1 /* Updated: Karl MacMillan <kmacmillan@tresys.com> 2 * 3 * Added conditional policy language extensions 4 * 5 * Updated: Hewlett-Packard <paul.moore@hp.com> 6 * 7 * Added support for the policy capability bitmap 8 * 9 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 10 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 11 * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 12 * This program is free software; you can redistribute it and/or modify 13 * it under the terms of the GNU General Public License as published by 14 * the Free Software Foundation, version 2. 15 */ 16 17 #include <linux/kernel.h> 18 #include <linux/pagemap.h> 19 #include <linux/slab.h> 20 #include <linux/vmalloc.h> 21 #include <linux/fs.h> 22 #include <linux/mutex.h> 23 #include <linux/init.h> 24 #include <linux/string.h> 25 #include <linux/security.h> 26 #include <linux/major.h> 27 #include <linux/seq_file.h> 28 #include <linux/percpu.h> 29 #include <linux/audit.h> 30 #include <linux/uaccess.h> 31 32 /* selinuxfs pseudo filesystem for exporting the security policy API. 33 Based on the proc code and the fs/nfsd/nfsctl.c code. */ 34 35 #include "flask.h" 36 #include "avc.h" 37 #include "avc_ss.h" 38 #include "security.h" 39 #include "objsec.h" 40 #include "conditional.h" 41 42 /* Policy capability filenames */ 43 static char *policycap_names[] = { 44 "network_peer_controls", 45 "open_perms" 46 }; 47 48 unsigned int selinux_checkreqprot = CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE; 49 50 static int __init checkreqprot_setup(char *str) 51 { 52 unsigned long checkreqprot; 53 if (!strict_strtoul(str, 0, &checkreqprot)) 54 selinux_checkreqprot = checkreqprot ? 1 : 0; 55 return 1; 56 } 57 __setup("checkreqprot=", checkreqprot_setup); 58 59 static DEFINE_MUTEX(sel_mutex); 60 61 /* global data for booleans */ 62 static struct dentry *bool_dir; 63 static int bool_num; 64 static char **bool_pending_names; 65 static int *bool_pending_values; 66 67 /* global data for classes */ 68 static struct dentry *class_dir; 69 static unsigned long last_class_ino; 70 71 static char policy_opened; 72 73 /* global data for policy capabilities */ 74 static struct dentry *policycap_dir; 75 76 extern void selnl_notify_setenforce(int val); 77 78 /* Check whether a task is allowed to use a security operation. */ 79 static int task_has_security(struct task_struct *tsk, 80 u32 perms) 81 { 82 const struct task_security_struct *tsec; 83 u32 sid = 0; 84 85 rcu_read_lock(); 86 tsec = __task_cred(tsk)->security; 87 if (tsec) 88 sid = tsec->sid; 89 rcu_read_unlock(); 90 if (!tsec) 91 return -EACCES; 92 93 return avc_has_perm(sid, SECINITSID_SECURITY, 94 SECCLASS_SECURITY, perms, NULL); 95 } 96 97 enum sel_inos { 98 SEL_ROOT_INO = 2, 99 SEL_LOAD, /* load policy */ 100 SEL_ENFORCE, /* get or set enforcing status */ 101 SEL_CONTEXT, /* validate context */ 102 SEL_ACCESS, /* compute access decision */ 103 SEL_CREATE, /* compute create labeling decision */ 104 SEL_RELABEL, /* compute relabeling decision */ 105 SEL_USER, /* compute reachable user contexts */ 106 SEL_POLICYVERS, /* return policy version for this kernel */ 107 SEL_COMMIT_BOOLS, /* commit new boolean values */ 108 SEL_MLS, /* return if MLS policy is enabled */ 109 SEL_DISABLE, /* disable SELinux until next reboot */ 110 SEL_MEMBER, /* compute polyinstantiation membership decision */ 111 SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */ 112 SEL_COMPAT_NET, /* whether to use old compat network packet controls */ 113 SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */ 114 SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */ 115 SEL_STATUS, /* export current status using mmap() */ 116 SEL_POLICY, /* allow userspace to read the in kernel policy */ 117 SEL_INO_NEXT, /* The next inode number to use */ 118 }; 119 120 static unsigned long sel_last_ino = SEL_INO_NEXT - 1; 121 122 #define SEL_INITCON_INO_OFFSET 0x01000000 123 #define SEL_BOOL_INO_OFFSET 0x02000000 124 #define SEL_CLASS_INO_OFFSET 0x04000000 125 #define SEL_POLICYCAP_INO_OFFSET 0x08000000 126 #define SEL_INO_MASK 0x00ffffff 127 128 #define TMPBUFLEN 12 129 static ssize_t sel_read_enforce(struct file *filp, char __user *buf, 130 size_t count, loff_t *ppos) 131 { 132 char tmpbuf[TMPBUFLEN]; 133 ssize_t length; 134 135 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", selinux_enforcing); 136 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 137 } 138 139 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP 140 static ssize_t sel_write_enforce(struct file *file, const char __user *buf, 141 size_t count, loff_t *ppos) 142 143 { 144 char *page; 145 ssize_t length; 146 int new_value; 147 148 if (count >= PAGE_SIZE) 149 return -ENOMEM; 150 if (*ppos != 0) { 151 /* No partial writes. */ 152 return -EINVAL; 153 } 154 page = (char *)get_zeroed_page(GFP_KERNEL); 155 if (!page) 156 return -ENOMEM; 157 length = -EFAULT; 158 if (copy_from_user(page, buf, count)) 159 goto out; 160 161 length = -EINVAL; 162 if (sscanf(page, "%d", &new_value) != 1) 163 goto out; 164 165 if (new_value != selinux_enforcing) { 166 length = task_has_security(current, SECURITY__SETENFORCE); 167 if (length) 168 goto out; 169 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, 170 "enforcing=%d old_enforcing=%d auid=%u ses=%u", 171 new_value, selinux_enforcing, 172 audit_get_loginuid(current), 173 audit_get_sessionid(current)); 174 selinux_enforcing = new_value; 175 if (selinux_enforcing) 176 avc_ss_reset(0); 177 selnl_notify_setenforce(selinux_enforcing); 178 selinux_status_update_setenforce(selinux_enforcing); 179 } 180 length = count; 181 out: 182 free_page((unsigned long) page); 183 return length; 184 } 185 #else 186 #define sel_write_enforce NULL 187 #endif 188 189 static const struct file_operations sel_enforce_ops = { 190 .read = sel_read_enforce, 191 .write = sel_write_enforce, 192 .llseek = generic_file_llseek, 193 }; 194 195 static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf, 196 size_t count, loff_t *ppos) 197 { 198 char tmpbuf[TMPBUFLEN]; 199 ssize_t length; 200 ino_t ino = filp->f_path.dentry->d_inode->i_ino; 201 int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ? 