projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
[PATCH] sysctl: remove the proc_dir_entry member for the sysctl tables
[deliverable/linux.git] / security / selinux / hooks.c
1 /*
2 * NSA Security-Enhanced Linux (SELinux) security module
3 *
4 * This file contains the SELinux hook function implementations.
5 *
6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil>
7 * Chris Vance, <cvance@nai.com>
8 * Wayne Salamon, <wsalamon@nai.com>
9 * James Morris <jmorris@redhat.com>
10 *
11 * Copyright (C) 2001,2002 Networks Associates Technology, Inc.
12 * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
13 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
14 * <dgoeddel@trustedcs.com>
15 * Copyright (C) 2006 Hewlett-Packard Development Company, L.P.
16 * Paul Moore, <paul.moore@hp.com>
17 *
18 * This program is free software; you can redistribute it and/or modify
19 * it under the terms of the GNU General Public License version 2,
20 * as published by the Free Software Foundation.
21 */
22
23 #include <linux/module.h>
24 #include <linux/init.h>
25 #include <linux/kernel.h>
26 #include <linux/ptrace.h>
27 #include <linux/errno.h>
28 #include <linux/sched.h>
29 #include <linux/security.h>
30 #include <linux/xattr.h>
31 #include <linux/capability.h>
32 #include <linux/unistd.h>
33 #include <linux/mm.h>
34 #include <linux/mman.h>
35 #include <linux/slab.h>
36 #include <linux/pagemap.h>
37 #include <linux/swap.h>
38 #include <linux/smp_lock.h>
39 #include <linux/spinlock.h>
40 #include <linux/syscalls.h>
41 #include <linux/file.h>
42 #include <linux/namei.h>
43 #include <linux/mount.h>
44 #include <linux/ext2_fs.h>
45 #include <linux/proc_fs.h>
46 #include <linux/kd.h>
47 #include <linux/netfilter_ipv4.h>
48 #include <linux/netfilter_ipv6.h>
49 #include <linux/tty.h>
50 #include <net/icmp.h>
51 #include <net/ip.h> /* for sysctl_local_port_range[] */
52 #include <net/tcp.h> /* struct or_callable used in sock_rcv_skb */
53 #include <asm/uaccess.h>
54 #include <asm/ioctls.h>
55 #include <linux/bitops.h>
56 #include <linux/interrupt.h>
57 #include <linux/netdevice.h> /* for network interface checks */
58 #include <linux/netlink.h>
59 #include <linux/tcp.h>
60 #include <linux/udp.h>
61 #include <linux/dccp.h>
62 #include <linux/quota.h>
63 #include <linux/un.h> /* for Unix socket types */
64 #include <net/af_unix.h> /* for Unix socket types */
65 #include <linux/parser.h>
66 #include <linux/nfs_mount.h>
67 #include <net/ipv6.h>
68 #include <linux/hugetlb.h>
69 #include <linux/personality.h>
70 #include <linux/sysctl.h>
71 #include <linux/audit.h>
72 #include <linux/string.h>
73 #include <linux/selinux.h>
74 #include <linux/mutex.h>
75
76 #include "avc.h"
77 #include "objsec.h"
78 #include "netif.h"
79 #include "xfrm.h"
80 #include "selinux_netlabel.h"
81
82 #define XATTR_SELINUX_SUFFIX "selinux"
83 #define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX
84
85 extern unsigned int policydb_loaded_version;
86 extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm);
87 extern int selinux_compat_net;
88
89 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
90 int selinux_enforcing = 0;
91
92 static int __init enforcing_setup(char *str)
93 {
94 selinux_enforcing = simple_strtol(str,NULL,0);
95 return 1;
96 }
97 __setup("enforcing=", enforcing_setup);
98 #endif
99
100 #ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
101 int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
102
103 static int __init selinux_enabled_setup(char *str)
104 {
105 selinux_enabled = simple_strtol(str, NULL, 0);
106 return 1;
107 }
108 __setup("selinux=", selinux_enabled_setup);
109 #else
110 int selinux_enabled = 1;
111 #endif
112
113 /* Original (dummy) security module. */
114 static struct security_operations *original_ops = NULL;
115
116 /* Minimal support for a secondary security module,
117 just to allow the use of the dummy or capability modules.
118 The owlsm module can alternatively be used as a secondary
119 module as long as CONFIG_OWLSM_FD is not enabled. */
120 static struct security_operations *secondary_ops = NULL;
121
122 /* Lists of inode and superblock security structures initialized
123 before the policy was loaded. */
124 static LIST_HEAD(superblock_security_head);
125 static DEFINE_SPINLOCK(sb_security_lock);
126
127 static struct kmem_cache *sel_inode_cache;
128
129 /* Return security context for a given sid or just the context
130 length if the buffer is null or length is 0 */
131 static int selinux_getsecurity(u32 sid, void *buffer, size_t size)
132 {
133 char *context;
134 unsigned len;
135 int rc;
136
137 rc = security_sid_to_context(sid, &context, &len);
138 if (rc)
139 return rc;
140
141 if (!buffer || !size)
142 goto getsecurity_exit;
143
144 if (size < len) {
145 len = -ERANGE;
146 goto getsecurity_exit;
147 }
148 memcpy(buffer, context, len);
149
150 getsecurity_exit:
151 kfree(context);
152 return len;
153 }
154
155 /* Allocate and free functions for each kind of security blob. */
156
157 static int task_alloc_security(struct task_struct *task)
158 {
159 struct task_security_struct *tsec;
160
161 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
162 if (!tsec)
163 return -ENOMEM;
164
165 tsec->task = task;
166 tsec->osid = tsec->sid = tsec->ptrace_sid = SECINITSID_UNLABELED;
167 task->security = tsec;
168
169 return 0;
170 }
171
172 static void task_free_security(struct task_struct *task)
173 {
174 struct task_security_struct *tsec = task->security;
175 task->security = NULL;
176 kfree(tsec);
177 }
178
179 static int inode_alloc_security(struct inode *inode)
180 {
181 struct task_security_struct *tsec = current->security;
182 struct inode_security_struct *isec;
183
184 isec = kmem_cache_zalloc(sel_inode_cache, GFP_KERNEL);
185 if (!isec)
186 return -ENOMEM;
187
188 mutex_init(&isec->lock);
189 INIT_LIST_HEAD(&isec->list);
190 isec->inode = inode;
191 isec->sid = SECINITSID_UNLABELED;
192 isec->sclass = SECCLASS_FILE;
193 isec->task_sid = tsec->sid;
194 inode->i_security = isec;
195
196 return 0;
197 }
198
199 static void inode_free_security(struct inode *inode)
200 {
201 struct inode_security_struct *isec = inode->i_security;
202 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
203
204 spin_lock(&sbsec->isec_lock);
205 if (!list_empty(&isec->list))
206 list_del_init(&isec->list);
207 spin_unlock(&sbsec->isec_lock);
208
209 inode->i_security = NULL;
210 kmem_cache_free(sel_inode_cache, isec);
211 }
212
213 static int file_alloc_security(struct file *file)
214 {
215 struct task_security_struct *tsec = current->security;
216 struct file_security_struct *fsec;
217
218 fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
219 if (!fsec)
220 return -ENOMEM;
221
222 fsec->file = file;
223 fsec->sid = tsec->sid;
224 fsec->fown_sid = tsec->sid;
225 file->f_security = fsec;
226
227 return 0;
228 }
229
230 static void file_free_security(struct file *file)
231 {
232 struct file_security_struct *fsec = file->f_security;
233 file->f_security = NULL;
234 kfree(fsec);
235 }
236
237 static int superblock_alloc_security(struct super_block *sb)
238 {
239 struct superblock_security_struct *sbsec;
240
241 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
242 if (!sbsec)
243 return -ENOMEM;
244
245 mutex_init(&sbsec->lock);
246 INIT_LIST_HEAD(&sbsec->list);
247 INIT_LIST_HEAD(&sbsec->isec_head);
248 spin_lock_init(&sbsec->isec_lock);
249 sbsec->sb = sb;
250 sbsec->sid = SECINITSID_UNLABELED;
251 sbsec->def_sid = SECINITSID_FILE;
252 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
253 sb->s_security = sbsec;
254
255 return 0;
256 }
257
258 static void superblock_free_security(struct super_block *sb)
259 {
260 struct superblock_security_struct *sbsec = sb->s_security;
261
262 spin_lock(&sb_security_lock);
263 if (!list_empty(&sbsec->list))
264 list_del_init(&sbsec->list);
265 spin_unlock(&sb_security_lock);
266
267 sb->s_security = NULL;
268 kfree(sbsec);
269 }
270
271 static int sk_alloc_security(struct sock *sk, int family, gfp_t priority)
272 {
273 struct sk_security_struct *ssec;
274
275 ssec = kzalloc(sizeof(*ssec), priority);
276 if (!ssec)
277 return -ENOMEM;
278
279 ssec->sk = sk;
280 ssec->peer_sid = SECINITSID_UNLABELED;
281 ssec->sid = SECINITSID_UNLABELED;
282 sk->sk_security = ssec;
283
284 selinux_netlbl_sk_security_init(ssec, family);
285
286 return 0;
287 }
288
289 static void sk_free_security(struct sock *sk)
290 {
291 struct sk_security_struct *ssec = sk->sk_security;
292
293 sk->sk_security = NULL;
294 kfree(ssec);
295 }
296
297 /* The security server must be initialized before
298 any labeling or access decisions can be provided. */
299 extern int ss_initialized;
300
301 /* The file system's label must be initialized prior to use. */
302
303 static char *labeling_behaviors[6] = {
304 "uses xattr",
305 "uses transition SIDs",
306 "uses task SIDs",
307 "uses genfs_contexts",
308 "not configured for labeling",
309 "uses mountpoint labeling",
310 };
311
312 static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
313
314 static inline int inode_doinit(struct inode *inode)
315 {
316 return inode_doinit_with_dentry(inode, NULL);
317 }
318
319 enum {
320 Opt_context = 1,
321 Opt_fscontext = 2,
322 Opt_defcontext = 4,
323 Opt_rootcontext = 8,
324 };
325
326 static match_table_t tokens = {
327 {Opt_context, "context=%s"},
328 {Opt_fscontext, "fscontext=%s"},
329 {Opt_defcontext, "defcontext=%s"},
330 {Opt_rootcontext, "rootcontext=%s"},
331 };
332
333 #define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
334
335 static int may_context_mount_sb_relabel(u32 sid,
336 struct superblock_security_struct *sbsec,
337 struct task_security_struct *tsec)
338 {
339 int rc;
340
341 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
342 FILESYSTEM__RELABELFROM, NULL);
343 if (rc)
344 return rc;
345
346 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
347 FILESYSTEM__RELABELTO, NULL);
348 return rc;
349 }
350
351 static int may_context_mount_inode_relabel(u32 sid,
352 struct superblock_security_struct *sbsec,
353 struct task_security_struct *tsec)
354 {
355 int rc;
356 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
357 FILESYSTEM__RELABELFROM, NULL);
358 if (rc)
359 return rc;
360
361 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
362 FILESYSTEM__ASSOCIATE, NULL);
363 return rc;
364 }
365
366 static int try_context_mount(struct super_block *sb, void *data)
367 {
368 char *context = NULL, *defcontext = NULL;
369 char *fscontext = NULL, *rootcontext = NULL;
370 const char *name;
371 u32 sid;
372 int alloc = 0, rc = 0, seen = 0;
373 struct task_security_struct *tsec = current->security;
374 struct superblock_security_struct *sbsec = sb->s_security;
375
376 if (!data)
377 goto out;
378
379 name = sb->s_type->name;
380
381 if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA) {
382
383 /* NFS we understand. */
384 if (!strcmp(name, "nfs")) {
385 struct nfs_mount_data *d = data;
386
387 if (d->version < NFS_MOUNT_VERSION)
388 goto out;
389
390 if (d->context[0]) {
391 context = d->context;
392 seen |= Opt_context;
393 }
394 } else
395 goto out;
396
397 } else {
398 /* Standard string-based options. */
399 char *p, *options = data;
400
401 while ((p = strsep(&options, "|")) != NULL) {
402 int token;
403 substring_t args[MAX_OPT_ARGS];
404
405 if (!*p)
406 continue;
407
408 token = match_token(p, tokens, args);
409
410 switch (token) {
411 case Opt_context:
412 if (seen & (Opt_context|Opt_defcontext)) {
413 rc = -EINVAL;
414 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
415 goto out_free;
416 }
417 context = match_strdup(&args[0]);
418 if (!context) {
419 rc = -ENOMEM;
420 goto out_free;
421 }
422 if (!alloc)
423 alloc = 1;
424 seen |= Opt_context;
425 break;
426
427 case Opt_fscontext:
428 if (seen & Opt_fscontext) {
429 rc = -EINVAL;
430 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
431 goto out_free;
432 }
433 fscontext = match_strdup(&args[0]);
434 if (!fscontext) {
435 rc = -ENOMEM;
436 goto out_free;
437 }
438 if (!alloc)
439 alloc = 1;
440 seen |= Opt_fscontext;
441 break;
442
443 case Opt_rootcontext:
444 if (seen & Opt_rootcontext) {
445 rc = -EINVAL;
446 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
447 goto out_free;
448 }
449 rootcontext = match_strdup(&args[0]);
450 if (!rootcontext) {
451 rc = -ENOMEM;
452 goto out_free;
453 }
454 if (!alloc)
455 alloc = 1;
456 seen |= Opt_rootcontext;
457 break;
458
459 case Opt_defcontext:
460 if (sbsec->behavior != SECURITY_FS_USE_XATTR) {
461 rc = -EINVAL;
462 printk(KERN_WARNING "SELinux: "
463 "defcontext option is invalid "
464 "for this filesystem type\n");
465 goto out_free;
466 }
467 if (seen & (Opt_context|Opt_defcontext)) {
468 rc = -EINVAL;
469 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
470 goto out_free;
471 }
472 defcontext = match_strdup(&args[0]);
473 if (!defcontext) {
474 rc = -ENOMEM;
475 goto out_free;
476 }
477 if (!alloc)
478 alloc = 1;
479 seen |= Opt_defcontext;
480 break;
481
482 default:
483 rc = -EINVAL;
484 printk(KERN_WARNING "SELinux: unknown mount "
485 "option\n");
486 goto out_free;
487
488 }
489 }
490 }
491
492 if (!seen)
493 goto out;
494
495 /* sets the context of the superblock for the fs being mounted. */
496 if (fscontext) {
497 rc = security_context_to_sid(fscontext, strlen(fscontext), &sid);
498 if (rc) {
499 printk(KERN_WARNING "SELinux: security_context_to_sid"
500 "(%s) failed for (dev %s, type %s) errno=%d\n",
501 fscontext, sb->s_id, name, rc);
502 goto out_free;
503 }
504
505 rc = may_context_mount_sb_relabel(sid, sbsec, tsec);
506 if (rc)
507 goto out_free;
508
509 sbsec->sid = sid;
510 }
511
512 /*
513 * Switch to using mount point labeling behavior.
514 * sets the label used on all file below the mountpoint, and will set
515 * the superblock context if not already set.
516 */
517 if (context) {
518 rc = security_context_to_sid(context, strlen(context), &sid);
519 if (rc) {
520 printk(KERN_WARNING "SELinux: security_context_to_sid"
521 "(%s) failed for (dev %s, type %s) errno=%d\n",
522 context, sb->s_id, name, rc);
523 goto out_free;
524 }
525
526 if (!fscontext) {
527 rc = may_context_mount_sb_relabel(sid, sbsec, tsec);
528 if (rc)
529 goto out_free;
530 sbsec->sid = sid;
531 } else {
532 rc = may_context_mount_inode_relabel(sid, sbsec, tsec);
533 if (rc)
534 goto out_free;
535 }
536 sbsec->mntpoint_sid = sid;
537
538 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
539 }
540
541 if (rootcontext) {
542 struct inode *inode = sb->s_root->d_inode;
543 struct inode_security_struct *isec = inode->i_security;
544 rc = security_context_to_sid(rootcontext, strlen(rootcontext), &sid);
545 if (rc) {
546 printk(KERN_WARNING "SELinux: security_context_to_sid"
547 "(%s) failed for (dev %s, type %s) errno=%d\n",
548 rootcontext, sb->s_id, name, rc);
549 goto out_free;
550 }
551
552 rc = may_context_mount_inode_relabel(sid, sbsec, tsec);
553 if (rc)
554 goto out_free;
555
556 isec->sid = sid;
557 isec->initialized = 1;
558 }
559
560 if (defcontext) {
561 rc = security_context_to_sid(defcontext, strlen(defcontext), &sid);
562 if (rc) {
563 printk(KERN_WARNING "SELinux: security_context_to_sid"
564 "(%s) failed for (dev %s, type %s) errno=%d\n",
565 defcontext, sb->s_id, name, rc);
566 goto out_free;
567 }
568
569 if (sid == sbsec->def_sid)
570 goto out_free;
571
572 rc = may_context_mount_inode_relabel(sid, sbsec, tsec);
573 if (rc)
574 goto out_free;
575
576 sbsec->def_sid = sid;
577 }
578
579 out_free:
580 if (alloc) {
581 kfree(context);
582 kfree(defcontext);
583 kfree(fscontext);
584 kfree(rootcontext);
585 }
586 out:
587 return rc;
588 }
589
590 static int superblock_doinit(struct super_block *sb, void *data)
591 {
592 struct superblock_security_struct *sbsec = sb->s_security;
593 struct dentry *root = sb->s_root;
594 struct inode *inode = root->d_inode;
595 int rc = 0;
596
597 mutex_lock(&sbsec->lock);
598 if (sbsec->initialized)
599 goto out;
600
601 if (!ss_initialized) {
602 /* Defer initialization until selinux_complete_init,
603 after the initial policy is loaded and the security
604 server is ready to handle calls. */
605 spin_lock(&sb_security_lock);
606 if (list_empty(&sbsec->list))
607 list_add(&sbsec->list, &superblock_security_head);
608 spin_unlock(&sb_security_lock);
609 goto out;
610 }
611
612 /* Determine the labeling behavior to use for this filesystem type. */
613 rc = security_fs_use(sb->s_type->name, &sbsec->behavior, &sbsec->sid);
614 if (rc) {
615 printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
616 __FUNCTION__, sb->s_type->name, rc);
617 goto out;
618 }
619
620 rc = try_context_mount(sb, data);
621 if (rc)
622 goto out;
623
624 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
625 /* Make sure that the xattr handler exists and that no
626 error other than -ENODATA is returned by getxattr on
627 the root directory. -ENODATA is ok, as this may be
628 the first boot of the SELinux kernel before we have
629 assigned xattr values to the filesystem. */
630 if (!inode->i_op->getxattr) {
631 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
632 "xattr support\n", sb->s_id, sb->s_type->name);
633 rc = -EOPNOTSUPP;
634 goto out;
635 }
636 rc = inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
637 if (rc < 0 && rc != -ENODATA) {
638 if (rc == -EOPNOTSUPP)
639 printk(KERN_WARNING "SELinux: (dev %s, type "
640 "%s) has no security xattr handler\n",
641 sb->s_id, sb->s_type->name);
642 else
643 printk(KERN_WARNING "SELinux: (dev %s, type "
644 "%s) getxattr errno %d\n", sb->s_id,
645 sb->s_type->name, -rc);
646 goto out;
647 }
648 }
649
650 if (strcmp(sb->s_type->name, "proc") == 0)
651 sbsec->proc = 1;
652
653 sbsec->initialized = 1;
654
655 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) {
656 printk(KERN_INFO "SELinux: initialized (dev %s, type %s), unknown behavior\n",
657 sb->s_id, sb->s_type->name);
658 }
659 else {
660 printk(KERN_INFO "SELinux: initialized (dev %s, type %s), %s\n",
661 sb->s_id, sb->s_type->name,
662 labeling_behaviors[sbsec->behavior-1]);
663 }
664
665 /* Initialize the root inode. */
666 rc = inode_doinit_with_dentry(sb->s_root->d_inode, sb->s_root);
667
668 /* Initialize any other inodes associated with the superblock, e.g.
