1 // SPDX-License-Identifier: GPL-2.0-only
2 /* Updated: Karl MacMillan <kmacmillan@tresys.com>
3 *
4 * Added conditional policy language extensions
5 *
6 * Updated: Hewlett-Packard <paul@paul-moore.com>
7 *
8 * Added support for the policy capability bitmap
9 *
10 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
11 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
12 * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
13 */
14
15 #include <linux/kernel.h>
16 #include <linux/pagemap.h>
17 #include <linux/slab.h>
18 #include <linux/vmalloc.h>
19 #include <linux/fs.h>
20 #include <linux/fs_context.h>
21 #include <linux/mount.h>
22 #include <linux/mutex.h>
23 #include <linux/namei.h>
24 #include <linux/init.h>
25 #include <linux/string.h>
26 #include <linux/security.h>
27 #include <linux/major.h>
28 #include <linux/seq_file.h>
29 #include <linux/percpu.h>
30 #include <linux/audit.h>
31 #include <linux/uaccess.h>
32 #include <linux/kobject.h>
33 #include <linux/ctype.h>
34
35 /* selinuxfs pseudo filesystem for exporting the security policy API.
36 Based on the proc code and the fs/nfsd/nfsctl.c code. */
37
38 #include "initcalls.h"
39 #include "flask.h"
40 #include "avc.h"
41 #include "avc_ss.h"
42 #include "security.h"
43 #include "objsec.h"
44 #include "conditional.h"
45 #include "ima.h"
46
47 enum sel_inos {
48 SEL_ROOT_INO = 2,
49 SEL_LOAD, /* load policy */
50 SEL_ENFORCE, /* get or set enforcing status */
51 SEL_CONTEXT, /* validate context */
52 SEL_ACCESS, /* compute access decision */
53 SEL_CREATE, /* compute create labeling decision */
54 SEL_RELABEL, /* compute relabeling decision */
55 SEL_USER, /* compute reachable user contexts */
56 SEL_POLICYVERS, /* return policy version for this kernel */
57 SEL_COMMIT_BOOLS, /* commit new boolean values */
58 SEL_MLS, /* return if MLS policy is enabled */
59 SEL_DISABLE, /* disable SELinux until next reboot */
60 SEL_MEMBER, /* compute polyinstantiation membership decision */
61 SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */
62 SEL_COMPAT_NET, /* whether to use old compat network packet controls */
63 SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */
64 SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */
65 SEL_STATUS, /* export current status using mmap() */
66 SEL_POLICY, /* allow userspace to read the in kernel policy */
67 SEL_VALIDATE_TRANS, /* compute validatetrans decision */
68 SEL_INO_NEXT, /* The next inode number to use */
69 };
70
71 struct selinux_fs_info {
72 struct dentry *bool_dir;
73 unsigned int bool_num;
74 char **bool_pending_names;
75 int *bool_pending_values;
76 struct dentry *class_dir;
77 unsigned long last_class_ino;
78 bool policy_opened;
79 struct dentry *policycap_dir;
80 unsigned long last_ino;
81 struct super_block *sb;
82 };
83
selinux_fs_info_create(struct super_block * sb)84 static int selinux_fs_info_create(struct super_block *sb)
85 {
86 struct selinux_fs_info *fsi;
87
88 fsi = kzalloc(sizeof(*fsi), GFP_KERNEL);
89 if (!fsi)
90 return -ENOMEM;
91
92 fsi->last_ino = SEL_INO_NEXT - 1;
93 fsi->sb = sb;
94 sb->s_fs_info = fsi;
95 return 0;
96 }
97
selinux_fs_info_free(struct super_block * sb)98 static void selinux_fs_info_free(struct super_block *sb)
99 {
100 struct selinux_fs_info *fsi = sb->s_fs_info;
101 unsigned int i;
102
103 if (fsi) {
104 for (i = 0; i < fsi->bool_num; i++)
105 kfree(fsi->bool_pending_names[i]);
106 kfree(fsi->bool_pending_names);
107 kfree(fsi->bool_pending_values);
108 }
109 kfree(sb->s_fs_info);
110 sb->s_fs_info = NULL;
111 }
112
113 #define SEL_INITCON_INO_OFFSET 0x01000000
114 #define SEL_BOOL_INO_OFFSET 0x02000000
115 #define SEL_CLASS_INO_OFFSET 0x04000000
116 #define SEL_POLICYCAP_INO_OFFSET 0x08000000
117 #define SEL_INO_MASK 0x00ffffff
118
119 #define BOOL_DIR_NAME "booleans"
120 #define CLASS_DIR_NAME "class"
121 #define POLICYCAP_DIR_NAME "policy_capabilities"
122
123 #define TMPBUFLEN 12
sel_read_enforce(struct file * filp,char __user * buf,size_t count,loff_t * ppos)124 static ssize_t sel_read_enforce(struct file *filp, char __user *buf,
125 size_t count, loff_t *ppos)
126 {
127 char tmpbuf[TMPBUFLEN];
128 ssize_t length;
129
130 length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
131 enforcing_enabled());
132 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
133 }
134
135 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
sel_write_enforce(struct file * file,const char __user * buf,size_t count,loff_t * ppos)136 static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
137 size_t count, loff_t *ppos)
138
139 {
140 char *page = NULL;
141 ssize_t length;
142 int scan_value;
143 bool old_value, new_value;
144
145 if (count >= PAGE_SIZE)
146 return -ENOMEM;
147
148 /* No partial writes. */
149 if (*ppos != 0)
150 return -EINVAL;
151
152 page = memdup_user_nul(buf, count);
153 if (IS_ERR(page))
154 return PTR_ERR(page);
155
156 length = -EINVAL;
157 if (sscanf(page, "%d", &scan_value) != 1)
158 goto out;
159
160 new_value = !!scan_value;
161
162 old_value = enforcing_enabled();
163 if (new_value != old_value) {
164 length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
165 SECCLASS_SECURITY, SECURITY__SETENFORCE,
166 NULL);
167 if (length)
168 goto out;
169 audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS,
170 "enforcing=%d old_enforcing=%d auid=%u ses=%u"
171 " enabled=1 old-enabled=1 lsm=selinux res=1",
172 new_value, old_value,
173 from_kuid(&init_user_ns, audit_get_loginuid(current)),
174 audit_get_sessionid(current));
175 enforcing_set(new_value);
176 if (new_value)
177 avc_ss_reset(0);
178 selnl_notify_setenforce(new_value);
179 selinux_status_update_setenforce(new_value);
180 if (!new_value)
181 call_blocking_lsm_notifier(LSM_POLICY_CHANGE, NULL);
182
183 selinux_ima_measure_state();
184 }
185 length = count;
186 out:
187 kfree(page);
188 return length;
189 }
190 #else
191 #define sel_write_enforce NULL
192 #endif
193
194 static const struct file_operations sel_enforce_ops = {
195 .read = sel_read_enforce,
196 .write = sel_write_enforce,
197 .llseek = generic_file_llseek,
198 };
199
sel_read_handle_unknown(struct file * filp,char __user * buf,size_t count,loff_t * ppos)200 static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf,
201 size_t count, loff_t *ppos)
202 {
203 char tmpbuf[TMPBUFLEN];
204 ssize_t length;
205 ino_t ino = file_inode(filp)->i_ino;
206 int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ?
