582 if (length < 0) 583 goto out2; 584 length = security_context_to_sid(tcon, strlen(tcon)+1, &tsid); 585 if (length < 0) 586 goto out2; 587 588 length = security_compute_av(ssid, tsid, tclass, req, &avd); 589 if (length < 0) 590 goto out2; 591 592 length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT, 593 "%x %x %x %x %u", 594 avd.allowed, avd.decided, 595 avd.auditallow, avd.auditdeny, 596 avd.seqno); 597 out2: 598 kfree(tcon); 599 out: 600 kfree(scon); 601 return length; 602 } 603 604 static ssize_t sel_write_create(struct file * file, char *buf, size_t size) 605 { 606 char *scon, *tcon; 607 u32 ssid, tsid, newsid; 608 u16 tclass; 609 ssize_t length; 610 char *newcon; 611 u32 len; 612 613 length = task_has_security(current, SECURITY__COMPUTE_CREATE); 614 if (length) 615 return length; 616 617 length = -ENOMEM; 618 scon = kzalloc(size+1, GFP_KERNEL); 619 if (!scon) 620 return length; 621 622 tcon = kzalloc(size+1, GFP_KERNEL); 623 if (!tcon) 624 goto out; 625 626 length = -EINVAL; 627 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 628 goto out2; 629 630 length = security_context_to_sid(scon, strlen(scon)+1, &ssid); 631 if (length < 0) 632 goto out2; 633 length = security_context_to_sid(tcon, strlen(tcon)+1, &tsid); 634 if (length < 0) 635 goto out2; 636 637 length = security_transition_sid(ssid, tsid, tclass, &newsid); 638 if (length < 0) 639 goto out2; 640 641 length = security_sid_to_context(newsid, &newcon, &len); 642 if (length < 0) 643 goto out2; 644 645 if (len > SIMPLE_TRANSACTION_LIMIT) { 646 printk(KERN_ERR "%s: context size (%u) exceeds payload " 647 "max\n", __FUNCTION__, len); 648 length = -ERANGE; 649 goto out3; 650 } 651 652 memcpy(buf, newcon, len); 653 length = len; 654 out3: 655 kfree(newcon); 656 out2: 657 kfree(tcon); 658 out: 659 kfree(scon); 660 return length; 661 } 662 663 static ssize_t sel_write_relabel(struct file * file, char *buf, size_t size) 664 { 665 char *scon, *tcon; 666 u32 ssid, tsid, newsid; 667 u16 tclass; 668 ssize_t length; 669 char *newcon; 670 u32 len; 671 672 length = task_has_security(current, SECURITY__COMPUTE_RELABEL); 673 if (length) 674 return length; 675 676 length = -ENOMEM; 677 scon = kzalloc(size+1, GFP_KERNEL); 678 if (!scon) 679 return length; 680 681 tcon = kzalloc(size+1, GFP_KERNEL); 682 if (!tcon) 683 goto out; 684 685 length = -EINVAL; 686 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 687 goto out2; 688 689 length = security_context_to_sid(scon, strlen(scon)+1, &ssid); 690 if (length < 0) 691 goto out2; 692 length = security_context_to_sid(tcon, strlen(tcon)+1, &tsid); 693 if (length < 0) 694 goto out2; 695 696 length = security_change_sid(ssid, tsid, tclass, &newsid); 697 if (length < 0) 698 goto out2; 699 700 length = security_sid_to_context(newsid, &newcon, &len); 701 if (length < 0) 702 goto out2; 703 704 if (len > SIMPLE_TRANSACTION_LIMIT) { 705 length = -ERANGE; 706 goto out3; 707 } 708 709 memcpy(buf, newcon, len); 710 length = len; 711 out3: 712 kfree(newcon); 713 out2: 714 kfree(tcon); 715 out: 716 kfree(scon); 717 return length; 718 } 719 720 static ssize_t sel_write_user(struct file * file, char *buf, size_t size) 721 { 722 char *con, *user, *ptr; 723 u32 sid, *sids; 724 ssize_t length; 725 char *newcon; 726 int i, rc; 727 u32 len, nsids; 728 729 length = task_has_security(current, SECURITY__COMPUTE_USER); 730 if (length) 731 return length; 732 733 length = -ENOMEM; 734 con = kzalloc(size+1, GFP_KERNEL); 735 if (!con) 736 return length; 737 738 user = kzalloc(size+1, GFP_KERNEL); 739 if (!user) 740 goto out; 741 742 length = -EINVAL; 743 if (sscanf(buf, "%s %s", con, user) != 2) 744 goto out2; 745 746 length = security_context_to_sid(con, strlen(con)+1, &sid); 747 if (length < 0) 748 goto