xref: /linux/security/selinux/selinuxfs.c (revision 1553a1c48281243359a9529a10ddb551f3b967ab)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /* Updated: Karl MacMillan <kmacmillan@tresys.com>
3  *
4  *	Added conditional policy language extensions
5  *
6  *  Updated: Hewlett-Packard <paul@paul-moore.com>
7  *
8  *	Added support for the policy capability bitmap
9  *
10  * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
11  * Copyright (C) 2003 - 2004 Tresys Technology, LLC
12  * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
13  */
14 
15 #include <linux/kernel.h>
16 #include <linux/pagemap.h>
17 #include <linux/slab.h>
18 #include <linux/vmalloc.h>
19 #include <linux/fs.h>
20 #include <linux/fs_context.h>
21 #include <linux/mount.h>
22 #include <linux/mutex.h>
23 #include <linux/namei.h>
24 #include <linux/init.h>
25 #include <linux/string.h>
26 #include <linux/security.h>
27 #include <linux/major.h>
28 #include <linux/seq_file.h>
29 #include <linux/percpu.h>
30 #include <linux/audit.h>
31 #include <linux/uaccess.h>
32 #include <linux/kobject.h>
33 #include <linux/ctype.h>
34 
35 /* selinuxfs pseudo filesystem for exporting the security policy API.
36    Based on the proc code and the fs/nfsd/nfsctl.c code. */
37 
38 #include "flask.h"
39 #include "avc.h"
40 #include "avc_ss.h"
41 #include "security.h"
42 #include "objsec.h"
43 #include "conditional.h"
44 #include "ima.h"
45 
46 enum sel_inos {
47 	SEL_ROOT_INO = 2,
48 	SEL_LOAD,	/* load policy */
49 	SEL_ENFORCE,	/* get or set enforcing status */
50 	SEL_CONTEXT,	/* validate context */
51 	SEL_ACCESS,	/* compute access decision */
52 	SEL_CREATE,	/* compute create labeling decision */
53 	SEL_RELABEL,	/* compute relabeling decision */
54 	SEL_USER,	/* compute reachable user contexts */
55 	SEL_POLICYVERS,	/* return policy version for this kernel */
56 	SEL_COMMIT_BOOLS, /* commit new boolean values */
57 	SEL_MLS,	/* return if MLS policy is enabled */
58 	SEL_DISABLE,	/* disable SELinux until next reboot */
59 	SEL_MEMBER,	/* compute polyinstantiation membership decision */
60 	SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */
61 	SEL_COMPAT_NET,	/* whether to use old compat network packet controls */
62 	SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */
63 	SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */
64 	SEL_STATUS,	/* export current status using mmap() */
65 	SEL_POLICY,	/* allow userspace to read the in kernel policy */
66 	SEL_VALIDATE_TRANS, /* compute validatetrans decision */
67 	SEL_INO_NEXT,	/* The next inode number to use */
68 };
69 
70 struct selinux_fs_info {
71 	struct dentry *bool_dir;
72 	unsigned int bool_num;
73 	char **bool_pending_names;
74 	int *bool_pending_values;
75 	struct dentry *class_dir;
76 	unsigned long last_class_ino;
77 	bool policy_opened;
78 	struct dentry *policycap_dir;
79 	unsigned long last_ino;
80 	struct super_block *sb;
81 };
82 
83 static int selinux_fs_info_create(struct super_block *sb)
84 {
85 	struct selinux_fs_info *fsi;
86 
87 	fsi = kzalloc(sizeof(*fsi), GFP_KERNEL);
88 	if (!fsi)
89 		return -ENOMEM;
90 
91 	fsi->last_ino = SEL_INO_NEXT - 1;
92 	fsi->sb = sb;
93 	sb->s_fs_info = fsi;
94 	return 0;
95 }
96 
97 static void selinux_fs_info_free(struct super_block *sb)
98 {
99 	struct selinux_fs_info *fsi = sb->s_fs_info;
100 	unsigned int i;
101 
102 	if (fsi) {
103 		for (i = 0; i < fsi->bool_num; i++)
104 			kfree(fsi->bool_pending_names[i]);
105 		kfree(fsi->bool_pending_names);
106 		kfree(fsi->bool_pending_values);
107 	}
108 	kfree(sb->s_fs_info);
109 	sb->s_fs_info = NULL;
110 }
111 
112 #define SEL_INITCON_INO_OFFSET		0x01000000
113 #define SEL_BOOL_INO_OFFSET		0x02000000
114 #define SEL_CLASS_INO_OFFSET		0x04000000
115 #define SEL_POLICYCAP_INO_OFFSET	0x08000000
116 #define SEL_INO_MASK			0x00ffffff
117 
118 #define BOOL_DIR_NAME "booleans"
119 #define CLASS_DIR_NAME "class"
120 #define POLICYCAP_DIR_NAME "policy_capabilities"
121 
122 #define TMPBUFLEN	12
123 static ssize_t sel_read_enforce(struct file *filp, char __user *buf,
124 				size_t count, loff_t *ppos)
125 {
126 	char tmpbuf[TMPBUFLEN];
127 	ssize_t length;
128 
129 	length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
130 			   enforcing_enabled());
131 	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
132 }
133 
134 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
135 static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
136 				 size_t count, loff_t *ppos)
137 
138 {
139 	char *page = NULL;
140 	ssize_t length;
141 	int scan_value;
142 	bool old_value, new_value;
143 
144 	if (count >= PAGE_SIZE)
145 		return -ENOMEM;
146 
147 	/* No partial writes. */
148 	if (*ppos != 0)
149 		return -EINVAL;
150 
151 	page = memdup_user_nul(buf, count);
152 	if (IS_ERR(page))
153 		return PTR_ERR(page);
154 
155 	length = -EINVAL;
156 	if (sscanf(page, "%d", &scan_value) != 1)
157 		goto out;
158 
159 	new_value = !!scan_value;
160 
161 	old_value = enforcing_enabled();
162 	if (new_value != old_value) {
163 		length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
164 				      SECCLASS_SECURITY, SECURITY__SETENFORCE,
165 				      NULL);
166 		if (length)
167 			goto out;
168 		audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS,
169 			"enforcing=%d old_enforcing=%d auid=%u ses=%u"
170 			" enabled=1 old-enabled=1 lsm=selinux res=1",
171 			new_value, old_value,
172 			from_kuid(&init_user_ns, audit_get_loginuid(current)),
173 			audit_get_sessionid(current));
174 		enforcing_set(new_value);
175 		if (new_value)
176 			avc_ss_reset(0);
177 		selnl_notify_setenforce(new_value);
178 		selinux_status_update_setenforce(new_value);
179 		if (!new_value)
180 			call_blocking_lsm_notifier(LSM_POLICY_CHANGE, NULL);
181 
182 		selinux_ima_measure_state();
183 	}
184 	length = count;
185 out:
186 	kfree(page);
187 	return length;
188 }
189 #else
190 #define sel_write_enforce NULL
191 #endif
192 
193 static const struct file_operations sel_enforce_ops = {
194 	.read		= sel_read_enforce,
195 	.write		= sel_write_enforce,
196 	.llseek		= generic_file_llseek,
197 };
198 
199 static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf,
200 					size_t count, loff_t *ppos)
201 {
202 	char tmpbuf[TMPBUFLEN];
203 	ssize_t length;
204 	ino_t ino = file_inode(filp)->i_ino;
205 	int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ?
