1 // SPDX-License-Identifier: GPL-2.0-only 2 /* Updated: Karl MacMillan <kmacmillan@tresys.com> 3 * 4 * Added conditional policy language extensions 5 * 6 * Updated: Hewlett-Packard <paul@paul-moore.com> 7 * 8 * Added support for the policy capability bitmap 9 * 10 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 11 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 12 * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 13 */ 14 15 #include <linux/kernel.h> 16 #include <linux/pagemap.h> 17 #include <linux/slab.h> 18 #include <linux/vmalloc.h> 19 #include <linux/fs.h> 20 #include <linux/fs_context.h> 21 #include <linux/mount.h> 22 #include <linux/mutex.h> 23 #include <linux/namei.h> 24 #include <linux/init.h> 25 #include <linux/string.h> 26 #include <linux/security.h> 27 #include <linux/major.h> 28 #include <linux/seq_file.h> 29 #include <linux/percpu.h> 30 #include <linux/audit.h> 31 #include <linux/uaccess.h> 32 #include <linux/kobject.h> 33 #include <linux/ctype.h> 34 35 /* selinuxfs pseudo filesystem for exporting the security policy API. 36 Based on the proc code and the fs/nfsd/nfsctl.c code. */ 37 38 #include "initcalls.h" 39 #include "flask.h" 40 #include "avc.h" 41 #include "avc_ss.h" 42 #include "security.h" 43 #include "objsec.h" 44 #include "conditional.h" 45 #include "ima.h" 46 47 enum sel_inos { 48 SEL_ROOT_INO = 2, 49 SEL_LOAD, /* load policy */ 50 SEL_ENFORCE, /* get or set enforcing status */ 51 SEL_CONTEXT, /* validate context */ 52 SEL_ACCESS, /* compute access decision */ 53 SEL_CREATE, /* compute create labeling decision */ 54 SEL_RELABEL, /* compute relabeling decision */ 55 SEL_USER, /* compute reachable user contexts */ 56 SEL_POLICYVERS, /* return policy version for this kernel */ 57 SEL_COMMIT_BOOLS, /* commit new boolean values */ 58 SEL_MLS, /* return if MLS policy is enabled */ 59 SEL_DISABLE, /* disable SELinux until next reboot */ 60 SEL_MEMBER, /* compute polyinstantiation membership decision */ 61 SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */ 62 SEL_COMPAT_NET, /* whether to use old compat network packet controls */ 63 SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */ 64 SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */ 65 SEL_STATUS, /* export current status using mmap() */ 66 SEL_POLICY, /* allow userspace to read the in kernel policy */ 67 SEL_VALIDATE_TRANS, /* compute validatetrans decision */ 68 SEL_INO_NEXT, /* The next inode number to use */ 69 }; 70 71 struct selinux_fs_info { 72 struct dentry *bool_dir; 73 unsigned int bool_num; 74 char **bool_pending_names; 75 int *bool_pending_values; 76 struct dentry *class_dir; 77 unsigned long last_class_ino; 78 bool policy_opened; 79 struct dentry *policycap_dir; 80 unsigned long last_ino; 81 struct super_block *sb; 82 }; 83 84 static int selinux_fs_info_create(struct super_block *sb) 85 { 86 struct selinux_fs_info *fsi; 87 88 fsi = kzalloc(sizeof(*fsi), GFP_KERNEL); 89 if (!fsi) 90 return -ENOMEM; 91 92 fsi->last_ino = SEL_INO_NEXT - 1; 93 fsi->sb = sb; 94 sb->s_fs_info = fsi; 95 return 0; 96 } 97 98 static void selinux_fs_info_free(struct super_block *sb) 99 { 100 struct selinux_fs_info *fsi = sb->s_fs_info; 101 unsigned int i; 102 103 if (fsi) { 104 for (i = 0; i < fsi->bool_num; i++) 105 kfree(fsi->bool_pending_names[i]); 106 kfree(fsi->bool_pending_names); 107 kfree(fsi->bool_pending_values); 108 } 109 kfree(sb->s_fs_info); 110 sb->s_fs_info = NULL; 111 } 112 113 #define SEL_INITCON_INO_OFFSET 0x01000000 114 #define SEL_BOOL_INO_OFFSET 0x02000000 115 #define SEL_CLASS_INO_OFFSET 0x04000000 116 #define SEL_POLICYCAP_INO_OFFSET 0x08000000 117 #define SEL_INO_MASK 0x00ffffff 118 119 #define BOOL_DIR_NAME "booleans" 120 #define CLASS_DIR_NAME "class" 121 #define POLICYCAP_DIR_NAME "policy_capabilities" 122 123 #define TMPBUFLEN 12 124 static ssize_t sel_read_enforce(struct file *filp, char __user *buf, 125 size_t count, loff_t *ppos) 126 { 127 char tmpbuf[TMPBUFLEN]; 128 ssize_t length; 129 130 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", 131 enforcing_enabled()); 132 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 133 } 134 135 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP 136 static ssize_t sel_write_enforce(struct file *file, const char __user *buf, 137 size_t count, loff_t *ppos) 138 139 { 140 char *page = NULL; 141 ssize_t length; 142 int scan_value; 143 bool old_value, new_value; 144 145 if (count >= PAGE_SIZE) 146 return -ENOMEM; 147 148 /* No partial writes. */ 149 if (*ppos != 0) 150 return -EINVAL; 151 152 page = memdup_user_nul(buf, count); 153 if (IS_ERR(page)) 154 return PTR_ERR(page); 155 156 length = -EINVAL; 157 if (sscanf(page, "%d", &scan_value) != 1) 158 goto out; 159 160 new_value = !!scan_value; 161 162 old_value = enforcing_enabled(); 163 if (new_value != old_value) { 164 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 165 SECCLASS_SECURITY, SECURITY__SETENFORCE, 166 NULL); 167 if (length) 168 goto out; 169 audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS, 170 "enforcing=%d old_enforcing=%d auid=%u ses=%u" 171 " enabled=1 old-enabled=1 lsm=selinux res=1", 172 new_value, old_value, 173 from_kuid(&init_user_ns, audit_get_loginuid(current)), 174 audit_get_sessionid(current)); 175 enforcing_set(new_value); 176 if (new_value) 177 avc_ss_reset(0); 178 selnl_notify_setenforce(new_value); 179 selinux_status_update_setenforce(new_value); 180 if (!new_value) 181 call_blocking_lsm_notifier(LSM_POLICY_CHANGE, NULL); 182 183 selinux_ima_measure_state(); 184 } 185 length = count; 186 out: 187 kfree(page); 188 return length; 189 } 190 #else 191 #define sel_write_enforce NULL 192 #endif 193 194 static const struct file_operations sel_enforce_ops = { 195 .read = sel_read_enforce, 196 .write = sel_write_enforce, 197 .llseek = generic_file_llseek, 198 }; 199 200 static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf, 201 size_t count, loff_t *ppos) 202 { 203 char tmpbuf[TMPBUFLEN]; 204 ssize_t length; 205 ino_t ino = file_inode(filp)->i_ino; 206 int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ? 207 security_get_reject_unknown() : 208 !security_get_allow_unknown(); 209 210 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown); 211 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 212 } 213 214 static const struct file_operations sel_handle_unknown_ops = { 215 .read = sel_read_handle_unknown, 216 .llseek = generic_file_llseek, 217 }; 218 219 static int sel_open_handle_status(struct inode *inode, struct file *filp) 220 { 221 struct page *status = selinux_kernel_status_page(); 222 223 if (!status) 224 return -ENOMEM; 225 226 filp->private_data = status; 227 228 return 0; 229 } 230 231 static ssize_t sel_read_handle_status(struct file *filp, char __user *buf, 232 size_t count, loff_t *ppos) 233 { 234 struct page *status = filp->private_data; 235 236 BUG_ON(!status); 237 238 return simple_read_from_buffer(buf, count, ppos, 239 page_address(status), 240 sizeof(struct selinux_kernel_status)); 241 } 242 243 static int sel_mmap_handle_status(struct file *filp, 244 struct vm_area_struct *vma) 245 { 246 struct page *status = filp->private_data; 247 unsigned long size = vma->vm_end - vma->vm_start; 248 249 BUG_ON(!status); 250 251 /* only allows one page from the head */ 252 if (vma->vm_pgoff > 0 || size != PAGE_SIZE) 253 return -EIO; 254 /* disallow writable mapping */ 255 if (vma->vm_flags & VM_WRITE) 256 return -EPERM; 257 /* disallow mprotect() turns it into writable */ 258 vm_flags_clear(vma, VM_MAYWRITE); 259 260 return remap_pfn_range(vma, vma->vm_start, 261 page_to_pfn(status), 262 size, vma->vm_page_prot); 263 } 264 265 static const struct file_operations sel_handle_status_ops = { 266 .open = sel_open_handle_status, 267 .read = sel_read_handle_status, 268 .mmap = sel_mmap_handle_status, 269 .llseek = generic_file_llseek, 270 }; 271 272 static ssize_t sel_write_disable(struct file *file, const char __user *buf, 273 size_t count, loff_t *ppos) 274 275 { 276 char *page; 277 ssize_t length; 278 int new_value; 279 280 if (count >= PAGE_SIZE) 281 return -ENOMEM; 282 283 /* No partial writes. */ 284 if (*ppos != 0) 285 return -EINVAL; 286 287 page = memdup_user_nul(buf, count); 288 if (IS_ERR(page)) 289 return PTR_ERR(page); 290 291 if (sscanf(page, "%d", &new_value) != 1) { 292 length = -EINVAL; 293 goto out; 294 } 295 length = count; 296 297 if (new_value) { 298 pr_err("SELinux: https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-runtime-disable\n"); 299 pr_err("SELinux: Runtime disable is not supported, use selinux=0 on the kernel cmdline.\n"); 300 } 301 302 out: 303 kfree(page); 304 return length; 305 } 306 307 static const struct file_operations sel_disable_ops = { 308 .write = sel_write_disable, 309 .llseek = generic_file_llseek, 310 }; 311 312 static ssize_t sel_read_policyvers(struct file *filp, char __user *buf, 313 size_t count, loff_t *ppos) 314 { 315 char tmpbuf[TMPBUFLEN]; 316 ssize_t length; 317 318 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX); 319 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 320 } 321 322 static const struct file_operations sel_policyvers_ops = { 323 .read = sel_read_policyvers, 324 .llseek = generic_file_llseek, 325 }; 326 327 /* declaration for sel_write_load */ 328 static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_dir, 329 unsigned int *bool_num, char ***bool_pending_names, 330 int **bool_pending_values); 331 static int sel_make_classes(struct selinux_policy *newpolicy, 332 struct dentry *class_dir, 333 unsigned long *last_class_ino); 334 335 /* declaration for sel_make_class_dirs */ 336 static struct dentry *sel_make_dir(struct dentry *dir, const char *name, 337 unsigned long *ino); 338 339 /* declaration for sel_make_policy_nodes */ 340 static struct dentry *sel_make_swapover_dir(struct super_block *sb, 341 unsigned long *ino); 342 343 static ssize_t sel_read_mls(struct file *filp, char __user *buf, 344 size_t count, loff_t *ppos) 345 { 346 char tmpbuf[TMPBUFLEN]; 347 ssize_t length; 348 349 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", 350 security_mls_enabled()); 351 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 352 } 353 354 static const struct file_operations sel_mls_ops = { 355 .read = sel_read_mls, 356 .llseek = generic_file_llseek, 357 }; 358 359 struct policy_load_memory { 360 size_t len; 361 void *data; 362 }; 363 364 static int sel_open_policy(struct inode *inode, struct file *filp) 365 { 366 struct selinux_fs_info *fsi = inode->i_sb->s_fs_info; 367 struct policy_load_memory *plm = NULL; 368 int rc; 369 370 BUG_ON(filp->private_data); 371 372 mutex_lock(&selinux_state.policy_mutex); 373 374 rc = avc_has_perm(current_sid(), SECINITSID_SECURITY, 375 SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL); 376 if (rc) 377 goto err; 378 379 rc = -EBUSY; 380 if (fsi->policy_opened) 381 goto err; 382 383 rc = -ENOMEM; 384 plm = kzalloc(sizeof(*plm), GFP_KERNEL); 385 if (!plm) 386 goto err; 387 388 rc = security_read_policy(&plm->data, &plm->len); 389 if (rc) 390 goto err; 391 392 if ((size_t)i_size_read(inode) != plm->len) { 393 inode_lock(inode); 394 i_size_write(inode, plm->len); 395 inode_unlock(inode); 396 } 397 398 fsi->policy_opened = 1; 399 400 filp->private_data = plm; 401 402 mutex_unlock(&selinux_state.policy_mutex); 403 404 return 0; 405 err: 406 mutex_unlock(&selinux_state.policy_mutex); 407 408 if (plm) 409 vfree(plm->data); 410 kfree(plm); 411 return rc; 412 } 413 414 static int sel_release_policy(struct inode *inode, struct file *filp) 415 { 416 struct selinux_fs_info *fsi = inode->i_sb->s_fs_info; 417 struct policy_load_memory *plm = filp->private_data; 418 419 BUG_ON(!plm); 420 421 fsi->policy_opened = 0; 422 423 vfree(plm->data); 424 kfree(plm); 425 426 return 0; 427 } 428 429 static ssize_t sel_read_policy(struct file *filp, char __user *buf, 430 size_t count, loff_t *ppos) 431 { 432 struct policy_load_memory *plm = filp->private_data; 433 int ret; 434 435 ret = avc_has_perm(current_sid(), SECINITSID_SECURITY, 436 SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL); 437 if (ret) 438 return ret; 439 440 return simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); 441 } 442 443 static vm_fault_t sel_mmap_policy_fault(struct vm_fault *vmf) 444 { 445 struct policy_load_memory *plm = vmf->vma->vm_file->private_data; 446 unsigned long offset; 447 struct page *page; 448 449 if (vmf->flags & (FAULT_FLAG_MKWRITE | FAULT_FLAG_WRITE)) 450 return VM_FAULT_SIGBUS; 451 452 offset = vmf->pgoff << PAGE_SHIFT; 453 if (offset >= roundup(plm->len, PAGE_SIZE)) 454 return VM_FAULT_SIGBUS; 455 456 page = vmalloc_to_page(plm->data + offset); 457 get_page(page); 458 459 vmf->page = page; 460 461 return 0; 462 } 463 464 static const struct vm_operations_struct sel_mmap_policy_ops = { 465 .fault = sel_mmap_policy_fault, 466 .page_mkwrite = sel_mmap_policy_fault, 467 }; 468 469 static int sel_mmap_policy(struct file *filp, struct vm_area_struct *vma) 470 { 471 if (vma->vm_flags & VM_SHARED) { 472 /* do not allow mprotect to make mapping writable */ 473 vm_flags_clear(vma, VM_MAYWRITE); 474 475 if (vma->vm_flags & VM_WRITE) 476 return -EACCES; 477 } 478 479 vm_flags_set(vma, VM_DONTEXPAND | VM_DONTDUMP); 480 vma->vm_ops = &sel_mmap_policy_ops; 481 482 return 0; 483 } 484 485 static const struct file_operations sel_policy_ops = { 486 .open = sel_open_policy, 487 .read = sel_read_policy, 488 .mmap = sel_mmap_policy, 489 .release = sel_release_policy, 490 .llseek = generic_file_llseek, 491 }; 492 493 static void sel_remove_old_bool_data(unsigned int bool_num, char **bool_names, 494 int *bool_values) 495 { 496 u32 i; 497 498 /* bool_dir cleanup */ 499 for (i = 0; i < bool_num; i++) 500 kfree(bool_names[i]); 501 kfree(bool_names); 502 kfree(bool_values); 503 } 504 505 static int sel_make_policy_nodes(struct selinux_fs_info *fsi, 506 struct selinux_policy *newpolicy) 507 { 508 int ret = 0; 509 struct dentry *tmp_parent, *tmp_bool_dir, *tmp_class_dir; 510 struct renamedata rd = {}; 511 unsigned int bool_num = 0; 512 char **bool_names = NULL; 513 int *bool_values = NULL; 514 unsigned long tmp_ino = fsi->last_ino; /* Don't increment last_ino in this function */ 515 516 tmp_parent = sel_make_swapover_dir(fsi->sb, &tmp_ino); 517 if (IS_ERR(tmp_parent)) 518 return PTR_ERR(tmp_parent); 519 520 tmp_ino = fsi->bool_dir->d_inode->i_ino - 1; /* sel_make_dir will increment and set */ 521 tmp_bool_dir = sel_make_dir(tmp_parent, BOOL_DIR_NAME, &tmp_ino); 522 if (IS_ERR(tmp_bool_dir)) { 523 ret = PTR_ERR(tmp_bool_dir); 524 goto out; 525 } 526 527 tmp_ino = fsi->class_dir->d_inode->i_ino - 1; /* sel_make_dir will increment and set */ 528 tmp_class_dir = sel_make_dir(tmp_parent, CLASS_DIR_NAME, &tmp_ino); 529 if (IS_ERR(tmp_class_dir)) { 530 ret = PTR_ERR(tmp_class_dir); 531 goto out; 532 } 533 534 ret = sel_make_bools(newpolicy, tmp_bool_dir, &bool_num, 535 &bool_names, &bool_values); 536 if (ret) 537 goto out; 538 539 ret = sel_make_classes(newpolicy, tmp_class_dir, 540 &fsi->last_class_ino); 541 if (ret) 542 goto out; 543 544 rd.old_parent = tmp_parent; 545 rd.new_parent = fsi->sb->s_root; 546 547 /* booleans */ 548 ret = start_renaming_two_dentries(&rd, tmp_bool_dir, fsi->bool_dir); 549 if (ret) 550 goto out; 551 552 d_exchange(tmp_bool_dir, fsi->bool_dir); 553 554 swap(fsi->bool_num, bool_num); 555 swap(fsi->bool_pending_names, bool_names); 556 swap(fsi->bool_pending_values, bool_values); 557 558 fsi->bool_dir = tmp_bool_dir; 559 end_renaming(&rd); 560 561 /* classes */ 562 ret = start_renaming_two_dentries(&rd, tmp_class_dir, fsi->class_dir); 563 if (ret) 564 goto out; 565 566 d_exchange(tmp_class_dir, fsi->class_dir); 567 fsi->class_dir = tmp_class_dir; 568 569 end_renaming(&rd); 570 571 out: 572 sel_remove_old_bool_data(bool_num, bool_names, bool_values); 573 /* Since the other temporary dirs are children of tmp_parent 574 * this will handle all the cleanup in the case of a failure before 575 * the swapover 576 */ 577 simple_recursive_removal(tmp_parent, NULL); 578 579 return ret; 580 } 581 582 static ssize_t sel_write_load(struct file *file, const char __user *buf, 583 size_t count, loff_t *ppos) 584 585 { 586 struct selinux_fs_info *fsi; 587 struct selinux_load_state load_state; 588 ssize_t length; 589 void *data = NULL; 590 591 /* no partial writes */ 592 if (*ppos) 593 return -EINVAL; 594 /* no empty policies */ 595 if (!count) 596 return -EINVAL; 597 598 mutex_lock(&selinux_state.policy_mutex); 599 600 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 601 SECCLASS_SECURITY, SECURITY__LOAD_POLICY, NULL); 602 if (length) 603 goto out; 604 605 data = vmalloc(count); 606 if (!data) { 607 length = -ENOMEM; 608 goto out; 609 } 610 if (copy_from_user(data, buf, count) != 0) { 611 length = -EFAULT; 612 goto out; 613 } 614 615 length = security_load_policy(data, count, &load_state); 616 if (length) { 617 pr_warn_ratelimited("SELinux: failed to load policy\n"); 618 goto out; 619 } 620 fsi = file_inode(file)->i_sb->s_fs_info; 621 length = sel_make_policy_nodes(fsi, load_state.policy); 622 if (length) { 623 pr_warn_ratelimited("SELinux: failed to initialize selinuxfs\n"); 624 selinux_policy_cancel(&load_state); 625 goto out; 626 } 627 628 selinux_policy_commit(&load_state); 629 length = count; 630 audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, 631 "auid=%u ses=%u lsm=selinux res=1", 632 from_kuid(&init_user_ns, audit_get_loginuid(current)), 633 audit_get_sessionid(current)); 634 635 out: 636 mutex_unlock(&selinux_state.policy_mutex); 637 vfree(data); 638 return length; 639 } 640 641 static const struct file_operations sel_load_ops = { 642 .write = sel_write_load, 643 .llseek = generic_file_llseek, 644 }; 645 646 static ssize_t sel_write_context(struct file *file, char *buf, size_t size) 647 { 648 char *canon = NULL; 649 u32 sid, len; 650 ssize_t length; 651 652 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 653 SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, NULL); 654 if (length) 655 goto out; 656 657 length = security_context_to_sid(buf, size, &sid, GFP_KERNEL); 658 if (length) 659 goto out; 660 661 length = security_sid_to_context(sid, &canon, &len); 662 if (length) 663 goto out; 664 665 length = -ERANGE; 666 if (len > SIMPLE_TRANSACTION_LIMIT) { 667 pr_err("SELinux: %s: context size (%u) exceeds " 668 "payload max\n", __func__, len); 669 goto out; 670 } 671 672 memcpy(buf, canon, len); 673 length = len; 674 out: 675 kfree(canon); 676 return length; 677 } 678 679 static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf, 680 size_t count, loff_t *ppos) 681 { 682 char tmpbuf[TMPBUFLEN]; 683 ssize_t length; 684 685 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", 686 checkreqprot_get()); 687 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 688 } 689 690 static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, 691 size_t count, loff_t *ppos) 692 { 693 char *page; 694 ssize_t length; 695 unsigned int new_value; 696 697 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 698 SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT, 699 NULL); 700 if (length) 701 return length; 702 703 if (count >= PAGE_SIZE) 704 return -ENOMEM; 705 706 /* No partial writes. */ 707 if (*ppos != 0) 708 return -EINVAL; 709 710 page = memdup_user_nul(buf, count); 711 if (IS_ERR(page)) 712 return PTR_ERR(page); 713 714 if (sscanf(page, "%u", &new_value) != 1) { 715 length = -EINVAL; 716 goto out; 717 } 718 length = count; 719 720 if (new_value) { 721 char comm[sizeof(current->comm)]; 722 723 strscpy(comm, current->comm); 724 pr_err("SELinux: %s (%d) set checkreqprot to 1. This is no longer supported.\n", 725 comm, current->pid); 726 } 727 728 selinux_ima_measure_state(); 729 730 out: 731 kfree(page); 732 return length; 733 } 734 static const struct file_operations sel_checkreqprot_ops = { 735 .read = sel_read_checkreqprot, 736 .write = sel_write_checkreqprot, 737 .llseek = generic_file_llseek, 738 }; 739 740 static ssize_t sel_write_validatetrans(struct file *file, 741 const char __user *buf, 742 size_t count, loff_t *ppos) 743 { 744 char *oldcon = NULL, *newcon = NULL, *taskcon = NULL; 745 char *req = NULL; 746 u32 osid, nsid, tsid; 747 u16 tclass; 748 int rc; 749 750 rc = avc_has_perm(current_sid(), SECINITSID_SECURITY, 751 SECCLASS_SECURITY, SECURITY__VALIDATE_TRANS, NULL); 752 if (rc) 753 goto out; 754 755 rc = -ENOMEM; 756 if (count >= PAGE_SIZE) 757 goto out; 758 759 /* No partial writes. */ 760 rc = -EINVAL; 761 if (*ppos != 0) 762 goto out; 763 764 req = memdup_user_nul(buf, count); 765 if (IS_ERR(req)) { 766 rc = PTR_ERR(req); 767 req = NULL; 768 goto out; 769 } 770 771 rc = -ENOMEM; 772 oldcon = kzalloc(count + 1, GFP_KERNEL); 773 if (!oldcon) 774 goto out; 775 776 newcon = kzalloc(count + 1, GFP_KERNEL); 777 if (!newcon) 778 goto out; 779 780 taskcon = kzalloc(count + 1, GFP_KERNEL); 781 if (!taskcon) 782 goto out; 783 784 rc = -EINVAL; 785 if (sscanf(req, "%s %s %hu %s", oldcon, newcon, &tclass, taskcon) != 4) 786 goto out; 787 788 rc = security_context_str_to_sid(oldcon, &osid, GFP_KERNEL); 789 if (rc) 790 goto out; 791 792 rc = security_context_str_to_sid(newcon, &nsid, GFP_KERNEL); 793 if (rc) 794 goto out; 795 796 rc = security_context_str_to_sid(taskcon, &tsid, GFP_KERNEL); 797 if (rc) 798 goto out; 799 800 rc = security_validate_transition_user(osid, nsid, tsid, tclass); 801 if (!rc) 802 rc = count; 803 out: 804 kfree(req); 805 kfree(oldcon); 806 kfree(newcon); 807 kfree(taskcon); 808 return rc; 809 } 810 811 static const struct file_operations