Lines Matching +full:un +full:- +full:approved
1 // SPDX-License-Identifier: GPL-2.0-only
3 * Security-Enhanced Linux (SELinux) security module
13 * Copyright (C) 2003-2008 Red Hat, Inc., James Morris <jmorris@redhat.com>
15 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
17 * Copyright (C) 2006, 2007, 2009 Hewlett-Packard Development Company, L.P.
18 * Paul Moore <paul@paul-moore.com>
71 #include <linux/un.h> /* for Unix socket types */
81 #include <linux/posix-timers.h>
155 * selinux_secmark_enabled - Check to see if SECMARK is currently enabled
172 * selinux_peerlbl_enabled - Check to see if peer labeling is currently enabled
217 tsec = selinux_cred(unrcu_pointer(current->real_cred)); in cred_init_security()
218 tsec->osid = tsec->sid = tsec->avdcache.sid = SECINITSID_KERNEL; in cred_init_security()
229 return tsec->sid; in cred_sid()
236 ad->type = LSM_AUDIT_DATA_NET; in __ad_net_init()
237 ad->u.net = net; in __ad_net_init()
238 net->netif = ifindex; in __ad_net_init()
239 net->sk = sk; in __ad_net_init()
240 net->family = family; in __ad_net_init()
275 * allowed; when set to false, returns -ECHILD when the label is
288 return -ECHILD; in __inode_security_revalidate()
312 if (data_race(likely(isec->initialized == LABEL_INITIALIZED))) in inode_security_rcu()
328 if (data_race(likely(isec->initialized == LABEL_INITIALIZED))) in inode_security()
348 if (data_race(likely(isec->initialized == LABEL_INITIALIZED))) in backing_inode_security()
361 sbsec = selinux_superblock(inode->i_sb); in inode_free_security()
372 if (!list_empty_careful(&isec->list)) { in inode_free_security()
373 spin_lock(&sbsec->isec_lock); in inode_free_security()
374 list_del_init(&isec->list); in inode_free_security()
375 spin_unlock(&sbsec->isec_lock); in inode_free_security()
392 Opt_error = -1,
400 #define A(s, has_arg) {#s, sizeof(#s) - 1, Opt_##s, has_arg}
443 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, in may_context_mount_sb_relabel()
448 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM, in may_context_mount_sb_relabel()
459 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, in may_context_mount_inode_relabel()
464 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, in may_context_mount_inode_relabel()
471 /* Special handling. Genfs but also in-core setxattr handler */ in selinux_is_genfs_special_handling()
472 return !strcmp(sb->s_type->name, "sysfs") || in selinux_is_genfs_special_handling()
473 !strcmp(sb->s_type->name, "pstore") || in selinux_is_genfs_special_handling()
474 !strcmp(sb->s_type->name, "debugfs") || in selinux_is_genfs_special_handling()
475 !strcmp(sb->s_type->name, "tracefs") || in selinux_is_genfs_special_handling()
476 !strcmp(sb->s_type->name, "rootfs") || in selinux_is_genfs_special_handling()
478 (!strcmp(sb->s_type->name, "cgroup") || in selinux_is_genfs_special_handling()
479 !strcmp(sb->s_type->name, "cgroup2"))) || in selinux_is_genfs_special_handling()
481 !strcmp(sb->s_type->name, "functionfs")); in selinux_is_genfs_special_handling()
489 * IMPORTANT: Double-check logic in this function when adding a new in selinux_is_sblabel_mnt()
494 switch (sbsec->behavior) { in selinux_is_sblabel_mnt()
515 struct dentry *root = sb->s_root; in sb_check_xattr_support()
522 * error other than -ENODATA is returned by getxattr on in sb_check_xattr_support()
523 * the root directory. -ENODATA is ok, as this may be in sb_check_xattr_support()
527 if (!(root_inode->i_opflags & IOP_XATTR)) { in sb_check_xattr_support()
529 sb->s_id, sb->s_type->name); in sb_check_xattr_support()
534 if (rc < 0 && rc != -ENODATA) { in sb_check_xattr_support()
535 if (rc == -EOPNOTSUPP) { in sb_check_xattr_support()
537 sb->s_id, sb->s_type->name); in sb_check_xattr_support()
541 sb->s_id, sb->s_type->name, -rc); in sb_check_xattr_support()
548 /* No xattr support - try to fallback to genfs if possible. */ in sb_check_xattr_support()
549 rc = security_genfs_sid(sb->s_type->name, "/", in sb_check_xattr_support()
552 return -EOPNOTSUPP; in sb_check_xattr_support()
555 sb->s_id, sb->s_type->name); in sb_check_xattr_support()
556 sbsec->behavior = SECURITY_FS_USE_GENFS; in sb_check_xattr_support()
557 sbsec->sid = sid; in sb_check_xattr_support()
564 struct dentry *root = sb->s_root; in sb_finish_set_opts()
568 if (sbsec->behavior == SECURITY_FS_USE_XATTR) { in sb_finish_set_opts()
574 sbsec->flags |= SE_SBINITIALIZED; in sb_finish_set_opts()
582 sbsec->flags |= SBLABEL_MNT; in sb_finish_set_opts()
584 sbsec->flags &= ~SBLABEL_MNT; in sb_finish_set_opts()
593 spin_lock(&sbsec->isec_lock); in sb_finish_set_opts()
594 while (!list_empty(&sbsec->isec_head)) { in sb_finish_set_opts()
596 list_first_entry(&sbsec->isec_head, in sb_finish_set_opts()
598 struct inode *inode = isec->inode; in sb_finish_set_opts()
599 list_del_init(&isec->list); in sb_finish_set_opts()
600 spin_unlock(&sbsec->isec_lock); in sb_finish_set_opts()
607 spin_lock(&sbsec->isec_lock); in sb_finish_set_opts()
609 spin_unlock(&sbsec->isec_lock); in sb_finish_set_opts()
616 char mnt_flags = sbsec->flags & SE_MNTMASK; in bad_option()
619 if (sbsec->flags & SE_SBINITIALIZED) in bad_option()
620 if (!(sbsec->flags & flag) || in bad_option()
627 if (!(sbsec->flags & SE_SBINITIALIZED)) in bad_option()
644 struct dentry *root = sb->s_root; in selinux_set_mnt_opts()
656 return -EINVAL; in selinux_set_mnt_opts()
658 mutex_lock(&sbsec->lock); in selinux_set_mnt_opts()
666 sbsec->flags |= SE_SBNATIVE; in selinux_set_mnt_opts()
671 rc = -EINVAL; in selinux_set_mnt_opts()
688 if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA) in selinux_set_mnt_opts()
700 if (opts->fscontext_sid) { in selinux_set_mnt_opts()
701 fscontext_sid = opts->fscontext_sid; in selinux_set_mnt_opts()
702 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, in selinux_set_mnt_opts()
705 sbsec->flags |= FSCONTEXT_MNT; in selinux_set_mnt_opts()
707 if (opts->context_sid) { in selinux_set_mnt_opts()
708 context_sid = opts->context_sid; in selinux_set_mnt_opts()
709 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, in selinux_set_mnt_opts()
712 sbsec->flags |= CONTEXT_MNT; in selinux_set_mnt_opts()
714 if (opts->rootcontext_sid) { in selinux_set_mnt_opts()
715 rootcontext_sid = opts->rootcontext_sid; in selinux_set_mnt_opts()
716 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, in selinux_set_mnt_opts()
719 sbsec->flags |= ROOTCONTEXT_MNT; in selinux_set_mnt_opts()
721 if (opts->defcontext_sid) { in selinux_set_mnt_opts()
722 defcontext_sid = opts->defcontext_sid; in selinux_set_mnt_opts()
723 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, in selinux_set_mnt_opts()
726 sbsec->flags |= DEFCONTEXT_MNT; in selinux_set_mnt_opts()
730 if (sbsec->flags & SE_SBINITIALIZED) { in selinux_set_mnt_opts()
732 if ((sbsec->flags & SE_MNTMASK) && !opts) in selinux_set_mnt_opts()
738 if (strcmp(sb->s_type->name, "proc") == 0) in selinux_set_mnt_opts()
739 sbsec->flags |= SE_SBPROC | SE_SBGENFS; in selinux_set_mnt_opts()
741 if (!strcmp(sb->s_type->name, "debugfs") || in selinux_set_mnt_opts()
742 !strcmp(sb->s_type->name, "tracefs") || in selinux_set_mnt_opts()
743 !strcmp(sb->s_type->name, "binder") || in selinux_set_mnt_opts()
744 !strcmp(sb->s_type->name, "bpf") || in selinux_set_mnt_opts()
745 !strcmp(sb->s_type->name, "pstore") || in selinux_set_mnt_opts()
746 !strcmp(sb->s_type->name, "securityfs") || in selinux_set_mnt_opts()
748 !strcmp(sb->s_type->name, "functionfs"))) in selinux_set_mnt_opts()
749 sbsec->flags |= SE_SBGENFS; in selinux_set_mnt_opts()
751 if (!strcmp(sb->s_type->name, "sysfs") || in selinux_set_mnt_opts()
752 !strcmp(sb->s_type->name, "cgroup") || in selinux_set_mnt_opts()
753 !strcmp(sb->s_type->name, "cgroup2")) in selinux_set_mnt_opts()
754 sbsec->flags |= SE_SBGENFS | SE_SBGENFS_XATTR; in selinux_set_mnt_opts()
756 if (!sbsec->behavior) { in selinux_set_mnt_opts()
764 __func__, sb->s_type->name, rc); in selinux_set_mnt_opts()
774 if (sb->s_user_ns != &init_user_ns && in selinux_set_mnt_opts()
775 strcmp(sb->s_type->name, "tmpfs") && in selinux_set_mnt_opts()
776 strcmp(sb->s_type->name, "ramfs") && in selinux_set_mnt_opts()
777 strcmp(sb->s_type->name, "devpts") && in selinux_set_mnt_opts()
778 strcmp(sb->s_type->name, "overlay")) { in selinux_set_mnt_opts()
781 rc = -EACCES; in selinux_set_mnt_opts()
784 if (sbsec->behavior == SECURITY_FS_USE_XATTR) { in selinux_set_mnt_opts()
785 sbsec->behavior = SECURITY_FS_USE_MNTPOINT; in selinux_set_mnt_opts()
789 &sbsec->mntpoint_sid); in selinux_set_mnt_opts()
802 sbsec->sid = fscontext_sid; in selinux_set_mnt_opts()
810 if (sbsec->flags & SE_SBNATIVE) { in selinux_set_mnt_opts()
819 sbsec->behavior = SECURITY_FS_USE_NATIVE; in selinux_set_mnt_opts()
