1 // SPDX-License-Identifier: GPL-2.0-only 2 /* Updated: Karl MacMillan <kmacmillan@tresys.com> 3 * 4 * Added conditional policy language extensions 5 * 6 * Updated: Hewlett-Packard <paul@paul-moore.com> 7 * 8 * Added support for the policy capability bitmap 9 * 10 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 11 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 12 * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 13 */ 14 15 #include <linux/kernel.h> 16 #include <linux/pagemap.h> 17 #include <linux/slab.h> 18 #include <linux/vmalloc.h> 19 #include <linux/fs.h> 20 #include <linux/fs_context.h> 21 #include <linux/mount.h> 22 #include <linux/mutex.h> 23 #include <linux/namei.h> 24 #include <linux/init.h> 25 #include <linux/string.h> 26 #include <linux/security.h> 27 #include <linux/major.h> 28 #include <linux/seq_file.h> 29 #include <linux/percpu.h> 30 #include <linux/audit.h> 31 #include <linux/uaccess.h> 32 #include <linux/kobject.h> 33 #include <linux/ctype.h> 34 35 /* selinuxfs pseudo filesystem for exporting the security policy API. 36 Based on the proc code and the fs/nfsd/nfsctl.c code. */ 37 38 #include "flask.h" 39 #include "avc.h" 40 #include "avc_ss.h" 41 #include "security.h" 42 #include "objsec.h" 43 #include "conditional.h" 44 #include "ima.h" 45 46 enum sel_inos { 47 SEL_ROOT_INO = 2, 48 SEL_LOAD, /* load policy */ 49 SEL_ENFORCE, /* get or set enforcing status */ 50 SEL_CONTEXT, /* validate context */ 51 SEL_ACCESS, /* compute access decision */ 52 SEL_CREATE, /* compute create labeling decision */ 53 SEL_RELABEL, /* compute relabeling decision */ 54 SEL_USER, /* compute reachable user contexts */ 55 SEL_POLICYVERS, /* return policy version for this kernel */ 56 SEL_COMMIT_BOOLS, /* commit new boolean values */ 57 SEL_MLS, /* return if MLS policy is enabled */ 58 SEL_DISABLE, /* disable SELinux until next reboot */ 59 SEL_MEMBER, /* compute polyinstantiation membership decision */ 60 SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */ 61 SEL_COMPAT_NET, /* whether to use old compat network packet controls */ 62 SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */ 63 SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */ 64 SEL_STATUS, /* export current status using mmap() */ 65 SEL_POLICY, /* allow userspace to read the in kernel policy */ 66 SEL_VALIDATE_TRANS, /* compute validatetrans decision */ 67 SEL_INO_NEXT, /* The next inode number to use */ 68 }; 69 70 struct selinux_fs_info { 71 struct dentry *bool_dir; 72 unsigned int bool_num; 73 char **bool_pending_names; 74 int *bool_pending_values; 75 struct dentry *class_dir; 76 unsigned long last_class_ino; 77 bool policy_opened; 78 struct dentry *policycap_dir; 79 unsigned long last_ino; 80 struct super_block *sb; 81 }; 82 83 static int selinux_fs_info_create(struct super_block *sb) 84 { 85 struct selinux_fs_info *fsi; 86 87 fsi = kzalloc(sizeof(*fsi), GFP_KERNEL); 88 if (!fsi) 89 return -ENOMEM; 90 91 fsi->last_ino = SEL_INO_NEXT - 1; 92 fsi->sb = sb; 93 sb->s_fs_info = fsi; 94 return 0; 95 } 96 97 static void selinux_fs_info_free(struct super_block *sb) 98 { 99 struct selinux_fs_info *fsi = sb->s_fs_info; 100 int i; 101 102 if (fsi) { 103 for (i = 0; i < fsi->bool_num; i++) 104 kfree(fsi->bool_pending_names[i]); 105 kfree(fsi->bool_pending_names); 106 kfree(fsi->bool_pending_values); 107 } 108 kfree(sb->s_fs_info); 109 sb->s_fs_info = NULL; 110 } 111 112 #define SEL_INITCON_INO_OFFSET 0x01000000 113 #define SEL_BOOL_INO_OFFSET 0x02000000 114 #define SEL_CLASS_INO_OFFSET 0x04000000 115 #define SEL_POLICYCAP_INO_OFFSET 0x08000000 116 #define SEL_INO_MASK 0x00ffffff 117 118 #define BOOL_DIR_NAME "booleans" 119 #define CLASS_DIR_NAME "class" 120 #define POLICYCAP_DIR_NAME "policy_capabilities" 121 122 #define TMPBUFLEN 12 123 static ssize_t sel_read_enforce(struct file *filp, char __user *buf, 124 size_t count, loff_t *ppos) 125 { 126 char tmpbuf[TMPBUFLEN]; 127 ssize_t length; 128 129 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", 130 enforcing_enabled()); 131 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 132 } 133 134 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP 135 static ssize_t sel_write_enforce(struct file *file, const char __user *buf, 136 size_t count, loff_t *ppos) 137 138 { 139 char *page = NULL; 140 ssize_t length; 141 int old_value, new_value; 142 143 if (count >= PAGE_SIZE) 144 return -ENOMEM; 145 146 /* No partial writes. */ 147 if (*ppos != 0) 148 return -EINVAL; 149 150 page = memdup_user_nul(buf, count); 151 if (IS_ERR(page)) 152 return PTR_ERR(page); 153 154 length = -EINVAL; 155 if (sscanf(page, "%d", &new_value) != 1) 156 goto out; 157 158 new_value = !!new_value; 159 160 old_value = enforcing_enabled(); 161 if (new_value != old_value) { 162 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 163 SECCLASS_SECURITY, SECURITY__SETENFORCE, 164 NULL); 165 if (length) 166 goto out; 167 audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS, 168 "enforcing=%d old_enforcing=%d auid=%u ses=%u" 169 " enabled=1 old-enabled=1 lsm=selinux res=1", 170 new_value, old_value, 171 from_kuid(&init_user_ns, audit_get_loginuid(current)), 172 audit_get_sessionid(current)); 173 enforcing_set(new_value); 174 if (new_value) 175 avc_ss_reset(0); 176 selnl_notify_setenforce(new_value); 177 selinux_status_update_setenforce(new_value); 178 if (!new_value) 179 call_blocking_lsm_notifier(LSM_POLICY_CHANGE, NULL); 180 181 selinux_ima_measure_state(); 182 } 183 length = count; 184 out: 185 kfree(page); 186 return length; 187 } 188 #else 189 #define sel_write_enforce NULL 190 #endif 191 192 static const struct file_operations sel_enforce_ops = { 193 .read = sel_read_enforce, 194 .write = sel_write_enforce, 195 .llseek = generic_file_llseek, 196 }; 197 198 static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf, 199 size_t count, loff_t *ppos) 200 { 201 char tmpbuf[TMPBUFLEN]; 202 ssize_t length; 203 ino_t ino = file_inode(filp)->i_ino; 204 int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ? 205 security_get_reject_unknown() : 206 !security_get_allow_unknown(); 207 208 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown); 209 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 210 } 211 212 static const struct file_operations sel_handle_unknown_ops = { 213 .read = sel_read_handle_unknown, 214 .llseek = generic_file_llseek, 215 }; 216 217 static int sel_open_handle_status(struct inode *inode, struct file *filp) 218 { 219 struct page *status = selinux_kernel_status_page(); 220 221 if (!status) 222 return -ENOMEM; 223 224 filp->private_data = status; 225 226 return 0; 227 } 228 229 static ssize_t sel_read_handle_status(struct file *filp, char __user *buf, 230 size_t count, loff_t *ppos) 231 { 232 struct page *status = filp->private_data; 233 234 BUG_ON(!status); 235 236 return simple_read_from_buffer(buf, count, ppos, 237 page_address(status), 238 sizeof(struct selinux_kernel_status)); 239 } 240 241 static int sel_mmap_handle_status(struct file *filp, 242 struct vm_area_struct *vma) 243 { 244 struct page *status = filp->private_data; 245 unsigned long size = vma->vm_end - vma->vm_start; 246 247 BUG_ON(!status); 248 249 /* only allows one page from the head */ 250 if (vma->vm_pgoff > 0 || size != PAGE_SIZE) 251 return -EIO; 252 /* disallow writable mapping */ 253 if (vma->vm_flags & VM_WRITE) 254 return -EPERM; 255 /* disallow mprotect() turns it into writable */ 256 vm_flags_clear(vma, VM_MAYWRITE); 257 258 return remap_pfn_range(vma, vma->vm_start, 259 page_to_pfn(status), 260 size, vma->vm_page_prot); 261 } 262 263 static const struct file_operations sel_handle_status_ops = { 264 .open = sel_open_handle_status, 265 .read = sel_read_handle_status, 266 .mmap = sel_mmap_handle_status, 267 .llseek = generic_file_llseek, 268 }; 269 270 static ssize_t sel_write_disable(struct file *file, const char __user *buf, 271 size_t count, loff_t *ppos) 272 273 { 274 char *page; 275 ssize_t length; 276 int new_value; 277 278 if (count >= PAGE_SIZE) 279 return -ENOMEM; 280 281 /* No partial writes. */ 282 if (*ppos != 0) 283 return -EINVAL; 284 285 page = memdup_user_nul(buf, count); 286 if (IS_ERR(page)) 287 return PTR_ERR(page); 288 289 if (sscanf(page, "%d", &new_value) != 1) { 290 length = -EINVAL; 291 goto out; 292 } 293 length = count; 294 295 if (new_value) { 296 pr_err("SELinux: https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-runtime-disable\n"); 297 pr_err("SELinux: Runtime disable is not supported, use selinux=0 on the kernel cmdline.\n"); 298 } 299 300 out: 301 kfree(page); 302 return length; 303 } 304 305 static const struct file_operations sel_disable_ops = { 306 .write = sel_write_disable, 307 .llseek = generic_file_llseek, 308 }; 309 310 static ssize_t sel_read_policyvers(struct file *filp, char __user *buf, 311 size_t count, loff_t *ppos) 312 { 313 char tmpbuf[TMPBUFLEN]; 314 ssize_t length; 315 316 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX); 317 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 318 } 319 320 static const struct file_operations sel_policyvers_ops = { 321 .read = sel_read_policyvers, 322 .llseek = generic_file_llseek, 323 }; 324 325 /* declaration for sel_write_load */ 326 static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_dir, 327 unsigned int *bool_num, char ***bool_pending_names, 328 int **bool_pending_values); 329 static int sel_make_classes(struct selinux_policy *newpolicy, 330 struct dentry *class_dir, 331 unsigned long *last_class_ino); 332 333 /* declaration for sel_make_class_dirs */ 334 static struct dentry *sel_make_dir(struct dentry *dir, const char *name, 335 unsigned long *ino); 336 337 /* declaration for sel_make_policy_nodes */ 338 static struct dentry *sel_make_disconnected_dir(struct super_block *sb, 339 unsigned long *ino); 340 341 /* declaration for sel_make_policy_nodes */ 342 static void sel_remove_entries(struct dentry *de); 343 344 static ssize_t sel_read_mls(struct file *filp, char __user *buf, 345 size_t count, loff_t *ppos) 346 { 347 char tmpbuf[TMPBUFLEN]; 348 ssize_t length; 349 350 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", 351 security_mls_enabled()); 352 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 353 } 354 355 static const struct file_operations sel_mls_ops = { 356 .read = sel_read_mls, 357 .llseek = generic_file_llseek, 358 }; 359 360 struct policy_load_memory { 361 size_t len; 362 void *data; 363 }; 364 365 static int sel_open_policy(struct inode *inode, struct file *filp) 366 { 367 struct selinux_fs_info *fsi = inode->i_sb->s_fs_info; 368 struct policy_load_memory *plm = NULL; 369 int rc; 370 371 BUG_ON(filp->private_data); 372 373 mutex_lock(&selinux_state.policy_mutex); 374 375 rc = avc_has_perm(current_sid(), SECINITSID_SECURITY, 376 SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL); 377 if (rc) 378 goto err; 379 380 rc = -EBUSY; 381 if (fsi->policy_opened) 382 goto err; 383 384 rc = -ENOMEM; 385 plm = kzalloc(sizeof(*plm), GFP_KERNEL); 386 if (!plm) 387 goto err; 388 389 rc = security_read_policy(&plm->data, &plm->len); 390 if (rc) 391 goto err; 392 393 if ((size_t)i_size_read(inode) != plm->len) { 394 inode_lock(inode); 395 i_size_write(inode, plm->len); 396 inode_unlock(inode); 397 } 398 399 fsi->policy_opened = 1; 400 401 filp->private_data = plm; 402 403 mutex_unlock(&selinux_state.policy_mutex); 404 405 return 0; 406 err: 407 mutex_unlock(&selinux_state.policy_mutex); 408 409 if (plm) 410 vfree(plm->data); 411 kfree(plm); 412 return rc; 413 } 414 415 static int sel_release_policy(struct inode *inode, struct file *filp) 416 { 417 struct selinux_fs_info *fsi = inode->i_sb->s_fs_info; 418 struct policy_load_memory *plm = filp->private_data; 419 420 BUG_ON(!plm); 421 422 fsi->policy_opened = 0; 423 424 vfree(plm->data); 425 kfree(plm); 426 427 return 0; 428 } 429 430 static ssize_t sel_read_policy(struct file *filp, char __user *buf, 431 size_t count, loff_t *ppos) 432 { 433 struct policy_load_memory *plm = filp->private_data; 434 int ret; 435 436 ret = avc_has_perm(current_sid(), SECINITSID_SECURITY, 437 SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL); 438 if (ret) 439 return ret; 440 441 return simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); 442 } 443 444 static vm_fault_t sel_mmap_policy_fault(struct vm_fault *vmf) 445 { 446 struct policy_load_memory *plm = vmf->vma->vm_file->private_data; 447 unsigned long offset; 448 struct page *page; 449 450 if (vmf->flags & (FAULT_FLAG_MKWRITE | FAULT_FLAG_WRITE)) 451 return VM_FAULT_SIGBUS; 452 453 offset = vmf->pgoff << PAGE_SHIFT; 454 if (offset >= roundup(plm->len, PAGE_SIZE)) 455 return VM_FAULT_SIGBUS; 456 457 page = vmalloc_to_page(plm->data + offset); 458 get_page(page); 459 460 vmf->page = page; 461 462 return 0; 463 } 464 465 static const struct vm_operations_struct sel_mmap_policy_ops = { 466 .fault = sel_mmap_policy_fault, 467 .page_mkwrite = sel_mmap_policy_fault, 468 }; 469 470 static int sel_mmap_policy(struct file *filp, struct vm_area_struct *vma) 471 { 472 if (vma->vm_flags & VM_SHARED) { 473 /* do not allow mprotect to make mapping writable */ 474 vm_flags_clear(vma, VM_MAYWRITE); 475 476 if (vma->vm_flags & VM_WRITE) 477 return -EACCES; 478 } 479 480 vm_flags_set(vma, VM_DONTEXPAND | VM_DONTDUMP); 481 vma->vm_ops = &sel_mmap_policy_ops; 482 483 return 0; 484 } 485 486 static const struct file_operations sel_policy_ops = { 487 .open = sel_open_policy, 488 .read = sel_read_policy, 489 .mmap = sel_mmap_policy, 490 .release = sel_release_policy, 491 .llseek = generic_file_llseek, 492 }; 493 494 static void sel_remove_old_bool_data(unsigned int bool_num, char **bool_names, 495 int *bool_values) 496 { 497 u32 i; 498 499 /* bool_dir cleanup */ 500 for (i = 0; i < bool_num; i++) 501 kfree(bool_names[i]); 502 kfree(bool_names); 503 kfree(bool_values); 504 } 505 506 static int sel_make_policy_nodes(struct selinux_fs_info *fsi, 507 struct selinux_policy *newpolicy) 508 { 509 int ret = 0; 510 struct dentry *tmp_parent, *tmp_bool_dir, *tmp_class_dir, *old_dentry; 511 unsigned int tmp_bool_num, old_bool_num; 512 char **tmp_bool_names, **old_bool_names; 513 int *tmp_bool_values, *old_bool_values; 514 unsigned long tmp_ino = fsi->last_ino; /* Don't increment last_ino in this function */ 515 516 tmp_parent = sel_make_disconnected_dir(fsi->sb, &tmp_ino); 517 if (IS_ERR(tmp_parent)) 518 return PTR_ERR(tmp_parent); 519 520 tmp_ino = fsi->bool_dir->d_inode->i_ino - 1; /* sel_make_dir will increment and set */ 521 tmp_bool_dir = sel_make_dir(tmp_parent, BOOL_DIR_NAME, &tmp_ino); 522 if (IS_ERR(tmp_bool_dir)) { 523 ret = PTR_ERR(tmp_bool_dir); 524 goto out; 525 } 526 527 tmp_ino = fsi->class_dir->d_inode->i_ino - 1; /* sel_make_dir will increment and set */ 528 tmp_class_dir = sel_make_dir(tmp_parent, CLASS_DIR_NAME, &tmp_ino); 529 if (IS_ERR(tmp_class_dir)) { 530 ret = PTR_ERR(tmp_class_dir); 531 goto out; 532 } 533 534 ret = sel_make_bools(newpolicy, tmp_bool_dir, &tmp_bool_num, 535 &tmp_bool_names, &tmp_bool_values); 536 if (ret) 537 goto out; 538 539 ret = sel_make_classes(newpolicy, tmp_class_dir, 540 &fsi->last_class_ino); 541 if (ret) 542 goto out; 543 544 /* booleans */ 545 old_dentry = fsi->bool_dir; 546 lock_rename(tmp_bool_dir, old_dentry); 547 d_exchange(tmp_bool_dir, fsi->bool_dir); 548 549 old_bool_num = fsi->bool_num; 550 old_bool_names = fsi->bool_pending_names; 551 old_bool_values = fsi->bool_pending_values; 552 553 fsi->bool_num = tmp_bool_num; 554 fsi->bool_pending_names = tmp_bool_names; 555 fsi->bool_pending_values = tmp_bool_values; 556 557 sel_remove_old_bool_data(old_bool_num, old_bool_names, old_bool_values); 558 559 fsi->bool_dir = tmp_bool_dir; 560 unlock_rename(tmp_bool_dir, old_dentry); 561 562 /* classes */ 563 old_dentry = fsi->class_dir; 564 lock_rename(tmp_class_dir, old_dentry); 565 d_exchange(tmp_class_dir, fsi->class_dir); 566 fsi->class_dir = tmp_class_dir; 567 unlock_rename(tmp_class_dir, old_dentry); 568 569 out: 570 /* Since the other temporary dirs are children of tmp_parent 571 * this will handle all the cleanup in the case of a failure before 572 * the swapover 573 */ 574 sel_remove_entries(tmp_parent); 575 dput(tmp_parent); /* d_genocide() only handles the children */ 576 577 return ret; 578 } 579 580 static ssize_t sel_write_load(struct file *file, const char __user *buf, 581 size_t count, loff_t *ppos) 582 583 { 584 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 585 struct selinux_load_state load_state; 586 ssize_t length; 587 void *data = NULL; 588 589 mutex_lock(&selinux_state.policy_mutex); 590 591 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 592 SECCLASS_SECURITY, SECURITY__LOAD_POLICY, NULL); 593 if (length) 594 goto out; 595 596 /* No partial writes. */ 597 length = -EINVAL; 598 if (*ppos != 0) 599 goto out; 600 601 length = -ENOMEM; 602 data = vmalloc(count); 603 if (!data) 604 goto out; 605 606 length = -EFAULT; 607 if (copy_from_user(data, buf, count) != 0) 608 goto out; 609 610 length = security_load_policy(data, count, &load_state); 611 if (length) { 612 pr_warn_ratelimited("SELinux: failed to load policy\n"); 613 goto out; 614 } 615 616 length = sel_make_policy_nodes(fsi, load_state.policy); 617 if (length) { 618 pr_warn_ratelimited("SELinux: failed to initialize selinuxfs\n"); 619 selinux_policy_cancel(&load_state); 620 goto out; 621 } 622 623 selinux_policy_commit(&load_state); 624 625 length = count; 626 627 audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, 628 "auid=%u ses=%u lsm=selinux res=1", 629 from_kuid(&init_user_ns, audit_get_loginuid(current)), 630 audit_get_sessionid(current)); 631 out: 632 mutex_unlock(&selinux_state.policy_mutex); 633 vfree(data); 634 return length; 635 } 636 637 static const struct file_operations sel_load_ops = { 638 .write = sel_write_load, 639 .llseek = generic_file_llseek, 640 }; 641 642 static ssize_t sel_write_context(struct file *file, char *buf, size_t size) 643 { 644 char *canon = NULL; 645 u32 sid, len; 646 ssize_t length; 647 648 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 649 SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, NULL); 650 if (length) 651 goto out; 652 653 length = security_context_to_sid(buf, size, &sid, GFP_KERNEL); 654 if (length) 655 goto out; 656 657 length = security_sid_to_context(sid, &canon, &len); 658 if (length) 659 goto out; 660 661 length = -ERANGE; 662 if (len > SIMPLE_TRANSACTION_LIMIT) { 663 pr_err("SELinux: %s: context size (%u) exceeds " 664 "payload max\n", __func__, len); 665 goto out; 666 } 667 668 memcpy(buf, canon, len); 669 length = len; 670 out: 671 kfree(canon); 672 return length; 673 } 674 675 static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf, 676 size_t count, loff_t *ppos) 677 { 678 char tmpbuf[TMPBUFLEN]; 679 ssize_t length; 680 681 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", 682 checkreqprot_get()); 683 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 684 } 685 686 static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, 687 size_t count, loff_t *ppos) 688 { 689 char *page; 690 ssize_t length; 691 unsigned int new_value; 692 693 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 694 SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT, 695 NULL); 696 if (length) 697 return length; 698 699 if (count >= PAGE_SIZE) 700 return -ENOMEM; 701 702 /* No partial writes. */ 703 if (*ppos != 0) 704 return -EINVAL; 705 706 page = memdup_user_nul(buf, count); 707 if (IS_ERR(page)) 708 return PTR_ERR(page); 709 710 if (sscanf(page, "%u", &new_value) != 1) { 711 length = -EINVAL; 712 goto out; 713 } 714 length = count; 715 716 if (new_value) { 717 char comm[sizeof(current->comm)]; 718 719 memcpy(comm, current->comm, sizeof(comm)); 720 pr_err("SELinux: %s (%d) set checkreqprot to 1. This is no longer supported.\n", 721 comm, current->pid); 722 } 723 724 selinux_ima_measure_state(); 725 726 out: 727 kfree(page); 728 return length; 729 } 730 static const struct file_operations sel_checkreqprot_ops = { 731 .read = sel_read_checkreqprot, 732 .write = sel_write_checkreqprot, 733 .llseek = generic_file_llseek, 734 }; 735 736 static ssize_t sel_write_validatetrans(struct file *file, 737 const char __user *buf, 738 size_t count, loff_t *ppos) 739 { 740 char *oldcon = NULL, *newcon = NULL, *taskcon = NULL; 741 char *req = NULL; 742 u32 osid, nsid, tsid; 743 u16 tclass; 744 int rc; 745 746 rc = avc_has_perm(current_sid(), SECINITSID_SECURITY, 747 SECCLASS_SECURITY, SECURITY__VALIDATE_TRANS, NULL); 748 if (rc) 749 goto out; 750 751 rc = -ENOMEM; 752 if (count >= PAGE_SIZE) 753 goto out; 754 755 /* No partial writes. */ 756 rc = -EINVAL; 757 if (*ppos != 0) 758 goto out; 759 760 req = memdup_user_nul(buf, count); 761 if (IS_ERR(req)) { 762 rc = PTR_ERR(req); 763 req = NULL; 764 goto out; 765 } 766 767 rc = -ENOMEM; 768 oldcon = kzalloc(count + 1, GFP_KERNEL); 769 if (!oldcon) 770 goto out; 771 772 newcon = kzalloc(count + 1, GFP_KERNEL); 773 if (!newcon) 774 goto out; 775 776 taskcon = kzalloc(count + 1, GFP_KERNEL); 777 if (!taskcon) 778 goto out; 779 780 rc = -EINVAL; 781 if (sscanf(req, "%s %s %hu %s", oldcon, newcon, &tclass, taskcon) != 4) 782 goto out; 783 784 rc = security_context_str_to_sid(oldcon, &osid, GFP_KERNEL); 785 if (rc) 786 goto out; 787 788 rc = security_context_str_to_sid(newcon, &nsid, GFP_KERNEL); 789 if (rc) 790 goto out; 791 792 rc = security_context_str_to_sid(taskcon, &tsid, GFP_KERNEL); 793 if (rc) 794 goto out; 795 796 rc = security_validate_transition_user(osid, nsid, tsid, tclass); 797 