207 security_get_reject_unknown() :
208 !security_get_allow_unknown();
209
210 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown);
211 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
212 }
213
214 static const struct file_operations sel_handle_unknown_ops = {
215 .read = sel_read_handle_unknown,
216 .llseek = generic_file_llseek,
217 };
218
sel_open_handle_status(struct inode * inode,struct file * filp)219 static int sel_open_handle_status(struct inode *inode, struct file *filp)
220 {
221 struct page *status = selinux_kernel_status_page();
222
223 if (!status)
224 return -ENOMEM;
225
226 filp->private_data = status;
227
228 return 0;
229 }
230
sel_read_handle_status(struct file * filp,char __user * buf,size_t count,loff_t * ppos)231 static ssize_t sel_read_handle_status(struct file *filp, char __user *buf,
232 size_t count, loff_t *ppos)
233 {
234 struct page *status = filp->private_data;
235
236 BUG_ON(!status);
237
238 return simple_read_from_buffer(buf, count, ppos,
239 page_address(status),
240 sizeof(struct selinux_kernel_status));
241 }
242
sel_mmap_handle_status(struct file * filp,struct vm_area_struct * vma)243 static int sel_mmap_handle_status(struct file *filp,
244 struct vm_area_struct *vma)
245 {
246 struct page *status = filp->private_data;
247 unsigned long size = vma->vm_end - vma->vm_start;
248
249 BUG_ON(!status);
250
251 /* only allows one page from the head */
252 if (vma->vm_pgoff > 0 || size != PAGE_SIZE)
253 return -EIO;
254 /* disallow writable mapping */
255 if (vma->vm_flags & VM_WRITE)
256 return -EPERM;
257 /* disallow mprotect() turns it into writable */
258 vm_flags_clear(vma, VM_MAYWRITE);
259
260 return remap_pfn_range(vma, vma->vm_start,
261 page_to_pfn(status),
262 size, vma->vm_page_prot);
263 }
264
265 static const struct file_operations sel_handle_status_ops = {
266 .open = sel_open_handle_status,
267 .read = sel_read_handle_status,
268 .mmap = sel_mmap_handle_status,
269 .llseek = generic_file_llseek,
270 };
271
sel_write_disable(struct file * file,const char __user * buf,size_t count,loff_t * ppos)272 static ssize_t sel_write_disable(struct file *file, const char __user *buf,
273 size_t count, loff_t *ppos)
274
275 {
276 char *page;
277 ssize_t length;
278 int new_value;
279
280 if (count >= PAGE_SIZE)
281 return -ENOMEM;
282
283 /* No partial writes. */
284 if (*ppos != 0)
285 return -EINVAL;
286
287 page = memdup_user_nul(buf, count);
288 if (IS_ERR(page))
289 return PTR_ERR(page);
290
291 if (sscanf(page, "%d", &new_value) != 1) {
292 length = -EINVAL;
293 goto out;
294 }
295 length = count;
296
297 if (new_value) {
298 pr_err("SELinux: https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-runtime-disable\n");
299 pr_err("SELinux: Runtime disable is not supported, use selinux=0 on the kernel cmdline.\n");
300 }
301
302 out:
303 kfree(page);
304 return length;
305 }
306
307 static const struct file_operations sel_disable_ops = {
308 .write = sel_write_disable,
309 .llseek = generic_file_llseek,
310 };
311
sel_read_policyvers(struct file * filp,char __user * buf,size_t count,loff_t * ppos)312 static ssize_t sel_read_policyvers(struct file *filp, char __user *buf,
313 size_t count, loff_t *ppos)
314 {
315 char tmpbuf[TMPBUFLEN];
316 ssize_t length;
317
318 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX);
319 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
320 }
321
322 static const struct file_operations sel_policyvers_ops = {
323 .read = sel_read_policyvers,
324 .llseek = generic_file_llseek,
325 };
326
327 /* declaration for sel_write_load */
328 static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_dir,
329 unsigned int *bool_num, char ***bool_pending_names,
330 int **bool_pending_values);
331 static int sel_make_classes(struct selinux_policy *newpolicy,
332 struct dentry *class_dir,
333 unsigned long *last_class_ino);
334
335 /* declaration for sel_make_class_dirs */
336 static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
337 unsigned long *ino);
338
339 /* declaration for sel_make_policy_nodes */
340 static struct dentry *sel_make_swapover_dir(struct super_block *sb,
341 unsigned long *ino);
342
sel_read_mls(struct file * filp,char __user * buf,size_t count,loff_t * ppos)343 static ssize_t sel_read_mls(struct file *filp, char __user *buf,
344 size_t count, loff_t *ppos)
345 {
346 char tmpbuf[TMPBUFLEN];
347 ssize_t length;
348
349 length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
350 security_mls_enabled());
351 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
352 }
353
354 static const struct file_operations sel_mls_ops = {
355 .read = sel_read_mls,
356 .llseek = generic_file_llseek,
357 };
358
359 struct policy_load_memory {
360 size_t len;
361 void *data;
362 };
363
sel_open_policy(struct inode * inode,struct file * filp)364 static int sel_open_policy(struct inode *inode, struct file *filp)
365 {
366 struct selinux_fs_info *fsi = inode->i_sb->s_fs_info;
367 struct policy_load_memory *plm = NULL;
368 int rc;
369
370 BUG_ON(filp->private_data);
371
372 mutex_lock(&selinux_state.policy_mutex);
373
374 rc = avc_has_perm(current_sid(), SECINITSID_SECURITY,
375 SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL);
376 if (rc)
377 goto err;
378
379 rc = -EBUSY;
380 if (fsi->policy_opened)
381 goto err;
382
383 rc = -ENOMEM;
384 plm = kzalloc(sizeof(*plm), GFP_KERNEL);
385 if (!plm)
386 goto err;
387
388 rc = security_read_policy(&plm->data, &plm->len);
389 if (rc)
390 goto err;
391
392 if ((size_t)i_size_read(inode) != plm->len) {
393 inode_lock(inode);
394 i_size_write(inode, plm->len);
395 inode_unlock(inode);
396 }
397
398 fsi->policy_opened = 1;
399
400 filp->private_data = plm;
401
402 mutex_unlock(&selinux_state.policy_mutex);
403
404 return 0;
405 err:
406 mutex_unlock(&selinux_state.policy_mutex);
407
408 if (plm)
409 vfree(plm->data);
410 kfree(plm);
411 return rc;
412 }
413
sel_release_policy(struct inode * inode,struct file * filp)414 static int sel_release_policy(struct inode *inode, struct file *filp)
415 {
416 struct selinux_fs_info *fsi = inode->i_sb->s_fs_info;
417 struct policy_load_memory *plm = filp->private_data;
418
419 BUG_ON(!plm);
420
421 fsi->policy_opened = 0;
422
423 vfree(plm->data);
424 kfree(plm);
425
426 return 0;
427 }
428
sel_read_policy(struct file * filp,char __user * buf,size_t count,loff_t * ppos)429 static ssize_t sel_read_policy(struct file *filp, char __user *buf,
430 size_t count, loff_t *ppos)
431 {
432 struct policy_load_memory *plm = filp->private_data;
433 int ret;
434
435 ret = avc_has_perm(current_sid(), SECINITSID_SECURITY,
436 SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL);
437 if (ret)
438 return ret;
439
440 return simple_read_from_buffer(buf, count, ppos, plm->data, plm->len);
441 }
442
sel_mmap_policy_fault(struct vm_fault * vmf)443 static vm_fault_t sel_mmap_policy_fault(struct vm_fault *vmf)
444 {
445 struct policy_load_memory *plm = vmf->vma->vm_file->private_data;
446 unsigned long offset;
447 struct page *page;
448
449 if (vmf->flags & (FAULT_FLAG_MKWRITE | FAULT_FLAG_WRITE))
450 return VM_FAULT_SIGBUS;
451
452 offset = vmf->pgoff << PAGE_SHIFT;
453 if (offset >= roundup(plm->len, PAGE_SIZE))
454 return VM_FAULT_SIGBUS;
455
456 page = vmalloc_to_page(plm->data + offset);
457 get_page(page);
458
459 vmf->page = page;
460
461 return 0;
462 }
463
464 static const struct vm_operations_struct sel_mmap_policy_ops = {
465 .fault = sel_mmap_policy_fault,
466 .page_mkwrite = sel_mmap_policy_fault,
467 };
468
sel_mmap_policy(struct file * filp,struct vm_area_struct * vma)469 static int sel_mmap_policy(struct file *filp, struct vm_area_struct *vma)
470 {
471 if (vma->vm_flags & VM_SHARED) {
472 /* do not allow mprotect to make mapping writable */
473 vm_flags_clear(vma, VM_MAYWRITE);
474
475 if (vma->vm_flags & VM_WRITE)
476 return -EACCES;
477 }
478
479 vm_flags_set(vma, VM_DONTEXPAND | VM_DONTDUMP);
480 vma->vm_ops = &sel_mmap_policy_ops;
481
482 return 0;
483 }
484
485 static const struct file_operations sel_policy_ops = {
486 .open = sel_open_policy,
487 .read = sel_read_policy,
488 .mmap = sel_mmap_policy,
489 .release = sel_release_policy,
490 .llseek = generic_file_llseek,
491 };
492
sel_remove_old_bool_data(unsigned int bool_num,char ** bool_names,int * bool_values)493 static void sel_remove_old_bool_data(unsigned int bool_num, char **bool_names,
494 int *bool_values)
495 {
496 u32 i;
497
498 /* bool_dir cleanup */
499 for (i = 0; i < bool_num; i++)
500 kfree(bool_names[i]);
501 kfree(bool_names);
502 kfree(bool_values);
503 }
504
sel_make_policy_nodes(struct selinux_fs_info * fsi,struct selinux_policy * newpolicy)505 static int sel_make_policy_nodes(struct selinux_fs_info *fsi,
506 struct selinux_policy *newpolicy)
507 {
508 int ret = 0;
509 struct dentry *tmp_parent, *tmp_bool_dir, *tmp_class_dir;
510 struct renamedata rd = {};
511 unsigned int bool_num = 0;
512 char **bool_names = NULL;
513 int *bool_values = NULL;
514 unsigned long tmp_ino = fsi->last_ino; /* Don't increment last_ino in this function */
515
516 tmp_parent = sel_make_swapover_dir(fsi->sb, &tmp_ino);
517 if (IS_ERR(tmp_parent))
518 return PTR_ERR(tmp_parent);
519
520 tmp_ino = fsi->bool_dir->d_inode->i_ino - 1; /* sel_make_dir will increment and set */
521 tmp_bool_dir = sel_make_dir(tmp_parent, BOOL_DIR_NAME, &tmp_ino);
