1 // SPDX-License-Identifier: GPL-2.0-only 2 /* Updated: Karl MacMillan <kmacmillan@tresys.com> 3 * 4 * Added conditional policy language extensions 5 * 6 * Updated: Hewlett-Packard <paul@paul-moore.com> 7 * 8 * Added support for the policy capability bitmap 9 * 10 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 11 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 12 * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 13 */ 14 15 #include <linux/kernel.h> 16 #include <linux/pagemap.h> 17 #include <linux/slab.h> 18 #include <linux/vmalloc.h> 19 #include <linux/fs.h> 20 #include <linux/fs_context.h> 21 #include <linux/mount.h> 22 #include <linux/mutex.h> 23 #include <linux/namei.h> 24 #include <linux/init.h> 25 #include <linux/string.h> 26 #include <linux/security.h> 27 #include <linux/major.h> 28 #include <linux/seq_file.h> 29 #include <linux/percpu.h> 30 #include <linux/audit.h> 31 #include <linux/uaccess.h> 32 #include <linux/kobject.h> 33 #include <linux/ctype.h> 34 35 /* selinuxfs pseudo filesystem for exporting the security policy API. 36 Based on the proc code and the fs/nfsd/nfsctl.c code. */ 37 38 #include "flask.h" 39 #include "avc.h" 40 #include "avc_ss.h" 41 #include "security.h" 42 #include "objsec.h" 43 #include "conditional.h" 44 #include "ima.h" 45 46 enum sel_inos { 47 SEL_ROOT_INO = 2, 48 SEL_LOAD, /* load policy */ 49 SEL_ENFORCE, /* get or set enforcing status */ 50 SEL_CONTEXT, /* validate context */ 51 SEL_ACCESS, /* compute access decision */ 52 SEL_CREATE, /* compute create labeling decision */ 53 SEL_RELABEL, /* compute relabeling decision */ 54 SEL_USER, /* compute reachable user contexts */ 55 SEL_POLICYVERS, /* return policy version for this kernel */ 56 SEL_COMMIT_BOOLS, /* commit new boolean values */ 57 SEL_MLS, /* return if MLS policy is enabled */ 58 SEL_DISABLE, /* disable SELinux until next reboot */ 59 SEL_MEMBER, /* compute polyinstantiation membership decision */ 60 SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */ 61 SEL_COMPAT_NET, /* whether to use old compat network packet controls */ 62 SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */ 63 SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */ 64 SEL_STATUS, /* export current status using mmap() */ 65 SEL_POLICY, /* allow userspace to read the in kernel policy */ 66 SEL_VALIDATE_TRANS, /* compute validatetrans decision */ 67 SEL_INO_NEXT, /* The next inode number to use */ 68 }; 69 70 struct selinux_fs_info { 71 struct dentry *bool_dir; 72 unsigned int bool_num; 73 char **bool_pending_names; 74 int *bool_pending_values; 75 struct dentry *class_dir; 76 unsigned long last_class_ino; 77 bool policy_opened; 78 struct dentry *policycap_dir; 79 unsigned long last_ino; 80 struct super_block *sb; 81 }; 82 83 static int selinux_fs_info_create(struct super_block *sb) 84 { 85 struct selinux_fs_info *fsi; 86 87 fsi = kzalloc(sizeof(*fsi), GFP_KERNEL); 88 if (!fsi) 89 return -ENOMEM; 90 91 fsi->last_ino = SEL_INO_NEXT - 1; 92 fsi->sb = sb; 93 sb->s_fs_info = fsi; 94 return 0; 95 } 96 97 static void selinux_fs_info_free(struct super_block *sb) 98 { 99 struct selinux_fs_info *fsi = sb->s_fs_info; 100 unsigned int i; 101 102 if (fsi) { 103 for (i = 0; i < fsi->bool_num; i++) 104 kfree(fsi->bool_pending_names[i]); 105 kfree(fsi->bool_pending_names); 106 kfree(fsi->bool_pending_values); 107 } 108 kfree(sb->s_fs_info); 109 sb->s_fs_info = NULL; 110 } 111 112 #define SEL_INITCON_INO_OFFSET 0x01000000 113 #define SEL_BOOL_INO_OFFSET 0x02000000 114 #define SEL_CLASS_INO_OFFSET 0x04000000 115 #define SEL_POLICYCAP_INO_OFFSET 0x08000000 116 #define SEL_INO_MASK 0x00ffffff 117 118 #define BOOL_DIR_NAME "booleans" 119 #define CLASS_DIR_NAME "class" 120 #define POLICYCAP_DIR_NAME "policy_capabilities" 121 122 #define TMPBUFLEN 12 123 static ssize_t sel_read_enforce(struct file *filp, char __user *buf, 124 size_t count, loff_t *ppos) 125 { 126 char tmpbuf[TMPBUFLEN]; 127 ssize_t length; 128 129 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", 130 enforcing_enabled()); 131 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 132 } 133 134 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP 135 static ssize_t sel_write_enforce(struct file *file, const char __user *buf, 136 size_t count, loff_t *ppos) 137 138 { 139 char *page = NULL; 140 ssize_t length; 141 int scan_value; 142 bool old_value, new_value; 143 144 if (count >= PAGE_SIZE) 145 return -ENOMEM; 146 147 /* No partial writes. */ 148 if (*ppos != 0) 149 return -EINVAL; 150 151 page = memdup_user_nul(buf, count); 152 if (IS_ERR(page)) 153 return PTR_ERR(page); 154 155 length = -EINVAL; 156 if (sscanf(page, "%d", &scan_value) != 1) 157 goto out; 158 159 new_value = !!scan_value; 160 161 old_value = enforcing_enabled(); 162 if (new_value != old_value) { 163 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 164 SECCLASS_SECURITY, SECURITY__SETENFORCE, 165 NULL); 166 if (length) 167 goto out; 168 audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS, 169 "enforcing=%d old_enforcing=%d auid=%u ses=%u" 170 " enabled=1 old-enabled=1 lsm=selinux res=1", 171 new_value, old_value, 172 from_kuid(&init_user_ns, audit_get_loginuid(current)), 173 audit_get_sessionid(current)); 174 enforcing_set(new_value); 175 if (new_value) 176 avc_ss_reset(0); 177 selnl_notify_setenforce(new_value); 178 selinux_status_update_setenforce(new_value); 179 if (!new_value) 180 call_blocking_lsm_notifier(LSM_POLICY_CHANGE, NULL); 181 182 selinux_ima_measure_state(); 183 } 184 length = count; 185 out: 186 kfree(page); 187 return length; 188 } 189 #else 190 #define sel_write_enforce NULL 191 #endif 192 193 static const struct file_operations sel_enforce_ops = { 194 .read = sel_read_enforce, 195 .write = sel_write_enforce, 196 .llseek = generic_file_llseek, 197 }; 198 199 static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf, 200 size_t count, loff_t *ppos) 201 { 202 char tmpbuf[TMPBUFLEN]; 203 ssize_t length; 204 ino_t ino = file_inode(filp)->i_ino; 205 int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ? 