206 		security_get_reject_unknown() :
207 		!security_get_allow_unknown();
208 
209 	length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown);
210 	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
211 }
212 
213 static const struct file_operations sel_handle_unknown_ops = {
214 	.read		= sel_read_handle_unknown,
215 	.llseek		= generic_file_llseek,
216 };
217 
218 static int sel_open_handle_status(struct inode *inode, struct file *filp)
219 {
220 	struct page    *status = selinux_kernel_status_page();
221 
222 	if (!status)
223 		return -ENOMEM;
224 
225 	filp->private_data = status;
226 
227 	return 0;
228 }
229 
230 static ssize_t sel_read_handle_status(struct file *filp, char __user *buf,
231 				      size_t count, loff_t *ppos)
232 {
233 	struct page    *status = filp->private_data;
234 
235 	BUG_ON(!status);
236 
237 	return simple_read_from_buffer(buf, count, ppos,
238 				       page_address(status),
239 				       sizeof(struct selinux_kernel_status));
240 }
241 
242 static int sel_mmap_handle_status(struct file *filp,
243 				  struct vm_area_struct *vma)
244 {
245 	struct page    *status = filp->private_data;
246 	unsigned long	size = vma->vm_end - vma->vm_start;
247 
248 	BUG_ON(!status);
249 
250 	/* only allows one page from the head */
251 	if (vma->vm_pgoff > 0 || size != PAGE_SIZE)
252 		return -EIO;
253 	/* disallow writable mapping */
254 	if (vma->vm_flags & VM_WRITE)
255 		return -EPERM;
256 	/* disallow mprotect() turns it into writable */
257 	vm_flags_clear(vma, VM_MAYWRITE);
258 
259 	return remap_pfn_range(vma, vma->vm_start,
260 			       page_to_pfn(status),
261 			       size, vma->vm_page_prot);
262 }
263 
264 static const struct file_operations sel_handle_status_ops = {
265 	.open		= sel_open_handle_status,
266 	.read		= sel_read_handle_status,
267 	.mmap		= sel_mmap_handle_status,
268 	.llseek		= generic_file_llseek,
269 };
270 
271 static ssize_t sel_write_disable(struct file *file, const char __user *buf,
272 				 size_t count, loff_t *ppos)
273 
274 {
275 	char *page;
276 	ssize_t length;
277 	int new_value;
278 
279 	if (count >= PAGE_SIZE)
280 		return -ENOMEM;
281 
282 	/* No partial writes. */
283 	if (*ppos != 0)
284 		return -EINVAL;
285 
286 	page = memdup_user_nul(buf, count);
287 	if (IS_ERR(page))
288 		return PTR_ERR(page);
289 
290 	if (sscanf(page, "%d", &new_value) != 1) {
291 		length = -EINVAL;
292 		goto out;
293 	}
294 	length = count;
295 
296 	if (new_value) {
297 		pr_err("SELinux: https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-runtime-disable\n");
298 		pr_err("SELinux: Runtime disable is not supported, use selinux=0 on the kernel cmdline.\n");
299 	}
300 
301 out:
302 	kfree(page);
303 	return length;
304 }
305 
306 static const struct file_operations sel_disable_ops = {
307 	.write		= sel_write_disable,
308 	.llseek		= generic_file_llseek,
309 };
310 
311 static ssize_t sel_read_policyvers(struct file *filp, char __user *buf,
312 				   size_t count, loff_t *ppos)
313 {
314 	char tmpbuf[TMPBUFLEN];
315 	ssize_t length;
316 
317 	length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX);
318 	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
319 }
320 
321 static const struct file_operations sel_policyvers_ops = {
322 	.read		= sel_read_policyvers,
323 	.llseek		= generic_file_llseek,
324 };
325 
326 /* declaration for sel_write_load */
327 static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_dir,
328 			  unsigned int *bool_num, char ***bool_pending_names,
329 			  int **bool_pending_values);
330 static int sel_make_classes(struct selinux_policy *newpolicy,
331 			    struct dentry *class_dir,
332 			    unsigned long *last_class_ino);
333 
334 /* declaration for sel_make_class_dirs */
335 static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
336 			unsigned long *ino);
337 
338 /* declaration for sel_make_policy_nodes */
339 static struct dentry *sel_make_swapover_dir(struct super_block *sb,
340 						unsigned long *ino);
341 
342 static ssize_t sel_read_mls(struct file *filp, char __user *buf,
343 				size_t count, loff_t *ppos)
344 {
345 	char tmpbuf[TMPBUFLEN];
346 	ssize_t length;
347 
348 	length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
349 			   security_mls_enabled());
350 	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
351 }
352 
353 static const struct file_operations sel_mls_ops = {
354 	.read		= sel_read_mls,
355 	.llseek		= generic_file_llseek,
356 };
357 
358 struct policy_load_memory {
359 	size_t len;
360 	void *data;
361 };
362 
363 static int sel_open_policy(struct inode *inode, struct file *filp)
364 {
365 	struct selinux_fs_info *fsi = inode->i_sb->s_fs_info;
366 	struct policy_load_memory *plm = NULL;
367 	int rc;
368 
369 	BUG_ON(filp->private_data);
370 
371 	mutex_lock(&selinux_state.policy_mutex);
372 
373 	rc = avc_has_perm(current_sid(), SECINITSID_SECURITY,
374 			  SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL);
375 	if (rc)
376 		goto err;
377 
378 	rc = -EBUSY;
379 	if (fsi->policy_opened)
380 		goto err;
381 
382 	rc = -ENOMEM;
383 	plm = kzalloc(sizeof(*plm), GFP_KERNEL);
384 	if (!plm)
385 		goto err;
386 
387 	rc = security_read_policy(&plm->data, &plm->len);
388 	if (rc)
389 		goto err;
390 
391 	if ((size_t)i_size_read(inode) != plm->len) {
392 		inode_lock(inode);
393 		i_size_write(inode, plm->len);
394 		inode_unlock(inode);
395 	}
396 
397 	fsi->policy_opened = 1;
398 
399 	filp->private_data = plm;
400 
401 	mutex_unlock(&selinux_state.policy_mutex);
402 
403 	return 0;
404 err:
405 	mutex_unlock(&selinux_state.policy_mutex);
406 
407 	if (plm)
408 		vfree(plm->data);
409 	kfree(plm);
410 	return rc;
411 }
412 
413 static int sel_release_policy(struct inode *inode, struct file *filp)
414 {
415 	struct selinux_fs_info *fsi = inode->i_sb->s_fs_info;
416 	struct policy_load_memory *plm = filp->private_data;
417 
418 	BUG_ON(!plm);
419 
420 	fsi->policy_opened = 0;
421 
422 	vfree(plm->data);
423 	kfree(plm);
424 
425 	return 0;
426 }
427 
428 static ssize_t sel_read_policy(struct file *filp, char __user *buf,
429 			       size_t count, loff_t *ppos)
430 {
431 	struct policy_load_memory *plm = filp->private_data;
432 	int ret;
433 
434 	ret = avc_has_perm(current_sid(), SECINITSID_SECURITY,
435 			  SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL);
436 	if (ret)
437 		return ret;
438 
439 	return simple_read_from_buffer(buf, count, ppos, plm->data, plm->len);
440 }
441 
442 static vm_fault_t sel_mmap_policy_fault(struct vm_fault *vmf)
443 {
444 	struct policy_load_memory *plm = vmf->vma->vm_file->private_data;
445 	unsigned long offset;
446 	struct page *page;
447 
448 	if (vmf->flags & (FAULT_FLAG_MKWRITE | FAULT_FLAG_WRITE))
449 		return VM_FAULT_SIGBUS;
450 
451 	offset = vmf->pgoff << PAGE_SHIFT;
452 	if (offset >= roundup(plm->len, PAGE_SIZE))
453 		return VM_FAULT_SIGBUS;
454 
455 	page = vmalloc_to_page(plm->data + offset);
456 	get_page(page);
457 
458 	vmf->page = page;
459 
460 	return 0;
461 }
462 
463 static const struct vm_operations_struct sel_mmap_policy_ops = {
464 	.fault = sel_mmap_policy_fault,
465 	.page_mkwrite = sel_mmap_policy_fault,
466 };
467 
468 static int sel_mmap_policy(struct file *filp, struct vm_area_struct *vma)
469 {
470 	if (vma->vm_flags & VM_SHARED) {
471 		/* do not allow mprotect to make mapping writable */
472 		vm_flags_clear(vma, VM_MAYWRITE);
473 
474 		if (vma->vm_flags & VM_WRITE)
475 			return -EACCES;
476 	}
477 
478 	vm_flags_set(vma, VM_DONTEXPAND | VM_DONTDUMP);
479 	vma->vm_ops = &sel_mmap_policy_ops;
480 
481 	return 0;
482 }
483 
484 static const struct file_operations sel_policy_ops = {
485 	.open		= sel_open_policy,
486 	.read		= sel_read_policy,
487 	.mmap		= sel_mmap_policy,
488 	.release	= sel_release_policy,
489 	.llseek		= generic_file_llseek,
490 };
491 
492 static void sel_remove_old_bool_data(unsigned int bool_num, char **bool_names,
493 				     int *bool_values)
494 {
495 	u32 i;
496 
497 	/* bool_dir cleanup */
498 	for (i = 0; i < bool_num; i++)
499 		kfree(bool_names[i]);
500 	kfree(bool_names);
501 	kfree(bool_values);
502 }
503 
504 static int sel_make_policy_nodes(struct selinux_fs_info *fsi,
505 				struct selinux_policy *newpolicy)
506 {
507 	int ret = 0;
508 	struct dentry *tmp_parent, *tmp_bool_dir, *tmp_class_dir;
509 	unsigned int bool_num = 0;
510 	char **bool_names = NULL;
511 	int *bool_values = NULL;
512 	unsigned long tmp_ino = fsi->last_ino; /* Don't increment last_ino in this function */
513 
514 	tmp_parent = sel_make_swapover_dir(fsi->sb, &tmp_ino);
515 	if (IS_ERR(tmp_parent))
516 		return PTR_ERR(tmp_parent);
517 
518 	tmp_ino = fsi->bool_dir->d_inode->i_ino - 1; /* sel_make_dir will increment and set */
519 	tmp_bool_dir = sel_make_dir(tmp_parent, BOOL_DIR_NAME, &tmp_ino);
520 	if (IS_ERR(tmp_bool_dir)) {
521 		ret = PTR_ERR(tmp_bool_dir);
522 		goto out;
523 	}