821 sbsec->behavior = SECURITY_FS_USE_NATIVE; in selinux_set_mnt_opts()
831 sbsec->sid = context_sid; in selinux_set_mnt_opts()
841 sbsec->mntpoint_sid = context_sid; in selinux_set_mnt_opts()
842 sbsec->behavior = SECURITY_FS_USE_MNTPOINT; in selinux_set_mnt_opts()
851 root_isec->sid = rootcontext_sid; in selinux_set_mnt_opts()
852 root_isec->initialized = LABEL_INITIALIZED; in selinux_set_mnt_opts()
856 if (sbsec->behavior != SECURITY_FS_USE_XATTR && in selinux_set_mnt_opts()
857 sbsec->behavior != SECURITY_FS_USE_NATIVE) { in selinux_set_mnt_opts()
858 rc = -EINVAL; in selinux_set_mnt_opts()
864 if (defcontext_sid != sbsec->def_sid) { in selinux_set_mnt_opts()
871 sbsec->def_sid = defcontext_sid; in selinux_set_mnt_opts()
877 mutex_unlock(&sbsec->lock); in selinux_set_mnt_opts()
880 rc = -EINVAL; in selinux_set_mnt_opts()
882 "security settings for (dev %s, type %s)\n", sb->s_id, in selinux_set_mnt_opts()
883 sb->s_type->name); in selinux_set_mnt_opts()
892 char oldflags = old->flags & SE_MNTMASK; in selinux_cmp_sb_context()
893 char newflags = new->flags & SE_MNTMASK; in selinux_cmp_sb_context()
897 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid) in selinux_cmp_sb_context()
899 if ((oldflags & CONTEXT_MNT) && old->mntpoint_sid != new->mntpoint_sid) in selinux_cmp_sb_context()
901 if ((oldflags & DEFCONTEXT_MNT) && old->def_sid != new->def_sid) in selinux_cmp_sb_context()
904 struct inode_security_struct *oldroot = backing_inode_security(oldsb->s_root); in selinux_cmp_sb_context()
905 struct inode_security_struct *newroot = backing_inode_security(newsb->s_root); in selinux_cmp_sb_context()
906 if (oldroot->sid != newroot->sid) in selinux_cmp_sb_context()
913 "type %s)\n", newsb->s_id, newsb->s_type->name); in selinux_cmp_sb_context()
914 return -EBUSY; in selinux_cmp_sb_context()
927 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT); in selinux_sb_clone_mnt_opts()
928 int set_context = (oldsbsec->flags & CONTEXT_MNT); in selinux_sb_clone_mnt_opts()
929 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT); in selinux_sb_clone_mnt_opts()
936 return -EINVAL; in selinux_sb_clone_mnt_opts()
938 mutex_lock(&newsbsec->lock); in selinux_sb_clone_mnt_opts()
946 newsbsec->flags |= SE_SBNATIVE; in selinux_sb_clone_mnt_opts()
953 BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED)); in selinux_sb_clone_mnt_opts()
956 if (newsbsec->flags & SE_SBINITIALIZED) { in selinux_sb_clone_mnt_opts()
957 mutex_unlock(&newsbsec->lock); in selinux_sb_clone_mnt_opts()
963 newsbsec->flags = oldsbsec->flags; in selinux_sb_clone_mnt_opts()
965 newsbsec->sid = oldsbsec->sid; in selinux_sb_clone_mnt_opts()
966 newsbsec->def_sid = oldsbsec->def_sid; in selinux_sb_clone_mnt_opts()
967 newsbsec->behavior = oldsbsec->behavior; in selinux_sb_clone_mnt_opts()
969 if (newsbsec->behavior == SECURITY_FS_USE_NATIVE && in selinux_sb_clone_mnt_opts()
977 newsbsec->behavior = SECURITY_FS_USE_NATIVE; in selinux_sb_clone_mnt_opts()
982 u32 sid = oldsbsec->mntpoint_sid; in selinux_sb_clone_mnt_opts()
985 newsbsec->sid = sid; in selinux_sb_clone_mnt_opts()
987 struct inode_security_struct *newisec = backing_inode_security(newsb->s_root); in selinux_sb_clone_mnt_opts()
988 newisec->sid = sid; in selinux_sb_clone_mnt_opts()
990 newsbsec->mntpoint_sid = sid; in selinux_sb_clone_mnt_opts()
993 const struct inode_security_struct *oldisec = backing_inode_security(oldsb->s_root); in selinux_sb_clone_mnt_opts()
994 struct inode_security_struct *newisec = backing_inode_security(newsb->s_root); in selinux_sb_clone_mnt_opts()
996 newisec->sid = oldisec->sid; in selinux_sb_clone_mnt_opts()
1001 mutex_unlock(&newsbsec->lock); in selinux_sb_clone_mnt_opts()
1018 return -EINVAL; in selinux_add_opt()
1022 return -EINVAL; in selinux_add_opt()
1028 return -ENOMEM; in selinux_add_opt()
1034 if (opts->context_sid || opts->defcontext_sid) in selinux_add_opt()
1036 dst_sid = &opts->context_sid; in selinux_add_opt()
1039 if (opts->fscontext_sid) in selinux_add_opt()
1041 dst_sid = &opts->fscontext_sid; in selinux_add_opt()
1044 if (opts->rootcontext_sid) in selinux_add_opt()
1046 dst_sid = &opts->rootcontext_sid; in selinux_add_opt()
1049 if (opts->context_sid || opts->defcontext_sid) in selinux_add_opt()
1051 dst_sid = &opts->defcontext_sid; in selinux_add_opt()
1055 return -EINVAL; in selinux_add_opt()
1065 return -EINVAL; in selinux_add_opt()
1094 if (!(sbsec->flags & SE_SBINITIALIZED)) in selinux_sb_show_options()
1100 if (sbsec->flags & FSCONTEXT_MNT) { in selinux_sb_show_options()
1103 rc = show_sid(m, sbsec->sid); in selinux_sb_show_options()
1107 if (sbsec->flags & CONTEXT_MNT) { in selinux_sb_show_options()
1110 rc = show_sid(m, sbsec->mntpoint_sid); in selinux_sb_show_options()
1114 if (sbsec->flags & DEFCONTEXT_MNT) { in selinux_sb_show_options()
1117 rc = show_sid(m, sbsec->def_sid); in selinux_sb_show_options()
1121 if (sbsec->flags & ROOTCONTEXT_MNT) { in selinux_sb_show_options()
1122 struct dentry *root = sb->s_root; in selinux_sb_show_options()
1126 rc = show_sid(m, isec->sid); in selinux_sb_show_options()
1130 if (sbsec->flags & SBLABEL_MNT) { in selinux_sb_show_options()
1329 struct super_block *sb = dentry->d_sb; in selinux_genfs_get_sid()
1334 return -ENOMEM; in selinux_genfs_get_sid()
1343 * e.g. /proc/1/net/rpc/nfs -> /net/rpc/nfs */ in selinux_genfs_get_sid()
1349 rc = security_genfs_sid(sb->s_type->name, in selinux_genfs_get_sid()
1351 if (rc == -ENOENT) { in selinux_genfs_get_sid()
1372 return -ENOMEM; in inode_doinit_use_xattr()
1376 if (rc == -ERANGE) { in inode_doinit_use_xattr()
1387 return -ENOMEM; in inode_doinit_use_xattr()
1395 if (rc != -ENODATA) { in inode_doinit_use_xattr()
1397 __func__, -rc, inode->i_sb->s_id, inode->i_ino); in inode_doinit_use_xattr()
1407 char *dev = inode->i_sb->s_id; in inode_doinit_use_xattr()
1408 unsigned long ino = inode->i_ino; in inode_doinit_use_xattr()
1410 if (rc == -EINVAL) { in inode_doinit_use_xattr()
1415 __func__, context, -rc, dev, ino); in inode_doinit_use_xattr()
1432 if (isec->initialized == LABEL_INITIALIZED) in inode_doinit_with_dentry()
1435 spin_lock(&isec->lock); in inode_doinit_with_dentry()
1436 if (isec->initialized == LABEL_INITIALIZED) in inode_doinit_with_dentry()
1439 if (isec->sclass == SECCLASS_FILE) in inode_doinit_with_dentry()
1440 isec->sclass = inode_mode_to_security_class(inode->i_mode); in inode_doinit_with_dentry()
1442 sbsec = selinux_superblock(inode->i_sb); in inode_doinit_with_dentry()
1443 if (!(sbsec->flags & SE_SBINITIALIZED)) { in inode_doinit_with_dentry()
1447 spin_lock(&sbsec->isec_lock); in inode_doinit_with_dentry()
1448 if (list_empty(&isec->list)) in inode_doinit_with_dentry()
1449 list_add(&isec->list, &sbsec->isec_head); in inode_doinit_with_dentry()
1450 spin_unlock(&sbsec->isec_lock); in inode_doinit_with_dentry()
1454 sclass = isec->sclass; in inode_doinit_with_dentry()
1455 task_sid = isec->task_sid; in inode_doinit_with_dentry()
1456 sid = isec->sid; in inode_doinit_with_dentry()
1457 isec->initialized = LABEL_PENDING; in inode_doinit_with_dentry()
1458 spin_unlock(&isec->lock); in inode_doinit_with_dentry()
1460 switch (sbsec->behavior) { in inode_doinit_with_dentry()
1462 * In case of SECURITY_FS_USE_NATIVE we need to re-fetch the labels in inode_doinit_with_dentry()
1467 if (!(inode->i_opflags & IOP_XATTR)) { in inode_doinit_with_dentry()
1468 sid = sbsec->def_sid; in inode_doinit_with_dentry()
1492 * sbsec->isec_head list. No reason to complain as these in inode_doinit_with_dentry()
1500 rc = inode_doinit_use_xattr(inode, dentry, sbsec->def_sid, in inode_doinit_with_dentry()
1511 sid = sbsec->sid; in inode_doinit_with_dentry()
1520 sid = sbsec->mntpoint_sid; in inode_doinit_with_dentry()
1524 sid = sbsec->sid; in inode_doinit_with_dentry()
1526 if ((sbsec->flags & SE_SBGENFS) && in inode_doinit_with_dentry()
1527 (!S_ISLNK(inode->i_mode) || in inode_doinit_with_dentry()
1548 * sbsec->isec_head list. No reason to complain as in inode_doinit_with_dentry()
1556 sbsec->flags, &sid); in inode_doinit_with_dentry()
1562 if ((sbsec->flags & SE_SBGENFS_XATTR) && in inode_doinit_with_dentry()
1563 (inode->i_opflags & IOP_XATTR)) { in inode_doinit_with_dentry()
1577 spin_lock(&isec->lock); in inode_doinit_with_dentry()
1578 if (isec->initialized == LABEL_PENDING) { in inode_doinit_with_dentry()
1580 isec->initialized = LABEL_INVALID; in inode_doinit_with_dentry()
1583 isec->initialized = LABEL_INITIALIZED; in inode_doinit_with_dentry()
1584 isec->sid = sid; in inode_doinit_with_dentry()
1588 spin_unlock(&isec->lock); in inode_doinit_with_dentry()
1592 spin_lock(&isec->lock); in inode_doinit_with_dentry()
1593 if (isec->initialized == LABEL_PENDING) { in inode_doinit_with_dentry()