522 if (IS_ERR(tmp_bool_dir)) {
523 ret = PTR_ERR(tmp_bool_dir);
524 goto out;
525 }
526
527 tmp_ino = fsi->class_dir->d_inode->i_ino - 1; /* sel_make_dir will increment and set */
528 tmp_class_dir = sel_make_dir(tmp_parent, CLASS_DIR_NAME, &tmp_ino);
529 if (IS_ERR(tmp_class_dir)) {
530 ret = PTR_ERR(tmp_class_dir);
531 goto out;
532 }
533
534 ret = sel_make_bools(newpolicy, tmp_bool_dir, &bool_num,
535 &bool_names, &bool_values);
536 if (ret)
537 goto out;
538
539 ret = sel_make_classes(newpolicy, tmp_class_dir,
540 &fsi->last_class_ino);
541 if (ret)
542 goto out;
543
544 rd.old_parent = tmp_parent;
545 rd.new_parent = fsi->sb->s_root;
546
547 /* booleans */
548 ret = start_renaming_two_dentries(&rd, tmp_bool_dir, fsi->bool_dir);
549 if (ret)
550 goto out;
551
552 d_exchange(tmp_bool_dir, fsi->bool_dir);
553
554 swap(fsi->bool_num, bool_num);
555 swap(fsi->bool_pending_names, bool_names);
556 swap(fsi->bool_pending_values, bool_values);
557
558 fsi->bool_dir = tmp_bool_dir;
559 end_renaming(&rd);
560
561 /* classes */
562 ret = start_renaming_two_dentries(&rd, tmp_class_dir, fsi->class_dir);
563 if (ret)
564 goto out;
565
566 d_exchange(tmp_class_dir, fsi->class_dir);
567 fsi->class_dir = tmp_class_dir;
568
569 end_renaming(&rd);
570
571 out:
572 sel_remove_old_bool_data(bool_num, bool_names, bool_values);
573 /* Since the other temporary dirs are children of tmp_parent
574 * this will handle all the cleanup in the case of a failure before
575 * the swapover
576 */
577 simple_recursive_removal(tmp_parent, NULL);
578
579 return ret;
580 }
581
sel_write_load(struct file * file,const char __user * buf,size_t count,loff_t * ppos)582 static ssize_t sel_write_load(struct file *file, const char __user *buf,
583 size_t count, loff_t *ppos)
584
585 {
586 struct selinux_fs_info *fsi;
587 struct selinux_load_state load_state;
588 ssize_t length;
589 void *data = NULL;
590
591 /* no partial writes */
592 if (*ppos)
593 return -EINVAL;
594 /* no empty policies */
595 if (!count)
596 return -EINVAL;
597
598 mutex_lock(&selinux_state.policy_mutex);
599
600 length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
601 SECCLASS_SECURITY, SECURITY__LOAD_POLICY, NULL);
602 if (length)
603 goto out;
604
605 data = vmalloc(count);
606 if (!data) {
607 length = -ENOMEM;
608 goto out;
609 }
610 if (copy_from_user(data, buf, count) != 0) {
611 length = -EFAULT;
612 goto out;
613 }
614
615 length = security_load_policy(data, count, &load_state);
616 if (length) {
617 pr_warn_ratelimited("SELinux: failed to load policy\n");
618 goto out;
619 }
620 fsi = file_inode(file)->i_sb->s_fs_info;
621 length = sel_make_policy_nodes(fsi, load_state.policy);
622 if (length) {
623 pr_warn_ratelimited("SELinux: failed to initialize selinuxfs\n");
624 selinux_policy_cancel(&load_state);
625 goto out;
626 }
627
628 selinux_policy_commit(&load_state);
629 length = count;
630 audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
631 "auid=%u ses=%u lsm=selinux res=1",
632 from_kuid(&init_user_ns, audit_get_loginuid(current)),
633 audit_get_sessionid(current));
634
635 out:
636 mutex_unlock(&selinux_state.policy_mutex);
637 vfree(data);
638 return length;
639 }
640
641 static const struct file_operations sel_load_ops = {
642 .write = sel_write_load,
643 .llseek = generic_file_llseek,
644 };
645
sel_write_context(struct file * file,char * buf,size_t size)646 static ssize_t sel_write_context(struct file *file, char *buf, size_t size)
647 {
648 char *canon = NULL;
649 u32 sid, len;
650 ssize_t length;
651
652 length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
653 SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, NULL);
654 if (length)
655 goto out;
656
657 length = security_context_to_sid(buf, size, &sid, GFP_KERNEL);
658 if (length)
659 goto out;
660
661 length = security_sid_to_context(sid, &canon, &len);
662 if (length)
663 goto out;
664
665 length = -ERANGE;
666 if (len > SIMPLE_TRANSACTION_LIMIT) {
667 pr_err("SELinux: %s: context size (%u) exceeds "
668 "payload max\n", __func__, len);
669 goto out;
670 }
671
672 memcpy(buf, canon, len);
673 length = len;
674 out:
675 kfree(canon);
676 return length;
677 }
678
sel_read_checkreqprot(struct file * filp,char __user * buf,size_t count,loff_t * ppos)679 static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf,
680 size_t count, loff_t *ppos)
681 {
682 char tmpbuf[TMPBUFLEN];
683 ssize_t length;
684
685 length = scnprintf(tmpbuf, TMPBUFLEN, "%u",
686 checkreqprot_get());
687 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
688 }
689
sel_write_checkreqprot(struct file * file,const char __user * buf,size_t count,loff_t * ppos)690 static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
691 size_t count, loff_t *ppos)
692 {
693 char *page;
694 ssize_t length;
695 unsigned int new_value;
696
697 length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
698 SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT,
699 NULL);
700 if (length)
701 return length;
702
703 if (count >= PAGE_SIZE)
704 return -ENOMEM;
705
706 /* No partial writes. */
707 if (*ppos != 0)
708 return -EINVAL;
709
710 page = memdup_user_nul(buf, count);
711 if (IS_ERR(page))
712 return PTR_ERR(page);
713
714 if (sscanf(page, "%u", &new_value) != 1) {
715 length = -EINVAL;
716 goto out;
717 }
718 length = count;
719
720 if (new_value) {
721 char comm[sizeof(current->comm)];
722
723 strscpy(comm, current->comm);
724 pr_err("SELinux: %s (%d) set checkreqprot to 1. This is no longer supported.\n",
725 comm, current->pid);
726 }
727
728 selinux_ima_measure_state();
729
730 out:
731 kfree(page);
732 return length;
733 }
734 static const struct file_operations sel_checkreqprot_ops = {
735 .read = sel_read_checkreqprot,
736 .write = sel_write_checkreqprot,
737 .llseek = generic_file_llseek,
738 };
739
sel_write_validatetrans(struct file * file,const char __user * buf,size_t count,loff_t * ppos)740 static ssize_t sel_write_validatetrans(struct file *file,
741 const char __user *buf,
742 size_t count, loff_t *ppos)
743 {
744 char *oldcon = NULL, *newcon = NULL, *taskcon = NULL;
745 char *req = NULL;
746 u32 osid, nsid, tsid;
747 u16 tclass;
748 int rc;
749
750 rc = avc_has_perm(current_sid(), SECINITSID_SECURITY,
751 SECCLASS_SECURITY, SECURITY__VALIDATE_TRANS, NULL);
752 if (rc)
753 goto out;
754
755 rc = -ENOMEM;
756 if (count >= PAGE_SIZE)
757 goto out;
758
759 /* No partial writes. */
760 rc = -EINVAL;
761 if (*ppos != 0)
762 goto out;
763
764 req = memdup_user_nul(buf, count);
765 if (IS_ERR(req)) {
766 rc = PTR_ERR(req);
767 req = NULL;
768 goto out;
769 }
770
771 rc = -ENOMEM;
772 oldcon = kzalloc(count + 1, GFP_KERNEL);
773 if (!oldcon)
774 goto out;
775
776 newcon = kzalloc(count + 1, GFP_KERNEL);
777 if (!newcon)
778 goto out;
779
780 taskcon = kzalloc(count + 1, GFP_KERNEL);
781 if (!taskcon)
782 goto out;
783
784 rc = -EINVAL;
785 if (sscanf(req, "%s %s %hu %s", oldcon, newcon, &tclass, taskcon) != 4)
786 goto out;
787
788 rc = security_context_str_to_sid(oldcon, &osid, GFP_KERNEL);
789 if (rc)
790 goto out;
791
792 rc = security_context_str_to_sid(newcon, &nsid, GFP_KERNEL);
793 if (rc)
794 goto out;
795
796 rc = security_context_str_to_sid(taskcon, &tsid, GFP_KERNEL);
797 if (rc)
798 goto out;
799
800 rc = security_validate_transition_user(osid, nsid, tsid, tclass);
801 if (!rc)
802 rc = count;
803 out:
804 kfree(req);
805 kfree(oldcon);
806 kfree(newcon);
807 kfree(taskcon);
808 return rc;
809 }
810
811 static const struct file_operations sel_transition_ops = {
812 .write = sel_write_validatetrans,
813 .llseek = generic_file_llseek,
814 };
815
816 /*
817 * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c
818 */
819 static ssize_t sel_write_access(struct file *file, char *buf, size_t size);
820 static ssize_t sel_write_create(struct file *file, char *buf, size_t size);
821 static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size);
822 static ssize_t sel_write_user(struct file *file, char *buf, size_t size);
823 static ssize_t sel_write_member(struct file *file, char *buf, size_t size);
824
825 static ssize_t (*const write_op[])(struct file *, char *, size_t) = {
826 [SEL_ACCESS] = sel_write_access,
827 [SEL_CREATE] = sel_write_create,
828 [SEL_RELABEL] = sel_write_relabel,
829 [SEL_USER] = sel_write_user,
830 [SEL_MEMBER] = sel_write_member,
831 [SEL_CONTEXT] = sel_write_context,
832 };
833
selinux_transaction_write(struct file * file,const char __user * buf,size_t size,loff_t * pos)834 static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos)
835 {
836 ino_t ino = file_inode(file)->i_ino;
837 char *data;
838 ssize_t rv;
839
840 if (ino >= ARRAY_SIZE(write_op) || !write_op[ino])
841 return -EINVAL;
842
843 data = simple_transaction_get(file, buf, size);
844 if (IS_ERR(data))
845 return PTR_ERR(data);
846
847 rv = write_op[ino](file, data, size);
848 if (rv > 0) {
849 simple_transaction_set(file, rv);
850 rv = size;
851 }
852 return rv;
853 }
854
855 static const struct file_operations transaction_ops = {
856 .write = selinux_transaction_write,
857 .read = simple_transaction_read,
858 .release = simple_transaction_release,
859 .llseek = generic_file_llseek,
860 };
861
862 /*
863 * payload - write methods
864 * If the method has a response, the response should be put in buf,
865 * and the length returned. Otherwise return 0 or and -error.