sel_transition_ops = { 812 .write = sel_write_validatetrans, 813 .llseek = generic_file_llseek, 814 }; 815 816 /* 817 * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c 818 */ 819 static ssize_t sel_write_access(struct file *file, char *buf, size_t size); 820 static ssize_t sel_write_create(struct file *file, char *buf, size_t size); 821 static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size); 822 static ssize_t sel_write_user(struct file *file, char *buf, size_t size); 823 static ssize_t sel_write_member(struct file *file, char *buf, size_t size); 824 825 static ssize_t (*const write_op[])(struct file *, char *, size_t) = { 826 [SEL_ACCESS] = sel_write_access, 827 [SEL_CREATE] = sel_write_create, 828 [SEL_RELABEL] = sel_write_relabel, 829 [SEL_USER] = sel_write_user, 830 [SEL_MEMBER] = sel_write_member, 831 [SEL_CONTEXT] = sel_write_context, 832 }; 833 834 static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos) 835 { 836 ino_t ino = file_inode(file)->i_ino; 837 char *data; 838 ssize_t rv; 839 840 if (ino >= ARRAY_SIZE(write_op) || !write_op[ino]) 841 return -EINVAL; 842 843 data = simple_transaction_get(file, buf, size); 844 if (IS_ERR(data)) 845 return PTR_ERR(data); 846 847 rv = write_op[ino](file, data, size); 848 if (rv > 0) { 849 simple_transaction_set(file, rv); 850 rv = size; 851 } 852 return rv; 853 } 854 855 static const struct file_operations transaction_ops = { 856 .write = selinux_transaction_write, 857 .read = simple_transaction_read, 858 .release = simple_transaction_release, 859 .llseek = generic_file_llseek, 860 }; 861 862 /* 863 * payload - write methods 864 * If the method has a response, the response should be put in buf, 865 * and the length returned. Otherwise return 0 or and -error. 866 */ 867 868 static ssize_t sel_write_access(struct file *file, char *buf, size_t size) 869 { 870 char *scon = NULL, *tcon = NULL; 871 u32 ssid, tsid; 872 u16 tclass; 873 struct av_decision avd; 874 ssize_t length; 875 876 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 877 SECCLASS_SECURITY, SECURITY__COMPUTE_AV, NULL); 878 if (length) 879 goto out; 880 881 length = -ENOMEM; 882 scon = kzalloc(size + 1, GFP_KERNEL); 883 if (!scon) 884 goto out; 885 886 length = -ENOMEM; 887 tcon = kzalloc(size + 1, GFP_KERNEL); 888 if (!tcon) 889 goto out; 890 891 length = -EINVAL; 892 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 893 goto out; 894 895 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL); 896 if (length) 897 goto out; 898 899 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL); 900 if (length) 901 goto out; 902 903 security_compute_av_user(ssid, tsid, tclass, &avd); 904 905 length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT, 906 "%x %x %x %x %u %x", 907 avd.allowed, 0xffffffff, 908 avd.auditallow, avd.auditdeny, 909 avd.seqno, avd.flags); 910 out: 911 kfree(tcon); 912 kfree(scon); 913 return length; 914 } 915 916 static ssize_t sel_write_create(struct file *file, char *buf, size_t size) 917 { 918 char *scon = NULL, *tcon = NULL; 919 char *namebuf = NULL, *objname = NULL; 920 u32 ssid, tsid, newsid; 921 u16 tclass; 922 ssize_t length; 923 char *newcon = NULL; 924 u32 len; 925 int nargs; 926 927 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 928 SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, 929 NULL); 930 if (length) 931 goto out; 932 933 length = -ENOMEM; 934 scon = kzalloc(size + 1, GFP_KERNEL); 935 if (!scon) 936 goto out; 937 938 length = -ENOMEM; 939 tcon = kzalloc(size + 1, GFP_KERNEL); 940 if (!tcon) 941 goto out; 942 943 length = -ENOMEM; 944 namebuf = kzalloc(size + 1, GFP_KERNEL); 945 if (!namebuf) 946 goto out; 947 948 length = -EINVAL; 949 nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf); 950 if (nargs < 3 || nargs > 4) 951 goto out; 952 if (nargs == 4) { 953 /* 954 * If and when the name of new object to be queried contains 955 * either whitespace or multibyte characters, they shall be 956 * encoded based on the percentage-encoding rule. 957 * If not encoded, the sscanf logic picks up only left-half 958 * of the supplied name; split by a whitespace unexpectedly. 959 */ 960 char *r, *w; 961 int c1, c2; 962 963 r = w = namebuf; 964 do { 965 c1 = *r++; 966 if (c1 == '+') 967 c1 = ' '; 968 else if (c1 == '%') { 969 c1 = hex_to_bin(*r++); 970 if (c1 < 0) 971 goto out; 972 c2 = hex_to_bin(*r++); 973 if (c2 < 0) 974 goto out; 975 c1 = (c1 << 4) | c2; 976 } 977 *w++ = c1; 978 } while (c1 != '\0'); 979 980 objname = namebuf; 981 } 982 983 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL); 984 if (length) 985 goto out; 986 987 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL); 988 if (length) 989 goto out; 990 991 length = security_transition_sid_user(ssid, tsid, tclass, 992 objname, &newsid); 993 if (length) 994 goto out; 995 996 length = security_sid_to_context(newsid, &newcon, &len); 997 if (length) 998 goto out; 999 1000 length = -ERANGE; 1001 if (len > SIMPLE_TRANSACTION_LIMIT) { 1002 pr_err("SELinux: %s: context size (%u) exceeds " 1003 "payload max\n", __func__, len); 1004 goto out; 1005 } 1006 1007 memcpy(buf, newcon, len); 1008 length = len; 1009 out: 1010 kfree(newcon); 1011 kfree(namebuf); 1012 kfree(tcon); 1013 kfree(scon); 1014 return length; 1015 } 1016 1017 static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size) 1018 { 1019 char *scon = NULL, *tcon = NULL; 1020 u32 ssid, tsid, newsid; 1021 u16 tclass; 1022 ssize_t length; 1023 char *newcon = NULL; 1024 u32 len; 1025 1026 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1027 SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, 1028 NULL); 1029 if (length) 1030 goto out; 1031 1032 length = -ENOMEM; 1033 scon = kzalloc(size + 1, GFP_KERNEL); 1034 if (!scon) 1035 goto out; 1036 1037 length = -ENOMEM; 1038 tcon = kzalloc(size + 1, GFP_KERNEL); 1039 if (!tcon) 1040 goto out; 1041 1042 length = -EINVAL; 1043 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 1044 goto out; 1045 1046 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL); 1047 if (length) 1048 goto out; 1049 1050 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL); 1051 if (length) 1052 goto out; 1053 1054 length = security_change_sid(ssid, tsid, tclass, &newsid); 1055 if (length) 1056 goto out; 1057 1058 length = security_sid_to_context(newsid, &newcon, &len); 1059 if (length) 1060 goto out; 1061 1062 length = -ERANGE; 1063 if (len > SIMPLE_TRANSACTION_LIMIT) 1064 goto out; 1065 1066 memcpy(buf, newcon, len); 1067 length = len; 1068 out: 1069 kfree(newcon); 1070 kfree(tcon); 1071 kfree(scon); 1072 return length; 1073 } 1074 1075 static ssize_t sel_write_user(struct file *file, char *buf, size_t size) 1076 { 1077 char *con = NULL, *user = NULL, *ptr; 1078 u32 sid, *sids = NULL; 1079 ssize_t length; 1080 char *newcon; 1081 int rc; 1082 u32 i, len, nsids; 1083 1084 pr_warn_ratelimited("SELinux: %s (%d) wrote to /sys/fs/selinux/user!" 1085 " This will not be supported in the future; please update your" 1086 " userspace.