1 /* Updated: Karl MacMillan <kmacmillan@tresys.com> 2 * 3 * Added conditional policy language extensions 4 * 5 * Updated: Hewlett-Packard <paul@paul-moore.com> 6 * 7 * Added support for the policy capability bitmap 8 * 9 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 10 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 11 * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 12 * This program is free software; you can redistribute it and/or modify 13 * it under the terms of the GNU General Public License as published by 14 * the Free Software Foundation, version 2. 15 */ 16 17 #include <linux/kernel.h> 18 #include <linux/pagemap.h> 19 #include <linux/slab.h> 20 #include <linux/vmalloc.h> 21 #include <linux/fs.h> 22 #include <linux/mutex.h> 23 #include <linux/init.h> 24 #include <linux/string.h> 25 #include <linux/security.h> 26 #include <linux/major.h> 27 #include <linux/seq_file.h> 28 #include <linux/percpu.h> 29 #include <linux/audit.h> 30 #include <linux/uaccess.h> 31 #include <linux/kobject.h> 32 #include <linux/ctype.h> 33 34 /* selinuxfs pseudo filesystem for exporting the security policy API. 35 Based on the proc code and the fs/nfsd/nfsctl.c code. */ 36 37 #include "flask.h" 38 #include "avc.h" 39 #include "avc_ss.h" 40 #include "security.h" 41 #include "objsec.h" 42 #include "conditional.h" 43 44 /* Policy capability filenames */ 45 static char *policycap_names[] = { 46 "network_peer_controls", 47 "open_perms", 48 "redhat1", 49 "always_check_network" 50 }; 51 52 unsigned int selinux_checkreqprot = CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE; 53 54 static int __init checkreqprot_setup(char *str) 55 { 56 unsigned long checkreqprot; 57 if (!kstrtoul(str, 0, &checkreqprot)) 58 selinux_checkreqprot = checkreqprot ? 1 : 0; 59 return 1; 60 } 61 __setup("checkreqprot=", checkreqprot_setup); 62 63 static DEFINE_MUTEX(sel_mutex); 64 65 /* global data for booleans */ 66 static struct dentry *bool_dir; 67 static int bool_num; 68 static char **bool_pending_names; 69 static int *bool_pending_values; 70 71 /* global data for classes */ 72 static struct dentry *class_dir; 73 static unsigned long last_class_ino; 74 75 static char policy_opened; 76 77 /* global data for policy capabilities */ 78 static struct dentry *policycap_dir; 79 80 /* Check whether a task is allowed to use a security operation. */ 81 static int task_has_security(struct task_struct *tsk, 82 u32 perms) 83 { 84 const struct task_security_struct *tsec; 85 u32 sid = 0; 86 87 rcu_read_lock(); 88 tsec = __task_cred(tsk)->security; 89 if (tsec) 90 sid = tsec->sid; 91 rcu_read_unlock(); 92 if (!tsec) 93 return -EACCES; 94 95 return avc_has_perm(sid, SECINITSID_SECURITY, 96 SECCLASS_SECURITY, perms, NULL); 97 } 98 99 enum sel_inos { 100 SEL_ROOT_INO = 2, 101 SEL_LOAD, /* load policy */ 102 SEL_ENFORCE, /* get or set enforcing status */ 103 SEL_CONTEXT, /* validate context */ 104 SEL_ACCESS, /* compute access decision */ 105 SEL_CREATE, /* compute create labeling decision */ 106 SEL_RELABEL, /* compute relabeling decision */ 107 SEL_USER, /* compute reachable user contexts */ 108 SEL_POLICYVERS, /* return policy version for this kernel */ 109 SEL_COMMIT_BOOLS, /* commit new boolean values */ 110 SEL_MLS, /* return if MLS policy is enabled */ 111 SEL_DISABLE, /* disable SELinux until next reboot */ 112 SEL_MEMBER, /* compute polyinstantiation membership decision */ 113 SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */ 114 SEL_COMPAT_NET, /* whether to use old compat network packet controls */ 115 SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */ 116 SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */ 117 SEL_STATUS, /* export current status using mmap() */ 118 SEL_POLICY, /* allow userspace to read the in kernel policy */ 119 SEL_VALIDATE_TRANS, /* compute validatetrans decision */ 120 SEL_INO_NEXT, /* The next inode number to use */ 121 }; 122 123 static unsigned long sel_last_ino = SEL_INO_NEXT - 1; 124 125 #define SEL_INITCON_INO_OFFSET 0x01000000 126 #define SEL_BOOL_INO_OFFSET 0x02000000 127 #define SEL_CLASS_INO_OFFSET 0x04000000 128 #define SEL_POLICYCAP_INO_OFFSET 0x08000000 129 #define SEL_INO_MASK 0x00ffffff 130 131 #define TMPBUFLEN 12 132 static ssize_t sel_read_enforce(struct file *filp, char __user *buf, 133 size_t count, loff_t *ppos) 134 { 135 char tmpbuf[TMPBUFLEN]; 136 ssize_t length; 137 138 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", selinux_enforcing); 139 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 140 } 141 142 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP 143 static ssize_t sel_write_enforce(struct file *file, const char __user *buf, 144 size_t count, loff_t *ppos) 145 146 { 147 char *page = NULL; 148 ssize_t length; 149 int new_value; 150 151 if (count >= PAGE_SIZE) 152 return -ENOMEM; 153 154 /* No partial writes. */ 155 if (*ppos != 0) 156 return -EINVAL; 157 158 page = memdup_user_nul(buf, count); 159 if (IS_ERR(page)) 160 return PTR_ERR(page); 161 162 length = -EINVAL; 163 if (sscanf(page, "%d", &new_value) != 1) 164 goto out; 165 166 if (new_value != selinux_enforcing) { 167 length = task_has_security(current, SECURITY__SETENFORCE); 168 if (length) 169 goto out; 170 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, 171 "enforcing=%d old_enforcing=%d auid=%u ses=%u", 172 new_value, selinux_enforcing, 173 from_kuid(&init_user_ns, audit_get_loginuid(current)), 174 audit_get_sessionid(current)); 175 selinux_enforcing = new_value; 176 if (selinux_enforcing) 177 avc_ss_reset(0); 178 selnl_notify_setenforce(selinux_enforcing); 179 selinux_status_update_setenforce(selinux_enforcing); 180 } 181 length = count; 182 out: 183 kfree(page); 184 return length; 185 } 186 #else 187 #define sel_write_enforce NULL 188 #endif 189 190 static const struct file_operations sel_enforce_ops = { 191 .read = sel_read_enforce, 192 .write = sel_write_enforce, 193 .llseek = generic_file_llseek, 194 }; 195 196 static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf, 197 size_t count, loff_t *ppos) 198 { 199 char tmpbuf[TMPBUFLEN]; 200 ssize_t length; 201 ino_t ino = file_inode(filp)->i_ino; 202 int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ? 