1594 isec->initialized = LABEL_INVALID; in inode_doinit_with_dentry()
1595 isec->sid = sid; in inode_doinit_with_dentry()
1597 spin_unlock(&isec->lock); in inode_doinit_with_dentry()
1656 return -EINVAL; in cred_has_capability()
1685 return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp); in inode_has_perm()
1702 if (data_race(unlikely(isec->initialized != LABEL_INITIALIZED))) in dentry_has_perm()
1715 struct inode *inode = d_backing_inode(path->dentry); in path_has_perm()
1721 if (data_race(unlikely(isec->initialized != LABEL_INITIALIZED))) in path_has_perm()
1722 __inode_security_revalidate(inode, path->dentry, true); in path_has_perm()
1763 if (sid != fsec->sid) { in file_has_perm()
1764 rc = avc_has_perm(sid, fsec->sid, in file_has_perm()
1797 selinux_superblock(dir->i_sb); in selinux_determine_inode_label()
1799 if ((sbsec->flags & SE_SBINITIALIZED) && in selinux_determine_inode_label()
1800 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) { in selinux_determine_inode_label()
1801 *_new_isid = sbsec->mntpoint_sid; in selinux_determine_inode_label()
1802 } else if ((sbsec->flags & SBLABEL_MNT) && in selinux_determine_inode_label()
1803 tsec->create_sid) { in selinux_determine_inode_label()
1804 *_new_isid = tsec->create_sid; in selinux_determine_inode_label()
1807 return security_transition_sid(tsec->sid, in selinux_determine_inode_label()
1808 dsec->sid, tclass, in selinux_determine_inode_label()
1828 sbsec = selinux_superblock(dir->i_sb); in may_create()
1830 sid = tsec->sid; in may_create()
1835 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, in may_create()
1841 rc = selinux_determine_inode_label(tsec, dir, &dentry->d_name, tclass, in may_create()
1850 return avc_has_perm(newsid, sbsec->sid, in may_create()
1879 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad); in may_link()
1899 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad); in may_link()
1923 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR, in may_rename()
1927 rc = avc_has_perm(sid, old_isec->sid, in may_rename()
1928 old_isec->sclass, FILE__RENAME, &ad); in may_rename()
1932 rc = avc_has_perm(sid, old_isec->sid, in may_rename()
1933 old_isec->sclass, DIR__REPARENT, &ad); in may_rename()
1942 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad); in may_rename()
1948 rc = avc_has_perm(sid, new_isec->sid, in may_rename()
1949 new_isec->sclass, in may_rename()
1968 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad); in superblock_has_perm()
2004 if (file->f_mode & FMODE_READ) in file_to_av()
2006 if (file->f_mode & FMODE_WRITE) { in file_to_av()
2007 if (file->f_flags & O_APPEND) in file_to_av()
2014 * Special file opened with flags 3 for ioctl-only use. in file_to_av()
2032 inode->i_sb->s_magic != SOCKFS_MAGIC) in open_file_to_av()
2079 struct dentry *dentry = file->f_path.dentry; in selinux_binder_transfer_file()
2085 ad.u.path = file->f_path; in selinux_binder_transfer_file()
2087 if (sid != fsec->sid) { in selinux_binder_transfer_file()
2088 rc = avc_has_perm(sid, fsec->sid, in selinux_binder_transfer_file()
2106 return avc_has_perm(sid, isec->sid, isec->sclass, file_to_av(file), in selinux_binder_transfer_file()
2257 int nnp = (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS); in check_nnp_nosuid()
2258 int nosuid = !mnt_may_suid(bprm->file->f_path.mnt); in check_nnp_nosuid()
2265 if (new_tsec->sid == old_tsec->sid) in check_nnp_nosuid()
2280 rc = avc_has_perm(old_tsec->sid, new_tsec->sid, in check_nnp_nosuid()
2291 rc = security_bounded_transition(old_tsec->sid, in check_nnp_nosuid()
2292 new_tsec->sid); in check_nnp_nosuid()
2302 return -EPERM; in check_nnp_nosuid()
2303 return -EACCES; in check_nnp_nosuid()
2312 struct inode *inode = file_inode(bprm->file); in selinux_bprm_creds_for_exec()
2319 new_tsec = selinux_cred(bprm->cred); in selinux_bprm_creds_for_exec()
2323 new_tsec->sid = old_tsec->sid; in selinux_bprm_creds_for_exec()
2324 new_tsec->osid = old_tsec->sid; in selinux_bprm_creds_for_exec()
2327 new_tsec->create_sid = 0; in selinux_bprm_creds_for_exec()
2328 new_tsec->keycreate_sid = 0; in selinux_bprm_creds_for_exec()
2329 new_tsec->sockcreate_sid = 0; in selinux_bprm_creds_for_exec()
2338 new_tsec->sid = SECINITSID_INIT; in selinux_bprm_creds_for_exec()
2340 new_tsec->exec_sid = 0; in selinux_bprm_creds_for_exec()
2344 if (old_tsec->exec_sid) { in selinux_bprm_creds_for_exec()
2345 new_tsec->sid = old_tsec->exec_sid; in selinux_bprm_creds_for_exec()
2347 new_tsec->exec_sid = 0; in selinux_bprm_creds_for_exec()
2355 rc = security_transition_sid(old_tsec->sid, in selinux_bprm_creds_for_exec()
2356 isec->sid, SECCLASS_PROCESS, NULL, in selinux_bprm_creds_for_exec()
2357 &new_tsec->sid); in selinux_bprm_creds_for_exec()
2367 new_tsec->sid = old_tsec->sid; in selinux_bprm_creds_for_exec()
2371 ad.u.file = bprm->file; in selinux_bprm_creds_for_exec()
2373 if (new_tsec->sid == old_tsec->sid) { in selinux_bprm_creds_for_exec()
2374 rc = avc_has_perm(old_tsec->sid, isec->sid, in selinux_bprm_creds_for_exec()
2380 rc = avc_has_perm(old_tsec->sid, new_tsec->sid, in selinux_bprm_creds_for_exec()
2385 rc = avc_has_perm(new_tsec->sid, isec->sid, in selinux_bprm_creds_for_exec()
2391 if (bprm->unsafe & LSM_UNSAFE_SHARE) { in selinux_bprm_creds_for_exec()
2392 rc = avc_has_perm(old_tsec->sid, new_tsec->sid, in selinux_bprm_creds_for_exec()
2396 return -EPERM; in selinux_bprm_creds_for_exec()
2401 if (bprm->unsafe & LSM_UNSAFE_PTRACE) { in selinux_bprm_creds_for_exec()
2404 rc = avc_has_perm(ptsid, new_tsec->sid, in selinux_bprm_creds_for_exec()
2408 return -EPERM; in selinux_bprm_creds_for_exec()
2413 bprm->per_clear |= PER_CLEAR_ON_SETID; in selinux_bprm_creds_for_exec()
2418 rc = avc_has_perm(old_tsec->sid, new_tsec->sid, in selinux_bprm_creds_for_exec()
2421 bprm->secureexec |= !!rc; in selinux_bprm_creds_for_exec()
2443 spin_lock(&tty->files_lock); in flush_unauthorized_files()
2444 if (!list_empty(&tty->tty_files)) { in flush_unauthorized_files()
2451 only interested in the inode-based check here. */ in flush_unauthorized_files()
2452 file_priv = list_first_entry(&tty->tty_files, in flush_unauthorized_files()
2454 file = file_priv->file; in flush_unauthorized_files()
2458 spin_unlock(&tty->files_lock); in flush_unauthorized_files()
2475 replace_fd(n - 1, devnull, 0); in flush_unauthorized_files()
2490 new_tsec = selinux_cred(bprm->cred); in selinux_bprm_committing_creds()
2491 if (new_tsec->sid == new_tsec->osid) in selinux_bprm_committing_creds()
2495 flush_unauthorized_files(bprm->cred, current->files); in selinux_bprm_committing_creds()
2498 current->pdeath_signal = 0; in selinux_bprm_committing_creds()
2510 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS, in selinux_bprm_committing_creds()
2516 rlim = current->signal->rlim + i; in selinux_bprm_committing_creds()
2517 initrlim = init_task.signal->rlim + i; in selinux_bprm_committing_creds()
2518 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); in selinux_bprm_committing_creds()
2536 osid = tsec->osid; in selinux_bprm_committed_creds()
2537 sid = tsec->sid; in selinux_bprm_committed_creds()
2553 spin_lock_irq(&unrcu_pointer(current->sighand)->siglock); in selinux_bprm_committed_creds()
2555 flush_sigqueue(¤t->pending); in selinux_bprm_committed_creds()
2556 flush_sigqueue(¤t->signal->shared_pending); in selinux_bprm_committed_creds()
2558 sigemptyset(¤t->blocked); in selinux_bprm_committed_creds()
2561 spin_unlock_irq(&unrcu_pointer(current->sighand)->siglock); in selinux_bprm_committed_creds()
2567 __wake_up_parent(current, unrcu_pointer(current->real_parent)); in selinux_bprm_committed_creds()
2577 mutex_init(&sbsec->lock); in selinux_sb_alloc_security()
2578 INIT_LIST_HEAD(&sbsec->isec_head); in selinux_sb_alloc_security()
2579 spin_lock_init(&sbsec->isec_lock); in selinux_sb_alloc_security()
2580 sbsec->sid = SECINITSID_UNLABELED; in selinux_sb_alloc_security()
2581 sbsec->def_sid = SECINITSID_FILE; in selinux_sb_alloc_security()
2582 sbsec->mntpoint_sid = SECINITSID_UNLABELED; in selinux_sb_alloc_security()
2626 arg = kmemdup_nul(arg, q - arg, GFP_KERNEL); in selinux_sb_eat_lsm_opts()
2628 rc = -ENOMEM; in selinux_sb_eat_lsm_opts()
2640 from--; in selinux_sb_eat_lsm_opts()
2669 * Superblock not initialized (i.e. no options) - reject if any in selinux_sb_mnt_opts_compat()
2672 if (!(sbsec->flags & SE_SBINITIALIZED)) in selinux_sb_mnt_opts_compat()
2676 * Superblock initialized and no options specified - reject if in selinux_sb_mnt_opts_compat()
2680 return (sbsec->flags & SE_MNTMASK) ? 1 : 0; in selinux_sb_mnt_opts_compat()
2682 if (opts->fscontext_sid) { in selinux_sb_mnt_opts_compat()