202 security_get_reject_unknown() : !security_get_allow_unknown(); 203 204 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown); 205 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 206 } 207 208 static const struct file_operations sel_handle_unknown_ops = { 209 .read = sel_read_handle_unknown, 210 .llseek = generic_file_llseek, 211 }; 212 213 static int sel_open_handle_status(struct inode *inode, struct file *filp) 214 { 215 struct page *status = selinux_kernel_status_page(); 216 217 if (!status) 218 return -ENOMEM; 219 220 filp->private_data = status; 221 222 return 0; 223 } 224 225 static ssize_t sel_read_handle_status(struct file *filp, char __user *buf, 226 size_t count, loff_t *ppos) 227 { 228 struct page *status = filp->private_data; 229 230 BUG_ON(!status); 231 232 return simple_read_from_buffer(buf, count, ppos, 233 page_address(status), 234 sizeof(struct selinux_kernel_status)); 235 } 236 237 static int sel_mmap_handle_status(struct file *filp, 238 struct vm_area_struct *vma) 239 { 240 struct page *status = filp->private_data; 241 unsigned long size = vma->vm_end - vma->vm_start; 242 243 BUG_ON(!status); 244 245 /* only allows one page from the head */ 246 if (vma->vm_pgoff > 0 || size != PAGE_SIZE) 247 return -EIO; 248 /* disallow writable mapping */ 249 if (vma->vm_flags & VM_WRITE) 250 return -EPERM; 251 /* disallow mprotect() turns it into writable */ 252 vma->vm_flags &= ~VM_MAYWRITE; 253 254 return remap_pfn_range(vma, vma->vm_start, 255 page_to_pfn(status), 256 size, vma->vm_page_prot); 257 } 258 259 static const struct file_operations sel_handle_status_ops = { 260 .open = sel_open_handle_status, 261 .read = sel_read_handle_status, 262 .mmap = sel_mmap_handle_status, 263 .llseek = generic_file_llseek, 264 }; 265 266 #ifdef CONFIG_SECURITY_SELINUX_DISABLE 267 static ssize_t sel_write_disable(struct file *file, const char __user *buf, 268 size_t count, loff_t *ppos) 269 270 { 271 char *page; 272 ssize_t length; 273 int new_value; 274 extern int selinux_disable(void); 275 276 if (count >= PAGE_SIZE) 277 return -ENOMEM; 278 if (*ppos != 0) { 279 /* No partial writes. */ 280 return -EINVAL; 281 } 282 page = (char *)get_zeroed_page(GFP_KERNEL); 283 if (!page) 284 return -ENOMEM; 285 length = -EFAULT; 286 if (copy_from_user(page, buf, count)) 287 goto out; 288 289 length = -EINVAL; 290 if (sscanf(page, "%d", &new_value) != 1) 291 goto out; 292 293 if (new_value) { 294 length = selinux_disable(); 295 if (length < 0) 296 goto out; 297 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, 298 "selinux=0 auid=%u ses=%u", 299 audit_get_loginuid(current), 300 audit_get_sessionid(current)); 301 } 302 303 length = count; 304 out: 305 free_page((unsigned long) page); 306 return length; 307 } 308 #else 309 #define sel_write_disable NULL 310 #endif 311 312 static const struct file_operations sel_disable_ops = { 313 .write = sel_write_disable, 314 .llseek = generic_file_llseek, 315 }; 316 317 static ssize_t sel_read_policyvers(struct file *filp, char __user *buf, 318 size_t count, loff_t *ppos) 319 { 320 char tmpbuf[TMPBUFLEN]; 321 ssize_t length; 322 323 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX); 324 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 325 } 326 327 static const struct file_operations sel_policyvers_ops = { 328 .read = sel_read_policyvers, 329 .llseek = generic_file_llseek, 330 }; 331 332 /* declaration for sel_write_load */ 333 static int sel_make_bools(void); 334 static int sel_make_classes(void); 335 static int sel_make_policycap(void); 336 337 /* declaration for sel_make_class_dirs */ 338 static int sel_make_dir(struct inode *dir, struct dentry *dentry, 339 unsigned long *ino); 340 341 static ssize_t sel_read_mls(struct file *filp, char __user *buf, 342 size_t count, loff_t *ppos) 343 { 344 char tmpbuf[TMPBUFLEN]; 345 ssize_t length; 346 347 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", 348 security_mls_enabled()); 349 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 350 } 351 352 static const struct file_operations sel_mls_ops = { 353 .read = sel_read_mls, 354 .llseek = generic_file_llseek, 355 }; 356 357 struct policy_load_memory { 358 size_t len; 359 void *data; 360 }; 361 362 static int sel_open_policy(struct inode *inode, struct file *filp) 363 { 364 struct policy_load_memory *plm = NULL; 365 int rc; 366 367 BUG_ON(filp->private_data); 368 369 mutex_lock(&sel_mutex); 370 371 rc = task_has_security(current, SECURITY__READ_POLICY); 372 if (rc) 373 goto err; 374 375 rc = -EBUSY; 376 if (policy_opened) 377 goto err; 378 379 rc = -ENOMEM; 380 plm = kzalloc(sizeof(*plm), GFP_KERNEL); 381 if (!plm) 382 goto err; 383 384 if (i_size_read(inode) != security_policydb_len()) { 385 mutex_lock(&inode->i_mutex); 386 i_size_write(inode, security_policydb_len()); 387 mutex_unlock(&inode->i_mutex); 388 } 389 390 rc = security_read_policy(&plm->data, &plm->len); 391 if (rc) 392 goto err; 393 394 policy_opened = 1; 395 396 filp->private_data = plm; 397 398 mutex_unlock(&sel_mutex); 399 400 return 0; 401 err: 402 mutex_unlock(&sel_mutex); 403 404 if (plm) 405 vfree(plm->data); 406 kfree(plm); 407 return rc; 408 } 409 410 static int sel_release_policy(struct inode *inode, struct file *filp) 411 { 412 struct policy_load_memory *plm = filp->private_data; 413 414 BUG_ON(!plm); 415 416 policy_opened = 0; 417 418 vfree(plm->data); 419 kfree(plm); 420 421 return 0; 422 } 423 424 static ssize_t sel_read_policy(struct file *filp, char __user *buf, 425 size_t count, loff_t *ppos) 426 { 427 struct policy_load_memory *plm = filp->private_data; 428 int ret; 429 430 mutex_lock(&sel_mutex); 431 432 ret = task_has_security(current, SECURITY__READ_POLICY); 433 if (ret) 434 goto out; 435 436 ret = simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); 437 out: 438 mutex_unlock(&sel_mutex); 439 return ret; 440 } 441 442 static int sel_mmap_policy_fault(struct vm_area_struct *vma, 443 struct vm_fault *vmf) 444 { 445 struct policy_load_memory *plm = vma->vm_file->private_data; 446 unsigned long offset; 447 struct page *page; 448 449 if (vmf->flags & (FAULT_FLAG_MKWRITE | FAULT_FLAG_WRITE)) 450 return VM_FAULT_SIGBUS; 451 452 offset = vmf->pgoff << PAGE_SHIFT; 453 if (offset >= roundup(plm->len, PAGE_SIZE)) 454 return VM_FAULT_SIGBUS; 455 456 page = vmalloc_to_page(plm->data + offset); 457 get_page(page); 458 459 vmf->page = page; 460 461 return 0; 462 } 463 464 static struct vm_operations_struct sel_mmap_policy_ops = { 465 .fault = sel_mmap_policy_fault, 466 .page_mkwrite = sel_mmap_policy_fault, 467 }; 468 469 int sel_mmap_policy(struct file *filp, struct vm_area_struct *vma) 470 { 471 if (vma->vm_flags & VM_SHARED) { 472 /* do not allow mprotect to make mapping writable */ 473 vma->vm_flags &= ~VM_MAYWRITE; 474 475 if (vma->vm_flags & VM_WRITE) 476 return -EACCES; 477 } 478 479 vma->vm_flags |= VM_RESERVED; 480 vma->vm_ops = &sel_mmap_policy_ops; 481 482 return 0; 483 } 484 485 static const struct file_operations sel_policy_ops = { 486 .open = sel_open_policy, 487 .read = sel_read_policy, 488 .mmap = sel_mmap_policy, 489 .release = sel_release_policy, 490 }; 491 492 static ssize_t sel_write_load(struct file *file, const char __user *buf, 493 size_t count, loff_t *ppos) 494 495 { 496 int ret; 497 ssize_t length; 498 void *data = NULL; 499 500 mutex_lock(&sel_mutex); 501 502 length = task_has_security(current, SECURITY__LOAD_POLICY); 503 if (length) 504 goto out; 505 506 if (*ppos != 0) { 507 /* No partial writes. */ 508 length = -EINVAL; 509 goto out; 510 } 511 512 if ((count > 64 * 1024 * 1024) 513 || (data = vmalloc(count)) == NULL) { 514 length = -ENOMEM; 515 goto out; 516 } 517 518 length = -EFAULT; 519 if (copy_from_user(data, buf, count) != 0) 520 goto out; 521 522 length = security_load_policy(data, count); 523 if (length) 524 goto out; 525 526 ret = sel_make_bools(); 527 if (ret) { 528 length = ret; 529 goto out1; 530 } 531 532 ret = sel_make_classes(); 533 if (ret) { 534 length = ret; 535 goto out1; 536 } 537 538 ret = sel_make_policycap(); 539 if (ret) 540 length = ret; 541 else 542 length = count; 543 544 out1: 545 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, 546 "policy loaded auid=%u ses=%u", 547 audit_get_loginuid(current), 548 audit_get_sessionid(current)); 549 out: 550 mutex_unlock(&sel_mutex); 551 vfree(data); 552 return length; 553 } 554 555 static const struct file_operations sel_load_ops = { 556 .write = sel_write_load, 557 .llseek = generic_file_llseek, 558 }; 559 560 static ssize_t sel_write_context(struct file *file, char *buf, size_t size) 561 { 562 char *canon; 563 u32 sid, len; 564 ssize_t length; 565 566 length = task_has_security(current, SECURITY__CHECK_CONTEXT); 567 if (length) 568 return length; 569 570 length = security_context_to_sid(buf, size, &sid); 571 if (length < 0) 572 return length; 573 574 length = security_sid_to_context(sid, &canon, &len); 575 if (length < 0) 576 return length; 577 578 if (len > SIMPLE_TRANSACTION_LIMIT) { 579 printk(KERN_ERR "SELinux: %s: context size (%u) exceeds " 580 "payload max\n", __func__, len); 581 length = -ERANGE; 582 goto out; 583 } 584 585 memcpy(buf, canon, len); 586 length = len; 587 out: 588 kfree(canon); 589 return length; 590 } 591 592 static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf, 593 size_t count, loff_t *ppos) 594 { 595 char tmpbuf[TMPBUFLEN]; 596 ssize_t length; 597 598 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", selinux_checkreqprot); 599 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 600 } 601 602 static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, 603 size_t count, loff_t *ppos) 604 { 605 char *page; 606 ssize_t length; 607 unsigned int new_value; 608 609 length = task_has_security(current, SECURITY__SETCHECKREQPROT); 610 if (length) 611 return length; 612 613 if (count >= PAGE_SIZE) 614 return -ENOMEM; 615 if (*ppos != 0) { 616 /* No partial writes. */ 617 return -EINVAL; 618 } 619 page = (char *)get_zeroed_page(GFP_KERNEL); 620 if (!page) 621 return -ENOMEM; 622 length = -EFAULT; 623 if (copy_from_user(page, buf, count)) 624 goto out; 625 626 length = -EINVAL; 627 if (sscanf(page, "%u", &new_value) != 1) 628 goto out; 629 630 selinux_checkreqprot = new_value ? 1 : 0; 631 length = count; 632 out: 633 free_page((unsigned long) page); 634 return length; 635 } 636 static const struct file_operations sel_checkreqprot_ops = { 637 .read = sel_read_checkreqprot, 638 .write = sel_write_checkreqprot, 639 .llseek = generic_file_llseek, 640 }; 641 642 /* 643 * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c 644 */ 645 static ssize_t sel_write_access(struct file *file, char *buf, size_t size); 646 static ssize_t sel_write_create(struct file *file, char *buf, size_t size); 647 static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size); 648 static ssize_t sel_write_user(struct file *file, char *buf, size_t size); 649 static ssize_t sel_write_member(struct file *file, char *buf, size_t size); 650 651 static ssize_t (*write_op[])(struct file *, char *, size_t) = { 652 [SEL_ACCESS] = sel_write_access, 653 [SEL_CREATE] = sel_write_create, 654 [SEL_RELABEL] = sel_write_relabel, 655 [SEL_USER] = sel_write_user, 656 [SEL_MEMBER] = sel_write_member, 657 [SEL_CONTEXT] = sel_write_context, 658 }; 659 660 static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos) 661 { 662 ino_t ino = file->f_path.dentry->d_inode->i_ino; 663 char *data; 664 ssize_t rv; 665 666 if (ino >= ARRAY_SIZE(write_op) || !write_op[ino]) 667 return -EINVAL; 668 669 data = simple_transaction_get(file, buf, size); 670 if (IS_ERR(data)) 671 return PTR_ERR(data); 672 673 rv = write_op[ino](file, data, size); 674 if (rv > 0) { 675 simple_transaction_set(file, rv); 676 rv = size; 677 } 678 return rv; 679 } 680 681 static const struct file_operations transaction_ops = { 682 .write = selinux_transaction_write, 683 .read = simple_transaction_read, 684 .release = simple_transaction_release, 685 .llseek = generic_file_llseek, 686 }; 687 688 /* 689 * payload - write methods 690 * If the method has a response, the response should be put in buf, 691 * and the length returned. Otherwise return 0 or and -error. 