524 
525 	tmp_ino = fsi->class_dir->d_inode->i_ino - 1; /* sel_make_dir will increment and set */
526 	tmp_class_dir = sel_make_dir(tmp_parent, CLASS_DIR_NAME, &tmp_ino);
527 	if (IS_ERR(tmp_class_dir)) {
528 		ret = PTR_ERR(tmp_class_dir);
529 		goto out;
530 	}
531 
532 	ret = sel_make_bools(newpolicy, tmp_bool_dir, &bool_num,
533 			     &bool_names, &bool_values);
534 	if (ret)
535 		goto out;
536 
537 	ret = sel_make_classes(newpolicy, tmp_class_dir,
538 			       &fsi->last_class_ino);
539 	if (ret)
540 		goto out;
541 
542 	lock_rename(tmp_parent, fsi->sb->s_root);
543 
544 	/* booleans */
545 	d_exchange(tmp_bool_dir, fsi->bool_dir);
546 
547 	swap(fsi->bool_num, bool_num);
548 	swap(fsi->bool_pending_names, bool_names);
549 	swap(fsi->bool_pending_values, bool_values);
550 
551 	fsi->bool_dir = tmp_bool_dir;
552 
553 	/* classes */
554 	d_exchange(tmp_class_dir, fsi->class_dir);
555 	fsi->class_dir = tmp_class_dir;
556 
557 	unlock_rename(tmp_parent, fsi->sb->s_root);
558 
559 out:
560 	sel_remove_old_bool_data(bool_num, bool_names, bool_values);
561 	/* Since the other temporary dirs are children of tmp_parent
562 	 * this will handle all the cleanup in the case of a failure before
563 	 * the swapover
564 	 */
565 	simple_recursive_removal(tmp_parent, NULL);
566 
567 	return ret;
568 }
569 
570 static ssize_t sel_write_load(struct file *file, const char __user *buf,
571 			      size_t count, loff_t *ppos)
572 
573 {
574 	struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
575 	struct selinux_load_state load_state;
576 	ssize_t length;
577 	void *data = NULL;
578 
579 	mutex_lock(&selinux_state.policy_mutex);
580 
581 	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
582 			      SECCLASS_SECURITY, SECURITY__LOAD_POLICY, NULL);
583 	if (length)
584 		goto out;
585 
586 	/* No partial writes. */
587 	length = -EINVAL;
588 	if (*ppos != 0)
589 		goto out;
590 
591 	length = -ENOMEM;
592 	data = vmalloc(count);
593 	if (!data)
594 		goto out;
595 
596 	length = -EFAULT;
597 	if (copy_from_user(data, buf, count) != 0)
598 		goto out;
599 
600 	length = security_load_policy(data, count, &load_state);
601 	if (length) {
602 		pr_warn_ratelimited("SELinux: failed to load policy\n");
603 		goto out;
604 	}
605 
606 	length = sel_make_policy_nodes(fsi, load_state.policy);
607 	if (length) {
608 		pr_warn_ratelimited("SELinux: failed to initialize selinuxfs\n");
609 		selinux_policy_cancel(&load_state);
610 		goto out;
611 	}
612 
613 	selinux_policy_commit(&load_state);
614 
615 	length = count;
616 
617 	audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
618 		"auid=%u ses=%u lsm=selinux res=1",
619 		from_kuid(&init_user_ns, audit_get_loginuid(current)),
620 		audit_get_sessionid(current));
621 out:
622 	mutex_unlock(&selinux_state.policy_mutex);
623 	vfree(data);
624 	return length;
625 }
626 
627 static const struct file_operations sel_load_ops = {
628 	.write		= sel_write_load,
629 	.llseek		= generic_file_llseek,
630 };
631 
632 static ssize_t sel_write_context(struct file *file, char *buf, size_t size)
633 {
634 	char *canon = NULL;
635 	u32 sid, len;
636 	ssize_t length;
637 
638 	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
639 			      SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, NULL);
640 	if (length)
641 		goto out;
642 
643 	length = security_context_to_sid(buf, size, &sid, GFP_KERNEL);
644 	if (length)
645 		goto out;
646 
647 	length = security_sid_to_context(sid, &canon, &len);
648 	if (length)
649 		goto out;
650 
651 	length = -ERANGE;
652 	if (len > SIMPLE_TRANSACTION_LIMIT) {
653 		pr_err("SELinux: %s:  context size (%u) exceeds "
654 			"payload max\n", __func__, len);
655 		goto out;
656 	}
657 
658 	memcpy(buf, canon, len);
659 	length = len;
660 out:
661 	kfree(canon);
662 	return length;
663 }
664 
665 static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf,
666 				     size_t count, loff_t *ppos)
667 {
668 	char tmpbuf[TMPBUFLEN];
669 	ssize_t length;
670 
671 	length = scnprintf(tmpbuf, TMPBUFLEN, "%u",
672 			   checkreqprot_get());
673 	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
674 }
675 
676 static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
677 				      size_t count, loff_t *ppos)
678 {
679 	char *page;
680 	ssize_t length;
681 	unsigned int new_value;
682 
683 	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
684 			      SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT,
685 			      NULL);
686 	if (length)
687 		return length;
688 
689 	if (count >= PAGE_SIZE)
690 		return -ENOMEM;
691 
692 	/* No partial writes. */
693 	if (*ppos != 0)
694 		return -EINVAL;
695 
696 	page = memdup_user_nul(buf, count);
697 	if (IS_ERR(page))
698 		return PTR_ERR(page);
699 
700 	if (sscanf(page, "%u", &new_value) != 1) {
701 		length = -EINVAL;
702 		goto out;
703 	}
704 	length = count;
705 
706 	if (new_value) {
707 		char comm[sizeof(current->comm)];
708 
709 		memcpy(comm, current->comm, sizeof(comm));
710 		pr_err("SELinux: %s (%d) set checkreqprot to 1. This is no longer supported.\n",
711 		       comm, current->pid);
712 	}
713 
714 	selinux_ima_measure_state();
715 
716 out:
717 	kfree(page);
718 	return length;
719 }
720 static const struct file_operations sel_checkreqprot_ops = {
721 	.read		= sel_read_checkreqprot,
722 	.write		= sel_write_checkreqprot,
723 	.llseek		= generic_file_llseek,
724 };
725 
726 static ssize_t sel_write_validatetrans(struct file *file,
727 					const char __user *buf,
728 					size_t count, loff_t *ppos)
729 {
730 	char *oldcon = NULL, *newcon = NULL, *taskcon = NULL;
731 	char *req = NULL;
732 	u32 osid, nsid, tsid;
733 	u16 tclass;
734 	int rc;
735 
736 	rc = avc_has_perm(current_sid(), SECINITSID_SECURITY,
737 			  SECCLASS_SECURITY, SECURITY__VALIDATE_TRANS, NULL);
738 	if (rc)
739 		goto out;
740 
741 	rc = -ENOMEM;
742 	if (count >= PAGE_SIZE)
743 		goto out;
744 
745 	/* No partial writes. */
746 	rc = -EINVAL;
747 	if (*ppos != 0)
748 		goto out;
749 
750 	req = memdup_user_nul(buf, count);
751 	if (IS_ERR(req)) {
752 		rc = PTR_ERR(req);
753 		req = NULL;
754 		goto out;
755 	}
756 
757 	rc = -ENOMEM;
758 	oldcon = kzalloc(count + 1, GFP_KERNEL);
759 	if (!oldcon)
760 		goto out;
761 
762 	newcon = kzalloc(count + 1, GFP_KERNEL);
763 	if (!newcon)
764 		goto out;
765 
766 	taskcon = kzalloc(count + 1, GFP_KERNEL);
767 	if (!taskcon)
768 		goto out;
769 
770 	rc = -EINVAL;
771 	if (sscanf(req, "%s %s %hu %s", oldcon, newcon, &tclass, taskcon) != 4)
772 		goto out;
773 
774 	rc = security_context_str_to_sid(oldcon, &osid, GFP_KERNEL);
775 	if (rc)
776 		goto out;
777 
778 	rc = security_context_str_to_sid(newcon, &nsid, GFP_KERNEL);
779 	if (rc)
780 		goto out;
781 
782 	rc = security_context_str_to_sid(taskcon, &tsid, GFP_KERNEL);
783 	if (rc)
784 		goto out;
785 
786 	rc = security_validate_transition_user(osid, nsid, tsid, tclass);
787 	if (!rc)
788 		rc = count;
789 out:
790 	kfree(req);
791 	kfree(oldcon);
792 	kfree(newcon);
793 	kfree(taskcon);
794 	return rc;
795 }
796 
797 static const struct file_operations sel_transition_ops = {
798 	.write		= sel_write_validatetrans,
799 	.llseek		= generic_file_llseek,
800 };
801 
802 /*
803  * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c
804  */
805 static ssize_t sel_write_access(struct file *file, char *buf, size_t size);
806 static ssize_t sel_write_create(struct file *file, char *buf, size_t size);
807 static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size);
808 static ssize_t sel_write_user(struct file *file, char *buf, size_t size);
809 static ssize_t sel_write_member(struct file *file, char *buf, size_t size);
810 
811 static ssize_t (*const write_op[])(struct file *, char *, size_t) = {
812 	[SEL_ACCESS] = sel_write_access,
813 	[SEL_CREATE] = sel_write_create,
814 	[SEL_RELABEL] = sel_write_relabel,
815 	[SEL_USER] = sel_write_user,
816 	[SEL_MEMBER] = sel_write_member,
817 	[SEL_CONTEXT] = sel_write_context,
818 };
819 
820 static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos)
821 {
822 	ino_t ino = file_inode(file)->i_ino;
823 	char *data;
824 	ssize_t rv;
825 
826 	if (ino >= ARRAY_SIZE(write_op) || !write_op[ino])
827 		return -EINVAL;
828 
829 	data = simple_transaction_get(file, buf, size);
830 	if (IS_ERR(data))
831 		return PTR_ERR(data);
832 
833 	rv = write_op[ino](file, data, size);
834 	if (rv > 0) {
835 		simple_transaction_set(file, rv);
836 		rv = size;
837 	}
838 	return rv;
839 }
840 
841 static const struct file_operations transaction_ops = {
842 	.write		= selinux_transaction_write,
843 	.read		= simple_transaction_read,
844 	.release	= simple_transaction_release,
845 	.llseek		= generic_file_llseek,
846 };
847 
848 /*
849  * payload - write methods
850  * If the method has a response, the response should be put in buf,
851  * and the length returned.  Otherwise return 0 or and -error.
