1 /* Updated: Karl MacMillan <kmacmillan@tresys.com> 2 * 3 * Added conditional policy language extensions 4 * 5 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 6 * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation, version 2. 10 */ 11 12 #include <linux/config.h> 13 #include <linux/kernel.h> 14 #include <linux/pagemap.h> 15 #include <linux/slab.h> 16 #include <linux/vmalloc.h> 17 #include <linux/fs.h> 18 #include <linux/init.h> 19 #include <linux/string.h> 20 #include <linux/security.h> 21 #include <linux/major.h> 22 #include <linux/seq_file.h> 23 #include <linux/percpu.h> 24 #include <asm/uaccess.h> 25 #include <asm/semaphore.h> 26 27 /* selinuxfs pseudo filesystem for exporting the security policy API. 28 Based on the proc code and the fs/nfsd/nfsctl.c code. */ 29 30 #include "flask.h" 31 #include "avc.h" 32 #include "avc_ss.h" 33 #include "security.h" 34 #include "objsec.h" 35 #include "conditional.h" 36 37 unsigned int selinux_checkreqprot = CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE; 38 39 static int __init checkreqprot_setup(char *str) 40 { 41 selinux_checkreqprot = simple_strtoul(str,NULL,0) ? 1 : 0; 42 return 1; 43 } 44 __setup("checkreqprot=", checkreqprot_setup); 45 46 47 static DECLARE_MUTEX(sel_sem); 48 49 /* global data for booleans */ 50 static struct dentry *bool_dir = NULL; 51 static int bool_num = 0; 52 static int *bool_pending_values = NULL; 53 54 extern void selnl_notify_setenforce(int val); 55 56 /* Check whether a task is allowed to use a security operation. */ 57 static int task_has_security(struct task_struct *tsk, 58 u32 perms) 59 { 60 struct task_security_struct *tsec; 61 62 tsec = tsk->security; 63 if (!tsec) 64 return -EACCES; 65 66 return avc_has_perm(tsec->sid, SECINITSID_SECURITY, 67 SECCLASS_SECURITY, perms, NULL); 68 } 69 70 enum sel_inos { 71 SEL_ROOT_INO = 2, 72 SEL_LOAD, /* load policy */ 73 SEL_ENFORCE, /* get or set enforcing status */ 74 SEL_CONTEXT, /* validate context */ 75 SEL_ACCESS, /* compute access decision */ 76 SEL_CREATE, /* compute create labeling decision */ 77 SEL_RELABEL, /* compute relabeling decision */ 78 SEL_USER, /* compute reachable user contexts */ 79 SEL_POLICYVERS, /* return policy version for this kernel */ 80 SEL_COMMIT_BOOLS, /* commit new boolean values */ 81 SEL_MLS, /* return if MLS policy is enabled */ 82 SEL_DISABLE, /* disable SELinux until next reboot */ 83 SEL_AVC, /* AVC management directory */ 84 SEL_MEMBER, /* compute polyinstantiation membership decision */ 85 SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */ 86 }; 87 88 #define TMPBUFLEN 12 89 static ssize_t sel_read_enforce(struct file *filp, char __user *buf, 90 size_t count, loff_t *ppos) 91 { 92 char tmpbuf[TMPBUFLEN]; 93 ssize_t length; 94 95 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", selinux_enforcing); 96 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 97 } 98 99 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP 100 static ssize_t sel_write_enforce(struct file * file, const char __user * buf, 101 size_t count, loff_t *ppos) 102 103 { 104 char *page; 105 ssize_t length; 106 int new_value; 107 108 if (count >= PAGE_SIZE) 109 return -ENOMEM; 110 if (*ppos != 0) { 111 /* No partial writes. */ 112 return -EINVAL; 113 } 114 page = (char*)get_zeroed_page(GFP_KERNEL); 115 if (!page) 116 return -ENOMEM; 