206 security_get_reject_unknown() : 207 !security_get_allow_unknown(); 208 209 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown); 210 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 211 } 212 213 static const struct file_operations sel_handle_unknown_ops = { 214 .read = sel_read_handle_unknown, 215 .llseek = generic_file_llseek, 216 }; 217 218 static int sel_open_handle_status(struct inode *inode, struct file *filp) 219 { 220 struct page *status = selinux_kernel_status_page(); 221 222 if (!status) 223 return -ENOMEM; 224 225 filp->private_data = status; 226 227 return 0; 228 } 229 230 static ssize_t sel_read_handle_status(struct file *filp, char __user *buf, 231 size_t count, loff_t *ppos) 232 { 233 struct page *status = filp->private_data; 234 235 BUG_ON(!status); 236 237 return simple_read_from_buffer(buf, count, ppos, 238 page_address(status), 239 sizeof(struct selinux_kernel_status)); 240 } 241 242 static int sel_mmap_handle_status(struct file *filp, 243 struct vm_area_struct *vma) 244 { 245 struct page *status = filp->private_data; 246 unsigned long size = vma->vm_end - vma->vm_start; 247 248 BUG_ON(!status); 249 250 /* only allows one page from the head */ 251 if (vma->vm_pgoff > 0 || size != PAGE_SIZE) 252 return -EIO; 253 /* disallow writable mapping */ 254 if (vma->vm_flags & VM_WRITE) 255 return -EPERM; 256 /* disallow mprotect() turns it into writable */ 257 vm_flags_clear(vma, VM_MAYWRITE); 258 259 return remap_pfn_range(vma, vma->vm_start, 260 page_to_pfn(status), 261 size, vma->vm_page_prot); 262 } 263 264 static const struct file_operations sel_handle_status_ops = { 265 .open = sel_open_handle_status, 266 .read = sel_read_handle_status, 267 .mmap = sel_mmap_handle_status, 268 .llseek = generic_file_llseek, 269 }; 270 271 static ssize_t sel_write_disable(struct file *file, const char __user *buf, 272 size_t count, loff_t *ppos) 273 274 { 275 char *page; 276 ssize_t length; 277 int new_value; 278 279 if (count >= PAGE_SIZE) 280 return -ENOMEM; 281 282 /* No partial writes. */ 283 if (*ppos != 0) 284 return -EINVAL; 285 286 page = memdup_user_nul(buf, count); 287 if (IS_ERR(page)) 288 return PTR_ERR(page); 289 290 if (sscanf(page, "%d", &new_value) != 1) { 291 length = -EINVAL; 292 goto out; 293 } 294 length = count; 295 296 if (new_value) { 297 pr_err("SELinux: https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-runtime-disable\n"); 298 pr_err("SELinux: Runtime disable is not supported, use selinux=0 on the kernel cmdline.\n"); 299 } 300 301 out: 302 kfree(page); 303 return length; 304 } 305 306 static const struct file_operations sel_disable_ops = { 307 .write = sel_write_disable, 308 .llseek = generic_file_llseek, 309 }; 310 311 static ssize_t sel_read_policyvers(struct file *filp, char __user *buf, 312 size_t count, loff_t *ppos) 313 { 314 char tmpbuf[TMPBUFLEN]; 315 ssize_t length; 316 317 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX); 318 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 319 } 320 321 static const struct file_operations sel_policyvers_ops = { 322 .read = sel_read_policyvers, 323 .llseek = generic_file_llseek, 324 }; 325 326 /* declaration for sel_write_load */ 327 static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_dir, 328 unsigned int *bool_num, char ***bool_pending_names, 329 int **bool_pending_values); 330 static int sel_make_classes(struct selinux_policy *newpolicy, 331 struct dentry *class_dir, 332 unsigned long *last_class_ino); 333 334 /* declaration for sel_make_class_dirs */ 335 static struct dentry *sel_make_dir(struct dentry *dir, const char *name, 336 unsigned long *ino); 337 338 /* declaration for sel_make_policy_nodes */ 339 static struct dentry *sel_make_swapover_dir(struct super_block *sb, 340 unsigned long *ino); 341 342 static ssize_t sel_read_mls(struct file *filp, char __user *buf, 343 size_t count, loff_t *ppos) 344 { 345 char tmpbuf[TMPBUFLEN]; 346 ssize_t length; 347 348 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", 349 security_mls_enabled()); 350 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 351 } 352 353 static const struct file_operations sel_mls_ops = { 354 .read = sel_read_mls, 355 .llseek = generic_file_llseek, 356 }; 357 358 struct policy_load_memory { 359 size_t len; 360 void *data; 361 }; 362 363 static int sel_open_policy(struct inode *inode, struct file *filp) 364 { 365 struct selinux_fs_info *fsi = inode->i_sb->s_fs_info; 366 struct policy_load_memory *plm = NULL; 367 int rc; 368 369 BUG_ON(filp->private_data); 370 371 mutex_lock(&selinux_state.policy_mutex); 372 373 rc = avc_has_perm(current_sid(), SECINITSID_SECURITY, 374 SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL); 375 if (rc) 376 goto err; 377 378 rc = -EBUSY; 379 if (fsi->policy_opened) 380 goto err; 381 382 rc = -ENOMEM; 383 plm = kzalloc(sizeof(*plm), GFP_KERNEL); 384 if (!plm) 385 goto err; 386 387 rc = security_read_policy(&plm->data, &plm->len); 388 if (rc) 389 goto err; 390 391 if ((size_t)i_size_read(inode) != plm->len) { 392 inode_lock(inode); 393 i_size_write(inode, plm->len); 394 inode_unlock(inode); 395 } 396 397 fsi->policy_opened = 1; 398 399 filp->private_data = plm; 400 401 mutex_unlock(&selinux_state.policy_mutex); 402 403 return 0; 404 err: 405 mutex_unlock(&selinux_state.policy_mutex); 406 407 if (plm) 408 vfree(plm->data); 409 kfree(plm); 410 return rc; 411 } 412 413 static int sel_release_policy(struct inode *inode, struct file *filp) 414 { 415 struct selinux_fs_info *fsi = inode->i_sb->s_fs_info; 416 struct policy_load_memory *plm = filp->private_data; 417 418 BUG_ON(!plm); 419 420 fsi->policy_opened = 0; 421 422 vfree(plm->data); 423 kfree(plm); 424 425 return 0; 426 } 427 428 static ssize_t sel_read_policy(struct file *filp, char __user *buf, 429 size_t count, loff_t *ppos) 430 { 431 struct policy_load_memory *plm = filp->private_data; 432 int ret; 433 434 ret = avc_has_perm(current_sid(), SECINITSID_SECURITY, 435 SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL); 436 if (ret) 437 return ret; 438 439 return simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); 440 } 441 442 static vm_fault_t sel_mmap_policy_fault(struct vm_fault *vmf) 443 { 444 struct policy_load_memory *plm = vmf->vma->vm_file->private_data; 445 unsigned long offset; 446 struct page *page; 447 448 if (vmf->flags & (FAULT_FLAG_MKWRITE | FAULT_FLAG_WRITE)) 449 return VM_FAULT_SIGBUS; 450 451 offset = vmf->pgoff << PAGE_SHIFT; 452 if (offset >= roundup(plm->len, PAGE_SIZE)) 453 return VM_FAULT_SIGBUS; 454 455 page = vmalloc_to_page(plm->data + offset); 456 get_page(page); 457 458 vmf->page = page; 459 460 return 0; 461 } 462 463 static const struct vm_operations_struct sel_mmap_policy_ops = { 464 .fault = sel_mmap_policy_fault, 465 .page_mkwrite = sel_mmap_policy_fault, 466 }; 467 468 static int sel_mmap_policy(struct file *filp, struct vm_area_struct *vma) 469 { 470 if (vma->vm_flags & VM_SHARED) { 471 /* do not allow mprotect to make mapping writable */ 472 vm_flags_clear(vma, VM_MAYWRITE); 473 474 if (vma->vm_flags & VM_WRITE) 475 return -EACCES; 476 } 477 478 vm_flags_set(vma, VM_DONTEXPAND | VM_DONTDUMP); 479 vma->vm_ops = &sel_mmap_policy_ops; 480 481 return 0; 482 } 483 484 static const struct file_operations sel_policy_ops = { 485 .open = sel_open_policy, 486 .read = sel_read_policy, 487 .mmap = sel_mmap_policy, 488 .release = sel_release_policy, 489 .llseek = generic_file_llseek, 490 }; 491 492 static void sel_remove_old_bool_data(unsigned int bool_num, char **bool_names, 493 int *bool_values) 494 { 495 u32 i; 496 497 /* bool_dir cleanup */ 498 for (i = 0; i < bool_num; i++) 499 kfree(bool_names[i]); 500 kfree(bool_names); 501 kfree(bool_values); 502 } 503 504 static int sel_make_policy_nodes(struct selinux_fs_info *fsi, 505 struct selinux_policy *newpolicy) 506 { 507 int ret = 0; 508 struct dentry *tmp_parent, *tmp_bool_dir, *tmp_class_dir; 509 unsigned int bool_num = 0; 510 char **bool_names = NULL; 511 int *bool_values = NULL; 512 unsigned long tmp_ino = fsi->last_ino; /* Don't increment last_ino in this function */ 513 514 tmp_parent = sel_make_swapover_dir(fsi->sb, &tmp_ino); 515 if (IS_ERR(tmp_parent)) 516 return