866 */
867
sel_write_access(struct file * file,char * buf,size_t size)868 static ssize_t sel_write_access(struct file *file, char *buf, size_t size)
869 {
870 char *scon = NULL, *tcon = NULL;
871 u32 ssid, tsid;
872 u16 tclass;
873 struct av_decision avd;
874 ssize_t length;
875
876 length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
877 SECCLASS_SECURITY, SECURITY__COMPUTE_AV, NULL);
878 if (length)
879 goto out;
880
881 length = -ENOMEM;
882 scon = kzalloc(size + 1, GFP_KERNEL);
883 if (!scon)
884 goto out;
885
886 length = -ENOMEM;
887 tcon = kzalloc(size + 1, GFP_KERNEL);
888 if (!tcon)
889 goto out;
890
891 length = -EINVAL;
892 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
893 goto out;
894
895 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
896 if (length)
897 goto out;
898
899 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
900 if (length)
901 goto out;
902
903 security_compute_av_user(ssid, tsid, tclass, &avd);
904
905 length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT,
906 "%x %x %x %x %u %x",
907 avd.allowed, 0xffffffff,
908 avd.auditallow, avd.auditdeny,
909 avd.seqno, avd.flags);
910 out:
911 kfree(tcon);
912 kfree(scon);
913 return length;
914 }
915
sel_write_create(struct file * file,char * buf,size_t size)916 static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
917 {
918 char *scon = NULL, *tcon = NULL;
919 char *namebuf = NULL, *objname = NULL;
920 u32 ssid, tsid, newsid;
921 u16 tclass;
922 ssize_t length;
923 char *newcon = NULL;
924 u32 len;
925 int nargs;
926
927 length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
928 SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE,
929 NULL);
930 if (length)
931 goto out;
932
933 length = -ENOMEM;
934 scon = kzalloc(size + 1, GFP_KERNEL);
935 if (!scon)
936 goto out;
937
938 length = -ENOMEM;
939 tcon = kzalloc(size + 1, GFP_KERNEL);
940 if (!tcon)
941 goto out;
942
943 length = -ENOMEM;
944 namebuf = kzalloc(size + 1, GFP_KERNEL);
945 if (!namebuf)
946 goto out;
947
948 length = -EINVAL;
949 nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf);
950 if (nargs < 3 || nargs > 4)
951 goto out;
952 if (nargs == 4) {
953 /*
954 * If and when the name of new object to be queried contains
955 * either whitespace or multibyte characters, they shall be
956 * encoded based on the percentage-encoding rule.
957 * If not encoded, the sscanf logic picks up only left-half
958 * of the supplied name; split by a whitespace unexpectedly.
959 */
960 char *r, *w;
961 int c1, c2;
962
963 r = w = namebuf;
964 do {
965 c1 = *r++;
966 if (c1 == '+')
967 c1 = ' ';
968 else if (c1 == '%') {
969 c1 = hex_to_bin(*r++);
970 if (c1 < 0)
971 goto out;
972 c2 = hex_to_bin(*r++);
973 if (c2 < 0)
974 goto out;
975 c1 = (c1 << 4) | c2;
976 }
977 *w++ = c1;
978 } while (c1 != '\0');
979
980 objname = namebuf;
981 }
982
983 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
984 if (length)
985 goto out;
986
987 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
988 if (length)
989 goto out;
990
991 length = security_transition_sid_user(ssid, tsid, tclass,
992 objname, &newsid);
993 if (length)
994 goto out;
995
996 length = security_sid_to_context(newsid, &newcon, &len);
997 if (length)
998 goto out;
999
1000 length = -ERANGE;
1001 if (len > SIMPLE_TRANSACTION_LIMIT) {
1002 pr_err("SELinux: %s: context size (%u) exceeds "
1003 "payload max\n", __func__, len);
1004 goto out;
1005 }
1006
1007 memcpy(buf, newcon, len);
1008 length = len;
1009 out:
1010 kfree(newcon);
1011 kfree(namebuf);
1012 kfree(tcon);
1013 kfree(scon);
1014 return length;
1015 }
1016
sel_write_relabel(struct file * file,char * buf,size_t size)1017 static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size)
1018 {
1019 char *scon = NULL, *tcon = NULL;
1020 u32 ssid, tsid, newsid;
1021 u16 tclass;
1022 ssize_t length;
1023 char *newcon = NULL;
1024 u32 len;
1025
1026 length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1027 SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL,
1028 NULL);
1029 if (length)
1030 goto out;
1031
1032 length = -ENOMEM;
1033 scon = kzalloc(size + 1, GFP_KERNEL);
1034 if (!scon)
1035 goto out;
1036
1037 length = -ENOMEM;
1038 tcon = kzalloc(size + 1, GFP_KERNEL);
1039 if (!tcon)
1040 goto out;
1041
1042 length = -EINVAL;
1043 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
1044 goto out;
1045
1046 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
1047 if (length)
1048 goto out;
1049
1050 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
1051 if (length)
1052 goto out;
1053
1054 length = security_change_sid(ssid, tsid, tclass, &newsid);
1055 if (length)
1056 goto out;
1057
1058 length = security_sid_to_context(newsid, &newcon, &len);
1059 if (length)
1060 goto out;
1061
1062 length = -ERANGE;
1063 if (len > SIMPLE_TRANSACTION_LIMIT)
1064 goto out;
1065
1066 memcpy(buf, newcon, len);
1067 length = len;
1068 out:
1069 kfree(newcon);
1070 kfree(tcon);
1071 kfree(scon);
1072 return length;
1073 }
1074
sel_write_user(struct file * file,char * buf,size_t size)1075 static ssize_t sel_write_user(struct file *file, char *buf, size_t size)
1076 {
1077 char *con = NULL, *user = NULL, *ptr;
1078 u32 sid, *sids = NULL;
1079 ssize_t length;
1080 char *newcon;
1081 int rc;
1082 u32 i, len, nsids;
1083
1084 pr_warn_ratelimited("SELinux: %s (%d) wrote to /sys/fs/selinux/user!"