692 */ 693 694 static ssize_t sel_write_access(struct file *file, char *buf, size_t size) 695 { 696 char *scon, *tcon; 697 u32 ssid, tsid; 698 u16 tclass; 699 struct av_decision avd; 700 ssize_t length; 701 702 length = task_has_security(current, SECURITY__COMPUTE_AV); 703 if (length) 704 return length; 705 706 length = -ENOMEM; 707 scon = kzalloc(size + 1, GFP_KERNEL); 708 if (!scon) 709 return length; 710 711 tcon = kzalloc(size + 1, GFP_KERNEL); 712 if (!tcon) 713 goto out; 714 715 length = -EINVAL; 716 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 717 goto out2; 718 719 length = security_context_to_sid(scon, strlen(scon) + 1, &ssid); 720 if (length < 0) 721 goto out2; 722 length = security_context_to_sid(tcon, strlen(tcon) + 1, &tsid); 723 if (length < 0) 724 goto out2; 725 726 security_compute_av_user(ssid, tsid, tclass, &avd); 727 728 length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT, 729 "%x %x %x %x %u %x", 730 avd.allowed, 0xffffffff, 731 avd.auditallow, avd.auditdeny, 732 avd.seqno, avd.flags); 733 out2: 734 kfree(tcon); 735 out: 736 kfree(scon); 737 return length; 738 } 739 740 static ssize_t sel_write_create(struct file *file, char *buf, size_t size) 741 { 742 char *scon, *tcon; 743 u32 ssid, tsid, newsid; 744 u16 tclass; 745 ssize_t length; 746 char *newcon; 747 u32 len; 748 749 length = task_has_security(current, SECURITY__COMPUTE_CREATE); 750 if (length) 751 return length; 752 753 length = -ENOMEM; 754 scon = kzalloc(size + 1, GFP_KERNEL); 755 if (!scon) 756 return length; 757 758 tcon = kzalloc(size + 1, GFP_KERNEL); 759 if (!tcon) 760 goto out; 761 762 length = -EINVAL; 763 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 764 goto out2; 765 766 length = security_context_to_sid(scon, strlen(scon) + 1, &ssid); 767 if (length < 0) 768 goto out2; 769 length = security_context_to_sid(tcon, strlen(tcon) + 1, &tsid); 770 if (length < 0) 771 goto out2; 772 773 length = security_transition_sid_user(ssid, tsid, tclass, &newsid); 774 if (length < 0) 775 goto out2; 776 777 length = security_sid_to_context(newsid, &newcon, &len); 778 if (length < 0) 779 goto out2; 780 781 if (len > SIMPLE_TRANSACTION_LIMIT) { 782 printk(KERN_ERR "SELinux: %s: context size (%u) exceeds " 783 "payload max\n", __func__, len); 784 length = -ERANGE; 785 goto out3; 786 } 787 788 memcpy(buf, newcon, len); 789 length = len; 790 out3: 791 kfree(newcon); 792 out2: 793 kfree(tcon); 794 out: 795 kfree(scon); 796 return length; 797 } 798 799 static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size) 800 { 801 char *scon, *tcon; 802 u32 ssid, tsid, newsid; 803 u16 tclass; 804 ssize_t length; 805 char *newcon; 806 u32 len; 807 808 length = task_has_security(current, SECURITY__COMPUTE_RELABEL); 809 if (length) 810 return length; 811 812 length = -ENOMEM; 813 scon = kzalloc(size + 1, GFP_KERNEL); 814 if (!scon) 815 return length; 816 817 tcon = kzalloc(size + 1, GFP_KERNEL); 818 if (!tcon) 819 goto out; 820 821 length = -EINVAL; 822 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 823 goto out2; 824 825 length = security_context_to_sid(scon, strlen(scon) + 1, &ssid); 826 if (length < 0) 827 goto out2; 828 length = security_context_to_sid(tcon, strlen(tcon) + 1, &tsid); 829 if (length < 0) 830 goto out2; 831 832 length = security_change_sid(ssid, tsid, tclass, &newsid); 833 if (length < 0) 834 goto out2; 835 836 length = security_sid_to_context(newsid, &newcon, &len); 837 if (length < 0) 838 goto out2; 839 840 if (len > SIMPLE_TRANSACTION_LIMIT) { 841 length = -ERANGE; 842 goto out3; 843 } 844 845 memcpy(buf, newcon, len); 846 length = len; 847 out3: 848 kfree(newcon); 849 out2: 850 kfree(tcon); 851 out: 852 kfree(scon); 853 return length; 854 } 855 856 static ssize_t sel_write_user(struct file *file, char *buf, size_t size) 857 { 858 char *con, *user, *ptr; 859 u32 sid, *sids; 860 ssize_t length; 861 char *newcon; 862 int i, rc; 863 u32 len, nsids; 864 865 length = task_has_security(current, SECURITY__COMPUTE_USER); 866 if (length) 867 return length; 868 869 length = -ENOMEM; 870 con = kzalloc(size + 1, GFP_KERNEL); 871 if (!con) 872 return length; 873 874 user = kzalloc(size + 1, GFP_KERNEL); 875 if (!user) 876 goto out; 877 878 length = -EINVAL; 879 if (sscanf(buf, "%s %s", con, user) != 2) 880 goto out2; 881 882 length = security_context_to_sid(con, strlen(con) + 1, &sid); 883 if (length < 0) 884 goto out2; 885 886 length = security_get_user_sids(sid, user, &sids, &nsids); 887 if (length < 0) 888 goto out2; 889 890 length = sprintf(buf, "%u", nsids) + 1; 891 ptr = buf + length; 892 for (i = 0; i < nsids; i++) { 893 rc = security_sid_to_context(sids[i], &newcon, &len); 894 if (rc) { 895 length = rc; 896 goto out3; 897 } 898 if ((length + len) >= SIMPLE_TRANSACTION_LIMIT) { 899 kfree(newcon); 900 length = -ERANGE; 901 goto out3; 902 } 903 memcpy(ptr, newcon, len); 904 kfree(newcon); 905 ptr += len; 906 length += len; 907 } 908 out3: 909 kfree(sids); 910 out2: 911 kfree(user); 912 out: 913 kfree(con); 914 return length; 915 } 916 917 static ssize_t sel_write_member(struct file *file, char *buf, size_t size) 918 { 919 char *scon, *tcon; 920 u32 ssid, tsid, newsid; 921 u16 tclass; 922 ssize_t length; 923 char *newcon; 924 u32 len; 925 926 length = task_has_security(current, SECURITY__COMPUTE_MEMBER); 927 if (length) 928 return length; 929 930 length = -ENOMEM; 931 scon = kzalloc(size + 1, GFP_KERNEL); 932 if (!scon) 933 return length; 934 935 tcon = kzalloc(size + 1, GFP_KERNEL); 936 if (!tcon) 937 goto out; 938 939 length = -EINVAL; 940 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 941 goto out2; 942 943 length = security_context_to_sid(scon, strlen(scon) + 1, &ssid); 944 if (length < 0) 945 goto out2; 946 length = security_context_to_sid(tcon, strlen(tcon) + 1, &tsid); 947 if (length < 0) 948 goto out2; 949 950 length = security_member_sid(ssid, tsid, tclass, &newsid); 951 if (length < 0) 952 goto out2; 953 954 length = security_sid_to_context(newsid, &newcon, &len); 955 if (length < 0) 956 goto out2; 957 958 if (len > SIMPLE_TRANSACTION_LIMIT) { 959 printk(KERN_ERR "SELinux: %s: context size (%u) exceeds " 960 "payload max\n", __func__, len); 961 length = -ERANGE; 962 goto out3; 963 } 964 965 memcpy(buf, newcon, len); 966 length = len; 967 out3: 968 kfree(newcon); 969 out2: 970 kfree(tcon); 971 out: 972 kfree(scon); 973 return length; 974 } 