852  */
853 
854 static ssize_t sel_write_access(struct file *file, char *buf, size_t size)
855 {
856 	char *scon = NULL, *tcon = NULL;
857 	u32 ssid, tsid;
858 	u16 tclass;
859 	struct av_decision avd;
860 	ssize_t length;
861 
862 	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
863 			      SECCLASS_SECURITY, SECURITY__COMPUTE_AV, NULL);
864 	if (length)
865 		goto out;
866 
867 	length = -ENOMEM;
868 	scon = kzalloc(size + 1, GFP_KERNEL);
869 	if (!scon)
870 		goto out;
871 
872 	length = -ENOMEM;
873 	tcon = kzalloc(size + 1, GFP_KERNEL);
874 	if (!tcon)
875 		goto out;
876 
877 	length = -EINVAL;
878 	if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
879 		goto out;
880 
881 	length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
882 	if (length)
883 		goto out;
884 
885 	length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
886 	if (length)
887 		goto out;
888 
889 	security_compute_av_user(ssid, tsid, tclass, &avd);
890 
891 	length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT,
892 			  "%x %x %x %x %u %x",
893 			  avd.allowed, 0xffffffff,
894 			  avd.auditallow, avd.auditdeny,
895 			  avd.seqno, avd.flags);
896 out:
897 	kfree(tcon);
898 	kfree(scon);
899 	return length;
900 }
901 
902 static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
903 {
904 	char *scon = NULL, *tcon = NULL;
905 	char *namebuf = NULL, *objname = NULL;
906 	u32 ssid, tsid, newsid;
907 	u16 tclass;
908 	ssize_t length;
909 	char *newcon = NULL;
910 	u32 len;
911 	int nargs;
912 
913 	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
914 			      SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE,
915 			      NULL);
916 	if (length)
917 		goto out;
918 
919 	length = -ENOMEM;
920 	scon = kzalloc(size + 1, GFP_KERNEL);
921 	if (!scon)
922 		goto out;
923 
924 	length = -ENOMEM;
925 	tcon = kzalloc(size + 1, GFP_KERNEL);
926 	if (!tcon)
927 		goto out;
928 
929 	length = -ENOMEM;
930 	namebuf = kzalloc(size + 1, GFP_KERNEL);
931 	if (!namebuf)
932 		goto out;
933 
934 	length = -EINVAL;
935 	nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf);
936 	if (nargs < 3 || nargs > 4)
937 		goto out;
938 	if (nargs == 4) {
939 		/*
940 		 * If and when the name of new object to be queried contains
941 		 * either whitespace or multibyte characters, they shall be
942 		 * encoded based on the percentage-encoding rule.
943 		 * If not encoded, the sscanf logic picks up only left-half
944 		 * of the supplied name; split by a whitespace unexpectedly.
945 		 */
946 		char   *r, *w;
947 		int     c1, c2;
948 
949 		r = w = namebuf;
950 		do {
951 			c1 = *r++;
952 			if (c1 == '+')
953 				c1 = ' ';
954 			else if (c1 == '%') {
955 				c1 = hex_to_bin(*r++);
956 				if (c1 < 0)
957 					goto out;
958 				c2 = hex_to_bin(*r++);
959 				if (c2 < 0)
960 					goto out;
961 				c1 = (c1 << 4) | c2;
962 			}
963 			*w++ = c1;
964 		} while (c1 != '\0');
965 
966 		objname = namebuf;
967 	}
968 
969 	length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
970 	if (length)
971 		goto out;
972 
973 	length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
974 	if (length)
975 		goto out;
976 
977 	length = security_transition_sid_user(ssid, tsid, tclass,
978 					      objname, &newsid);
979 	if (length)
980 		goto out;
981 
982 	length = security_sid_to_context(newsid, &newcon, &len);
983 	if (length)
984 		goto out;
985 
986 	length = -ERANGE;
987 	if (len > SIMPLE_TRANSACTION_LIMIT) {
988 		pr_err("SELinux: %s:  context size (%u) exceeds "
989 			"payload max\n", __func__, len);
990 		goto out;
991 	}
992 
993 	memcpy(buf, newcon, len);
994 	length = len;
995 out:
996 	kfree(newcon);
997 	kfree(namebuf);
998 	kfree(tcon);
999 	kfree(scon);
1000 	return length;
1001 }
1002 
1003 static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size)
1004 {
1005 	char *scon = NULL, *tcon = NULL;
1006 	u32 ssid, tsid, newsid;
1007 	u16 tclass;
1008 	ssize_t length;
1009 	char *newcon = NULL;
1010 	u32 len;
1011 
1012 	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1013 			      SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL,
1014 			      NULL);
1015 	if (length)
1016 		goto out;
1017 
1018 	length = -ENOMEM;
1019 	scon = kzalloc(size + 1, GFP_KERNEL);
1020 	if (!scon)
1021 		goto out;
1022 
1023 	length = -ENOMEM;
1024 	tcon = kzalloc(size + 1, GFP_KERNEL);
1025 	if (!tcon)
1026 		goto out;
1027 
1028 	length = -EINVAL;
1029 	if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
1030 		goto out;
1031 
1032 	length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
1033 	if (length)
1034 		goto out;
1035 
1036 	length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
1037 	if (length)
1038 		goto out;
1039 
1040 	length = security_change_sid(ssid, tsid, tclass, &newsid);
1041 	if (length)
1042 		goto out;
1043 
1044 	length = security_sid_to_context(newsid, &newcon, &len);
1045 	if (length)
1046 		goto out;
1047 
1048 	length = -ERANGE;
1049 	if (len > SIMPLE_TRANSACTION_LIMIT)
1050 		goto out;
1051 
1052 	memcpy(buf, newcon, len);
1053 	length = len;
1054 out:
1055 	kfree(newcon);
1056 	kfree(tcon);
1057 	kfree(scon);
1058 	return length;
1059 }
1060 
1061 static ssize_t sel_write_user(struct file *file, char *buf, size_t size)
1062 {
1063 	char *con = NULL, *user = NULL, *ptr;
1064 	u32 sid, *sids = NULL;
1065 	ssize_t length;
1066 	char *newcon;
1067 	int rc;
1068 	u32 i, len, nsids;
1069 
1070 	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1071 			      SECCLASS_SECURITY, SECURITY__COMPUTE_USER,
1072 			      NULL);
1073 	if (length)
1074 		goto out;
1075 
1076 	length = -ENOMEM;
1077 	con = kzalloc(size + 1, GFP_KERNEL);
1078 	if (!con)
1079 		goto out;
1080 
1081 	length = -ENOMEM;
1082 	user = kzalloc(size + 1, GFP_KERNEL);
1083 	if (!user)
1084 		goto out;
1085 
1086 	length = -EINVAL;
1087 	if (sscanf(buf, "%s %s", con, user) != 2)
1088 		goto out;
1089 
1090 	length = security_context_str_to_sid(con, &sid, GFP_KERNEL);
1091 	if (length)
1092 		goto out;
1093 
1094 	length = security_get_user_sids(sid, user, &sids, &nsids);
1095 	if (length)
1096 		goto out;
1097 
1098 	length = sprintf(buf, "%u", nsids) + 1;
1099 	ptr = buf + length;
1100 	for (i = 0; i < nsids; i++) {
1101 		rc = security_sid_to_context(sids[i], &newcon, &len);
1102 		if (rc) {
1103 			length = rc;
1104 			goto out;
1105 		}
1106 		if ((length + len) >= SIMPLE_TRANSACTION_LIMIT) {
1107 			kfree(newcon);
1108 			length = -ERANGE;
1109 			goto out;
1110 		}
1111 		memcpy(ptr, newcon, len);
1112 		kfree(newcon);
1113 		ptr += len;
1114 		length += len;
1115 	}
1116 out:
1117 	kfree(sids);
1118 	kfree(user);
1119 	kfree(con);
1120 	return length;
1121 }
1122 
1123 static ssize_t sel_write_member(struct file *file, char *buf, size_t size)
1124 {
1125 	char *scon = NULL, *tcon = NULL;
1126 	u32 ssid, tsid, newsid;
1127 	u16 tclass;
1128 	ssize_t length;
1129 	char *newcon = NULL;
1130 	u32 len;
1131 
1132 	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1133 			      SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER,
1134 			      NULL);
1135 	if (length)
1136 		goto out;
1137 
1138 	length = -ENOMEM;
1139 	scon = kzalloc(size + 1, GFP_KERNEL);
1140 	if (!scon)
1141 		goto out;
1142 
1143 	length = -ENOMEM;