669 inodes created prior to initial policy load or inodes created
670 during get_sb by a pseudo filesystem that directly
671 populates itself. */
672 spin_lock(&sbsec->isec_lock);
673 next_inode:
674 if (!list_empty(&sbsec->isec_head)) {
675 struct inode_security_struct *isec =
676 list_entry(sbsec->isec_head.next,
677 struct inode_security_struct, list);
678 struct inode *inode = isec->inode;
679 spin_unlock(&sbsec->isec_lock);
680 inode = igrab(inode);
681 if (inode) {
682 if (!IS_PRIVATE (inode))
683 inode_doinit(inode);
684 iput(inode);
685 }
686 spin_lock(&sbsec->isec_lock);
687 list_del_init(&isec->list);
688 goto next_inode;
689 }
690 spin_unlock(&sbsec->isec_lock);
691 out:
692 mutex_unlock(&sbsec->lock);
693 return rc;
694 }
695
696 static inline u16 inode_mode_to_security_class(umode_t mode)
697 {
698 switch (mode & S_IFMT) {
699 case S_IFSOCK:
700 return SECCLASS_SOCK_FILE;
701 case S_IFLNK:
702 return SECCLASS_LNK_FILE;
703 case S_IFREG:
704 return SECCLASS_FILE;
705 case S_IFBLK:
706 return SECCLASS_BLK_FILE;
707 case S_IFDIR:
708 return SECCLASS_DIR;
709 case S_IFCHR:
710 return SECCLASS_CHR_FILE;
711 case S_IFIFO:
712 return SECCLASS_FIFO_FILE;
713
714 }
715
716 return SECCLASS_FILE;
717 }
718
719 static inline int default_protocol_stream(int protocol)
720 {
721 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
722 }
723
724 static inline int default_protocol_dgram(int protocol)
725 {
726 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
727 }
728
729 static inline u16 socket_type_to_security_class(int family, int type, int protocol)
730 {
731 switch (family) {
732 case PF_UNIX:
733 switch (type) {
734 case SOCK_STREAM:
735 case SOCK_SEQPACKET:
736 return SECCLASS_UNIX_STREAM_SOCKET;
737 case SOCK_DGRAM:
738 return SECCLASS_UNIX_DGRAM_SOCKET;
739 }
740 break;
741 case PF_INET:
742 case PF_INET6:
743 switch (type) {
744 case SOCK_STREAM:
745 if (default_protocol_stream(protocol))
746 return SECCLASS_TCP_SOCKET;
747 else
748 return SECCLASS_RAWIP_SOCKET;
749 case SOCK_DGRAM:
750 if (default_protocol_dgram(protocol))
751 return SECCLASS_UDP_SOCKET;
752 else
753 return SECCLASS_RAWIP_SOCKET;
754 case SOCK_DCCP:
755 return SECCLASS_DCCP_SOCKET;
756 default:
757 return SECCLASS_RAWIP_SOCKET;
758 }
759 break;
760 case PF_NETLINK:
761 switch (protocol) {
762 case NETLINK_ROUTE:
763 return SECCLASS_NETLINK_ROUTE_SOCKET;
764 case NETLINK_FIREWALL:
765 return SECCLASS_NETLINK_FIREWALL_SOCKET;
766 case NETLINK_INET_DIAG:
767 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
768 case NETLINK_NFLOG:
769 return SECCLASS_NETLINK_NFLOG_SOCKET;
770 case NETLINK_XFRM:
771 return SECCLASS_NETLINK_XFRM_SOCKET;
772 case NETLINK_SELINUX:
773 return SECCLASS_NETLINK_SELINUX_SOCKET;
774 case NETLINK_AUDIT:
775 return SECCLASS_NETLINK_AUDIT_SOCKET;
776 case NETLINK_IP6_FW:
777 return SECCLASS_NETLINK_IP6FW_SOCKET;
778 case NETLINK_DNRTMSG:
779 return SECCLASS_NETLINK_DNRT_SOCKET;
780 case NETLINK_KOBJECT_UEVENT:
781 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
782 default:
783 return SECCLASS_NETLINK_SOCKET;
784 }
785 case PF_PACKET:
786 return SECCLASS_PACKET_SOCKET;
787 case PF_KEY:
788 return SECCLASS_KEY_SOCKET;
789 case PF_APPLETALK:
790 return SECCLASS_APPLETALK_SOCKET;
791 }
792
793 return SECCLASS_SOCKET;
794 }
795
796 #ifdef CONFIG_PROC_FS
797 static int selinux_proc_get_sid(struct proc_dir_entry *de,
798 u16 tclass,
799 u32 *sid)
800 {
801 int buflen, rc;
802 char *buffer, *path, *end;
803
804 buffer = (char*)__get_free_page(GFP_KERNEL);
805 if (!buffer)
806 return -ENOMEM;
807
808 buflen = PAGE_SIZE;
809 end = buffer+buflen;
810 *--end = '\0';
811 buflen--;
812 path = end-1;
813 *path = '/';
814 while (de && de != de->parent) {
815 buflen -= de->namelen + 1;
816 if (buflen < 0)
817 break;
818 end -= de->namelen;
819 memcpy(end, de->name, de->namelen);
820 *--end = '/';
821 path = end;
822 de = de->parent;
823 }
824 rc = security_genfs_sid("proc", path, tclass, sid);
825 free_page((unsigned long)buffer);
826 return rc;
827 }
828 #else
829 static int selinux_proc_get_sid(struct proc_dir_entry *de,
830 u16 tclass,
831 u32 *sid)
832 {
833 return -EINVAL;
834 }
835 #endif
836
837 /* The inode's security attributes must be initialized before first use. */
838 static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
839 {
840 struct superblock_security_struct *sbsec = NULL;
841 struct inode_security_struct *isec = inode->i_security;
842 u32 sid;
843 struct dentry *dentry;
844 #define INITCONTEXTLEN 255
845 char *context = NULL;
846 unsigned len = 0;
847 int rc = 0;
848
849 if (isec->initialized)
850 goto out;
851
852 mutex_lock(&isec->lock);
853 if (isec->initialized)
854 goto out_unlock;
855
856 sbsec = inode->i_sb->s_security;
857 if (!sbsec->initialized) {
858 /* Defer initialization until selinux_complete_init,
859 after the initial policy is loaded and the security
860 server is ready to handle calls. */
861 spin_lock(&sbsec->isec_lock);
862 if (list_empty(&isec->list))
863 list_add(&isec->list, &sbsec->isec_head);
864 spin_unlock(&sbsec->isec_lock);
865 goto out_unlock;
866 }
867
868 switch (sbsec->behavior) {
869 case SECURITY_FS_USE_XATTR:
870 if (!inode->i_op->getxattr) {
871 isec->sid = sbsec->def_sid;
872 break;
873 }
874
875 /* Need a dentry, since the xattr API requires one.
876 Life would be simpler if we could just pass the inode. */
877 if (opt_dentry) {
878 /* Called from d_instantiate or d_splice_alias. */
879 dentry = dget(opt_dentry);
880 } else {
881 /* Called from selinux_complete_init, try to find a dentry. */
882 dentry = d_find_alias(inode);
883 }
884 if (!dentry) {
885 printk(KERN_WARNING "%s: no dentry for dev=%s "
886 "ino=%ld\n", __FUNCTION__, inode->i_sb->s_id,
887 inode->i_ino);
888 goto out_unlock;
889 }
890
891 len = INITCONTEXTLEN;
892 context = kmalloc(len, GFP_KERNEL);
893 if (!context) {
894 rc = -ENOMEM;
895 dput(dentry);
896 goto out_unlock;
897 }
898 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
899 context, len);
900 if (rc == -ERANGE) {
901 /* Need a larger buffer. Query for the right size. */
902 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
903 NULL, 0);
904 if (rc < 0) {
905 dput(dentry);
906 goto out_unlock;
907 }
908 kfree(context);
909 len = rc;
910 context = kmalloc(len, GFP_KERNEL);
911 if (!context) {
912 rc = -ENOMEM;
913 dput(dentry);
914 goto out_unlock;
915 }
916 rc = inode->i_op->getxattr(dentry,
917 XATTR_NAME_SELINUX,
918 context, len);
919 }
920 dput(dentry);
921 if (rc < 0) {
922 if (rc != -ENODATA) {
923 printk(KERN_WARNING "%s: getxattr returned "
924 "%d for dev=%s ino=%ld\n", __FUNCTION__,
925 -rc, inode->i_sb->s_id, inode->i_ino);
926 kfree(context);
927 goto out_unlock;
928 }
929 /* Map ENODATA to the default file SID */
930 sid = sbsec->def_sid;
931 rc = 0;
932 } else {
933 rc = security_context_to_sid_default(context, rc, &sid,
934 sbsec->def_sid);
935 if (rc) {
936 printk(KERN_WARNING "%s: context_to_sid(%s) "
937 "returned %d for dev=%s ino=%ld\n",
938 __FUNCTION__, context, -rc,
939 inode->i_sb->s_id, inode->i_ino);
940 kfree(context);
941 /* Leave with the unlabeled SID */
942 rc = 0;
943 break;
944 }
945 }
946 kfree(context);
947 isec->sid = sid;
948 break;
949 case SECURITY_FS_USE_TASK:
950 isec->sid = isec->task_sid;
951 break;
952 case SECURITY_FS_USE_TRANS:
953 /* Default to the fs SID. */
954 isec->sid = sbsec->sid;
955
956 /* Try to obtain a transition SID. */
957 isec->sclass = inode_mode_to_security_class(inode->i_mode);
958 rc = security_transition_sid(isec->task_sid,
959 sbsec->sid,
960 isec->sclass,
961 &sid);
962 if (rc)
963 goto out_unlock;
964 isec->sid = sid;
965 break;
966 case SECURITY_FS_USE_MNTPOINT:
967 isec->sid = sbsec->mntpoint_sid;
968 break;
969 default:
970 /* Default to the fs superblock SID. */
971 isec->sid = sbsec->sid;
972
973 if (sbsec->proc) {
974 struct proc_inode *proci = PROC_I(inode);
975 if (proci->pde) {
976 isec->sclass = inode_mode_to_security_class(inode->i_mode);
977 rc = selinux_proc_get_sid(proci->pde,
978 isec->sclass,
979 &sid);
980 if (rc)
981 goto out_unlock;
982 isec->sid = sid;
983 }
984 }
985 break;
986 }
987
988 isec->initialized = 1;
989
990 out_unlock:
991 mutex_unlock(&isec->lock);
992 out:
993 if (isec->sclass == SECCLASS_FILE)
994 isec->sclass = inode_mode_to_security_class(inode->i_mode);
995 return rc;
996 }
997
998 /* Convert a Linux signal to an access vector. */
999 static inline u32 signal_to_av(int sig)
1000 {
1001 u32 perm = 0;
1002
1003 switch (sig) {
1004 case SIGCHLD:
1005 /* Commonly granted from child to parent. */
1006 perm = PROCESS__SIGCHLD;
1007 break;
1008 case SIGKILL:
1009 /* Cannot be caught or ignored */
1010 perm = PROCESS__SIGKILL;
1011 break;
1012 case SIGSTOP:
1013 /* Cannot be caught or ignored */
1014 perm = PROCESS__SIGSTOP;
1015 break;
1016 default:
1017 /* All other signals. */
1018 perm = PROCESS__SIGNAL;
1019 break;
1020 }
1021
1022 return perm;
1023 }
1024
1025 /* Check permission betweeen a pair of tasks, e.g. signal checks,
1026 fork check, ptrace check, etc. */
1027 static int task_has_perm(struct task_struct *tsk1,
1028 struct task_struct *tsk2,
1029 u32 perms)
1030 {
1031 struct task_security_struct *tsec1, *tsec2;
1032
1033 tsec1 = tsk1->security;
1034 tsec2 = tsk2->security;
1035 return avc_has_perm(tsec1->sid, tsec2->sid,
1036 SECCLASS_PROCESS, perms, NULL);
1037 }
1038
1039 /* Check whether a task is allowed to use a capability. */
1040 static int task_has_capability(struct task_struct *tsk,
1041 int cap)
1042 {
1043 struct task_security_struct *tsec;
1044 struct avc_audit_data ad;
1045
1046 tsec = tsk->security;
1047
1048 AVC_AUDIT_DATA_INIT(&ad,CAP);
1049 ad.tsk = tsk;
1050 ad.u.cap = cap;
1051
1052 return avc_has_perm(tsec->sid, tsec->sid,
1053 SECCLASS_CAPABILITY, CAP_TO_MASK(cap), &ad);
1054 }
1055
1056 /* Check whether a task is allowed to use a system operation. */
1057 static int task_has_system(struct task_struct *tsk,
1058 u32 perms)
1059 {
1060 struct task_security_struct *tsec;
1061
1062 tsec = tsk->security;
1063
1064 return avc_has_perm(tsec->sid, SECINITSID_KERNEL,
1065 SECCLASS_SYSTEM, perms, NULL);
1066 }
1067
1068 /* Check whether a task has a particular permission to an inode.
1069 The 'adp' parameter is optional and allows other audit
1070 data to be passed (e.g. the dentry). */
1071 static int inode_has_perm(struct task_struct *tsk,
1072 struct inode *inode,
1073 u32 perms,
1074 struct avc_audit_data *adp)
1075 {
1076 struct task_security_struct *tsec;
1077 struct inode_security_struct *isec;
1078 struct avc_audit_data ad;
1079
1080 tsec = tsk->security;
1081 isec = inode->i_security;
1082
1083 if (!adp) {
1084 adp = &ad;
1085 AVC_AUDIT_DATA_INIT(&ad, FS);
1086 ad.u.fs.inode = inode;
1087 }
1088
1089 return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, adp);
1090 }
1091
1092 /* Same as inode_has_perm, but pass explicit audit data containing
1093 the dentry to help the auditing code to more easily generate the
1094 pathname if needed. */
1095 static inline int dentry_has_perm(struct task_struct *tsk,
1096 struct vfsmount *mnt,
1097 struct dentry *dentry,
1098 u32 av)
1099 {
1100 struct inode *inode = dentry->d_inode;
1101 struct avc_audit_data ad;
1102 AVC_AUDIT_DATA_INIT(&ad,FS);
1103 ad.u.fs.mnt = mnt;
1104 ad.u.fs.dentry = dentry;
1105 return inode_has_perm(tsk, inode, av, &ad);
1106 }
1107
1108 /* Check whether a task can use an open file descriptor to
1109 access an inode in a given way. Check access to the
1110 descriptor itself, and then use dentry_has_perm to
1111 check a particular permission to the file.