1085 " This will not be supported in the future; please update your"
1086 " userspace.\n", current->comm, current->pid);
1087 ssleep(5);
1088
1089 length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1090 SECCLASS_SECURITY, SECURITY__COMPUTE_USER,
1091 NULL);
1092 if (length)
1093 goto out;
1094
1095 length = -ENOMEM;
1096 con = kzalloc(size + 1, GFP_KERNEL);
1097 if (!con)
1098 goto out;
1099
1100 length = -ENOMEM;
1101 user = kzalloc(size + 1, GFP_KERNEL);
1102 if (!user)
1103 goto out;
1104
1105 length = -EINVAL;
1106 if (sscanf(buf, "%s %s", con, user) != 2)
1107 goto out;
1108
1109 length = security_context_str_to_sid(con, &sid, GFP_KERNEL);
1110 if (length)
1111 goto out;
1112
1113 length = security_get_user_sids(sid, user, &sids, &nsids);
1114 if (length)
1115 goto out;
1116
1117 length = sprintf(buf, "%u", nsids) + 1;
1118 ptr = buf + length;
1119 for (i = 0; i < nsids; i++) {
1120 rc = security_sid_to_context(sids[i], &newcon, &len);
1121 if (rc) {
1122 length = rc;
1123 goto out;
1124 }
1125 if ((length + len) >= SIMPLE_TRANSACTION_LIMIT) {
1126 kfree(newcon);
1127 length = -ERANGE;
1128 goto out;
1129 }
1130 memcpy(ptr, newcon, len);
1131 kfree(newcon);
1132 ptr += len;
1133 length += len;
1134 }
1135 out:
1136 kfree(sids);
1137 kfree(user);
1138 kfree(con);
1139 return length;
1140 }
1141
sel_write_member(struct file * file,char * buf,size_t size)1142 static ssize_t sel_write_member(struct file *file, char *buf, size_t size)
1143 {
1144 char *scon = NULL, *tcon = NULL;
1145 u32 ssid, tsid, newsid;
1146 u16 tclass;
1147 ssize_t length;
1148 char *newcon = NULL;
1149 u32 len;
1150
1151 length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1152 SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER,
1153 NULL);
1154 if (length)
1155 goto out;
1156
1157 length = -ENOMEM;
1158 scon = kzalloc(size + 1, GFP_KERNEL);
1159 if (!scon)
1160 goto out;
1161
1162 length = -ENOMEM;
1163 tcon = kzalloc(size + 1, GFP_KERNEL);
1164 if (!tcon)
1165 goto out;
1166
1167 length = -EINVAL;
1168 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
1169 goto out;
1170
1171 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
1172 if (length)
1173 goto out;
1174
1175 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
1176 if (length)
1177 goto out;
1178
1179 length = security_member_sid(ssid, tsid, tclass, &newsid);
1180 if (length)
1181 goto out;
1182
1183 length = security_sid_to_context(newsid, &newcon, &len);
1184 if (length)
1185 goto out;
1186
1187 length = -ERANGE;
1188 if (len > SIMPLE_TRANSACTION_LIMIT) {
1189 pr_err("SELinux: %s: context size (%u) exceeds "
1190 "payload max\n", __func__, len);
1191 goto out;
1192 }
1193
1194 memcpy(buf, newcon, len);
1195 length = len;
1196 out:
1197 kfree(newcon);
1198 kfree(tcon);
1199 kfree(scon);
1200 return length;
1201 }
1202
sel_make_inode(struct super_block * sb,umode_t mode)1203 static struct inode *sel_make_inode(struct super_block *sb, umode_t mode)
1204 {
1205 struct inode *ret = new_inode(sb);
1206
1207 if (ret) {
1208 ret->i_mode = mode;
1209 simple_inode_init_ts(ret);
1210 }
1211 return ret;
1212 }
1213
sel_read_bool(struct file * filep,char __user * buf,size_t count,loff_t * ppos)1214 static ssize_t sel_read_bool(struct file *filep, char __user *buf,
1215 size_t count, loff_t *ppos)
1216 {
1217 struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info;
1218 char buffer[4];
1219 ssize_t length;
1220 ssize_t ret;
1221 int cur_enforcing;
1222 unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
1223 const char *name = filep->f_path.dentry->d_name.name;
1224
1225 mutex_lock(&selinux_state.policy_mutex);
1226
1227 ret = -EINVAL;
1228 if (index >= fsi->bool_num || strcmp(name,
1229 fsi->bool_pending_names[index]))
1230 goto out_unlock;
1231
1232 cur_enforcing = security_get_bool_value(index);
1233 if (cur_enforcing < 0) {
1234 ret = cur_enforcing;
1235 goto out_unlock;
1236 }
1237 length = scnprintf(buffer, sizeof(buffer), "%d %d", !!cur_enforcing,
1238 !!fsi->bool_pending_values[index]);
1239 mutex_unlock(&selinux_state.policy_mutex);
1240 return simple_read_from_buffer(buf, count, ppos, buffer, length);
1241
1242 out_unlock:
1243 mutex_unlock(&selinux_state.policy_mutex);
1244 return ret;
1245 }
1246
sel_write_bool(struct file * filep,const char __user * buf,size_t count,loff_t * ppos)1247 static ssize_t sel_write_bool(struct file *filep, const char __user *buf,
1248 size_t count, loff_t *ppos)
1249 {
1250 struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info;
1251 char *page = NULL;
1252 ssize_t length;
1253 int new_value;
1254 unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
1255 const char *name = filep->f_path.dentry->d_name.name;
1256
1257 if (count >= PAGE_SIZE)
1258 return -ENOMEM;
1259
1260 /* No partial writes. */
1261 if (*ppos != 0)
1262 return -EINVAL;
1263
1264 page = memdup_user_nul(buf, count);
1265 if (IS_ERR(page))
1266 return PTR_ERR(page);
1267
1268 mutex_lock(&selinux_state.policy_mutex);
1269
1270 length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1271 SECCLASS_SECURITY, SECURITY__SETBOOL,
1272 NULL);
1273 if (length)
1274 goto out;
1275
1276 length = -EINVAL;
1277 if (index >= fsi->bool_num || strcmp(name,
1278 fsi->bool_pending_names[index]))
1279 goto out;
1280
1281 length = -EINVAL;
1282 if (sscanf(page, "%d", &new_value) != 1)
1283 goto out;
1284
1285 if (new_value)
1286 new_value = 1;
1287
1288 fsi->bool_pending_values[index] = new_value;
1289 length = count;
1290
1291 out:
1292 mutex_unlock(&selinux_state.policy_mutex);
1293 kfree(page);
1294 return length;
1295 }
1296
1297 static const struct file_operations sel_bool_ops = {
1298 .read = sel_read_bool,
1299 .write = sel_write_bool,
1300 .llseek = generic_file_llseek,
1301 };
1302
sel_commit_bools_write(struct file * filep,const char __user * buf,size_t count,loff_t * ppos)1303 static ssize_t sel_commit_bools_write(struct file *filep,
1304 const char __user *buf,
1305 size_t count, loff_t *ppos)
1306 {
1307 struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info;
1308 char *page = NULL;
1309 ssize_t length;
1310 int new_value;
1311
1312 if (count >= PAGE_SIZE)
1313 return -ENOMEM;
1314
1315 /* No partial writes. */
1316 if (*ppos != 0)
1317 return -EINVAL;
1318
1319 page = memdup_user_nul(buf, count);
1320 if (IS_ERR(page))
1321 return PTR_ERR(page);
1322
1323 mutex_lock(&selinux_state.policy_mutex);
1324
1325 length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1326 SECCLASS_SECURITY, SECURITY__SETBOOL,
1327 NULL);
1328 if (length)
1329 goto out;
1330
1331 length = -EINVAL;
1332 if (sscanf(page, "%d", &new_value) != 1)
1333 goto out;
1334
1335 length = 0;
1336 if (new_value && fsi->bool_pending_values)
1337 length = security_set_bools(fsi->bool_num,
1338 fsi->bool_pending_values);
1339
1340 if (!length)
1341 length = count;
1342
1343 out:
1344 mutex_unlock(&selinux_state.policy_mutex);
1345 kfree(page);
1346 return length;
1347 }
1348
1349 static const struct file_operations sel_commit_bools_ops = {
1350 .write = sel_commit_bools_write,
1351 .llseek = generic_file_llseek,
1352 };
1353
sel_make_bools(struct selinux_policy * newpolicy,struct dentry * bool_dir,unsigned int * bool_num,char *** bool_pending_names,int ** bool_pending_values)1354 static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_dir,
1355 unsigned int *bool_num, char ***bool_pending_names,
1356 int **bool_pending_values)
1357 {
1358 int ret;
1359 char **names, *page;
1360 u32 i, num;
1361
1362 page = (char *)get_zeroed_page(GFP_KERNEL);
1363 if (!page)
1364 return -ENOMEM;
1365
1366 ret = security_get_bools(newpolicy, &num, &names, bool_pending_values);
1367 if (ret)
1368 goto out;
1369
1370 *bool_num = num;
1371 *bool_pending_names = names;
1372
1373 for (i = 0; i < num; i++) {
1374 struct dentry *dentry;
1375 struct inode *inode;
1376 struct inode_security_struct *isec;
1377 ssize_t len;
1378 u32 sid;
1379
1380 len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]);
1381 if (len >= PAGE_SIZE) {
1382 ret = -ENAMETOOLONG;
1383 break;
1384 }
1385 dentry = d_alloc_name(bool_dir, names[i]);
1386 if (!dentry) {
1387 ret = -ENOMEM;
1388 break;
1389 }
1390
1391 inode = sel_make_inode(bool_dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR);