if (!rc) 798 rc = count; 799 out: 800 kfree(req); 801 kfree(oldcon); 802 kfree(newcon); 803 kfree(taskcon); 804 return rc; 805 } 806 807 static const struct file_operations sel_transition_ops = { 808 .write = sel_write_validatetrans, 809 .llseek = generic_file_llseek, 810 }; 811 812 /* 813 * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c 814 */ 815 static ssize_t sel_write_access(struct file *file, char *buf, size_t size); 816 static ssize_t sel_write_create(struct file *file, char *buf, size_t size); 817 static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size); 818 static ssize_t sel_write_user(struct file *file, char *buf, size_t size); 819 static ssize_t sel_write_member(struct file *file, char *buf, size_t size); 820 821 static ssize_t (*const write_op[])(struct file *, char *, size_t) = { 822 [SEL_ACCESS] = sel_write_access, 823 [SEL_CREATE] = sel_write_create, 824 [SEL_RELABEL] = sel_write_relabel, 825 [SEL_USER] = sel_write_user, 826 [SEL_MEMBER] = sel_write_member, 827 [SEL_CONTEXT] = sel_write_context, 828 }; 829 830 static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos) 831 { 832 ino_t ino = file_inode(file)->i_ino; 833 char *data; 834 ssize_t rv; 835 836 if (ino >= ARRAY_SIZE(write_op) || !write_op[ino]) 837 return -EINVAL; 838 839 data = simple_transaction_get(file, buf, size); 840 if (IS_ERR(data)) 841 return PTR_ERR(data); 842 843 rv = write_op[ino](file, data, size); 844 if (rv > 0) { 845 simple_transaction_set(file, rv); 846 rv = size; 847 } 848 return rv; 849 } 850 851 static const struct file_operations transaction_ops = { 852 .write = selinux_transaction_write, 853 .read = simple_transaction_read, 854 .release = simple_transaction_release, 855 .llseek = generic_file_llseek, 856 }; 857 858 /* 859 * payload - write methods 860 * If the method has a response, the response should be put in buf, 861 * and the length returned. Otherwise return 0 or and -error. 862 */ 863 864 static ssize_t sel_write_access(struct file *file, char *buf, size_t size) 865 { 866 char *scon = NULL, *tcon = NULL; 867 u32 ssid, tsid; 868 u16 tclass; 869 struct av_decision avd; 870 ssize_t length; 871 872 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 873 SECCLASS_SECURITY, SECURITY__COMPUTE_AV, NULL); 874 if (length) 875 goto out; 876 877 length = -ENOMEM; 878 scon = kzalloc(size + 1, GFP_KERNEL); 879 if (!scon) 880 goto out; 881 882 length = -ENOMEM; 883 tcon = kzalloc(size + 1, GFP_KERNEL); 884 if (!tcon) 885 goto out; 886 887 length = -EINVAL; 888 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 889 goto out; 890 891 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL); 892 if (length) 893 goto out; 894 895 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL); 896 if (length) 897 goto out; 898 899 security_compute_av_user(ssid, tsid, tclass, &avd); 900 901 length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT, 902 "%x %x %x %x %u %x", 903 avd.allowed, 0xffffffff, 904 avd.auditallow, avd.auditdeny, 905 avd.seqno, avd.flags); 906 out: 907 kfree(tcon); 908 kfree(scon); 909 return length; 910 } 911 912 static ssize_t sel_write_create(struct file *file, char *buf, size_t size) 913 { 914 char *scon = NULL, *tcon = NULL; 915 char *namebuf = NULL, *objname = NULL; 916 u32 ssid, tsid, newsid; 917 u16 tclass; 918 ssize_t length; 919 char *newcon = NULL; 920 u32 len; 921 int nargs; 922 923 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 924 SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, 925 NULL); 926 if (length) 927 goto out; 928 929 length = -ENOMEM; 930 scon = kzalloc(size + 1, GFP_KERNEL); 931 if (!scon) 932 goto out; 933 934 length = -ENOMEM; 935 tcon = kzalloc(size + 1, GFP_KERNEL); 936 if (!tcon) 937 goto out; 938 939 length = -ENOMEM; 940 namebuf = kzalloc(size + 1, GFP_KERNEL); 941 if (!namebuf) 942 goto out; 943 944 length = -EINVAL; 945 nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf); 946 if (nargs < 3 || nargs > 4) 947 goto out; 948 if (nargs == 4) { 949 /* 950 * If and when the name of new object to be queried contains 951 * either whitespace or multibyte characters, they shall be 952 * encoded based on the percentage-encoding rule. 953 * If not encoded, the sscanf logic picks up only left-half 954 * of the supplied name; split by a whitespace unexpectedly. 955 */ 956 char *r, *w; 957 int c1, c2; 958 959 r = w = namebuf; 960 do { 961 c1 = *r++; 962 if (c1 == '+') 963 c1 = ' '; 964 else if (c1 == '%') { 965 c1 = hex_to_bin(*r++); 966 if (c1 < 0) 967 goto out; 968 c2 = hex_to_bin(*r++); 969 if (c2 < 0) 970 goto out; 971 c1 = (c1 << 4) | c2; 972 } 973 *w++ = c1; 974 } while (c1 != '\0'); 975 976 objname = namebuf; 977 } 978 979 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL); 980 if (length) 981 goto out; 982 983 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL); 984 if (length) 985 goto out; 986 987 length = security_transition_sid_user(ssid, tsid, tclass, 988 objname, &newsid); 989 if (length) 990 goto out; 991 992 length = security_sid_to_context(newsid, &newcon, &len); 993 if (length) 994 goto out; 995 996 length = -ERANGE; 997 if (len > SIMPLE_TRANSACTION_LIMIT) { 998 pr_err("SELinux: %s: context size (%u) exceeds " 999 "payload max\n", __func__, len); 1000 goto out; 1001 } 1002 1003 memcpy(buf, newcon, len); 1004 length = len; 1005 out: 1006 kfree(newcon); 1007 kfree(namebuf); 1008 kfree(tcon); 1009 kfree(scon); 1010 return length; 1011 } 1012 1013 static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size) 1014 { 1015 char *scon = NULL, *tcon = NULL; 1016 u32 ssid, tsid, newsid; 1017 u16 tclass; 1018 ssize_t length; 1019 char *newcon = NULL; 1020 u32 len; 1021 1022 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1023 SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, 1024 NULL); 1025 if (length) 1026 goto out; 1027 1028 length = -ENOMEM; 1029 scon = kzalloc(size + 1, GFP_KERNEL); 1030 if (!scon) 1031 goto out; 1032 1033 length = -ENOMEM; 1034 tcon = kzalloc(size + 1, GFP_KERNEL); 1035 if (!tcon) 1036 goto out; 1037 1038 length = -EINVAL; 1039 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 1040 goto out; 1041 1042 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL); 1043 if (length) 1044 goto out; 1045 1046 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL); 1047 if (length) 1048 goto out; 1049 1050 length = security_change_sid(ssid, tsid, tclass, &newsid); 1051 if (length) 1052 goto out; 1053 1054 length = security_sid_to_context(newsid, &newcon, &len); 1055 if (length) 1056 goto out; 1057 1058 length = -ERANGE; 1059 if (len > SIMPLE_TRANSACTION_LIMIT) 1060 goto out; 1061 1062 memcpy(buf, newcon, len); 1063 length = len; 1064 out: 1065 kfree(newcon); 1066 kfree(tcon); 1067 kfree(scon); 1068 return length; 1069 } 1070 1071 static ssize_t sel_write_user(struct file *file, char *buf, size_t size) 1072 { 1073 char *con = NULL, *user = NULL, *ptr; 1074 u32 sid, *sids = NULL; 1075 ssize_t length; 1076 char *newcon; 1077 int i, rc; 1078 u32 len, nsids; 1079 1080 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1081 SECCLASS_SECURITY, SECURITY__COMPUTE_USER, 1082 NULL); 1083 if (length) 1084 goto out; 1085 1086 length = -ENOMEM; 