out2; 749 750 length = security_get_user_sids(sid, user, &sids, &nsids); 751 if (length < 0) 752 goto out2; 753 754 length = sprintf(buf, "%u", nsids) + 1; 755 ptr = buf + length; 756 for (i = 0; i < nsids; i++) { 757 rc = security_sid_to_context(sids[i], &newcon, &len); 758 if (rc) { 759 length = rc; 760 goto out3; 761 } 762 if ((length + len) >= SIMPLE_TRANSACTION_LIMIT) { 763 kfree(newcon); 764 length = -ERANGE; 765 goto out3; 766 } 767 memcpy(ptr, newcon, len); 768 kfree(newcon); 769 ptr += len; 770 length += len; 771 } 772 out3: 773 kfree(sids); 774 out2: 775 kfree(user); 776 out: 777 kfree(con); 778 return length; 779 } 780 781 static ssize_t sel_write_member(struct file * file, char *buf, size_t size) 782 { 783 char *scon, *tcon; 784 u32 ssid, tsid, newsid; 785 u16 tclass; 786 ssize_t length; 787 char *newcon; 788 u32 len; 789 790 length = task_has_security(current, SECURITY__COMPUTE_MEMBER); 791 if (length) 792 return length; 793 794 length = -ENOMEM; 795 scon = kzalloc(size+1, GFP_KERNEL); 796 if (!scon) 797 return length; 798 799 tcon = kzalloc(size+1, GFP_KERNEL); 800 if (!tcon) 801 goto out; 802 803 length = -EINVAL; 804 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 805 goto out2; 806 807 length = security_context_to_sid(scon, strlen(scon)+1, &ssid); 808 if (length < 0) 809 goto out2; 810 length = security_context_to_sid(tcon, strlen(tcon)+1, &tsid); 811 if (length < 0) 812 goto out2; 813 814 length = security_member_sid(ssid, tsid, tclass, &newsid); 815 if (length < 0) 816 goto out2; 817 818 length = security_sid_to_context(newsid, &newcon, &len); 819 if (length < 0) 820 goto out2; 821 822 if (len > SIMPLE_TRANSACTION_LIMIT) { 823 printk(KERN_ERR "%s: context size (%u) exceeds payload " 824 "max\n", __FUNCTION__, len); 825 length = -ERANGE; 826 goto out3; 827 } 828 829 memcpy(buf, newcon, len); 830 length = len; 831 out3: 832 kfree(newcon); 833 out2: 834 kfree(tcon); 835 out: 836 kfree(scon); 837 return length; 838 } 839 840 static struct inode *sel_make_inode(struct super_block *sb, int mode) 841 { 842 struct inode *ret = new_inode(sb); 843 844 if (ret) { 845 ret->i_mode = mode; 846 ret->i_uid = ret->i_gid = 0; 847 ret->i_blocks = 0; 848 ret->i_atime = ret->i_mtime = ret->i_ctime = CURRENT_TIME; 849 } 850 return ret; 851 } 852 853 static ssize_t sel_read_bool(struct file *filep, char __user *buf, 854 size_t count, loff_t *ppos) 855 { 856 char *page = NULL; 857 ssize_t length; 858 ssize_t ret; 859 int cur_enforcing; 860 struct inode *inode = filep->f_path.dentry->d_inode; 861 unsigned index = inode->i_ino & SEL_INO_MASK; 862 const char *name = filep->f_path.dentry->d_name.name; 863 864 mutex_lock(&sel_mutex); 865 866 if (index >= bool_num || strcmp(name, bool_pending_names[index])) { 867 ret = -EINVAL; 868 goto out; 869 } 870 871 if (count > PAGE_SIZE) { 872 ret = -EINVAL; 873 goto out; 874 } 875 if (!(page = (char*)get_zeroed_page(GFP_KERNEL))) { 876 ret = -ENOMEM; 877 goto out; 878 } 879 880 cur_enforcing = security_get_bool_value(index); 881 if (cur_enforcing < 0) { 882 ret = cur_enforcing; 883 goto out; 884 } 885 length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing, 886 bool_pending_values[index]); 887 ret = simple_read_from_buffer(buf, count, ppos, page, length); 888 out: 889 mutex_unlock(&sel_mutex); 890 if (page) 891 free_page((unsigned long)page); 892 return ret; 893 } 894 895 static ssize_t sel_write_bool(struct file *filep, const char __user *buf, 896 size_t count, loff_t *ppos) 897 { 898 char *page = NULL; 899 ssize_t length; 900 int new_value; 901 struct inode *inode = filep->f_path.dentry->d_inode; 902 unsigned index = inode->i_ino & SEL_INO_MASK; 903 const char *name = filep->f_path.dentry->d_name.name; 904 905 mutex_lock(&sel_mutex); 