203 security_get_reject_unknown() : !security_get_allow_unknown(); 204 205 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown); 206 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 207 } 208 209 static const struct file_operations sel_handle_unknown_ops = { 210 .read = sel_read_handle_unknown, 211 .llseek = generic_file_llseek, 212 }; 213 214 static int sel_open_handle_status(struct inode *inode, struct file *filp) 215 { 216 struct page *status = selinux_kernel_status_page(); 217 218 if (!status) 219 return -ENOMEM; 220 221 filp->private_data = status; 222 223 return 0; 224 } 225 226 static ssize_t sel_read_handle_status(struct file *filp, char __user *buf, 227 size_t count, loff_t *ppos) 228 { 229 struct page *status = filp->private_data; 230 231 BUG_ON(!status); 232 233 return simple_read_from_buffer(buf, count, ppos, 234 page_address(status), 235 sizeof(struct selinux_kernel_status)); 236 } 237 238 static int sel_mmap_handle_status(struct file *filp, 239 struct vm_area_struct *vma) 240 { 241 struct page *status = filp->private_data; 242 unsigned long size = vma->vm_end - vma->vm_start; 243 244 BUG_ON(!status); 245 246 /* only allows one page from the head */ 247 if (vma->vm_pgoff > 0 || size != PAGE_SIZE) 248 return -EIO; 249 /* disallow writable mapping */ 250 if (vma->vm_flags & VM_WRITE) 251 return -EPERM; 252 /* disallow mprotect() turns it into writable */ 253 vma->vm_flags &= ~VM_MAYWRITE; 254 255 return remap_pfn_range(vma, vma->vm_start, 256 page_to_pfn(status), 257 size, vma->vm_page_prot); 258 } 259 260 static const struct file_operations sel_handle_status_ops = { 261 .open = sel_open_handle_status, 262 .read = sel_read_handle_status, 263 .mmap = sel_mmap_handle_status, 264 .llseek = generic_file_llseek, 265 }; 266 267 #ifdef CONFIG_SECURITY_SELINUX_DISABLE 268 static ssize_t sel_write_disable(struct file *file, const char __user *buf, 269 size_t count, loff_t *ppos) 270 271 { 272 char *page; 273 ssize_t length; 274 int new_value; 275 276 if (count >= PAGE_SIZE) 277 return -ENOMEM; 278 279 /* No partial writes. */ 280 if (*ppos != 0) 281 return -EINVAL; 282 283 page = memdup_user_nul(buf, count); 284 if (IS_ERR(page)) 285 return PTR_ERR(page); 286 287 length = -EINVAL; 288 if (sscanf(page, "%d", &new_value) != 1) 289 goto out; 290 291 if (new_value) { 292 length = selinux_disable(); 293 if (length) 294 goto out; 295 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, 296 "selinux=0 auid=%u ses=%u", 297 from_kuid(&init_user_ns, audit_get_loginuid(current)), 298 audit_get_sessionid(current)); 299 } 300 301 length = count; 302 out: 303 kfree(page); 304 return length; 305 } 306 #else 307 #define sel_write_disable NULL 308 #endif 309 310 static const struct file_operations sel_disable_ops = { 311 .write = sel_write_disable, 312 .llseek = generic_file_llseek, 313 }; 314 315 static ssize_t sel_read_policyvers(struct file *filp, char __user *buf, 316 size_t count, loff_t *ppos) 317 { 318 char tmpbuf[TMPBUFLEN]; 319 ssize_t length; 320 321 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX); 322 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 323 } 324 325 static const struct file_operations sel_policyvers_ops = { 326 .read = sel_read_policyvers, 327 .llseek = generic_file_llseek, 328 }; 329 330 /* declaration for sel_write_load */ 331 static int sel_make_bools(void); 332 static int sel_make_classes(void); 333 static int sel_make_policycap(void); 334 335 /* declaration for sel_make_class_dirs */ 336 static struct dentry *sel_make_dir(struct dentry *dir, const char *name, 337 unsigned long *ino); 338 339 static ssize_t sel_read_mls(struct file *filp, char __user *buf, 340 size_t count, loff_t *ppos) 341 { 342 char tmpbuf[TMPBUFLEN]; 343 ssize_t length; 344 345 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", 346 security_mls_enabled()); 347 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 348 } 349 350 static const struct file_operations sel_mls_ops = { 351 .read = sel_read_mls, 352 .llseek = generic_file_llseek, 353 }; 354 355 struct policy_load_memory { 356 size_t len; 357 void *data; 358 }; 359 360 static int sel_open_policy(struct inode *inode, struct file *filp) 361 { 362 struct policy_load_memory *plm = NULL; 363 int rc; 364 365 BUG_ON(filp->private_data); 366 367 mutex_lock(&sel_mutex); 368 369 rc = task_has_security(current, SECURITY__READ_POLICY); 370 if (rc) 371 goto err; 372 373 rc = -EBUSY; 374 if (policy_opened) 375 goto err; 376 377 rc = -ENOMEM; 378 plm = kzalloc(sizeof(*plm), GFP_KERNEL); 379 if (!plm) 380 goto err; 381 382 if (i_size_read(inode) != security_policydb_len()) { 383 inode_lock(inode); 384 i_size_write(inode, security_policydb_len()); 385 inode_unlock(inode); 386 } 387 388 rc = security_read_policy(&plm->data, &plm->len); 389 if (rc) 390 goto err; 391 392 policy_opened = 1; 393 394 filp->private_data = plm; 395 396 mutex_unlock(&sel_mutex); 397 398 return 0; 399 err: 400 mutex_unlock(&sel_mutex); 401 402 if (plm) 403 vfree(plm->data); 404 kfree(plm); 405 return rc; 406 } 407 408 static int sel_release_policy(struct inode *inode, struct file *filp) 409 { 410 struct policy_load_memory *plm = filp->private_data; 411 412 BUG_ON(!plm); 413 414 policy_opened = 0; 415 416 vfree(plm->data); 417 kfree(plm); 418 419 return 0; 420 } 421 422 static ssize_t sel_read_policy(struct file *filp, char __user *buf, 423 size_t count, loff_t *ppos) 424 { 425 struct policy_load_memory *plm = filp->private_data; 426 int ret; 427 428 mutex_lock(&sel_mutex); 429 430 ret = task_has_security(current, SECURITY__READ_POLICY); 431 if (ret) 432 goto out; 433 434 ret = simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); 435 out: 436 mutex_unlock(&sel_mutex); 437 return ret; 438 } 439 440 static int sel_mmap_policy_fault(struct vm_area_struct *vma, 441 struct vm_fault *vmf) 442 { 443 struct policy_load_memory *plm = vma->vm_file->private_data; 444 unsigned long offset; 445 struct page *page; 446 447 if (vmf->flags & (FAULT_FLAG_MKWRITE | FAULT_FLAG_WRITE)) 448 return VM_FAULT_SIGBUS; 449 450 offset = vmf->pgoff << PAGE_SHIFT; 451 if (offset >= roundup(plm->len, PAGE_SIZE)) 452 return VM_FAULT_SIGBUS; 453 454 page = vmalloc_to_page(plm->data + offset); 455 get_page(page); 456 457 vmf->page = page; 458 459 return 0; 460 } 461 462 static const struct vm_operations_struct sel_mmap_policy_ops = { 463 .fault = sel_mmap_policy_fault, 464 .page_mkwrite = sel_mmap_policy_fault, 465 }; 466 467 static int sel_mmap_policy(struct file *filp, struct vm_area_struct *vma) 468 { 469 if (vma->vm_flags & VM_SHARED) { 470 /* do not allow mprotect to make mapping writable */ 471 vma->vm_flags &= ~VM_MAYWRITE; 472 473 if (vma->vm_flags & VM_WRITE) 474 return -EACCES; 475 } 476 477 vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP; 478 vma->vm_ops = &sel_mmap_policy_ops; 479 480 return 0; 481 } 482 483 static const struct file_operations sel_policy_ops = { 484 .open = sel_open_policy, 485 .read = sel_read_policy, 486 .mmap = sel_mmap_policy, 487 .release = sel_release_policy, 488 .llseek = generic_file_llseek, 489 }; 490 491 static ssize_t sel_write_load(struct file *file, const char __user *buf, 492 size_t count, loff_t *ppos) 493 494 { 495 ssize_t length; 496 void *data = NULL; 497 498 mutex_lock(&sel_mutex); 499 500 length = task_has_security(current, SECURITY__LOAD_POLICY); 501 if (length) 502 goto out; 503 504 /* No partial writes. */ 505 length = -EINVAL; 506 if (*ppos != 0) 507 goto out; 508 509 length = -EFBIG; 510 if (count > 64 * 1024 * 1024) 511 goto out; 512 513 length = -ENOMEM; 514 data = vmalloc(count); 515 if (!data) 516 goto out; 517 518 length = -EFAULT; 519 if (copy_from_user(data, buf, count) != 0) 520 goto out; 521 522 length = security_load_policy(data, count); 523 if (length) 524 goto out; 525 526 length = sel_make_bools(); 527 if (length) 528 goto out1; 529 530 length = sel_make_classes(); 531 if (length) 532 goto out1; 533 534 length = sel_make_policycap(); 535 if (length) 536 goto out1; 537 538 length = count; 539 540 out1: 541 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, 542 "policy loaded auid=%u ses=%u", 543 from_kuid(&init_user_ns, audit_get_loginuid(current)), 544 audit_get_sessionid(current)); 545 out: 546 mutex_unlock(&sel_mutex); 547 vfree(data); 548 return length; 549 } 550 551 static const struct file_operations sel_load_ops = { 552 .write = sel_write_load, 553 .llseek = generic_file_llseek, 554 }; 555 556 static ssize_t sel_write_context(struct file *file, char *buf, size_t size) 557 { 558 char *canon = NULL; 559 u32 sid, len; 560 ssize_t length; 561 562 length = task_has_security(current, SECURITY__CHECK_CONTEXT); 563 if (length) 564 goto out; 565 566 length = security_context_to_sid(buf, size, &sid, GFP_KERNEL); 567 if (length) 568 goto out; 569 570 length = security_sid_to_context(sid, &canon, &len); 571 if (length) 572 goto out; 573 574 length = -ERANGE; 575 if (len > SIMPLE_TRANSACTION_LIMIT) { 576 printk(KERN_ERR "SELinux: %s: context size (%u) exceeds " 577 "payload max\n", __func__, len); 578 goto out; 579 } 580 581 memcpy(buf, canon, len); 582 length = len; 583 out: 584 kfree(canon); 585 return length; 586 } 587 588 static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf, 589 size_t count, loff_t *ppos) 590 { 591 char tmpbuf[TMPBUFLEN]; 592 ssize_t length; 593 594 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", selinux_checkreqprot); 595 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 596 } 597 598 static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, 599 size_t count, loff_t *ppos) 600 { 601 char *page; 602 ssize_t length; 603 unsigned int new_value; 604 605 length = task_has_security(current, SECURITY__SETCHECKREQPROT); 606 if (length) 607 return length; 608 609 if (count >= PAGE_SIZE) 610 return -ENOMEM; 611 612 /* No partial writes. */ 613 if (*ppos != 0) 614 return -EINVAL; 615 616 page = memdup_user_nul(buf, count); 617 if (IS_ERR(page)) 618 return PTR_ERR(page); 619 620 length = -EINVAL; 621 if (sscanf(page, "%u", &new_value) != 1) 622 goto out; 623 624 selinux_checkreqprot = new_value ? 1 : 0; 625 length = count; 626 out: 627 kfree(page); 628 return length; 629 } 630 static const struct file_operations sel_checkreqprot_ops = { 631 .read = sel_read_checkreqprot, 632 .write = sel_write_checkreqprot, 633 .llseek = generic_file_llseek, 634 }; 635 636 static ssize_t sel_write_validatetrans(struct file *file, 637 const char __user *buf, 638 size_t count, loff_t *ppos) 639 { 640 char *oldcon = NULL, *newcon = NULL, *taskcon = NULL; 641 char *req = NULL; 642 u32 osid, nsid, tsid; 643 u16 tclass; 644 int rc; 645 646 rc = task_has_security(current, SECURITY__VALIDATE_TRANS); 647 if (rc) 648 goto out; 649 650 rc = -ENOMEM; 651 if (count >= PAGE_SIZE) 652 goto out; 653 654 /* No partial writes. */ 655 rc = -EINVAL; 656 if (*ppos != 0) 657 goto out; 658 659 rc = -ENOMEM; 660 req = kzalloc(count + 1, GFP_KERNEL); 661 if (!req) 662 goto out; 663 664 rc = -EFAULT; 665 if (copy_from_user(req, buf, count)) 666 goto out; 667 668 rc = -ENOMEM; 669 oldcon = kzalloc(count + 1, GFP_KERNEL); 670 if (!oldcon) 671 goto out; 672 673 newcon = kzalloc(count + 1, GFP_KERNEL); 674 if (!newcon) 675 goto out; 676 677 taskcon = kzalloc(count + 1, GFP_KERNEL); 678 if (!taskcon) 679 goto out; 680 681 rc = -EINVAL; 682 if (sscanf(req, "%s %s %hu %s", oldcon, newcon, &tclass, taskcon) != 4) 683 goto out; 684 685 rc = security_context_str_to_sid(oldcon, &osid, GFP_KERNEL); 686 if (rc) 687 goto out; 688 689 rc = security_context_str_to_sid(newcon, &nsid, GFP_KERNEL); 690 if (rc) 691 goto out; 692 693 rc = security_context_str_to_sid(taskcon, &tsid, GFP_KERNEL); 694 if (rc) 695 goto out; 696 697 rc = security_validate_transition_user(osid, nsid, tsid, tclass); 698 if (!rc) 699 rc = count; 700 out: 701 kfree(req); 702 kfree(oldcon); 703 kfree(newcon); 704 kfree(taskcon); 705 return rc; 706 } 707 708 static const struct file_operations sel_transition_ops = { 709 .write = sel_write_validatetrans, 710 .llseek = generic_file_llseek, 711 }; 712 713 /* 714 * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c 715 */ 716 static ssize_t sel_write_access(struct file *file, char *buf, size_t size); 717 static ssize_t sel_write_create(struct file *file, char *buf, size_t size); 718 static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size); 719 static