1144 	tcon = kzalloc(size + 1, GFP_KERNEL);
1145 	if (!tcon)
1146 		goto out;
1147 
1148 	length = -EINVAL;
1149 	if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
1150 		goto out;
1151 
1152 	length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
1153 	if (length)
1154 		goto out;
1155 
1156 	length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
1157 	if (length)
1158 		goto out;
1159 
1160 	length = security_member_sid(ssid, tsid, tclass, &newsid);
1161 	if (length)
1162 		goto out;
1163 
1164 	length = security_sid_to_context(newsid, &newcon, &len);
1165 	if (length)
1166 		goto out;
1167 
1168 	length = -ERANGE;
1169 	if (len > SIMPLE_TRANSACTION_LIMIT) {
1170 		pr_err("SELinux: %s:  context size (%u) exceeds "
1171 			"payload max\n", __func__, len);
1172 		goto out;
1173 	}
1174 
1175 	memcpy(buf, newcon, len);
1176 	length = len;
1177 out:
1178 	kfree(newcon);
1179 	kfree(tcon);
1180 	kfree(scon);
1181 	return length;
1182 }
1183 
1184 static struct inode *sel_make_inode(struct super_block *sb, umode_t mode)
1185 {
1186 	struct inode *ret = new_inode(sb);
1187 
1188 	if (ret) {
1189 		ret->i_mode = mode;
1190 		simple_inode_init_ts(ret);
1191 	}
1192 	return ret;
1193 }
1194 
1195 static ssize_t sel_read_bool(struct file *filep, char __user *buf,
1196 			     size_t count, loff_t *ppos)
1197 {
1198 	struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info;
1199 	char *page = NULL;
1200 	ssize_t length;
1201 	ssize_t ret;
1202 	int cur_enforcing;
1203 	unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
1204 	const char *name = filep->f_path.dentry->d_name.name;
1205 
1206 	mutex_lock(&selinux_state.policy_mutex);
1207 
1208 	ret = -EINVAL;
1209 	if (index >= fsi->bool_num || strcmp(name,
1210 					     fsi->bool_pending_names[index]))
1211 		goto out_unlock;
1212 
1213 	ret = -ENOMEM;
1214 	page = (char *)get_zeroed_page(GFP_KERNEL);
1215 	if (!page)
1216 		goto out_unlock;
1217 
1218 	cur_enforcing = security_get_bool_value(index);
1219 	if (cur_enforcing < 0) {
1220 		ret = cur_enforcing;
1221 		goto out_unlock;
1222 	}
1223 	length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing,
1224 			  fsi->bool_pending_values[index]);
1225 	mutex_unlock(&selinux_state.policy_mutex);
1226 	ret = simple_read_from_buffer(buf, count, ppos, page, length);
1227 out_free:
1228 	free_page((unsigned long)page);
1229 	return ret;
1230 
1231 out_unlock:
1232 	mutex_unlock(&selinux_state.policy_mutex);
1233 	goto out_free;
1234 }
1235 
1236 static ssize_t sel_write_bool(struct file *filep, const char __user *buf,
1237 			      size_t count, loff_t *ppos)
1238 {
1239 	struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info;
1240 	char *page = NULL;
1241 	ssize_t length;
1242 	int new_value;
1243 	unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
1244 	const char *name = filep->f_path.dentry->d_name.name;
1245 
1246 	if (count >= PAGE_SIZE)
1247 		return -ENOMEM;
1248 
1249 	/* No partial writes. */
1250 	if (*ppos != 0)
1251 		return -EINVAL;
1252 
1253 	page = memdup_user_nul(buf, count);
1254 	if (IS_ERR(page))
1255 		return PTR_ERR(page);
1256 
1257 	mutex_lock(&selinux_state.policy_mutex);
1258 
1259 	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1260 			      SECCLASS_SECURITY, SECURITY__SETBOOL,
1261 			      NULL);
1262 	if (length)
1263 		goto out;
1264 
1265 	length = -EINVAL;
1266 	if (index >= fsi->bool_num || strcmp(name,
1267 					     fsi->bool_pending_names[index]))
1268 		goto out;
1269 
1270 	length = -EINVAL;
1271 	if (sscanf(page, "%d", &new_value) != 1)
1272 		goto out;
1273 
1274 	if (new_value)
1275 		new_value = 1;
1276 
1277 	fsi->bool_pending_values[index] = new_value;
1278 	length = count;
1279 
1280 out:
1281 	mutex_unlock(&selinux_state.policy_mutex);
1282 	kfree(page);
1283 	return length;
1284 }
1285 
1286 static const struct file_operations sel_bool_ops = {
1287 	.read		= sel_read_bool,
1288 	.write		= sel_write_bool,
1289 	.llseek		= generic_file_llseek,
1290 };
1291 
1292 static ssize_t sel_commit_bools_write(struct file *filep,
1293 				      const char __user *buf,
1294 				      size_t count, loff_t *ppos)
1295 {
1296 	struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info;
1297 	char *page = NULL;
1298 	ssize_t length;
1299 	int new_value;
1300 
1301 	if (count >= PAGE_SIZE)
1302 		return -ENOMEM;
1303 
1304 	/* No partial writes. */
1305 	if (*ppos != 0)
1306 		return -EINVAL;
1307 
1308 	page = memdup_user_nul(buf, count);
1309 	if (IS_ERR(page))
1310 		return PTR_ERR(page);
1311 
1312 	mutex_lock(&selinux_state.policy_mutex);
1313 
1314 	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1315 			      SECCLASS_SECURITY, SECURITY__SETBOOL,
1316 			      NULL);
1317 	if (length)
1318 		goto out;
1319 
1320 	length = -EINVAL;
1321 	if (sscanf(page, "%d", &new_value) != 1)
1322 		goto out;
1323 
1324 	length = 0;
1325 	if (new_value && fsi->bool_pending_values)
1326 		length = security_set_bools(fsi->bool_num,
1327 					    fsi->bool_pending_values);
1328 
1329 	if (!length)
1330 		length = count;
1331 
1332 out:
1333 	mutex_unlock(&selinux_state.policy_mutex);
1334 	kfree(page);
1335 	return length;
1336 }
1337 
1338 static const struct file_operations sel_commit_bools_ops = {
1339 	.write		= sel_commit_bools_write,
1340 	.llseek		= generic_file_llseek,
1341 };
1342 
1343 static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_dir,
1344 			  unsigned int *bool_num, char ***bool_pending_names,
1345 			  int **bool_pending_values)
1346 {
1347 	int ret;
1348 	char **names, *page;
1349 	u32 i, num;
1350 
1351 	page = (char *)get_zeroed_page(GFP_KERNEL);
1352 	if (!page)
1353 		return -ENOMEM;
1354 
1355 	ret = security_get_bools(newpolicy, &num, &names, bool_pending_values);
1356 	if (ret)
1357 		goto out;
1358 
1359 	*bool_num = num;
1360 	*bool_pending_names = names;
1361 
1362 	for (i = 0; i < num; i++) {
1363 		struct dentry *dentry;
1364 		struct inode *inode;
1365 		struct inode_security_struct *isec;
1366 		ssize_t len;
1367 		u32 sid;
1368 
1369 		len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]);
1370 		if (len >= PAGE_SIZE) {
1371 			ret = -ENAMETOOLONG;
1372 			break;
1373 		}
1374 		dentry = d_alloc_name(bool_dir, names[i]);
1375 		if (!dentry) {
1376 			ret = -ENOMEM;
1377 			break;
1378 		}
1379 
1380 		inode = sel_make_inode(bool_dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR);
1381 		if (!inode) {
1382 			dput(dentry);
1383 			ret = -ENOMEM;
1384 			break;
1385 		}
1386 
1387 		isec = selinux_inode(inode);
1388 		ret = selinux_policy_genfs_sid(newpolicy, "selinuxfs", page,
1389 					 SECCLASS_FILE, &sid);
1390 		if (ret) {
1391 			pr_warn_ratelimited("SELinux: no sid found, defaulting to security isid for %s\n",
1392 					   page);
1393 			sid = SECINITSID_SECURITY;
1394 		}
1395 
1396 		isec->sid = sid;
1397 		isec->initialized = LABEL_INITIALIZED;
1398 		inode->i_fop = &sel_bool_ops;
1399 		inode->i_ino = i|SEL_BOOL_INO_OFFSET;
1400 		d_add(dentry, inode);
1401 	}
1402 out:
1403 	free_page((unsigned long)page);
1404 	return ret;
1405 }
1406 
1407 static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf,
1408 					    size_t count, loff_t *ppos)
1409 {
1410 	char tmpbuf[TMPBUFLEN];
1411 	ssize_t length;
1412 