2683 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, in selinux_sb_mnt_opts_compat()
2684 opts->fscontext_sid)) in selinux_sb_mnt_opts_compat()
2687 if (opts->context_sid) { in selinux_sb_mnt_opts_compat()
2688 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, in selinux_sb_mnt_opts_compat()
2689 opts->context_sid)) in selinux_sb_mnt_opts_compat()
2692 if (opts->rootcontext_sid) { in selinux_sb_mnt_opts_compat()
2695 root_isec = backing_inode_security(sb->s_root); in selinux_sb_mnt_opts_compat()
2696 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, in selinux_sb_mnt_opts_compat()
2697 opts->rootcontext_sid)) in selinux_sb_mnt_opts_compat()
2700 if (opts->defcontext_sid) { in selinux_sb_mnt_opts_compat()
2701 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, in selinux_sb_mnt_opts_compat()
2702 opts->defcontext_sid)) in selinux_sb_mnt_opts_compat()
2713 if (!(sbsec->flags & SE_SBINITIALIZED)) in selinux_sb_remount()
2719 if (opts->fscontext_sid) { in selinux_sb_remount()
2720 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, in selinux_sb_remount()
2721 opts->fscontext_sid)) in selinux_sb_remount()
2724 if (opts->context_sid) { in selinux_sb_remount()
2725 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, in selinux_sb_remount()
2726 opts->context_sid)) in selinux_sb_remount()
2729 if (opts->rootcontext_sid) { in selinux_sb_remount()
2731 root_isec = backing_inode_security(sb->s_root); in selinux_sb_remount()
2732 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, in selinux_sb_remount()
2733 opts->rootcontext_sid)) in selinux_sb_remount()
2736 if (opts->defcontext_sid) { in selinux_sb_remount()
2737 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, in selinux_sb_remount()
2738 opts->defcontext_sid)) in selinux_sb_remount()
2745 "during remount (dev %s, type=%s)\n", sb->s_id, in selinux_sb_remount()
2746 sb->s_type->name); in selinux_sb_remount()
2747 return -EINVAL; in selinux_sb_remount()
2756 ad.u.dentry = sb->s_root; in selinux_sb_kern_mount()
2766 ad.u.dentry = dentry->d_sb->s_root; in selinux_sb_statfs()
2767 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad); in selinux_sb_statfs()
2779 return superblock_has_perm(cred, path->dentry->d_sb, in selinux_mount()
2797 return superblock_has_perm(cred, mnt->mnt_sb, in selinux_umount()
2808 * Ensure that fc->security remains NULL when no options are set in selinux_fs_context_submount()
2811 if (!(sbsec->flags & (FSCONTEXT_MNT|CONTEXT_MNT|DEFCONTEXT_MNT))) in selinux_fs_context_submount()
2816 return -ENOMEM; in selinux_fs_context_submount()
2818 if (sbsec->flags & FSCONTEXT_MNT) in selinux_fs_context_submount()
2819 opts->fscontext_sid = sbsec->sid; in selinux_fs_context_submount()
2820 if (sbsec->flags & CONTEXT_MNT) in selinux_fs_context_submount()
2821 opts->context_sid = sbsec->mntpoint_sid; in selinux_fs_context_submount()
2822 if (sbsec->flags & DEFCONTEXT_MNT) in selinux_fs_context_submount()
2823 opts->defcontext_sid = sbsec->def_sid; in selinux_fs_context_submount()
2824 fc->security = opts; in selinux_fs_context_submount()
2831 const struct selinux_mnt_opts *src = src_fc->security; in selinux_fs_context_dup()
2836 fc->security = kmemdup(src, sizeof(*src), GFP_KERNEL); in selinux_fs_context_dup()
2837 return fc->security ? 0 : -ENOMEM; in selinux_fs_context_dup()
2859 return selinux_add_opt(opt, param->string, &fc->security); in selinux_fs_context_parse_param()
2869 spin_lock_init(&isec->lock); in selinux_inode_alloc_security()
2870 INIT_LIST_HEAD(&isec->list); in selinux_inode_alloc_security()
2871 isec->inode = inode; in selinux_inode_alloc_security()
2872 isec->sid = SECINITSID_UNLABELED; in selinux_inode_alloc_security()
2873 isec->sclass = SECCLASS_FILE; in selinux_inode_alloc_security()
2874 isec->task_sid = sid; in selinux_inode_alloc_security()
2875 isec->initialized = LABEL_INVALID; in selinux_inode_alloc_security()
2894 d_inode(dentry->d_parent), name, in selinux_dentry_init_security()
2903 cp->id = LSM_ID_SELINUX; in selinux_dentry_init_security()
2904 return security_sid_to_context(newsid, &cp->context, &cp->len); in selinux_dentry_init_security()
2917 d_inode(dentry->d_parent), name, in selinux_dentry_create_files_as()
2924 tsec->create_sid = newsid; in selinux_dentry_create_files_as()
2940 sbsec = selinux_superblock(dir->i_sb); in selinux_inode_init_security()
2942 newsid = tsec->create_sid; in selinux_inode_init_security()
2943 newsclass = inode_mode_to_security_class(inode->i_mode); in selinux_inode_init_security()
2949 if (sbsec->flags & SE_SBINITIALIZED) { in selinux_inode_init_security()
2951 isec->sclass = newsclass; in selinux_inode_init_security()
2952 isec->sid = newsid; in selinux_inode_init_security()
2953 isec->initialized = LABEL_INITIALIZED; in selinux_inode_init_security()
2957 !(sbsec->flags & SBLABEL_MNT)) in selinux_inode_init_security()
2958 return -EOPNOTSUPP; in selinux_inode_init_security()
2965 xattr->value = context; in selinux_inode_init_security()
2966 xattr->value_len = clen; in selinux_inode_init_security()
2967 xattr->name = XATTR_SELINUX_SUFFIX; in selinux_inode_init_security()
2996 if (context_isec->initialized != LABEL_INITIALIZED) { in selinux_inode_init_security_anon()
2998 return -EACCES; in selinux_inode_init_security_anon()
3001 isec->sclass = context_isec->sclass; in selinux_inode_init_security_anon()
3002 isec->sid = context_isec->sid; in selinux_inode_init_security_anon()
3004 isec->sclass = SECCLASS_ANON_INODE; in selinux_inode_init_security_anon()
3007 isec->sclass, name, &isec->sid); in selinux_inode_init_security_anon()
3012 isec->initialized = LABEL_INITIALIZED; in selinux_inode_init_security_anon()
3019 ad.u.anonclass = name ? (const char *)name->name : "?"; in selinux_inode_init_security_anon()
3022 isec->sid, in selinux_inode_init_security_anon()
3023 isec->sclass, in selinux_inode_init_security_anon()
3089 return avc_has_perm(sid, isec->sid, isec->sclass, FILE__READ, &ad); in selinux_inode_follow_link()
3102 return slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms, in audit_inode_permission()
3107 * task_avdcache_reset - Reset the task's AVD cache
3115 memset(&tsec->avdcache.dir, 0, sizeof(tsec->avdcache.dir)); in task_avdcache_reset()
3116 tsec->avdcache.sid = tsec->sid; in task_avdcache_reset()
3117 tsec->avdcache.seqno = avc_policy_seqno(); in task_avdcache_reset()
3118 tsec->avdcache.dir_spot = TSEC_AVDC_DIR_SIZE - 1; in task_avdcache_reset()
3122 * task_avdcache_search - Search the task's AVD cache
3137 if (isec->sclass != SECCLASS_DIR) in task_avdcache_search()
3138 return -ENOENT; in task_avdcache_search()
3140 if (unlikely(tsec->sid != tsec->avdcache.sid || in task_avdcache_search()
3141 tsec->avdcache.seqno != avc_policy_seqno())) { in task_avdcache_search()
3143 return -ENOENT; in task_avdcache_search()
3146 orig = iter = tsec->avdcache.dir_spot; in task_avdcache_search()
3148 if (tsec->avdcache.dir[iter].isid == isec->sid) { in task_avdcache_search()
3150 tsec->avdcache.dir_spot = iter; in task_avdcache_search()
3151 *avdc = &tsec->avdcache.dir[iter]; in task_avdcache_search()
3154 iter = (iter - 1) & (TSEC_AVDC_DIR_SIZE - 1); in task_avdcache_search()
3157 return -ENOENT; in task_avdcache_search()
3161 * task_avdcache_update - Update the task's AVD cache
3178 if (isec->sclass != SECCLASS_DIR) in task_avdcache_update()
3182 spot = (tsec->avdcache.dir_spot + 1) & (TSEC_AVDC_DIR_SIZE - 1); in task_avdcache_update()
3183 tsec->avdcache.dir_spot = spot; in task_avdcache_update()
3184 tsec->avdcache.dir[spot].isid = isec->sid; in task_avdcache_update()
3185 tsec->avdcache.dir[spot].audited = audited; in task_avdcache_update()
3186 tsec->avdcache.dir[spot].allowed = avd->allowed; in task_avdcache_update()
3187 tsec->avdcache.dir[spot].permissive = avd->flags & AVD_FLAGS_PERMISSIVE; in task_avdcache_update()
3188 tsec->avdcache.permissive_neveraudit = in task_avdcache_update()
3189 (avd->flags == (AVD_FLAGS_PERMISSIVE|AVD_FLAGS_NEVERAUDIT)); in task_avdcache_update()
3193 * selinux_inode_permission - Check if the current task can access an inode
3223 perms = file_mask_to_av(inode->i_mode, mask); in selinux_inode_permission()
3228 audited = perms & avdc->audited; in selinux_inode_permission()
3229 denied = perms & ~avdc->allowed; in selinux_inode_permission()
3231 !avdc->permissive)) in selinux_inode_permission()
3232 rc = -EACCES; in selinux_inode_permission()
3237 rc = avc_has_perm_noaudit(tsec->sid, isec->sid, isec->sclass, in selinux_inode_permission()
3260 unsigned int ia_valid = iattr->ia_valid; in selinux_inode_setattr()
3276 inode->i_sb->s_magic != SOCKFS_MAGIC && in selinux_inode_setattr()
3309 * selinux_inode_xattr_skipcap - Skip the xattr capability checks?