906 907 length = task_has_security(current, SECURITY__SETBOOL); 908 if (length) 909 goto out; 910 911 if (index >= bool_num || strcmp(name, bool_pending_names[index])) { 912 length = -EINVAL; 913 goto out; 914 } 915 916 if (count >= PAGE_SIZE) { 917 length = -ENOMEM; 918 goto out; 919 } 920 921 if (*ppos != 0) { 922 /* No partial writes. */ 923 length = -EINVAL; 924 goto out; 925 } 926 page = (char*)get_zeroed_page(GFP_KERNEL); 927 if (!page) { 928 length = -ENOMEM; 929 goto out; 930 } 931 932 length = -EFAULT; 933 if (copy_from_user(page, buf, count)) 934 goto out; 935 936 length = -EINVAL; 937 if (sscanf(page, "%d", &new_value) != 1) 938 goto out; 939 940 if (new_value) 941 new_value = 1; 942 943 bool_pending_values[index] = new_value; 944 length = count; 945 946 out: 947 mutex_unlock(&sel_mutex); 948 if (page) 949 free_page((unsigned long) page); 950 return length; 951 } 952 953 static const struct file_operations sel_bool_ops = { 954 .read = sel_read_bool, 955 .write = sel_write_bool, 956 }; 957 958 static ssize_t sel_commit_bools_write(struct file *filep, 959 const char __user *buf, 960 size_t count, loff_t *ppos) 961 { 962 char *page = NULL; 963 ssize_t length; 964 int new_value; 965 966 mutex_lock(&sel_mutex); 967 968 length = task_has_security(current, SECURITY__SETBOOL); 969 if (length) 970 goto out; 971 972 if (count >= PAGE_SIZE) { 973 length = -ENOMEM; 974 goto out; 975 } 976 if (*ppos != 0) { 977 /* No partial writes. */ 978 goto out; 979 } 980 page = (char*)get_zeroed_page(GFP_KERNEL); 981 if (!page) { 982 length = -ENOMEM; 983 goto out; 984 } 985 986 length = -EFAULT; 987 if (copy_from_user(page, buf, count)) 988 goto out; 989 990 length = -EINVAL; 991 if (sscanf(page, "%d", &new_value) != 1) 992 goto out; 993 994 if (new_value && bool_pending_values) { 995 security_set_bools(bool_num, bool_pending_values); 996 } 997 998 length = count; 999 1000 out: 1001 mutex_unlock(&sel_mutex); 1002 if (page) 1003 free_page((unsigned long) page); 1004 return length; 1005 } 1006 1007 static const struct file_operations sel_commit_bools_ops = { 1008 .write = sel_commit_bools_write, 1009 }; 1010 1011 static void sel_remove_entries(struct dentry *de) 1012 { 1013 struct list_head *node; 1014 1015 spin_lock(&dcache_lock); 1016 node = de->d_subdirs.next; 1017 while (node != &de->d_subdirs) { 1018 struct dentry *d = list_entry(node, struct dentry, d_u.d_child); 1019 list_del_init(node); 1020 1021 if (d->d_inode) { 1022 d = dget_locked(d); 1023 spin_unlock(&dcache_lock); 1024 d_delete(d); 1025 simple_unlink(de->d_inode, d); 1026 dput(d); 1027 spin_lock(&dcache_lock); 1028 } 1029 node = de->d_subdirs.next; 1030 } 1031 1032 spin_unlock(&dcache_lock); 1033 } 1034 1035 #define BOOL_DIR_NAME "booleans" 1036 1037 static int sel_make_bools(void) 1038 { 1039 int i, ret = 0; 1040 ssize_t len; 1041 struct dentry *dentry = NULL; 1042 struct dentry *dir = bool_dir; 1043 struct inode *inode = NULL; 1044 struct inode_security_struct *isec; 1045 char **names = NULL, *page; 1046 int num; 1047 int *values = NULL; 1048 u32 sid; 1049 1050 /* remove any existing files */ 1051 kfree(bool_pending_names); 1052 kfree(bool_pending_values); 1053 bool_pending_names = NULL; 1054 bool_pending_values = NULL; 1055 1056 sel_remove_entries(dir); 1057 1058 if (!