1112 Access to the descriptor is implicitly granted if it
1113 has the same SID as the process. If av is zero, then
1114 access to the file is not checked, e.g. for cases
1115 where only the descriptor is affected like seek. */
1116 static int file_has_perm(struct task_struct *tsk,
1117 struct file *file,
1118 u32 av)
1119 {
1120 struct task_security_struct *tsec = tsk->security;
1121 struct file_security_struct *fsec = file->f_security;
1122 struct vfsmount *mnt = file->f_path.mnt;
1123 struct dentry *dentry = file->f_path.dentry;
1124 struct inode *inode = dentry->d_inode;
1125 struct avc_audit_data ad;
1126 int rc;
1127
1128 AVC_AUDIT_DATA_INIT(&ad, FS);
1129 ad.u.fs.mnt = mnt;
1130 ad.u.fs.dentry = dentry;
1131
1132 if (tsec->sid != fsec->sid) {
1133 rc = avc_has_perm(tsec->sid, fsec->sid,
1134 SECCLASS_FD,
1135 FD__USE,
1136 &ad);
1137 if (rc)
1138 return rc;
1139 }
1140
1141 /* av is zero if only checking access to the descriptor. */
1142 if (av)
1143 return inode_has_perm(tsk, inode, av, &ad);
1144
1145 return 0;
1146 }
1147
1148 /* Check whether a task can create a file. */
1149 static int may_create(struct inode *dir,
1150 struct dentry *dentry,
1151 u16 tclass)
1152 {
1153 struct task_security_struct *tsec;
1154 struct inode_security_struct *dsec;
1155 struct superblock_security_struct *sbsec;
1156 u32 newsid;
1157 struct avc_audit_data ad;
1158 int rc;
1159
1160 tsec = current->security;
1161 dsec = dir->i_security;
1162 sbsec = dir->i_sb->s_security;
1163
1164 AVC_AUDIT_DATA_INIT(&ad, FS);
1165 ad.u.fs.dentry = dentry;
1166
1167 rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR,
1168 DIR__ADD_NAME | DIR__SEARCH,
1169 &ad);
1170 if (rc)
1171 return rc;
1172
1173 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
1174 newsid = tsec->create_sid;
1175 } else {
1176 rc = security_transition_sid(tsec->sid, dsec->sid, tclass,
1177 &newsid);
1178 if (rc)
1179 return rc;
1180 }
1181
1182 rc = avc_has_perm(tsec->sid, newsid, tclass, FILE__CREATE, &ad);
1183 if (rc)
1184 return rc;
1185
1186 return avc_has_perm(newsid, sbsec->sid,
1187 SECCLASS_FILESYSTEM,
1188 FILESYSTEM__ASSOCIATE, &ad);
1189 }
1190
1191 /* Check whether a task can create a key. */
1192 static int may_create_key(u32 ksid,
1193 struct task_struct *ctx)
1194 {
1195 struct task_security_struct *tsec;
1196
1197 tsec = ctx->security;
1198
1199 return avc_has_perm(tsec->sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1200 }
1201
1202 #define MAY_LINK 0
1203 #define MAY_UNLINK 1
1204 #define MAY_RMDIR 2
1205
1206 /* Check whether a task can link, unlink, or rmdir a file/directory. */
1207 static int may_link(struct inode *dir,
1208 struct dentry *dentry,
1209 int kind)
1210
1211 {
1212 struct task_security_struct *tsec;
1213 struct inode_security_struct *dsec, *isec;
1214 struct avc_audit_data ad;
1215 u32 av;
1216 int rc;
1217
1218 tsec = current->security;
1219 dsec = dir->i_security;
1220 isec = dentry->d_inode->i_security;
1221
1222 AVC_AUDIT_DATA_INIT(&ad, FS);
1223 ad.u.fs.dentry = dentry;
1224
1225 av = DIR__SEARCH;
1226 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1227 rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR, av, &ad);
1228 if (rc)
1229 return rc;
1230
1231 switch (kind) {
1232 case MAY_LINK:
1233 av = FILE__LINK;
1234 break;
1235 case MAY_UNLINK:
1236 av = FILE__UNLINK;
1237 break;
1238 case MAY_RMDIR:
1239 av = DIR__RMDIR;
1240 break;
1241 default:
1242 printk(KERN_WARNING "may_link: unrecognized kind %d\n", kind);
1243 return 0;
1244 }
1245
1246 rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass, av, &ad);
1247 return rc;
1248 }
1249
1250 static inline int may_rename(struct inode *old_dir,
1251 struct dentry *old_dentry,
1252 struct inode *new_dir,
1253 struct dentry *new_dentry)
1254 {
1255 struct task_security_struct *tsec;
1256 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1257 struct avc_audit_data ad;
1258 u32 av;
1259 int old_is_dir, new_is_dir;
1260 int rc;
1261
1262 tsec = current->security;
1263 old_dsec = old_dir->i_security;
1264 old_isec = old_dentry->d_inode->i_security;
1265 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
1266 new_dsec = new_dir->i_security;
1267
1268 AVC_AUDIT_DATA_INIT(&ad, FS);
1269
1270 ad.u.fs.dentry = old_dentry;
1271 rc = avc_has_perm(tsec->sid, old_dsec->sid, SECCLASS_DIR,
1272 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1273 if (rc)
1274 return rc;
1275 rc = avc_has_perm(tsec->sid, old_isec->sid,
1276 old_isec->sclass, FILE__RENAME, &ad);
1277 if (rc)
1278 return rc;
1279 if (old_is_dir && new_dir != old_dir) {
1280 rc = avc_has_perm(tsec->sid, old_isec->sid,
1281 old_isec->sclass, DIR__REPARENT, &ad);
1282 if (rc)
1283 return rc;
1284 }
1285
1286 ad.u.fs.dentry = new_dentry;
1287 av = DIR__ADD_NAME | DIR__SEARCH;
1288 if (new_dentry->d_inode)
1289 av |= DIR__REMOVE_NAME;
1290 rc = avc_has_perm(tsec->sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1291 if (rc)
1292 return rc;
1293 if (new_dentry->d_inode) {
1294 new_isec = new_dentry->d_inode->i_security;
1295 new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
1296 rc = avc_has_perm(tsec->sid, new_isec->sid,
1297 new_isec->sclass,
1298 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1299 if (rc)
1300 return rc;
1301 }
1302
1303 return 0;
1304 }
1305
1306 /* Check whether a task can perform a filesystem operation. */
1307 static int superblock_has_perm(struct task_struct *tsk,
1308 struct super_block *sb,
1309 u32 perms,
1310 struct avc_audit_data *ad)
1311 {
1312 struct task_security_struct *tsec;
1313 struct superblock_security_struct *sbsec;
1314
1315 tsec = tsk->security;
1316 sbsec = sb->s_security;
1317 return avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
1318 perms, ad);
1319 }
1320
1321 /* Convert a Linux mode and permission mask to an access vector. */
1322 static inline u32 file_mask_to_av(int mode, int mask)
1323 {
1324 u32 av = 0;
1325
1326 if ((mode & S_IFMT) != S_IFDIR) {
1327 if (mask & MAY_EXEC)
1328 av |= FILE__EXECUTE;
1329 if (mask & MAY_READ)
1330 av |= FILE__READ;
1331
1332 if (mask & MAY_APPEND)
1333 av |= FILE__APPEND;
1334 else if (mask & MAY_WRITE)
1335 av |= FILE__WRITE;
1336
1337 } else {
1338 if (mask & MAY_EXEC)
1339 av |= DIR__SEARCH;
1340 if (mask & MAY_WRITE)
1341 av |= DIR__WRITE;
1342 if (mask & MAY_READ)
1343 av |= DIR__READ;
1344 }
1345
1346 return av;
1347 }
1348
1349 /* Convert a Linux file to an access vector. */
1350 static inline u32 file_to_av(struct file *file)
1351 {
1352 u32 av = 0;
1353
1354 if (file->f_mode & FMODE_READ)
1355 av |= FILE__READ;
1356 if (file->f_mode & FMODE_WRITE) {
1357 if (file->f_flags & O_APPEND)
1358 av |= FILE__APPEND;
1359 else
1360 av |= FILE__WRITE;
1361 }
1362
1363 return av;
1364 }
1365
1366 /* Hook functions begin here. */
1367
1368 static int selinux_ptrace(struct task_struct *parent, struct task_struct *child)
1369 {
1370 struct task_security_struct *psec = parent->security;
1371 struct task_security_struct *csec = child->security;
1372 int rc;
1373
1374 rc = secondary_ops->ptrace(parent,child);
1375 if (rc)
1376 return rc;
1377
1378 rc = task_has_perm(parent, child, PROCESS__PTRACE);
1379 /* Save the SID of the tracing process for later use in apply_creds. */
1380 if (!(child->ptrace & PT_PTRACED) && !rc)
1381 csec->ptrace_sid = psec->sid;
1382 return rc;
1383 }
1384
1385 static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
1386 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1387 {
1388 int error;
1389
1390 error = task_has_perm(current, target, PROCESS__GETCAP);
1391 if (error)
1392 return error;
1393
1394 return secondary_ops->capget(target, effective, inheritable, permitted);
1395 }
1396
1397 static int selinux_capset_check(struct task_struct *target, kernel_cap_t *effective,
1398 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1399 {
1400 int error;
1401
1402 error = secondary_ops->capset_check(target, effective, inheritable, permitted);
1403 if (error)
1404 return error;
1405
1406 return task_has_perm(current, target, PROCESS__SETCAP);
1407 }
1408
1409 static void selinux_capset_set(struct task_struct *target, kernel_cap_t *effective,
1410 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1411 {
1412 secondary_ops->capset_set(target, effective, inheritable, permitted);
1413 }
1414
1415 static int selinux_capable(struct task_struct *tsk, int cap)
1416 {
1417 int rc;
1418
1419 rc = secondary_ops->capable(tsk, cap);
1420 if (rc)
1421 return rc;
1422
1423 return task_has_capability(tsk,cap);
1424 }
1425
1426 static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid)
1427 {
1428 int buflen, rc;
1429 char *buffer, *path, *end;
1430
1431 rc = -ENOMEM;
1432 buffer = (char*)__get_free_page(GFP_KERNEL);
1433 if (!buffer)
1434 goto out;
1435
1436 buflen = PAGE_SIZE;
1437 end = buffer+buflen;
1438 *--end = '\0';
1439 buflen--;
1440 path = end-1;
1441 *path = '/';
1442 while (table) {
1443 const char *name = table->procname;
1444 size_t namelen = strlen(name);
1445 buflen -= namelen + 1;
1446 if (buflen < 0)
1447 goto out_free;
1448 end -= namelen;
1449 memcpy(end, name, namelen);
1450 *--end = '/';
1451 path = end;
1452 table = table->parent;
1453 }
1454 rc = security_genfs_sid("proc", path, tclass, sid);
1455 out_free:
1456 free_page((unsigned long)buffer);
1457 out:
1458 return rc;
1459 }
1460
1461 static int selinux_sysctl(ctl_table *table, int op)
1462 {
1463 int error = 0;
1464 u32 av;
1465 struct task_security_struct *tsec;
1466 u32 tsid;
1467 int rc;
1468
1469 rc = secondary_ops->sysctl(table, op);
1470 if (rc)
1471 return rc;
1472
1473 tsec = current->security;
1474
1475 rc = selinux_sysctl_get_sid(table, (op == 0001) ?
1476 SECCLASS_DIR : SECCLASS_FILE, &tsid);
1477 if (rc) {
1478 /* Default to the well-defined sysctl SID. */
1479 tsid = SECINITSID_SYSCTL;
1480 }
1481
1482 /* The op values are "defined" in sysctl.c, thereby creating
1483 * a bad coupling between this module and sysctl.c */
1484 if(op == 001) {
1485 error = avc_has_perm(tsec->sid, tsid,
1486 SECCLASS_DIR, DIR__SEARCH, NULL);
1487 } else {
1488 av = 0;
1489 if (op & 004)
1490 av |= FILE__READ;
1491 if (op & 002)
1492 av |= FILE__WRITE;
1493 if (av)
1494 error = avc_has_perm(tsec->sid, tsid,
1495 SECCLASS_FILE, av, NULL);
1496 }
1497
1498 return error;
1499 }
1500
1501 static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
1502 {
1503 int rc = 0;
1504
1505 if (!sb)
1506 return 0;
1507
1508 switch (cmds) {
1509 case Q_SYNC:
1510 case Q_QUOTAON:
1511 case Q_QUOTAOFF:
1512 case Q_SETINFO:
1513 case Q_SETQUOTA:
1514 rc = superblock_has_perm(current,
1515 sb,
1516 FILESYSTEM__QUOTAMOD, NULL);
1517 break;
1518 case Q_GETFMT:
1519 case Q_GETINFO:
1520 case Q_GETQUOTA:
1521 rc = superblock_has_perm(current,
1522 sb,
1523 FILESYSTEM__QUOTAGET, NULL);
1524 break;
1525 default:
1526 rc = 0; /* let the kernel handle invalid cmds */
1527 break;
1528 }
1529 return rc;
1530 }
1531
1532 static int selinux_quota_on(struct dentry *dentry)
1533 {
1534 return dentry_has_perm(current, NULL, dentry, FILE__QUOTAON);
1535 }
1536
1537 static int selinux_syslog(int type)
1538 {
1539 int rc;
1540
1541 rc = secondary_ops->syslog(type);
1542 if (rc)
1543 return rc;
1544
1545 switch (type) {
1546 case 3: /* Read last kernel messages */
1547 case 10: /* Return size of the log buffer */
1548 rc = task_has_system(current, SYSTEM__SYSLOG_READ);
1549 break;
1550 case 6: /* Disable logging to console */
1551 case 7: /* Enable logging to console */
1552 case 8: /* Set level of messages printed to console */
1553 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
1554 break;
1555 case 0: /* Close log */
1556 case 1: /* Open log */
1557 case 2: /* Read from log */
1558 case 4: /* Read/clear last kernel messages */
1559 case 5: /* Clear ring buffer */
1560 default:
1561 rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
1562 break;
1563 }
1564 return rc;
1565 }
1566
1567 /*
1568 * Check that a process has enough memory to allocate a new virtual
1569 * mapping. 0 means there is enough memory for the allocation to
1570 * succeed and -ENOMEM implies there is not.
1571 *
1572 * Note that secondary_ops->capable and task_has_perm_noaudit return 0
1573 * if the capability is granted, but __vm_enough_memory requires 1 if
1574 * the capability is granted.
1575 *
1576 * Do not audit the selinux permission check, as this is applied to all
1577 * processes that allocate mappings.
1578 */
1579 static int selinux_vm_enough_memory(long pages)
1580 {
1581 int rc, cap_sys_admin = 0;
1582 struct task_security_struct *tsec = current->security;
1583
1584 rc = secondary_ops->capable(current, CAP_SYS_ADMIN);
1585 if (rc == 0)
1586 rc = avc_has_perm_noaudit(tsec->sid, tsec->sid,
1587 SECCLASS_CAPABILITY,
1588 CAP_TO_MASK(CAP_SYS_ADMIN),
1589 NULL);
1590
1591 if (rc == 0)
1592 cap_sys_admin = 1;
1593
1594 return __vm_enough_memory(pages, cap_sys_admin);
1595 }
1596
1597 /* binprm security operations */
1598
1599 static int selinux_bprm_alloc_security(struct linux_binprm *bprm)
1600 {
1601 struct bprm_security_struct *bsec;
1602
1603 bsec = kzalloc(sizeof(struct bprm_security_struct), GFP_KERNEL);
1604 if (!bsec)
1605 return -ENOMEM;
1606
1607 bsec->bprm = bprm;
1608 bsec->sid = SECINITSID_UNLABELED;
1609 bsec->set = 0;
1610
1611 bprm->security = bsec;
1612 return 0;
1613 }
1614
1615 static int selinux_bprm_set_security(struct linux_binprm *bprm)
1616 {
1617 struct task_security_struct *tsec;
1618 struct inode *inode = bprm->file->f_path.dentry->d_inode;
1619 struct inode_security_struct *isec;
1620 struct bprm_security_struct *bsec;
1621 u32 newsid;
1622 struct avc_audit_data ad;
1623 int rc;
1624
1625 rc = secondary_ops->bprm_set_security(bprm);
1626 if (rc)
1627 return rc;
1628
1629 bsec = bprm->security;
1630
1631 if (bsec->set)
1632 return 0;
1633
1634 tsec = current->security;
1635 isec = inode->i_security;
1636
1637 /* Default to the current task SID. */
1638 bsec->sid = tsec->sid;
1639
1640 /* Reset fs, key, and sock SIDs on execve. */
1641 tsec->create_sid = 0;
1642 tsec->keycreate_sid = 0;
1643 tsec->sockcreate_sid = 0;
1644
1645 if (tsec->exec_sid) {
1646 newsid = tsec->exec_sid;
1647 /* Reset exec SID on execve. */
1648 tsec->exec_sid = 0;
1649 } else {
1650 /* Check for a default transition on this program. */
1651 rc = security_transition_sid(tsec->sid, isec->sid,
1652 SECCLASS_PROCESS, &newsid);
1653 if (rc)
1654 return rc;
1655 }
1656
1657 AVC_AUDIT_DATA_INIT(&ad, FS);
1658 ad.u.fs.mnt = bprm->file->f_path.mnt;
1659 ad.u.fs.dentry = bprm->file->f_path.dentry;
1660
1661 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
1662 newsid = tsec->sid;
1663
1664 if (tsec->sid == newsid) {
1665 rc = avc_has_perm(tsec->sid, isec->sid,
1666 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
1667 if (rc)
1668 return rc;
1669 } else {
1670 /* Check permissions for the transition. */
1671 rc = avc_has_perm(tsec->sid, newsid,
1672 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
1673 if (rc)
1674 return rc;
1675
1676 rc = avc_has_perm(newsid, isec->sid,
1677 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
1678 if (rc)
1679 return rc;
1680
1681 /* Clear any possibly unsafe personality bits on exec: */
1682 current->personality &= ~PER_CLEAR_ON_SETID;
1683
1684 /* Set the security field to the new SID. */
1685 bsec->sid = newsid;
1686 }
1687
1688 bsec->set = 1;
1689 return 0;
1690 }
1691
1692 static int selinux_bprm_check_security (struct linux_binprm *bprm)
1693 {
1694 return secondary_ops->bprm_check_security(bprm);
1695 }
1696
1697
1698 static int selinux_bprm_secureexec (struct linux_binprm *bprm)
1699 {
1700 struct task_security_struct *tsec = current->security;
1701 int atsecure = 0;
1702
1703 if (tsec->osid != tsec->sid) {
1704 /* Enable secure mode for SIDs transitions unless
1705 the noatsecure permission is granted between
1706 the two SIDs, i.e. ahp returns 0. */
1707 atsecure = avc_has_perm(tsec->osid, tsec->sid,
1708 SECCLASS_PROCESS,
1709 PROCESS__NOATSECURE, NULL);
1710 }
1711
1712 return (atsecure || secondary_ops->bprm_secureexec(bprm));
1713 }
1714
1715 static void selinux_bprm_free_security(struct linux_binprm *bprm)
1716 {
1717 kfree(bprm->security);
1718 bprm->security = NULL;
1719 }
1720
1721 extern struct vfsmount *selinuxfs_mount;
1722 extern struct dentry *selinux_null;
1723
1724 /* Derived from fs/exec.c:flush_old_files. */
1725 static inline void flush_unauthorized_files(struct files_struct * files)
1726 {
1727 struct avc_audit_data ad;
1728 struct file *file, *devnull = NULL;
1729 struct tty_struct *tty;
1730 struct fdtable *fdt;
1731 long j = -1;
1732 int drop_tty = 0;
1733
1734 mutex_lock(&tty_mutex);
1735 tty = get_current_tty();
1736 if (tty) {
1737 file_list_lock();
1738 file = list_entry(tty->tty_files.next, typeof(*file), f_u.fu_list);
1739 if (file) {
1740 /* Revalidate access to controlling tty.
1741 Use inode_has_perm on the tty inode directly rather
1742 than using file_has_perm, as this particular open
1743 file may belong to another process and we are only
1744 interested in the inode-based check here. */
1745 struct inode *inode = file->f_path.dentry->d_inode;
1746 if (inode_has_perm(current, inode,
1747 FILE__READ | FILE__WRITE, NULL)) {
1748 drop_tty = 1;
1749 }
1750 }
1751 file_list_unlock();
1752
1753 /* Reset controlling tty. */
1754 if (drop_tty)
1755 proc_set_tty(current, NULL);
1756 }
1757 mutex_unlock(&tty_mutex);
1758
1759 /* Revalidate access to inherited open files. */
1760
1761 AVC_AUDIT_DATA_INIT(&ad,FS);
1762
1763 spin_lock(&files->file_lock);
1764 for (;;) {
1765 unsigned long set, i;
1766 int fd;
1767
1768 j++;
1769 i = j * __NFDBITS;
1770 fdt = files_fdtable(files);
1771 if (i >= fdt->max_fds)
1772 break;
1773 set = fdt->open_fds->fds_bits[j];
1774 if (!set)
1775 continue;
1776 spin_unlock(&files->file_lock);
1777 for ( ; set ; i++,set >>= 1) {
1778 if (set & 1) {
1779 file = fget(i);
1780 if (!file)
1781 continue;
1782 if (file_has_perm(current,
1783 file,
1784 file_to_av(file))) {
1785 sys_close(i);
1786 fd = get_unused_fd();
1787 if (fd != i) {
1788 if (fd >= 0)
1789 put_unused_fd(fd);
1790 fput(file);
1791 continue;
1792 }
1793 if (devnull) {
1794 get_file(devnull);
1795 } else {
1796 devnull = dentry_open(dget(selinux_null), mntget(selinuxfs_mount), O_RDWR);
1797 if (IS_ERR(devnull)) {
1798 devnull = NULL;
1799 put_unused_fd(fd);
1800 fput(file);
1801 continue;
1802 }
1803 }
1804 fd_install(fd, devnull);
1805 }
1806 fput(file);
1807 }
1808 }
1809 spin_lock(&files->file_lock);
1810
1811 }
1812 spin_unlock(&files->file_lock);
1813 }
1814
1815 static void selinux_bprm_apply_creds(struct linux_binprm *bprm, int unsafe)
1816 {
1817 struct task_security_struct *tsec;
1818 struct bprm_security_struct *bsec;
1819 u32 sid;
1820 int rc;
1821
1822 secondary_ops->bprm_apply_creds(bprm, unsafe);
1823
1824 tsec = current->security;
1825
1826 bsec = bprm->security;
1827 sid = bsec->sid;
1828
1829 tsec->osid = tsec->sid;
1830 bsec->unsafe = 0;
1831 if (tsec->sid != sid) {
1832 /* Check for shared state. If not ok, leave SID
1833 unchanged and kill. */
1834 if (unsafe & LSM_UNSAFE_SHARE) {
1835 rc = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
1836 PROCESS__SHARE, NULL);
1837 if (rc) {
1838 bsec->unsafe = 1;
1839 return;
1840 }
1841 }
1842
1843 /* Check for ptracing, and update the task SID if ok.
1844 Otherwise, leave SID unchanged and kill. */
1845 if (unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
1846 rc = avc_has_perm(tsec->ptrace_sid, sid,
1847 SECCLASS_PROCESS, PROCESS__PTRACE,
1848 NULL);
1849 if (rc) {
1850 bsec->unsafe = 1;
1851 return;
1852 }
1853 }
1854 tsec->sid = sid;
1855 }
1856 }
1857
1858 /*
1859 * called after apply_creds without the task lock held
1860 */
1861 static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm)
1862 {
1863 struct task_security_struct *tsec;
1864 struct rlimit *rlim, *initrlim;
1865 struct itimerval itimer;
1866 struct bprm_security_struct *bsec;
1867 int rc, i;
1868
1869 tsec = current->security;
1870 bsec = bprm->security;
1871
1872 if (bsec->unsafe) {
1873 force_sig_specific(SIGKILL, current);
1874 return;
1875 }
1876 if (tsec->osid == tsec->sid)
1877 return;
1878
1879 /* Close files for which the new task SID is not authorized. */
1880 flush_unauthorized_files(current->files);
1881
1882 /* Check whether the new SID can inherit signal state
1883 from the old SID. If not, clear itimers to avoid
1884 subsequent signal generation and flush and unblock
1885 signals. This must occur _after_ the task SID has
1886 been updated so that any kill done after the flush
1887 will be checked against the new SID. */
1888 rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS,
1889 PROCESS__SIGINH, NULL);
1890 if (rc) {
1891 memset(&itimer, 0, sizeof itimer);
1892 for (i = 0; i < 3; i++)
1893 do_setitimer(i, &itimer, NULL);
1894 flush_signals(current);
1895 spin_lock_irq(&current->sighand->siglock);
1896 flush_signal_handlers(current, 1);
1897 sigemptyset(&current->blocked);
1898 recalc_sigpending();
1899 spin_unlock_irq(&current->sighand->siglock);
1900 }
1901
1902 /* Check whether the new SID can inherit resource limits
1903 from the old SID. If not, reset all soft limits to
1904 the lower of the current task's hard limit and the init
1905 task's soft limit. Note that the setting of hard limits
1906 (even to lower them) can be controlled by the setrlimit
1907 check. The inclusion of the init task's soft limit into
1908 the computation is to avoid resetting soft limits higher
1909 than the default soft limit for cases where the default
1910 is lower than the hard limit, e.g. RLIMIT_CORE or
1911 RLIMIT_STACK.*/
1912 rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS,
1913 PROCESS__RLIMITINH, NULL);
1914 if (rc) {
1915 for (i = 0; i < RLIM_NLIMITS; i++) {
1916 rlim = current->signal->rlim + i;
1917 initrlim = init_task.signal->rlim+i;
1918 rlim->rlim_cur = min(rlim->rlim_max,initrlim->rlim_cur);
1919 }
1920 if (current->signal->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) {
1921 /*
1922 * This will cause RLIMIT_CPU calculations
1923 * to be refigured.