3341 return (inode_owner_or_capable(idmap, inode) ? 0 : -EPERM); in selinux_inode_setxattr()
3343 sbsec = selinux_superblock(inode->i_sb); in selinux_inode_setxattr()
3344 if (!(sbsec->flags & SBLABEL_MNT)) in selinux_inode_setxattr()
3345 return -EOPNOTSUPP; in selinux_inode_setxattr()
3348 return -EPERM; in selinux_inode_setxattr()
3354 rc = avc_has_perm(sid, isec->sid, isec->sclass, in selinux_inode_setxattr()
3361 if (rc == -EINVAL) { in selinux_inode_setxattr()
3371 if (str[size - 1] == '\0') in selinux_inode_setxattr()
3372 audit_size = size - 1; in selinux_inode_setxattr()
3394 rc = avc_has_perm(sid, newsid, isec->sclass, in selinux_inode_setxattr()
3399 rc = security_validate_transition(isec->sid, newsid, in selinux_inode_setxattr()
3400 sid, isec->sclass); in selinux_inode_setxattr()
3405 sbsec->sid, in selinux_inode_setxattr()
3458 inode->i_sb->s_id, inode->i_ino, -rc); in selinux_inode_post_setxattr()
3463 spin_lock(&isec->lock); in selinux_inode_post_setxattr()
3464 isec->sclass = inode_mode_to_security_class(inode->i_mode); in selinux_inode_post_setxattr()
3465 isec->sid = newsid; in selinux_inode_post_setxattr()
3466 isec->initialized = LABEL_INITIALIZED; in selinux_inode_post_setxattr()
3467 spin_unlock(&isec->lock); in selinux_inode_post_setxattr()
3496 return -EACCES; in selinux_inode_removexattr()
3532 ret = superblock_has_perm(current_cred(), path->dentry->d_sb, in selinux_path_notify()
3544 return -EINVAL; in selinux_path_notify()
3551 /* watches on read-like events need the file:watch_reads permission */ in selinux_path_notify()
3575 * just let vfs_getxattr fall back to using the on-disk xattr. in selinux_inode_getsecurity()
3579 return -EOPNOTSUPP; in selinux_inode_getsecurity()
3584 * use the in-core value under current policy. in selinux_inode_getsecurity()
3585 * Use the non-auditing forms of the permission checks since in selinux_inode_getsecurity()
3588 * in-core context value, not a denial. in selinux_inode_getsecurity()
3592 error = security_sid_to_context_force(isec->sid, &context, in selinux_inode_getsecurity()
3595 error = security_sid_to_context(isec->sid, in selinux_inode_getsecurity()
3618 return -EOPNOTSUPP; in selinux_inode_setsecurity()
3620 sbsec = selinux_superblock(inode->i_sb); in selinux_inode_setsecurity()
3621 if (!(sbsec->flags & SBLABEL_MNT)) in selinux_inode_setsecurity()
3622 return -EOPNOTSUPP; in selinux_inode_setsecurity()
3625 return -EACCES; in selinux_inode_setsecurity()
3632 spin_lock(&isec->lock); in selinux_inode_setsecurity()
3633 isec->sclass = inode_mode_to_security_class(inode->i_mode); in selinux_inode_setsecurity()
3634 isec->sid = newsid; in selinux_inode_setsecurity()
3635 isec->initialized = LABEL_INITIALIZED; in selinux_inode_setsecurity()
3636 spin_unlock(&isec->lock); in selinux_inode_setsecurity()
3656 prop->selinux.secid = isec->sid; in selinux_inode_getlsmprop()
3668 return -ENOMEM; in selinux_inode_copy_up()
3674 tsec->create_sid = prop.selinux.secid; in selinux_inode_copy_up()
3683 * xattrs up. Instead, filter out SELinux-related xattrs following in selinux_inode_copy_up_xattr()
3687 return -ECANCELED; /* Discard */ in selinux_inode_copy_up_xattr()
3692 return -EOPNOTSUPP; in selinux_inode_copy_up_xattr()
3706 if (rc == -ENODATA) in selinux_kernfs_init_security()
3714 return -ENOMEM; in selinux_kernfs_init_security()
3728 if (tsec->create_sid) { in selinux_kernfs_init_security()
3729 newsid = tsec->create_sid; in selinux_kernfs_init_security()
3731 u16 secclass = inode_mode_to_security_class(kn->mode); in selinux_kernfs_init_security()
3736 kn_name = rcu_dereference_check(kn->name, true); in selinux_kernfs_init_security()
3740 rc = security_transition_sid(tsec->sid, in selinux_kernfs_init_security()
3767 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE)) in selinux_revalidate_file_permission()
3771 file_mask_to_av(inode->i_mode, mask)); in selinux_revalidate_file_permission()
3786 if (sid == fsec->sid && fsec->isid == isec->sid && in selinux_file_permission()
3787 fsec->pseqno == avc_policy_seqno()) in selinux_file_permission()
3799 fsec->sid = sid; in selinux_file_alloc_security()
3800 fsec->fown_sid = sid; in selinux_file_alloc_security()
3824 ad.u.op->cmd = cmd; in ioctl_has_perm()
3825 ad.u.op->path = file->f_path; in ioctl_has_perm()
3827 if (ssid != fsec->sid) { in ioctl_has_perm()
3828 rc = avc_has_perm(ssid, fsec->sid, in ioctl_has_perm()
3840 rc = avc_has_extended_perms(ssid, isec->sid, isec->sclass, requested, in ioctl_has_perm()
3897 * If we are in a 64-bit kernel running 32-bit userspace, we need to in selinux_file_ioctl_compat()
3898 * make sure we don't compare 32-bit flags to 64-bit flags. in selinux_file_ioctl_compat()
4001 (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) { in selinux_file_mprotect()
4012 if (vma->vm_start >= vma->vm_mm->start_brk && in selinux_file_mprotect()
4013 vma->vm_end <= vma->vm_mm->brk) { in selinux_file_mprotect()
4016 } else if (!vma->vm_file && (vma_is_initial_stack(vma) || in selinux_file_mprotect()
4020 } else if (vma->vm_file && vma->anon_vma) { in selinux_file_mprotect()
4028 rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD); in selinux_file_mprotect()
4034 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED); in selinux_file_mprotect()
4052 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) { in selinux_file_fcntl()
4089 fsec->fown_sid = current_sid(); in selinux_file_set_fowner()
4101 file = fown->file; in selinux_file_send_sigiotask()
4110 return avc_has_perm(fsec->fown_sid, sid, in selinux_file_send_sigiotask()
4130 * at open-time so that selinux_file_permission in selinux_file_open()
4135 fsec->isid = isec->sid; in selinux_file_open()
4136 fsec->pseqno = avc_policy_seqno(); in selinux_file_open()
4143 * This check is not redundant - do not remove. in selinux_file_open()
4145 return file_path_has_perm(file->f_cred, file, open_file_to_av(file)); in selinux_file_open()
4189 prop->selinux.secid = cred_sid(c); in selinux_cred_getlsmprop()
4194 * - all the creation contexts are set to unlabelled
4207 tsec->sid = secid; in selinux_kernel_act_as()
4208 tsec->create_sid = 0; in selinux_kernel_act_as()
4209 tsec->keycreate_sid = 0; in selinux_kernel_act_as()
4210 tsec->sockcreate_sid = 0; in selinux_kernel_act_as()
4226 ret = avc_has_perm(sid, isec->sid, in selinux_kernel_create_files_as()
4232 tsec->create_sid = isec->sid; in selinux_kernel_create_files_as()
4262 if (sid != fsec->sid) { in selinux_kernel_load_from_file()
4263 rc = avc_has_perm(sid, fsec->sid, SECCLASS_FD, FD__USE, &ad); in selinux_kernel_load_from_file()
4269 return avc_has_perm(sid, isec->sid, SECCLASS_SYSTEM, requested, &ad); in selinux_kernel_load_from_file()
4367 prop->selinux.secid = current_sid(); in selinux_current_getlsmprop_subj()
4373 prop->selinux.secid = task_sid_obj(p); in selinux_task_getlsmprop_obj()
4412 struct rlimit *old_rlim = p->signal->rlim + resource; in selinux_task_setrlimit()
4418 if (old_rlim->rlim_max != new_rlim->rlim_max) in selinux_task_setrlimit()
4466 spin_lock(&isec->lock); in selinux_task_to_inode()
4467 isec->sclass = inode_mode_to_security_class(inode->i_mode); in selinux_task_to_inode()
4468 isec->sid = sid; in selinux_task_to_inode()
4469 isec->initialized = LABEL_INITIALIZED; in selinux_task_to_inode()
4470 spin_unlock(&isec->lock); in selinux_task_to_inode()
4485 int offset, ihlen, ret = -EINVAL; in selinux_parse_skb_ipv4()
4493 ihlen = ih->ihl * 4; in selinux_parse_skb_ipv4()
4497 ad->u.net->v4info.saddr = ih->saddr; in selinux_parse_skb_ipv4()
4498 ad->u.net->v4info.daddr = ih->daddr; in selinux_parse_skb_ipv4()
4502 *proto = ih->protocol; in selinux_parse_skb_ipv4()
4504 switch (ih->protocol) { in selinux_parse_skb_ipv4()
4508 if (ntohs(ih->frag_off) & IP_OFFSET) in selinux_parse_skb_ipv4()
4516 ad->u.net->sport = th->source; in selinux_parse_skb_ipv4()
4517 ad->u.net->dport = th->dest; in selinux_parse_skb_ipv4()
4524 if (ntohs(ih->frag_off) & IP_OFFSET) in selinux_parse_skb_ipv4()
4532 ad->u.net->sport = uh->source; in selinux_parse_skb_ipv4()
4533 ad->u.net->dport = uh->dest; in selinux_parse_skb_ipv4()
4541 if (ntohs(ih->frag_off) & IP_OFFSET) in selinux_parse_skb_ipv4()
4549 ad->u.net->sport = sh->source; in selinux_parse_skb_ipv4()
4550 ad->u.net->dport = sh->dest; in selinux_parse_skb_ipv4()
4568 int ret = -EINVAL, offset; in selinux_parse_skb_ipv6()
4577 ad->u.net->v6info.saddr = ip6->saddr; in selinux_parse_skb_ipv6()
4578 ad->u.net->v6info.daddr = ip6->daddr; in selinux_parse_skb_ipv6()
4581 nexthdr = ip6->nexthdr; in selinux_parse_skb_ipv6()
4598 ad->u.net->sport = th->source; in selinux_parse_skb_ipv6()
4599 ad->u.net->dport = th->dest; in selinux_parse_skb_ipv6()
4610 ad->u.net->sport = uh->source; in selinux_parse_skb_ipv6()