(page = (char*)get_zeroed_page(GFP_KERNEL))) 1059 return -ENOMEM; 1060 1061 ret = security_get_bools(&num, &names, &values); 1062 if (ret != 0) 1063 goto out; 1064 1065 for (i = 0; i < num; i++) { 1066 dentry = d_alloc_name(dir, names[i]); 1067 if (!dentry) { 1068 ret = -ENOMEM; 1069 goto err; 1070 } 1071 inode = sel_make_inode(dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR); 1072 if (!inode) { 1073 ret = -ENOMEM; 1074 goto err; 1075 } 1076 1077 len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]); 1078 if (len < 0) { 1079 ret = -EINVAL; 1080 goto err; 1081 } else if (len >= PAGE_SIZE) { 1082 ret = -ENAMETOOLONG; 1083 goto err; 1084 } 1085 isec = (struct inode_security_struct*)inode->i_security; 1086 if ((ret = security_genfs_sid("selinuxfs", page, SECCLASS_FILE, &sid))) 1087 goto err; 1088 isec->sid = sid; 1089 isec->initialized = 1; 1090 inode->i_fop = &sel_bool_ops; 1091 inode->i_ino = i|SEL_BOOL_INO_OFFSET; 1092 d_add(dentry, inode); 1093 } 1094 bool_num = num; 1095 bool_pending_names = names; 1096 bool_pending_values = values; 1097 out: 1098 free_page((unsigned long)page); 1099 return ret; 1100 err: 1101 if (names) { 1102 for (i = 0; i < num; i++) 1103 kfree(names[i]); 1104 kfree(names); 1105 } 1106 kfree(values); 1107 sel_remove_entries(dir); 1108 ret = -ENOMEM; 1109 goto out; 1110 } 1111 1112 #define NULL_FILE_NAME "null" 1113 1114 struct dentry *selinux_null = NULL; 1115 1116 static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf, 1117 size_t count, loff_t *ppos) 1118 { 1119 char tmpbuf[TMPBUFLEN]; 1120 ssize_t length; 1121 1122 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", avc_cache_threshold); 1123 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 1124 } 1125 1126 static ssize_t sel_write_avc_cache_threshold(struct file * file, 1127 const char __user * buf, 1128 size_t count, loff_t *ppos) 1129 1130 { 1131 char *page; 1132 ssize_t ret; 1133 int new_value; 1134 1135 if (count >= PAGE_SIZE) { 1136 ret = -ENOMEM; 1137 goto out; 1138 } 1139 1140 if (*ppos != 0) { 1141 /* No partial writes. */ 1142 ret = -EINVAL; 1143 goto out; 1144 } 1145 1146 page = (char*)get_zeroed_page(GFP_KERNEL); 1147 if (!page) { 1148 ret = -ENOMEM; 1149 goto out; 1150 } 1151 1152 if (copy_from_user(page, buf, count)) { 1153 ret = -EFAULT; 1154 goto out_free; 1155 } 1156 1157 if (sscanf(page, "%u", &new_value) != 1) { 1158 ret = -EINVAL; 1159 goto out; 1160 } 1161 1162 if (new_value != avc_cache_threshold) { 1163 ret = task_has_security(current, SECURITY__SETSECPARAM); 1164 if (ret) 1165 goto out_free; 1166 avc_cache_threshold = new_value; 1167 } 1168 ret = count; 1169 out_free: 1170 free_page((unsigned long)page); 1171 out: 1172 return ret; 1173 } 1174 1175 static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf, 1176 size_t count, loff_t *ppos) 1177 { 1178 char *page; 1179 ssize_t ret = 0; 1180 1181 page = (char *)__get_free_page(GFP_KERNEL); 1182 if (!page) { 1183 ret = -ENOMEM; 1184 goto out; 1185 } 1186 ret = avc_get_hash_stats(page); 1187 if (ret >= 0) 1188 ret = simple_read_from_buffer(buf, count, ppos, page, ret); 1189 free_page((unsigned long)page); 1190 out: 1191 return ret; 1192 } 1193 1194 static const struct file_operations sel_avc_cache_threshold_ops = { 1195 .read = sel_read_avc_cache_threshold, 1196 .write = sel_write_avc_cache_threshold, 1197 }; 1198 1199 static const struct file_operations sel_avc_hash_stats_ops = { 1200 .read = sel_read_avc_hash_stats, 1201 }; 1202 1203 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 1204 static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx) 1205 { 1206 int cpu; 1207 1208 for (cpu = *idx; cpu < NR_CPUS; ++cpu) { 1209 if (!cpu_possible(cpu)) 1210 continue; 1211 *idx = cpu + 1; 1212 return &per_cpu(avc_cache_stats, cpu); 1213 } 1214 return NULL; 1215 } 1216 1217 static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos) 1218 { 1219 loff_t n = *pos - 1; 1220 1221 if (*pos == 0) 1222 return SEQ_START_TOKEN; 1223 1224 return sel_avc_get_stat_idx(&n); 1225 } 1226 1227 static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos) 1228 { 1229 return sel_avc_get_stat_idx(pos); 1230 } 1231 1232 static int sel_avc_stats_seq_show(struct seq_file *seq, void *v) 1233 { 1234 struct avc_cache_stats *st = v; 1235 1236 if (v == SEQ_START_TOKEN) 1237 seq_printf(seq, "lookups hits misses allocations reclaims " 1238 "frees\n"); 1239 else 1240 seq_printf(seq, "%u %u %u %u %u %u\n", st->lookups, 1241 st->hits, st->misses, st->allocations, 1242 st->reclaims, st->frees); 1243 return 0; 1244 } 1245 1246 static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v) 1247 { } 1248 1249 static const struct seq_operations sel_avc_cache_stats_seq_ops = { 1250 .start = sel_avc_stats_seq_start, 1251 .next = sel_avc_stats_seq_next, 1252 .show = sel_avc_stats_seq_show, 1253 .stop = sel_avc_stats_seq_stop, 1254 }; 1255 1256 static int sel_open_avc_cache_stats(struct inode *inode, struct file *file) 1257 { 1258 return seq_open(file, &sel_avc_cache_stats_seq_ops); 1259 } 1260 1261 static const struct file_operations sel_avc_cache_stats_ops = { 1262 .open = sel_open_avc_cache_stats, 1263 .read = seq_read, 1264 .llseek = seq_lseek, 1265 .release = seq_release, 1266 }; 1267 #endif 1268 1269 static int sel_make_avc_files(struct dentry *dir) 1270 { 1271 int i, ret = 0; 1272 static struct tree_descr files[] = { 1273 { "cache_threshold", 1274 &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR }, 1275 { "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO }, 1276 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 1277 { "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO }, 1278 #endif 1279 }; 1280 1281 for (i = 0; i < ARRAY_SIZE(files); i++) { 1282 struct inode *inode; 1283 struct dentry *dentry; 1284 1285 dentry = d_alloc_name(dir, files[i].name); 1286 if (!dentry) { 1287 ret = -ENOMEM; 1288 goto out; 1289 } 1290 1291 inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode); 1292 if (!inode) { 1293 ret = -ENOMEM; 1294 goto out; 1295 } 1296 inode->i_fop = files[i].ops; 1297 inode->i_ino = ++sel_last_ino; 1298 d_add(dentry, inode); 1299 } 1300 out: 1301 return ret; 1302 } 1303 1304 static ssize_t sel_read_initcon(struct file * file, char __user *buf, 1305 size_t count, loff_t *ppos) 1306 { 1307 struct inode *inode; 1308 char *con; 1309 u32 sid, len; 1310 ssize_t ret; 1311 1312 inode = file->f_path.dentry->d_inode; 1313 sid = inode->i_ino&SEL_INO_MASK; 1314 ret = security_sid_to_context(sid, &con, &len); 1315 if (ret < 0) 1316 return ret; 1317 1318 ret = simple_read_from_buffer(buf, count, ppos, con, len); 1319 kfree(con); 1320 return ret; 1321 } 1322 1323 static const struct file_operations sel_initcon_ops = { 1324 .read = sel_read_initcon, 1325 }; 1326 1327 static int sel_make_initcon_files(struct dentry *dir) 1328 { 1329 int i, ret = 0; 1330 1331 for (i = 1; i <= SECINITSID_NUM; i++) { 1332 struct inode *inode; 1333 struct dentry *dentry; 1334 dentry = d_alloc_name(dir, security_get_initial_sid_context(i)); 1335 if (!dentry) { 1336 ret = -ENOMEM; 1337 goto out; 1338 } 1339 1340 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1341 if (!inode) { 1342 ret = -ENOMEM; 1343 goto out; 1344 } 1345 inode->i_fop = &sel_initcon_ops; 1346 inode->i_ino = i|SEL_INITCON_INO_OFFSET; 1347 d_add(dentry, inode); 1348 } 1349 out: 1350 return ret; 1351 } 1352 1353 static inline unsigned int sel_div(unsigned long a, unsigned long b) 1354 { 1355 return a / b - (a % b < 0); 1356 } 1357 1358 static inline unsigned long sel_class_to_ino(u16 class) 1359 { 1360 return (class * (SEL_VEC_MAX + 1)) | SEL_CLASS_INO_OFFSET; 1361 } 1362 1363 static inline u16 sel_ino_to_class(unsigned long ino) 1364 { 1365 return sel_div(ino & SEL_INO_MASK, SEL_VEC_MAX + 1); 1366 } 1367 1368 static inline unsigned long sel_perm_to_ino(u16 class, u32 perm) 1369 { 1370 return (class * (SEL_VEC_MAX + 1) + perm) | SEL_CLASS_INO_OFFSET; 1371 } 1372 1373 static inline u32 sel_ino_to_perm(unsigned