PTR_ERR(tmp_parent); 517 518 tmp_ino = fsi->bool_dir->d_inode->i_ino - 1; /* sel_make_dir will increment and set */ 519 tmp_bool_dir = sel_make_dir(tmp_parent, BOOL_DIR_NAME, &tmp_ino); 520 if (IS_ERR(tmp_bool_dir)) { 521 ret = PTR_ERR(tmp_bool_dir); 522 goto out; 523 } 524 525 tmp_ino = fsi->class_dir->d_inode->i_ino - 1; /* sel_make_dir will increment and set */ 526 tmp_class_dir = sel_make_dir(tmp_parent, CLASS_DIR_NAME, &tmp_ino); 527 if (IS_ERR(tmp_class_dir)) { 528 ret = PTR_ERR(tmp_class_dir); 529 goto out; 530 } 531 532 ret = sel_make_bools(newpolicy, tmp_bool_dir, &bool_num, 533 &bool_names, &bool_values); 534 if (ret) 535 goto out; 536 537 ret = sel_make_classes(newpolicy, tmp_class_dir, 538 &fsi->last_class_ino); 539 if (ret) 540 goto out; 541 542 lock_rename(tmp_parent, fsi->sb->s_root); 543 544 /* booleans */ 545 d_exchange(tmp_bool_dir, fsi->bool_dir); 546 547 swap(fsi->bool_num, bool_num); 548 swap(fsi->bool_pending_names, bool_names); 549 swap(fsi->bool_pending_values, bool_values); 550 551 fsi->bool_dir = tmp_bool_dir; 552 553 /* classes */ 554 d_exchange(tmp_class_dir, fsi->class_dir); 555 fsi->class_dir = tmp_class_dir; 556 557 unlock_rename(tmp_parent, fsi->sb->s_root); 558 559 out: 560 sel_remove_old_bool_data(bool_num, bool_names, bool_values); 561 /* Since the other temporary dirs are children of tmp_parent 562 * this will handle all the cleanup in the case of a failure before 563 * the swapover 564 */ 565 simple_recursive_removal(tmp_parent, NULL); 566 567 return ret; 568 } 569 570 static ssize_t sel_write_load(struct file *file, const char __user *buf, 571 size_t count, loff_t *ppos) 572 573 { 574 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 575 struct selinux_load_state load_state; 576 ssize_t length; 577 void *data = NULL; 578 579 mutex_lock(&selinux_state.policy_mutex); 580 581 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 582 SECCLASS_SECURITY, SECURITY__LOAD_POLICY, NULL); 583 if (length) 584 goto out; 585 586 /* No partial writes. */ 587 length = -EINVAL; 588 if (*ppos != 0) 589 goto out; 590 591 length = -ENOMEM; 592 data = vmalloc(count); 593 if (!data) 594 goto out; 595 596 length = -EFAULT; 597 if (copy_from_user(data, buf, count) != 0) 598 goto out; 599 600 length = security_load_policy(data, count, &load_state); 601 if (length) { 602 pr_warn_ratelimited("SELinux: failed to load policy\n"); 603 goto out; 604 } 605 606 length = sel_make_policy_nodes(fsi, load_state.policy); 607 if (length) { 608 pr_warn_ratelimited("SELinux: failed to initialize selinuxfs\n"); 609 selinux_policy_cancel(&load_state); 610 goto out; 611 } 612 613 selinux_policy_commit(&load_state); 614 615 length = count; 616 617 audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, 618 "auid=%u ses=%u lsm=selinux res=1", 619 from_kuid(&init_user_ns, audit_get_loginuid(current)), 620 audit_get_sessionid(current)); 621 out: 622 mutex_unlock(&selinux_state.policy_mutex); 623 vfree(data); 624 return length; 625 } 626 627 static const struct file_operations sel_load_ops = { 628 .write = sel_write_load, 629 .llseek = generic_file_llseek, 630 }; 631 632 static ssize_t sel_write_context(struct file *file, char *buf, size_t size) 633 { 634 char *canon = NULL; 635 u32 sid, len; 636 ssize_t length; 637 638 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 639 SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, NULL); 640 if (length) 641 goto out; 642 643 length = security_context_to_sid(buf, size, &sid, GFP_KERNEL); 644 if (length) 645 goto out; 646 647 length = security_sid_to_context(sid, &canon, &len); 648 if (length) 649 goto out; 650 651 length = -ERANGE; 652 if (len > SIMPLE_TRANSACTION_LIMIT) { 653 pr_err("SELinux: %s: context size (%u) exceeds " 654 "payload max\n", __func__, len); 655 goto out; 656 } 657 658 memcpy(buf, canon, len); 659 length = len; 660 out: 661 kfree(canon); 662 return length; 663 } 664 665 static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf, 666 size_t count, loff_t *ppos) 667 { 668 char tmpbuf[TMPBUFLEN]; 669 ssize_t length; 670 671 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", 672 checkreqprot_get()); 673 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 674 } 675 676 static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, 677 size_t count, loff_t *ppos) 678 { 679 char *page; 680 ssize_t length; 681 unsigned int new_value; 682 683 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 684 SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT, 685 NULL); 686 if (length) 687 return length; 688 689 if (count >= PAGE_SIZE) 690 return -ENOMEM; 691 692 /* No partial writes. */ 693 if (*ppos != 0) 694 return -EINVAL; 695 696 page = memdup_user_nul(buf, count); 697 if (IS_ERR(page)) 698 return PTR_ERR(page); 699 700 if (sscanf(page, "%u", &new_value) != 1) { 701 length = -EINVAL; 702 goto out; 703 } 704 length = count; 705 706 if (new_value) { 707 char comm[sizeof(current->comm)]; 708 709 memcpy(comm, current->comm, sizeof(comm)); 710 pr_err("SELinux: %s (%d) set checkreqprot to 1. This is no longer supported.\n", 711 comm, current->pid); 712 } 713 714 selinux_ima_measure_state(); 715 716 out: 717 kfree(page); 718 return length; 719 } 720 static const struct file_operations sel_checkreqprot_ops = { 721 .read = sel_read_checkreqprot, 722 .write = sel_write_checkreqprot, 723 .llseek = generic_file_llseek, 724 }; 725 726 static ssize_t sel_write_validatetrans(struct file *file, 727 const char __user *buf, 728 size_t count, loff_t *ppos) 729 { 730 char *oldcon = NULL, *newcon = NULL, *taskcon = NULL; 731 char *req = NULL; 732 u32 osid, nsid, tsid; 733 u16 tclass; 734 int rc; 735 736 rc = avc_has_perm(current_sid(), SECINITSID_SECURITY, 737 SECCLASS_SECURITY, SECURITY__VALIDATE_TRANS, NULL); 738 if (rc) 739 goto out; 740 741 rc = -ENOMEM; 742 if (count >= PAGE_SIZE) 743 goto out; 744 745 /* No partial writes. */ 746 rc = -EINVAL; 747 if (*ppos != 0) 748 goto out; 749 750 req = memdup_user_nul(buf, count); 751 if (IS_ERR(req)) { 752 rc = PTR_ERR(req); 753 req = NULL; 754 goto out; 755 } 756 757 rc = -ENOMEM; 758 oldcon = kzalloc(count + 1, GFP_KERNEL); 759 if (!oldcon) 760 goto out; 761 762 newcon = kzalloc(count + 1, GFP_KERNEL); 763 if (!newcon) 764 goto out; 765 766 taskcon = kzalloc(count + 1, GFP_KERNEL); 767 if (!taskcon) 768 goto out; 769 770 rc = -EINVAL; 771 if (sscanf(req, "%s %s %hu %s", oldcon, newcon, &tclass, taskcon) != 4) 772 goto out; 773 774 rc = security_context_str_to_sid(oldcon, &osid, GFP_KERNEL); 775 if (rc) 776 goto out; 777 778 rc = security_context_str_to_sid(newcon, &nsid, GFP_KERNEL); 779 if (rc) 780 goto out; 781 782 rc = security_context_str_to_sid(taskcon, &tsid, GFP_KERNEL); 783 if (rc) 784 goto out; 785 786 rc = security_validate_transition_user(osid, nsid, tsid, tclass); 787 if (!rc) 788 rc = count; 789 out: 790 kfree(req); 791 kfree(oldcon); 792 kfree(newcon); 793 kfree(taskcon); 794 return rc; 795 } 796 797 static const struct file_operations sel_transition_ops = { 798 .write = sel_write_validatetrans, 799 .llseek = generic_file_llseek, 800 }; 801 802 /* 803 * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c 