1087 con = kzalloc(size + 1, GFP_KERNEL); 1088 if (!con) 1089 goto out; 1090 1091 length = -ENOMEM; 1092 user = kzalloc(size + 1, GFP_KERNEL); 1093 if (!user) 1094 goto out; 1095 1096 length = -EINVAL; 1097 if (sscanf(buf, "%s %s", con, user) != 2) 1098 goto out; 1099 1100 length = security_context_str_to_sid(con, &sid, GFP_KERNEL); 1101 if (length) 1102 goto out; 1103 1104 length = security_get_user_sids(sid, user, &sids, &nsids); 1105 if (length) 1106 goto out; 1107 1108 length = sprintf(buf, "%u", nsids) + 1; 1109 ptr = buf + length; 1110 for (i = 0; i < nsids; i++) { 1111 rc = security_sid_to_context(sids[i], &newcon, &len); 1112 if (rc) { 1113 length = rc; 1114 goto out; 1115 } 1116 if ((length + len) >= SIMPLE_TRANSACTION_LIMIT) { 1117 kfree(newcon); 1118 length = -ERANGE; 1119 goto out; 1120 } 1121 memcpy(ptr, newcon, len); 1122 kfree(newcon); 1123 ptr += len; 1124 length += len; 1125 } 1126 out: 1127 kfree(sids); 1128 kfree(user); 1129 kfree(con); 1130 return length; 1131 } 1132 1133 static ssize_t sel_write_member(struct file *file, char *buf, size_t size) 1134 { 1135 char *scon = NULL, *tcon = NULL; 1136 u32 ssid, tsid, newsid; 1137 u16 tclass; 1138 ssize_t length; 1139 char *newcon = NULL; 1140 u32 len; 1141 1142 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1143 SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, 1144 NULL); 1145 if (length) 1146 goto out; 1147 1148 length = -ENOMEM; 1149 scon = kzalloc(size + 1, GFP_KERNEL); 1150 if (!scon) 1151 goto out; 1152 1153 length = -ENOMEM; 1154 tcon = kzalloc(size + 1, GFP_KERNEL); 1155 if (!tcon) 1156 goto out; 1157 1158 length = -EINVAL; 1159 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 1160 goto out; 1161 1162 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL); 1163 if (length) 1164 goto out; 1165 1166 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL); 1167 if (length) 1168 goto out; 1169 1170 length = security_member_sid(ssid, tsid, tclass, &newsid); 1171 if (length) 1172 goto out; 1173 1174 length = security_sid_to_context(newsid, &newcon, &len); 1175 if (length) 1176 goto out; 1177 1178 length = -ERANGE; 1179 if (len > SIMPLE_TRANSACTION_LIMIT) { 1180 pr_err("SELinux: %s: context size (%u) exceeds " 1181 "payload max\n", __func__, len); 1182 goto out; 1183 } 1184 1185 memcpy(buf, newcon, len); 1186 length = len; 1187 out: 1188 kfree(newcon); 1189 kfree(tcon); 1190 kfree(scon); 1191 return length; 1192 } 1193 1194 static struct inode *sel_make_inode(struct super_block *sb, int mode) 1195 { 1196 struct inode *ret = new_inode(sb); 1197 1198 if (ret) { 1199 ret->i_mode = mode; 1200 ret->i_atime = ret->i_mtime = ret->i_ctime = current_time(ret); 1201 } 1202 return ret; 1203 } 1204 1205 static ssize_t sel_read_bool(struct file *filep, char __user *buf, 1206 size_t count, loff_t *ppos) 1207 { 1208 struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info; 1209 char *page = NULL; 1210 ssize_t length; 1211 ssize_t ret; 1212 int cur_enforcing; 1213 unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; 1214 const char *name = filep->f_path.dentry->d_name.name; 1215 1216 mutex_lock(&selinux_state.policy_mutex); 1217 1218 ret = -EINVAL; 1219 if (index >= fsi->bool_num || strcmp(name, 1220 fsi->bool_pending_names[index])) 1221 goto out_unlock; 1222 1223 ret = -ENOMEM; 1224 page = (char *)get_zeroed_page(GFP_KERNEL); 1225 if (!page) 1226 goto out_unlock; 1227 1228 cur_enforcing = security_get_bool_value(index); 1229 if (cur_enforcing < 0) { 1230 ret = cur_enforcing; 1231 goto out_unlock; 1232 } 1233 length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing, 1234 fsi->bool_pending_values[index]); 1235 mutex_unlock(&selinux_state.policy_mutex); 1236 ret = simple_read_from_buffer(buf, count, ppos, page, length); 1237 out_free: 1238 free_page((unsigned long)page); 1239 return ret; 1240 1241 out_unlock: 1242 mutex_unlock(&selinux_state.policy_mutex); 1243 goto out_free; 1244 } 1245 1246 static ssize_t sel_write_bool(struct file *filep, const char __user *buf, 1247 size_t count, loff_t *ppos) 1248 { 1249 struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info; 1250 char *page = NULL; 1251 ssize_t length; 1252 int new_value; 1253 unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; 1254 const char *name = filep->f_path.dentry->d_name.name; 1255 1256 if (count >= PAGE_SIZE) 1257 return -ENOMEM; 1258 1259 /* No partial writes. */ 1260 if (*ppos != 0) 1261 return -EINVAL; 1262 1263 page = memdup_user_nul(buf, count); 1264 if (IS_ERR(page)) 1265 return PTR_ERR(page); 1266 1267 mutex_lock(&selinux_state.policy_mutex); 1268 1269 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1270 SECCLASS_SECURITY, SECURITY__SETBOOL, 1271 NULL); 1272 if (length) 1273 goto out; 1274 1275 length = -EINVAL; 1276 if (index >= fsi->bool_num || strcmp(name, 1277 fsi->bool_pending_names[index])) 1278 goto out; 1279 1280 length = -EINVAL; 1281 if (sscanf(page, "%d", &new_value) != 1) 1282 goto out; 1283 1284 if (new_value) 1285 new_value = 1; 1286 1287 fsi->bool_pending_values[index] = new_value; 1288 length = count; 1289 1290 out: 1291 mutex_unlock(&selinux_state.policy_mutex); 1292 kfree(page); 1293 return length; 1294 } 1295 1296 static const struct file_operations sel_bool_ops = { 1297 .read = sel_read_bool, 1298 .write = sel_write_bool, 1299 .llseek = generic_file_llseek, 1300 }; 1301 1302 static ssize_t sel_commit_bools_write(struct file *filep, 1303 const char __user *buf, 1304 size_t count, loff_t *ppos) 1305 { 1306 struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info; 1307 char *page = NULL; 1308 ssize_t length; 1309 int new_value; 1310 1311 if (count >= PAGE_SIZE) 1312 return -ENOMEM; 1313 1314 /* No partial writes. */ 1315 if (*ppos != 0) 1316 return -EINVAL; 1317 1318 page = memdup_user_nul(buf, count); 1319 if (IS_ERR(page)) 1320 return PTR_ERR(page); 1321 1322 mutex_lock(&selinux_state.policy_mutex); 1323 1324 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1325 SECCLASS_SECURITY, SECURITY__SETBOOL, 1326 NULL); 1327 if (length) 1328 goto out; 1329 1330 length = -EINVAL; 1331 if (sscanf(page, "%d", &new_value) != 1) 1332 goto out; 1333 1334 length = 0; 1335 if (new_value && fsi->bool_pending_values) 1336 length = security_set_bools(fsi->bool_num, 1337 fsi->bool_pending_values); 1338 1339 if (!length) 1340 length = count; 1341 1342 out: 1343 mutex_unlock(&selinux_state.policy_mutex); 1344 kfree(page); 1345 return length; 1346 } 1347 1348 static const struct file_operations sel_commit_bools_ops = { 1349 .write = sel_commit_bools_write, 1350 .llseek = generic_file_llseek, 1351 }; 1352 1353 static void sel_remove_entries(struct dentry *de) 1354 { 1355 d_genocide(de); 1356 shrink_dcache_parent(de); 1357 } 1358 1359 static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_dir, 1360 unsigned int *bool_num, char ***bool_pending_names, 1361 int **bool_pending_values) 1362 { 1363 int ret; 1364 ssize_t len; 1365 struct dentry *dentry = NULL; 1366 struct inode *inode = NULL; 1367 struct inode_security_struct *isec; 1368 char **names = NULL, *page; 1369 u32 i, num; 1370 int *values = NULL; 1371 u32 sid; 1372 1373 ret = -ENOMEM; 1374 page = (char *)get_zeroed_page(GFP_KERNEL); 1375 if (!page) 1376 goto out; 1377 1378 ret = security_get_bools(newpolicy, &num, &names, &values); 1379 if (ret) 1380 goto out; 1381 1382 for (i = 0; i < num; i++) { 1383 ret = -ENOMEM; 1384 dentry = d_alloc_name(bool_dir, names[i]); 1385 if (!dentry) 1386 goto out; 1387 1388 ret = -ENOMEM; 1389 inode = sel_make_inode(bool_dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR); 1390 if (!inode) { 1391 dput(dentry); 1392 goto out; 1393 } 1394 1395 ret = -ENAMETOOLONG; 1396 len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]); 1397 if (len >= PAGE_SIZE) { 1398 dput(dentry); 1399 iput(inode); 1400 goto out; 1401 } 1402 1403 isec = selinux_inode(inode); 1404 ret = selinux_policy_genfs_sid(newpolicy, "selinuxfs", page, 1405 SECCLASS_FILE, &sid); 1406 if (ret) { 1407 pr_warn_ratelimited("SELinux: no sid found, defaulting to security isid for %s\n", 1408 page); 1409 sid = SECINITSID_SECURITY; 1410 } 1411 1412 isec->sid = sid; 1413 isec->initialized = LABEL_INITIALIZED; 1414 inode->i_fop = &sel_bool_ops; 1415 inode->i_ino = i|SEL_BOOL_INO_OFFSET; 1416 d_add(dentry, inode); 1417 } 1418 *bool_num = num; 1419 *bool_pending_names = names; 1420 *bool_pending_values = values; 1421 1422 free_page((unsigned long)page); 1423 return 0; 1424 out: 1425 free_page((unsigned long)page); 1426 1427 if (names) { 1428 for (i = 0; i < num; i++) 1429 kfree(names[i]); 1430 kfree(names); 1431 } 1432 kfree(values); 1433 sel_remove_entries(bool_dir); 1434 1435 return ret; 1436 } 1437 1438 static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf, 1439 size_t count, loff_t *ppos) 1440 { 1441 char tmpbuf[TMPBUFLEN]; 1442 ssize_t length; 1443 1444 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", 1445 avc_get_cache_threshold()); 1446 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 1447 } 1448 1449 static ssize_t sel_write_avc_cache_threshold(struct file *file, 1450 const char __user *buf, 1451 size_t count, loff_t *ppos) 1452 1453 { 1454 char *page; 1455 ssize_t ret; 1456 unsigned int new_value; 1457 1458 ret = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1459 SECCLASS_SECURITY, SECURITY__SETSECPARAM, 1460 NULL); 1461 if (ret) 1462 return ret; 1463 1464 if (count >= PAGE_SIZE) 1465 return -ENOMEM; 1466 1467 /* No partial writes. */ 1468 if (*ppos != 0) 1469 return -EINVAL; 1470 1471 page = memdup_user_nul(buf, count); 1472 if (IS_ERR(page)) 1473 return PTR_ERR(page); 1474 1475 ret = -EINVAL; 1476 if (sscanf(page, "%u", &new_value) != 1) 1477 goto out; 1478 1479 avc_set_cache_threshold(new_value); 1480 1481 ret = count; 1482 out: 1483 kfree(page); 1484 return ret; 1485 } 1486 1487 static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf, 1488 size_t count, loff_t *ppos) 1489 { 1490 char *page; 1491 ssize_t length; 1492 1493 page = (char *)__get_free_page(GFP_KERNEL); 1494 if (!page) 1495 return -ENOMEM; 1496 1497 length = avc_get_hash_stats(page); 1498 if (length >= 0) 1499 length = simple_read_from_buffer(buf, count, ppos, page, length); 1500 free_page((unsigned long)page); 1501 1502 return length; 1503 } 1504 1505 static ssize_t sel_read_sidtab_hash_stats(struct file *filp, char __user *buf, 1506 size_t count, loff_t *ppos) 1507 { 1508 char *page; 1509 ssize_t length; 1510 1511 page = (char *)__get_free_page(GFP_KERNEL); 1512 if (!page) 1513 return -ENOMEM; 1514 1515 length = security_sidtab_hash_stats(page); 1516 if (length >= 0) 1517 length = simple_read_from_buffer(buf, count, ppos, page, 1518 length); 1519 free_page((unsigned long)page); 1520 1521 return length; 1522 } 1523 1524 static const struct file_operations sel_sidtab_hash_stats_ops = { 1525 .read = sel_read_sidtab_hash_stats, 1526 .llseek = generic_file_llseek, 1527 }; 1528 1529 static const struct file_operations sel_avc_cache_threshold_ops = { 1530 .read = sel_read_avc_cache_threshold, 1531 .write = sel_write_avc_cache_threshold, 1532 .llseek = generic_file_llseek, 1533 }; 1534 1535 static const struct file_operations sel_avc_hash_stats_ops = { 1536 .read = sel_read_avc_hash_stats, 1537 .llseek = generic_file_llseek, 1538 }; 1539 1540 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 1541 static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx) 1542 { 1543 int cpu; 1544 1545 for (cpu = *idx; cpu < nr_cpu_ids; ++cpu) { 1546 if (!cpu_possible(cpu)) 1547 continue; 1548 *idx = cpu + 1; 1549 return &per_cpu(avc_cache_stats, cpu); 1550 } 1551 (*idx)++; 1552 return NULL; 1553 } 1554 1555 static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos) 1556 { 1557 loff_t n = *pos - 1; 1558 1559 if (*pos == 0) 1560 return SEQ_START_TOKEN; 1561 1562 return sel_avc_get_stat_idx(&n); 1563 } 1564 1565 static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos) 1566 { 1567 return sel_avc_get_stat_idx(pos); 1568 } 1569 1570 static int sel_avc_stats_seq_show(struct seq_file *seq, void *v) 1571 { 1572 struct avc_cache_stats *st = v; 1573 1574 if (v == SEQ_START_TOKEN) { 1575 seq_puts(seq, 1576 "lookups hits misses allocations reclaims frees\n"); 1577 } else { 1578 unsigned int lookups = st->lookups; 1579 unsigned int misses = st->misses; 1580 unsigned int hits = lookups - misses; 1581 seq_printf(seq, "%u %u %u %u %u %u\n", lookups, 1582 hits, misses, st->allocations, 1583 st->reclaims, st->frees); 1584 } 1585 return 0; 1586 } 1587 1588 static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v) 1589 { } 1590 1591 static const struct seq_operations sel_avc_cache_stats_seq_ops = { 1592 .start = sel_avc_stats_seq_start, 1593 .next = sel_avc_stats_seq_next, 1594 .show = sel_avc_stats_seq_show, 1595 .stop = sel_avc_stats_seq_stop, 1596 }; 1597 1598 static int sel_open_avc_cache_stats(struct inode *inode, struct file *file) 1599 { 1600 return seq_open(file, &sel_avc_cache_stats_seq_ops); 1601 } 1602 1603 static const struct file_operations sel_avc_cache_stats_ops = { 1604 .open = sel_open_avc_cache_stats, 1605 .read = seq_read, 1606 .llseek = seq_lseek, 1607 .release = seq_release, 1608 }; 1609 #endif 1610 1611 static int sel_make_avc_files(struct dentry *dir) 1612 { 1613 struct super_block *sb = dir->d_sb; 1614 struct selinux_fs_info *fsi = sb->s_fs_info; 1615 int i; 1616 static const struct tree_descr files[] = { 1617 { "cache_threshold", 1618 &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR }, 1619 { "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO }, 1620 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 1621 { "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO }, 1622 #endif 1623 }; 1624 1625 for (i = 0; i < ARRAY_SIZE(files); i++) { 1626 struct inode *inode; 1627 struct dentry *dentry; 1628 1629 dentry = d_alloc_name(dir, files[i].name); 1630 if (!dentry) 1631 return -ENOMEM; 1632 1633 inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode); 1634 if (!inode) { 1635 dput(dentry); 1636 return -ENOMEM; 1637 } 1638 1639 inode->i_fop = files[i].ops; 1640 inode->i_ino = ++fsi->last_ino; 1641 d_add(dentry, inode); 1642 } 1643 1644 return 0; 1645 } 1646 1647 static int sel_make_ss_files(struct dentry *dir) 1648 { 1649 struct super_block *sb = dir->d_sb; 1650 struct selinux_fs_info *fsi = sb->s_fs_info; 1651 int i; 1652 static const struct