long ino) 1374 { 1375 return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1); 1376 } 1377 1378 static ssize_t sel_read_class(struct file * file, char __user *buf, 1379 size_t count, loff_t *ppos) 1380 { 1381 ssize_t rc, len; 1382 char *page; 1383 unsigned long ino = file->f_path.dentry->d_inode->i_ino; 1384 1385 page = (char *)__get_free_page(GFP_KERNEL); 1386 if (!page) { 1387 rc = -ENOMEM; 1388 goto out; 1389 } 1390 1391 len = snprintf(page, PAGE_SIZE, "%d", sel_ino_to_class(ino)); 1392 rc = simple_read_from_buffer(buf, count, ppos, page, len); 1393 free_page((unsigned long)page); 1394 out: 1395 return rc; 1396 } 1397 1398 static const struct file_operations sel_class_ops = { 1399 .read = sel_read_class, 1400 }; 1401 1402 static ssize_t sel_read_perm(struct file * file, char __user *buf, 1403 size_t count, loff_t *ppos) 1404 { 1405 ssize_t rc, len; 1406 char *page; 1407 unsigned long ino = file->f_path.dentry->d_inode->i_ino; 1408 1409 page = (char *)__get_free_page(GFP_KERNEL); 1410 if (!page) { 1411 rc = -ENOMEM; 1412 goto out; 1413 } 1414 1415 len = snprintf(page, PAGE_SIZE,"%d", sel_ino_to_perm(ino)); 1416 rc = simple_read_from_buffer(buf, count, ppos, page, len); 1417 free_page((unsigned long)page); 1418 out: 1419 return rc; 1420 } 1421 1422 static const struct file_operations sel_perm_ops = { 1423 .read = sel_read_perm, 1424 }; 1425 1426 static ssize_t sel_read_policycap(struct file *file, char __user *buf, 1427 size_t count, loff_t *ppos) 1428 { 1429 int value; 1430 char tmpbuf[TMPBUFLEN]; 1431 ssize_t length; 1432 unsigned long i_ino = file->f_path.dentry->d_inode->i_ino; 1433 1434 value = security_policycap_supported(i_ino & SEL_INO_MASK); 1435 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value); 1436 1437 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 1438 } 1439 1440 static const struct file_operations sel_policycap_ops = { 1441 .read = sel_read_policycap, 1442 }; 1443 1444 static int sel_make_perm_files(char *objclass, int classvalue, 1445 struct dentry *dir) 1446 { 1447 int i, rc = 0, nperms; 1448 char **perms; 1449 1450 rc = security_get_permissions(objclass, &perms, &nperms); 1451 if (rc) 1452 goto out; 1453 1454 for (i = 0; i < nperms; i++) { 1455 struct inode *inode; 1456 struct dentry *dentry; 1457 1458 dentry = d_alloc_name(dir, perms[i]); 1459 if (!dentry) { 1460 rc = -ENOMEM; 1461 goto out1; 1462 } 1463 1464 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1465 if (!inode) { 1466 rc = -ENOMEM; 1467 goto out1; 1468 } 1469 inode->i_fop = &sel_perm_ops; 1470 /* i+1 since perm values are 1-indexed */ 1471 inode->i_ino = sel_perm_to_ino(classvalue, i+1); 1472 d_add(dentry, inode); 1473 } 1474 1475 out1: 1476 for (i = 0; i < nperms; i++) 1477 kfree(perms[i]); 1478 kfree(perms); 1479 out: 1480 return rc; 1481 } 1482 1483 static int sel_make_class_dir_entries(char *classname, int index, 1484 struct dentry *dir) 1485 { 1486 struct dentry *dentry = NULL; 1487 struct inode *inode = NULL; 1488 int rc; 1489 1490 dentry = d_alloc_name(dir, "index"); 1491 if (!dentry) { 1492 rc = -ENOMEM; 1493 goto out; 1494 } 1495 1496 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1497 if (!inode) { 1498 rc = -ENOMEM; 1499 goto out; 1500 } 1501 1502 inode->i_fop = &sel_class_ops; 1503 inode->i_ino = sel_class_to_ino(index); 1504 d_add(dentry, inode); 1505 1506 dentry = d_alloc_name(dir, "perms"); 1507 if (!dentry) { 1508 rc = -ENOMEM; 1509 goto out; 1510 } 1511 1512 rc = sel_make_dir(dir->d_inode, dentry, &last_class_ino); 1513 if (rc) 1514 goto out; 1515 1516 rc = sel_make_perm_files(classname, index, dentry); 1517 1518 out: 1519 return rc; 1520 } 1521 1522 static void sel_remove_classes(void) 1523 { 1524 struct list_head *class_node; 1525 1526 