1392 if (!inode) {
1393 dput(dentry);
1394 ret = -ENOMEM;
1395 break;
1396 }
1397
1398 isec = selinux_inode(inode);
1399 ret = selinux_policy_genfs_sid(newpolicy, "selinuxfs", page,
1400 SECCLASS_FILE, &sid);
1401 if (ret) {
1402 pr_warn_ratelimited("SELinux: no sid found, defaulting to security isid for %s\n",
1403 page);
1404 sid = SECINITSID_SECURITY;
1405 }
1406
1407 isec->sid = sid;
1408 isec->initialized = LABEL_INITIALIZED;
1409 inode->i_fop = &sel_bool_ops;
1410 inode->i_ino = i|SEL_BOOL_INO_OFFSET;
1411 d_add(dentry, inode);
1412 }
1413 out:
1414 free_page((unsigned long)page);
1415 return ret;
1416 }
1417
sel_read_avc_cache_threshold(struct file * filp,char __user * buf,size_t count,loff_t * ppos)1418 static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf,
1419 size_t count, loff_t *ppos)
1420 {
1421 char tmpbuf[TMPBUFLEN];
1422 ssize_t length;
1423
1424 length = scnprintf(tmpbuf, TMPBUFLEN, "%u",
1425 avc_get_cache_threshold());
1426 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
1427 }
1428
sel_write_avc_cache_threshold(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1429 static ssize_t sel_write_avc_cache_threshold(struct file *file,
1430 const char __user *buf,
1431 size_t count, loff_t *ppos)
1432
1433 {
1434 char *page;
1435 ssize_t ret;
1436 unsigned int new_value;
1437
1438 ret = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1439 SECCLASS_SECURITY, SECURITY__SETSECPARAM,
1440 NULL);
1441 if (ret)
1442 return ret;
1443
1444 if (count >= PAGE_SIZE)
1445 return -ENOMEM;
1446
1447 /* No partial writes. */
1448 if (*ppos != 0)
1449 return -EINVAL;
1450
1451 page = memdup_user_nul(buf, count);
1452 if (IS_ERR(page))
1453 return PTR_ERR(page);
1454
1455 ret = -EINVAL;
1456 if (sscanf(page, "%u", &new_value) != 1)
1457 goto out;
1458
1459 avc_set_cache_threshold(new_value);
1460
1461 ret = count;
1462 out:
1463 kfree(page);
1464 return ret;
1465 }
1466
sel_read_avc_hash_stats(struct file * filp,char __user * buf,size_t count,loff_t * ppos)1467 static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf,
1468 size_t count, loff_t *ppos)
1469 {
1470 char *page;
1471 ssize_t length;
1472
1473 page = (char *)__get_free_page(GFP_KERNEL);
1474 if (!page)
1475 return -ENOMEM;
1476
1477 length = avc_get_hash_stats(page);
1478 if (length >= 0)
1479 length = simple_read_from_buffer(buf, count, ppos, page, length);
1480 free_page((unsigned long)page);
1481
1482 return length;
1483 }
1484
sel_read_sidtab_hash_stats(struct file * filp,char __user * buf,size_t count,loff_t * ppos)1485 static ssize_t sel_read_sidtab_hash_stats(struct file *filp, char __user *buf,
1486 size_t count, loff_t *ppos)
1487 {
1488 char *page;
1489 ssize_t length;
1490
1491 page = (char *)__get_free_page(GFP_KERNEL);
1492 if (!page)
1493 return -ENOMEM;
1494
1495 length = security_sidtab_hash_stats(page);
1496 if (length >= 0)
1497 length = simple_read_from_buffer(buf, count, ppos, page,
1498 length);
1499 free_page((unsigned long)page);
1500
1501 return length;
1502 }
1503
1504 static const struct file_operations sel_sidtab_hash_stats_ops = {
1505 .read = sel_read_sidtab_hash_stats,
1506 .llseek = generic_file_llseek,
1507 };
1508
1509 static const struct file_operations sel_avc_cache_threshold_ops = {
1510 .read = sel_read_avc_cache_threshold,
1511 .write = sel_write_avc_cache_threshold,
1512 .llseek = generic_file_llseek,
1513 };
1514
1515 static const struct file_operations sel_avc_hash_stats_ops = {
1516 .read = sel_read_avc_hash_stats,
1517 .llseek = generic_file_llseek,
1518 };
1519
1520 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
sel_avc_get_stat_idx(loff_t * idx)1521 static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx)
1522 {
1523 loff_t cpu;
1524
1525 for (cpu = *idx; cpu < nr_cpu_ids; ++cpu) {
1526 if (!cpu_possible(cpu))
1527 continue;
1528 *idx = cpu + 1;
1529 return &per_cpu(avc_cache_stats, cpu);
1530 }
1531 (*idx)++;
1532 return NULL;
1533 }
1534
sel_avc_stats_seq_start(struct seq_file * seq,loff_t * pos)1535 static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos)
1536 {
1537 loff_t n = *pos - 1;
1538
1539 if (*pos == 0)
1540 return SEQ_START_TOKEN;
1541
1542 return sel_avc_get_stat_idx(&n);
1543 }
1544
sel_avc_stats_seq_next(struct seq_file * seq,void * v,loff_t * pos)1545 static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1546 {
1547 return sel_avc_get_stat_idx(pos);
1548 }
1549
sel_avc_stats_seq_show(struct seq_file * seq,void * v)1550 static int sel_avc_stats_seq_show(struct seq_file *seq, void *v)
1551 {
1552 struct avc_cache_stats *st = v;
1553
1554 if (v == SEQ_START_TOKEN) {
1555 seq_puts(seq,
1556 "lookups hits misses allocations reclaims frees\n");
1557 } else {
1558 unsigned int lookups = st->lookups;
1559 unsigned int misses = st->misses;
1560 unsigned int hits = lookups - misses;
1561 seq_printf(seq, "%u %u %u %u %u %u\n", lookups,
1562 hits, misses, st->allocations,
1563 st->reclaims, st->frees);
1564 }
1565 return 0;
1566 }
1567
sel_avc_stats_seq_stop(struct seq_file * seq,void * v)1568 static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v)
1569 { }
1570
1571 static const struct seq_operations sel_avc_cache_stats_seq_ops = {
1572 .start = sel_avc_stats_seq_start,
1573 .next = sel_avc_stats_seq_next,
1574 .show = sel_avc_stats_seq_show,
1575 .stop = sel_avc_stats_seq_stop,
1576 };
1577
sel_open_avc_cache_stats(struct inode * inode,struct file * file)1578 static int sel_open_avc_cache_stats(struct inode *inode, struct file *file)
1579 {
1580 return seq_open(file, &sel_avc_cache_stats_seq_ops);
1581 }
1582
1583 static const struct file_operations sel_avc_cache_stats_ops = {
1584 .open = sel_open_avc_cache_stats,
1585 .read = seq_read,
1586 .llseek = seq_lseek,
1587 .release = seq_release,
1588 };
1589 #endif
1590
sel_make_avc_files(struct dentry * dir)1591 static int sel_make_avc_files(struct dentry *dir)
1592 {
1593 struct super_block *sb = dir->d_sb;
1594 struct selinux_fs_info *fsi = sb->s_fs_info;
1595 unsigned int i;
1596 static const struct tree_descr files[] = {
1597 { "cache_threshold",
1598 &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR },
1599 { "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO },
1600 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
1601 { "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO },
1602 #endif
1603 };
1604
1605 for (i = 0; i < ARRAY_SIZE(files); i++) {
1606 struct inode *inode;
1607 struct dentry *dentry;
1608
1609 dentry = d_alloc_name(dir, files[i].name);
1610 if (!dentry)
1611 return -ENOMEM;
1612
1613 inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode);
1614 if (!inode) {
1615 dput(dentry);
1616 return -ENOMEM;
1617 }
1618
1619 inode->i_fop = files[i].ops;
1620 inode->i_ino = ++fsi->last_ino;
1621 d_add(dentry, inode);
1622 }
1623
1624 return 0;
1625 }
1626
sel_make_ss_files(struct dentry * dir)1627 static int sel_make_ss_files(struct dentry *dir)
1628 {
1629 struct super_block *sb = dir->d_sb;
1630 struct selinux_fs_info *fsi = sb->s_fs_info;
1631 unsigned int i;
1632 static const struct tree_descr files[] = {
1633 { "sidtab_hash_stats", &sel_sidtab_hash_stats_ops, S_IRUGO },
1634 };
1635
1636 for (i = 0; i < ARRAY_SIZE(files); i++) {
1637 struct inode *inode;
1638 struct dentry *dentry;
1639
1640 dentry = d_alloc_name(dir, files[i].name);
1641 if (!dentry)
1642 return -ENOMEM;
1643
1644 inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode);
1645 if (!inode) {
1646 dput(dentry);
1647 return -ENOMEM;
1648 }
1649
1650 inode->i_fop = files[i].ops;
1651 inode->i_ino = ++fsi->last_ino;
1652 d_add(dentry, inode);
1653 }
1654
1655 return 0;
1656 }
1657
sel_read_initcon(struct file * file,char __user * buf,size_t count,loff_t * ppos)1658 static ssize_t sel_read_initcon(struct file *file, char __user *buf,
1659 size_t count, loff_t *ppos)
1660 {
1661 char *con;
1662 u32 sid, len;
1663 ssize_t ret;
1664
1665 sid = file_inode(file)->i_ino&SEL_INO_MASK;
1666 ret = security_sid_to_context(sid, &con, &len);
1667 if (ret)
1668 return ret;
1669
1670 ret = simple_read_from_buffer(buf, count, ppos, con, len);
1671 kfree(con);
1672 return ret;
1673 }
1674
1675 static const struct file_operations sel_initcon_ops = {