4611 ad->u.net->dport = uh->dest; in selinux_parse_skb_ipv6()
4623 ad->u.net->sport = sh->source; in selinux_parse_skb_ipv6()
4624 ad->u.net->dport = sh->dest; in selinux_parse_skb_ipv6()
4644 switch (ad->u.net->family) { in selinux_parse_skb()
4649 addrp = (char *)(src ? &ad->u.net->v4info.saddr : in selinux_parse_skb()
4650 &ad->u.net->v4info.daddr); in selinux_parse_skb()
4658 addrp = (char *)(src ? &ad->u.net->v6info.saddr : in selinux_parse_skb()
4659 &ad->u.net->v6info.daddr); in selinux_parse_skb()
4680 * selinux_skb_peerlbl_sid - Determine the peer label of a packet
4690 * or -EACCES if @sid is invalid due to inconsistencies with the different
4703 return -EACCES; in selinux_skb_peerlbl_sid()
4706 return -EACCES; in selinux_skb_peerlbl_sid()
4714 return -EACCES; in selinux_skb_peerlbl_sid()
4721 * selinux_conn_sid - Determine the child socket label for a connection
4750 if (tsec->sockcreate_sid > SECSID_NULL) { in socket_sockcreate_sid()
4751 *socksid = tsec->sockcreate_sid; in socket_sockcreate_sid()
4755 return security_transition_sid(tsec->sid, tsec->sid, in socket_sockcreate_sid()
4784 struct sk_security_struct *sksec = sk->sk_security; in sock_has_perm()
4788 if (sock_skip_has_perm(sksec->sid)) in sock_has_perm()
4793 return avc_has_perm(current_sid(), sksec->sid, sksec->sclass, perms, in sock_has_perm()
4813 return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL); in selinux_socket_create()
4832 isec->sclass = sclass; in selinux_socket_post_create()
4833 isec->sid = sid; in selinux_socket_post_create()
4834 isec->initialized = LABEL_INITIALIZED; in selinux_socket_post_create()
4836 if (sock->sk) { in selinux_socket_post_create()
4837 sksec = selinux_sock(sock->sk); in selinux_socket_post_create()
4838 sksec->sclass = sclass; in selinux_socket_post_create()
4839 sksec->sid = sid; in selinux_socket_post_create()
4841 if (sksec->sclass == SECCLASS_SCTP_SOCKET) in selinux_socket_post_create()
4842 sksec->sctp_assoc_state = SCTP_ASSOC_UNSET; in selinux_socket_post_create()
4844 err = selinux_netlbl_socket_post_create(sock->sk, family); in selinux_socket_post_create()
4853 struct sk_security_struct *sksec_a = selinux_sock(socka->sk); in selinux_socket_socketpair()
4854 struct sk_security_struct *sksec_b = selinux_sock(sockb->sk); in selinux_socket_socketpair()
4856 sksec_a->peer_sid = sksec_b->sid; in selinux_socket_socketpair()
4857 sksec_b->peer_sid = sksec_a->sid; in selinux_socket_socketpair()
4868 struct sock *sk = sock->sk; in selinux_socket_bind()
4878 family = sk->sk_family; in selinux_socket_bind()
4892 * need to check address->sa_family as it is possible to have in selinux_socket_bind()
4893 * sk->sk_family = PF_INET6 with addr->sa_family = AF_INET. in selinux_socket_bind()
4896 return -EINVAL; in selinux_socket_bind()
4897 family_sa = address->sa_family; in selinux_socket_bind()
4902 return -EINVAL; in selinux_socket_bind()
4908 return -EINVAL; in selinux_socket_bind()
4915 if (addr4->sin_addr.s_addr != htonl(INADDR_ANY)) in selinux_socket_bind()
4919 snum = ntohs(addr4->sin_port); in selinux_socket_bind()
4920 addrp = (char *)&addr4->sin_addr.s_addr; in selinux_socket_bind()
4924 return -EINVAL; in selinux_socket_bind()
4926 snum = ntohs(addr6->sin6_port); in selinux_socket_bind()
4927 addrp = (char *)&addr6->sin6_addr.s6_addr; in selinux_socket_bind()
4935 ad.u.net->sport = htons(snum); in selinux_socket_bind()
4936 ad.u.net->family = family_sa; in selinux_socket_bind()
4945 err = sel_netport_sid(sk->sk_protocol, in selinux_socket_bind()
4949 err = avc_has_perm(sksec->sid, sid, in selinux_socket_bind()
4950 sksec->sclass, in selinux_socket_bind()
4957 switch (sksec->sclass) { in selinux_socket_bind()
4980 ad.u.net->v4info.saddr = addr4->sin_addr.s_addr; in selinux_socket_bind()
4982 ad.u.net->v6info.saddr = addr6->sin6_addr; in selinux_socket_bind()
4984 err = avc_has_perm(sksec->sid, sid, in selinux_socket_bind()
4985 sksec->sclass, node_perm, &ad); in selinux_socket_bind()
4992 /* Note that SCTP services expect -EINVAL, others -EAFNOSUPPORT. */ in selinux_socket_bind()
4993 if (sk->sk_protocol == IPPROTO_SCTP) in selinux_socket_bind()
4994 return -EINVAL; in selinux_socket_bind()
4995 return -EAFNOSUPPORT; in selinux_socket_bind()
5004 struct sock *sk = sock->sk; in selinux_socket_connect_helper()
5012 return -EINVAL; in selinux_socket_connect_helper()
5017 if (address->sa_family == AF_UNSPEC) in selinux_socket_connect_helper()
5024 if (sksec->sclass == SECCLASS_TCP_SOCKET || in selinux_socket_connect_helper()
5025 sksec->sclass == SECCLASS_SCTP_SOCKET) { in selinux_socket_connect_helper()
5035 * need to check address->sa_family as it is possible to have in selinux_socket_connect_helper()
5036 * sk->sk_family = PF_INET6 with addr->sa_family = AF_INET. in selinux_socket_connect_helper()
5038 switch (address->sa_family) { in selinux_socket_connect_helper()
5042 return -EINVAL; in selinux_socket_connect_helper()
5043 snum = ntohs(addr4->sin_port); in selinux_socket_connect_helper()
5048 return -EINVAL; in selinux_socket_connect_helper()
5049 snum = ntohs(addr6->sin6_port); in selinux_socket_connect_helper()
5052 /* Note that SCTP services expect -EINVAL, whereas in selinux_socket_connect_helper()
5053 * others expect -EAFNOSUPPORT. in selinux_socket_connect_helper()
5055 if (sksec->sclass == SECCLASS_SCTP_SOCKET) in selinux_socket_connect_helper()
5056 return -EINVAL; in selinux_socket_connect_helper()
5058 return -EAFNOSUPPORT; in selinux_socket_connect_helper()
5061 err = sel_netport_sid(sk->sk_protocol, snum, &sid); in selinux_socket_connect_helper()
5065 switch (sksec->sclass) { in selinux_socket_connect_helper()
5076 ad.u.net->dport = htons(snum); in selinux_socket_connect_helper()
5077 ad.u.net->family = address->sa_family; in selinux_socket_connect_helper()
5078 err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad); in selinux_socket_connect_helper()
5091 struct sock *sk = sock->sk; in selinux_socket_connect()
5102 return sock_has_perm(sock->sk, SOCKET__LISTEN); in selinux_socket_listen()
5113 err = sock_has_perm(sock->sk, SOCKET__ACCEPT); in selinux_socket_accept()
5118 spin_lock(&isec->lock); in selinux_socket_accept()
5119 sclass = isec->sclass; in selinux_socket_accept()
5120 sid = isec->sid; in selinux_socket_accept()
5121 spin_unlock(&isec->lock); in selinux_socket_accept()
5124 newisec->sclass = sclass; in selinux_socket_accept()
5125 newisec->sid = sid; in selinux_socket_accept()
5126 newisec->initialized = LABEL_INITIALIZED; in selinux_socket_accept()
5134 return sock_has_perm(sock->sk, SOCKET__WRITE); in selinux_socket_sendmsg()
5140 return sock_has_perm(sock->sk, SOCKET__READ); in selinux_socket_recvmsg()
5145 return sock_has_perm(sock->sk, SOCKET__GETATTR); in selinux_socket_getsockname()
5150 return sock_has_perm(sock->sk, SOCKET__GETATTR); in selinux_socket_getpeername()
5157 err = sock_has_perm(sock->sk, SOCKET__SETOPT); in selinux_socket_setsockopt()
5167 return sock_has_perm(sock->sk, SOCKET__GETOPT); in selinux_socket_getsockopt()
5172 return sock_has_perm(sock->sk, SOCKET__SHUTDOWN); in selinux_socket_shutdown()
5188 err = avc_has_perm(sksec_sock->sid, sksec_other->sid, in selinux_socket_unix_stream_connect()
5189 sksec_other->sclass, in selinux_socket_unix_stream_connect()
5195 sksec_new->peer_sid = sksec_sock->sid; in selinux_socket_unix_stream_connect()
5196 err = security_sid_mls_copy(sksec_other->sid, in selinux_socket_unix_stream_connect()
5197 sksec_sock->sid, &sksec_new->sid); in selinux_socket_unix_stream_connect()
5202 sksec_sock->peer_sid = sksec_new->sid; in selinux_socket_unix_stream_connect()
5210 struct sk_security_struct *ssec = selinux_sock(sock->sk); in selinux_socket_unix_may_send()
5211 struct sk_security_struct *osec = selinux_sock(other->sk); in selinux_socket_unix_may_send()
5215 ad_net_init_from_sk(&ad, &net, other->sk); in selinux_socket_unix_may_send()
5217 return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO, in selinux_socket_unix_may_send()
5249 u32 sk_sid = sksec->sid; in selinux_sock_rcv_skb_compat()
5254 ad_net_init_from_iif(&ad, &net, skb->skb_iif, family); in selinux_sock_rcv_skb_compat()
5260 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET, in selinux_sock_rcv_skb_compat()
5269 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad); in selinux_sock_rcv_skb_compat()
5278 u16 family = sk->sk_family; in selinux_socket_sock_rcv_skb()
5279 u32 sk_sid = sksec->sid; in selinux_socket_sock_rcv_skb()
5288 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) in selinux_socket_sock_rcv_skb()
5303 ad_net_init_from_iif(&ad, &net, skb->skb_iif, family); in selinux_socket_sock_rcv_skb()
5314 err = selinux_inet_sys_rcv_skb(sock_net(sk), skb->skb_iif, in selinux_socket_sock_rcv_skb()