804 */ 805 static ssize_t sel_write_access(struct file *file, char *buf, size_t size); 806 static ssize_t sel_write_create(struct file *file, char *buf, size_t size); 807 static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size); 808 static ssize_t sel_write_user(struct file *file, char *buf, size_t size); 809 static ssize_t sel_write_member(struct file *file, char *buf, size_t size); 810 811 static ssize_t (*const write_op[])(struct file *, char *, size_t) = { 812 [SEL_ACCESS] = sel_write_access, 813 [SEL_CREATE] = sel_write_create, 814 [SEL_RELABEL] = sel_write_relabel, 815 [SEL_USER] = sel_write_user, 816 [SEL_MEMBER] = sel_write_member, 817 [SEL_CONTEXT] = sel_write_context, 818 }; 819 820 static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos) 821 { 822 ino_t ino = file_inode(file)->i_ino; 823 char *data; 824 ssize_t rv; 825 826 if (ino >= ARRAY_SIZE(write_op) || !write_op[ino]) 827 return -EINVAL; 828 829 data = simple_transaction_get(file, buf, size); 830 if (IS_ERR(data)) 831 return PTR_ERR(data); 832 833 rv = write_op[ino](file, data, size); 834 if (rv > 0) { 835 simple_transaction_set(file, rv); 836 rv = size; 837 } 838 return rv; 839 } 840 841 static const struct file_operations transaction_ops = { 842 .write = selinux_transaction_write, 843 .read = simple_transaction_read, 844 .release = simple_transaction_release, 845 .llseek = generic_file_llseek, 846 }; 847 848 /* 849 * payload - write methods 850 * If the method has a response, the response should be put in buf, 851 * and the length returned. Otherwise return 0 or and -error. 852 */ 853 854 static ssize_t sel_write_access(struct file *file, char *buf, size_t size) 855 { 856 char *scon = NULL, *tcon = NULL; 857 u32 ssid, tsid; 858 u16 tclass; 859 struct av_decision avd; 860 ssize_t length; 861 862 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 863 SECCLASS_SECURITY, SECURITY__COMPUTE_AV, NULL); 864 if (length) 865 goto out; 866 867 length = -ENOMEM; 868 scon = kzalloc(size + 1, GFP_KERNEL); 869 if (!scon) 870 goto out; 871 872 length = -ENOMEM; 873 tcon = kzalloc(size + 1, GFP_KERNEL); 874 if (!tcon) 875 goto out; 876 877 length = -EINVAL; 878 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 879 goto out; 880 881 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL); 882 if (length) 883 goto out; 884 885 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL); 886 if (length) 887 goto out; 888 889 security_compute_av_user(ssid, tsid, tclass, &avd); 890 891 length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT, 892 "%x %x %x %x %u %x", 893 avd.allowed, 0xffffffff, 894 avd.auditallow, avd.auditdeny, 895 avd.seqno, avd.flags); 896 out: 897 kfree(tcon); 898 kfree(scon); 899 return length; 900 } 901 902 static ssize_t sel_write_create(struct file *file, char *buf, size_t size) 903 { 904 char *scon = NULL, *tcon = NULL; 905 char *namebuf = NULL, *objname = NULL; 906 u32 ssid, tsid, newsid; 907 u16 tclass; 908 ssize_t length; 909 char *newcon = NULL; 910 u32 len; 911 int nargs; 912 913 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 914 SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, 915 NULL); 916 if (length) 917 goto out; 918 919 length = -ENOMEM; 920 scon = kzalloc(size + 1, GFP_KERNEL); 921 if (!scon) 922 goto out; 923 924 length = -ENOMEM; 925 tcon = kzalloc(size + 1, GFP_KERNEL); 926 if (!tcon) 927 goto out; 928 929 length = -ENOMEM; 930 namebuf = kzalloc(size + 1, GFP_KERNEL); 931 if (!namebuf) 932 goto out; 933 934 length = -EINVAL; 935 nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf); 936 if (nargs < 3 || nargs > 4) 937 goto out; 938 if (nargs == 4) { 939 /* 940 * If and when the name of new object to be queried contains 941 * either whitespace or multibyte characters, they shall be 942 * encoded based on the percentage-encoding rule. 943 * If not encoded, the sscanf logic picks up only left-half 944 * of the supplied name; split by a whitespace unexpectedly. 945 */ 946 char *r, *w; 947 int c1, c2; 948 949 r = w = namebuf; 950 do { 951 c1 = *r++; 952 if (c1 == '+') 953 c1 = ' '; 954 else if (c1 == '%') { 955 c1 = hex_to_bin(*r++); 956 if (c1 < 0) 957 goto out; 958 c2 = hex_to_bin(*r++); 959 if (c2 < 0) 960 goto out; 961 c1 = (c1 << 4) | c2; 962 } 963 *w++ = c1; 964 } while (c1 != '\0'); 965 966 objname = namebuf; 967 } 968 969 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL); 970 if (length) 971 goto out; 972 973 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL); 974 if (length) 975 goto out; 976 977 length = security_transition_sid_user(ssid, tsid, tclass, 978 objname, &newsid); 979 if (length) 980 goto out; 981 982 length = security_sid_to_context(newsid, &newcon, &len); 983 if (length) 984 goto out; 985 986 length = -ERANGE; 987 if (len > SIMPLE_TRANSACTION_LIMIT) { 988 pr_err("SELinux: %s: context size (%u) exceeds " 989 "payload max\n", __func__, len); 990 goto out; 991 } 992 993 memcpy(buf, newcon, len); 994 length = len; 995 out: 996 kfree(newcon); 997 kfree(namebuf); 998 kfree(tcon); 999 kfree(scon); 1000 return length; 1001 } 1002 1003 static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size) 1004 { 1005 char *scon = NULL, *tcon = NULL; 1006 u32 ssid, tsid, newsid; 1007 u16 tclass; 1008 ssize_t length; 1009 char *newcon = NULL; 1010 u32 len; 1011 1012 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1013 SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, 1014 NULL); 1015 if (length) 1016 goto out; 1017 1018 length = -ENOMEM; 1019 scon = kzalloc(size + 1, GFP_KERNEL); 1020 if (!scon) 1021 goto out; 1022 1023 length = -ENOMEM; 1024 tcon = kzalloc(size + 1, GFP_KERNEL); 1025 if (!tcon) 1026 goto out; 1027 1028 length = -EINVAL; 1029 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 1030 goto out; 1031 1032 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL); 1033 if (length) 1034 goto out; 1035 1036 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL); 1037 if (length) 1038 goto out; 1039 1040 length = security_change_sid(ssid, tsid, tclass, &newsid); 1041 if (length) 1042 goto out; 1043 1044 length = security_sid_to_context(newsid, &newcon, &len); 1045 if (length) 1046 goto out; 1047 1048 length = -ERANGE; 1049 if (len > SIMPLE_TRANSACTION_LIMIT) 1050 goto out; 1051 1052 memcpy(buf, newcon, len); 1053 length = len; 1054 out: 1055 kfree(newcon); 1056 kfree(tcon); 1057 kfree(scon); 1058 return length; 1059 } 1060 1061 static ssize_t sel_write_user(struct file *file, char *buf, size_t size) 1062 { 1063 char *con = NULL, *user = NULL, *ptr; 1064 u32 sid, *sids = NULL; 1065 ssize_t length; 1066 char *newcon; 1067 int rc; 1068 u32 i, len, nsids; 1069 1070 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1071 SECCLASS_SECURITY, SECURITY__COMPUTE_USER, 1072 NULL); 1073 if (length) 1074 goto out; 1075 1076 length = -ENOMEM; 1077 con = kzalloc(size + 1, GFP_KERNEL); 1078 if (!con) 1079 goto out; 1080 1081 length = -ENOMEM; 1082 user = kzalloc(size + 1, GFP_KERNEL); 1083 if (!user) 1084 goto out; 1085 1086 length = -EINVAL; 1087 if (sscanf(buf, "%s %s", con, user) != 2) 1088 goto out; 1089 1090 length = security_context_str_to_sid(con, &sid, GFP_KERNEL); 1091 if (length) 1092 goto out; 1093 1094 length = security_get_user_sids(sid, user, &sids, &nsids); 1095 if (length) 1096 goto out; 1097 1098 length = sprintf(buf, "%u", nsids) + 1; 1099 ptr = buf + length; 1100 for (i = 0; i < nsids; i++) { 1101 rc = security_sid_to_context(sids[i], &newcon, &len); 1102 if (rc) { 1103 length = rc; 1104 goto out; 1105 } 1106 if ((length + len) >= SIMPLE_TRANSACTION_LIMIT) { 1107 kfree(newcon); 1108 length = -ERANGE; 1109 goto out; 1110 } 1111 memcpy(ptr, newcon, len); 1112 kfree(newcon); 1113 ptr += len; 1114 length += len; 1115 } 1116 out: 1117 kfree(sids); 1118 kfree(user); 1119 kfree(con); 1120 return length; 1121 } 1122 1123 static ssize_t sel_write_member(struct file *file, char *buf, size_t size) 1124 { 1125 char *scon = NULL, *tcon = NULL; 1126 u32 ssid, tsid, newsid; 1127 u16 tclass; 1128 ssize_t length; 1129 char *newcon = NULL; 1130 u32 len; 1131 1132 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1133 SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, 1134 NULL); 1135 if (length) 1136 goto out; 1137 1138 length = -ENOMEM; 1139 scon = kzalloc(size + 1, GFP_KERNEL); 1140 if (!scon) 1141 goto out; 1142 1143 length = -ENOMEM; 1144 tcon = kzalloc(size + 1, GFP_KERNEL); 1145 if (!tcon) 1146 goto out; 1147 1148 length = -EINVAL; 1149 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 1150 goto out; 1151 1152 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL); 1153 if (length) 1154 goto out; 1155 1156 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL); 1157 if (length) 1158 goto out; 1159 1160 length = security_member_sid(ssid, tsid, tclass, &newsid); 1161 if (length) 1162 goto out; 1163 1164 length = security_sid_to_context(newsid, &newcon, &len); 1165 if (length) 1166 goto out; 1167 1168 length = -ERANGE; 1169 if (len > SIMPLE_TRANSACTION_LIMIT) { 1170 pr_err("SELinux: %s: context size (%u) exceeds " 1171 "payload max\n", __func__, len); 1172 goto out; 1173 } 1174 1175 memcpy(buf, newcon, len); 1176 length = len; 1177 out: 1178 kfree(newcon); 1179 kfree(tcon); 1180 kfree(scon); 1181 return length; 1182 } 1183 1184 static struct inode *sel_make_inode(struct super_block *sb, umode_t mode) 1185 { 1186 struct inode *ret = new_inode(sb); 1187 1188 if (ret) { 1189 ret->i_mode = mode; 1190 simple_inode_init_ts(ret); 1191 } 1192 return ret; 1193 } 1194 1195 static ssize_t sel_read_bool(struct file *filep, char __user *buf, 1196 size_t count, loff_t *ppos) 1197 { 1198 struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info; 1199 char *page = NULL; 1200 ssize_t length; 1201 ssize_t ret; 1202 int cur_enforcing; 1203 unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; 1204 const char *name = filep->f_path.dentry->d_name.name; 1205 1206 mutex_lock(&selinux_state.policy_mutex); 1207 1208 ret = -EINVAL; 1209 if (index >= fsi->bool_num || strcmp(name, 1210 fsi->bool_pending_names[index])) 1211 goto out_unlock; 1212 1213 ret = -ENOMEM; 1214 page = (char *)get_zeroed_page(GFP_KERNEL); 1215 if (!page) 1216 goto out_unlock; 1217 1218 cur_enforcing = security_get_bool_value(index); 1219 if (cur_enforcing < 0) { 1220 ret = cur_enforcing; 1221 goto out_unlock; 1222 } 1223 length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing, 1224 fsi->bool_pending_values[index]); 1225 mutex_unlock(&selinux_state.policy_mutex); 1226 ret = simple_read_from_buffer(buf, count, ppos, page, length); 1227 out_free: 1228 free_page((unsigned long)page); 1229 return ret; 1230 1231 out_unlock: 1232 mutex_unlock(&selinux_state.policy_mutex); 1233 goto out_free; 1234 } 1235 1236 static ssize_t sel_write_bool(struct file *filep, const char __user *buf, 1237 size_t count, loff_t *ppos) 1238 { 1239 struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info; 1240 char *page = NULL; 1241 ssize_t length; 1242 int new_value; 1243 unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; 1244 const char *name = filep->f_path.dentry->d_name.name; 1245 1246 if (count >= PAGE_SIZE) 1247 return -ENOMEM; 1248 1249 /* No partial writes. */ 1250 if (*ppos != 0) 1251 return -EINVAL; 1252 1253 page = memdup_user_nul(buf, count); 1254 if (IS_ERR(page)) 1255 return PTR_ERR(page); 1256 1257 mutex_lock(&selinux_state.policy_mutex); 1258 1259 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1260 SECCLASS_SECURITY, SECURITY__SETBOOL, 1261 NULL); 1262 if (length) 1263 goto out; 1264 1265 length = -EINVAL; 1266 if (index >= fsi->bool_num || strcmp(name, 1267 fsi->bool_pending_names[index])) 1268 goto out; 1269 1270 length = -EINVAL; 1271 if (sscanf(page, "%d", &new_value) != 1) 1272 goto out; 1273 1274 if (new_value) 1275 new_value = 1; 1276 1277 fsi->bool_pending_values[index] = new_value; 1278 length = count; 1279 1280 out: 1281 mutex_unlock(&selinux_state.policy_mutex); 1282 kfree(page); 1283 return length; 1284 } 1285 1286 static const struct file_operations sel_bool_ops = { 1287 .read = sel_read_bool, 1288 .write = sel_write_bool, 1289 .llseek = generic_file_llseek, 1290 }; 1291 1292 static ssize_t sel_commit_bools_write(struct file *filep, 1293 const char __user *buf, 1294 size_t count, loff_t *ppos) 1295 { 1296 struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info; 1297 char *page = NULL; 1298 ssize_t length; 1299 int new_value; 1300 1301 if (count >= PAGE_SIZE) 1302 return -ENOMEM; 1303 1304 /* No partial writes. */ 1305 if (*ppos != 0) 1306 return -EINVAL; 1307 1308 page = memdup_user_nul(buf, count); 1309 if (IS_ERR(page)) 1310 return PTR_ERR(page); 1311 1312 mutex_lock(&selinux_state.policy_mutex); 1313 1314 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1315 SECCLASS_SECURITY, SECURITY__SETBOOL, 1316 NULL); 1317 if (length) 1318 goto out; 1319 1320 length = -EINVAL; 1321 if (sscanf(page, "%d", &new_value) != 1) 1322 goto out; 1323 1324 length = 0; 1325 if (new_value && fsi->bool_pending_values) 1326 length = security_set_bools(fsi->bool_num, 1327 fsi->bool_pending_values); 1328 1329 if (!length) 1330 length = count; 1331 1332 out: 1333 mutex_unlock(&selinux_state.policy_mutex); 1334 kfree(page); 1335 return length; 1336 } 1337 1338 static const struct file_operations sel_commit_bools_ops = { 1339 .write = sel_commit_bools_write, 1340 .llseek = generic_file_llseek, 1341 }; 1342 1343 static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_dir, 1344 unsigned int *bool_num, char ***bool_pending_names, 1345 int **bool_pending_values) 1346 { 1347 int ret; 1348 char **names, *page; 1349 u32 i, num; 1350 1351 page = (char *)get_zeroed_page(GFP_KERNEL); 1352 if (!page) 1353 return -ENOMEM; 1354 1355 ret = security_get_bools(newpolicy, &num, &names, bool_pending_values); 1356 if (ret) 1357 goto out; 1358 1359 *bool_num = num; 1360 *bool_pending_names = names; 1361 1362 for (i = 0; i < num; i++) { 1363 struct dentry *dentry; 1364 struct inode *inode; 1365 struct inode_security_struct *isec; 1366 ssize_t len; 1367 u32 sid; 1368 1369 len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]); 1370 if (len >= PAGE_SIZE) { 1371 ret = -ENAMETOOLONG; 1372 break; 1373 } 1374 dentry = d_alloc_name(bool_dir, names[i]); 1375 if (!dentry) { 1376 ret = -ENOMEM; 1377 break; 1378 } 1379 1380 inode = sel_make_inode(bool_dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR); 1381 if (!inode) { 1382 dput(dentry); 1383 ret = -ENOMEM; 1384 break; 1385 } 1386 1387 isec = selinux_inode(inode); 1388 ret = selinux_policy_genfs_sid(newpolicy, "selinuxfs", page, 1389 SECCLASS_FILE, &sid); 1390 if (ret) { 1391 pr_warn_ratelimited("SELinux: no sid found, defaulting to security isid for %s\n", 1392 page); 1393 sid = SECINITSID_SECURITY; 1394 } 1395 1396 isec->sid = sid; 1397 isec->initialized = LABEL_INITIALIZED; 1398 inode->i_fop = &sel_bool_ops; 1399 inode->i_ino = i|SEL_BOOL_INO_OFFSET; 1400 d_add(dentry, inode); 1401 } 1402 out: 1403 free_page((unsigned long)page); 1404 return ret; 1405 } 1406 1407 static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf, 1408 size_t count, loff_t *ppos) 1409 { 1410 char tmpbuf[TMPBUFLEN]; 1411 ssize_t length; 1412 1413 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", 1414 avc_get_cache_threshold()); 1415 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 1416 } 1417 1418 static ssize_t sel_write_avc_cache_threshold(struct file *file, 1419 const char __user *buf, 1420 size_t count, loff_t *ppos) 1421 1422 { 1423 char *page; 1424 ssize_t ret; 1425 unsigned int new_value; 1426 1427 ret = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1428 SECCLASS_SECURITY, SECURITY__SETSECPARAM, 1429 NULL); 1430 if (ret) 1431 return ret; 1432 1433 if (count >= PAGE_SIZE) 1434 return -ENOMEM; 1435 1436 /* No partial writes. */ 1437 if (*ppos != 0) 1438 return -EINVAL; 1439 1440 page = memdup_user_nul(buf, count); 1441 if (IS_ERR(page)) 1442 return PTR_ERR(page); 1443 1444 ret = -EINVAL; 1445 if (sscanf(page, "%u", &new_value) != 1) 1446 goto out; 1447 1448 avc_set_cache_threshold(new_value); 1449 1450 ret = count; 1451 out: 1452 kfree(page); 1453 return ret; 1454 } 1455 1456 static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf, 1457 size_t count, loff_t *ppos) 1458 { 1459 char *page; 1460 ssize_t length; 1461 1462 page = (char *)__get_free_page(GFP_KERNEL); 1463 if (!page) 1464 return -ENOMEM; 1465 1466 length = avc_get_hash_stats(page); 1467 if (length >= 0) 1468 length = simple_read_from_buffer(buf, count, ppos, page, length); 1469 free_page((unsigned long)page); 1470 1471 return length; 1472 } 1473 1474 static ssize_t sel_read_sidtab_hash_stats(struct file *filp, char __user *buf, 1475 size_t count, loff_t *ppos) 1476 { 1477 char *page; 1478 ssize_t length; 1479 1480 page = (char *)__get_free_page(GFP_KERNEL); 1481 if (!page) 1482 return -ENOMEM; 1483 1484 length = security_sidtab_hash_stats(page); 1485 if (length >= 0) 1486 length = simple_read_from_buffer(buf, count, ppos, page, 1487 length); 1488 free_page((unsigned long)page); 1489 1490 return length; 1491 } 1492 1493 static const struct file_operations sel_sidtab_hash_stats_ops = { 1494 .read = sel_read_sidtab_hash_stats, 1495 .llseek = generic_file_llseek, 1496 }; 1497 1498 static const struct file_operations sel_avc_cache_threshold_ops = { 1499 .read = sel_read_avc_cache_threshold, 1500 .write = sel_write_avc_cache_threshold, 1501 .llseek = generic_file_llseek, 1502 }; 1503 1504 static const struct file_operations sel_avc_hash_stats_ops = { 1505 .read = sel_read_avc_hash_stats, 1506 .llseek = generic_file_llseek, 1507 }; 1508 1509 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 1510 static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx) 1511 { 1512 int cpu; 1513 1514 for (cpu = *idx; cpu < nr_cpu_ids; ++cpu) { 1515 if (!cpu_possible(cpu)) 1516 continue; 1517 *idx = cpu + 1; 1518 return &per_cpu(avc_cache_stats, cpu); 1519 } 1520 (*idx)++; 1521 return NULL; 1522 } 1523 1524 static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos) 1525 { 1526 loff_t n = *pos - 1; 1527 1528 if (*pos == 0) 1529 return SEQ_START_TOKEN; 1530 1531 return sel_avc_get_stat_idx(&n); 1532 } 1533 1534 static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos) 1535 { 1536 return sel_avc_get_stat_idx(pos); 1537 } 1538 1539 static int sel_avc_stats_seq_show(struct seq_file *seq, void *v) 1540 { 1541 struct avc_cache_stats *st = v; 1542 1543 if (v == SEQ_START_TOKEN) { 1544 seq_puts(seq, 1545 "lookups hits misses allocations reclaims frees\n"); 1546 } else { 1547 unsigned int lookups = st->lookups; 1548 unsigned int misses = st->misses; 1549 unsigned int hits = lookups - misses; 1550 seq_printf(seq, "%u %u %u %u %u %u\n", lookups, 1551 hits, misses, st->allocations, 1552 st->reclaims, st->frees); 1553 } 1554 return 0; 1555 } 1556 1557 static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v) 1558 { } 1559 1560 static const struct seq_operations sel_avc_cache_stats_seq_ops = { 1561 .start = sel_avc_stats_seq_start, 1562 .next = sel_avc_stats_seq_next, 1563 .show = sel_avc_stats_seq_show, 1564 .stop = sel_avc_stats_seq_stop, 1565 }; 1566 1567 static int sel_open_avc_cache_stats(struct inode *inode, struct file *file) 1568 { 1569 return seq_open(file, &sel_avc_cache_stats_seq_ops); 1570 } 1571 1572 static const struct file_operations sel_avc_cache_stats_ops = { 1573 .open = sel_open_avc_cache_stats, 1574 .read = seq_read, 1575 .llseek = seq_lseek, 1576 .release = seq_release, 1577 }; 1578 #endif 1579 1580 static int sel_make_avc_files(struct dentry *dir) 1581 { 1582 struct super_block *sb = dir->d_sb; 1583 struct selinux_fs_info *fsi = sb->s_fs_info; 1584 unsigned int i; 1585 static const struct tree_descr files[] = { 1586 { "cache_threshold", 1587 &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR }, 1588 { "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO }, 1589 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 1590 { "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO }, 1591 #endif 1592 }; 1593 1594 for (i = 0; i < ARRAY_SIZE(files); i++) { 1595 struct inode *inode; 1596 struct dentry *dentry; 1597 1598 dentry = d_alloc_name(dir, files[i].name); 1599 if (!dentry) 1600 return -ENOMEM; 1601 1602 inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode); 1603 if (!inode) { 1604 dput(dentry); 1605 return -ENOMEM; 1606 } 1607 1608 inode->i_fop = files[i].ops; 1609 inode->i_ino = ++fsi->last_ino; 1610 d_add(dentry, inode); 1611 } 1612 1613 return 0; 1614 } 1615 1616 static int sel_make_ss_files(struct dentry *dir) 1617 { 1618 struct super_block *sb = dir->d_sb; 1619 struct selinux_fs_info *fsi = sb->s_fs_info; 1620 unsigned int i; 1621 static const struct tree_descr files[] = { 1622 { "sidtab_hash_stats", &sel_sidtab_hash_stats_ops, S_IRUGO }, 1623 }; 1624 1625 for (i = 0; i < ARRAY_SIZE(files); i++) { 1626 struct inode *inode; 1627 struct dentry *dentry; 1628 1629 dentry = d_alloc_name(dir, files[i].name); 1630 if (!dentry) 1631 return -ENOMEM; 1632 1633 inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode); 1634 if (!inode) { 1635 dput(dentry); 1636 return -ENOMEM; 1637 } 1638 1639 inode->i_fop = files[i].ops; 1640 inode->i_ino = ++fsi->last_ino; 1641 d_add(dentry, inode); 1642 } 1643 1644 return 0; 1645 } 1646 1647 static ssize_t sel_read_initcon(struct file *file, char __user *buf, 1648 size_t