\n", current->comm, current->pid); 1087 ssleep(5); 1088 1089 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1090 SECCLASS_SECURITY, SECURITY__COMPUTE_USER, 1091 NULL); 1092 if (length) 1093 goto out; 1094 1095 length = -ENOMEM; 1096 con = kzalloc(size + 1, GFP_KERNEL); 1097 if (!con) 1098 goto out; 1099 1100 length = -ENOMEM; 1101 user = kzalloc(size + 1, GFP_KERNEL); 1102 if (!user) 1103 goto out; 1104 1105 length = -EINVAL; 1106 if (sscanf(buf, "%s %s", con, user) != 2) 1107 goto out; 1108 1109 length = security_context_str_to_sid(con, &sid, GFP_KERNEL); 1110 if (length) 1111 goto out; 1112 1113 length = security_get_user_sids(sid, user, &sids, &nsids); 1114 if (length) 1115 goto out; 1116 1117 length = sprintf(buf, "%u", nsids) + 1; 1118 ptr = buf + length; 1119 for (i = 0; i < nsids; i++) { 1120 rc = security_sid_to_context(sids[i], &newcon, &len); 1121 if (rc) { 1122 length = rc; 1123 goto out; 1124 } 1125 if ((length + len) >= SIMPLE_TRANSACTION_LIMIT) { 1126 kfree(newcon); 1127 length = -ERANGE; 1128 goto out; 1129 } 1130 memcpy(ptr, newcon, len); 1131 kfree(newcon); 1132 ptr += len; 1133 length += len; 1134 } 1135 out: 1136 kfree(sids); 1137 kfree(user); 1138 kfree(con); 1139 return length; 1140 } 1141 1142 static ssize_t sel_write_member(struct file *file, char *buf, size_t size) 1143 { 1144 char *scon = NULL, *tcon = NULL; 1145 u32 ssid, tsid, newsid; 1146 u16 tclass; 1147 ssize_t length; 1148 char *newcon = NULL; 1149 u32 len; 1150 1151 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1152 SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, 1153 NULL); 1154 if (length) 1155 goto out; 1156 1157 length = -ENOMEM; 1158 scon = kzalloc(size + 1, GFP_KERNEL); 1159 if (!scon) 1160 goto out; 1161 1162 length = -ENOMEM; 1163 tcon = kzalloc(size + 1, GFP_KERNEL); 1164 if (!tcon) 1165 goto out; 1166 1167 length = -EINVAL; 1168 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 1169 goto out; 1170 1171 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL); 1172 if (length) 1173 goto out; 1174 1175 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL); 1176 if (length) 1177 goto out; 1178 1179 length = security_member_sid(ssid, tsid, tclass, &newsid); 1180 if (length) 1181 goto out; 1182 1183 length = security_sid_to_context(newsid, &newcon, &len); 1184 if (length) 1185 goto out; 1186 1187 length = -ERANGE; 1188 if (len > SIMPLE_TRANSACTION_LIMIT) { 1189 pr_err("SELinux: %s: context size (%u) exceeds " 1190 "payload max\n", __func__, len); 1191 goto out; 1192 } 1193 1194 memcpy(buf, newcon, len); 1195 length = len; 1196 out: 1197 kfree(newcon); 1198 kfree(tcon); 1199 kfree(scon); 1200 return length; 1201 } 1202 1203 static struct inode *sel_make_inode(struct super_block *sb, umode_t mode) 1204 { 1205 struct inode *ret = new_inode(sb); 1206 1207 if (ret) { 1208 ret->i_mode = mode; 1209 simple_inode_init_ts(ret); 1210 } 1211 return ret; 1212 } 1213 1214 static ssize_t sel_read_bool(struct file *filep, char __user *buf, 1215 size_t count, loff_t *ppos) 1216 { 1217 struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info; 1218 char buffer[4]; 1219 ssize_t length; 1220 ssize_t ret; 1221 int cur_enforcing; 1222 unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; 1223 const char *name = filep->f_path.dentry->d_name.name; 1224 1225 mutex_lock(&selinux_state.policy_mutex); 1226 1227 ret = -EINVAL; 1228 if (index >= fsi->bool_num || strcmp(name, 1229 fsi->bool_pending_names[index])) 1230 goto out_unlock; 1231 1232 cur_enforcing = security_get_bool_value(index); 1233 if (cur_enforcing < 0) { 1234 ret = cur_enforcing; 1235 goto out_unlock; 1236 } 1237 length = scnprintf(buffer, sizeof(buffer), "%d %d", !!cur_enforcing, 1238 !!fsi->bool_pending_values[index]); 1239 mutex_unlock(&selinux_state.policy_mutex); 1240 return simple_read_from_buffer(buf, count, ppos, buffer, length); 1241 1242 out_unlock: 1243 mutex_unlock(&selinux_state.policy_mutex); 1244 return ret; 1245 } 1246 1247 static ssize_t sel_write_bool(struct file *filep, const char __user *buf, 1248 size_t count, loff_t *ppos) 1249 { 1250 struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info; 1251 char *page = NULL; 1252 ssize_t length; 1253 int new_value; 1254 unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; 1255 const char *name = filep->f_path.dentry->d_name.name; 1256 1257 if (count >= PAGE_SIZE) 1258 return -ENOMEM; 1259 1260 /* No partial writes. */ 1261 if (*ppos != 0) 1262 return -EINVAL; 1263 1264 page = memdup_user_nul(buf, count); 1265 if (IS_ERR(page)) 1266 return PTR_ERR(page); 1267 1268 mutex_lock(&selinux_state.policy_mutex); 1269 1270 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1271 SECCLASS_SECURITY, SECURITY__SETBOOL, 1272 NULL); 1273 if (length) 1274 goto out; 1275 1276 length = -EINVAL; 1277 if (index >= fsi->bool_num || strcmp(name, 1278 fsi->bool_pending_names[index])) 1279 goto out; 1280 1281 length = -EINVAL; 1282 if (sscanf(page, "%d", &new_value) != 1) 1283 goto out; 1284 1285 if (new_value) 1286 new_value = 1; 1287 1288 fsi->bool_pending_values[index] = new_value; 1289 length = count; 1290 1291 out: 1292 mutex_unlock(&selinux_state.policy_mutex); 1293 kfree(page); 1294 return length; 1295 } 1296 1297 static const struct file_operations sel_bool_ops = { 1298 .read = sel_read_bool, 1299 .write = sel_write_bool, 1300 .llseek = generic_file_llseek, 1301 }; 1302 1303 static ssize_t sel_commit_bools_write(struct file *filep, 1304 const char __user *buf, 1305 size_t count, loff_t *ppos) 1306 { 1307 struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info; 1308 char *page = NULL; 1309 ssize_t length; 1310 int new_value; 1311 1312 if (count >= PAGE_SIZE) 1313 return -ENOMEM; 1314 1315 /* No partial writes. */ 1316 if (*ppos != 0) 1317 return -EINVAL; 1318 1319 page = memdup_user_nul(buf, count); 1320 if (IS_ERR(page)) 1321 return PTR_ERR(page); 1322 1323 mutex_lock(&selinux_state.policy_mutex); 1324 1325 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1326 SECCLASS_SECURITY, SECURITY__SETBOOL, 1327 NULL); 1328 if (length) 1329 goto out; 1330 1331 length = -EINVAL; 1332 if (sscanf(page, "%d", &new_value) != 1) 1333 goto out; 1334 1335 length = 0; 1336 if (new_value && fsi->bool_pending_values) 1337 length = security_set_bools(fsi->bool_num, 1338 fsi->bool_pending_values); 1339 1340 if (!length) 1341 length = count; 1342 1343 out: 1344 mutex_unlock(&selinux_state.policy_mutex); 1345 kfree(page); 1346 return length; 1347 } 1348 1349 static const struct file_operations sel_commit_bools_ops = { 1350 .write = sel_commit_bools_write, 1351 .llseek = generic_file_llseek, 1352 }; 1353 1354 static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_dir, 1355 unsigned int *bool_num, char ***bool_pending_names, 1356 int **bool_pending_values) 1357 { 1358 int ret; 1359 char **names, *page; 1360 u32 i, num; 1361 1362 page = (char *)get_zeroed_page(GFP_KERNEL); 1363 if (!page) 1364 return -ENOMEM; 1365 1366 ret = security_get_bools(newpolicy, &num, &names, bool_pending_values); 1367 if (ret) 1368 goto out; 1369 1370 *bool_num = num; 1371 *bool_pending_names = names; 1372 1373 for (i = 0; i < num; i++) { 1374 struct dentry *dentry; 1375 struct inode *inode; 1376 struct inode_security_struct *isec; 1377 ssize_t len; 1378 u32 sid; 1379 1380 len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]); 1381 if (len >= PAGE_SIZE) { 