5329 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET, in selinux_socket_sock_rcv_skb()
5345 struct sk_security_struct *sksec = selinux_sock(sock->sk); in selinux_socket_getpeersec_stream()
5348 if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET || in selinux_socket_getpeersec_stream()
5349 sksec->sclass == SECCLASS_TCP_SOCKET || in selinux_socket_getpeersec_stream()
5350 sksec->sclass == SECCLASS_SCTP_SOCKET) in selinux_socket_getpeersec_stream()
5351 peer_sid = sksec->peer_sid; in selinux_socket_getpeersec_stream()
5353 return -ENOPROTOOPT; in selinux_socket_getpeersec_stream()
5360 err = -ERANGE; in selinux_socket_getpeersec_stream()
5365 err = -EFAULT; in selinux_socket_getpeersec_stream()
5368 err = -EFAULT; in selinux_socket_getpeersec_stream()
5379 if (skb && skb->protocol == htons(ETH_P_IP)) in selinux_socket_getpeersec_dgram()
5381 else if (skb && skb->protocol == htons(ETH_P_IPV6)) in selinux_socket_getpeersec_dgram()
5384 family = sock->sk->sk_family; in selinux_socket_getpeersec_dgram()
5387 return -EINVAL; in selinux_socket_getpeersec_dgram()
5393 peer_secid = isec->sid; in selinux_socket_getpeersec_dgram()
5399 return -ENOPROTOOPT; in selinux_socket_getpeersec_dgram()
5407 sksec->peer_sid = SECINITSID_UNLABELED; in selinux_sk_alloc_security()
5408 sksec->sid = SECINITSID_UNLABELED; in selinux_sk_alloc_security()
5409 sksec->sclass = SECCLASS_SOCKET; in selinux_sk_alloc_security()
5427 newsksec->sid = sksec->sid; in selinux_sk_clone_security()
5428 newsksec->peer_sid = sksec->peer_sid; in selinux_sk_clone_security()
5429 newsksec->sclass = sksec->sclass; in selinux_sk_clone_security()
5441 *secid = sksec->sid; in selinux_sk_getsecid()
5451 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 || in selinux_sock_graft()
5452 sk->sk_family == PF_UNIX) in selinux_sock_graft()
5453 isec->sid = sksec->sid; in selinux_sock_graft()
5454 sksec->sclass = isec->sclass; in selinux_sock_graft()
5464 struct sock *sk = asoc->base.sk; in selinux_sctp_process_new_assoc()
5465 u16 family = sk->sk_family; in selinux_sctp_process_new_assoc()
5472 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) in selinux_sctp_process_new_assoc()
5476 asoc->peer_secid = SECSID_NULL; in selinux_sctp_process_new_assoc()
5481 err = selinux_skb_peerlbl_sid(skb, family, &asoc->peer_secid); in selinux_sctp_process_new_assoc()
5485 if (asoc->peer_secid == SECSID_NULL) in selinux_sctp_process_new_assoc()
5486 asoc->peer_secid = SECINITSID_UNLABELED; in selinux_sctp_process_new_assoc()
5488 asoc->peer_secid = SECINITSID_UNLABELED; in selinux_sctp_process_new_assoc()
5491 if (sksec->sctp_assoc_state == SCTP_ASSOC_UNSET) { in selinux_sctp_process_new_assoc()
5492 sksec->sctp_assoc_state = SCTP_ASSOC_SET; in selinux_sctp_process_new_assoc()
5496 * then it is approved by policy and used as the primary in selinux_sctp_process_new_assoc()
5499 sksec->peer_sid = asoc->peer_secid; in selinux_sctp_process_new_assoc()
5500 } else if (sksec->peer_sid != asoc->peer_secid) { in selinux_sctp_process_new_assoc()
5504 ad_net_init_from_sk(&ad, &net, asoc->base.sk); in selinux_sctp_process_new_assoc()
5505 err = avc_has_perm(sksec->peer_sid, asoc->peer_secid, in selinux_sctp_process_new_assoc()
5506 sksec->sclass, SCTP_SOCKET__ASSOCIATION, in selinux_sctp_process_new_assoc()
5521 struct sk_security_struct *sksec = selinux_sock(asoc->base.sk); in selinux_sctp_assoc_request()
5538 err = selinux_conn_sid(sksec->sid, asoc->peer_secid, &conn_sid); in selinux_sctp_assoc_request()
5542 asoc->secid = conn_sid; in selinux_sctp_assoc_request()
5554 struct sk_security_struct *sksec = selinux_sock(asoc->base.sk); in selinux_sctp_assoc_established()
5559 /* Inherit secid from the parent socket - this will be picked up in selinux_sctp_assoc_established()
5563 asoc->secid = sksec->sid; in selinux_sctp_assoc_established()
5584 sock = sk->sk_socket; in selinux_sctp_bind_connect()
5589 return -EINVAL; in selinux_sctp_bind_connect()
5592 switch (addr->sa_family) { in selinux_sctp_bind_connect()
5601 return -EINVAL; in selinux_sctp_bind_connect()
5605 return -EINVAL; in selinux_sctp_bind_connect()
5607 err = -EINVAL; in selinux_sctp_bind_connect()
5657 * the non-sctp clone version. in selinux_sctp_sk_clone()
5662 newsksec->sid = asoc->secid; in selinux_sctp_sk_clone()
5663 newsksec->peer_sid = asoc->peer_secid; in selinux_sctp_sk_clone()
5664 newsksec->sclass = sksec->sclass; in selinux_sctp_sk_clone()
5673 ssksec->sclass = sksec->sclass; in selinux_mptcp_add_subflow()
5674 ssksec->sid = sksec->sid; in selinux_mptcp_add_subflow()
5677 * and re-recreating a new label using the updated context in selinux_mptcp_add_subflow()
5680 return selinux_netlbl_socket_post_create(ssk, ssk->sk_family); in selinux_mptcp_add_subflow()
5688 u16 family = req->rsk_ops->family; in selinux_inet_conn_request()
5695 err = selinux_conn_sid(sksec->sid, peersid, &connsid); in selinux_inet_conn_request()
5698 req->secid = connsid; in selinux_inet_conn_request()
5699 req->peer_secid = peersid; in selinux_inet_conn_request()
5709 newsksec->sid = req->secid; in selinux_inet_csk_clone()
5710 newsksec->peer_sid = req->peer_secid; in selinux_inet_csk_clone()
5711 /* NOTE: Ideally, we should also get the isec->sid for the in selinux_inet_csk_clone()
5718 selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family); in selinux_inet_csk_clone()
5723 u16 family = sk->sk_family; in selinux_inet_conn_established()
5727 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) in selinux_inet_conn_established()
5730 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid); in selinux_inet_conn_established()
5752 flic->flowic_secid = req->secid; in selinux_req_classify_flow()
5759 tunsec->sid = current_sid(); in selinux_tun_dev_alloc_security()
5771 * connections unlike traditional sockets - check the TUN driver to in selinux_tun_dev_create()
5782 return avc_has_perm(current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET, in selinux_tun_dev_attach_queue()
5798 sksec->sid = tunsec->sid; in selinux_tun_dev_attach()
5799 sksec->sclass = SECCLASS_TUN_SOCKET; in selinux_tun_dev_attach()
5810 err = avc_has_perm(sid, tunsec->sid, SECCLASS_TUN_SOCKET, in selinux_tun_dev_open()
5818 tunsec->sid = sid; in selinux_tun_dev_open()
5844 family = state->pf; in selinux_ip_forward()
5848 ifindex = state->in->ifindex; in selinux_ip_forward()
5856 err = selinux_inet_sys_rcv_skb(state->net, ifindex, in selinux_ip_forward()
5865 if (avc_has_perm(peer_sid, skb->secmark, in selinux_ip_forward()
5898 * packet is a SYN-ACK packet which means it needs to in selinux_ip_output()
5902 * the parent socket until after the SYN-ACK is sent. in selinux_ip_output()
5903 * the "solution" is to simply pass the packet as-is in selinux_ip_output()
5913 sid = sksec->sid; in selinux_ip_output()
5916 if (selinux_netlbl_skbuff_setsid(skb, state->pf, sid) != 0) in selinux_ip_output()
5937 ad_net_init_from_iif(&ad, &net, state->out->ifindex, state->pf); in selinux_ip_postroute_compat()
5942 if (avc_has_perm(sksec->sid, skb->secmark, in selinux_ip_postroute_compat()
5944 return NF_DROP_ERR(-ECONNREFUSED); in selinux_ip_postroute_compat()
5946 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto)) in selinux_ip_postroute_compat()
5947 return NF_DROP_ERR(-ECONNREFUSED); in selinux_ip_postroute_compat()
5981 /* If skb->dst->xfrm is non-NULL then the packet is undergoing an IPsec in selinux_ip_postroute()
5985 * NOTE: there appear to be some IPv6 multicast cases where skb->dst in selinux_ip_postroute()
5987 * NOTE: if this is a local socket (skb->sk != NULL) that is in the in selinux_ip_postroute()
5992 if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL && in selinux_ip_postroute()
5997 family = state->pf; in selinux_ip_postroute()
6003 if (skb->skb_iif) { in selinux_ip_postroute()
6013 * listening state which means this is a SYN-ACK packet. In in selinux_ip_postroute()
6017 * socket until after the SYN-ACK packet is sent; the only in selinux_ip_postroute()
6036 if (IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) in selinux_ip_postroute()
6040 if (IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) in selinux_ip_postroute()
6044 return NF_DROP_ERR(-ECONNREFUSED); in selinux_ip_postroute()
6047 if (selinux_conn_sid(sksec->sid, skb_sid, &peer_sid)) in selinux_ip_postroute()
6054 peer_sid = sksec->sid; in selinux_ip_postroute()
6058 ifindex = state->out->ifindex; in selinux_ip_postroute()
6064 if (avc_has_perm(peer_sid, skb->secmark, in selinux_ip_postroute()
6066 return NF_DROP_ERR(-ECONNREFUSED); in selinux_ip_postroute()
6072 if (sel_netif_sid(state->net, ifindex, &if_sid)) in selinux_ip_postroute()
6076 return NF_DROP_ERR(-ECONNREFUSED); in selinux_ip_postroute()
6082 return NF_DROP_ERR(-ECONNREFUSED); in selinux_ip_postroute()