1413 	length = scnprintf(tmpbuf, TMPBUFLEN, "%u",
1414 			   avc_get_cache_threshold());
1415 	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
1416 }
1417 
1418 static ssize_t sel_write_avc_cache_threshold(struct file *file,
1419 					     const char __user *buf,
1420 					     size_t count, loff_t *ppos)
1421 
1422 {
1423 	char *page;
1424 	ssize_t ret;
1425 	unsigned int new_value;
1426 
1427 	ret = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1428 			   SECCLASS_SECURITY, SECURITY__SETSECPARAM,
1429 			   NULL);
1430 	if (ret)
1431 		return ret;
1432 
1433 	if (count >= PAGE_SIZE)
1434 		return -ENOMEM;
1435 
1436 	/* No partial writes. */
1437 	if (*ppos != 0)
1438 		return -EINVAL;
1439 
1440 	page = memdup_user_nul(buf, count);
1441 	if (IS_ERR(page))
1442 		return PTR_ERR(page);
1443 
1444 	ret = -EINVAL;
1445 	if (sscanf(page, "%u", &new_value) != 1)
1446 		goto out;
1447 
1448 	avc_set_cache_threshold(new_value);
1449 
1450 	ret = count;
1451 out:
1452 	kfree(page);
1453 	return ret;
1454 }
1455 
1456 static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf,
1457 				       size_t count, loff_t *ppos)
1458 {
1459 	char *page;
1460 	ssize_t length;
1461 
1462 	page = (char *)__get_free_page(GFP_KERNEL);
1463 	if (!page)
1464 		return -ENOMEM;
1465 
1466 	length = avc_get_hash_stats(page);
1467 	if (length >= 0)
1468 		length = simple_read_from_buffer(buf, count, ppos, page, length);
1469 	free_page((unsigned long)page);
1470 
1471 	return length;
1472 }
1473 
1474 static ssize_t sel_read_sidtab_hash_stats(struct file *filp, char __user *buf,
1475 					size_t count, loff_t *ppos)
1476 {
1477 	char *page;
1478 	ssize_t length;
1479 
1480 	page = (char *)__get_free_page(GFP_KERNEL);
1481 	if (!page)
1482 		return -ENOMEM;
1483 
1484 	length = security_sidtab_hash_stats(page);
1485 	if (length >= 0)
1486 		length = simple_read_from_buffer(buf, count, ppos, page,
1487 						length);
1488 	free_page((unsigned long)page);
1489 
1490 	return length;
1491 }
1492 
1493 static const struct file_operations sel_sidtab_hash_stats_ops = {
1494 	.read		= sel_read_sidtab_hash_stats,
1495 	.llseek		= generic_file_llseek,
1496 };
1497 
1498 static const struct file_operations sel_avc_cache_threshold_ops = {
1499 	.read		= sel_read_avc_cache_threshold,
1500 	.write		= sel_write_avc_cache_threshold,
1501 	.llseek		= generic_file_llseek,
1502 };
1503 
1504 static const struct file_operations sel_avc_hash_stats_ops = {
1505 	.read		= sel_read_avc_hash_stats,
1506 	.llseek		= generic_file_llseek,
1507 };
1508 
1509 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
1510 static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx)
1511 {
1512 	int cpu;
1513 
1514 	for (cpu = *idx; cpu < nr_cpu_ids; ++cpu) {
1515 		if (!cpu_possible(cpu))
1516 			continue;
1517 		*idx = cpu + 1;
1518 		return &per_cpu(avc_cache_stats, cpu);
1519 	}
1520 	(*idx)++;
1521 	return NULL;
1522 }
1523 
1524 static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos)
1525 {
1526 	loff_t n = *pos - 1;
1527 
1528 	if (*pos == 0)
1529 		return SEQ_START_TOKEN;
1530 
1531 	return sel_avc_get_stat_idx(&n);
1532 }
1533 
1534 static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1535 {
1536 	return sel_avc_get_stat_idx(pos);
1537 }
1538 
1539 static int sel_avc_stats_seq_show(struct seq_file *seq, void *v)
1540 {
1541 	struct avc_cache_stats *st = v;
1542 
1543 	if (v == SEQ_START_TOKEN) {
1544 		seq_puts(seq,
1545 			 "lookups hits misses allocations reclaims frees\n");
1546 	} else {
1547 		unsigned int lookups = st->lookups;
1548 		unsigned int misses = st->misses;
1549 		unsigned int hits = lookups - misses;
1550 		seq_printf(seq, "%u %u %u %u %u %u\n", lookups,
1551 			   hits, misses, st->allocations,
1552 			   st->reclaims, st->frees);
1553 	}
1554 	return 0;
1555 }
1556 
1557 static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v)
1558 { }
1559 
1560 static const struct seq_operations sel_avc_cache_stats_seq_ops = {
1561 	.start		= sel_avc_stats_seq_start,
1562 	.next		= sel_avc_stats_seq_next,
1563 	.show		= sel_avc_stats_seq_show,
1564 	.stop		= sel_avc_stats_seq_stop,
1565 };
1566 
1567 static int sel_open_avc_cache_stats(struct inode *inode, struct file *file)
1568 {
1569 	return seq_open(file, &sel_avc_cache_stats_seq_ops);
1570 }
1571 
1572 static const struct file_operations sel_avc_cache_stats_ops = {
1573 	.open		= sel_open_avc_cache_stats,
1574 	.read		= seq_read,
1575 	.llseek		= seq_lseek,
1576 	.release	= seq_release,
1577 };
1578 #endif
1579 
1580 static int sel_make_avc_files(struct dentry *dir)
1581 {
1582 	struct super_block *sb = dir->d_sb;
1583 	struct selinux_fs_info *fsi = sb->s_fs_info;
1584 	unsigned int i;
1585 	static const struct tree_descr files[] = {
1586 		{ "cache_threshold",
1587 		  &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR },
1588 		{ "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO },
1589 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
1590 		{ "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO },
1591 #endif
1592 	};
1593 
1594 	for (i = 0; i < ARRAY_SIZE(files); i++) {
1595 		struct inode *inode;
1596 		struct dentry *dentry;
1597 
1598 		dentry = d_alloc_name(dir, files[i].name);
1599 		if (!dentry)
1600 			return -ENOMEM;
1601 
1602 		inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode);
1603 		if (!inode) {
1604 			dput(dentry);
1605 			return -ENOMEM;
1606 		}
1607 
1608 		inode->i_fop = files[i].ops;
1609 		inode->i_ino = ++fsi->last_ino;
1610 		d_add(dentry, inode);
1611 	}
1612 
1613 	return 0;
1614 }
1615 
1616 static int sel_make_ss_files(struct dentry *dir)
1617 {
1618 	struct super_block *sb = dir->d_sb;
1619 	struct selinux_fs_info *fsi = sb->s_fs_info;
1620 	unsigned int i;
1621 	static const struct tree_descr files[] = {
1622 		{ "sidtab_hash_stats", &sel_sidtab_hash_stats_ops, S_IRUGO },
1623 	};
1624 
1625 	for (i = 0; i < ARRAY_SIZE(files); i++) {
1626 		struct inode *inode;
1627 		struct dentry *dentry;
1628 
1629 		dentry = d_alloc_name(dir, files[i].name);
1630 		if (!dentry)
1631 			return -ENOMEM;
1632 
1633 		inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode);
1634 		if (!inode) {
1635 			dput(dentry);
1636 			return -ENOMEM;
1637 		}
1638 
1639 		inode->i_fop = files[i].ops;
1640 		inode->i_ino = ++fsi->last_ino;
1641 		d_add(dentry, inode);
1642 	}
1643 
1644 	return 0;
1645 }
1646 
1647 static ssize_t sel_read_initcon(struct file *file, char __user *buf,
1648 				size_t count, loff_t *ppos)
1649 {
1650 	char *con;
1651 	u32 sid, len;
1652 	ssize_t ret;
1653 
1654 	sid = file_inode(file)->i_ino&SEL_INO_MASK;
1655 	ret = security_sid_to_context(sid, &con, &len);
1656 	if (ret)
1657 		return ret;
1658 
1659 	ret = simple_read_from_buffer(buf, count, ppos, con, len);
1660 	kfree(con);
1661 	return ret;
1662 }
1663 
1664 static const struct file_operations sel_initcon_ops = {
1665 	.read		= sel_read_initcon,
1666 	.llseek		= generic_file_llseek,
1667 };
1668 
1669 static int sel_make_initcon_files(struct dentry *dir)
1670 {
1671 	unsigned int i;
1672 
1673 	for (i = 1; i <= SECINITSID_NUM; i++) {
1674 		struct inode *inode;
1675 		struct dentry *dentry;
1676 		const char *s = security_get_initial_sid_context(i);
1677 
1678 		if (!s)
1679 			continue;