975 976 static struct inode *sel_make_inode(struct super_block *sb, int mode) 977 { 978 struct inode *ret = new_inode(sb); 979 980 if (ret) { 981 ret->i_ino = get_next_ino(); 982 ret->i_mode = mode; 983 ret->i_atime = ret->i_mtime = ret->i_ctime = CURRENT_TIME; 984 } 985 return ret; 986 } 987 988 static ssize_t sel_read_bool(struct file *filep, char __user *buf, 989 size_t count, loff_t *ppos) 990 { 991 char *page = NULL; 992 ssize_t length; 993 ssize_t ret; 994 int cur_enforcing; 995 struct inode *inode = filep->f_path.dentry->d_inode; 996 unsigned index = inode->i_ino & SEL_INO_MASK; 997 const char *name = filep->f_path.dentry->d_name.name; 998 999 mutex_lock(&sel_mutex); 1000 1001 if (index >= bool_num || strcmp(name, bool_pending_names[index])) { 1002 ret = -EINVAL; 1003 goto out; 1004 } 1005 1006 page = (char *)get_zeroed_page(GFP_KERNEL); 1007 if (!page) { 1008 ret = -ENOMEM; 1009 goto out; 1010 } 1011 1012 cur_enforcing = security_get_bool_value(index); 1013 if (cur_enforcing < 0) { 1014 ret = cur_enforcing; 1015 goto out; 1016 } 1017 length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing, 1018 bool_pending_values[index]); 1019 ret = simple_read_from_buffer(buf, count, ppos, page, length); 1020 out: 1021 mutex_unlock(&sel_mutex); 1022 if (page) 1023 free_page((unsigned long)page); 1024 return ret; 1025 } 1026 1027 static ssize_t sel_write_bool(struct file *filep, const char __user *buf, 1028 size_t count, loff_t *ppos) 1029 { 1030 char *page = NULL; 1031 ssize_t length; 1032 int new_value; 1033 struct inode *inode = filep->f_path.dentry->d_inode; 1034 unsigned index = inode->i_ino & SEL_INO_MASK; 1035 const char *name = filep->f_path.dentry->d_name.name; 1036 1037 mutex_lock(&sel_mutex); 1038 1039 length = task_has_security(current, SECURITY__SETBOOL); 1040 if (length) 1041 goto out; 1042 1043 if (index >= bool_num || strcmp(name, bool_pending_names[index])) { 1044 length = -EINVAL; 1045 goto out; 1046 } 1047 1048 if (count >= PAGE_SIZE) { 1049 length = -ENOMEM; 1050 goto out; 1051 } 1052 1053 if (*ppos != 0) { 1054 /* No partial writes. */ 1055 length = -EINVAL; 1056 goto out; 1057 } 1058 page = (char *)get_zeroed_page(GFP_KERNEL); 1059 if (!page) { 1060 length = -ENOMEM; 1061 goto out; 1062 } 1063 1064 length = -EFAULT; 1065 if (copy_from_user(page, buf, count)) 1066 goto out; 1067 1068 length = -EINVAL; 1069 if (sscanf(page, "%d", &new_value) != 1) 1070 goto out; 1071 1072 if (new_value) 1073 new_value = 1; 1074 1075 bool_pending_values[index] = new_value; 1076 length = count; 1077 1078 out: 1079 mutex_unlock(&sel_mutex); 1080 if (page) 1081 free_page((unsigned long) page); 1082 return length; 1083 } 1084 1085 static const struct file_operations sel_bool_ops = { 1086 .read = sel_read_bool, 1087 .write = sel_write_bool, 1088 .llseek = generic_file_llseek, 1089 }; 1090 1091 static ssize_t sel_commit_bools_write(struct file *filep, 1092 const char __user *buf, 1093 size_t count, loff_t *ppos) 1094 { 1095 char *page = NULL; 1096 ssize_t length; 1097 int new_value; 1098 1099 mutex_lock(&sel_mutex); 1100 1101 length = task_has_security(current, SECURITY__SETBOOL); 1102 if (length) 1103 goto out; 1104 1105 if (count >= PAGE_SIZE) { 1106 length = -ENOMEM; 1107 goto out; 1108 } 1109 if (*ppos != 0) { 1110 /* No partial writes. */ 1111 goto out; 1112 } 1113 page = (char *)get_zeroed_page(GFP_KERNEL); 1114 if (!page) { 1115 length = -ENOMEM; 1116 goto out; 1117 } 1118 1119 length = -EFAULT; 1120 if (copy_from_user(page, buf, count)) 1121 goto out; 1122 1123 length = -EINVAL; 1124 if (sscanf(page, "%d", &new_value) != 1) 1125 goto out; 1126 1127 if (new_value && bool_pending_values) 1128 security_set_bools(bool_num, bool_pending_values); 1129 1130 length = count; 1131 1132 out: 1133 mutex_unlock(&sel_mutex); 1134 if (page) 1135 free_page((unsigned long) page); 1136 return length; 1137 } 1138 1139 static const struct file_operations sel_commit_bools_ops = { 1140 .write = sel_commit_bools_write, 1141 .llseek = generic_file_llseek, 1142 }; 1143 1144 static void sel_remove_entries(struct dentry *de) 1145 { 1146 struct list_head *node; 1147 1148 spin_lock(&dcache_lock); 1149 node = de->d_subdirs.next; 1150 while (node != &de->d_subdirs) { 1151 struct dentry *d = list_entry(node, struct dentry, d_u.d_child); 1152 list_del_init(node); 1153 1154 if (d->d_inode) { 1155 d = dget_locked(d); 1156 spin_unlock(&dcache_lock); 1157 d_delete(d); 1158 simple_unlink(de->d_inode, d); 1159 dput(d); 1160 spin_lock(&dcache_lock); 1161 } 1162 node = de->d_subdirs.next; 1163 } 1164 1165 spin_unlock(&dcache_lock); 1166 } 1167 1168 #define BOOL_DIR_NAME "booleans" 1169 1170 static int sel_make_bools(void) 1171 { 1172 int i, ret = 0; 1173 ssize_t len; 1174 struct dentry *dentry = NULL; 1175 struct dentry *dir = bool_dir; 1176 struct inode *inode = NULL; 1177 struct inode_security_struct *isec; 1178 char **names = NULL, *page; 1179 int num; 1180 int *values = NULL; 1181 u32 sid; 1182 1183 /* remove any existing files */ 1184 for (i = 0; i < bool_num; i++) 1185 kfree(bool_pending_names[i]); 1186 kfree(bool_pending_names); 1187 kfree(bool_pending_values); 1188 bool_pending_names = NULL; 1189 bool_pending_values = NULL; 1190 1191 sel_remove_entries(dir); 1192 1193 page = (char *)get_zeroed_page(GFP_KERNEL); 1194 if (!page) 1195 return -ENOMEM; 1196 1197 ret = security_get_bools(&num, &names, &values); 1198 if (ret != 0) 1199 goto out; 1200 1201 for (i = 0; i < num; i++) { 1202 dentry = d_alloc_name(dir, names[i]); 1203 if (!dentry) { 1204 ret = -ENOMEM; 1205 goto err; 1206 } 1207 inode = sel_make_inode(dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR); 1208 if (!inode) { 1209 ret = -ENOMEM; 1210 goto err; 1211 } 1212 1213 len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]); 1214 if (len < 0) { 1215 ret = -EINVAL; 1216 goto err; 1217 } else if (len >= PAGE_SIZE) { 1218 ret = -ENAMETOOLONG; 1219 goto err; 1220 } 1221 isec = (struct inode_security_struct *)inode->i_security; 1222 ret = security_genfs_sid("selinuxfs", page, SECCLASS_FILE, &sid); 1223 if (ret) 1224 goto err; 1225 isec->sid = sid; 1226 isec->initialized = 1; 1227 inode->i_fop = &sel_bool_ops; 1228 inode->i_ino = i|SEL_BOOL_INO_OFFSET; 1229 d_add(dentry, inode); 1230 } 1231 bool_num = num; 1232 bool_pending_names = names; 1233 bool_pending_values = values; 1234 out: 1235 free_page((unsigned long)page); 1236 return ret; 1237 err: 1238 if (names) { 1239 for (i = 0; i < num; i++) 1240 kfree(names[i]); 1241 kfree(names); 1242 } 1243 kfree(values); 1244 sel_remove_entries(dir); 1245 ret = -ENOMEM; 1246 goto out; 1247 } 1248 1249 #define NULL_FILE_NAME "null" 1250 1251 struct dentry *selinux_null; 1252 1253 static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf, 1254 size_t count, loff_t *ppos) 1255 { 1256 char tmpbuf[TMPBUFLEN]; 1257 ssize_t length; 1258 1259 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", avc_cache_threshold); 1260 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 1261 } 1262 1263 static ssize_t sel_write_avc_cache_threshold(struct file *file, 1264 const char __user *buf, 1265 size_t count, loff_t *ppos) 1266 1267 { 1268 char *page; 1269 ssize_t ret; 1270 int new_value; 1271 1272 if (count >= PAGE_SIZE) { 1273 ret = -ENOMEM; 1274 goto out; 1275 } 1276 1277 if (*ppos != 0) { 1278 /* No partial writes. */ 1279 ret = -EINVAL; 1280 goto out; 1281 } 1282 1283 page = (char *)get_zeroed_page(GFP_KERNEL); 1284 if (!page) { 1285 ret = -ENOMEM; 1286 goto out; 1287 } 1288 1289 if (copy_from_user(page, buf, count)) { 1290 ret = -EFAULT; 1291 goto out_free; 1292 } 1293 1294 if (sscanf(page, "%u", &new_value) != 1) { 1295 ret = -EINVAL; 1296 goto out; 1297 } 1298 1299 if (new_value != avc_cache_threshold) { 1300 ret = task_has_security(current, SECURITY__SETSECPARAM); 1301 if (ret) 1302 goto out_free; 1303 avc_cache_threshold = new_value; 1304 } 1305 ret = count; 1306 out_free: 1307 free_page((unsigned long)page); 1308 out: 1309 return ret; 1310 } 1311 1312 static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf, 1313 size_t count, loff_t *ppos) 1314 { 1315 char *page; 1316 ssize_t ret = 0; 1317 1318 page = (char *)__get_free_page(GFP_KERNEL); 1319 if (!page) { 1320 ret = -ENOMEM; 1321 goto out; 1322 } 1323 ret = avc_get_hash_stats(page); 1324 if (ret >= 0) 1325 ret = simple_read_from_buffer(buf, count, ppos, page, ret); 1326 free_page((unsigned long)page); 1327 out: 1328 return ret; 1329 } 1330 1331 static const struct file_operations sel_avc_cache_threshold_ops = { 1332 .read = sel_read_avc_cache_threshold, 1333 .write = sel_write_avc_cache_threshold, 1334 .llseek = generic_file_llseek, 1335 }; 1336 1337 static const struct file_operations sel_avc_hash_stats_ops = { 1338 .read = sel_read_avc_hash_stats, 1339 .llseek = generic_file_llseek, 1340 }; 1341 1342 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 1343 static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx) 1344 { 1345 int cpu; 1346 1347 for (cpu = *idx; cpu < nr_cpu_ids; ++cpu) { 1348 if (!cpu_possible(cpu)) 1349 continue; 1350 *idx = cpu + 1; 1351 return &per_cpu(avc_cache_stats, cpu); 1352 } 1353 return NULL; 1354 } 1355 1356 static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos) 1357 { 1358 loff_t n = *pos - 1; 1359 1360 if (*pos == 0) 1361 return SEQ_START_TOKEN; 1362 1363 return sel_avc_get_stat_idx(&n); 1364 } 1365 1366 static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos) 1367 { 1368 return sel_avc_get_stat_idx(pos); 1369 } 1370 1371 static int sel_avc_stats_seq_show(struct seq_file *seq, void *v) 1372 { 1373 struct avc_cache_stats *st = v; 1374 1375 if (v == SEQ_START_TOKEN) 1376 seq_printf(seq, "lookups hits misses allocations reclaims " 1377 "frees\n"); 1378 else 1379 seq_printf(seq, "%u %u %u %u %u %u\n", st->lookups, 1380 st->hits, st->misses, st->allocations, 1381 st->reclaims, st->frees); 1382 return 0; 1383 } 1384 1385 static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v) 1386 { } 1387 1388 static const struct seq_operations sel_avc_cache_stats_seq_ops = { 1389 .start = sel_avc_stats_seq_start, 1390 .next = sel_avc_stats_seq_next, 1391 .show = sel_avc_stats_seq_show, 1392 .stop = sel_avc_stats_seq_stop, 1393 }; 1394 1395 static int sel_open_avc_cache_stats(struct inode *inode, struct file *file) 1396 { 1397 return seq_open(file, &sel_avc_cache_stats_seq_ops); 1398 } 1399 1400 static const struct file_operations sel_avc_cache_stats_ops = { 1401 .open = sel_open_avc_cache_stats, 1402 .read = seq_read, 1403 .llseek = seq_lseek, 1404 .release = seq_release, 1405 }; 1406 #endif 1407 1408 static int sel_make_avc_files(struct dentry *dir) 1409 { 1410 int i, ret = 0; 1411 static struct tree_descr files[] = { 1412 { "cache_threshold", 1413 &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR }, 1414 { "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO }, 1415 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 1416 { "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO }, 1417 #endif 1418 }; 1419 1420 for (i = 0; i < ARRAY_SIZE(files); i++) { 1421 struct inode *inode; 1422 struct dentry *dentry; 1423 1424 dentry = d_alloc_name(dir, files[i].name); 1425 if (!dentry) { 1426 ret = -ENOMEM; 1427 goto out; 1428 } 1429 1430 inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode); 1431 if (!inode) { 1432 ret = -ENOMEM; 1433 goto out; 1434 } 1435 inode->i_fop = files[i].ops; 1436 inode->i_ino = ++sel_last_ino; 1437 d_add(dentry, inode); 1438 } 1439 out: 1440 return ret; 1441 } 1442 1443 static ssize_t sel_read_initcon(struct file *file, char __user *buf, 1444 size_t count, loff_t *ppos) 1445 { 1446 struct inode *inode; 1447 char *con; 1448 u32 sid, len; 1449 ssize_t ret; 1450 1451 inode = file->f_path.dentry->d_inode; 1452 sid = inode->i_ino&SEL_INO_MASK; 1453 ret = security_sid_to_context(sid, &con, &len); 1454 if (ret < 0) 1455 return ret; 1456 1457 ret = simple_read_from_buffer(buf, count, ppos, con, len); 1458 kfree(con); 1459 return ret; 1460 } 1461 1462 static const struct file_operations sel_initcon_ops = { 1463 .read = sel_read_initcon, 1464 .llseek = generic_file_llseek, 1465 }; 1466 1467 static int sel_make_initcon_files(struct dentry *dir) 1468 { 1469 int i, ret = 0; 1470 1471 for (i = 1; i <= SECINITSID_NUM; i++) { 1472 struct inode *inode; 1473 struct dentry *dentry; 1474 dentry = d_alloc_name(dir, security_get_initial_sid_context(i)); 