ssize_t sel_write_user(struct file *file, char *buf, size_t size); 720 static ssize_t sel_write_member(struct file *file, char *buf, size_t size); 721 722 static ssize_t (*write_op[])(struct file *, char *, size_t) = { 723 [SEL_ACCESS] = sel_write_access, 724 [SEL_CREATE] = sel_write_create, 725 [SEL_RELABEL] = sel_write_relabel, 726 [SEL_USER] = sel_write_user, 727 [SEL_MEMBER] = sel_write_member, 728 [SEL_CONTEXT] = sel_write_context, 729 }; 730 731 static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos) 732 { 733 ino_t ino = file_inode(file)->i_ino; 734 char *data; 735 ssize_t rv; 736 737 if (ino >= ARRAY_SIZE(write_op) || !write_op[ino]) 738 return -EINVAL; 739 740 data = simple_transaction_get(file, buf, size); 741 if (IS_ERR(data)) 742 return PTR_ERR(data); 743 744 rv = write_op[ino](file, data, size); 745 if (rv > 0) { 746 simple_transaction_set(file, rv); 747 rv = size; 748 } 749 return rv; 750 } 751 752 static const struct file_operations transaction_ops = { 753 .write = selinux_transaction_write, 754 .read = simple_transaction_read, 755 .release = simple_transaction_release, 756 .llseek = generic_file_llseek, 757 }; 758 759 /* 760 * payload - write methods 761 * If the method has a response, the response should be put in buf, 762 * and the length returned. Otherwise return 0 or and -error. 763 */ 764 765 static ssize_t sel_write_access(struct file *file, char *buf, size_t size) 766 { 767 char *scon = NULL, *tcon = NULL; 768 u32 ssid, tsid; 769 u16 tclass; 770 struct av_decision avd; 771 ssize_t length; 772 773 length = task_has_security(current, SECURITY__COMPUTE_AV); 774 if (length) 775 goto out; 776 777 length = -ENOMEM; 778 scon = kzalloc(size + 1, GFP_KERNEL); 779 if (!scon) 780 goto out; 781 782 length = -ENOMEM; 783 tcon = kzalloc(size + 1, GFP_KERNEL); 784 if (!tcon) 785 goto out; 786 787 length = -EINVAL; 788 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 789 goto out; 790 791 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL); 792 if (length) 793 goto out; 794 795 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL); 796 if (length) 797 goto out; 798 799 security_compute_av_user(ssid, tsid, tclass, &avd); 800 801 length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT, 802 "%x %x %x %x %u %x", 803 avd.allowed, 0xffffffff, 804 avd.auditallow, avd.auditdeny, 805 avd.seqno, avd.flags); 806 out: 807 kfree(tcon); 808 kfree(scon); 809 return length; 810 } 811 812 static ssize_t sel_write_create(struct file *file, char *buf, size_t size) 813 { 814 char *scon = NULL, *tcon = NULL; 815 char *namebuf = NULL, *objname = NULL; 816 u32 ssid, tsid, newsid; 817 u16 tclass; 818 ssize_t length; 819 char *newcon = NULL; 820 u32 len; 821 int nargs; 822 823 length = task_has_security(current, SECURITY__COMPUTE_CREATE); 824 if (length) 825 goto out; 826 827 length = -ENOMEM; 828 scon = kzalloc(size + 1, GFP_KERNEL); 829 if (!scon) 830 goto out; 831 832 length = -ENOMEM; 833 tcon = kzalloc(size + 1, GFP_KERNEL); 834 if (!tcon) 835 goto out; 836 837 length = -ENOMEM; 838 namebuf = kzalloc(size + 1, GFP_KERNEL); 839 if (!namebuf) 840 goto out; 841 842 length = -EINVAL; 843 nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf); 844 if (nargs < 3 || nargs > 4) 845 goto out; 846 if (nargs == 4) { 847 /* 848 * If and when the name of new object to be queried contains 849 * either whitespace or multibyte characters, they shall be 850 * encoded based on the percentage-encoding rule. 851 * If not encoded, the sscanf logic picks up only left-half 852 * of the supplied name; splitted by a whitespace unexpectedly. 853 */ 854 char *r, *w; 855 int c1, c2; 856 857 r = w = namebuf; 858 do { 859 c1 = *r++; 860 if (c1 == '+') 861 c1 = ' '; 862 else if (c1 == '%') { 863 c1 = hex_to_bin(*r++); 864 if (c1 < 0) 865 goto out; 866 c2 = hex_to_bin(*r++); 867 if (c2 < 0) 868 goto out; 869 c1 = (c1 << 4) | c2; 870 } 871 *w++ = c1; 872 } while (c1 != '\0'); 873 874 objname = namebuf; 875 } 876 877 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL); 878 if (length) 879 goto out; 880 881 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL); 882 if (length) 883 goto out; 884 885 length = security_transition_sid_user(ssid, tsid, tclass, 886 objname, &newsid); 887 if (length) 888 goto out; 889 890 length = security_sid_to_context(newsid, &newcon, &len); 891 if (length) 892 goto out; 893 894 length = -ERANGE; 895 if (len > SIMPLE_TRANSACTION_LIMIT) { 896 printk(KERN_ERR "SELinux: %s: context size (%u) exceeds " 897 "payload max\n", __func__, len); 898 goto out; 899 } 900 901 memcpy(buf, newcon, len); 902 length = len; 903 out: 904 kfree(newcon); 905 kfree(namebuf); 906 kfree(tcon); 907 kfree(scon); 908 return length; 909 } 910 911 static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size) 912 { 913 char *scon = NULL, *tcon = NULL; 914 u32 ssid, tsid, newsid; 915 u16 tclass; 916 ssize_t length; 917 char *newcon = NULL; 918 u32 len; 919 920 length = task_has_security(current, SECURITY__COMPUTE_RELABEL); 921 if (length) 922 goto out; 923 924 length = -ENOMEM; 925 scon = kzalloc(size + 1, GFP_KERNEL); 926 if (!scon) 927 goto out; 928 929 length = -ENOMEM; 930 tcon = kzalloc(size + 1, GFP_KERNEL); 931 if (!tcon) 932 goto out; 933 934 length = -EINVAL; 935 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 936 goto out; 937 938 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL); 939 if (length) 940 goto out; 941 942 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL); 943 if (length) 944 goto out; 945 946 length = security_change_sid(ssid, tsid, tclass, &newsid); 947 if (length) 948 goto out; 949 950 length = security_sid_to_context(newsid, &newcon, &len); 951 if (length) 952 goto out; 953 954 length = -ERANGE; 955 if (len > SIMPLE_TRANSACTION_LIMIT) 956 goto out; 957 958 memcpy(buf, newcon, len); 959 length = len; 960 out: 961 kfree(newcon); 962 kfree(tcon); 963 kfree(scon); 964 return length; 965 } 966 967 static ssize_t sel_write_user(struct file *file, char *buf, size_t size) 968 { 969 char *con = NULL, *user = NULL, *ptr; 970 u32 sid, *sids = NULL; 971 ssize_t length; 972 char *newcon; 973 int i, rc; 974 u32 len, nsids; 975 976 length = task_has_security(current, SECURITY__COMPUTE_USER); 977 if (length) 978 goto out; 979 980 length = -ENOMEM; 981 con = kzalloc(size + 1, GFP_KERNEL); 982 if (!con) 983 goto out; 984 985 length = -ENOMEM; 986 user = kzalloc(size + 1, GFP_KERNEL); 987 if (!user) 988 goto out; 989 990 length = -EINVAL; 991 if (sscanf(buf, "%s %s", con, user) != 2) 992 goto out; 993 994 length = security_context_str_to_sid(con, &sid, GFP_KERNEL); 995 if (length) 996 goto out; 997 998 length = security_get_user_sids(sid, user, &sids, &nsids); 999 if (length) 1000 goto out; 1001 1002 length = sprintf(buf, "%u", nsids) + 1; 1003 ptr = buf + length; 1004 for (i = 0; i < nsids; i++) { 1005 rc = security_sid_to_context(sids[i], &newcon, &len); 1006 if (rc) { 1007 length = rc; 1008 goto out; 1009 } 1010 if ((length + len) >= SIMPLE_TRANSACTION_LIMIT) { 1011 kfree(newcon); 1012 length = -ERANGE; 1013 goto out; 1014 } 1015 memcpy(ptr, newcon, len); 1016 kfree(newcon); 1017 ptr += len; 1018 length += len; 1019 } 1020 out: 1021 kfree(sids); 1022 kfree(user); 1023 kfree(con); 1024 return length; 1025 } 1026 1027 static ssize_t sel_write_member(struct file *file, char *buf, size_t size) 1028 { 1029 char *scon = NULL, *tcon = NULL; 1030 u32 ssid, tsid, newsid; 1031 u16 tclass; 1032 ssize_t length; 1033 char *newcon = NULL; 1034 u32 len; 1035 1036 length = task_has_security(current, SECURITY__COMPUTE_MEMBER); 1037 if (length) 1038 goto out; 1039 1040 length = -ENOMEM; 1041 scon = kzalloc(size + 1, GFP_KERNEL); 1042 if (!scon) 1043 goto out; 1044 1045 length = -ENOMEM; 1046 tcon = kzalloc(size + 1, GFP_KERNEL); 1047 if (!tcon) 1048 goto out; 1049 1050 length = -EINVAL; 1051 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 1052 goto out; 1053 1054 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL); 1055 if (length) 1056 goto out; 1057 1058 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL); 1059 if (length) 1060 goto out; 1061 1062 length = security_member_sid(ssid, tsid, tclass, &newsid); 1063 if (length) 1064 goto out; 1065 1066 length = security_sid_to_context(newsid, &newcon, &len); 1067 if (length) 1068 goto out; 1069 1070 length = -ERANGE; 1071 if (len > SIMPLE_TRANSACTION_LIMIT) { 1072 printk(KERN_ERR "SELinux: %s: context size (%u) exceeds " 1073 "payload max\n", __func__, len); 1074 goto out; 1075 } 1076 1077 memcpy(buf, newcon, len); 1078 length = len; 1079 out: 1080 kfree(newcon); 1081 kfree(tcon); 1082 kfree(scon); 1083 return length; 1084 } 1085 1086 static struct inode *sel_make_inode(struct super_block *sb, int mode) 1087 { 1088 struct inode *ret = new_inode(sb); 1089 1090 if (ret) { 1091 ret->i_mode = mode; 1092 ret->i_atime = ret->i_mtime = ret->i_ctime = CURRENT_TIME; 1093 } 1094 return ret; 1095 } 1096 1097 static ssize_t sel_read_bool(struct file *filep, char __user *buf, 1098 size_t count, loff_t *ppos) 1099 { 1100 char *page = NULL; 1101 ssize_t length; 1102 ssize_t ret; 1103 int cur_enforcing; 1104 unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; 1105 const char *name = filep->f_path.dentry->d_name.name; 1106 1107 mutex_lock(&sel_mutex); 1108 1109 ret = -EINVAL; 1110 if (index >= bool_num || strcmp(name, bool_pending_names[index])) 1111 goto out; 1112 1113 ret = -ENOMEM; 1114 page = (char *)get_zeroed_page(GFP_KERNEL); 1115 if (!page) 1116 goto out; 1117 1118 cur_enforcing = security_get_bool_value(index); 1119 if (cur_enforcing < 0) { 1120 ret = cur_enforcing; 1121 goto out; 1122 } 1123 length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing, 1124 bool_pending_values[index]); 1125 ret = simple_read_from_buffer(buf, count, ppos, page, length); 1126 out: 1127 mutex_unlock(&sel_mutex); 1128 free_page((unsigned long)page); 1129 return ret; 1130 } 1131 1132 static ssize_t sel_write_bool(struct file *filep, const char __user *buf, 1133 size_t count, loff_t *ppos) 1134 { 1135 char *page = NULL; 1136 ssize_t length; 1137 int new_value; 1138 unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; 1139 const char *name = filep->f_path.dentry->d_name.name; 1140 1141 mutex_lock(&sel_mutex); 1142 1143 length = task_has_security(current, SECURITY__SETBOOL); 1144 if (length) 1145 goto out; 1146 1147 length = -EINVAL; 1148 if (index >= bool_num || strcmp(name, bool_pending_names[index])) 1149 goto out; 1150 1151 length = -ENOMEM; 1152 if (count >= PAGE_SIZE) 1153 goto out; 1154 1155 /* No partial writes. */ 1156 length = -EINVAL; 1157 if (*ppos != 0) 1158 goto out; 1159 1160 page = memdup_user_nul(buf, count); 1161 if (IS_ERR(page)) { 1162 length = PTR_ERR(page); 1163 page = NULL; 1164 goto out; 1165 } 1166 1167 length = -EINVAL; 1168 if (sscanf(page, "%d", &new_value) != 1) 1169 goto out; 1170 1171 if (new_value) 1172 new_value = 1; 1173 1174 bool_pending_values[index] = new_value; 1175 length = count; 1176 1177 out: 1178 mutex_unlock(&sel_mutex); 1179 kfree(page); 1180 return length; 1181 } 1182 1183 static const struct file_operations sel_bool_ops = { 1184 .read = sel_read_bool, 1185 .write = sel_write_bool, 1186 .llseek = generic_file_llseek, 1187 }; 1188 1189 static ssize_t sel_commit_bools_write(struct file *filep, 1190 const char __user *buf, 1191 size_t count, loff_t *ppos) 1192 { 1193 char *page = NULL; 1194 ssize_t length; 1195 int new_value; 1196 1197 mutex_lock(&sel_mutex); 1198 1199 length = task_has_security(current, SECURITY__SETBOOL); 1200 if (length) 1201 goto out; 1202 1203 length = -ENOMEM; 1204 if (count >= PAGE_SIZE) 1205 goto out; 1206 1207 /* No partial writes. */ 1208 length = -EINVAL; 1209 if (*ppos != 0) 1210 goto out; 1211 1212 page = memdup_user_nul(buf, count); 1213 if (IS_ERR(page)) { 1214 length = PTR_ERR(page); 1215 page = NULL; 1216 goto out; 1217 } 1218 1219 length = -EINVAL; 1220 if (sscanf(page, "%d", &new_value) != 1) 1221 goto out; 1222 1223 length = 0; 1224 if (new_value && bool_pending_values) 1225 length = security_set_bools(bool_num, bool_pending_values); 1226 1227 if (!length) 1228 length = count; 1229 1230 out: 1231 mutex_unlock(&sel_mutex); 1232 kfree(page); 1233 return length; 1234 } 1235 1236 static const struct file_operations sel_commit_bools_ops = { 1237 .write = sel_commit_bools_write, 1238 .llseek = generic_file_llseek, 1239 }; 1240 1241 