1924 */
1925 current->it_prof_expires = jiffies_to_cputime(1);
1926 }
1927 }
1928
1929 /* Wake up the parent if it is waiting so that it can
1930 recheck wait permission to the new task SID. */
1931 wake_up_interruptible(&current->parent->signal->wait_chldexit);
1932 }
1933
1934 /* superblock security operations */
1935
1936 static int selinux_sb_alloc_security(struct super_block *sb)
1937 {
1938 return superblock_alloc_security(sb);
1939 }
1940
1941 static void selinux_sb_free_security(struct super_block *sb)
1942 {
1943 superblock_free_security(sb);
1944 }
1945
1946 static inline int match_prefix(char *prefix, int plen, char *option, int olen)
1947 {
1948 if (plen > olen)
1949 return 0;
1950
1951 return !memcmp(prefix, option, plen);
1952 }
1953
1954 static inline int selinux_option(char *option, int len)
1955 {
1956 return (match_prefix("context=", sizeof("context=")-1, option, len) ||
1957 match_prefix("fscontext=", sizeof("fscontext=")-1, option, len) ||
1958 match_prefix("defcontext=", sizeof("defcontext=")-1, option, len) ||
1959 match_prefix("rootcontext=", sizeof("rootcontext=")-1, option, len));
1960 }
1961
1962 static inline void take_option(char **to, char *from, int *first, int len)
1963 {
1964 if (!*first) {
1965 **to = ',';
1966 *to += 1;
1967 } else
1968 *first = 0;
1969 memcpy(*to, from, len);
1970 *to += len;
1971 }
1972
1973 static inline void take_selinux_option(char **to, char *from, int *first,
1974 int len)
1975 {
1976 int current_size = 0;
1977
1978 if (!*first) {
1979 **to = '|';
1980 *to += 1;
1981 }
1982 else
1983 *first = 0;
1984
1985 while (current_size < len) {
1986 if (*from != '"') {
1987 **to = *from;
1988 *to += 1;
1989 }
1990 from += 1;
1991 current_size += 1;
1992 }
1993 }
1994
1995 static int selinux_sb_copy_data(struct file_system_type *type, void *orig, void *copy)
1996 {
1997 int fnosec, fsec, rc = 0;
1998 char *in_save, *in_curr, *in_end;
1999 char *sec_curr, *nosec_save, *nosec;
2000 int open_quote = 0;
2001
2002 in_curr = orig;
2003 sec_curr = copy;
2004
2005 /* Binary mount data: just copy */
2006 if (type->fs_flags & FS_BINARY_MOUNTDATA) {
2007 copy_page(sec_curr, in_curr);
2008 goto out;
2009 }
2010
2011 nosec = (char *)get_zeroed_page(GFP_KERNEL);
2012 if (!nosec) {
2013 rc = -ENOMEM;
2014 goto out;
2015 }
2016
2017 nosec_save = nosec;
2018 fnosec = fsec = 1;
2019 in_save = in_end = orig;
2020
2021 do {
2022 if (*in_end == '"')
2023 open_quote = !open_quote;
2024 if ((*in_end == ',' && open_quote == 0) ||
2025 *in_end == '\0') {
2026 int len = in_end - in_curr;
2027
2028 if (selinux_option(in_curr, len))
2029 take_selinux_option(&sec_curr, in_curr, &fsec, len);
2030 else
2031 take_option(&nosec, in_curr, &fnosec, len);
2032
2033 in_curr = in_end + 1;
2034 }
2035 } while (*in_end++);
2036
2037 strcpy(in_save, nosec_save);
2038 free_page((unsigned long)nosec_save);
2039 out:
2040 return rc;
2041 }
2042
2043 static int selinux_sb_kern_mount(struct super_block *sb, void *data)
2044 {
2045 struct avc_audit_data ad;
2046 int rc;
2047
2048 rc = superblock_doinit(sb, data);
2049 if (rc)
2050 return rc;
2051
2052 AVC_AUDIT_DATA_INIT(&ad,FS);
2053 ad.u.fs.dentry = sb->s_root;
2054 return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad);
2055 }
2056
2057 static int selinux_sb_statfs(struct dentry *dentry)
2058 {
2059 struct avc_audit_data ad;
2060
2061 AVC_AUDIT_DATA_INIT(&ad,FS);
2062 ad.u.fs.dentry = dentry->d_sb->s_root;
2063 return superblock_has_perm(current, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2064 }
2065
2066 static int selinux_mount(char * dev_name,
2067 struct nameidata *nd,
2068 char * type,
2069 unsigned long flags,
2070 void * data)
2071 {
2072 int rc;
2073
2074 rc = secondary_ops->sb_mount(dev_name, nd, type, flags, data);
2075 if (rc)
2076 return rc;
2077
2078 if (flags & MS_REMOUNT)
2079 return superblock_has_perm(current, nd->mnt->mnt_sb,
2080 FILESYSTEM__REMOUNT, NULL);
2081 else
2082 return dentry_has_perm(current, nd->mnt, nd->dentry,
2083 FILE__MOUNTON);
2084 }
2085
2086 static int selinux_umount(struct vfsmount *mnt, int flags)
2087 {
2088 int rc;
2089
2090 rc = secondary_ops->sb_umount(mnt, flags);
2091 if (rc)
2092 return rc;
2093
2094 return superblock_has_perm(current,mnt->mnt_sb,
2095 FILESYSTEM__UNMOUNT,NULL);
2096 }
2097
2098 /* inode security operations */
2099
2100 static int selinux_inode_alloc_security(struct inode *inode)
2101 {
2102 return inode_alloc_security(inode);
2103 }
2104
2105 static void selinux_inode_free_security(struct inode *inode)
2106 {
2107 inode_free_security(inode);
2108 }
2109
2110 static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2111 char **name, void **value,
2112 size_t *len)
2113 {
2114 struct task_security_struct *tsec;
2115 struct inode_security_struct *dsec;
2116 struct superblock_security_struct *sbsec;
2117 u32 newsid, clen;
2118 int rc;
2119 char *namep = NULL, *context;
2120
2121 tsec = current->security;
2122 dsec = dir->i_security;
2123 sbsec = dir->i_sb->s_security;
2124
2125 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
2126 newsid = tsec->create_sid;
2127 } else {
2128 rc = security_transition_sid(tsec->sid, dsec->sid,
2129 inode_mode_to_security_class(inode->i_mode),
2130 &newsid);
2131 if (rc) {
2132 printk(KERN_WARNING "%s: "
2133 "security_transition_sid failed, rc=%d (dev=%s "
2134 "ino=%ld)\n",
2135 __FUNCTION__,
2136 -rc, inode->i_sb->s_id, inode->i_ino);
2137 return rc;
2138 }
2139 }
2140
2141 /* Possibly defer initialization to selinux_complete_init. */
2142 if (sbsec->initialized) {
2143 struct inode_security_struct *isec = inode->i_security;
2144 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2145 isec->sid = newsid;
2146 isec->initialized = 1;
2147 }
2148
2149 if (!ss_initialized || sbsec->behavior == SECURITY_FS_USE_MNTPOINT)
2150 return -EOPNOTSUPP;
2151
2152 if (name) {
2153 namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_KERNEL);
2154 if (!namep)
2155 return -ENOMEM;
2156 *name = namep;
2157 }
2158
2159 if (value && len) {
2160 rc = security_sid_to_context(newsid, &context, &clen);
2161 if (rc) {
2162 kfree(namep);
2163 return rc;
2164 }
2165 *value = context;
2166 *len = clen;
2167 }
2168
2169 return 0;
2170 }
2171
2172 static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask)
2173 {
2174 return may_create(dir, dentry, SECCLASS_FILE);
2175 }
2176
2177 static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2178 {
2179 int rc;
2180
2181 rc = secondary_ops->inode_link(old_dentry,dir,new_dentry);
2182 if (rc)
2183 return rc;
2184 return may_link(dir, old_dentry, MAY_LINK);
2185 }
2186
2187 static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
2188 {
2189 int rc;
2190
2191 rc = secondary_ops->inode_unlink(dir, dentry);
2192 if (rc)
2193 return rc;
2194 return may_link(dir, dentry, MAY_UNLINK);
2195 }
2196
2197 static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2198 {
2199 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2200 }
2201
2202 static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask)
2203 {
2204 return may_create(dir, dentry, SECCLASS_DIR);
2205 }
2206
2207 static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2208 {
2209 return may_link(dir, dentry, MAY_RMDIR);
2210 }
2211
2212 static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
2213 {
2214 int rc;
2215
2216 rc = secondary_ops->inode_mknod(dir, dentry, mode, dev);
2217 if (rc)
2218 return rc;
2219
2220 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2221 }
2222
2223 static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2224 struct inode *new_inode, struct dentry *new_dentry)
2225 {
2226 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
2227 }
2228
2229 static int selinux_inode_readlink(struct dentry *dentry)
2230 {
2231 return dentry_has_perm(current, NULL, dentry, FILE__READ);
2232 }
2233
2234 static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
2235 {
2236 int rc;
2237
2238 rc = secondary_ops->inode_follow_link(dentry,nameidata);
2239 if (rc)
2240 return rc;
2241 return dentry_has_perm(current, NULL, dentry, FILE__READ);
2242 }
2243
2244 static int selinux_inode_permission(struct inode *inode, int mask,
2245 struct nameidata *nd)
2246 {
2247 int rc;
2248
2249 rc = secondary_ops->inode_permission(inode, mask, nd);
2250 if (rc)
2251 return rc;
2252
2253 if (!mask) {
2254 /* No permission to check. Existence test. */
2255 return 0;
2256 }
2257
2258 return inode_has_perm(current, inode,
2259 file_mask_to_av(inode->i_mode, mask), NULL);
2260 }
2261
2262 static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2263 {
2264 int rc;
2265
2266 rc = secondary_ops->inode_setattr(dentry, iattr);
2267 if (rc)
2268 return rc;
2269
2270 if (iattr->ia_valid & ATTR_FORCE)
2271 return 0;
2272
2273 if (iattr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
2274 ATTR_ATIME_SET | ATTR_MTIME_SET))
2275 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
2276
2277 return dentry_has_perm(current, NULL, dentry, FILE__WRITE);
2278 }
2279
2280 static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
2281 {
2282 return dentry_has_perm(current, mnt, dentry, FILE__GETATTR);
2283 }
2284
2285 static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags)
2286 {
2287 struct task_security_struct *tsec = current->security;
2288 struct inode *inode = dentry->d_inode;
2289 struct inode_security_struct *isec = inode->i_security;
2290 struct superblock_security_struct *sbsec;
2291 struct avc_audit_data ad;
2292 u32 newsid;
2293 int rc = 0;
2294
2295 if (strcmp(name, XATTR_NAME_SELINUX)) {
2296 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2297 sizeof XATTR_SECURITY_PREFIX - 1) &&
2298 !capable(CAP_SYS_ADMIN)) {
2299 /* A different attribute in the security namespace.
2300 Restrict to administrator. */
2301 return -EPERM;
2302 }
2303
2304 /* Not an attribute we recognize, so just check the
2305 ordinary setattr permission. */
2306 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
2307 }
2308
2309 sbsec = inode->i_sb->s_security;
2310 if (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)
2311 return -EOPNOTSUPP;
2312
2313 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))
2314 return -EPERM;
2315
2316 AVC_AUDIT_DATA_INIT(&ad,FS);
2317 ad.u.fs.dentry = dentry;
2318
2319 rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
2320 FILE__RELABELFROM, &ad);
2321 if (rc)
2322 return rc;
2323
2324 rc = security_context_to_sid(value, size, &newsid);
2325 if (rc)
2326 return rc;
2327
2328 rc = avc_has_perm(tsec->sid, newsid, isec->sclass,
2329 FILE__RELABELTO, &ad);
2330 if (rc)
2331 return rc;
2332
2333 rc = security_validate_transition(isec->sid, newsid, tsec->sid,
2334 isec->sclass);
2335 if (rc)
2336 return rc;
2337
2338 return avc_has_perm(newsid,
2339 sbsec->sid,
2340 SECCLASS_FILESYSTEM,
2341 FILESYSTEM__ASSOCIATE,
2342 &ad);
2343 }
2344
2345 static void selinux_inode_post_setxattr(struct dentry *dentry, char *name,
2346 void *value, size_t size, int flags)
2347 {
2348 struct inode *inode = dentry->d_inode;
2349 struct inode_security_struct *isec = inode->i_security;
2350 u32 newsid;
2351 int rc;
2352
2353 if (strcmp(name, XATTR_NAME_SELINUX)) {
2354 /* Not an attribute we recognize, so nothing to do. */
2355 return;
2356 }
2357
2358 rc = security_context_to_sid(value, size, &newsid);
2359 if (rc) {
2360 printk(KERN_WARNING "%s: unable to obtain SID for context "
2361 "%s, rc=%d\n", __FUNCTION__, (char*)value, -rc);
2362 return;
2363 }
2364
2365 isec->sid = newsid;
2366 return;
2367 }
2368
2369 static int selinux_inode_getxattr (struct dentry *dentry, char *name)
2370 {
2371 return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
2372 }
2373
2374 static int selinux_inode_listxattr (struct dentry *dentry)
2375 {
2376 return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
2377 }
2378
2379 static int selinux_inode_removexattr (struct dentry *dentry, char *name)
2380 {
2381 if (strcmp(name, XATTR_NAME_SELINUX)) {
2382 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2383 sizeof XATTR_SECURITY_PREFIX - 1) &&
2384 !capable(CAP_SYS_ADMIN)) {
2385 /* A different attribute in the security namespace.
2386 Restrict to administrator. */
2387 return -EPERM;
2388 }
2389
2390 /* Not an attribute we recognize, so just check the
2391 ordinary setattr permission. Might want a separate
2392 permission for removexattr. */
2393 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
2394 }
2395
2396 /* No one is allowed to remove a SELinux security label.
2397 You can change the label, but all data must be labeled. */
2398 return -EACCES;
2399 }
2400
2401 static const char *selinux_inode_xattr_getsuffix(void)
2402 {
2403 return XATTR_SELINUX_SUFFIX;
2404 }
2405
2406 /*
2407 * Copy the in-core inode security context value to the user. If the
2408 * getxattr() prior to this succeeded, check to see if we need to
2409 * canonicalize the value to be finally returned to the user.
2410 *
2411 * Permission check is handled by selinux_inode_getxattr hook.
2412 */
2413 static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err)
2414 {
2415 struct inode_security_struct *isec = inode->i_security;
2416
2417 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2418 return -EOPNOTSUPP;
2419
2420 return selinux_getsecurity(isec->sid, buffer, size);
2421 }
2422
2423 static int selinux_inode_setsecurity(struct inode *inode, const char *name,
2424 const void *value, size_t size, int flags)
2425 {
2426 struct inode_security_struct *isec = inode->i_security;
2427 u32 newsid;
2428 int rc;
2429
2430 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2431 return -EOPNOTSUPP;
2432
2433 if (!value || !size)
2434 return -EACCES;
2435
2436 rc = security_context_to_sid((void*)value, size, &newsid);
2437 if (rc)
2438 return rc;
2439
2440 isec->sid = newsid;
2441 return 0;
2442 }
2443
2444 static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
2445 {
2446 const int len = sizeof(XATTR_NAME_SELINUX);
2447 if (buffer && len <= buffer_size)
2448 memcpy(buffer, XATTR_NAME_SELINUX, len);
2449 return len;
2450 }
2451
2452 /* file security operations */
2453
2454 static int selinux_file_permission(struct file *file, int mask)
2455 {
2456 int rc;
2457 struct inode *inode = file->f_path.dentry->d_inode;
2458
2459 if (!mask) {
2460 /* No permission to check. Existence test. */
2461 return 0;
2462 }
2463
2464 /* file_mask_to_av won't add FILE__WRITE if MAY_APPEND is set */
2465 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
2466 mask |= MAY_APPEND;
2467
2468 rc = file_has_perm(current, file,
2469 file_mask_to_av(inode->i_mode, mask));
2470 if (rc)
2471 return rc;
2472
2473 return selinux_netlbl_inode_permission(inode, mask);
2474 }
2475
2476 static int selinux_file_alloc_security(struct file *file)
2477 {
2478 return file_alloc_security(file);
2479 }
2480
2481 static void selinux_file_free_security(struct file *file)
2482 {
2483 file_free_security(file);
2484 }
2485
2486 static int selinux_file_ioctl(struct file *file, unsigned int cmd,
2487 unsigned long arg)
2488 {
2489 int error = 0;
2490
2491 switch (cmd) {
2492 case FIONREAD:
2493 /* fall through */
2494 case FIBMAP:
2495 /* fall through */
2496 case FIGETBSZ:
2497 /* fall through */
2498 case EXT2_IOC_GETFLAGS:
2499 /* fall through */
2500 case EXT2_IOC_GETVERSION:
2501 error = file_has_perm(current, file, FILE__GETATTR);
2502 break;
2503
2504 case EXT2_IOC_SETFLAGS:
2505 /* fall through */
2506 case EXT2_IOC_SETVERSION:
2507 error = file_has_perm(current, file, FILE__SETATTR);
2508 break;
2509
2510 /* sys_ioctl() checks */
2511 case FIONBIO:
2512 /* fall through */
2513 case FIOASYNC:
2514 error = file_has_perm(current, file, 0);
2515 break;
2516
2517 case KDSKBENT:
2518 case KDSKBSENT:
2519 error = task_has_capability(current,CAP_SYS_TTY_CONFIG);
2520 break;
2521
2522 /* default case assumes that the command will go
2523 * to the file's ioctl() function.
2524 */
2525 default:
2526 error = file_has_perm(current, file, FILE__IOCTL);
2527
2528 }
2529 return error;
2530 }
2531
2532 static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
2533 {
2534 #ifndef CONFIG_PPC32
2535 if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
2536 /*
2537 * We are making executable an anonymous mapping or a
2538 * private file mapping that will also be writable.
2539 * This has an additional check.
2540 */
2541 int rc = task_has_perm(current, current, PROCESS__EXECMEM);
2542 if (rc)
2543 return rc;
2544 }
2545 #endif
2546
2547 if (file) {
2548 /* read access is always possible with a mapping */
2549 u32 av = FILE__READ;
2550
2551 /* write access only matters if the mapping is shared */
2552 if (shared && (prot & PROT_WRITE))
2553 av |= FILE__WRITE;
2554
2555 if (prot & PROT_EXEC)
2556 av |= FILE__EXECUTE;
2557
2558 return file_has_perm(current, file, av);
2559 }
2560 return 0;
2561 }
2562
2563 static int selinux_file_mmap(struct file *file, unsigned long reqprot,
2564 unsigned long prot, unsigned long flags)
2565 {
2566 int rc;
2567
2568 rc = secondary_ops->file_mmap(file, reqprot, prot, flags);
2569 if (rc)
2570 return rc;
2571
2572 if (selinux_checkreqprot)
2573 prot = reqprot;
2574
2575 return file_map_prot_check(file, prot,
2576 (flags & MAP_TYPE) == MAP_SHARED);
2577 }
2578
2579 static int selinux_file_mprotect(struct vm_area_struct *vma,
2580 unsigned long reqprot,
2581 unsigned long prot)
2582 {
2583 int rc;
2584
2585 rc = secondary_ops->file_mprotect(vma, reqprot, prot);
2586 if (rc)
2587 return rc;
2588
2589 if (selinux_checkreqprot)
2590 prot = reqprot;
2591
2592 #ifndef CONFIG_PPC32
2593 if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
2594 rc = 0;
2595 if (vma->vm_start >= vma->vm_mm->start_brk &&
2596 vma->vm_end <= vma->vm_mm->brk) {
2597 rc = task_has_perm(current, current,
2598 PROCESS__EXECHEAP);
2599 } else if (!vma->vm_file &&
2600 vma->vm_start <= vma->vm_mm->start_stack &&
2601 vma->vm_end >= vma->vm_mm->start_stack) {
2602 rc = task_has_perm(current, current, PROCESS__EXECSTACK);
2603 } else if (vma->vm_file && vma->anon_vma) {
2604 /*
2605 * We are making executable a file mapping that has
2606 * had some COW done. Since pages might have been
2607 * written, check ability to execute the possibly
2608 * modified content. This typically should only
2609 * occur for text relocations.