count, loff_t *ppos) 1649 { 1650 char *con; 1651 u32 sid, len; 1652 ssize_t ret; 1653 1654 sid = file_inode(file)->i_ino&SEL_INO_MASK; 1655 ret = security_sid_to_context(sid, &con, &len); 1656 if (ret) 1657 return ret; 1658 1659 ret = simple_read_from_buffer(buf, count, ppos, con, len); 1660 kfree(con); 1661 return ret; 1662 } 1663 1664 static const struct file_operations sel_initcon_ops = { 1665 .read = sel_read_initcon, 1666 .llseek = generic_file_llseek, 1667 }; 1668 1669 static int sel_make_initcon_files(struct dentry *dir) 1670 { 1671 unsigned int i; 1672 1673 for (i = 1; i <= SECINITSID_NUM; i++) { 1674 struct inode *inode; 1675 struct dentry *dentry; 1676 const char *s = security_get_initial_sid_context(i); 1677 1678 if (!s) 1679 continue; 1680 dentry = d_alloc_name(dir, s); 1681 if (!dentry) 1682 return -ENOMEM; 1683 1684 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1685 if (!inode) { 1686 dput(dentry); 1687 return -ENOMEM; 1688 } 1689 1690 inode->i_fop = &sel_initcon_ops; 1691 inode->i_ino = i|SEL_INITCON_INO_OFFSET; 1692 d_add(dentry, inode); 1693 } 1694 1695 return 0; 1696 } 1697 1698 static inline unsigned long sel_class_to_ino(u16 class) 1699 { 1700 return (class * (SEL_VEC_MAX + 1)) | SEL_CLASS_INO_OFFSET; 1701 } 1702 1703 static inline u16 sel_ino_to_class(unsigned long ino) 1704 { 1705 return (ino & SEL_INO_MASK) / (SEL_VEC_MAX + 1); 1706 } 1707 1708 static inline unsigned long sel_perm_to_ino(u16 class, u32 perm) 1709 { 1710 return (class * (SEL_VEC_MAX + 1) + perm) | SEL_CLASS_INO_OFFSET; 1711 } 1712 1713 static inline u32 sel_ino_to_perm(unsigned long ino) 1714 { 1715 return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1); 1716 } 1717 1718 static ssize_t sel_read_class(struct file *file, char __user *buf, 1719 size_t count, loff_t *ppos) 1720 { 1721 unsigned long ino = file_inode(file)->i_ino; 1722 char res[TMPBUFLEN]; 1723 ssize_t len = scnprintf(res, sizeof(res), "%d", sel_ino_to_class(ino)); 1724 return simple_read_from_buffer(buf, count, ppos, res, len); 1725 } 1726 1727 static const struct file_operations sel_class_ops = { 1728 .read = sel_read_class, 1729 .llseek = generic_file_llseek, 1730 }; 1731 1732 static ssize_t sel_read_perm(struct file *file, char __user *buf, 1733 size_t count, loff_t *ppos) 1734 { 1735 unsigned long ino = file_inode(file)->i_ino; 1736 char res[TMPBUFLEN]; 1737 ssize_t len = scnprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino)); 1738 return simple_read_from_buffer(buf, count, ppos, res, len); 1739 } 1740 1741 static const struct file_operations sel_perm_ops = { 1742 .read = sel_read_perm, 1743 .llseek = generic_file_llseek, 1744 }; 1745 1746 static ssize_t sel_read_policycap(struct file *file, char __user *buf, 1747 size_t count, loff_t *ppos) 1748 { 1749 int value; 1750 char tmpbuf[TMPBUFLEN]; 1751 ssize_t length; 1752 unsigned long i_ino = file_inode(file)->i_ino; 1753 1754 value = security_policycap_supported(i_ino & SEL_INO_MASK); 1755 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value); 1756 1757 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 1758 } 1759 1760 static const struct file_operations sel_policycap_ops = { 1761 .read = sel_read_policycap, 1762 .llseek = generic_file_llseek, 1763 }; 1764 1765 static int sel_make_perm_files(struct selinux_policy *newpolicy, 1766 char *objclass, int classvalue, 1767 struct dentry *dir) 1768 { 1769 u32 i, nperms; 1770 int rc; 1771 char **perms; 1772 1773 rc = security_get_permissions(newpolicy, objclass, &perms, &nperms); 1774 if (rc) 1775 return rc; 1776 1777 for (i = 0; i < nperms; i++) { 1778 struct inode *inode; 1779 struct dentry *dentry; 1780 1781 rc = -ENOMEM; 1782 dentry = d_alloc_name(dir, perms[i]); 1783 if (!dentry) 1784 goto out; 1785 1786 rc = -ENOMEM; 1787 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1788 if (!inode) { 1789 dput(dentry); 1790 goto out; 1791 } 1792 1793 inode->i_fop = &sel_perm_ops; 1794 /* i+1 since perm values are 1-indexed */ 1795 inode->i_ino = sel_perm_to_ino(classvalue, i + 1); 1796 d_add(dentry, inode); 1797 } 1798 rc = 0; 1799 out: 1800 for (i = 0; i < nperms; i++) 1801 kfree(perms[i]); 1802 kfree(perms); 1803 return rc; 1804 } 1805 1806 static int sel_make_class_dir_entries(struct selinux_policy *newpolicy, 1807 char *classname, int index, 1808 struct dentry *dir) 1809 { 1810 struct super_block *sb = dir->d_sb; 1811 struct selinux_fs_info *fsi = sb->s_fs_info; 1812 struct dentry *dentry = NULL; 1813 struct inode *inode = NULL; 1814 1815 dentry = d_alloc_name(dir, "index"); 1816 if (!dentry) 1817 return -ENOMEM; 1818 1819 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1820 if (!inode) { 1821 dput(dentry); 1822 return -ENOMEM; 1823 } 1824 1825 inode->i_fop = &sel_class_ops; 1826 inode->i_ino = sel_class_to_ino(index); 1827 d_add(dentry, inode); 1828 1829 dentry = sel_make_dir(dir, "perms", &fsi->last_class_ino); 1830 if (IS_ERR(dentry)) 1831 return PTR_ERR(dentry); 1832 1833 return sel_make_perm_files(newpolicy, classname, index, dentry); 1834 } 1835 1836 static int sel_make_classes(struct selinux_policy *newpolicy, 1837 struct dentry *class_dir, 1838 unsigned long *last_class_ino) 1839 { 1840 u32 i, nclasses; 1841 int rc; 1842 char **classes; 1843 1844 rc = security_get_classes(newpolicy, &classes, &nclasses); 1845 if (rc) 1846 return rc; 1847 1848 /* +2 since classes are 1-indexed */ 1849 *last_class_ino = sel_class_to_ino(nclasses + 2); 1850 1851 for (i = 0; i < nclasses; i++) { 1852 struct dentry *class_name_dir; 1853 1854 class_name_dir = sel_make_dir(class_dir, classes[i], 1855 last_class_ino); 1856 if (IS_ERR(class_name_dir)) { 1857 rc = PTR_ERR(class_name_dir); 1858 goto out; 1859 } 1860 1861 /* i+1 since class values are 1-indexed */ 1862 rc = sel_make_class_dir_entries(newpolicy, classes[i], i + 1, 1863 class_name_dir); 1864 if (rc) 1865 goto out; 1866 } 1867 rc = 0; 1868 out: 1869 for (i = 0; i < nclasses; i++) 1870 kfree(classes[i]); 1871 kfree(classes); 1872 return rc; 1873 } 1874 1875 static int sel_make_policycap(struct selinux_fs_info *fsi) 1876 { 1877 unsigned int iter; 1878 struct dentry *dentry = NULL; 1879 struct inode *inode = NULL; 1880 1881 for (iter = 0; iter <= POLICYDB_CAP_MAX; iter++) { 1882 if (iter < ARRAY_SIZE(selinux_policycap_names)) 1883 dentry = d_alloc_name(fsi->policycap_dir, 1884 selinux_policycap_names[iter]); 1885 else 1886 dentry = d_alloc_name(fsi->policycap_dir, "unknown"); 1887 1888 if (dentry == NULL) 1889 return -ENOMEM; 1890 1891 inode = sel_make_inode(fsi->sb, S_IFREG | 0444); 1892 if (inode == NULL) { 1893 dput(dentry); 1894 return -ENOMEM; 1895 } 1896 1897 inode->i_fop = &sel_policycap_ops; 1898 inode->i_ino = iter | SEL_POLICYCAP_INO_OFFSET; 1899 d_add(dentry, inode); 1900 } 1901 1902 return 0; 1903 } 1904 1905 static struct dentry *sel_make_dir(struct dentry *dir, const char *name, 1906 unsigned long *ino) 1907 { 1908 struct dentry *dentry = d_alloc_name(dir, name); 1909 struct inode *inode; 1910 1911 if (!dentry) 1912 return ERR_PTR(-ENOMEM); 1913 1914 inode = sel_make_inode(dir->d_sb, S_IFDIR | S_IRUGO | S_IXUGO); 1915 if (!inode) { 1916 dput(dentry); 1917 