static void sel_remove_entries(struct dentry *de) 1242 { 1243 d_genocide(de); 1244 shrink_dcache_parent(de); 1245 } 1246 1247 #define BOOL_DIR_NAME "booleans" 1248 1249 static int sel_make_bools(void) 1250 { 1251 int i, ret; 1252 ssize_t len; 1253 struct dentry *dentry = NULL; 1254 struct dentry *dir = bool_dir; 1255 struct inode *inode = NULL; 1256 struct inode_security_struct *isec; 1257 char **names = NULL, *page; 1258 int num; 1259 int *values = NULL; 1260 u32 sid; 1261 1262 /* remove any existing files */ 1263 for (i = 0; i < bool_num; i++) 1264 kfree(bool_pending_names[i]); 1265 kfree(bool_pending_names); 1266 kfree(bool_pending_values); 1267 bool_num = 0; 1268 bool_pending_names = NULL; 1269 bool_pending_values = NULL; 1270 1271 sel_remove_entries(dir); 1272 1273 ret = -ENOMEM; 1274 page = (char *)get_zeroed_page(GFP_KERNEL); 1275 if (!page) 1276 goto out; 1277 1278 ret = security_get_bools(&num, &names, &values); 1279 if (ret) 1280 goto out; 1281 1282 for (i = 0; i < num; i++) { 1283 ret = -ENOMEM; 1284 dentry = d_alloc_name(dir, names[i]); 1285 if (!dentry) 1286 goto out; 1287 1288 ret = -ENOMEM; 1289 inode = sel_make_inode(dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR); 1290 if (!inode) 1291 goto out; 1292 1293 ret = -ENAMETOOLONG; 1294 len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]); 1295 if (len >= PAGE_SIZE) 1296 goto out; 1297 1298 isec = (struct inode_security_struct *)inode->i_security; 1299 ret = security_genfs_sid("selinuxfs", page, SECCLASS_FILE, &sid); 1300 if (ret) 1301 goto out; 1302 1303 isec->sid = sid; 1304 isec->initialized = 1; 1305 inode->i_fop = &sel_bool_ops; 1306 inode->i_ino = i|SEL_BOOL_INO_OFFSET; 1307 d_add(dentry, inode); 1308 } 1309 bool_num = num; 1310 bool_pending_names = names; 1311 bool_pending_values = values; 1312 1313 free_page((unsigned long)page); 1314 return 0; 1315 out: 1316 free_page((unsigned long)page); 1317 1318 if (names) { 1319 for (i = 0; i < num; i++) 1320 kfree(names[i]); 1321 kfree(names); 1322 } 1323 kfree(values); 1324 sel_remove_entries(dir); 1325 1326 return ret; 1327 } 1328 1329 #define NULL_FILE_NAME "null" 1330 1331 struct path selinux_null; 1332 1333 static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf, 1334 size_t count, loff_t *ppos) 1335 { 1336 char tmpbuf[TMPBUFLEN]; 1337 ssize_t length; 1338 1339 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", avc_cache_threshold); 1340 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 1341 } 1342 1343 static ssize_t sel_write_avc_cache_threshold(struct file *file, 1344 const char __user *buf, 1345 size_t count, loff_t *ppos) 1346 1347 { 1348 char *page; 1349 ssize_t ret; 1350 int new_value; 1351 1352 ret = task_has_security(current, SECURITY__SETSECPARAM); 1353 if (ret) 1354 return ret; 1355 1356 if (count >= PAGE_SIZE) 1357 return -ENOMEM; 1358 1359 /* No partial writes. */ 1360 if (*ppos != 0) 1361 return -EINVAL; 1362 1363 page = memdup_user_nul(buf, count); 1364 if (IS_ERR(page)) 1365 return PTR_ERR(page); 1366 1367 ret = -EINVAL; 1368 if (sscanf(page, "%u", &new_value) != 1) 1369 goto out; 1370 1371 avc_cache_threshold = new_value; 1372 1373 ret = count; 1374 out: 1375 kfree(page); 1376 return ret; 1377 } 1378 1379 static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf, 1380 size_t count, loff_t *ppos) 1381 { 1382 char *page; 1383 ssize_t length; 1384 1385 page = (char *)__get_free_page(GFP_KERNEL); 1386 if (!page) 1387 return -ENOMEM; 1388 1389 length = avc_get_hash_stats(page); 1390 if (length >= 0) 1391 length = simple_read_from_buffer(buf, count, ppos, page, length); 1392 free_page((unsigned long)page); 1393 1394 return length; 1395 } 1396 1397 static const struct file_operations sel_avc_cache_threshold_ops = { 1398 .read = sel_read_avc_cache_threshold, 1399 .write = sel_write_avc_cache_threshold, 1400 .llseek = generic_file_llseek, 1401 }; 1402 1403 static const struct file_operations sel_avc_hash_stats_ops = { 1404 .read = sel_read_avc_hash_stats, 1405 .llseek = generic_file_llseek, 1406 }; 1407 1408 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 1409 static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx) 1410 { 1411 int cpu; 1412 1413 for (cpu = *idx; cpu < nr_cpu_ids; ++cpu) { 1414 if (!cpu_possible(cpu)) 1415 continue; 1416 *idx = cpu + 1; 1417 return &per_cpu(avc_cache_stats, cpu); 1418 } 1419 return NULL; 1420 } 1421 1422 static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos) 1423 { 1424 loff_t n = *pos - 1; 1425 1426 if (*pos == 0) 1427 return SEQ_START_TOKEN; 1428 1429 return sel_avc_get_stat_idx(&n); 1430 } 1431 1432 static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos) 1433 { 1434 return sel_avc_get_stat_idx(pos); 1435 } 1436 1437 static int sel_avc_stats_seq_show(struct seq_file *seq, void *v) 1438 { 1439 struct avc_cache_stats *st = v; 1440 1441 if (v == SEQ_START_TOKEN) 1442 seq_printf(seq, "lookups hits misses allocations reclaims " 1443 "frees\n"); 1444 else { 1445 unsigned int lookups = st->lookups; 1446 unsigned int misses = st->misses; 1447 unsigned int hits = lookups - misses; 1448 seq_printf(seq, "%u %u %u %u %u %u\n", lookups, 1449 hits, misses, st->allocations, 1450 st->reclaims, st->frees); 1451 } 1452 return 0; 1453 } 1454 1455 static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v) 1456 { } 1457 1458 static const struct seq_operations sel_avc_cache_stats_seq_ops = { 1459 .start = sel_avc_stats_seq_start, 1460 .next = sel_avc_stats_seq_next, 1461 .show = sel_avc_stats_seq_show, 1462 .stop = sel_avc_stats_seq_stop, 1463 }; 1464 1465 static int sel_open_avc_cache_stats(struct inode *inode, struct file *file) 1466 { 1467 return seq_open(file, &sel_avc_cache_stats_seq_ops); 1468 } 1469 1470 static const struct file_operations sel_avc_cache_stats_ops = { 1471 .open = sel_open_avc_cache_stats, 1472 .read = seq_read, 1473 .llseek = seq_lseek, 1474 .release = seq_release, 1475 }; 1476 #endif 1477 1478 static int sel_make_avc_files(struct dentry *dir) 1479 { 1480 int i; 1481 static struct tree_descr files[] = { 1482 { "cache_threshold", 1483 &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR }, 1484 { "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO }, 1485 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 1486 { "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO }, 1487 #endif 1488 }; 1489 1490 for (i = 0; i < ARRAY_SIZE(files); i++) { 1491 struct inode *inode; 1492 struct dentry *dentry; 1493 1494 dentry = d_alloc_name(dir, files[i].name); 1495 if (!dentry) 1496 return -ENOMEM; 1497 1498 inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode); 1499 if (!inode) 1500 return -ENOMEM; 1501 1502 inode->i_fop = files[i].ops; 1503 inode->i_ino = ++sel_last_ino; 1504 d_add(dentry, inode); 1505 } 1506 1507 return 0; 1508 } 1509 1510 static ssize_t sel_read_initcon(struct file *file, char __user *buf, 1511 size_t count, loff_t *ppos) 1512 { 1513 char *con; 1514 u32 sid, len; 1515 ssize_t ret; 1516 1517 sid = file_inode(file)->i_ino&SEL_INO_MASK; 1518 ret = security_sid_to_context(sid, &con, &len); 1519 if (ret) 1520 return ret; 1521 1522 ret = simple_read_from_buffer(buf, count, ppos, con, len); 1523 kfree(con); 1524 return ret; 1525 } 1526 1527 static const struct file_operations sel_initcon_ops = { 1528 .read = sel_read_initcon, 1529 .llseek = generic_file_llseek, 1530 }; 1531 1532 static int sel_make_initcon_files(struct dentry *dir) 1533 { 1534 int i; 1535 1536 for (i = 1; i <= SECINITSID_NUM; i++) { 1537 struct inode *inode; 1538 struct dentry *dentry; 1539 dentry = d_alloc_name(dir, security_get_initial_sid_context(i)); 1540 if (!dentry) 1541 return -ENOMEM; 1542 1543 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1544 if (!inode) 1545 return -ENOMEM; 1546 1547 inode->i_fop = &sel_initcon_ops; 1548 inode->i_ino = i|SEL_INITCON_INO_OFFSET; 1549 d_add(dentry, inode); 1550 } 1551 1552 return 0; 1553 } 1554 1555 static inline unsigned long sel_class_to_ino(u16 class) 1556 { 1557 return (class * (SEL_VEC_MAX + 1)) | SEL_CLASS_INO_OFFSET; 1558 } 1559 1560 static inline u16 sel_ino_to_class(unsigned long ino) 1561 { 1562 return (ino & SEL_INO_MASK) / (SEL_VEC_MAX + 1); 1563 } 1564 1565 static inline unsigned long sel_perm_to_ino(u16 class, u32 perm) 1566 { 1567 return (class * (SEL_VEC_MAX + 1) + perm) | SEL_CLASS_INO_OFFSET; 1568 } 1569 1570 static inline u32 sel_ino_to_perm(unsigned long ino) 1571 { 1572 return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1); 1573 } 1574 1575 static ssize_t sel_read_class(struct file *file, char __user *buf, 1576 size_t count, loff_t *ppos) 1577 { 1578 unsigned long ino = file_inode(file)->i_ino; 1579 char res[TMPBUFLEN]; 1580 ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_class(ino)); 1581 return simple_read_from_buffer(buf, count, ppos, res, len); 1582 } 1583 1584 static const struct file_operations sel_class_ops = { 1585 .read = sel_read_class, 1586 .llseek = generic_file_llseek, 1587 }; 1588 1589 static ssize_t sel_read_perm(struct file *file, char __user *buf, 1590 size_t count, loff_t *ppos) 1591 { 1592 unsigned long ino = file_inode(file)->i_ino; 1593 char res[TMPBUFLEN]; 1594 ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino)); 1595 return simple_read_from_buffer(buf, count, ppos, res, len); 1596 } 1597 1598 static const struct file_operations sel_perm_ops = { 1599 .read = sel_read_perm, 1600 .llseek = generic_file_llseek, 1601 }; 1602 1603 static ssize_t sel_read_policycap(struct file *file, char __user *buf, 1604 size_t count, loff_t *ppos) 1605 { 1606 int value; 1607 char tmpbuf[TMPBUFLEN]; 1608 ssize_t length; 1609 unsigned long i_ino = file_inode(file)->i_ino; 1610 1611 value = security_policycap_supported(i_ino & SEL_INO_MASK); 1612 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value); 1613 1614 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 1615 } 1616 1617 static const struct file_operations sel_policycap_ops = { 1618 .read = sel_read_policycap, 1619 .llseek = generic_file_llseek, 1620 }; 1621 1622 static int sel_make_perm_files(char *objclass, int classvalue, 1623 struct dentry *dir) 1624 { 1625 int i, rc, nperms; 1626 char **perms; 1627 1628 rc = security_get_permissions(objclass, &perms, &nperms); 1629 if (rc) 1630 return rc; 1631 1632 for (i = 0; i < nperms; i++) { 1633 struct inode *inode; 1634 struct dentry *dentry; 1635 1636 rc = -ENOMEM; 1637 dentry = d_alloc_name(dir, perms[i]); 1638 if (!dentry) 1639 goto out; 1640 1641 rc = -ENOMEM; 1642 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1643 if (!inode) 1644 goto out; 1645 1646 inode->i_fop = &sel_perm_ops; 1647 /* i+1 since perm values are 1-indexed */ 1648 inode->i_ino = sel_perm_to_ino(classvalue, i + 1); 1649 d_add(dentry, inode); 1650 } 1651 rc = 0; 1652 out: 1653 for (i = 0; i < nperms; i++) 1654 kfree(perms[i]); 1655 kfree(perms); 1656 return rc; 1657 } 1658 1659 static int sel_make_class_dir_entries(char *classname, int index, 1660 struct dentry *dir) 1661 { 1662 struct dentry *dentry = NULL; 1663 struct inode *inode = NULL; 1664 int rc; 1665 1666 dentry = d_alloc_name(dir, "index"); 1667 if (!dentry) 1668 return -ENOMEM; 1669 1670 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1671 if (!inode) 1672 return -ENOMEM; 1673 1674 inode->i_fop = &sel_class_ops; 1675 inode->i_ino = sel_class_to_ino(index); 1676 d_add(dentry, inode); 1677 1678 dentry = sel_make_dir(dir, "perms", &last_class_ino); 1679 if (IS_ERR(dentry)) 1680 return PTR_ERR(dentry); 1681 1682 rc = sel_make_perm_files(classname, index, dentry); 1683 1684 return rc; 1685 } 1686 1687 static int sel_make_classes(void) 1688 { 1689 int rc, nclasses, i; 1690 char **classes; 1691 1692 /* delete any existing entries */ 1693 sel_remove_entries(class_dir); 1694 1695 rc = security_get_classes(&classes, &nclasses); 1696 if (rc) 1697 return rc; 1698 1699 /* +2 since classes are 1-indexed */ 1700 last_class_ino = sel_class_to_ino(nclasses + 2); 1701 1702 for (i = 0; i < nclasses; i++) { 1703 struct dentry *class_name_dir; 1704 1705 class_name_dir = sel_make_dir(class_dir, classes[i], 1706 &last_class_ino); 1707 if (IS_ERR(class_name_dir)) { 1708 rc = PTR_ERR(class_name_dir); 1709 goto out; 1710 } 1711 1712 /* i+1 since class values are 1-indexed */ 1713 rc = sel_make_class_dir_entries(classes[i], i + 1, 1714 class_name_dir); 1715 if (rc) 1716 goto out; 1717 } 1718 rc = 0; 1719 out: 1720 for (i = 0; i < nclasses; i++) 1721 kfree(classes[i]); 1722 kfree(classes); 1723 return rc; 1724 } 1725 1726 static int sel_make_policycap(void) 1727 { 1728 unsigned int iter; 1729 struct dentry *dentry = NULL; 1730 struct inode *inode = NULL; 1731 1732 sel_remove_entries(policycap_dir); 1733 1734 for (iter = 0; iter <= POLICYDB_CAPABILITY_MAX; iter++) { 1735 if (iter < ARRAY_SIZE(policycap_names)) 1736 dentry = d_alloc_name(policycap_dir, 1737 policycap_names[iter]); 1738 else 1739 dentry = d_alloc_name(policycap_dir, "unknown"); 1740 1741 if (dentry == NULL) 1742 return -ENOMEM; 1743 1744 inode = sel_make_inode(policycap_dir->d_sb, S_IFREG | S_IRUGO); 1745 if (inode == NULL) 1746 return -ENOMEM; 1747 1748 inode->i_fop = &sel_policycap_ops; 1749 inode->i_ino = iter | SEL_POLICYCAP_INO_OFFSET; 1750 d_add(dentry, inode); 1751 } 1752 1753 return 0; 1754 } 1755 1756 static struct dentry *sel_make_dir(struct dentry *dir, const char *name, 1757 unsigned long *ino) 1758 { 1759 struct dentry *dentry = d_alloc_name(dir, name); 1760 struct inode *inode; 1761 1762 if (!dentry) 1763 return ERR_PTR(-ENOMEM); 1764 1765 inode = sel_make_inode(dir->d_sb, S_IFDIR | S_IRUGO | S_IXUGO); 1766 if (!inode) { 1767 dput(dentry); 1768 return ERR_PTR(-ENOMEM); 1769 } 1770 1771 inode->i_op = &simple_dir_inode_operations; 1772 inode->i_fop = &simple_dir_operations; 1773 inode->i_ino = ++(*ino); 1774 /* directory inodes start off with i_nlink == 2 (for "." entry) */ 1775 inc_nlink(inode); 1776 d_add(dentry, inode); 1777 /* bump link count on parent directory, too */ 1778 inc_nlink(d_inode(dir)); 1779 1780 return dentry; 1781 } 1782 1783 static int sel_fill_super(struct super_block *sb, void *data, int silent) 1784 { 1785 int ret; 1786 struct dentry *dentry; 1787 struct inode *inode; 1788 struct inode_security_struct *isec; 1789 1790 static struct tree_descr selinux_files[] = { 1791 [SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR}, 1792 [SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR}, 1793 [SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO}, 1794 [SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO}, 1795 [SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO}, 1796 [SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO}, 1797 [SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO}, 1798 [SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO}, 1799 [SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR}, 1800 [SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO}, 1801 [SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR}, 1802 [SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO}, 1803 [SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR}, 1804 [SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO}, 1805 [SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO}, 1806 [SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO}, 1807 [SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO}, 1808 [SEL_VALIDATE_TRANS] = {"validatetrans", &sel_transition_ops, 1809 S_IWUGO}, 1810 /* last one */ {""} 1811 }; 1812 ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files); 1813 if (ret) 1814 goto err; 1815 1816 bool_dir = sel_make_dir(sb->s_root, BOOL_DIR_NAME, &sel_last_ino); 1817 if (IS_ERR(bool_dir)) { 1818 ret = PTR_ERR(bool_dir); 1819 bool_dir = NULL; 1820 goto err; 1821 } 1822 1823 ret = -ENOMEM; 1824 dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME); 1825 if (!dentry) 1826 goto err; 1827 1828 ret = -ENOMEM; 1829 inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO); 1830 if (!inode) 1831 goto err; 1832 1833 inode->i_ino = ++sel_last_ino; 1834 isec = (struct inode_security_struct *)inode->i_security; 1835 isec->sid = SECINITSID_DEVNULL; 1836 isec->sclass = SECCLASS_CHR_FILE; 1837 isec->initialized = 1; 1838 1839 init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3)); 1840 d_add(dentry, inode); 1841 selinux_null.dentry = dentry; 1842 1843 dentry = sel_make_dir(sb->s_root, "avc", &sel_last_ino); 1844 if (IS_ERR(dentry)) { 1845 ret = PTR_ERR(dentry); 1846 goto err; 1847 } 1848 1849 ret = sel_make_avc_files(dentry); 1850 if (ret) 1851 goto err; 1852 1853 dentry = sel_make_dir(sb->s_root, "initial_contexts", &sel_last_ino); 1854 if (IS_ERR(dentry)) { 1855 ret = PTR_ERR(dentry); 1856 goto err; 1857 } 1858 1859 ret = sel_make_initcon_files(dentry); 1860 if (ret) 1861 goto err; 1862 1863 class_dir = sel_make_dir(sb->s_root, "class", &sel_last_ino); 1864 if (IS_ERR(class_dir)) { 1865 ret = PTR_ERR(class_dir); 1866 class_dir = NULL; 1867 goto err; 1868 } 1869 1870 policycap_dir = sel_make_dir(sb->s_root, "policy_capabilities", &sel_last_ino); 1871 if (IS_ERR(policycap_dir)) { 1872 ret = PTR_ERR(policycap_dir); 1873 policycap_dir = NULL; 1874 goto err; 1875 } 1876 return 0; 1877 err: 1878 printk(KERN_ERR "SELinux: %s: failed while creating inodes\n", 1879 __func__); 1880 return ret; 1881 } 1882 1883 static struct dentry *sel_mount(struct file_system_type *fs_type, 1884 int flags, const char *dev_name, void *data) 1885 { 1886 return mount_single(fs_type, flags, data, sel_fill_super); 1887 } 1888 1889 static struct file_system_type sel_fs_type = { 1890 .name = "selinuxfs", 1891 .mount = sel_mount, 1892 .kill_sb = kill_litter_super, 1893 }; 1894 1895 struct vfsmount *selinuxfs_mount; 1896 1897 static int __init init_sel_fs(void) 1898 { 1899 int err; 1900 1901 if (!selinux_enabled) 1902 return 0; 1903 1904 err = sysfs_create_mount_point(fs_kobj, "selinux"); 1905 if (err) 1906 return err; 1907 1908 err = register_filesystem(&sel_fs_type); 1909 if (err) { 1910 sysfs_remove_mount_point(fs_kobj, "selinux"); 1911 return err; 1912 } 1913 1914 selinux_null.mnt = selinuxfs_mount = kern_mount(&sel_fs_type); 1915 if (IS_ERR(selinuxfs_mount)) { 1916 printk(KERN_ERR "selinuxfs: could not mount!\n"); 1917 err = PTR_ERR(selinuxfs_mount); 1918 selinuxfs_mount = NULL; 1919 } 1920 1921 return err; 1922 } 1923 1924 __initcall(init_sel_fs); 1925 1926 #ifdef CONFIG_SECURITY_SELINUX_DISABLE 1927 void exit_sel_fs(void) 1928 { 1929 sysfs_remove_mount_point(fs_kobj, "selinux"); 1930 kern_unmount(selinuxfs_mount); 1931 unregister_filesystem(&sel_fs_type); 1932 } 1933 #endif 1934