1475 if (!dentry) { 1476 ret = -ENOMEM; 1477 goto out; 1478 } 1479 1480 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1481 if (!inode) { 1482 ret = -ENOMEM; 1483 goto out; 1484 } 1485 inode->i_fop = &sel_initcon_ops; 1486 inode->i_ino = i|SEL_INITCON_INO_OFFSET; 1487 d_add(dentry, inode); 1488 } 1489 out: 1490 return ret; 1491 } 1492 1493 static inline unsigned int sel_div(unsigned long a, unsigned long b) 1494 { 1495 return a / b - (a % b < 0); 1496 } 1497 1498 static inline unsigned long sel_class_to_ino(u16 class) 1499 { 1500 return (class * (SEL_VEC_MAX + 1)) | SEL_CLASS_INO_OFFSET; 1501 } 1502 1503 static inline u16 sel_ino_to_class(unsigned long ino) 1504 { 1505 return sel_div(ino & SEL_INO_MASK, SEL_VEC_MAX + 1); 1506 } 1507 1508 static inline unsigned long sel_perm_to_ino(u16 class, u32 perm) 1509 { 1510 return (class * (SEL_VEC_MAX + 1) + perm) | SEL_CLASS_INO_OFFSET; 1511 } 1512 1513 static inline u32 sel_ino_to_perm(unsigned long ino) 1514 { 1515 return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1); 1516 } 1517 1518 static ssize_t sel_read_class(struct file *file, char __user *buf, 1519 size_t count, loff_t *ppos) 1520 { 1521 ssize_t rc, len; 1522 char *page; 1523 unsigned long ino = file->f_path.dentry->d_inode->i_ino; 1524 1525 page = (char *)__get_free_page(GFP_KERNEL); 1526 if (!page) { 1527 rc = -ENOMEM; 1528 goto out; 1529 } 1530 1531 len = snprintf(page, PAGE_SIZE, "%d", sel_ino_to_class(ino)); 1532 rc = simple_read_from_buffer(buf, count, ppos, page, len); 1533 free_page((unsigned long)page); 1534 out: 1535 return rc; 1536 } 1537 1538 static const struct file_operations sel_class_ops = { 1539 .read = sel_read_class, 1540 .llseek = generic_file_llseek, 1541 }; 1542 1543 static ssize_t sel_read_perm(struct file *file, char __user *buf, 1544 size_t count, loff_t *ppos) 1545 { 1546 ssize_t rc, len; 1547 char *page; 1548 unsigned long ino = file->f_path.dentry->d_inode->i_ino; 1549 1550 page = (char *)__get_free_page(GFP_KERNEL); 1551 if (!page) { 1552 rc = -ENOMEM; 1553 goto out; 1554 } 1555 1556 len = snprintf(page, PAGE_SIZE, "%d", sel_ino_to_perm(ino)); 1557 rc = simple_read_from_buffer(buf, count, ppos, page, len); 1558 free_page((unsigned long)page); 1559 out: 1560 return rc; 1561 } 1562 1563 static const struct file_operations sel_perm_ops = { 1564 .read = sel_read_perm, 1565 .llseek = generic_file_llseek, 1566 }; 1567 1568 static ssize_t sel_read_policycap(struct file *file, char __user *buf, 1569 size_t count, loff_t *ppos) 1570 { 1571 int value; 1572 char tmpbuf[TMPBUFLEN]; 1573 ssize_t length; 1574 unsigned long i_ino = file->f_path.dentry->d_inode->i_ino; 1575 1576 value = security_policycap_supported(i_ino & SEL_INO_MASK); 1577 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value); 1578 1579 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 1580 } 1581 1582 static const struct file_operations sel_policycap_ops = { 1583 .read = sel_read_policycap, 1584 .llseek = generic_file_llseek, 1585 }; 1586 1587 static int sel_make_perm_files(char *objclass, int classvalue, 1588 struct dentry *dir) 1589 { 1590 int i, rc = 0, nperms; 1591 char **perms; 1592 1593 rc = security_get_permissions(objclass, &perms, &nperms); 1594 if (rc) 1595 goto out; 1596 1597 for (i = 0; i < nperms; i++) { 1598 struct inode *inode; 1599 struct dentry *dentry; 1600 1601 dentry = d_alloc_name(dir, perms[i]); 1602 if (!dentry) { 1603 rc = -ENOMEM; 1604 goto out1; 1605 } 1606 1607 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1608 if (!inode) { 1609 rc = -ENOMEM; 1610 goto out1; 1611 } 1612 inode->i_fop = &sel_perm_ops; 1613 /* i+1 since perm values are 1-indexed */ 1614 inode->i_ino = sel_perm_to_ino(classvalue, i + 1); 1615 d_add(dentry, inode); 1616 } 1617 1618 out1: 1619 for (i = 0; i < nperms; i++) 1620 kfree(perms[i]); 1621 kfree(perms); 1622 out: 1623 return rc; 1624 } 1625 1626 static int sel_make_class_dir_entries(char *classname, int index, 1627 struct dentry *dir) 1628 { 1629 struct dentry *dentry = NULL; 1630 struct inode *inode = NULL; 1631 int rc; 1632 1633 dentry = d_alloc_name(dir, "index"); 1634 if (!dentry) { 1635 rc = -ENOMEM; 1636 goto out; 1637 } 1638 1639 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1640 if (!inode) { 1641 rc = -ENOMEM; 1642 goto out; 1643 } 1644 1645 inode->i_fop = &sel_class_ops; 1646 inode->i_ino = sel_class_to_ino(index); 1647 d_add(dentry, inode); 1648 1649 dentry = d_alloc_name(dir, "perms"); 1650 if (!dentry) { 1651 rc = -ENOMEM; 1652 goto out; 1653 } 1654 1655 rc = sel_make_dir(dir->d_inode, dentry, &last_class_ino); 1656 if (rc) 1657 goto out; 1658 1659 rc = sel_make_perm_files(classname, index, dentry); 1660 1661 out: 1662 return rc; 1663 } 1664 1665 static void sel_remove_classes(void) 1666 { 1667 struct list_head *class_node; 1668 1669 list_for_each(class_node, &class_dir->d_subdirs) { 1670 struct dentry *class_subdir = list_entry(class_node, 1671 struct dentry, d_u.d_child); 1672 struct list_head *class_subdir_node; 1673 1674 list_for_each(class_subdir_node, &class_subdir->d_subdirs) { 1675 struct dentry *d = list_entry(class_subdir_node, 1676 struct dentry, d_u.d_child); 1677 1678 if (d->d_inode) 1679 if (d->d_inode->i_mode & S_IFDIR) 1680 sel_remove_entries(d); 1681 } 1682 1683 sel_remove_entries(class_subdir); 1684 } 1685 1686 sel_remove_entries(class_dir); 1687 } 1688 1689 static int sel_make_classes(void) 1690 { 1691 int rc = 0, nclasses, i; 1692 char **classes; 1693 1694 /* delete any existing entries */ 1695 sel_remove_classes(); 1696 1697 rc = security_get_classes(&classes, &nclasses); 1698 if (rc < 0) 1699 goto out; 1700 1701 /* +2 since classes are 1-indexed */ 1702 last_class_ino = sel_class_to_ino(nclasses + 2); 1703 1704 for (i = 0; i < nclasses; i++) { 1705 struct dentry *class_name_dir; 1706 1707 class_name_dir = d_alloc_name(class_dir, classes[i]); 1708 if (!class_name_dir) { 1709 rc = -ENOMEM; 1710 goto out1; 1711 } 1712 1713 rc = sel_make_dir(class_dir->d_inode, class_name_dir, 1714 &last_class_ino); 1715 if (rc) 1716 goto out1; 1717 1718 /* i+1 since class values are 1-indexed */ 1719 rc = sel_make_class_dir_entries(classes[i], i + 1, 1720 