6091 struct sk_security_struct *sksec = sk->sk_security; in nlmsg_sock_has_extended_perms()
6096 if (sock_skip_has_perm(sksec->sid)) in nlmsg_sock_has_extended_perms()
6105 return avc_has_extended_perms(current_sid(), sksec->sid, sksec->sclass, in nlmsg_sock_has_extended_perms()
6113 unsigned int data_len = skb->len; in selinux_netlink_send()
6114 unsigned char *data = skb->data; in selinux_netlink_send()
6117 u16 sclass = sksec->sclass; in selinux_netlink_send()
6129 if (nlh->nlmsg_len < NLMSG_HDRLEN || nlh->nlmsg_len > data_len) in selinux_netlink_send()
6132 rc = selinux_nlmsg_lookup(sclass, nlh->nlmsg_type, &perm); in selinux_netlink_send()
6136 sk, perm, nlh->nlmsg_type); in selinux_netlink_send()
6142 } else if (rc == -EINVAL) { in selinux_netlink_send()
6143 /* -EINVAL is a missing msg/perm mapping */ in selinux_netlink_send()
6147 sk->sk_protocol, nlh->nlmsg_type, in selinux_netlink_send()
6148 secclass_map[sclass - 1].name, in selinux_netlink_send()
6149 task_pid_nr(current), current->comm); in selinux_netlink_send()
6154 } else if (rc == -ENOENT) { in selinux_netlink_send()
6155 /* -ENOENT is a missing socket/class mapping, ignore */ in selinux_netlink_send()
6162 msg_len = NLMSG_ALIGN(nlh->nlmsg_len); in selinux_netlink_send()
6165 data_len -= msg_len; in selinux_netlink_send()
6174 isec->sclass = sclass; in ipc_init_security()
6175 isec->sid = current_sid(); in ipc_init_security()
6188 ad.u.ipc_id = ipc_perms->key; in ipc_has_perm()
6190 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); in ipc_has_perm()
6198 msec->sid = SECINITSID_UNLABELED; in selinux_msg_msg_alloc_security()
6214 ad.u.ipc_id = msq->key; in selinux_msg_queue_alloc_security()
6216 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_alloc_security()
6229 ad.u.ipc_id = msq->key; in selinux_msg_queue_associate()
6231 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_associate()
6242 /* No specific object, just general system-wide information. */ in selinux_msg_queue_msgctl()
6277 if (msec->sid == SECINITSID_UNLABELED) { in selinux_msg_queue_msgsnd()
6282 rc = security_transition_sid(sid, isec->sid, in selinux_msg_queue_msgsnd()
6283 SECCLASS_MSG, NULL, &msec->sid); in selinux_msg_queue_msgsnd()
6289 ad.u.ipc_id = msq->key; in selinux_msg_queue_msgsnd()
6292 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_msgsnd()
6296 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG, in selinux_msg_queue_msgsnd()
6300 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_msgsnd()
6320 ad.u.ipc_id = msq->key; in selinux_msg_queue_msgrcv()
6322 rc = avc_has_perm(sid, isec->sid, in selinux_msg_queue_msgrcv()
6325 rc = avc_has_perm(sid, msec->sid, in selinux_msg_queue_msgrcv()
6341 ad.u.ipc_id = shp->key; in selinux_shm_alloc_security()
6343 return avc_has_perm(sid, isec->sid, SECCLASS_SHM, in selinux_shm_alloc_security()
6356 ad.u.ipc_id = shp->key; in selinux_shm_associate()
6358 return avc_has_perm(sid, isec->sid, SECCLASS_SHM, in selinux_shm_associate()
6370 /* No specific object, just general system-wide information. */ in selinux_shm_shmctl()
6419 ad.u.ipc_id = sma->key; in selinux_sem_alloc_security()
6421 return avc_has_perm(sid, isec->sid, SECCLASS_SEM, in selinux_sem_alloc_security()
6434 ad.u.ipc_id = sma->key; in selinux_sem_associate()
6436 return avc_has_perm(sid, isec->sid, SECCLASS_SEM, in selinux_sem_associate()
6449 /* No specific object, just general system-wide information. */ in selinux_sem_semctl()
6517 prop->selinux.secid = isec->sid; in selinux_ipc_getlsmprop()
6537 error = avc_has_perm(current_sid(), tsec->sid, in selinux_lsm_getattr()
6544 sid = tsec->sid; in selinux_lsm_getattr()
6547 sid = tsec->osid; in selinux_lsm_getattr()
6550 sid = tsec->exec_sid; in selinux_lsm_getattr()
6553 sid = tsec->create_sid; in selinux_lsm_getattr()
6556 sid = tsec->keycreate_sid; in selinux_lsm_getattr()
6559 sid = tsec->sockcreate_sid; in selinux_lsm_getattr()
6562 error = -EOPNOTSUPP; in selinux_lsm_getattr()
6615 error = -EOPNOTSUPP; in selinux_lsm_setattr()
6623 if (str[size-1] == '\n') { in selinux_lsm_setattr()
6624 str[size-1] = 0; in selinux_lsm_setattr()
6625 size--; in selinux_lsm_setattr()
6629 if (error == -EINVAL && attr == LSM_ATTR_FSCREATE) { in selinux_lsm_setattr()
6637 if (str[size - 1] == '\0') in selinux_lsm_setattr()
6638 audit_size = size - 1; in selinux_lsm_setattr()
6662 return -ENOMEM; in selinux_lsm_setattr()
6672 tsec->exec_sid = sid; in selinux_lsm_setattr()
6674 tsec->create_sid = sid; in selinux_lsm_setattr()
6682 tsec->keycreate_sid = sid; in selinux_lsm_setattr()
6684 tsec->sockcreate_sid = sid; in selinux_lsm_setattr()
6686 error = -EINVAL; in selinux_lsm_setattr()
6691 error = security_bounded_transition(tsec->sid, sid); in selinux_lsm_setattr()
6697 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS, in selinux_lsm_setattr()
6712 tsec->sid = sid; in selinux_lsm_setattr()
6714 error = -EINVAL; in selinux_lsm_setattr()
6727 * selinux_getselfattr - Get SELinux current task attributes
6759 rc = selinux_lsm_setattr(attr, ctx->ctx, ctx->ctx_len); in selinux_setselfattr()
6773 if (rc != -EOPNOTSUPP) in selinux_getprocattr()
6777 return -EINVAL; in selinux_getprocattr()
6786 return -EINVAL; in selinux_setprocattr()
6800 cp->id = LSM_ID_SELINUX; in selinux_secid_to_secctx()
6801 ret = security_sid_to_context(secid, &cp->context, &cp->len); in selinux_secid_to_secctx()
6804 return cp->len; in selinux_secid_to_secctx()
6815 return selinux_secid_to_secctx(prop->selinux.secid, cp); in selinux_lsmprop_to_secctx()
6826 if (cp->id == LSM_ID_SELINUX) { in selinux_release_secctx()
6827 kfree(cp->context); in selinux_release_secctx()
6828 cp->context = NULL; in selinux_release_secctx()
6829 cp->id = LSM_ID_UNDEF; in selinux_release_secctx()
6837 spin_lock(&isec->lock); in selinux_inode_invalidate_secctx()
6838 isec->initialized = LABEL_INVALID; in selinux_inode_invalidate_secctx()
6839 spin_unlock(&isec->lock); in selinux_inode_invalidate_secctx()
6843 * called with inode->i_mutex locked
6850 return rc == -EOPNOTSUPP ? 0 : rc; in selinux_inode_notifysecctx()
6854 * called with inode->i_mutex locked
6867 (void **)&cp->context, true); in selinux_inode_getsecctx()
6870 cp->len = len; in selinux_inode_getsecctx()
6871 cp->id = LSM_ID_SELINUX; in selinux_inode_getsecctx()
6883 if (tsec->keycreate_sid) in selinux_key_alloc()
6884 ksec->sid = tsec->keycreate_sid; in selinux_key_alloc()
6886 ksec->sid = tsec->sid; in selinux_key_alloc()
6925 return -EPERM; in selinux_key_permission()
6933 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL); in selinux_key_permission()
6943 rc = security_sid_to_context(ksec->sid, in selinux_key_getsecurity()
6957 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, KEY__VIEW, NULL); in selinux_watch_key()
6979 return avc_has_perm(sec->sid, sid, in selinux_ib_pkey_access()
7003 return avc_has_perm(sec->sid, sid, in selinux_ib_endport_manage_subnet()
7012 sec->sid = current_sid(); in selinux_ib_alloc_security()
7067 if (file->f_op == &bpf_map_fops) { in bpf_fd_pass()
7068 map = file->private_data; in bpf_fd_pass()
7070 ret = avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF, in bpf_fd_pass()
7071 bpf_map_fmode_to_av(file->f_mode), NULL); in bpf_fd_pass()
7074 } else if (file->f_op == &bpf_prog_fops) { in bpf_fd_pass()
7075 prog = file->private_data; in bpf_fd_pass()
7077 ret = avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF, in bpf_fd_pass()
7091 return avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF, in selinux_bpf_map()
7101 return avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF, in selinux_bpf_prog()
7111 bpfsec->sid = current_sid(); in selinux_bpf_map_create()
7122 bpfsec->sid = current_sid(); in selinux_bpf_prog_load()
7133 bpfsec->sid = current_sid(); in selinux_bpf_token_create()
7173 return -EINVAL; in selinux_perf_event_open()
7183 perfsec = selinux_perf_event(event->security); in selinux_perf_event_alloc()
7184 perfsec->sid = current_sid(); in selinux_perf_event_alloc()
7191 struct perf_event_security_struct *perfsec = event->security; in selinux_perf_event_read()
7194 return avc_has_perm(sid, perfsec->sid, in selinux_perf_event_read()
7200 struct perf_event_security_struct *perfsec = event->security; in selinux_perf_event_write()
7203 return avc_has_perm(sid, perfsec->sid, in selinux_perf_event_write()
7210 * selinux_uring_override_creds - check the requested cred override
7223 * selinux_uring_sqpoll - check if a io_uring polling thread can be created
7237 * selinux_uring_cmd - check if IORING_OP_URING_CMD is allowed
7246 struct file *file = ioucmd->file; in selinux_uring_cmd()
7254 return avc_has_perm(current_sid(), isec->sid, in selinux_uring_cmd()
7259 * selinux_uring_allowed - check if io_uring_setup() can be called