tree_descr files[] = { 1653 { "sidtab_hash_stats", &sel_sidtab_hash_stats_ops, S_IRUGO }, 1654 }; 1655 1656 for (i = 0; i < ARRAY_SIZE(files); i++) { 1657 struct inode *inode; 1658 struct dentry *dentry; 1659 1660 dentry = d_alloc_name(dir, files[i].name); 1661 if (!dentry) 1662 return -ENOMEM; 1663 1664 inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode); 1665 if (!inode) { 1666 dput(dentry); 1667 return -ENOMEM; 1668 } 1669 1670 inode->i_fop = files[i].ops; 1671 inode->i_ino = ++fsi->last_ino; 1672 d_add(dentry, inode); 1673 } 1674 1675 return 0; 1676 } 1677 1678 static ssize_t sel_read_initcon(struct file *file, char __user *buf, 1679 size_t count, loff_t *ppos) 1680 { 1681 char *con; 1682 u32 sid, len; 1683 ssize_t ret; 1684 1685 sid = file_inode(file)->i_ino&SEL_INO_MASK; 1686 ret = security_sid_to_context(sid, &con, &len); 1687 if (ret) 1688 return ret; 1689 1690 ret = simple_read_from_buffer(buf, count, ppos, con, len); 1691 kfree(con); 1692 return ret; 1693 } 1694 1695 static const struct file_operations sel_initcon_ops = { 1696 .read = sel_read_initcon, 1697 .llseek = generic_file_llseek, 1698 }; 1699 1700 static int sel_make_initcon_files(struct dentry *dir) 1701 { 1702 int i; 1703 1704 for (i = 1; i <= SECINITSID_NUM; i++) { 1705 struct inode *inode; 1706 struct dentry *dentry; 1707 const char *s = security_get_initial_sid_context(i); 1708 1709 if (!s) 1710 continue; 1711 dentry = d_alloc_name(dir, s); 1712 if (!dentry) 1713 return -ENOMEM; 1714 1715 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1716 if (!inode) { 1717 dput(dentry); 1718 return -ENOMEM; 1719 } 1720 1721 inode->i_fop = &sel_initcon_ops; 1722 inode->i_ino = i|SEL_INITCON_INO_OFFSET; 1723 d_add(dentry, inode); 1724 } 1725 1726 return 0; 1727 } 1728 1729 static inline unsigned long sel_class_to_ino(u16 class) 1730 { 1731 return (class * (SEL_VEC_MAX + 1)) | SEL_CLASS_INO_OFFSET; 1732 } 1733 1734 static inline u16 sel_ino_to_class(unsigned long ino) 1735 { 1736 return (ino & SEL_INO_MASK) / (SEL_VEC_MAX + 1); 1737 } 1738 1739 static inline unsigned long sel_perm_to_ino(u16 class, u32 perm) 1740 { 1741 return (class * (SEL_VEC_MAX + 1) + perm) | SEL_CLASS_INO_OFFSET; 1742 } 1743 1744 static inline u32 sel_ino_to_perm(unsigned long ino) 1745 { 1746 return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1); 1747 } 1748 1749 static ssize_t sel_read_class(struct file *file, char __user *buf, 1750 size_t count, loff_t *ppos) 1751 { 1752 unsigned long ino = file_inode(file)->i_ino; 1753 char res[TMPBUFLEN]; 1754 ssize_t len = scnprintf(res, sizeof(res), "%d", sel_ino_to_class(ino)); 1755 return simple_read_from_buffer(buf, count, ppos, res, len); 1756 } 1757 1758 static const struct file_operations sel_class_ops = { 1759 .read = sel_read_class, 1760 .llseek = generic_file_llseek, 1761 }; 1762 1763 static ssize_t sel_read_perm(struct file *file, char __user *buf, 1764 size_t count, loff_t *ppos) 1765 { 1766 unsigned long ino = file_inode(file)->i_ino; 1767 char res[TMPBUFLEN]; 1768 ssize_t len = scnprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino)); 1769 return simple_read_from_buffer(buf, count, ppos, res, len); 1770 } 1771 1772 static const struct file_operations sel_perm_ops = { 1773 .read = sel_read_perm, 1774 .llseek = generic_file_llseek, 1775 }; 1776 1777 static ssize_t sel_read_policycap(struct file *file, char __user *buf, 1778 size_t count, loff_t *ppos) 1779 { 1780 int value; 1781 char tmpbuf[TMPBUFLEN]; 1782 ssize_t length; 1783 unsigned long i_ino = file_inode(file)->i_ino; 1784 1785 value = security_policycap_supported(i_ino & SEL_INO_MASK); 1786 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value); 1787 1788 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 1789 } 1790 1791 static const struct file_operations sel_policycap_ops = { 1792 .read = sel_read_policycap, 1793 .llseek = generic_file_llseek, 1794 }; 1795 1796 static int sel_make_perm_files(struct selinux_policy *newpolicy, 1797 char *objclass, int classvalue, 1798 struct dentry *dir) 1799 { 1800 int i, rc, nperms; 1801 char **perms; 1802 1803 rc = security_get_permissions(newpolicy, objclass, &perms, &nperms); 1804 if (rc) 1805 return rc; 1806 1807 for (i = 0; i < nperms; i++) { 1808 struct inode *inode; 1809 struct dentry *dentry; 1810 1811 rc = -ENOMEM; 1812 dentry = d_alloc_name(dir, perms[i]); 1813 if (!dentry) 1814 goto out; 1815 1816 rc = -ENOMEM; 1817 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1818 if (!inode) { 1819 dput(dentry); 1820 goto out; 1821 } 1822 1823 inode->i_fop = &sel_perm_ops; 1824 /* i+1 since perm values are 1-indexed */ 1825 inode->i_ino = sel_perm_to_ino(classvalue, i + 1); 1826 d_add(dentry, inode); 1827 } 1828 rc = 0; 1829 out: 1830 for (i = 0; i < nperms; i++) 1831 kfree(perms[i]); 1832 kfree(perms); 1833 return rc; 1834 } 1835 1836 static int sel_make_class_dir_entries(struct selinux_policy *newpolicy, 1837 char *classname, int index, 1838 struct dentry *dir) 1839 { 1840 struct super_block *sb = dir->d_sb; 1841 struct selinux_fs_info *fsi = sb->s_fs_info; 1842 struct dentry *dentry = NULL; 1843 struct inode *inode = NULL; 1844 1845 dentry = d_alloc_name(dir, "index"); 1846 if (!dentry) 1847 return -ENOMEM; 1848 1849 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1850 if (!inode) { 1851 dput(dentry); 1852 return -ENOMEM; 1853 } 1854 1855 inode->i_fop = &sel_class_ops; 1856 inode->i_ino = sel_class_to_ino(index); 1857 d_add(dentry, inode); 1858 1859 dentry = sel_make_dir(dir, "perms", &fsi->last_class_ino); 1860 if (IS_ERR(dentry)) 1861 return PTR_ERR(dentry); 1862 1863 return sel_make_perm_files(newpolicy, classname, index, dentry); 1864 } 1865 1866 static int sel_make_classes(struct selinux_policy *newpolicy, 1867 struct dentry *class_dir, 1868 unsigned long *last_class_ino) 1869 { 1870 1871 int rc, nclasses, i; 1872 char **classes; 1873 1874 rc = security_get_classes(newpolicy, &classes, &nclasses); 1875 if (rc) 1876 return rc; 1877 1878 /* +2 since classes are 1-indexed */ 1879 *last_class_ino = sel_class_to_ino(nclasses + 2); 1880 1881 for (i = 0; i < nclasses; i++) { 1882 struct dentry *class_name_dir; 1883 1884 class_name_dir = sel_make_dir(class_dir, classes[i], 1885 last_class_ino); 1886 if (IS_ERR(class_name_dir)) { 1887 rc = PTR_ERR(class_name_dir); 1888 goto out; 1889 } 1890 1891 /* i+1 since class values are 1-indexed */ 1892 rc = sel_make_class_dir_entries(newpolicy, classes[i], i + 1, 1893 class_name_dir); 1894 if (rc) 1895 goto out; 1896 } 1897 rc = 0; 1898 out: 1899 for (i = 0; i < nclasses; i++) 1900 kfree(classes[i]); 1901 kfree(classes); 1902 return rc; 1903 } 1904 1905 static int sel_make_policycap(struct selinux_fs_info *fsi) 1906 { 1907 unsigned int iter; 1908 struct dentry *dentry = NULL; 1909 struct inode *inode = NULL; 1910 1911 for (iter = 0; iter <= POLICYDB_CAP_MAX; iter++) { 1912 if (iter < ARRAY_SIZE(selinux_policycap_names)) 1913 dentry = d_alloc_name(fsi->policycap_dir, 1914 selinux_policycap_names[iter]); 1915 else 1916 dentry = d_alloc_name(fsi->policycap_dir, "unknown"); 1917 1918 if (dentry == NULL) 1919 return -ENOMEM; 1920 1921 inode = sel_make_inode(fsi->sb, S_IFREG | 0444); 1922 if (inode == NULL) { 1923 dput(dentry); 1924 return -ENOMEM; 1925 } 1926 1927 inode->i_fop = &sel_policycap_ops; 1928 inode->i_ino = iter | SEL_POLICYCAP_INO_OFFSET; 1929 d_add(dentry, inode); 1930 } 1931 1932 return 0; 1933 } 1934 1935 static struct dentry *sel_make_dir(struct dentry *dir, const char *name, 1936 unsigned long *ino) 1937 { 1938 struct dentry *dentry = d_alloc_name(dir, name); 1939 struct inode *inode; 1940 1941 if (!dentry) 1942 return ERR_PTR(-ENOMEM); 1943 1944 inode = sel_make_inode(dir->d_sb, S_IFDIR | S_IRUGO | S_IXUGO); 1945 if (!inode) { 1946 dput(dentry); 1947 return ERR_PTR(-ENOMEM); 1948 } 1949 1950 inode->i_op = &simple_dir_inode_operations; 1951 inode->i_fop = &simple_dir_operations; 1952 inode->i_ino = ++(*ino); 1953 /* directory inodes start off with i_nlink == 2 (for "." entry) */ 1954 inc_nlink(inode); 1955 d_add(dentry, inode); 1956 /* bump link count on parent directory, too */ 1957 inc_nlink(d_inode(dir)); 1958 1959 return dentry; 1960 } 1961 1962 static struct dentry *sel_make_disconnected_dir(struct super_block *sb, 1963 unsigned long *ino) 1964 { 1965 struct inode *inode = sel_make_inode(sb, S_IFDIR | S_IRUGO | S_IXUGO); 1966 1967 if (!inode) 1968 return ERR_PTR(-ENOMEM); 1969 1970 inode->i_op = &simple_dir_inode_operations; 1971 inode->i_fop = &simple_dir_operations; 1972 inode->i_ino = ++(*ino); 1973 /* directory inodes start off with i_nlink == 2 (for "." entry) */ 1974 inc_nlink(inode); 1975 return d_obtain_alias(inode); 1976 } 1977 1978 #define NULL_FILE_NAME "null" 1979 1980 static int sel_fill_super(struct super_block *sb, struct fs_context *fc) 1981 { 1982 struct selinux_fs_info *fsi; 1983 int ret; 1984 struct dentry *dentry; 1985 struct inode *inode; 1986 struct inode_security_struct *isec; 1987 1988 static const struct tree_descr selinux_files[] = { 1989 [SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR}, 1990 [SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR}, 1991 [SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO}, 1992 [SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO}, 1993 [SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO}, 1994 [SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO}, 1995 [SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO}, 1996 [SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO}, 1997 [SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR}, 1998 [SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO}, 1999 [SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR}, 2000 [SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO}, 2001 [SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR}, 2002 [SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO}, 2003 [SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO}, 2004 [SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO}, 2005 [SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO}, 2006 [SEL_VALIDATE_TRANS] = {"validatetrans", &sel_transition_ops, 2007 S_IWUGO}, 2008 /* last one */ {""} 2009 }; 2010 2011 ret = selinux_fs_info_create(sb); 2012 if (ret) 2013 goto err; 2014 2015 ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files); 2016 if (ret) 2017 goto err; 2018 2019 fsi = sb->s_fs_info; 2020 fsi->bool_dir = sel_make_dir(sb->s_root, BOOL_DIR_NAME, &fsi->last_ino); 2021 if (IS_ERR(fsi->bool_dir)) { 2022 ret = PTR_ERR(fsi->bool_dir); 2023 fsi->bool_dir = NULL; 2024 goto err; 2025 } 2026 2027 ret = -ENOMEM; 2028 dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME); 2029 if (!dentry) 2030 goto err; 2031 2032 ret = -ENOMEM; 2033 inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO); 2034 if (!inode) { 2035 dput(dentry); 2036 goto err; 2037 } 2038 2039 inode->i_ino = ++fsi->last_ino; 2040 isec = selinux_inode(inode); 2041 isec->sid = SECINITSID_DEVNULL; 2042 isec->sclass = SECCLASS_CHR_FILE; 2043 isec->initialized = LABEL_INITIALIZED; 2044 2045 init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3)); 2046 d_add(dentry, inode); 2047 2048 dentry = sel_make_dir(sb->s_root, "avc", &fsi->last_ino); 2049 if (IS_ERR(dentry)) { 2050 ret = PTR_ERR(dentry); 2051 goto err; 2052 } 2053 2054 ret = sel_make_avc_files(dentry); 2055 if (ret) 2056 goto err; 2057 2058 dentry = sel_make_dir(sb->s_root, "ss", &fsi->last_ino); 2059 if (IS_ERR(dentry)) { 2060 ret = PTR_ERR(dentry); 2061 goto err; 2062 } 2063 2064 ret = sel_make_ss_files(dentry); 2065 if (ret) 2066 goto err; 2067 2068 dentry = sel_make_dir(sb->s_root, "initial_contexts", &fsi->last_ino); 2069 if (IS_ERR(dentry)) { 2070 ret = PTR_ERR(dentry); 2071 goto err; 2072 } 2073 2074 ret = sel_make_initcon_files(dentry); 2075 if (ret) 2076 goto err; 2077 2078 fsi->class_dir = sel_make_dir(sb->s_root, CLASS_DIR_NAME, &fsi->last_ino); 2079 if (IS_ERR(fsi->class_dir)) { 2080 ret = PTR_ERR(fsi->class_dir); 2081 fsi->class_dir = NULL; 2082 goto err; 2083 } 2084 2085 fsi->policycap_dir = sel_make_dir(sb->s_root, POLICYCAP_DIR_NAME, 2086 &fsi->last_ino); 2087 if (IS_ERR(fsi->policycap_dir)) { 2088 ret = PTR_ERR(fsi->policycap_dir); 2089 fsi->policycap_dir = NULL; 2090 goto err; 2091 } 2092 2093 ret = sel_make_policycap(fsi); 2094 if (ret) { 2095 pr_err("SELinux: failed to load policy capabilities\n"); 2096 goto err; 2097 } 2098 2099 return 0; 2100 err: 2101 pr_err("SELinux: %s: failed while creating inodes\n", 2102 __func__); 2103 2104 selinux_fs_info_free(sb); 2105 2106 return ret; 2107 } 2108 2109 static int sel_get_tree(struct fs_context *fc) 2110 { 2111 return get_tree_single(fc, sel_fill_super); 2112 } 2113 2114 static const struct fs_context_operations sel_context_ops = { 2115 .get_tree = sel_get_tree, 2116 }; 2117 2118 static int sel_init_fs_context(struct fs_context *fc) 2119 { 2120 fc->ops = &sel_context_ops; 2121 return 0; 2122 } 2123 2124 static void sel_kill_sb(struct super_block *sb) 2125 { 2126 selinux_fs_info_free(sb); 2127 kill_litter_super(sb); 2128 } 2129 2130 static struct file_system_type sel_fs_type = { 2131 .name = "selinuxfs", 2132 .init_fs_context = sel_init_fs_context, 2133 .kill_sb = sel_kill_sb, 2134 }; 2135 2136 static struct vfsmount *selinuxfs_mount __ro_after_init; 2137 struct path selinux_null __ro_after_init; 2138 2139 static int __init init_sel_fs(void) 2140 { 2141 struct qstr null_name = QSTR_INIT(NULL_FILE_NAME, 2142 sizeof(NULL_FILE_NAME)-1); 2143 int err; 2144 2145 if (!selinux_enabled_boot) 2146 return 0; 2147 2148 err = sysfs_create_mount_point(fs_kobj, "selinux"); 2149 if (err) 2150 return err; 2151 2152 err = register_filesystem(&sel_fs_type); 2153 if (err) { 2154 sysfs_remove_mount_point(fs_kobj, "selinux"); 2155 return err; 2156 } 2157 2158 selinux_null.mnt = selinuxfs_mount = kern_mount(&sel_fs_type); 2159 if (IS_ERR(selinuxfs_mount)) { 2160 pr_err("selinuxfs: could not mount!\n"); 2161 err = PTR_ERR(selinuxfs_mount); 2162 selinuxfs_mount = NULL; 2163 } 2164 selinux_null.dentry = d_hash_and_lookup(selinux_null.mnt->mnt_root, 2165 &null_name); 2166 if (IS_ERR(selinux_null.dentry)) { 2167 pr_err("selinuxfs: could not lookup null!\n"); 2168 err = PTR_ERR(selinux_null.dentry); 2169 selinux_null.dentry = NULL; 2170 } 2171 2172 return err; 2173 } 2174 2175 __initcall(init_sel_fs); 2176