class_name_dir); 1721 if (rc) 1722 goto out1; 1723 } 1724 1725 out1: 1726 for (i = 0; i < nclasses; i++) 1727 kfree(classes[i]); 1728 kfree(classes); 1729 out: 1730 return rc; 1731 } 1732 1733 static int sel_make_policycap(void) 1734 { 1735 unsigned int iter; 1736 struct dentry *dentry = NULL; 1737 struct inode *inode = NULL; 1738 1739 sel_remove_entries(policycap_dir); 1740 1741 for (iter = 0; iter <= POLICYDB_CAPABILITY_MAX; iter++) { 1742 if (iter < ARRAY_SIZE(policycap_names)) 1743 dentry = d_alloc_name(policycap_dir, 1744 policycap_names[iter]); 1745 else 1746 dentry = d_alloc_name(policycap_dir, "unknown"); 1747 1748 if (dentry == NULL) 1749 return -ENOMEM; 1750 1751 inode = sel_make_inode(policycap_dir->d_sb, S_IFREG | S_IRUGO); 1752 if (inode == NULL) 1753 return -ENOMEM; 1754 1755 inode->i_fop = &sel_policycap_ops; 1756 inode->i_ino = iter | SEL_POLICYCAP_INO_OFFSET; 1757 d_add(dentry, inode); 1758 } 1759 1760 return 0; 1761 } 1762 1763 static int sel_make_dir(struct inode *dir, struct dentry *dentry, 1764 unsigned long *ino) 1765 { 1766 int ret = 0; 1767 struct inode *inode; 1768 1769 inode = sel_make_inode(dir->i_sb, S_IFDIR | S_IRUGO | S_IXUGO); 1770 if (!inode) { 1771 ret = -ENOMEM; 1772 goto out; 1773 } 1774 inode->i_op = &simple_dir_inode_operations; 1775 inode->i_fop = &simple_dir_operations; 1776 inode->i_ino = ++(*ino); 1777 /* directory inodes start off with i_nlink == 2 (for "." entry) */ 1778 inc_nlink(inode); 1779 d_add(dentry, inode); 1780 /* bump link count on parent directory, too */ 1781 inc_nlink(dir); 1782 out: 1783 return ret; 1784 } 1785 1786 static int sel_fill_super(struct super_block *sb, void *data, int silent) 1787 { 1788 int ret; 1789 struct dentry *dentry; 1790 struct inode *inode, *root_inode; 1791 struct inode_security_struct *isec; 1792 1793 static struct tree_descr selinux_files[] = { 1794 [SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR}, 1795 [SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR}, 1796 [SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO}, 1797 [SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO}, 1798 [SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO}, 1799 [SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO}, 1800 [SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO}, 1801 [SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO}, 1802 [SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR}, 1803 [SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO}, 1804 [SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR}, 1805 [SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO}, 1806 [SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR}, 1807 [SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO}, 1808 [SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO}, 1809 [SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO}, 1810 [SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUSR}, 1811 /* last one */ {""} 1812 }; 1813 ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files); 1814 if (ret) 1815 goto err; 1816 1817 root_inode = sb->s_root->d_inode; 1818 1819 dentry = d_alloc_name(sb->s_root, BOOL_DIR_NAME); 1820 if (!dentry) { 1821 ret = -ENOMEM; 1822 goto err; 1823 } 1824 1825 ret = sel_make_dir(root_inode, dentry, &sel_last_ino); 1826 if (ret) 1827 goto err; 1828 1829 bool_dir = dentry; 1830 1831 dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME); 1832 if (!dentry) { 1833 ret = -ENOMEM; 1834 goto err; 1835 } 1836 1837 inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO); 1838 if (!inode) { 1839 ret = -ENOMEM; 1840 goto err; 1841 } 1842 inode->i_ino = ++sel_last_ino; 1843 isec = (struct inode_security_struct *)inode->i_security; 1844 isec->sid = SECINITSID_DEVNULL; 1845 isec->sclass = SECCLASS_CHR_FILE; 1846 isec->initialized = 1; 1847 1848 init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3)); 1849 d_add(dentry, inode); 1850 selinux_null = dentry; 1851 1852 dentry = d_alloc_name(sb->s_root, "avc"); 1853 if (!dentry) { 1854 ret = -ENOMEM; 1855 goto err; 1856 } 1857 1858 ret = sel_make_dir(root_inode, dentry, &sel_last_ino); 1859 if (ret) 1860 goto err; 1861 1862 ret = sel_make_avc_files(dentry); 1863 if (ret) 1864 goto err; 1865 1866 dentry = d_alloc_name(sb->s_root, "initial_contexts"); 1867 if (!dentry) { 1868 ret = -ENOMEM; 1869 goto err; 1870 } 1871 1872 ret = sel_make_dir(root_inode, dentry, &sel_last_ino); 1873 if (ret) 1874 goto err; 1875 1876 ret = sel_make_initcon_files(dentry); 1877 if (ret) 1878 goto err; 1879 1880 dentry = d_alloc_name(sb->s_root, "class"); 1881 if (!dentry) { 1882 ret = -ENOMEM; 1883 goto err; 1884 } 1885 1886 ret = sel_make_dir(root_inode, dentry, &sel_last_ino); 1887 if (ret) 1888 goto err; 1889 1890 class_dir = dentry; 1891 1892 dentry = d_alloc_name(sb->s_root, "policy_capabilities"); 1893 if (!dentry) { 1894 ret = -ENOMEM; 1895 goto err; 1896 } 1897 1898 ret = sel_make_dir(root_inode, dentry, &sel_last_ino); 1899 if (ret) 1900 goto err; 1901 1902 policycap_dir = dentry; 1903 1904 out: 1905 return ret; 1906 err: 1907 printk(KERN_ERR "SELinux: %s: failed while creating inodes\n", 1908 __func__); 1909 goto out; 1910 } 1911 1912 static struct dentry *sel_mount(struct file_system_type *fs_type, 1913 int flags, const char *dev_name, void *data) 1914 { 1915 return mount_single(fs_type, flags, data, sel_fill_super); 1916 } 1917 1918 static struct file_system_type sel_fs_type = { 1919 .name = "selinuxfs", 1920 .mount = sel_mount, 1921 .kill_sb = kill_litter_super, 1922 }; 1923 1924 struct vfsmount *selinuxfs_mount; 1925 1926 static int __init init_sel_fs(void) 1927 { 1928 int err; 1929 1930 if (!selinux_enabled) 1931 return 0; 1932 err = register_filesystem(&sel_fs_type); 1933 if (!err) { 1934 selinuxfs_mount = kern_mount(&sel_fs_type); 1935 if (IS_ERR(selinuxfs_mount)) { 1936 printk(KERN_ERR "selinuxfs: could not mount!\n"); 1937 err = PTR_ERR(selinuxfs_mount); 1938 selinuxfs_mount = NULL; 1939 } 1940 } 1941 return err; 1942 } 1943 1944 __initcall(init_sel_fs); 1945 1946 #ifdef CONFIG_SECURITY_SELINUX_DISABLE 1947 void exit_sel_fs(void) 1948 { 1949 unregister_filesystem(&sel_fs_type); 1950 } 1951 #endif 1952