2610 */
2611 rc = file_has_perm(current, vma->vm_file,
2612 FILE__EXECMOD);
2613 }
2614 if (rc)
2615 return rc;
2616 }
2617 #endif
2618
2619 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
2620 }
2621
2622 static int selinux_file_lock(struct file *file, unsigned int cmd)
2623 {
2624 return file_has_perm(current, file, FILE__LOCK);
2625 }
2626
2627 static int selinux_file_fcntl(struct file *file, unsigned int cmd,
2628 unsigned long arg)
2629 {
2630 int err = 0;
2631
2632 switch (cmd) {
2633 case F_SETFL:
2634 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
2635 err = -EINVAL;
2636 break;
2637 }
2638
2639 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
2640 err = file_has_perm(current, file,FILE__WRITE);
2641 break;
2642 }
2643 /* fall through */
2644 case F_SETOWN:
2645 case F_SETSIG:
2646 case F_GETFL:
2647 case F_GETOWN:
2648 case F_GETSIG:
2649 /* Just check FD__USE permission */
2650 err = file_has_perm(current, file, 0);
2651 break;
2652 case F_GETLK:
2653 case F_SETLK:
2654 case F_SETLKW:
2655 #if BITS_PER_LONG == 32
2656 case F_GETLK64:
2657 case F_SETLK64:
2658 case F_SETLKW64:
2659 #endif
2660 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
2661 err = -EINVAL;
2662 break;
2663 }
2664 err = file_has_perm(current, file, FILE__LOCK);
2665 break;
2666 }
2667
2668 return err;
2669 }
2670
2671 static int selinux_file_set_fowner(struct file *file)
2672 {
2673 struct task_security_struct *tsec;
2674 struct file_security_struct *fsec;
2675
2676 tsec = current->security;
2677 fsec = file->f_security;
2678 fsec->fown_sid = tsec->sid;
2679
2680 return 0;
2681 }
2682
2683 static int selinux_file_send_sigiotask(struct task_struct *tsk,
2684 struct fown_struct *fown, int signum)
2685 {
2686 struct file *file;
2687 u32 perm;
2688 struct task_security_struct *tsec;
2689 struct file_security_struct *fsec;
2690
2691 /* struct fown_struct is never outside the context of a struct file */
2692 file = container_of(fown, struct file, f_owner);
2693
2694 tsec = tsk->security;
2695 fsec = file->f_security;
2696
2697 if (!signum)
2698 perm = signal_to_av(SIGIO); /* as per send_sigio_to_task */
2699 else
2700 perm = signal_to_av(signum);
2701
2702 return avc_has_perm(fsec->fown_sid, tsec->sid,
2703 SECCLASS_PROCESS, perm, NULL);
2704 }
2705
2706 static int selinux_file_receive(struct file *file)
2707 {
2708 return file_has_perm(current, file, file_to_av(file));
2709 }
2710
2711 /* task security operations */
2712
2713 static int selinux_task_create(unsigned long clone_flags)
2714 {
2715 int rc;
2716
2717 rc = secondary_ops->task_create(clone_flags);
2718 if (rc)
2719 return rc;
2720
2721 return task_has_perm(current, current, PROCESS__FORK);
2722 }
2723
2724 static int selinux_task_alloc_security(struct task_struct *tsk)
2725 {
2726 struct task_security_struct *tsec1, *tsec2;
2727 int rc;
2728
2729 tsec1 = current->security;
2730
2731 rc = task_alloc_security(tsk);
2732 if (rc)
2733 return rc;
2734 tsec2 = tsk->security;
2735
2736 tsec2->osid = tsec1->osid;
2737 tsec2->sid = tsec1->sid;
2738
2739 /* Retain the exec, fs, key, and sock SIDs across fork */
2740 tsec2->exec_sid = tsec1->exec_sid;
2741 tsec2->create_sid = tsec1->create_sid;
2742 tsec2->keycreate_sid = tsec1->keycreate_sid;
2743 tsec2->sockcreate_sid = tsec1->sockcreate_sid;
2744
2745 /* Retain ptracer SID across fork, if any.
2746 This will be reset by the ptrace hook upon any
2747 subsequent ptrace_attach operations. */
2748 tsec2->ptrace_sid = tsec1->ptrace_sid;
2749
2750 return 0;
2751 }
2752
2753 static void selinux_task_free_security(struct task_struct *tsk)
2754 {
2755 task_free_security(tsk);
2756 }
2757
2758 static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
2759 {
2760 /* Since setuid only affects the current process, and
2761 since the SELinux controls are not based on the Linux
2762 identity attributes, SELinux does not need to control
2763 this operation. However, SELinux does control the use
2764 of the CAP_SETUID and CAP_SETGID capabilities using the
2765 capable hook. */
2766 return 0;
2767 }
2768
2769 static int selinux_task_post_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
2770 {
2771 return secondary_ops->task_post_setuid(id0,id1,id2,flags);
2772 }
2773
2774 static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags)
2775 {
2776 /* See the comment for setuid above. */
2777 return 0;
2778 }
2779
2780 static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
2781 {
2782 return task_has_perm(current, p, PROCESS__SETPGID);
2783 }
2784
2785 static int selinux_task_getpgid(struct task_struct *p)
2786 {
2787 return task_has_perm(current, p, PROCESS__GETPGID);
2788 }
2789
2790 static int selinux_task_getsid(struct task_struct *p)
2791 {
2792 return task_has_perm(current, p, PROCESS__GETSESSION);
2793 }
2794
2795 static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
2796 {
2797 selinux_get_task_sid(p, secid);
2798 }
2799
2800 static int selinux_task_setgroups(struct group_info *group_info)
2801 {
2802 /* See the comment for setuid above. */
2803 return 0;
2804 }
2805
2806 static int selinux_task_setnice(struct task_struct *p, int nice)
2807 {
2808 int rc;
2809
2810 rc = secondary_ops->task_setnice(p, nice);
2811 if (rc)
2812 return rc;
2813
2814 return task_has_perm(current,p, PROCESS__SETSCHED);
2815 }
2816
2817 static int selinux_task_setioprio(struct task_struct *p, int ioprio)
2818 {
2819 return task_has_perm(current, p, PROCESS__SETSCHED);
2820 }
2821
2822 static int selinux_task_getioprio(struct task_struct *p)
2823 {
2824 return task_has_perm(current, p, PROCESS__GETSCHED);
2825 }
2826
2827 static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim)
2828 {
2829 struct rlimit *old_rlim = current->signal->rlim + resource;
2830 int rc;
2831
2832 rc = secondary_ops->task_setrlimit(resource, new_rlim);
2833 if (rc)
2834 return rc;
2835
2836 /* Control the ability to change the hard limit (whether
2837 lowering or raising it), so that the hard limit can
2838 later be used as a safe reset point for the soft limit
2839 upon context transitions. See selinux_bprm_apply_creds. */
2840 if (old_rlim->rlim_max != new_rlim->rlim_max)
2841 return task_has_perm(current, current, PROCESS__SETRLIMIT);
2842
2843 return 0;
2844 }
2845
2846 static int selinux_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp)
2847 {
2848 return task_has_perm(current, p, PROCESS__SETSCHED);
2849 }
2850
2851 static int selinux_task_getscheduler(struct task_struct *p)
2852 {
2853 return task_has_perm(current, p, PROCESS__GETSCHED);
2854 }
2855
2856 static int selinux_task_movememory(struct task_struct *p)
2857 {
2858 return task_has_perm(current, p, PROCESS__SETSCHED);
2859 }
2860
2861 static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
2862 int sig, u32 secid)
2863 {
2864 u32 perm;
2865 int rc;
2866 struct task_security_struct *tsec;
2867
2868 rc = secondary_ops->task_kill(p, info, sig, secid);
2869 if (rc)
2870 return rc;
2871
2872 if (info != SEND_SIG_NOINFO && (is_si_special(info) || SI_FROMKERNEL(info)))
2873 return 0;
2874
2875 if (!sig)
2876 perm = PROCESS__SIGNULL; /* null signal; existence test */
2877 else
2878 perm = signal_to_av(sig);
2879 tsec = p->security;
2880 if (secid)
2881 rc = avc_has_perm(secid, tsec->sid, SECCLASS_PROCESS, perm, NULL);
2882 else
2883 rc = task_has_perm(current, p, perm);
2884 return rc;
2885 }
2886
2887 static int selinux_task_prctl(int option,
2888 unsigned long arg2,
2889 unsigned long arg3,
2890 unsigned long arg4,
2891 unsigned long arg5)
2892 {
2893 /* The current prctl operations do not appear to require
2894 any SELinux controls since they merely observe or modify
2895 the state of the current process. */
2896 return 0;
2897 }
2898
2899 static int selinux_task_wait(struct task_struct *p)
2900 {
2901 u32 perm;
2902
2903 perm = signal_to_av(p->exit_signal);
2904
2905 return task_has_perm(p, current, perm);
2906 }
2907
2908 static void selinux_task_reparent_to_init(struct task_struct *p)
2909 {
2910 struct task_security_struct *tsec;
2911
2912 secondary_ops->task_reparent_to_init(p);
2913
2914 tsec = p->security;
2915 tsec->osid = tsec->sid;
2916 tsec->sid = SECINITSID_KERNEL;
2917 return;
2918 }
2919
2920 static void selinux_task_to_inode(struct task_struct *p,
2921 struct inode *inode)
2922 {
2923 struct task_security_struct *tsec = p->security;
2924 struct inode_security_struct *isec = inode->i_security;
2925
2926 isec->sid = tsec->sid;
2927 isec->initialized = 1;
2928 return;
2929 }
2930
2931 /* Returns error only if unable to parse addresses */
2932 static int selinux_parse_skb_ipv4(struct sk_buff *skb,
2933 struct avc_audit_data *ad, u8 *proto)
2934 {
2935 int offset, ihlen, ret = -EINVAL;
2936 struct iphdr _iph, *ih;
2937
2938 offset = skb->nh.raw - skb->data;
2939 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
2940 if (ih == NULL)
2941 goto out;
2942
2943 ihlen = ih->ihl * 4;
2944 if (ihlen < sizeof(_iph))
2945 goto out;
2946
2947 ad->u.net.v4info.saddr = ih->saddr;
2948 ad->u.net.v4info.daddr = ih->daddr;
2949 ret = 0;
2950
2951 if (proto)
2952 *proto = ih->protocol;
2953
2954 switch (ih->protocol) {
2955 case IPPROTO_TCP: {
2956 struct tcphdr _tcph, *th;
2957
2958 if (ntohs(ih->frag_off) & IP_OFFSET)
2959 break;
2960
2961 offset += ihlen;
2962 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
2963 if (th == NULL)
2964 break;
2965
2966 ad->u.net.sport = th->source;
2967 ad->u.net.dport = th->dest;
2968 break;
2969 }
2970
2971 case IPPROTO_UDP: {
2972 struct udphdr _udph, *uh;
2973
2974 if (ntohs(ih->frag_off) & IP_OFFSET)
2975 break;
2976
2977 offset += ihlen;
2978 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
2979 if (uh == NULL)
2980 break;
2981
2982 ad->u.net.sport = uh->source;
2983 ad->u.net.dport = uh->dest;
2984 break;
2985 }
2986
2987 case IPPROTO_DCCP: {
2988 struct dccp_hdr _dccph, *dh;
2989
2990 if (ntohs(ih->frag_off) & IP_OFFSET)
2991 break;
2992
2993 offset += ihlen;
2994 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
2995 if (dh == NULL)
2996 break;
2997
2998 ad->u.net.sport = dh->dccph_sport;
2999 ad->u.net.dport = dh->dccph_dport;
3000 break;
3001 }
3002
3003 default:
3004 break;
3005 }
3006 out:
3007 return ret;
3008 }
3009
3010 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3011
3012 /* Returns error only if unable to parse addresses */
3013 static int selinux_parse_skb_ipv6(struct sk_buff *skb,
3014 struct avc_audit_data *ad, u8 *proto)
3015 {
3016 u8 nexthdr;
3017 int ret = -EINVAL, offset;
3018 struct ipv6hdr _ipv6h, *ip6;
3019
3020 offset = skb->nh.raw - skb->data;
3021 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3022 if (ip6 == NULL)
3023 goto out;
3024
3025 ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr);
3026 ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr);
3027 ret = 0;
3028
3029 nexthdr = ip6->nexthdr;
3030 offset += sizeof(_ipv6h);
3031 offset = ipv6_skip_exthdr(skb, offset, &nexthdr);
3032 if (offset < 0)
3033 goto out;
3034
3035 if (proto)
3036 *proto = nexthdr;
3037
3038 switch (nexthdr) {
3039 case IPPROTO_TCP: {
3040 struct tcphdr _tcph, *th;
3041
3042 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3043 if (th == NULL)
3044 break;
3045
3046 ad->u.net.sport = th->source;
3047 ad->u.net.dport = th->dest;
3048 break;
3049 }
3050
3051 case IPPROTO_UDP: {
3052 struct udphdr _udph, *uh;
3053
3054 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3055 if (uh == NULL)
3056 break;
3057
3058 ad->u.net.sport = uh->source;
3059 ad->u.net.dport = uh->dest;
3060 break;
3061 }
3062
3063 case IPPROTO_DCCP: {
3064 struct dccp_hdr _dccph, *dh;
3065
3066 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3067 if (dh == NULL)
3068 break;
3069
3070 ad->u.net.sport = dh->dccph_sport;
3071 ad->u.net.dport = dh->dccph_dport;
3072 break;
3073 }
3074
3075 /* includes fragments */
3076 default:
3077 break;
3078 }
3079 out:
3080 return ret;
3081 }
3082
3083 #endif /* IPV6 */
3084
3085 static int selinux_parse_skb(struct sk_buff *skb, struct avc_audit_data *ad,
3086 char **addrp, int *len, int src, u8 *proto)
3087 {
3088 int ret = 0;
3089
3090 switch (ad->u.net.family) {
3091 case PF_INET:
3092 ret = selinux_parse_skb_ipv4(skb, ad, proto);
3093 if (ret || !addrp)
3094 break;
3095 *len = 4;
3096 *addrp = (char *)(src ? &ad->u.net.v4info.saddr :
3097 &ad->u.net.v4info.daddr);
3098 break;
3099
3100 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3101 case PF_INET6:
3102 ret = selinux_parse_skb_ipv6(skb, ad, proto);
3103 if (ret || !addrp)
3104 break;
3105 *len = 16;
3106 *addrp = (char *)(src ? &ad->u.net.v6info.saddr :
3107 &ad->u.net.v6info.daddr);
3108 break;
3109 #endif /* IPV6 */
3110 default:
3111 break;
3112 }
3113
3114 return ret;
3115 }
3116
3117 /* socket security operations */
3118 static int socket_has_perm(struct task_struct *task, struct socket *sock,
3119 u32 perms)
3120 {
3121 struct inode_security_struct *isec;
3122 struct task_security_struct *tsec;
3123 struct avc_audit_data ad;
3124 int err = 0;
3125
3126 tsec = task->security;
3127 isec = SOCK_INODE(sock)->i_security;
3128
3129 if (isec->sid == SECINITSID_KERNEL)
3130 goto out;
3131
3132 AVC_AUDIT_DATA_INIT(&ad,NET);
3133 ad.u.net.sk = sock->sk;
3134 err = avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad);
3135
3136 out:
3137 return err;
3138 }
3139
3140 static int selinux_socket_create(int family, int type,
3141 int protocol, int kern)
3142 {
3143 int err = 0;
3144 struct task_security_struct *tsec;
3145 u32 newsid;
3146
3147 if (kern)
3148 goto out;
3149
3150 tsec = current->security;
3151 newsid = tsec->sockcreate_sid ? : tsec->sid;
3152 err = avc_has_perm(tsec->sid, newsid,
3153 socket_type_to_security_class(family, type,
3154 protocol), SOCKET__CREATE, NULL);
3155
3156 out:
3157 return err;
3158 }
3159
3160 static int selinux_socket_post_create(struct socket *sock, int family,
3161 int type, int protocol, int kern)
3162 {
3163 int err = 0;
3164 struct inode_security_struct *isec;
3165 struct task_security_struct *tsec;
3166 struct sk_security_struct *sksec;
3167 u32 newsid;
3168
3169 isec = SOCK_INODE(sock)->i_security;
3170
3171 tsec = current->security;
3172 newsid = tsec->sockcreate_sid ? : tsec->sid;
3173 isec->sclass = socket_type_to_security_class(family, type, protocol);
3174 isec->sid = kern ? SECINITSID_KERNEL : newsid;
3175 isec->initialized = 1;
3176
3177 if (sock->sk) {
3178 sksec = sock->sk->sk_security;
3179 sksec->sid = isec->sid;
3180 err = selinux_netlbl_socket_post_create(sock);
3181 }
3182
3183 return err;
3184 }
3185
3186 /* Range of port numbers used to automatically bind.
3187 Need to determine whether we should perform a name_bind
3188 permission check between the socket and the port number. */
3189 #define ip_local_port_range_0 sysctl_local_port_range[0]
3190 #define ip_local_port_range_1 sysctl_local_port_range[1]
3191
3192 static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
3193 {
3194 u16 family;
3195 int err;
3196
3197 err = socket_has_perm(current, sock, SOCKET__BIND);
3198 if (err)
3199 goto out;
3200
3201 /*
3202 * If PF_INET or PF_INET6, check name_bind permission for the port.
3203 * Multiple address binding for SCTP is not supported yet: we just
3204 * check the first address now.