117 length = -EFAULT; 118 if (copy_from_user(page, buf, count)) 119 goto out; 120 121 length = -EINVAL; 122 if (sscanf(page, "%d", &new_value) != 1) 123 goto out; 124 125 if (new_value != selinux_enforcing) { 126 length = task_has_security(current, SECURITY__SETENFORCE); 127 if (length) 128 goto out; 129 selinux_enforcing = new_value; 130 if (selinux_enforcing) 131 avc_ss_reset(0); 132 selnl_notify_setenforce(selinux_enforcing); 133 } 134 length = count; 135 out: 136 free_page((unsigned long) page); 137 return length; 138 } 139 #else 140 #define sel_write_enforce NULL 141 #endif 142 143 static struct file_operations sel_enforce_ops = { 144 .read = sel_read_enforce, 145 .write = sel_write_enforce, 146 }; 147 148 #ifdef CONFIG_SECURITY_SELINUX_DISABLE 149 static ssize_t sel_write_disable(struct file * file, const char __user * buf, 150 size_t count, loff_t *ppos) 151 152 { 153 char *page; 154 ssize_t length; 155 int new_value; 156 extern int selinux_disable(void); 157 158 if (count >= PAGE_SIZE) 159 return -ENOMEM; 160 if (*ppos != 0) { 161 /* No partial writes. */ 162 return -EINVAL; 163 } 164 page = (char*)get_zeroed_page(GFP_KERNEL); 165 if (!page) 166 return -ENOMEM; 167 length = -EFAULT; 168 if (copy_from_user(page, buf, count)) 169 goto out; 170 171 length = -EINVAL; 172 if (sscanf(page, "%d", &new_value) != 1) 173 goto out; 174 175 if (new_value) { 176 length = selinux_disable(); 177 if (length < 0) 178 goto out; 179 } 180 181 length = count; 182 out: 183 free_page((unsigned long) page); 184 return length; 185 } 186 #else 187 #define sel_write_disable NULL 188 #endif 189 190 static struct file_operations sel_disable_ops = { 191 .write = sel_write_disable, 192 }; 193 194 static ssize_t sel_read_policyvers(struct file *filp, char __user *buf, 195 size_t count, loff_t *ppos) 196 { 197 char tmpbuf[TMPBUFLEN]; 198 ssize_t length; 199 200 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX); 201 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 202 } 203 204 static struct file_operations sel_policyvers_ops = { 205 .read = sel_read_policyvers, 206 }; 207 208 /* declaration for sel_write_load */ 209 static int sel_make_bools(void); 210 211 static ssize_t sel_read_mls(struct file *filp, char __user *buf, 212 size_t count, loff_t *ppos) 213 { 214 char tmpbuf[TMPBUFLEN]; 215 ssize_t length; 216 217 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", selinux_mls_enabled); 218 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 219 } 220 221 static struct file_operations sel_mls_ops = { 222 .read = sel_read_mls, 223 }; 224 225 static ssize_t sel_write_load(struct file * file, const char __user * buf, 226 size_t count, loff_t *ppos) 227 228 { 229 int ret; 230 ssize_t length; 231 void *data = NULL; 232 233 down(&sel_sem); 234 235 length = task_has_security(current, SECURITY__LOAD_POLICY); 236 if (length) 237 goto out; 238 239 if (*ppos != 0) { 240 /* No partial writes. */ 241 length = -EINVAL; 242 goto out; 243 } 244 245 if ((count > 64 * 1024 * 1024) 246 || (data = vmalloc(count)) == NULL) { 247 length = -ENOMEM; 248 goto out; 249 } 250 251 length = -EFAULT; 252 if (copy_from_user(data, buf, count) != 0) 253 goto out; 254 255 length = security_load_policy(data, count); 256 if (length) 257 goto out; 258 259 ret = sel_make_bools(); 260 if (ret) 261 length = ret; 262 else 263 length = count; 264 out: 265 up(&sel_sem); 266 vfree(data); 267 return length; 268 } 269 270 static struct file_operations sel_load_ops = { 271 .write = sel_write_load, 272 }; 273 274 static ssize_t sel_write_context(struct file * file, char *buf, size_t size) 275 { 276 char *canon; 277 u32 sid, len; 278 ssize_t length; 279 280 length = task_has_security(current, SECURITY__CHECK_CONTEXT); 281 if (length) 282 return length; 283 284 length = security_context_to_sid(buf, size, &sid); 285 if (length < 0) 286 return length; 287 288 length = security_sid_to_context(sid, &canon, &len); 289 if (length < 0) 290 return length; 291 292 if (len > SIMPLE_TRANSACTION_LIMIT) { 293 printk(KERN_ERR "%s: context size (%u) exceeds payload " 294 "max\n", __FUNCTION__, len); 295 length = -ERANGE; 296 goto out; 297 } 298 299 memcpy(buf, canon, len); 300 length = len; 301 out: 302 kfree(canon); 303 return length; 304 } 305 306 static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf, 307 size_t count, loff_t *ppos) 308 { 309 char tmpbuf[TMPBUFLEN]; 310 ssize_t length; 311 312 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", selinux_checkreqprot); 313 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 314 } 315 316 static ssize_t sel_write_checkreqprot(struct file * file, const char __user * buf, 317 size_t count, loff_t *ppos) 318 { 319 char *page; 320 ssize_t length; 321 unsigned int new_value; 322 323 length = task_has_security(current, SECURITY__SETCHECKREQPROT); 324 if (length) 325 return length; 326 327 if (count >= PAGE_SIZE) 328 return -ENOMEM; 329 if (*ppos != 0) { 330 /* No partial writes. */ 331 return -EINVAL; 332 } 333 page = (char*)get_zeroed_page(GFP_KERNEL); 334 if (!page) 335 return -ENOMEM; 336 length = -EFAULT; 337 if (copy_from_user(page, buf, count)) 338 goto out; 339 340 length = -EINVAL; 341 if (sscanf(page, "%u", &new_value) != 1) 342 goto out; 343 344 selinux_checkreqprot = new_value ? 1 : 0; 345 length = count; 346 out: 347 free_page((unsigned long) page); 348 return length; 349 } 350 static struct file_operations sel_checkreqprot_ops = { 351 .read = sel_read_checkreqprot, 352 .write = sel_write_checkreqprot, 353 }; 354 355 /* 356 * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c 357 */ 358 static ssize_t sel_write_access(struct file * file, char *buf, size_t size); 359 static ssize_t sel_write_create(struct file * file, char *buf, size_t size); 360 static ssize_t sel_write_relabel(struct file * file, char *buf, size_t size); 361 static ssize_t sel_write_user(struct file * file, char *buf, size_t size); 362 static ssize_t sel_write_member(struct file * file, char *buf, size_t size); 363 364 static ssize_t (*write_op[])(struct file *, char *, size_t) = { 365 [SEL_ACCESS] = sel_write_access, 366 [SEL_CREATE] = sel_write_create, 367 [SEL_RELABEL] = sel_write_relabel, 368 [SEL_USER] = sel_write_user, 369 [SEL_MEMBER] = sel_write_member, 370 [SEL_CONTEXT] = sel_write_context, 371 }; 372 373 static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos) 374 { 375 ino_t ino = file->f_dentry->d_inode->i_ino; 376 char *data; 377 ssize_t rv; 378 379 if (ino >= ARRAY_SIZE(write_op) || !write_op[ino]) 380 return -EINVAL; 381 382 data = simple_transaction_get(file, buf, size); 383 if (IS_ERR(data)) 384 return PTR_ERR(data); 385 386 rv = write_op[ino](file, data, size); 387 if (rv>0) { 388 simple_transaction_set(file, rv); 389 rv = size; 390 } 391 return rv; 392 } 393 394 static struct file_operations transaction_ops = { 395 .write = selinux_transaction_write, 396 .read = simple_transaction_read, 397 .release = simple_transaction_release, 398 }; 399 400 /* 401 * payload - write methods 402 * If the method has a response, the response should be put in buf, 403 * and the length returned. Otherwise return 0 or and -error. 