1680 		dentry = d_alloc_name(dir, s);
1681 		if (!dentry)
1682 			return -ENOMEM;
1683 
1684 		inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1685 		if (!inode) {
1686 			dput(dentry);
1687 			return -ENOMEM;
1688 		}
1689 
1690 		inode->i_fop = &sel_initcon_ops;
1691 		inode->i_ino = i|SEL_INITCON_INO_OFFSET;
1692 		d_add(dentry, inode);
1693 	}
1694 
1695 	return 0;
1696 }
1697 
1698 static inline unsigned long sel_class_to_ino(u16 class)
1699 {
1700 	return (class * (SEL_VEC_MAX + 1)) | SEL_CLASS_INO_OFFSET;
1701 }
1702 
1703 static inline u16 sel_ino_to_class(unsigned long ino)
1704 {
1705 	return (ino & SEL_INO_MASK) / (SEL_VEC_MAX + 1);
1706 }
1707 
1708 static inline unsigned long sel_perm_to_ino(u16 class, u32 perm)
1709 {
1710 	return (class * (SEL_VEC_MAX + 1) + perm) | SEL_CLASS_INO_OFFSET;
1711 }
1712 
1713 static inline u32 sel_ino_to_perm(unsigned long ino)
1714 {
1715 	return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1);
1716 }
1717 
1718 static ssize_t sel_read_class(struct file *file, char __user *buf,
1719 				size_t count, loff_t *ppos)
1720 {
1721 	unsigned long ino = file_inode(file)->i_ino;
1722 	char res[TMPBUFLEN];
1723 	ssize_t len = scnprintf(res, sizeof(res), "%d", sel_ino_to_class(ino));
1724 	return simple_read_from_buffer(buf, count, ppos, res, len);
1725 }
1726 
1727 static const struct file_operations sel_class_ops = {
1728 	.read		= sel_read_class,
1729 	.llseek		= generic_file_llseek,
1730 };
1731 
1732 static ssize_t sel_read_perm(struct file *file, char __user *buf,
1733 				size_t count, loff_t *ppos)
1734 {
1735 	unsigned long ino = file_inode(file)->i_ino;
1736 	char res[TMPBUFLEN];
1737 	ssize_t len = scnprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino));
1738 	return simple_read_from_buffer(buf, count, ppos, res, len);
1739 }
1740 
1741 static const struct file_operations sel_perm_ops = {
1742 	.read		= sel_read_perm,
1743 	.llseek		= generic_file_llseek,
1744 };
1745 
1746 static ssize_t sel_read_policycap(struct file *file, char __user *buf,
1747 				  size_t count, loff_t *ppos)
1748 {
1749 	int value;
1750 	char tmpbuf[TMPBUFLEN];
1751 	ssize_t length;
1752 	unsigned long i_ino = file_inode(file)->i_ino;
1753 
1754 	value = security_policycap_supported(i_ino & SEL_INO_MASK);
1755 	length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value);
1756 
1757 	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
1758 }
1759 
1760 static const struct file_operations sel_policycap_ops = {
1761 	.read		= sel_read_policycap,
1762 	.llseek		= generic_file_llseek,
1763 };
1764 
1765 static int sel_make_perm_files(struct selinux_policy *newpolicy,
1766 			char *objclass, int classvalue,
1767 			struct dentry *dir)
1768 {
1769 	u32 i, nperms;
1770 	int rc;
1771 	char **perms;
1772 
1773 	rc = security_get_permissions(newpolicy, objclass, &perms, &nperms);
1774 	if (rc)
1775 		return rc;
1776 
1777 	for (i = 0; i < nperms; i++) {
1778 		struct inode *inode;
1779 		struct dentry *dentry;
1780 
1781 		rc = -ENOMEM;
1782 		dentry = d_alloc_name(dir, perms[i]);
1783 		if (!dentry)
1784 			goto out;
1785 
1786 		rc = -ENOMEM;
1787 		inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1788 		if (!inode) {
1789 			dput(dentry);
1790 			goto out;
1791 		}
1792 
1793 		inode->i_fop = &sel_perm_ops;
1794 		/* i+1 since perm values are 1-indexed */
1795 		inode->i_ino = sel_perm_to_ino(classvalue, i + 1);
1796 		d_add(dentry, inode);
1797 	}
1798 	rc = 0;
1799 out:
1800 	for (i = 0; i < nperms; i++)
1801 		kfree(perms[i]);
1802 	kfree(perms);
1803 	return rc;
1804 }
1805 
1806 static int sel_make_class_dir_entries(struct selinux_policy *newpolicy,
1807 				char *classname, int index,
1808 				struct dentry *dir)
1809 {
1810 	struct super_block *sb = dir->d_sb;
1811 	struct selinux_fs_info *fsi = sb->s_fs_info;
1812 	struct dentry *dentry = NULL;
1813 	struct inode *inode = NULL;
1814 
1815 	dentry = d_alloc_name(dir, "index");
1816 	if (!dentry)
1817 		return -ENOMEM;
1818 
1819 	inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1820 	if (!inode) {
1821 		dput(dentry);
1822 		return -ENOMEM;
1823 	}
1824 
1825 	inode->i_fop = &sel_class_ops;
1826 	inode->i_ino = sel_class_to_ino(index);
1827 	d_add(dentry, inode);
1828 
1829 	dentry = sel_make_dir(dir, "perms", &fsi->last_class_ino);
1830 	if (IS_ERR(dentry))
1831 		return PTR_ERR(dentry);
1832 
1833 	return sel_make_perm_files(newpolicy, classname, index, dentry);
1834 }
1835 
1836 static int sel_make_classes(struct selinux_policy *newpolicy,
1837 			    struct dentry *class_dir,
1838 			    unsigned long *last_class_ino)
1839 {
1840 	u32 i, nclasses;
1841 	int rc;
1842 	char **classes;
1843 
1844 	rc = security_get_classes(newpolicy, &classes, &nclasses);
1845 	if (rc)
1846 		return rc;
1847 
1848 	/* +2 since classes are 1-indexed */
1849 	*last_class_ino = sel_class_to_ino(nclasses + 2);
1850 
1851 	for (i = 0; i < nclasses; i++) {
1852 		struct dentry *class_name_dir;
1853 
1854 		class_name_dir = sel_make_dir(class_dir, classes[i],
1855 					      last_class_ino);
1856 		if (IS_ERR(class_name_dir)) {
1857 			rc = PTR_ERR(class_name_dir);
1858 			goto out;
1859 		}
1860 
1861 		/* i+1 since class values are 1-indexed */
1862 		rc = sel_make_class_dir_entries(newpolicy, classes[i], i + 1,
1863 				class_name_dir);
1864 		if (rc)
1865 			goto out;
1866 	}
1867 	rc = 0;
1868 out:
1869 	for (i = 0; i < nclasses; i++)
1870 		kfree(classes[i]);
1871 	kfree(classes);
1872 	return rc;
1873 }
1874 
1875 static int sel_make_policycap(struct selinux_fs_info *fsi)
1876 {
1877 	unsigned int iter;
1878 	struct dentry *dentry = NULL;
1879 	struct inode *inode = NULL;
1880 
1881 	for (iter = 0; iter <= POLICYDB_CAP_MAX; iter++) {
1882 		if (iter < ARRAY_SIZE(selinux_policycap_names))
1883 			dentry = d_alloc_name(fsi->policycap_dir,
1884 					      selinux_policycap_names[iter]);
1885 		else
1886 			dentry = d_alloc_name(fsi->policycap_dir, "unknown");
1887 
1888 		if (dentry == NULL)
1889 			return -ENOMEM;
1890 
1891 		inode = sel_make_inode(fsi->sb, S_IFREG | 0444);
1892 		if (inode == NULL) {
1893 			dput(dentry);
1894 			return -ENOMEM;
1895 		}
1896 
1897 		inode->i_fop = &sel_policycap_ops;
1898 		inode->i_ino = iter | SEL_POLICYCAP_INO_OFFSET;
1899 		d_add(dentry, inode);
1900 	}
1901 
1902 	return 0;
1903 }
1904 
1905 static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
1906 			unsigned long *ino)
1907 {
1908 	struct dentry *dentry = d_alloc_name(dir, name);
1909 	struct inode *inode;
1910 
1911 	if (!dentry)
1912 		return ERR_PTR(-ENOMEM);
1913 
1914 	inode = sel_make_inode(dir->d_sb, S_IFDIR | S_IRUGO | S_IXUGO);
1915 	if (!inode) {
1916 		dput(dentry);
1917 		return ERR_PTR(-ENOMEM);
1918 	}
1919 
1920 	inode->i_op = &simple_dir_inode_operations;
1921 	inode->i_fop = &simple_dir_operations;
1922 	inode->i_ino = ++(*ino);
1923 	/* directory inodes start off with i_nlink == 2 (for "." entry) */
1924 	inc_nlink(inode);
1925 	d_add(dentry, inode);
1926 	/* bump link count on parent directory, too */
1927 	inc_nlink(d_inode(dir));
1928 
1929 	return dentry;
1930 }
1931 
1932 static int reject_all(struct mnt_idmap *idmap, struct inode *inode, int mask)
1933 {
1934 	return -EPERM;	// no access for anyone, root or no root.