1382 ret = -ENAMETOOLONG; 1383 break; 1384 } 1385 dentry = d_alloc_name(bool_dir, names[i]); 1386 if (!dentry) { 1387 ret = -ENOMEM; 1388 break; 1389 } 1390 1391 inode = sel_make_inode(bool_dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR); 1392 if (!inode) { 1393 dput(dentry); 1394 ret = -ENOMEM; 1395 break; 1396 } 1397 1398 isec = selinux_inode(inode); 1399 ret = selinux_policy_genfs_sid(newpolicy, "selinuxfs", page, 1400 SECCLASS_FILE, &sid); 1401 if (ret) { 1402 pr_warn_ratelimited("SELinux: no sid found, defaulting to security isid for %s\n", 1403 page); 1404 sid = SECINITSID_SECURITY; 1405 } 1406 1407 isec->sid = sid; 1408 isec->initialized = LABEL_INITIALIZED; 1409 inode->i_fop = &sel_bool_ops; 1410 inode->i_ino = i|SEL_BOOL_INO_OFFSET; 1411 d_add(dentry, inode); 1412 } 1413 out: 1414 free_page((unsigned long)page); 1415 return ret; 1416 } 1417 1418 static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf, 1419 size_t count, loff_t *ppos) 1420 { 1421 char tmpbuf[TMPBUFLEN]; 1422 ssize_t length; 1423 1424 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", 1425 avc_get_cache_threshold()); 1426 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 1427 } 1428 1429 static ssize_t sel_write_avc_cache_threshold(struct file *file, 1430 const char __user *buf, 1431 size_t count, loff_t *ppos) 1432 1433 { 1434 char *page; 1435 ssize_t ret; 1436 unsigned int new_value; 1437 1438 ret = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1439 SECCLASS_SECURITY, SECURITY__SETSECPARAM, 1440 NULL); 1441 if (ret) 1442 return ret; 1443 1444 if (count >= PAGE_SIZE) 1445 return -ENOMEM; 1446 1447 /* No partial writes. */ 1448 if (*ppos != 0) 1449 return -EINVAL; 1450 1451 page = memdup_user_nul(buf, count); 1452 if (IS_ERR(page)) 1453 return PTR_ERR(page); 1454 1455 ret = -EINVAL; 1456 if (sscanf(page, "%u", &new_value) != 1) 1457 goto out; 1458 1459 avc_set_cache_threshold(new_value); 1460 1461 ret = count; 1462 out: 1463 kfree(page); 1464 return ret; 1465 } 1466 1467 static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf, 1468 size_t count, loff_t *ppos) 1469 { 1470 char *page; 1471 ssize_t length; 1472 1473 page = (char *)__get_free_page(GFP_KERNEL); 1474 if (!page) 1475 return -ENOMEM; 1476 1477 length = avc_get_hash_stats(page); 1478 if (length >= 0) 1479 length = simple_read_from_buffer(buf, count, ppos, page, length); 1480 free_page((unsigned long)page); 1481 1482 return length; 1483 } 1484 1485 static ssize_t sel_read_sidtab_hash_stats(struct file *filp, char __user *buf, 1486 size_t count, loff_t *ppos) 1487 { 1488 char *page; 1489 ssize_t length; 1490 1491 page = (char *)__get_free_page(GFP_KERNEL); 1492 if (!page) 1493 return -ENOMEM; 1494 1495 length = security_sidtab_hash_stats(page); 1496 if (length >= 0) 1497 length = simple_read_from_buffer(buf, count, ppos, page, 1498 length); 1499 free_page((unsigned long)page); 1500 1501 return length; 1502 } 1503 1504 static const struct file_operations sel_sidtab_hash_stats_ops = { 1505 .read = sel_read_sidtab_hash_stats, 1506 .llseek = generic_file_llseek, 1507 }; 1508 1509 static const struct file_operations sel_avc_cache_threshold_ops = { 1510 .read = sel_read_avc_cache_threshold, 1511 .write = sel_write_avc_cache_threshold, 1512 .llseek = generic_file_llseek, 1513 }; 1514 1515 static const struct file_operations sel_avc_hash_stats_ops = { 1516 .read = sel_read_avc_hash_stats, 1517 .llseek = generic_file_llseek, 1518 }; 1519 1520 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 1521 static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx) 1522 { 1523 loff_t cpu; 1524 1525 for (cpu = *idx; cpu < nr_cpu_ids; ++cpu) { 1526 if (!cpu_possible(cpu)) 1527 continue; 1528 *idx = cpu + 1; 1529 return &per_cpu(avc_cache_stats, cpu); 1530 } 1531 (*idx)++; 1532 return NULL; 1533 } 1534 1535 static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos) 1536 { 1537 loff_t n = *pos - 1; 1538 1539 if (*pos == 0) 1540 return SEQ_START_TOKEN; 1541 1542 return sel_avc_get_stat_idx(&n); 1543 } 1544 1545 static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos) 1546 { 1547 return sel_avc_get_stat_idx(pos); 1548 } 1549 1550 static int sel_avc_stats_seq_show(struct seq_file *seq, void *v) 1551 { 1552 struct avc_cache_stats *st = v; 1553 1554 if (v == SEQ_START_TOKEN) { 1555 seq_puts(seq, 1556 "lookups hits misses allocations reclaims frees\n"); 1557 } else { 1558 unsigned int lookups = st->lookups; 1559 unsigned int misses = st->misses; 1560 unsigned int hits = lookups - misses; 1561 seq_printf(seq, "%u %u %u %u %u %u\n", lookups, 1562 hits, misses, st->allocations, 1563 st->reclaims, st->frees); 1564 } 1565 return 0; 1566 } 1567 1568 static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v) 1569 { } 1570 1571 static const struct seq_operations sel_avc_cache_stats_seq_ops = { 1572 .start = sel_avc_stats_seq_start, 1573 .next = sel_avc_stats_seq_next, 1574 .show = sel_avc_stats_seq_show, 1575 .stop = sel_avc_stats_seq_stop, 1576 }; 1577 1578 static int sel_open_avc_cache_stats(struct inode *inode, struct file *file) 1579 { 1580 return seq_open(file, &sel_avc_cache_stats_seq_ops); 1581 } 1582 1583 static const struct file_operations sel_avc_cache_stats_ops = { 1584 .open = sel_open_avc_cache_stats, 1585 .read = seq_read, 1586 .llseek = seq_lseek, 1587 .release = seq_release, 1588 }; 1589 #endif 1590 1591 static int sel_make_avc_files(struct dentry *dir) 1592 { 1593 struct super_block *sb = dir->d_sb; 1594 struct selinux_fs_info *fsi = sb->s_fs_info; 1595 unsigned int i; 1596 static const struct tree_descr files[] = { 1597 { "cache_threshold", 1598 &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR }, 1599 { "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO }, 1600 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 1601 { "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO }, 1602 #endif 1603 }; 1604 1605 for (i = 0; i < ARRAY_SIZE(files); i++) { 1606 struct inode *inode; 1607 struct dentry *dentry; 1608 1609 dentry = d_alloc_name(dir, files[i].name); 1610 if (!dentry) 1611 return -ENOMEM; 1612 1613 inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode); 1614 if (!inode) { 1615 dput(dentry); 1616 return -ENOMEM; 1617 } 1618 1619 inode->i_fop = files[i].ops; 1620 inode->i_ino = ++fsi->last_ino; 1621 d_add(dentry, inode); 1622 } 1623 1624 return 0; 1625 } 1626 1627 static int sel_make_ss_files(struct dentry *dir) 1628 { 1629 struct super_block *sb = dir->d_sb; 1630 struct selinux_fs_info *fsi = sb->s_fs_info; 1631 unsigned int i; 1632 static const struct tree_descr files[] = { 1633 { "sidtab_hash_stats", &sel_sidtab_hash_stats_ops, S_IRUGO }, 1634 }; 1635 1636 for (i = 0; i < ARRAY_SIZE(files); i++) { 1637 struct inode *inode; 1638 struct dentry *dentry; 1639 1640 dentry = d_alloc_name(dir, files[i].name); 1641 if (!dentry) 1642 return -ENOMEM; 1643 1644 inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode); 1645 if (!inode) { 1646 dput(dentry); 1647 return -ENOMEM; 1648 } 1649 1650 inode->i_fop = files[i].ops; 1651 inode->i_ino = ++fsi->last_ino; 1652 d_add(dentry, inode); 1653 } 1654 1655 return 0; 1656 } 1657 1658 static ssize_t sel_read_initcon(struct file *file, char __user *buf, 1659 size_t count, loff_t *ppos) 1660 { 1661 char *con; 1662 u32 sid, len; 1663 ssize_t ret; 1664 1665 sid = file_inode(file)->i_ino&SEL_INO_MASK; 1666 ret = security_sid_to_context(sid, &con, &len); 1667 if (ret) 1668 return ret; 1669 1670 ret = simple_read_from_buffer(buf, count, ppos, con, len); 1671 kfree(con); 1672 return ret; 1673 } 1674 1675 static const struct file_operations sel_initcon_ops = { 1676 .read = sel_read_initcon, 1677 .llseek = generic_file_llseek, 1678 }; 1679 1680 static int sel_make_initcon_files(struct dentry *dir) 1681 { 1682 unsigned int i; 1683 1684 for (i = 1; i <= SECINITSID_NUM; i++) { 1685 struct inode *inode; 1686 struct dentry *dentry; 1687 const char *s = security_get_initial_sid_context(i); 1688 1689 if (!s) 1690 continue; 1691 dentry = d_alloc_name(dir, s); 1692 if (!dentry) 1693 return -ENOMEM; 1694 1695 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1696 if (!inode) { 1697 dput(dentry); 1698 return -ENOMEM; 1699 } 1700 1701 inode->i_fop = &sel_initcon_ops; 1702 inode->i_ino = i|SEL_INITCON_INO_OFFSET; 1703 d_add(dentry, inode); 1704 } 1705 1706 return 0; 1707 } 1708 1709 static inline unsigned long sel_class_to_ino(u16 class) 1710 { 1711 return (class * (SEL_VEC_MAX + 1)) | SEL_CLASS_INO_OFFSET; 1712 } 1713 1714 static inline u16 sel_ino_to_class(unsigned long ino) 1715 { 1716 return (ino & SEL_INO_MASK) / (SEL_VEC_MAX + 1); 1717 } 1718 1719 static inline unsigned long sel_perm_to_ino(u16 class, u32 perm) 1720 { 1721 return (class * (SEL_VEC_MAX + 1) + perm) | SEL_CLASS_INO_OFFSET; 1722 } 1723 1724 static inline u32 sel_ino_to_perm(unsigned long ino) 1725 { 1726 return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1); 1727 } 1728 1729 static ssize_t sel_read_class(struct file *file, char __user *buf, 1730 size_t count, loff_t *ppos) 1731 { 1732 unsigned long ino = file_inode(file)->i_ino; 1733 char res[TMPBUFLEN]; 1734 ssize_t len = scnprintf(res, sizeof(res), "%d", sel_ino_to_class(ino)); 1735 return simple_read_from_buffer(buf, count, ppos, res, len); 1736 } 1737 1738 static const struct file_operations sel_class_ops = { 1739 .read = sel_read_class, 1740 .llseek = generic_file_llseek, 1741 }; 1742 1743 static ssize_t sel_read_perm(struct file *file, char __user *buf, 1744 size_t count, loff_t *ppos) 1745 { 1746 unsigned long ino = file_inode(file)->i_ino; 1747 char res[TMPBUFLEN]; 1748 ssize_t len = scnprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino)); 1749 return simple_read_from_buffer(buf, count, ppos, res, len); 1750 } 1751 1752 static const struct file_operations sel_perm_ops = { 1753 .read = sel_read_perm, 1754 .llseek = generic_file_llseek, 1755 }; 1756 1757 static ssize_t sel_read_policycap(struct file *file, char __user *buf, 1758 size_t count, loff_t *ppos) 1759 { 1760 int value; 1761 char tmpbuf[TMPBUFLEN]; 1762 ssize_t length; 1763 unsigned long i_ino = file_inode(file)->i_ino; 1764 1765 value = security_policycap_supported(i_ino & SEL_INO_MASK); 1766 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value); 1767 1768 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 1769 } 1770 1771 static const struct file_operations sel_policycap_ops = { 1772 .read = sel_read_policycap, 1773 .llseek = generic_file_llseek, 1774 }; 1775 1776 static int sel_make_perm_files(struct selinux_policy *newpolicy, 1777 char *objclass, int classvalue, 1778 struct dentry *dir) 1779 { 1780 u32 i, nperms; 1781 int rc; 1782 char **perms; 1783 1784 rc = security_get_permissions(newpolicy, objclass, &perms, &nperms); 1785 if (rc) 1786 return rc; 1787 1788 for (i = 0; i < nperms; i++) { 1789 struct inode *inode; 1790 struct dentry *dentry; 1791 1792 rc = -ENOMEM; 1793 dentry = d_alloc_name(dir, perms[i]); 1794 if (!dentry) 1795 goto out; 1796 1797 rc = -ENOMEM; 1798 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1799 if (!inode) { 1800 dput(dentry); 1801 goto out; 1802 } 1803 1804 inode->i_fop = &sel_perm_ops; 1805 /* i+1 since perm values are 1-indexed */ 1806 inode->i_ino = sel_perm_to_ino(classvalue, i + 1); 1807 d_add(dentry, inode); 1808 } 1809 rc = 0; 1810 out: 1811 for (i = 0; i < nperms; i++) 1812 kfree(perms[i]); 1813 kfree(perms); 1814 return rc; 1815 } 1816 1817 static int sel_make_class_dir_entries(struct selinux_policy *newpolicy, 1818 char *classname, int index, 1819 struct dentry *dir) 1820 { 1821 struct super_block *sb = dir->d_sb; 1822 struct selinux_fs_info *fsi = sb->s_fs_info; 1823 struct dentry *dentry = NULL; 1824 struct inode *inode = NULL; 1825 1826 dentry = d_alloc_name(dir, "index"); 1827 if (!dentry) 1828 return -ENOMEM; 1829 1830 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1831 if (!inode) { 1832 dput(dentry); 1833 return -ENOMEM; 1834 } 1835 1836 inode->i_fop = &sel_class_ops; 1837 inode->i_ino = sel_class_to_ino(index); 1838 d_add(dentry, inode); 1839 1840 dentry = sel_make_dir(dir, "perms", &fsi->last_class_ino); 1841 if (IS_ERR(dentry)) 1842 return PTR_ERR(dentry); 1843 1844 return sel_make_perm_files(newpolicy, classname, index, dentry); 1845 } 1846 1847 static int sel_make_classes(struct selinux_policy *newpolicy, 1848 struct dentry *class_dir, 1849 unsigned long *last_class_ino) 1850 { 1851 u32 i, nclasses; 1852 int rc; 1853 char **classes; 1854 1855 rc = security_get_classes(newpolicy, &classes, &nclasses); 1856 if (rc) 1857 return rc; 1858 1859 /* +2 since classes are 1-indexed */ 1860 *last_class_ino = sel_class_to_ino(nclasses + 2); 1861 1862 for (i = 0; i < nclasses; i++) { 1863 struct dentry *class_name_dir; 1864 1865 class_name_dir = sel_make_dir(class_dir, classes[i], 1866 last_class_ino); 1867 if (IS_ERR(class_name_dir)) { 1868 rc = PTR_ERR(class_name_dir); 1869 goto out; 1870 } 1871 1872 /* i+1 since class values are 1-indexed */ 1873 rc = sel_make_class_dir_entries(newpolicy, classes[i], i + 1, 1874 class_name_dir); 1875 if (rc) 1876 goto out; 1877 } 1878 rc = 0; 1879 out: 1880 for (i = 0; i < nclasses; i++) 1881 kfree(classes[i]); 1882 kfree(classes); 1883 return rc; 1884 } 1885 1886 static int sel_make_policycap(struct selinux_fs_info *fsi) 1887 { 1888 unsigned int iter; 1889 struct dentry *dentry = NULL; 1890 struct inode *inode = NULL; 1891 1892 for (iter = 0; iter <= POLICYDB_CAP_MAX; iter++) { 1893 if (iter < ARRAY_SIZE(selinux_policycap_names)) 1894 dentry = d_alloc_name(fsi->policycap_dir, 1895 selinux_policycap_names[iter]); 1896 else 1897 dentry = d_alloc_name(fsi->policycap_dir, "unknown"); 1898 1899 if (dentry == NULL) 1900 return -ENOMEM; 1901 1902 inode = sel_make_inode(fsi->sb, S_IFREG | 0444); 1903 if (inode == NULL) { 1904 dput(dentry); 1905 return -ENOMEM; 1906 } 1907 1908 inode->i_fop = &sel_policycap_ops; 1909 inode->i_ino = iter | SEL_POLICYCAP_INO_OFFSET; 1910 d_add(dentry, inode); 1911 } 1912 1913 return 0; 1914 } 1915 1916 static struct dentry *sel_make_dir(struct dentry *dir, const char *name, 1917 unsigned long *ino) 1918 { 1919 struct dentry *dentry = d_alloc_name(dir, name); 1920 struct inode *inode; 1921 1922 if (!dentry) 1923 return ERR_PTR(-ENOMEM); 1924 1925 inode = sel_make_inode(dir->d_sb, S_IFDIR | S_IRUGO | S_IXUGO); 1926 if (!inode) { 1927 dput(dentry); 1928 return ERR_PTR(-ENOMEM); 