404 */ 405 406 static ssize_t sel_write_access(struct file * file, char *buf, size_t size) 407 { 408 char *scon, *tcon; 409 u32 ssid, tsid; 410 u16 tclass; 411 u32 req; 412 struct av_decision avd; 413 ssize_t length; 414 415 length = task_has_security(current, SECURITY__COMPUTE_AV); 416 if (length) 417 return length; 418 419 length = -ENOMEM; 420 scon = kzalloc(size+1, GFP_KERNEL); 421 if (!scon) 422 return length; 423 424 tcon = kzalloc(size+1, GFP_KERNEL); 425 if (!tcon) 426 goto out; 427 428 length = -EINVAL; 429 if (sscanf(buf, "%s %s %hu %x", scon, tcon, &tclass, &req) != 4) 430 goto out2; 431 432 length = security_context_to_sid(scon, strlen(scon)+1, &ssid); 433 if (length < 0) 434 goto out2; 435 length = security_context_to_sid(tcon, strlen(tcon)+1, &tsid); 436 if (length < 0) 437 goto out2; 438 439 length = security_compute_av(ssid, tsid, tclass, req, &avd); 440 if (length < 0) 441 goto out2; 442 443 length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT, 444 "%x %x %x %x %u", 445 avd.allowed, avd.decided, 446 avd.auditallow, avd.auditdeny, 447 avd.seqno); 448 out2: 449 kfree(tcon); 450 out: 451 kfree(scon); 452 return length; 453 } 454 455 static ssize_t sel_write_create(struct file * file, char *buf, size_t size) 456 { 457 char *scon, *tcon; 458 u32 ssid, tsid, newsid; 459 u16 tclass; 460 ssize_t length; 461 char *newcon; 462 u32 len; 463 464 length = task_has_security(current, SECURITY__COMPUTE_CREATE); 465 if (length) 466 return length; 467 468 length = -ENOMEM; 469 scon = kzalloc(size+1, GFP_KERNEL); 470 if (!scon) 471 return length; 472 473 tcon = kzalloc(size+1, GFP_KERNEL); 474 if (!tcon) 475 goto out; 476 477 length = -EINVAL; 478 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 479 goto out2; 480 481 length = security_context_to_sid(scon, strlen(scon)+1, &ssid); 482 if (length < 0) 483 goto out2; 484 length = security_context_to_sid(tcon, strlen(tcon)+1, &tsid); 485 if (length < 0) 486 goto out2; 487 488 length = security_transition_sid(ssid, tsid, tclass, &newsid); 489 if (length < 0) 490 goto out2; 491 492 length = security_sid_to_context(newsid, &newcon, &len); 493 if (length < 0) 494 goto out2; 495 496 if (len > SIMPLE_TRANSACTION_LIMIT) { 497 printk(KERN_ERR "%s: context size (%u) exceeds payload " 498 "max\n", __FUNCTION__, len); 499 length = -ERANGE; 500 goto out3; 501 } 502 503 memcpy(buf, newcon, len); 504 length = len; 505 out3: 506 kfree(newcon); 507 out2: 508 kfree(tcon); 509 out: 510 kfree(scon); 511 return length; 512 } 513 514 static ssize_t sel_write_relabel(struct file * file, char *buf, size_t size) 515 { 516 char *scon, *tcon; 517 u32 ssid, tsid, newsid; 518 u16 tclass; 519 ssize_t length; 520 char *newcon; 521 u32 len; 522 523 length = task_has_security(current, SECURITY__COMPUTE_RELABEL); 524 if (length) 525 return length; 526 527 length = -ENOMEM; 528 scon = kzalloc(size+1, GFP_KERNEL); 529 if (!scon) 