3205 */
3206 family = sock->sk->sk_family;
3207 if (family == PF_INET || family == PF_INET6) {
3208 char *addrp;
3209 struct inode_security_struct *isec;
3210 struct task_security_struct *tsec;
3211 struct avc_audit_data ad;
3212 struct sockaddr_in *addr4 = NULL;
3213 struct sockaddr_in6 *addr6 = NULL;
3214 unsigned short snum;
3215 struct sock *sk = sock->sk;
3216 u32 sid, node_perm, addrlen;
3217
3218 tsec = current->security;
3219 isec = SOCK_INODE(sock)->i_security;
3220
3221 if (family == PF_INET) {
3222 addr4 = (struct sockaddr_in *)address;
3223 snum = ntohs(addr4->sin_port);
3224 addrlen = sizeof(addr4->sin_addr.s_addr);
3225 addrp = (char *)&addr4->sin_addr.s_addr;
3226 } else {
3227 addr6 = (struct sockaddr_in6 *)address;
3228 snum = ntohs(addr6->sin6_port);
3229 addrlen = sizeof(addr6->sin6_addr.s6_addr);
3230 addrp = (char *)&addr6->sin6_addr.s6_addr;
3231 }
3232
3233 if (snum&&(snum < max(PROT_SOCK,ip_local_port_range_0) ||
3234 snum > ip_local_port_range_1)) {
3235 err = security_port_sid(sk->sk_family, sk->sk_type,
3236 sk->sk_protocol, snum, &sid);
3237 if (err)
3238 goto out;
3239 AVC_AUDIT_DATA_INIT(&ad,NET);
3240 ad.u.net.sport = htons(snum);
3241 ad.u.net.family = family;
3242 err = avc_has_perm(isec->sid, sid,
3243 isec->sclass,
3244 SOCKET__NAME_BIND, &ad);
3245 if (err)
3246 goto out;
3247 }
3248
3249 switch(isec->sclass) {
3250 case SECCLASS_TCP_SOCKET:
3251 node_perm = TCP_SOCKET__NODE_BIND;
3252 break;
3253
3254 case SECCLASS_UDP_SOCKET:
3255 node_perm = UDP_SOCKET__NODE_BIND;
3256 break;
3257
3258 case SECCLASS_DCCP_SOCKET:
3259 node_perm = DCCP_SOCKET__NODE_BIND;
3260 break;
3261
3262 default:
3263 node_perm = RAWIP_SOCKET__NODE_BIND;
3264 break;
3265 }
3266
3267 err = security_node_sid(family, addrp, addrlen, &sid);
3268 if (err)
3269 goto out;
3270
3271 AVC_AUDIT_DATA_INIT(&ad,NET);
3272 ad.u.net.sport = htons(snum);
3273 ad.u.net.family = family;
3274
3275 if (family == PF_INET)
3276 ad.u.net.v4info.saddr = addr4->sin_addr.s_addr;
3277 else
3278 ipv6_addr_copy(&ad.u.net.v6info.saddr, &addr6->sin6_addr);
3279
3280 err = avc_has_perm(isec->sid, sid,
3281 isec->sclass, node_perm, &ad);
3282 if (err)
3283 goto out;
3284 }
3285 out:
3286 return err;
3287 }
3288
3289 static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
3290 {
3291 struct inode_security_struct *isec;
3292 int err;
3293
3294 err = socket_has_perm(current, sock, SOCKET__CONNECT);
3295 if (err)
3296 return err;
3297
3298 /*
3299 * If a TCP or DCCP socket, check name_connect permission for the port.
3300 */
3301 isec = SOCK_INODE(sock)->i_security;
3302 if (isec->sclass == SECCLASS_TCP_SOCKET ||
3303 isec->sclass == SECCLASS_DCCP_SOCKET) {
3304 struct sock *sk = sock->sk;
3305 struct avc_audit_data ad;
3306 struct sockaddr_in *addr4 = NULL;
3307 struct sockaddr_in6 *addr6 = NULL;
3308 unsigned short snum;
3309 u32 sid, perm;
3310
3311 if (sk->sk_family == PF_INET) {
3312 addr4 = (struct sockaddr_in *)address;
3313 if (addrlen < sizeof(struct sockaddr_in))
3314 return -EINVAL;
3315 snum = ntohs(addr4->sin_port);
3316 } else {
3317 addr6 = (struct sockaddr_in6 *)address;
3318 if (addrlen < SIN6_LEN_RFC2133)
3319 return -EINVAL;
3320 snum = ntohs(addr6->sin6_port);
3321 }
3322
3323 err = security_port_sid(sk->sk_family, sk->sk_type,
3324 sk->sk_protocol, snum, &sid);
3325 if (err)
3326 goto out;
3327
3328 perm = (isec->sclass == SECCLASS_TCP_SOCKET) ?
3329 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
3330
3331 AVC_AUDIT_DATA_INIT(&ad,NET);
3332 ad.u.net.dport = htons(snum);
3333 ad.u.net.family = sk->sk_family;
3334 err = avc_has_perm(isec->sid, sid, isec->sclass, perm, &ad);
3335 if (err)
3336 goto out;
3337 }
3338
3339 out:
3340 return err;
3341 }
3342
3343 static int selinux_socket_listen(struct socket *sock, int backlog)
3344 {
3345 return socket_has_perm(current, sock, SOCKET__LISTEN);
3346 }
3347
3348 static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
3349 {
3350 int err;
3351 struct inode_security_struct *isec;
3352 struct inode_security_struct *newisec;
3353
3354 err = socket_has_perm(current, sock, SOCKET__ACCEPT);
3355 if (err)
3356 return err;
3357
3358 newisec = SOCK_INODE(newsock)->i_security;
3359
3360 isec = SOCK_INODE(sock)->i_security;
3361 newisec->sclass = isec->sclass;
3362 newisec->sid = isec->sid;
3363 newisec->initialized = 1;
3364
3365 return 0;
3366 }
3367
3368 static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3369 int size)
3370 {
3371 int rc;
3372
3373 rc = socket_has_perm(current, sock, SOCKET__WRITE);
3374 if (rc)
3375 return rc;
3376
3377 return selinux_netlbl_inode_permission(SOCK_INODE(sock), MAY_WRITE);
3378 }
3379
3380 static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
3381 int size, int flags)
3382 {
3383 return socket_has_perm(current, sock, SOCKET__READ);
3384 }
3385
3386 static int selinux_socket_getsockname(struct socket *sock)
3387 {
3388 return socket_has_perm(current, sock, SOCKET__GETATTR);
3389 }
3390
3391 static int selinux_socket_getpeername(struct socket *sock)
3392 {
3393 return socket_has_perm(current, sock, SOCKET__GETATTR);
3394 }
3395
3396 static int selinux_socket_setsockopt(struct socket *sock,int level,int optname)
3397 {
3398 int err;
3399
3400 err = socket_has_perm(current, sock, SOCKET__SETOPT);
3401 if (err)
3402 return err;
3403
3404 return selinux_netlbl_socket_setsockopt(sock, level, optname);
3405 }
3406
3407 static int selinux_socket_getsockopt(struct socket *sock, int level,
3408 int optname)
3409 {
3410 return socket_has_perm(current, sock, SOCKET__GETOPT);
3411 }
3412
3413 static int selinux_socket_shutdown(struct socket *sock, int how)
3414 {
3415 return socket_has_perm(current, sock, SOCKET__SHUTDOWN);
3416 }
3417
3418 static int selinux_socket_unix_stream_connect(struct socket *sock,
3419 struct socket *other,
3420 struct sock *newsk)
3421 {
3422 struct sk_security_struct *ssec;
3423 struct inode_security_struct *isec;
3424 struct inode_security_struct *other_isec;
3425 struct avc_audit_data ad;
3426 int err;
3427
3428 err = secondary_ops->unix_stream_connect(sock, other, newsk);
3429 if (err)
3430 return err;
3431
3432 isec = SOCK_INODE(sock)->i_security;
3433 other_isec = SOCK_INODE(other)->i_security;
3434
3435 AVC_AUDIT_DATA_INIT(&ad,NET);
3436 ad.u.net.sk = other->sk;
3437
3438 err = avc_has_perm(isec->sid, other_isec->sid,
3439 isec->sclass,
3440 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
3441 if (err)
3442 return err;
3443
3444 /* connecting socket */
3445 ssec = sock->sk->sk_security;
3446 ssec->peer_sid = other_isec->sid;
3447
3448 /* server child socket */
3449 ssec = newsk->sk_security;
3450 ssec->peer_sid = isec->sid;
3451 err = security_sid_mls_copy(other_isec->sid, ssec->peer_sid, &ssec->sid);
3452
3453 return err;
3454 }
3455
3456 static int selinux_socket_unix_may_send(struct socket *sock,
3457 struct socket *other)
3458 {
3459 struct inode_security_struct *isec;
3460 struct inode_security_struct *other_isec;
3461 struct avc_audit_data ad;
3462 int err;
3463
3464 isec = SOCK_INODE(sock)->i_security;
3465 other_isec = SOCK_INODE(other)->i_security;
3466
3467 AVC_AUDIT_DATA_INIT(&ad,NET);
3468 ad.u.net.sk = other->sk;
3469
3470 err = avc_has_perm(isec->sid, other_isec->sid,
3471 isec->sclass, SOCKET__SENDTO, &ad);
3472 if (err)
3473 return err;
3474
3475 return 0;
3476 }
3477
3478 static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
3479 struct avc_audit_data *ad, u16 family, char *addrp, int len)
3480 {
3481 int err = 0;
3482 u32 netif_perm, node_perm, node_sid, if_sid, recv_perm = 0;
3483 struct socket *sock;
3484 u16 sock_class = 0;
3485 u32 sock_sid = 0;
3486
3487 read_lock_bh(&sk->sk_callback_lock);
3488 sock = sk->sk_socket;
3489 if (sock) {
3490 struct inode *inode;
3491 inode = SOCK_INODE(sock);
3492 if (inode) {
3493 struct inode_security_struct *isec;
3494 isec = inode->i_security;
3495 sock_sid = isec->sid;
3496 sock_class = isec->sclass;
3497 }
3498 }
3499 read_unlock_bh(&sk->sk_callback_lock);
3500 if (!sock_sid)
3501 goto out;
3502
3503 if (!skb->dev)
3504 goto out;
3505
3506 err = sel_netif_sids(skb->dev, &if_sid, NULL);
3507 if (err)
3508 goto out;
3509
3510 switch (sock_class) {
3511 case SECCLASS_UDP_SOCKET:
3512 netif_perm = NETIF__UDP_RECV;
3513 node_perm = NODE__UDP_RECV;
3514 recv_perm = UDP_SOCKET__RECV_MSG;
3515 break;
3516
3517 case SECCLASS_TCP_SOCKET:
3518 netif_perm = NETIF__TCP_RECV;
3519 node_perm = NODE__TCP_RECV;
3520 recv_perm = TCP_SOCKET__RECV_MSG;
3521 break;
3522
3523 case SECCLASS_DCCP_SOCKET:
3524 netif_perm = NETIF__DCCP_RECV;
3525 node_perm = NODE__DCCP_RECV;
3526 recv_perm = DCCP_SOCKET__RECV_MSG;
3527 break;
3528
3529 default:
3530 netif_perm = NETIF__RAWIP_RECV;
3531 node_perm = NODE__RAWIP_RECV;
3532 break;
3533 }
3534
3535 err = avc_has_perm(sock_sid, if_sid, SECCLASS_NETIF, netif_perm, ad);
3536 if (err)
3537 goto out;
3538
3539 err = security_node_sid(family, addrp, len, &node_sid);
3540 if (err)
3541 goto out;
3542
3543 err = avc_has_perm(sock_sid, node_sid, SECCLASS_NODE, node_perm, ad);
3544 if (err)
3545 goto out;
3546
3547 if (recv_perm) {
3548 u32 port_sid;
3549
3550 err = security_port_sid(sk->sk_family, sk->sk_type,
3551 sk->sk_protocol, ntohs(ad->u.net.sport),
3552 &port_sid);
3553 if (err)
3554 goto out;
3555
3556 err = avc_has_perm(sock_sid, port_sid,
3557 sock_class, recv_perm, ad);
3558 }
3559
3560 out:
3561 return err;
3562 }
3563
3564 static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3565 {
3566 u16 family;
3567 char *addrp;
3568 int len, err = 0;
3569 struct avc_audit_data ad;
3570 struct sk_security_struct *sksec = sk->sk_security;
3571
3572 family = sk->sk_family;
3573 if (family != PF_INET && family != PF_INET6)
3574 goto out;
3575
3576 /* Handle mapped IPv4 packets arriving via IPv6 sockets */
3577 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
3578 family = PF_INET;
3579
3580 AVC_AUDIT_DATA_INIT(&ad, NET);
3581 ad.u.net.netif = skb->dev ? skb->dev->name : "[unknown]";
3582 ad.u.net.family = family;
3583
3584 err = selinux_parse_skb(skb, &ad, &addrp, &len, 1, NULL);
3585 if (err)
3586 goto out;
3587
3588 if (selinux_compat_net)
3589 err = selinux_sock_rcv_skb_compat(sk, skb, &ad, family,
3590 addrp, len);
3591 else
3592 err = avc_has_perm(sksec->sid, skb->secmark, SECCLASS_PACKET,
3593 PACKET__RECV, &ad);
3594 if (err)
3595 goto out;
3596
3597 err = selinux_netlbl_sock_rcv_skb(sksec, skb, &ad);
3598 if (err)
3599 goto out;
3600
3601 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
3602 out:
3603 return err;
3604 }
3605
3606 static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
3607 int __user *optlen, unsigned len)
3608 {
3609 int err = 0;
3610 char *scontext;
3611 u32 scontext_len;
3612 struct sk_security_struct *ssec;
3613 struct inode_security_struct *isec;
3614 u32 peer_sid = SECSID_NULL;
3615
3616 isec = SOCK_INODE(sock)->i_security;
3617
3618 if (isec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
3619 isec->sclass == SECCLASS_TCP_SOCKET) {
3620 ssec = sock->sk->sk_security;
3621 peer_sid = ssec->peer_sid;
3622 }
3623 if (peer_sid == SECSID_NULL) {
3624 err = -ENOPROTOOPT;
3625 goto out;
3626 }
3627
3628 err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
3629
3630 if (err)
3631 goto out;
3632
3633 if (scontext_len > len) {
3634 err = -ERANGE;
3635 goto out_len;
3636 }
3637
3638 if (copy_to_user(optval, scontext, scontext_len))
3639 err = -EFAULT;
3640
3641 out_len:
3642 if (put_user(scontext_len, optlen))
3643 err = -EFAULT;
3644
3645 kfree(scontext);
3646 out:
3647 return err;
3648 }
3649
3650 static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
3651 {
3652 u32 peer_secid = SECSID_NULL;
3653 int err = 0;
3654
3655 if (sock && sock->sk->sk_family == PF_UNIX)
3656 selinux_get_inode_sid(SOCK_INODE(sock), &peer_secid);
3657 else if (skb)
3658 security_skb_extlbl_sid(skb,
3659 SECINITSID_UNLABELED,
3660 &peer_secid);
3661
3662 if (peer_secid == SECSID_NULL)
3663 err = -EINVAL;
3664 *secid = peer_secid;
3665
3666 return err;
3667 }
3668
3669 static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
3670 {
3671 return sk_alloc_security(sk, family, priority);
3672 }
3673
3674 static void selinux_sk_free_security(struct sock *sk)
3675 {
3676 sk_free_security(sk);
3677 }
3678
3679 static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
3680 {
3681 struct sk_security_struct *ssec = sk->sk_security;
3682 struct sk_security_struct *newssec = newsk->sk_security;
3683
3684 newssec->sid = ssec->sid;
3685 newssec->peer_sid = ssec->peer_sid;
3686
3687 selinux_netlbl_sk_security_clone(ssec, newssec);
3688 }
3689
3690 static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
3691 {
3692 if (!sk)
3693 *secid = SECINITSID_ANY_SOCKET;
3694 else {
3695 struct sk_security_struct *sksec = sk->sk_security;
3696
3697 *secid = sksec->sid;
3698 }
3699 }
3700
3701 static void selinux_sock_graft(struct sock* sk, struct socket *parent)
3702 {
3703 struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
3704 struct sk_security_struct *sksec = sk->sk_security;
3705
3706 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
3707 sk->sk_family == PF_UNIX)
3708 isec->sid = sksec->sid;
3709
3710 selinux_netlbl_sock_graft(sk, parent);
3711 }
3712
3713 static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
3714 struct request_sock *req)
3715 {
3716 struct sk_security_struct *sksec = sk->sk_security;
3717 int err;
3718 u32 newsid;
3719 u32 peersid;
3720
3721 security_skb_extlbl_sid(skb, SECINITSID_UNLABELED, &peersid);
3722 if (peersid == SECSID_NULL) {
3723 req->secid = sksec->sid;
3724 req->peer_secid = SECSID_NULL;
3725 return 0;
3726 }
3727
3728 err = security_sid_mls_copy(sksec->sid, peersid, &newsid);
3729 if (err)
3730 return err;
3731
3732 req->secid = newsid;
3733 req->peer_secid = peersid;
3734 return 0;
3735 }
3736
3737 static void selinux_inet_csk_clone(struct sock *newsk,
3738 const struct request_sock *req)
3739 {
3740 struct sk_security_struct *newsksec = newsk->sk_security;
3741
3742 newsksec->sid = req->secid;
3743 newsksec->peer_sid = req->peer_secid;
3744 /* NOTE: Ideally, we should also get the isec->sid for the
3745 new socket in sync, but we don't have the isec available yet.