1929 } 1930 1931 inode->i_op = &simple_dir_inode_operations; 1932 inode->i_fop = &simple_dir_operations; 1933 inode->i_ino = ++(*ino); 1934 /* directory inodes start off with i_nlink == 2 (for "." entry) */ 1935 inc_nlink(inode); 1936 d_add(dentry, inode); 1937 /* bump link count on parent directory, too */ 1938 inc_nlink(d_inode(dir)); 1939 1940 return dentry; 1941 } 1942 1943 static int reject_all(struct mnt_idmap *idmap, struct inode *inode, int mask) 1944 { 1945 return -EPERM; // no access for anyone, root or no root. 1946 } 1947 1948 static const struct inode_operations swapover_dir_inode_operations = { 1949 .lookup = simple_lookup, 1950 .permission = reject_all, 1951 }; 1952 1953 static struct dentry *sel_make_swapover_dir(struct super_block *sb, 1954 unsigned long *ino) 1955 { 1956 struct dentry *dentry = d_alloc_name(sb->s_root, ".swapover"); 1957 struct inode *inode; 1958 1959 if (!dentry) 1960 return ERR_PTR(-ENOMEM); 1961 1962 inode = sel_make_inode(sb, S_IFDIR); 1963 if (!inode) { 1964 dput(dentry); 1965 return ERR_PTR(-ENOMEM); 1966 } 1967 1968 inode->i_op = &swapover_dir_inode_operations; 1969 inode->i_ino = ++(*ino); 1970 /* directory inodes start off with i_nlink == 2 (for "." entry) */ 1971 inc_nlink(inode); 1972 inode_lock(sb->s_root->d_inode); 1973 d_add(dentry, inode); 1974 inc_nlink(sb->s_root->d_inode); 1975 inode_unlock(sb->s_root->d_inode); 1976 return dentry; 1977 } 1978 1979 #define NULL_FILE_NAME "null" 1980 1981 static int sel_fill_super(struct super_block *sb, struct fs_context *fc) 1982 { 1983 struct selinux_fs_info *fsi; 1984 int ret; 1985 struct dentry *dentry; 1986 struct inode *inode; 1987 struct inode_security_struct *isec; 1988 1989 static const struct tree_descr selinux_files[] = { 1990 [SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR}, 1991 [SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR}, 1992 [SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO}, 1993 [SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO}, 1994 [SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO}, 1995 [SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO}, 1996 [SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO}, 1997 [SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO}, 1998 [SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR}, 1999 [SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO}, 2000 [SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR}, 2001 [SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO}, 2002 [SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR}, 2003 [SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO}, 2004 [SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO}, 2005 [SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO}, 2006 [SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO}, 2007 [SEL_VALIDATE_TRANS] = {"validatetrans", &sel_transition_ops, 2008 S_IWUGO}, 2009 /* last one */ {"", NULL, 0} 2010 }; 2011 2012 ret = selinux_fs_info_create(sb); 2013 if (ret) 2014 goto err; 2015 2016 ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files); 2017 if (ret) 2018 goto err; 2019 2020 fsi = sb->s_fs_info; 2021 fsi->bool_dir = sel_make_dir(sb->s_root, BOOL_DIR_NAME, &fsi->last_ino); 2022 if (IS_ERR(fsi->bool_dir)) { 2023 ret = PTR_ERR(fsi->bool_dir); 2024 fsi->bool_dir = NULL; 2025 goto err; 2026 } 2027 2028 ret = -ENOMEM; 2029 dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME); 2030 if (!dentry) 2031 goto err; 2032 2033 ret = -ENOMEM; 2034 inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO); 2035 if (!inode) { 2036 dput(dentry); 2037 goto err; 2038 } 2039 2040 inode->i_ino = ++fsi->last_ino; 2041 isec = selinux_inode(inode); 2042 isec->sid = SECINITSID_DEVNULL; 2043 isec->sclass = SECCLASS_CHR_FILE; 2044 isec->initialized = LABEL_INITIALIZED; 2045 2046 init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3)); 2047 d_add(dentry, inode); 2048 2049 dentry = sel_make_dir(sb->s_root, "avc", &fsi->last_ino); 2050 if (IS_ERR(dentry)) { 2051 ret = PTR_ERR(dentry); 2052 goto err; 2053 } 2054 2055 ret = sel_make_avc_files(dentry); 2056 if (ret) 2057 goto err; 2058 2059 dentry = sel_make_dir(sb->s_root, "ss", &fsi->last_ino); 2060 if (IS_ERR(dentry)) { 2061 ret = PTR_ERR(dentry); 2062 goto err; 2063 } 2064 2065 ret = sel_make_ss_files(dentry); 2066 if (ret) 2067 goto err; 2068 2069 dentry = sel_make_dir(sb->s_root, "initial_contexts", &fsi->last_ino); 2070 if (IS_ERR(dentry)) { 2071 ret = PTR_ERR(dentry); 2072 goto err; 2073 } 2074 2075 ret = sel_make_initcon_files(dentry); 2076 if (ret) 2077 goto err; 2078 2079 fsi->class_dir = sel_make_dir(sb->s_root, CLASS_DIR_NAME, &fsi->last_ino); 2080 if (IS_ERR(fsi->class_dir)) { 2081 ret = PTR_ERR(fsi->class_dir); 2082 fsi->class_dir = NULL; 2083 goto err; 2084 } 2085 2086 fsi->policycap_dir = sel_make_dir(sb->s_root, POLICYCAP_DIR_NAME, 2087 &fsi->last_ino); 2088 if (IS_ERR(fsi->policycap_dir)) { 2089 ret = PTR_ERR(fsi->policycap_dir); 2090 fsi->policycap_dir = NULL; 2091 goto err; 2092 } 2093 2094 ret = sel_make_policycap(fsi); 2095 if (ret) { 2096 pr_err("SELinux: failed to load policy capabilities\n"); 2097 goto err; 2098 } 2099 2100 return 0; 2101 err: 2102 pr_err("SELinux: %s: failed while creating inodes\n", 2103 __func__); 2104 2105 return ret; 2106 } 2107 2108 static int sel_get_tree(struct fs_context *fc) 2109 { 2110 return get_tree_single(fc, sel_fill_super); 2111 } 2112 2113 static const struct fs_context_operations sel_context_ops = { 2114 .get_tree = sel_get_tree, 2115 }; 2116 2117 static int sel_init_fs_context(struct fs_context *fc) 2118 { 2119 fc->ops = &sel_context_ops; 2120 return 0; 2121 } 2122 2123 static void sel_kill_sb(struct super_block *sb) 2124 { 2125 selinux_fs_info_free(sb); 2126 kill_litter_super(sb); 2127 } 2128 2129 static struct file_system_type sel_fs_type = { 2130 .name = "selinuxfs", 2131 .init_fs_context = sel_init_fs_context, 2132 .kill_sb = sel_kill_sb, 2133 }; 2134 2135 struct path selinux_null __ro_after_init; 2136 2137 int __init init_sel_fs(void) 2138 { 2139 struct qstr null_name = QSTR_INIT(NULL_FILE_NAME, 2140 sizeof(NULL_FILE_NAME)-1); 2141 int err; 2142 2143 if (!selinux_enabled_boot) 2144 return 0; 2145 2146 err = sysfs_create_mount_point(fs_kobj, "selinux"); 2147 if (err) 2148 return err; 2149 2150 err = register_filesystem(&sel_fs_type); 2151 if (err) { 2152 sysfs_remove_mount_point(fs_kobj, "selinux"); 2153 return err; 2154 } 2155 2156 selinux_null.mnt = kern_mount(&sel_fs_type); 2157 if (IS_ERR(selinux_null.mnt)) { 2158 pr_err("selinuxfs: could not mount!\n"); 2159 err = PTR_ERR(selinux_null.mnt); 2160 selinux_null.mnt = NULL; 2161 return err; 2162 } 2163 2164 selinux_null.dentry = try_lookup_noperm(&null_name, 2165 selinux_null.mnt->mnt_root); 2166 if (IS_ERR(selinux_null.dentry)) { 2167 pr_err("selinuxfs: could not lookup null!\n"); 2168 err = PTR_ERR(selinux_null.dentry); 2169 selinux_null.dentry = NULL; 2170 return err; 2171 } 2172 2173 /* 2174 * Try to pre-allocate the status page, so the sequence number of the 2175 * initial policy load can be stored. 2176 */ 2177 (void) selinux_kernel_status_page(); 2178 2179 return err; 2180 } 2181