list_for_each(class_node, &class_dir->d_subdirs) { 1527 struct dentry *class_subdir = list_entry(class_node, 1528 struct dentry, d_u.d_child); 1529 struct list_head *class_subdir_node; 1530 1531 list_for_each(class_subdir_node, &class_subdir->d_subdirs) { 1532 struct dentry *d = list_entry(class_subdir_node, 1533 struct dentry, d_u.d_child); 1534 1535 if (d->d_inode) 1536 if (d->d_inode->i_mode & S_IFDIR) 1537 sel_remove_entries(d); 1538 } 1539 1540 sel_remove_entries(class_subdir); 1541 } 1542 1543 sel_remove_entries(class_dir); 1544 } 1545 1546 static int sel_make_classes(void) 1547 { 1548 int rc = 0, nclasses, i; 1549 char **classes; 1550 1551 /* delete any existing entries */ 1552 sel_remove_classes(); 1553 1554 rc = security_get_classes(&classes, &nclasses); 1555 if (rc < 0) 1556 goto out; 1557 1558 /* +2 since classes are 1-indexed */ 1559 last_class_ino = sel_class_to_ino(nclasses+2); 1560 1561 for (i = 0; i < nclasses; i++) { 1562 struct dentry *class_name_dir; 1563 1564 class_name_dir = d_alloc_name(class_dir, classes[i]); 1565 if (!class_name_dir) { 1566 rc = -ENOMEM; 1567 goto out1; 1568 } 1569 1570 rc = sel_make_dir(class_dir->d_inode, class_name_dir, 1571 &last_class_ino); 1572 if (rc) 1573 goto out1; 1574 1575 /* i+1 since class values are 1-indexed */ 1576 rc = sel_make_class_dir_entries(classes[i], i+1, 1577 class_name_dir); 1578 if (rc) 1579 goto out1; 1580 } 1581 1582 out1: 1583 for (i = 0; i < nclasses; i++) 1584 kfree(classes[i]); 1585 kfree(classes); 1586 out: 1587 return rc; 1588 } 1589 1590 static int sel_make_policycap(void) 1591 { 1592 unsigned int iter; 1593 struct dentry *dentry = NULL; 1594 struct inode *inode = NULL; 1595 1596 sel_remove_entries(policycap_dir); 1597 1598 for (iter = 0; iter <= POLICYDB_CAPABILITY_MAX; iter++) { 1599 if (iter < ARRAY_SIZE(policycap_names)) 1600 dentry = d_alloc_name(policycap_dir, 1601 policycap_names[iter]); 1602 else 1603 dentry = d_alloc_name(policycap_dir, "unknown"); 1604 1605 if (dentry == NULL) 1606 return -ENOMEM; 1607 1608 inode = sel_make_inode(policycap_dir->d_sb, S_IFREG | S_IRUGO); 1609 if (inode == NULL) 1610 return -ENOMEM; 1611 1612 inode->i_fop = &sel_policycap_ops; 1613 inode->i_ino = iter | SEL_POLICYCAP_INO_OFFSET; 1614 d_add(dentry, inode); 1615 } 1616 1617 return 0; 1618 } 1619 1620 static int sel_make_dir(struct inode *dir, struct dentry *dentry, 1621 unsigned long *ino) 1622 { 1623 int ret = 0; 1624 struct inode *inode; 1625 1626 inode = sel_make_inode(dir->i_sb, S_IFDIR | S_IRUGO | S_IXUGO); 1627 if (!inode) { 1628 ret = -ENOMEM; 1629 goto out; 1630 } 1631 inode->i_op = &simple_dir_inode_operations; 1632 inode->i_fop = &simple_dir_operations; 1633 inode->i_ino = ++(*ino); 1634 /* directory inodes start off with i_nlink == 2 (for "." entry) */ 1635 inc_nlink(inode); 1636 d_add(dentry, inode); 1637 /* bump link count on parent directory, too */ 1638 inc_nlink(dir); 1639 out: 1640 return ret; 1641 } 1642 1643 static int sel_fill_super(struct super_block * sb, void * data, int silent) 1644 { 1645 int ret; 1646 struct dentry *dentry; 1647 struct inode *inode, *root_inode; 1648 struct inode_security_struct *isec; 1649 1650 static struct tree_descr selinux_files[] = { 1651 [SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR}, 1652 [SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR}, 1653 [SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO}, 1654 [SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO}, 1655 [SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO}, 1656 [SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO}, 1657 [SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO}, 1658 [SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO}, 1659 [SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR}, 1660 [SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO}, 1661 [SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR}, 1662 [SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO}, 1663 [SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR}, 1664 [SEL_COMPAT_NET] = {"compat_net", &sel_compat_net_ops, S_IRUGO|S_IWUSR}, 1665 [SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO}, 1666 [SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO}, 1667 /* last one */ {""} 1668 }; 1669 ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files); 1670 if (ret) 1671 goto err; 1672 1673 root_inode = sb->s_root->d_inode; 1674 1675 dentry = d_alloc_name(sb->s_root, BOOL_DIR_NAME); 1676 if (!dentry) { 1677 ret = -ENOMEM; 1678 goto err; 1679 } 1680 1681 ret = sel_make_dir(root_inode, dentry, &sel_last_ino); 1682 if (ret) 1683 goto err; 1684 1685 bool_dir = dentry; 1686 1687 dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME); 1688 if (!dentry) { 1689 ret = -ENOMEM; 1690 goto err; 1691 } 1692 1693 inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO); 1694 if (!inode) { 1695 ret = -ENOMEM; 1696 goto err; 1697 } 1698 inode->i_ino = ++sel_last_ino; 1699 isec = (struct inode_security_struct*)inode->i_security; 1700 isec->sid = SECINITSID_DEVNULL; 1701 isec->sclass = SECCLASS_CHR_FILE; 1702 isec->initialized = 1; 1703 1704 init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3)); 1705 d_add(dentry, inode); 1706 selinux_null = dentry; 1707 1708 dentry = d_alloc_name(sb->s_root, "avc"); 1709 if (!dentry) { 1710 ret = -ENOMEM; 1711 goto err; 1712 } 1713 1714 ret = sel_make_dir(root_inode, dentry, &sel_last_ino); 1715 if (ret) 1716 goto err; 1717 1718 ret = sel_make_avc_files(dentry); 1719 if (ret) 1720 goto err; 1721 1722 dentry = d_alloc_name(sb->s_root, "initial_contexts"); 1723 if (!dentry) { 1724 ret = -ENOMEM; 1725 goto err; 1726 } 1727 1728 ret = sel_make_dir(root_inode, dentry, &sel_last_ino); 1729 if (ret) 1730 goto err; 1731 1732 ret = sel_make_initcon_files(dentry); 1733 if (ret) 1734 goto err; 1735 1736 dentry = d_alloc_name(sb->s_root, "class"); 1737 if (!dentry) { 1738 ret = -ENOMEM; 1739 goto err; 1740 } 1741 1742 ret = sel_make_dir(root_inode, dentry, &sel_last_ino); 1743 if (ret) 1744 goto err; 1745 1746 class_dir = dentry; 1747 1748 dentry = d_alloc_name(sb->s_root, "policy_capabilities"); 1749 if (!dentry) { 1750 ret = -ENOMEM; 1751 goto err; 1752 } 1753 1754 ret = sel_make_dir(root_inode, dentry, &sel_last_ino); 1755 if (ret) 1756 goto err; 1757 1758 policycap_dir = dentry; 1759 1760 out: 1761 return ret; 1762 err: 1763 printk(KERN_ERR "%s: failed while creating inodes\n", __FUNCTION__); 1764 goto out; 1765 } 1766 1767 static int sel_get_sb(struct file_system_type *fs_type, 1768 int flags, const char *dev_name, void *data, 1769 struct vfsmount *mnt) 1770 { 1771 return get_sb_single(fs_type, flags, data, sel_fill_super, mnt); 1772 } 1773 1774 static struct file_system_type sel_fs_type = { 1775 .name = "selinuxfs", 1776 .get_sb = sel_get_sb, 1777 .kill_sb = kill_litter_super, 1778 }; 1779 1780 struct vfsmount *selinuxfs_mount; 1781 1782 static int __init init_sel_fs(void) 1783 { 1784 int err; 1785 1786 if (!selinux_enabled) 1787 return 0; 1788 err = register_filesystem(&sel_fs_type); 1789 if (!err) { 1790 selinuxfs_mount = kern_mount(&sel_fs_type); 1791 if (IS_ERR(selinuxfs_mount)) { 1792 printk(KERN_ERR "selinuxfs: could not mount!\n"); 1793 err = PTR_ERR(selinuxfs_mount); 1794 selinuxfs_mount = NULL; 1795 } 1796 } 1797 return err; 1798 } 1799 1800 __initcall(init_sel_fs); 1801 1802 #ifdef CONFIG_SECURITY_SELINUX_DISABLE 1803 void exit_sel_fs(void) 1804 { 1805 unregister_filesystem(&sel_fs_type); 1806 } 1807 #endif 1808