return ERR_PTR(-ENOMEM); 1918 } 1919 1920 inode->i_op = &simple_dir_inode_operations; 1921 inode->i_fop = &simple_dir_operations; 1922 inode->i_ino = ++(*ino); 1923 /* directory inodes start off with i_nlink == 2 (for "." entry) */ 1924 inc_nlink(inode); 1925 d_add(dentry, inode); 1926 /* bump link count on parent directory, too */ 1927 inc_nlink(d_inode(dir)); 1928 1929 return dentry; 1930 } 1931 1932 static int reject_all(struct mnt_idmap *idmap, struct inode *inode, int mask) 1933 { 1934 return -EPERM; // no access for anyone, root or no root. 1935 } 1936 1937 static const struct inode_operations swapover_dir_inode_operations = { 1938 .lookup = simple_lookup, 1939 .permission = reject_all, 1940 }; 1941 1942 static struct dentry *sel_make_swapover_dir(struct super_block *sb, 1943 unsigned long *ino) 1944 { 1945 struct dentry *dentry = d_alloc_name(sb->s_root, ".swapover"); 1946 struct inode *inode; 1947 1948 if (!dentry) 1949 return ERR_PTR(-ENOMEM); 1950 1951 inode = sel_make_inode(sb, S_IFDIR); 1952 if (!inode) { 1953 dput(dentry); 1954 return ERR_PTR(-ENOMEM); 1955 } 1956 1957 inode->i_op = &swapover_dir_inode_operations; 1958 inode->i_ino = ++(*ino); 1959 /* directory inodes start off with i_nlink == 2 (for "." entry) */ 1960 inc_nlink(inode); 1961 inode_lock(sb->s_root->d_inode); 1962 d_add(dentry, inode); 1963 inc_nlink(sb->s_root->d_inode); 1964 inode_unlock(sb->s_root->d_inode); 1965 return dentry; 1966 } 1967 1968 #define NULL_FILE_NAME "null" 1969 1970 static int sel_fill_super(struct super_block *sb, struct fs_context *fc) 1971 { 1972 struct selinux_fs_info *fsi; 1973 int ret; 1974 struct dentry *dentry; 1975 struct inode *inode; 1976 struct inode_security_struct *isec; 1977 1978 static const struct tree_descr selinux_files[] = { 1979 [SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR}, 1980 [SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR}, 1981 [SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO}, 1982 [SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO}, 1983 [SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO}, 1984 [SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO}, 1985 [SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO}, 1986 [SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO}, 1987 [SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR}, 1988 [SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO}, 1989 [SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR}, 1990 [SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO}, 1991 [SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR}, 1992 [SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO}, 1993 [SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO}, 1994 [SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO}, 1995 [SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO}, 1996 [SEL_VALIDATE_TRANS] = {"validatetrans", &sel_transition_ops, 1997 S_IWUGO}, 1998 /* last one */ {""} 1999 }; 2000 2001 ret = selinux_fs_info_create(sb); 2002 if (ret) 2003 goto err; 2004 2005 ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files); 2006 if (ret) 2007 goto err; 2008 2009 fsi = sb->s_fs_info; 2010 fsi->bool_dir = sel_make_dir(sb->s_root, BOOL_DIR_NAME, &fsi->last_ino); 2011 if (IS_ERR(fsi->bool_dir)) { 2012 ret = PTR_ERR(fsi->bool_dir); 2013 fsi->bool_dir = NULL; 2014 goto err; 2015 } 2016 2017 ret = -ENOMEM; 2018 dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME); 2019 if (!dentry) 2020 goto err; 2021 2022 ret = -ENOMEM; 2023 inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO); 2024 if (!inode) { 2025 dput(dentry); 2026 goto err; 2027 } 2028 2029 inode->i_ino = ++fsi->last_ino; 2030 isec = selinux_inode(inode); 2031 isec->sid = SECINITSID_DEVNULL; 2032 isec->sclass = SECCLASS_CHR_FILE; 2033 isec->initialized = LABEL_INITIALIZED; 2034 2035 init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3)); 2036 d_add(dentry, inode); 2037 2038 dentry = sel_make_dir(sb->s_root, "avc", &fsi->last_ino); 2039 if (IS_ERR(dentry)) { 2040 ret = PTR_ERR(dentry); 2041 goto err; 2042 } 2043 2044 ret = sel_make_avc_files(dentry); 2045 if (ret) 2046 goto err; 2047 2048 dentry = sel_make_dir(sb->s_root, "ss", &fsi->last_ino); 2049 if (IS_ERR(dentry)) { 2050 ret = PTR_ERR(dentry); 2051 goto err; 2052 } 2053 2054 ret = sel_make_ss_files(dentry); 2055 if (ret) 2056 goto err; 2057 2058 dentry = sel_make_dir(sb->s_root, "initial_contexts", &fsi->last_ino); 2059 if (IS_ERR(dentry)) { 2060 ret = PTR_ERR(dentry); 2061 goto err; 2062 } 2063 2064 ret = sel_make_initcon_files(dentry); 2065 if (ret) 2066 goto err; 2067 2068 fsi->class_dir = sel_make_dir(sb->s_root, CLASS_DIR_NAME, &fsi->last_ino); 2069 if (IS_ERR(fsi->class_dir)) { 2070 ret = PTR_ERR(fsi->class_dir); 2071 fsi->class_dir = NULL; 2072 goto err; 2073 } 2074 2075 fsi->policycap_dir = sel_make_dir(sb->s_root, POLICYCAP_DIR_NAME, 2076 &fsi->last_ino); 2077 if (IS_ERR(fsi->policycap_dir)) { 2078 ret = PTR_ERR(fsi->policycap_dir); 2079 fsi->policycap_dir = NULL; 2080 goto err; 2081 } 2082 2083 ret = sel_make_policycap(fsi); 2084 if (ret) { 2085 pr_err("SELinux: failed to load policy capabilities\n"); 2086 goto err; 2087 } 2088 2089 return 0; 2090 err: 2091 pr_err("SELinux: %s: failed while creating inodes\n", 2092 __func__); 2093 2094 selinux_fs_info_free(sb); 2095 2096 return ret; 2097 } 2098 2099 static int sel_get_tree(struct fs_context *fc) 2100 { 2101 return get_tree_single(fc, sel_fill_super); 2102 } 2103 2104 static const struct fs_context_operations sel_context_ops = { 2105 .get_tree = sel_get_tree, 2106 }; 2107 2108 static int sel_init_fs_context(struct fs_context *fc) 2109 { 2110 fc->ops = &sel_context_ops; 2111 return 0; 2112 } 2113 2114 static void sel_kill_sb(struct super_block *sb) 2115 { 2116 selinux_fs_info_free(sb); 2117 kill_litter_super(sb); 2118 } 2119 2120 static struct file_system_type sel_fs_type = { 2121 .name = "selinuxfs", 2122 .init_fs_context = sel_init_fs_context, 2123 .kill_sb = sel_kill_sb, 2124 }; 2125 2126 static struct vfsmount *selinuxfs_mount __ro_after_init; 2127 struct path selinux_null __ro_after_init; 2128 2129 static int __init init_sel_fs(void) 2130 { 2131 struct qstr null_name = QSTR_INIT(NULL_FILE_NAME, 2132 sizeof(NULL_FILE_NAME)-1); 2133 int err; 2134 2135 if (!selinux_enabled_boot) 2136 return 0; 2137 2138 err = sysfs_create_mount_point(fs_kobj, "selinux"); 2139 if (err) 2140 return err; 2141 2142 err = register_filesystem(&sel_fs_type); 2143 if (err) { 2144 sysfs_remove_mount_point(fs_kobj, "selinux"); 2145 return err; 2146 } 2147 2148 selinux_null.mnt = selinuxfs_mount = kern_mount(&sel_fs_type); 2149 if (IS_ERR(selinuxfs_mount)) { 2150 pr_err("selinuxfs: could not mount!\n"); 2151 err = PTR_ERR(selinuxfs_mount); 2152 selinuxfs_mount = NULL; 2153 } 2154 selinux_null.dentry = d_hash_and_lookup(selinux_null.mnt->mnt_root, 2155 &null_name); 2156 if (IS_ERR(selinux_null.dentry)) { 2157 pr_err("selinuxfs: could not lookup null!\n"); 2158 err = PTR_ERR(selinux_null.dentry); 2159 selinux_null.dentry = NULL; 2160 } 2161 2162 return err; 2163 } 2164 2165 __initcall(init_sel_fs); 2166