1935 }
1936 
1937 static const struct inode_operations swapover_dir_inode_operations = {
1938 	.lookup		= simple_lookup,
1939 	.permission	= reject_all,
1940 };
1941 
1942 static struct dentry *sel_make_swapover_dir(struct super_block *sb,
1943 						unsigned long *ino)
1944 {
1945 	struct dentry *dentry = d_alloc_name(sb->s_root, ".swapover");
1946 	struct inode *inode;
1947 
1948 	if (!dentry)
1949 		return ERR_PTR(-ENOMEM);
1950 
1951 	inode = sel_make_inode(sb, S_IFDIR);
1952 	if (!inode) {
1953 		dput(dentry);
1954 		return ERR_PTR(-ENOMEM);
1955 	}
1956 
1957 	inode->i_op = &swapover_dir_inode_operations;
1958 	inode->i_ino = ++(*ino);
1959 	/* directory inodes start off with i_nlink == 2 (for "." entry) */
1960 	inc_nlink(inode);
1961 	inode_lock(sb->s_root->d_inode);
1962 	d_add(dentry, inode);
1963 	inc_nlink(sb->s_root->d_inode);
1964 	inode_unlock(sb->s_root->d_inode);
1965 	return dentry;
1966 }
1967 
1968 #define NULL_FILE_NAME "null"
1969 
1970 static int sel_fill_super(struct super_block *sb, struct fs_context *fc)
1971 {
1972 	struct selinux_fs_info *fsi;
1973 	int ret;
1974 	struct dentry *dentry;
1975 	struct inode *inode;
1976 	struct inode_security_struct *isec;
1977 
1978 	static const struct tree_descr selinux_files[] = {
1979 		[SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR},
1980 		[SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR},
1981 		[SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO},
1982 		[SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO},
1983 		[SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO},
1984 		[SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO},
1985 		[SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO},
1986 		[SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO},
1987 		[SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR},
1988 		[SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO},
1989 		[SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR},
1990 		[SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO},
1991 		[SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR},
1992 		[SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO},
1993 		[SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO},
1994 		[SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO},
1995 		[SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO},
1996 		[SEL_VALIDATE_TRANS] = {"validatetrans", &sel_transition_ops,
1997 					S_IWUGO},
1998 		/* last one */ {""}
1999 	};
2000 
2001 	ret = selinux_fs_info_create(sb);
2002 	if (ret)
2003 		goto err;
2004 
2005 	ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);
2006 	if (ret)
2007 		goto err;
2008 
2009 	fsi = sb->s_fs_info;
2010 	fsi->bool_dir = sel_make_dir(sb->s_root, BOOL_DIR_NAME, &fsi->last_ino);
2011 	if (IS_ERR(fsi->bool_dir)) {
2012 		ret = PTR_ERR(fsi->bool_dir);
2013 		fsi->bool_dir = NULL;
2014 		goto err;
2015 	}
2016 
2017 	ret = -ENOMEM;
2018 	dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME);
2019 	if (!dentry)
2020 		goto err;
2021 
2022 	ret = -ENOMEM;
2023 	inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO);
2024 	if (!inode) {
2025 		dput(dentry);
2026 		goto err;
2027 	}
2028 
2029 	inode->i_ino = ++fsi->last_ino;
2030 	isec = selinux_inode(inode);
2031 	isec->sid = SECINITSID_DEVNULL;
2032 	isec->sclass = SECCLASS_CHR_FILE;
2033 	isec->initialized = LABEL_INITIALIZED;
2034 
2035 	init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3));
2036 	d_add(dentry, inode);
2037 
2038 	dentry = sel_make_dir(sb->s_root, "avc", &fsi->last_ino);
2039 	if (IS_ERR(dentry)) {
2040 		ret = PTR_ERR(dentry);
2041 		goto err;
2042 	}
2043 
2044 	ret = sel_make_avc_files(dentry);
2045 	if (ret)
2046 		goto err;
2047 
2048 	dentry = sel_make_dir(sb->s_root, "ss", &fsi->last_ino);
2049 	if (IS_ERR(dentry)) {
2050 		ret = PTR_ERR(dentry);
2051 		goto err;
2052 	}
2053 
2054 	ret = sel_make_ss_files(dentry);
2055 	if (ret)
2056 		goto err;
2057 
2058 	dentry = sel_make_dir(sb->s_root, "initial_contexts", &fsi->last_ino);
2059 	if (IS_ERR(dentry)) {
2060 		ret = PTR_ERR(dentry);
2061 		goto err;
2062 	}
2063 
2064 	ret = sel_make_initcon_files(dentry);
2065 	if (ret)
2066 		goto err;
2067 
2068 	fsi->class_dir = sel_make_dir(sb->s_root, CLASS_DIR_NAME, &fsi->last_ino);
2069 	if (IS_ERR(fsi->class_dir)) {
2070 		ret = PTR_ERR(fsi->class_dir);
2071 		fsi->class_dir = NULL;
2072 		goto err;
2073 	}
2074 
2075 	fsi->policycap_dir = sel_make_dir(sb->s_root, POLICYCAP_DIR_NAME,
2076 					  &fsi->last_ino);
2077 	if (IS_ERR(fsi->policycap_dir)) {
2078 		ret = PTR_ERR(fsi->policycap_dir);
2079 		fsi->policycap_dir = NULL;
2080 		goto err;
2081 	}
2082 
2083 	ret = sel_make_policycap(fsi);
2084 	if (ret) {
2085 		pr_err("SELinux: failed to load policy capabilities\n");
2086 		goto err;
2087 	}
2088 
2089 	return 0;
2090 err:
2091 	pr_err("SELinux: %s:  failed while creating inodes\n",
2092 		__func__);
2093 
2094 	selinux_fs_info_free(sb);
2095 
2096 	return ret;
2097 }
2098 
2099 static int sel_get_tree(struct fs_context *fc)
2100 {
2101 	return get_tree_single(fc, sel_fill_super);
2102 }
2103 
2104 static const struct fs_context_operations sel_context_ops = {
2105 	.get_tree	= sel_get_tree,
2106 };
2107 
2108 static int sel_init_fs_context(struct fs_context *fc)
2109 {
2110 	fc->ops = &sel_context_ops;
2111 	return 0;
2112 }
2113 
2114 static void sel_kill_sb(struct super_block *sb)
2115 {
2116 	selinux_fs_info_free(sb);
2117 	kill_litter_super(sb);
2118 }
2119 
2120 static struct file_system_type sel_fs_type = {
2121 	.name		= "selinuxfs",
2122 	.init_fs_context = sel_init_fs_context,
2123 	.kill_sb	= sel_kill_sb,
2124 };
2125 
2126 static struct vfsmount *selinuxfs_mount __ro_after_init;
2127 struct path selinux_null __ro_after_init;
2128 
2129 static int __init init_sel_fs(void)
2130 {
2131 	struct qstr null_name = QSTR_INIT(NULL_FILE_NAME,
2132 					  sizeof(NULL_FILE_NAME)-1);
2133 	int err;
2134 
2135 	if (!selinux_enabled_boot)
2136 		return 0;
2137 
2138 	err = sysfs_create_mount_point(fs_kobj, "selinux");
2139 	if (err)
2140 		return err;
2141 
2142 	err = register_filesystem(&sel_fs_type);
2143 	if (err) {
2144 		sysfs_remove_mount_point(fs_kobj, "selinux");
2145 		return err;
2146 	}
2147 
2148 	selinux_null.mnt = selinuxfs_mount = kern_mount(&sel_fs_type);
2149 	if (IS_ERR(selinuxfs_mount)) {
2150 		pr_err("selinuxfs:  could not mount!\n");
2151 		err = PTR_ERR(selinuxfs_mount);
2152 		selinuxfs_mount = NULL;
2153 	}
2154 	selinux_null.dentry = d_hash_and_lookup(selinux_null.mnt->mnt_root,
2155 						&null_name);
2156 	if (IS_ERR(selinux_null.dentry)) {
2157 		pr_err("selinuxfs:  could not lookup null!\n");
2158 		err = PTR_ERR(selinux_null.dentry);
2159 		selinux_null.dentry = NULL;
2160 	}
2161 
2162 	return err;
2163 }
2164 
2165 __initcall(init_sel_fs);
2166