3746 So we will wait until sock_graft to do it, by which
3747 time it will have been created and available. */
3748
3749 /* We don't need to take any sort of lock here as we are the only
3750 * thread with access to newsksec */
3751 selinux_netlbl_sk_security_reset(newsksec, req->rsk_ops->family);
3752 }
3753
3754 static void selinux_inet_conn_established(struct sock *sk,
3755 struct sk_buff *skb)
3756 {
3757 struct sk_security_struct *sksec = sk->sk_security;
3758
3759 security_skb_extlbl_sid(skb, SECINITSID_UNLABELED, &sksec->peer_sid);
3760 }
3761
3762 static void selinux_req_classify_flow(const struct request_sock *req,
3763 struct flowi *fl)
3764 {
3765 fl->secid = req->secid;
3766 }
3767
3768 static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
3769 {
3770 int err = 0;
3771 u32 perm;
3772 struct nlmsghdr *nlh;
3773 struct socket *sock = sk->sk_socket;
3774 struct inode_security_struct *isec = SOCK_INODE(sock)->i_security;
3775
3776 if (skb->len < NLMSG_SPACE(0)) {
3777 err = -EINVAL;
3778 goto out;
3779 }
3780 nlh = (struct nlmsghdr *)skb->data;
3781
3782 err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);
3783 if (err) {
3784 if (err == -EINVAL) {
3785 audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR,
3786 "SELinux: unrecognized netlink message"
3787 " type=%hu for sclass=%hu\n",
3788 nlh->nlmsg_type, isec->sclass);
3789 if (!selinux_enforcing)
3790 err = 0;
3791 }
3792
3793 /* Ignore */
3794 if (err == -ENOENT)
3795 err = 0;
3796 goto out;
3797 }
3798
3799 err = socket_has_perm(current, sock, perm);
3800 out:
3801 return err;
3802 }
3803
3804 #ifdef CONFIG_NETFILTER
3805
3806 static int selinux_ip_postroute_last_compat(struct sock *sk, struct net_device *dev,
3807 struct avc_audit_data *ad,
3808 u16 family, char *addrp, int len)
3809 {
3810 int err = 0;
3811 u32 netif_perm, node_perm, node_sid, if_sid, send_perm = 0;
3812 struct socket *sock;
3813 struct inode *inode;
3814 struct inode_security_struct *isec;
3815
3816 sock = sk->sk_socket;
3817 if (!sock)
3818 goto out;
3819
3820 inode = SOCK_INODE(sock);
3821 if (!inode)
3822 goto out;
3823
3824 isec = inode->i_security;
3825
3826 err = sel_netif_sids(dev, &if_sid, NULL);
3827 if (err)
3828 goto out;
3829
3830 switch (isec->sclass) {
3831 case SECCLASS_UDP_SOCKET:
3832 netif_perm = NETIF__UDP_SEND;
3833 node_perm = NODE__UDP_SEND;
3834 send_perm = UDP_SOCKET__SEND_MSG;
3835 break;
3836
3837 case SECCLASS_TCP_SOCKET:
3838 netif_perm = NETIF__TCP_SEND;
3839 node_perm = NODE__TCP_SEND;
3840 send_perm = TCP_SOCKET__SEND_MSG;
3841 break;
3842
3843 case SECCLASS_DCCP_SOCKET:
3844 netif_perm = NETIF__DCCP_SEND;
3845 node_perm = NODE__DCCP_SEND;
3846 send_perm = DCCP_SOCKET__SEND_MSG;
3847 break;
3848
3849 default:
3850 netif_perm = NETIF__RAWIP_SEND;
3851 node_perm = NODE__RAWIP_SEND;
3852 break;
3853 }
3854
3855 err = avc_has_perm(isec->sid, if_sid, SECCLASS_NETIF, netif_perm, ad);
3856 if (err)
3857 goto out;
3858
3859 err = security_node_sid(family, addrp, len, &node_sid);
3860 if (err)
3861 goto out;
3862
3863 err = avc_has_perm(isec->sid, node_sid, SECCLASS_NODE, node_perm, ad);
3864 if (err)
3865 goto out;
3866
3867 if (send_perm) {
3868 u32 port_sid;
3869
3870 err = security_port_sid(sk->sk_family,
3871 sk->sk_type,
3872 sk->sk_protocol,
3873 ntohs(ad->u.net.dport),
3874 &port_sid);
3875 if (err)
3876 goto out;
3877
3878 err = avc_has_perm(isec->sid, port_sid, isec->sclass,
3879 send_perm, ad);
3880 }
3881 out:
3882 return err;
3883 }
3884
3885 static unsigned int selinux_ip_postroute_last(unsigned int hooknum,
3886 struct sk_buff **pskb,
3887 const struct net_device *in,
3888 const struct net_device *out,
3889 int (*okfn)(struct sk_buff *),
3890 u16 family)
3891 {
3892 char *addrp;
3893 int len, err = 0;
3894 struct sock *sk;
3895 struct sk_buff *skb = *pskb;
3896 struct avc_audit_data ad;
3897 struct net_device *dev = (struct net_device *)out;
3898 struct sk_security_struct *sksec;
3899 u8 proto;
3900
3901 sk = skb->sk;
3902 if (!sk)
3903 goto out;
3904
3905 sksec = sk->sk_security;
3906
3907 AVC_AUDIT_DATA_INIT(&ad, NET);
3908 ad.u.net.netif = dev->name;
3909 ad.u.net.family = family;
3910
3911 err = selinux_parse_skb(skb, &ad, &addrp, &len, 0, &proto);
3912 if (err)
3913 goto out;
3914
3915 if (selinux_compat_net)
3916 err = selinux_ip_postroute_last_compat(sk, dev, &ad,
3917 family, addrp, len);
3918 else
3919 err = avc_has_perm(sksec->sid, skb->secmark, SECCLASS_PACKET,
3920 PACKET__SEND, &ad);
3921
3922 if (err)
3923 goto out;
3924
3925 err = selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto);
3926 out:
3927 return err ? NF_DROP : NF_ACCEPT;
3928 }
3929
3930 static unsigned int selinux_ipv4_postroute_last(unsigned int hooknum,
3931 struct sk_buff **pskb,
3932 const struct net_device *in,
3933 const struct net_device *out,
3934 int (*okfn)(struct sk_buff *))
3935 {
3936 return selinux_ip_postroute_last(hooknum, pskb, in, out, okfn, PF_INET);
3937 }
3938
3939 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3940
3941 static unsigned int selinux_ipv6_postroute_last(unsigned int hooknum,
3942 struct sk_buff **pskb,
3943 const struct net_device *in,
3944 const struct net_device *out,
3945 int (*okfn)(struct sk_buff *))
3946 {
3947 return selinux_ip_postroute_last(hooknum, pskb, in, out, okfn, PF_INET6);
3948 }
3949
3950 #endif /* IPV6 */
3951
3952 #endif /* CONFIG_NETFILTER */
3953
3954 static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
3955 {
3956 int err;
3957
3958 err = secondary_ops->netlink_send(sk, skb);
3959 if (err)
3960 return err;
3961
3962 if (policydb_loaded_version >= POLICYDB_VERSION_NLCLASS)
3963 err = selinux_nlmsg_perm(sk, skb);
3964
3965 return err;
3966 }
3967
3968 static int selinux_netlink_recv(struct sk_buff *skb, int capability)
3969 {
3970 int err;
3971 struct avc_audit_data ad;
3972
3973 err = secondary_ops->netlink_recv(skb, capability);
3974 if (err)
3975 return err;
3976
3977 AVC_AUDIT_DATA_INIT(&ad, CAP);
3978 ad.u.cap = capability;
3979
3980 return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid,
3981 SECCLASS_CAPABILITY, CAP_TO_MASK(capability), &ad);
3982 }
3983
3984 static int ipc_alloc_security(struct task_struct *task,
3985 struct kern_ipc_perm *perm,
3986 u16 sclass)
3987 {
3988 struct task_security_struct *tsec = task->security;
3989 struct ipc_security_struct *isec;
3990
3991 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
3992 if (!isec)
3993 return -ENOMEM;
3994
3995 isec->sclass = sclass;
3996 isec->ipc_perm = perm;
3997 isec->sid = tsec->sid;
3998 perm->security = isec;
3999
4000 return 0;
4001 }
4002
4003 static void ipc_free_security(struct kern_ipc_perm *perm)
4004 {
4005 struct ipc_security_struct *isec = perm->security;
4006 perm->security = NULL;
4007 kfree(isec);
4008 }
4009
4010 static int msg_msg_alloc_security(struct msg_msg *msg)
4011 {
4012 struct msg_security_struct *msec;
4013
4014 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
4015 if (!msec)
4016 return -ENOMEM;
4017
4018 msec->msg = msg;
4019 msec->sid = SECINITSID_UNLABELED;
4020 msg->security = msec;
4021
4022 return 0;
4023 }
4024
4025 static void msg_msg_free_security(struct msg_msg *msg)
4026 {
4027 struct msg_security_struct *msec = msg->security;
4028
4029 msg->security = NULL;
4030 kfree(msec);
4031 }
4032
4033 static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
4034 u32 perms)
4035 {
4036 struct task_security_struct *tsec;
4037 struct ipc_security_struct *isec;
4038 struct avc_audit_data ad;
4039
4040 tsec = current->security;
4041 isec = ipc_perms->security;
4042
4043 AVC_AUDIT_DATA_INIT(&ad, IPC);
4044 ad.u.ipc_id = ipc_perms->key;
4045
4046 return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad);
4047 }
4048
4049 static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
4050 {
4051 return msg_msg_alloc_security(msg);
4052 }
4053
4054 static void selinux_msg_msg_free_security(struct msg_msg *msg)
4055 {
4056 msg_msg_free_security(msg);
4057 }
4058
4059 /* message queue security operations */
4060 static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
4061 {
4062 struct task_security_struct *tsec;
4063 struct ipc_security_struct *isec;
4064 struct avc_audit_data ad;
4065 int rc;
4066
4067 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
4068 if (rc)
4069 return rc;
4070
4071 tsec = current->security;
4072 isec = msq->q_perm.security;
4073
4074 AVC_AUDIT_DATA_INIT(&ad, IPC);
4075 ad.u.ipc_id = msq->q_perm.key;
4076
4077 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
4078 MSGQ__CREATE, &ad);
4079 if (rc) {
4080 ipc_free_security(&msq->q_perm);
4081 return rc;
4082 }
4083 return 0;
4084 }
4085
4086 static void selinux_msg_queue_free_security(struct msg_queue *msq)
4087 {
4088 ipc_free_security(&msq->q_perm);
4089 }
4090
4091 static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
4092 {
4093 struct task_security_struct *tsec;
4094 struct ipc_security_struct *isec;
4095 struct avc_audit_data ad;
4096
4097 tsec = current->security;
4098 isec = msq->q_perm.security;
4099
4100 AVC_AUDIT_DATA_INIT(&ad, IPC);
4101 ad.u.ipc_id = msq->q_perm.key;
4102
4103 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
4104 MSGQ__ASSOCIATE, &ad);
4105 }
4106
4107 static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
4108 {
4109 int err;
4110 int perms;
4111
4112 switch(cmd) {
4113 case IPC_INFO:
4114 case MSG_INFO:
4115 /* No specific object, just general system-wide information. */
4116 return task_has_system(current, SYSTEM__IPC_INFO);
4117 case IPC_STAT:
4118 case MSG_STAT:
4119 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
4120 break;
4121 case IPC_SET:
4122 perms = MSGQ__SETATTR;
4123 break;
4124 case IPC_RMID:
4125 perms = MSGQ__DESTROY;
4126 break;
4127 default:
4128 return 0;
4129 }
4130
4131 err = ipc_has_perm(&msq->q_perm, perms);
4132 return err;
4133 }
4134
4135 static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
4136 {
4137 struct task_security_struct *tsec;
4138 struct ipc_security_struct *isec;
4139 struct msg_security_struct *msec;
4140 struct avc_audit_data ad;
4141 int rc;
4142
4143 tsec = current->security;
4144 isec = msq->q_perm.security;
4145 msec = msg->security;
4146
4147 /*
4148 * First time through, need to assign label to the message
4149 */
4150 if (msec->sid == SECINITSID_UNLABELED) {
4151 /*
4152 * Compute new sid based on current process and
4153 * message queue this message will be stored in
4154 */
4155 rc = security_transition_sid(tsec->sid,
4156 isec->sid,
4157 SECCLASS_MSG,
4158 &msec->sid);
4159 if (rc)
4160 return rc;
4161 }
4162
4163 AVC_AUDIT_DATA_INIT(&ad, IPC);
4164 ad.u.ipc_id = msq->q_perm.key;
4165
4166 /* Can this process write to the queue? */
4167 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
4168 MSGQ__WRITE, &ad);
4169 if (!rc)
4170 /* Can this process send the message */
4171 rc = avc_has_perm(tsec->sid, msec->sid,
4172 SECCLASS_MSG, MSG__SEND, &ad);
4173 if (!rc)
4174 /* Can the message be put in the queue? */
4175 rc = avc_has_perm(msec->sid, isec->sid,
4176 SECCLASS_MSGQ, MSGQ__ENQUEUE, &ad);
4177
4178 return rc;
4179 }
4180
4181 static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
4182 struct task_struct *target,
4183 long type, int mode)
4184 {
4185 struct task_security_struct *tsec;
4186 struct ipc_security_struct *isec;
4187 struct msg_security_struct *msec;
4188 struct avc_audit_data ad;
4189 int rc;
4190
4191 tsec = target->security;
4192 isec = msq->q_perm.security;
4193 msec = msg->security;
4194
4195 AVC_AUDIT_DATA_INIT(&ad, IPC);
4196 ad.u.ipc_id = msq->q_perm.key;
4197
4198 rc = avc_has_perm(tsec->sid, isec->sid,
4199 SECCLASS_MSGQ, MSGQ__READ, &ad);
4200 if (!rc)
4201 rc = avc_has_perm(tsec->sid, msec->sid,
4202 SECCLASS_MSG, MSG__RECEIVE, &ad);
4203 return rc;
4204 }
4205
4206 /* Shared Memory security operations */
4207 static int selinux_shm_alloc_security(struct shmid_kernel *shp)
4208 {
4209 struct task_security_struct *tsec;
4210 struct ipc_security_struct *isec;
4211 struct avc_audit_data ad;
4212 int rc;
4213
4214 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
4215 if (rc)
4216 return rc;
4217
4218 tsec = current->security;
4219 isec = shp->shm_perm.security;
4220
4221 AVC_AUDIT_DATA_INIT(&ad, IPC);
4222 ad.u.ipc_id = shp->shm_perm.key;
4223
4224 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM,
4225 SHM__CREATE, &ad);
4226 if (rc) {
4227 ipc_free_security(&shp->shm_perm);
4228 return rc;
4229 }
4230 return 0;
4231 }
4232
4233 static void selinux_shm_free_security(struct shmid_kernel *shp)
4234 {
4235 ipc_free_security(&shp->shm_perm);
4236 }
4237
4238 static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
4239 {
4240 struct task_security_struct *tsec;
4241 struct ipc_security_struct *isec;
4242 struct avc_audit_data ad;
4243
4244 tsec = current->security;
4245 isec = shp->shm_perm.security;
4246
4247 AVC_AUDIT_DATA_INIT(&ad, IPC);
4248 ad.u.ipc_id = shp->shm_perm.key;
4249
4250 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM,
4251 SHM__ASSOCIATE, &ad);
4252 }
4253
4254 /* Note, at this point, shp is locked down */
4255 static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
4256 {
4257 int perms;
4258 int err;
4259
4260 switch(cmd) {
4261 case IPC_INFO:
4262 case SHM_INFO:
4263 /* No specific object, just general system-wide information. */
4264 return task_has_system(current, SYSTEM__IPC_INFO);
4265 case IPC_STAT:
4266 case SHM_STAT:
4267 perms = SHM__GETATTR | SHM__ASSOCIATE;
4268 break;
4269 case IPC_SET:
4270 perms = SHM__SETATTR;
4271 break;
4272 case SHM_LOCK:
4273 case SHM_UNLOCK:
4274 perms = SHM__LOCK;
4275 break;
4276 case IPC_RMID:
4277 perms = SHM__DESTROY;
4278 break;
4279 default:
4280 return 0;
4281 }
4282
4283 err = ipc_has_perm(&shp->shm_perm, perms);
4284 return err;
4285 }
4286
4287 static int selinux_shm_shmat(struct shmid_kernel *shp,
4288 char __user *shmaddr, int shmflg)
4289 {
4290 u32 perms;
4291 int rc;
4292
4293 rc = secondary_ops->shm_shmat(shp, shmaddr, shmflg);
4294 if (rc)
4295 return rc;
4296
4297 if (shmflg & SHM_RDONLY)
4298 perms = SHM__READ;
4299 else
4300 perms = SHM__READ | SHM__WRITE;
4301
4302 return ipc_has_perm(&shp->shm_perm, perms);
4303 }
4304
4305 /* Semaphore security operations */
4306 static int selinux_sem_alloc_security(struct sem_array *sma)
4307 {
4308 struct task_security_struct *tsec;
4309 struct ipc_security_struct *isec;
4310 struct avc_audit_data ad;
4311 int rc;
4312
4313 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
4314 if (rc)
4315 return rc;
4316
4317 tsec = current->security;
4318 isec = sma->sem_perm.security;
4319
4320 AVC_AUDIT_DATA_INIT(&ad, IPC);
4321 ad.u.ipc_id = sma->sem_perm.key;
4322
4323 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM,
4324 SEM__CREATE, &ad);
4325 if (rc) {
4326 ipc_free_security(&sma->sem_perm);
4327 return rc;
4328 }
4329 return 0;
4330 }
4331
4332 static void selinux_sem_free_security(struct sem_array *sma)
4333 {
4334 ipc_free_security(&sma->sem_perm);
4335 }
4336
4337 static int selinux_sem_associate(struct sem_array *sma, int semflg)
4338 {
4339 struct task_security_struct *tsec;
4340 struct ipc_security_struct *isec;
4341 struct avc_audit_data ad;
4342
4343 tsec = current->security;
4344 isec = sma->sem_perm.security;
4345
4346 AVC_AUDIT_DATA_INIT(&ad, IPC);
4347 ad.u.ipc_id = sma->sem_perm.key;
4348
4349 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM,
4350 SEM__ASSOCIATE, &ad);
4351 }
4352
4353 /* Note, at this point, sma is locked down */
4354 static int selinux_sem_semctl(struct sem_array *sma, int cmd)
4355 {
4356 int err;
4357 u32 perms;
4358
4359 switch(cmd) {
4360 case IPC_INFO:
4361 case SEM_INFO:
4362 /* No specific object, just general system-wide information. */
4363 return task_has_system(current, SYSTEM__IPC_INFO);
4364 case GETPID:
4365 case GETNCNT:
4366 case GETZCNT:
4367 perms = SEM__GETATTR;
4368 break;
4369 case GETVAL:
4370 case GETALL:
4371 perms = SEM__READ;
4372 break;
4373 case SETVAL:
4374 case SETALL:
4375 perms = SEM__WRITE;
4376 break;
4377 case IPC_RMID:
4378 perms = SEM__DESTROY;
4379 break;
4380 case IPC_SET:
4381 perms = SEM__SETATTR;
4382 break;
4383 case IPC_STAT:
4384 case SEM_STAT:
4385 perms = SEM__GETATTR | SEM__ASSOCIATE;
4386 break;
4387 default:
4388 return 0;
4389 }
4390
4391 err = ipc_has_perm(&sma->sem_perm, perms);
4392 return err;
4393 }
4394
4395 static int selinux_sem_semop(struct sem_array *sma,
4396 struct sembuf *sops, unsigned nsops, int alter)
4397 {
4398 u32 perms;
4399
4400 if (alter)
4401 perms = SEM__READ | SEM__WRITE;
4402 else
4403 perms = SEM__READ;
4404
4405 return ipc_has_perm(&sma->sem_perm, perms);
4406 }
4407
4408 static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
4409 {
4410 u32 av = 0;
4411
4412 av = 0;
4413 if (flag & S_IRUGO)
4414 av |= IPC__UNIX_READ;
4415 if (flag & S_IWUGO)
4416 av |= IPC__UNIX_WRITE;
4417
4418 if (av == 0)
4419 return 0;
4420
4421 return ipc_has_perm(ipcp, av);
4422 }
4423
4424 /* module stacking operations */
4425 static int selinux_register_security (const char *name, struct security_operations *ops)
4426 {
4427 if (secondary_ops != original_ops) {
4428 printk(KERN_INFO "%s: There is already a secondary security "
4429 "module registered.\n", __FUNCTION__);
4430 return -EINVAL;
4431 }
4432
4433 secondary_ops = ops;
4434
4435 printk(KERN_INFO "%s: Registering secondary module %s\n",
4436 __FUNCTION__,
4437 name);
4438
4439 return 0;
4440 }
4441
4442 static int selinux_unregister_security (const char *name, struct security_operations *ops)
4443 {
4444 if (ops != secondary_ops) {
4445 printk (KERN_INFO "%s: trying to unregister a security module "
4446 "that is not registered.\n", __FUNCTION__);
4447 return -EINVAL;
4448 }
4449
4450 secondary_ops = original_ops;
4451
4452 return 0;
4453 }
4454
4455 static void selinux_d_instantiate (struct dentry *dentry, struct inode *inode)
4456 {
4457 if (inode)
4458 inode_doinit_with_dentry(inode, dentry);
4459 }
4460
4461 static int selinux_getprocattr(struct task_struct *p,
4462 char *name, void *value, size_t size)
4463 {
4464 struct task_security_struct *tsec;
4465 u32 sid;
4466 int error;
4467
4468 if (current != p) {
4469 error = task_has_perm(current, p, PROCESS__GETATTR);
4470 if (error)
4471 return error;
4472 }
4473
4474 tsec = p->security;
4475
4476 if (!strcmp(name, "current"))
4477 sid = tsec->sid;
4478 else if (!strcmp(name, "prev"))
4479 sid = tsec->osid;
4480 else if (!strcmp(name, "exec"))
4481 sid = tsec->exec_sid;
4482 else if (!strcmp(name, "fscreate"))
4483 sid = tsec->create_sid;
4484 else if (!strcmp(name, "keycreate"))
4485 sid = tsec->keycreate_sid;
4486 else if (!strcmp(name, "sockcreate"))
4487 sid = tsec->sockcreate_sid;
4488 else
4489 return -EINVAL;
4490
4491 if (!sid)
4492 return 0;
4493
4494 return selinux_getsecurity(sid, value, size);
4495 }
4496
4497 static int selinux_setprocattr(struct task_struct *p,
4498 char *name, void *value, size_t size)
4499 {
4500 struct task_security_struct *tsec;
4501 u32 sid = 0;
4502 int error;
4503 char *str = value;
4504
4505 if (current != p) {
4506 /* SELinux only allows a process to change its own
4507 security attributes. */
4508 return -EACCES;
4509 }
4510
4511 /*
4512 * Basic control over ability to set these attributes at all.
4513 * current == p, but we'll pass them separately in case the
4514 * above restriction is ever removed.