1676 .read = sel_read_initcon,
1677 .llseek = generic_file_llseek,
1678 };
1679
sel_make_initcon_files(struct dentry * dir)1680 static int sel_make_initcon_files(struct dentry *dir)
1681 {
1682 unsigned int i;
1683
1684 for (i = 1; i <= SECINITSID_NUM; i++) {
1685 struct inode *inode;
1686 struct dentry *dentry;
1687 const char *s = security_get_initial_sid_context(i);
1688
1689 if (!s)
1690 continue;
1691 dentry = d_alloc_name(dir, s);
1692 if (!dentry)
1693 return -ENOMEM;
1694
1695 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1696 if (!inode) {
1697 dput(dentry);
1698 return -ENOMEM;
1699 }
1700
1701 inode->i_fop = &sel_initcon_ops;
1702 inode->i_ino = i|SEL_INITCON_INO_OFFSET;
1703 d_add(dentry, inode);
1704 }
1705
1706 return 0;
1707 }
1708
sel_class_to_ino(u16 class)1709 static inline unsigned long sel_class_to_ino(u16 class)
1710 {
1711 return (class * (SEL_VEC_MAX + 1)) | SEL_CLASS_INO_OFFSET;
1712 }
1713
sel_ino_to_class(unsigned long ino)1714 static inline u16 sel_ino_to_class(unsigned long ino)
1715 {
1716 return (ino & SEL_INO_MASK) / (SEL_VEC_MAX + 1);
1717 }
1718
sel_perm_to_ino(u16 class,u32 perm)1719 static inline unsigned long sel_perm_to_ino(u16 class, u32 perm)
1720 {
1721 return (class * (SEL_VEC_MAX + 1) + perm) | SEL_CLASS_INO_OFFSET;
1722 }
1723
sel_ino_to_perm(unsigned long ino)1724 static inline u32 sel_ino_to_perm(unsigned long ino)
1725 {
1726 return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1);
1727 }
1728
sel_read_class(struct file * file,char __user * buf,size_t count,loff_t * ppos)1729 static ssize_t sel_read_class(struct file *file, char __user *buf,
1730 size_t count, loff_t *ppos)
1731 {
1732 unsigned long ino = file_inode(file)->i_ino;
1733 char res[TMPBUFLEN];
1734 ssize_t len = scnprintf(res, sizeof(res), "%d", sel_ino_to_class(ino));
1735 return simple_read_from_buffer(buf, count, ppos, res, len);
1736 }
1737
1738 static const struct file_operations sel_class_ops = {
1739 .read = sel_read_class,
1740 .llseek = generic_file_llseek,
1741 };
1742
sel_read_perm(struct file * file,char __user * buf,size_t count,loff_t * ppos)1743 static ssize_t sel_read_perm(struct file *file, char __user *buf,
1744 size_t count, loff_t *ppos)
1745 {
1746 unsigned long ino = file_inode(file)->i_ino;
1747 char res[TMPBUFLEN];
1748 ssize_t len = scnprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino));
1749 return simple_read_from_buffer(buf, count, ppos, res, len);
1750 }
1751
1752 static const struct file_operations sel_perm_ops = {
1753 .read = sel_read_perm,
1754 .llseek = generic_file_llseek,
1755 };
1756
sel_read_policycap(struct file * file,char __user * buf,size_t count,loff_t * ppos)1757 static ssize_t sel_read_policycap(struct file *file, char __user *buf,
1758 size_t count, loff_t *ppos)
1759 {
1760 int value;
1761 char tmpbuf[TMPBUFLEN];
1762 ssize_t length;
1763 unsigned long i_ino = file_inode(file)->i_ino;
1764
1765 value = security_policycap_supported(i_ino & SEL_INO_MASK);
1766 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value);
1767
1768 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
1769 }
1770
1771 static const struct file_operations sel_policycap_ops = {
1772 .read = sel_read_policycap,
1773 .llseek = generic_file_llseek,
1774 };
1775
sel_make_perm_files(struct selinux_policy * newpolicy,char * objclass,int classvalue,struct dentry * dir)1776 static int sel_make_perm_files(struct selinux_policy *newpolicy,
1777 char *objclass, int classvalue,
1778 struct dentry *dir)
1779 {
1780 u32 i, nperms;
1781 int rc;
1782 char **perms;
1783
1784 rc = security_get_permissions(newpolicy, objclass, &perms, &nperms);
1785 if (rc)
1786 return rc;
1787
1788 for (i = 0; i < nperms; i++) {
1789 struct inode *inode;
1790 struct dentry *dentry;
1791
1792 rc = -ENOMEM;
1793 dentry = d_alloc_name(dir, perms[i]);
1794 if (!dentry)
1795 goto out;
1796
1797 rc = -ENOMEM;
1798 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1799 if (!inode) {
1800 dput(dentry);
1801 goto out;
1802 }
1803
1804 inode->i_fop = &sel_perm_ops;
1805 /* i+1 since perm values are 1-indexed */
1806 inode->i_ino = sel_perm_to_ino(classvalue, i + 1);
1807 d_add(dentry, inode);
1808 }
1809 rc = 0;
1810 out:
1811 for (i = 0; i < nperms; i++)
1812 kfree(perms[i]);
1813 kfree(perms);
1814 return rc;
1815 }
1816
sel_make_class_dir_entries(struct selinux_policy * newpolicy,char * classname,int index,struct dentry * dir)1817 static int sel_make_class_dir_entries(struct selinux_policy *newpolicy,
1818 char *classname, int index,
1819 struct dentry *dir)
1820 {
1821 struct super_block *sb = dir->d_sb;
1822 struct selinux_fs_info *fsi = sb->s_fs_info;
1823 struct dentry *dentry = NULL;
1824 struct inode *inode = NULL;
1825
1826 dentry = d_alloc_name(dir, "index");
1827 if (!dentry)
1828 return -ENOMEM;
1829
1830 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1831 if (!inode) {
1832 dput(dentry);
1833 return -ENOMEM;
1834 }
1835
1836 inode->i_fop = &sel_class_ops;
1837 inode->i_ino = sel_class_to_ino(index);
1838 d_add(dentry, inode);
1839
1840 dentry = sel_make_dir(dir, "perms", &fsi->last_class_ino);
1841 if (IS_ERR(dentry))
1842 return PTR_ERR(dentry);
1843
1844 return sel_make_perm_files(newpolicy, classname, index, dentry);
1845 }
1846
sel_make_classes(struct selinux_policy * newpolicy,struct dentry * class_dir,unsigned long * last_class_ino)1847 static int sel_make_classes(struct selinux_policy *newpolicy,
1848 struct dentry *class_dir,
1849 unsigned long *last_class_ino)
1850 {
1851 u32 i, nclasses;
1852 int rc;
1853 char **classes;
1854
1855 rc = security_get_classes(newpolicy, &classes, &nclasses);
1856 if (rc)
1857 return rc;
1858
1859 /* +2 since classes are 1-indexed */
1860 *last_class_ino = sel_class_to_ino(nclasses + 2);
1861
1862 for (i = 0; i < nclasses; i++) {
1863 struct dentry *class_name_dir;
1864
1865 class_name_dir = sel_make_dir(class_dir, classes[i],
1866 last_class_ino);
1867 if (IS_ERR(class_name_dir)) {
1868 rc = PTR_ERR(class_name_dir);
1869 goto out;
1870 }
1871
1872 /* i+1 since class values are 1-indexed */
1873 rc = sel_make_class_dir_entries(newpolicy, classes[i], i + 1,
1874 class_name_dir);
1875 if (rc)
1876 goto out;
1877 }
1878 rc = 0;
1879 out:
1880 for (i = 0; i < nclasses; i++)
1881 kfree(classes[i]);
1882 kfree(classes);
1883 return rc;
1884 }
1885
sel_make_policycap(struct selinux_fs_info * fsi)1886 static int sel_make_policycap(struct selinux_fs_info *fsi)
1887 {
1888 unsigned int iter;
1889 struct dentry *dentry = NULL;
1890 struct inode *inode = NULL;
1891
1892 for (iter = 0; iter <= POLICYDB_CAP_MAX; iter++) {
1893 if (iter < ARRAY_SIZE(selinux_policycap_names))
1894 dentry = d_alloc_name(fsi->policycap_dir,
1895 selinux_policycap_names[iter]);
1896 else
1897 dentry = d_alloc_name(fsi->policycap_dir, "unknown");
1898
1899 if (dentry == NULL)
1900 return -ENOMEM;
1901
1902 inode = sel_make_inode(fsi->sb, S_IFREG | 0444);
1903 if (inode == NULL) {
1904 dput(dentry);
1905 return -ENOMEM;
1906 }
1907
1908 inode->i_fop = &sel_policycap_ops;
1909 inode->i_ino = iter | SEL_POLICYCAP_INO_OFFSET;
1910 d_add(dentry, inode);
1911 }
1912
1913 return 0;
1914 }
1915
sel_make_dir(struct dentry * dir,const char * name,unsigned long * ino)1916 static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
1917 unsigned long *ino)
1918 {
1919 struct dentry *dentry = d_alloc_name(dir, name);
1920 struct inode *inode;
1921
1922 if (!dentry)
1923 return ERR_PTR(-ENOMEM);
1924
1925 inode = sel_make_inode(dir->d_sb, S_IFDIR | S_IRUGO | S_IXUGO);
1926 if (!inode) {
1927 dput(dentry);
1928 return ERR_PTR(-ENOMEM);
1929 }
1930
1931 inode->i_op = &simple_dir_inode_operations;
1932 inode->i_fop = &simple_dir_operations;
1933 inode->i_ino = ++(*ino);
1934 /* directory inodes start off with i_nlink == 2 (for "." entry) */
1935 inc_nlink(inode);
1936 d_add(dentry, inode);
1937 /* bump link count on parent directory, too */
1938 inc_nlink(d_inode(dir));
1939
1940 return dentry;
1941 }
1942
reject_all(struct mnt_idmap * idmap,struct inode * inode,int mask)1943 static int reject_all(struct mnt_idmap *idmap, struct inode *inode, int mask)
1944 {
1945 return -EPERM; // no access for anyone, root or no root.