4515 */
4516 if (!strcmp(name, "exec"))
4517 error = task_has_perm(current, p, PROCESS__SETEXEC);
4518 else if (!strcmp(name, "fscreate"))
4519 error = task_has_perm(current, p, PROCESS__SETFSCREATE);
4520 else if (!strcmp(name, "keycreate"))
4521 error = task_has_perm(current, p, PROCESS__SETKEYCREATE);
4522 else if (!strcmp(name, "sockcreate"))
4523 error = task_has_perm(current, p, PROCESS__SETSOCKCREATE);
4524 else if (!strcmp(name, "current"))
4525 error = task_has_perm(current, p, PROCESS__SETCURRENT);
4526 else
4527 error = -EINVAL;
4528 if (error)
4529 return error;
4530
4531 /* Obtain a SID for the context, if one was specified. */
4532 if (size && str[1] && str[1] != '\n') {
4533 if (str[size-1] == '\n') {
4534 str[size-1] = 0;
4535 size--;
4536 }
4537 error = security_context_to_sid(value, size, &sid);
4538 if (error)
4539 return error;
4540 }
4541
4542 /* Permission checking based on the specified context is
4543 performed during the actual operation (execve,
4544 open/mkdir/...), when we know the full context of the
4545 operation. See selinux_bprm_set_security for the execve
4546 checks and may_create for the file creation checks. The
4547 operation will then fail if the context is not permitted. */
4548 tsec = p->security;
4549 if (!strcmp(name, "exec"))
4550 tsec->exec_sid = sid;
4551 else if (!strcmp(name, "fscreate"))
4552 tsec->create_sid = sid;
4553 else if (!strcmp(name, "keycreate")) {
4554 error = may_create_key(sid, p);
4555 if (error)
4556 return error;
4557 tsec->keycreate_sid = sid;
4558 } else if (!strcmp(name, "sockcreate"))
4559 tsec->sockcreate_sid = sid;
4560 else if (!strcmp(name, "current")) {
4561 struct av_decision avd;
4562
4563 if (sid == 0)
4564 return -EINVAL;
4565
4566 /* Only allow single threaded processes to change context */
4567 if (atomic_read(&p->mm->mm_users) != 1) {
4568 struct task_struct *g, *t;
4569 struct mm_struct *mm = p->mm;
4570 read_lock(&tasklist_lock);
4571 do_each_thread(g, t)
4572 if (t->mm == mm && t != p) {
4573 read_unlock(&tasklist_lock);
4574 return -EPERM;
4575 }
4576 while_each_thread(g, t);
4577 read_unlock(&tasklist_lock);
4578 }
4579
4580 /* Check permissions for the transition. */
4581 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
4582 PROCESS__DYNTRANSITION, NULL);
4583 if (error)
4584 return error;
4585
4586 /* Check for ptracing, and update the task SID if ok.
4587 Otherwise, leave SID unchanged and fail. */
4588 task_lock(p);
4589 if (p->ptrace & PT_PTRACED) {
4590 error = avc_has_perm_noaudit(tsec->ptrace_sid, sid,
4591 SECCLASS_PROCESS,
4592 PROCESS__PTRACE, &avd);
4593 if (!error)
4594 tsec->sid = sid;
4595 task_unlock(p);
4596 avc_audit(tsec->ptrace_sid, sid, SECCLASS_PROCESS,
4597 PROCESS__PTRACE, &avd, error, NULL);
4598 if (error)
4599 return error;
4600 } else {
4601 tsec->sid = sid;
4602 task_unlock(p);
4603 }
4604 }
4605 else
4606 return -EINVAL;
4607
4608 return size;
4609 }
4610
4611 static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4612 {
4613 return security_sid_to_context(secid, secdata, seclen);
4614 }
4615
4616 static void selinux_release_secctx(char *secdata, u32 seclen)
4617 {
4618 if (secdata)
4619 kfree(secdata);
4620 }
4621
4622 #ifdef CONFIG_KEYS
4623
4624 static int selinux_key_alloc(struct key *k, struct task_struct *tsk,
4625 unsigned long flags)
4626 {
4627 struct task_security_struct *tsec = tsk->security;
4628 struct key_security_struct *ksec;
4629
4630 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
4631 if (!ksec)
4632 return -ENOMEM;
4633
4634 ksec->obj = k;
4635 if (tsec->keycreate_sid)
4636 ksec->sid = tsec->keycreate_sid;
4637 else
4638 ksec->sid = tsec->sid;
4639 k->security = ksec;
4640
4641 return 0;
4642 }
4643
4644 static void selinux_key_free(struct key *k)
4645 {
4646 struct key_security_struct *ksec = k->security;
4647
4648 k->security = NULL;
4649 kfree(ksec);
4650 }
4651
4652 static int selinux_key_permission(key_ref_t key_ref,
4653 struct task_struct *ctx,
4654 key_perm_t perm)
4655 {
4656 struct key *key;
4657 struct task_security_struct *tsec;
4658 struct key_security_struct *ksec;
4659
4660 key = key_ref_to_ptr(key_ref);
4661
4662 tsec = ctx->security;
4663 ksec = key->security;
4664
4665 /* if no specific permissions are requested, we skip the
4666 permission check. No serious, additional covert channels
4667 appear to be created. */
4668 if (perm == 0)
4669 return 0;
4670
4671 return avc_has_perm(tsec->sid, ksec->sid,
4672 SECCLASS_KEY, perm, NULL);
4673 }
4674
4675 #endif
4676
4677 static struct security_operations selinux_ops = {
4678 .ptrace = selinux_ptrace,
4679 .capget = selinux_capget,
4680 .capset_check = selinux_capset_check,
4681 .capset_set = selinux_capset_set,
4682 .sysctl = selinux_sysctl,
4683 .capable = selinux_capable,
4684 .quotactl = selinux_quotactl,
4685 .quota_on = selinux_quota_on,
4686 .syslog = selinux_syslog,
4687 .vm_enough_memory = selinux_vm_enough_memory,
4688
4689 .netlink_send = selinux_netlink_send,
4690 .netlink_recv = selinux_netlink_recv,
4691
4692 .bprm_alloc_security = selinux_bprm_alloc_security,
4693 .bprm_free_security = selinux_bprm_free_security,
4694 .bprm_apply_creds = selinux_bprm_apply_creds,
4695 .bprm_post_apply_creds = selinux_bprm_post_apply_creds,
4696 .bprm_set_security = selinux_bprm_set_security,
4697 .bprm_check_security = selinux_bprm_check_security,
4698 .bprm_secureexec = selinux_bprm_secureexec,
4699
4700 .sb_alloc_security = selinux_sb_alloc_security,
4701 .sb_free_security = selinux_sb_free_security,
4702 .sb_copy_data = selinux_sb_copy_data,
4703 .sb_kern_mount = selinux_sb_kern_mount,
4704 .sb_statfs = selinux_sb_statfs,
4705 .sb_mount = selinux_mount,
4706 .sb_umount = selinux_umount,
4707
4708 .inode_alloc_security = selinux_inode_alloc_security,
4709 .inode_free_security = selinux_inode_free_security,
4710 .inode_init_security = selinux_inode_init_security,
4711 .inode_create = selinux_inode_create,
4712 .inode_link = selinux_inode_link,
4713 .inode_unlink = selinux_inode_unlink,
4714 .inode_symlink = selinux_inode_symlink,
4715 .inode_mkdir = selinux_inode_mkdir,
4716 .inode_rmdir = selinux_inode_rmdir,
4717 .inode_mknod = selinux_inode_mknod,
4718 .inode_rename = selinux_inode_rename,
4719 .inode_readlink = selinux_inode_readlink,
4720 .inode_follow_link = selinux_inode_follow_link,
4721 .inode_permission = selinux_inode_permission,
4722 .inode_setattr = selinux_inode_setattr,
4723 .inode_getattr = selinux_inode_getattr,
4724 .inode_setxattr = selinux_inode_setxattr,
4725 .inode_post_setxattr = selinux_inode_post_setxattr,
4726 .inode_getxattr = selinux_inode_getxattr,
4727 .inode_listxattr = selinux_inode_listxattr,
4728 .inode_removexattr = selinux_inode_removexattr,
4729 .inode_xattr_getsuffix = selinux_inode_xattr_getsuffix,
4730 .inode_getsecurity = selinux_inode_getsecurity,
4731 .inode_setsecurity = selinux_inode_setsecurity,
4732 .inode_listsecurity = selinux_inode_listsecurity,
4733
4734 .file_permission = selinux_file_permission,
4735 .file_alloc_security = selinux_file_alloc_security,
4736 .file_free_security = selinux_file_free_security,
4737 .file_ioctl = selinux_file_ioctl,
4738 .file_mmap = selinux_file_mmap,
4739 .file_mprotect = selinux_file_mprotect,
4740 .file_lock = selinux_file_lock,
4741 .file_fcntl = selinux_file_fcntl,
4742 .file_set_fowner = selinux_file_set_fowner,
4743 .file_send_sigiotask = selinux_file_send_sigiotask,
4744 .file_receive = selinux_file_receive,
4745
4746 .task_create = selinux_task_create,
4747 .task_alloc_security = selinux_task_alloc_security,
4748 .task_free_security = selinux_task_free_security,
4749 .task_setuid = selinux_task_setuid,
4750 .task_post_setuid = selinux_task_post_setuid,
4751 .task_setgid = selinux_task_setgid,
4752 .task_setpgid = selinux_task_setpgid,
4753 .task_getpgid = selinux_task_getpgid,
4754 .task_getsid = selinux_task_getsid,
4755 .task_getsecid = selinux_task_getsecid,
4756 .task_setgroups = selinux_task_setgroups,
4757 .task_setnice = selinux_task_setnice,
4758 .task_setioprio = selinux_task_setioprio,
4759 .task_getioprio = selinux_task_getioprio,
4760 .task_setrlimit = selinux_task_setrlimit,
4761 .task_setscheduler = selinux_task_setscheduler,
4762 .task_getscheduler = selinux_task_getscheduler,
4763 .task_movememory = selinux_task_movememory,
4764 .task_kill = selinux_task_kill,
4765 .task_wait = selinux_task_wait,
4766 .task_prctl = selinux_task_prctl,
4767 .task_reparent_to_init = selinux_task_reparent_to_init,
4768 .task_to_inode = selinux_task_to_inode,
4769
4770 .ipc_permission = selinux_ipc_permission,
4771
4772 .msg_msg_alloc_security = selinux_msg_msg_alloc_security,
4773 .msg_msg_free_security = selinux_msg_msg_free_security,
4774
4775 .msg_queue_alloc_security = selinux_msg_queue_alloc_security,
4776 .msg_queue_free_security = selinux_msg_queue_free_security,
4777 .msg_queue_associate = selinux_msg_queue_associate,
4778 .msg_queue_msgctl = selinux_msg_queue_msgctl,
4779 .msg_queue_msgsnd = selinux_msg_queue_msgsnd,
4780 .msg_queue_msgrcv = selinux_msg_queue_msgrcv,
4781
4782 .shm_alloc_security = selinux_shm_alloc_security,
4783 .shm_free_security = selinux_shm_free_security,
4784 .shm_associate = selinux_shm_associate,
4785 .shm_shmctl = selinux_shm_shmctl,
4786 .shm_shmat = selinux_shm_shmat,
4787
4788 .sem_alloc_security = selinux_sem_alloc_security,
4789 .sem_free_security = selinux_sem_free_security,
4790 .sem_associate = selinux_sem_associate,
4791 .sem_semctl = selinux_sem_semctl,
4792 .sem_semop = selinux_sem_semop,
4793
4794 .register_security = selinux_register_security,
4795 .unregister_security = selinux_unregister_security,
4796
4797 .d_instantiate = selinux_d_instantiate,
4798
4799 .getprocattr = selinux_getprocattr,
4800 .setprocattr = selinux_setprocattr,
4801
4802 .secid_to_secctx = selinux_secid_to_secctx,
4803 .release_secctx = selinux_release_secctx,
4804
4805 .unix_stream_connect = selinux_socket_unix_stream_connect,
4806 .unix_may_send = selinux_socket_unix_may_send,
4807
4808 .socket_create = selinux_socket_create,
4809 .socket_post_create = selinux_socket_post_create,
4810 .socket_bind = selinux_socket_bind,
4811 .socket_connect = selinux_socket_connect,
4812 .socket_listen = selinux_socket_listen,
4813 .socket_accept = selinux_socket_accept,
4814 .socket_sendmsg = selinux_socket_sendmsg,
4815 .socket_recvmsg = selinux_socket_recvmsg,
4816 .socket_getsockname = selinux_socket_getsockname,
4817 .socket_getpeername = selinux_socket_getpeername,
4818 .socket_getsockopt = selinux_socket_getsockopt,
4819 .socket_setsockopt = selinux_socket_setsockopt,
4820 .socket_shutdown = selinux_socket_shutdown,
4821 .socket_sock_rcv_skb = selinux_socket_sock_rcv_skb,
4822 .socket_getpeersec_stream = selinux_socket_getpeersec_stream,
4823 .socket_getpeersec_dgram = selinux_socket_getpeersec_dgram,
4824 .sk_alloc_security = selinux_sk_alloc_security,
4825 .sk_free_security = selinux_sk_free_security,
4826 .sk_clone_security = selinux_sk_clone_security,
4827 .sk_getsecid = selinux_sk_getsecid,
4828 .sock_graft = selinux_sock_graft,
4829 .inet_conn_request = selinux_inet_conn_request,
4830 .inet_csk_clone = selinux_inet_csk_clone,
4831 .inet_conn_established = selinux_inet_conn_established,
4832 .req_classify_flow = selinux_req_classify_flow,
4833
4834 #ifdef CONFIG_SECURITY_NETWORK_XFRM
4835 .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc,
4836 .xfrm_policy_clone_security = selinux_xfrm_policy_clone,
4837 .xfrm_policy_free_security = selinux_xfrm_policy_free,
4838 .xfrm_policy_delete_security = selinux_xfrm_policy_delete,
4839 .xfrm_state_alloc_security = selinux_xfrm_state_alloc,
4840 .xfrm_state_free_security = selinux_xfrm_state_free,
4841 .xfrm_state_delete_security = selinux_xfrm_state_delete,
4842 .xfrm_policy_lookup = selinux_xfrm_policy_lookup,
4843 .xfrm_state_pol_flow_match = selinux_xfrm_state_pol_flow_match,
4844 .xfrm_decode_session = selinux_xfrm_decode_session,
4845 #endif
4846
4847 #ifdef CONFIG_KEYS
4848 .key_alloc = selinux_key_alloc,
4849 .key_free = selinux_key_free,
4850 .key_permission = selinux_key_permission,
4851 #endif
4852 };
4853
4854 static __init int selinux_init(void)
4855 {
4856 struct task_security_struct *tsec;
4857
4858 if (!selinux_enabled) {
4859 printk(KERN_INFO "SELinux: Disabled at boot.\n");
4860 return 0;
4861 }
4862
4863 printk(KERN_INFO "SELinux: Initializing.\n");
4864
4865 /* Set the security state for the initial task. */
4866 if (task_alloc_security(current))
4867 panic("SELinux: Failed to initialize initial task.\n");
4868 tsec = current->security;
4869 tsec->osid = tsec->sid = SECINITSID_KERNEL;
4870
4871 sel_inode_cache = kmem_cache_create("selinux_inode_security",
4872 sizeof(struct inode_security_struct),
4873 0, SLAB_PANIC, NULL, NULL);
4874 avc_init();
4875
4876 original_ops = secondary_ops = security_ops;
4877 if (!secondary_ops)
4878 panic ("SELinux: No initial security operations\n");
4879 if (register_security (&selinux_ops))
4880 panic("SELinux: Unable to register with kernel.\n");
4881
4882 if (selinux_enforcing) {
4883 printk(KERN_INFO "SELinux: Starting in enforcing mode\n");
4884 } else {
4885 printk(KERN_INFO "SELinux: Starting in permissive mode\n");
4886 }
4887
4888 #ifdef CONFIG_KEYS
4889 /* Add security information to initial keyrings */
4890 selinux_key_alloc(&root_user_keyring, current,
4891 KEY_ALLOC_NOT_IN_QUOTA);
4892 selinux_key_alloc(&root_session_keyring, current,
4893 KEY_ALLOC_NOT_IN_QUOTA);
4894 #endif
4895
4896 return 0;
4897 }
4898
4899 void selinux_complete_init(void)
4900 {
4901 printk(KERN_INFO "SELinux: Completing initialization.\n");
4902
4903 /* Set up any superblocks initialized prior to the policy load. */
4904 printk(KERN_INFO "SELinux: Setting up existing superblocks.\n");
4905 spin_lock(&sb_lock);
4906 spin_lock(&sb_security_lock);
4907 next_sb:
4908 if (!list_empty(&superblock_security_head)) {
4909 struct superblock_security_struct *sbsec =
4910 list_entry(superblock_security_head.next,
4911 struct superblock_security_struct,
4912 list);
4913 struct super_block *sb = sbsec->sb;
4914 sb->s_count++;
4915 spin_unlock(&sb_security_lock);
4916 spin_unlock(&sb_lock);
4917 down_read(&sb->s_umount);
4918 if (sb->s_root)
4919 superblock_doinit(sb, NULL);
4920 drop_super(sb);
4921 spin_lock(&sb_lock);
4922 spin_lock(&sb_security_lock);
4923 list_del_init(&sbsec->list);
4924 goto next_sb;
4925 }
4926 spin_unlock(&sb_security_lock);
4927 spin_unlock(&sb_lock);
4928 }
4929
4930 /* SELinux requires early initialization in order to label
4931 all processes and objects when they are created. */
4932 security_initcall(selinux_init);
4933
4934 #if defined(CONFIG_NETFILTER)
4935
4936 static struct nf_hook_ops selinux_ipv4_op = {
4937 .hook = selinux_ipv4_postroute_last,
4938 .owner = THIS_MODULE,
4939 .pf = PF_INET,
4940 .hooknum = NF_IP_POST_ROUTING,
4941 .priority = NF_IP_PRI_SELINUX_LAST,
4942 };
4943
4944 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4945
4946 static struct nf_hook_ops selinux_ipv6_op = {
4947 .hook = selinux_ipv6_postroute_last,
4948 .owner = THIS_MODULE,
4949 .pf = PF_INET6,
4950 .hooknum = NF_IP6_POST_ROUTING,
4951 .priority = NF_IP6_PRI_SELINUX_LAST,
4952 };
4953
4954 #endif /* IPV6 */
4955
4956 static int __init selinux_nf_ip_init(void)
4957 {
4958 int err = 0;
4959
4960 if (!selinux_enabled)
4961 goto out;
4962
4963 printk(KERN_INFO "SELinux: Registering netfilter hooks\n");
4964
4965 err = nf_register_hook(&selinux_ipv4_op);
4966 if (err)
4967 panic("SELinux: nf_register_hook for IPv4: error %d\n", err);
4968
4969 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4970
4971 err = nf_register_hook(&selinux_ipv6_op);
4972 if (err)
4973 panic("SELinux: nf_register_hook for IPv6: error %d\n", err);
4974
4975 #endif /* IPV6 */
4976
4977 out:
4978 return err;
4979 }
4980
4981 __initcall(selinux_nf_ip_init);
4982
4983 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
4984 static void selinux_nf_ip_exit(void)
4985 {
4986 printk(KERN_INFO "SELinux: Unregistering netfilter hooks\n");
4987
4988 nf_unregister_hook(&selinux_ipv4_op);
4989 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4990 nf_unregister_hook(&selinux_ipv6_op);
4991 #endif /* IPV6 */
4992 }
4993 #endif
4994
4995 #else /* CONFIG_NETFILTER */
4996
4997 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
4998 #define selinux_nf_ip_exit()
4999 #endif
5000
5001 #endif /* CONFIG_NETFILTER */
5002
5003 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
5004 int selinux_disable(void)
5005 {
5006 extern void exit_sel_fs(void);
5007 static int selinux_disabled = 0;
5008
5009 if (ss_initialized) {
5010 /* Not permitted after initial policy load. */
5011 return -EINVAL;
5012 }
5013
5014 if (selinux_disabled) {
5015 /* Only do this once. */
5016 return -EINVAL;
5017 }
5018
5019 printk(KERN_INFO "SELinux: Disabled at runtime.\n");
5020
5021 selinux_disabled = 1;
5022 selinux_enabled = 0;
5023
5024 /* Reset security_ops to the secondary module, dummy or capability. */
5025 security_ops = secondary_ops;
5026
5027 /* Unregister netfilter hooks. */
5028 selinux_nf_ip_exit();
5029
5030 /* Unregister selinuxfs. */
5031 exit_sel_fs();
5032
5033 return 0;
5034 }
5035 #endif
5036
5037
Linux kernel - Deliverables
This page took 0.128106 seconds and 6 git commands to generate.