1946 }
1947
1948 static const struct inode_operations swapover_dir_inode_operations = {
1949 .lookup = simple_lookup,
1950 .permission = reject_all,
1951 };
1952
sel_make_swapover_dir(struct super_block * sb,unsigned long * ino)1953 static struct dentry *sel_make_swapover_dir(struct super_block *sb,
1954 unsigned long *ino)
1955 {
1956 struct dentry *dentry = d_alloc_name(sb->s_root, ".swapover");
1957 struct inode *inode;
1958
1959 if (!dentry)
1960 return ERR_PTR(-ENOMEM);
1961
1962 inode = sel_make_inode(sb, S_IFDIR);
1963 if (!inode) {
1964 dput(dentry);
1965 return ERR_PTR(-ENOMEM);
1966 }
1967
1968 inode->i_op = &swapover_dir_inode_operations;
1969 inode->i_ino = ++(*ino);
1970 /* directory inodes start off with i_nlink == 2 (for "." entry) */
1971 inc_nlink(inode);
1972 inode_lock(sb->s_root->d_inode);
1973 d_add(dentry, inode);
1974 inc_nlink(sb->s_root->d_inode);
1975 inode_unlock(sb->s_root->d_inode);
1976 return dentry;
1977 }
1978
1979 #define NULL_FILE_NAME "null"
1980
sel_fill_super(struct super_block * sb,struct fs_context * fc)1981 static int sel_fill_super(struct super_block *sb, struct fs_context *fc)
1982 {
1983 struct selinux_fs_info *fsi;
1984 int ret;
1985 struct dentry *dentry;
1986 struct inode *inode;
1987 struct inode_security_struct *isec;
1988
1989 static const struct tree_descr selinux_files[] = {
1990 [SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR},
1991 [SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR},
1992 [SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO},
1993 [SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO},
1994 [SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO},
1995 [SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO},
1996 [SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO},
1997 [SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO},
1998 [SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR},
1999 [SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO},
2000 [SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR},
2001 [SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO},
2002 [SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR},
2003 [SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO},
2004 [SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO},
2005 [SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO},
2006 [SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO},
2007 [SEL_VALIDATE_TRANS] = {"validatetrans", &sel_transition_ops,
2008 S_IWUGO},
2009 /* last one */ {"", NULL, 0}
2010 };
2011
2012 ret = selinux_fs_info_create(sb);
2013 if (ret)
2014 goto err;
2015
2016 ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);
2017 if (ret)
2018 goto err;
2019
2020 fsi = sb->s_fs_info;
2021 fsi->bool_dir = sel_make_dir(sb->s_root, BOOL_DIR_NAME, &fsi->last_ino);
2022 if (IS_ERR(fsi->bool_dir)) {
2023 ret = PTR_ERR(fsi->bool_dir);
2024 fsi->bool_dir = NULL;
2025 goto err;
2026 }
2027
2028 ret = -ENOMEM;
2029 dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME);
2030 if (!dentry)
2031 goto err;
2032
2033 ret = -ENOMEM;
2034 inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO);
2035 if (!inode) {
2036 dput(dentry);
2037 goto err;
2038 }
2039
2040 inode->i_ino = ++fsi->last_ino;
2041 isec = selinux_inode(inode);
2042 isec->sid = SECINITSID_DEVNULL;
2043 isec->sclass = SECCLASS_CHR_FILE;
2044 isec->initialized = LABEL_INITIALIZED;
2045
2046 init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3));
2047 d_add(dentry, inode);
2048
2049 dentry = sel_make_dir(sb->s_root, "avc", &fsi->last_ino);
2050 if (IS_ERR(dentry)) {
2051 ret = PTR_ERR(dentry);
2052 goto err;
2053 }
2054
2055 ret = sel_make_avc_files(dentry);
2056 if (ret)
2057 goto err;
2058
2059 dentry = sel_make_dir(sb->s_root, "ss", &fsi->last_ino);
2060 if (IS_ERR(dentry)) {
2061 ret = PTR_ERR(dentry);
2062 goto err;
2063 }
2064
2065 ret = sel_make_ss_files(dentry);
2066 if (ret)
2067 goto err;
2068
2069 dentry = sel_make_dir(sb->s_root, "initial_contexts", &fsi->last_ino);
2070 if (IS_ERR(dentry)) {
2071 ret = PTR_ERR(dentry);
2072 goto err;
2073 }
2074
2075 ret = sel_make_initcon_files(dentry);
2076 if (ret)
2077 goto err;
2078
2079 fsi->class_dir = sel_make_dir(sb->s_root, CLASS_DIR_NAME, &fsi->last_ino);
2080 if (IS_ERR(fsi->class_dir)) {
2081 ret = PTR_ERR(fsi->class_dir);
2082 fsi->class_dir = NULL;
2083 goto err;
2084 }
2085
2086 fsi->policycap_dir = sel_make_dir(sb->s_root, POLICYCAP_DIR_NAME,
2087 &fsi->last_ino);
2088 if (IS_ERR(fsi->policycap_dir)) {
2089 ret = PTR_ERR(fsi->policycap_dir);
2090 fsi->policycap_dir = NULL;
2091 goto err;
2092 }
2093
2094 ret = sel_make_policycap(fsi);
2095 if (ret) {
2096 pr_err("SELinux: failed to load policy capabilities\n");
2097 goto err;
2098 }
2099
2100 return 0;
2101 err:
2102 pr_err("SELinux: %s: failed while creating inodes\n",
2103 __func__);
2104
2105 return ret;
2106 }
2107
sel_get_tree(struct fs_context * fc)2108 static int sel_get_tree(struct fs_context *fc)
2109 {
2110 return get_tree_single(fc, sel_fill_super);
2111 }
2112
2113 static const struct fs_context_operations sel_context_ops = {
2114 .get_tree = sel_get_tree,
2115 };
2116
sel_init_fs_context(struct fs_context * fc)2117 static int sel_init_fs_context(struct fs_context *fc)
2118 {
2119 fc->ops = &sel_context_ops;
2120 return 0;
2121 }
2122
sel_kill_sb(struct super_block * sb)2123 static void sel_kill_sb(struct super_block *sb)
2124 {
2125 selinux_fs_info_free(sb);
2126 kill_litter_super(sb);
2127 }
2128
2129 static struct file_system_type sel_fs_type = {
2130 .name = "selinuxfs",
2131 .init_fs_context = sel_init_fs_context,
2132 .kill_sb = sel_kill_sb,
2133 };
2134
2135 struct path selinux_null __ro_after_init;
2136
init_sel_fs(void)2137 int __init init_sel_fs(void)
2138 {
2139 struct qstr null_name = QSTR_INIT(NULL_FILE_NAME,
2140 sizeof(NULL_FILE_NAME)-1);
2141 int err;
2142
2143 if (!selinux_enabled_boot)
2144 return 0;
2145
2146 err = sysfs_create_mount_point(fs_kobj, "selinux");
2147 if (err)
2148 return err;
2149
2150 err = register_filesystem(&sel_fs_type);
2151 if (err) {
2152 sysfs_remove_mount_point(fs_kobj, "selinux");
2153 return err;
2154 }
2155
2156 selinux_null.mnt = kern_mount(&sel_fs_type);
2157 if (IS_ERR(selinux_null.mnt)) {
2158 pr_err("selinuxfs: could not mount!\n");
2159 err = PTR_ERR(selinux_null.mnt);
2160 selinux_null.mnt = NULL;
2161 return err;
2162 }
2163
2164 selinux_null.dentry = try_lookup_noperm(&null_name,
2165 selinux_null.mnt->mnt_root);
2166 if (IS_ERR(selinux_null.dentry)) {
2167 pr_err("selinuxfs: could not lookup null!\n");
2168 err = PTR_ERR(selinux_null.dentry);
2169 selinux_null.dentry = NULL;
2170 return err;
2171 }
2172
2173 /*
2174 * Try to pre-allocate the status page, so the sequence number of the
2175 * initial policy load can be stored.
2176 */
2177 (void) selinux_kernel_status_page();
2178
2179 return err;
2180 }
2181