530 return length; 531 532 tcon = kzalloc(size+1, GFP_KERNEL); 533 if (!tcon) 534 goto out; 535 536 length = -EINVAL; 537 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 538 goto out2; 539 540 length = security_context_to_sid(scon, strlen(scon)+1, &ssid); 541 if (length < 0) 542 goto out2; 543 length = security_context_to_sid(tcon, strlen(tcon)+1, &tsid); 544 if (length < 0) 545 goto out2; 546 547 length = security_change_sid(ssid, tsid, tclass, &newsid); 548 if (length < 0) 549 goto out2; 550 551 length = security_sid_to_context(newsid, &newcon, &len); 552 if (length < 0) 553 goto out2; 554 555 if (len > SIMPLE_TRANSACTION_LIMIT) { 556 length = -ERANGE; 557 goto out3; 558 } 559 560 memcpy(buf, newcon, len); 561 length = len; 562 out3: 563 kfree(newcon); 564 out2: 565 kfree(tcon); 566 out: 567 kfree(scon); 568 return length; 569 } 570 571 static ssize_t sel_write_user(struct file * file, char *buf, size_t size) 572 { 573 char *con, *user, *ptr; 574 u32 sid, *sids; 575 ssize_t length; 576 char *newcon; 577 int i, rc; 578 u32 len, nsids; 579 580 length = task_has_security(current, SECURITY__COMPUTE_USER); 581 if (length) 582 return length; 583 584 length = -ENOMEM; 585 con = kzalloc(size+1, GFP_KERNEL); 586 if (!con) 587 return length; 588 589 user = kzalloc(size+1, GFP_KERNEL); 590 if (!user) 591 goto out; 592 593 length = -EINVAL; 594 if (sscanf(buf, "%s %s", con, user) != 2) 595 goto out2; 596 597 length = security_context_to_sid(con, strlen(con)+1, &sid); 598 if (length < 0) 599 goto out2; 600 601 length = security_get_user_sids(sid, user, &sids, &nsids); 602 if (length < 0) 603 goto out2; 604 605 length = sprintf(buf, "%u", nsids) + 1; 606 ptr = buf + length; 607 for (i = 0; i < nsids; i++) { 608 rc = security_sid_to_context(sids[i], &newcon, &len); 609 if (rc) { 610 length = rc; 611 goto out3; 612 } 613 if ((length + len) >= SIMPLE_TRANSACTION_LIMIT) { 614 kfree(newcon); 615 length = -ERANGE; 616 goto out3; 617 } 618 memcpy(ptr, newcon, len); 619 kfree(newcon); 620 ptr += len; 621 length += len; 622 } 623 out3: 624 kfree(sids); 625 out2: 626 kfree(user); 627 out: 628 kfree(con); 629 return length; 630 } 631 632 static ssize_t sel_write_member(struct file * file, char *buf, size_t size) 633 { 634 char *scon, *tcon; 635 u32 ssid, tsid, newsid; 636 u16 tclass; 637 ssize_t length; 638 char *newcon; 639 u32 len; 640 641 length = task_has_security(current, SECURITY__COMPUTE_MEMBER); 642 if (length) 643 return length; 644 645 length = -ENOMEM; 646 scon = kzalloc(size+1, GFP_KERNEL); 647 if (!scon) 648 return length; 649 650 tcon = kzalloc(size+1, GFP_KERNEL); 651 if (!tcon) 652 goto out; 653 654 length = -EINVAL; 655 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 656 goto out2; 657 658 length = security_context_to_sid(scon, strlen(scon)+1, &ssid); 659 if (length < 0) 660 goto out2; 661 length = security_context_to_sid(tcon, strlen(tcon)+1, &tsid); 662 if (length < 0) 663 goto out2; 664 665 length = security_member_sid(ssid, tsid, tclass, &newsid); 666 if (length < 0) 667 goto out2; 668 669 length = security_sid_to_context(newsid, &newcon, &len); 670 if (length < 0) 671 goto out2; 672 673 if (len > SIMPLE_TRANSACTION_LIMIT) { 674 printk(KERN_ERR "%s: context size (%u) exceeds payload " 675 "max\n", __FUNCTION__, len); 676 length = -ERANGE; 677 goto out3; 678 } 679 680 memcpy(buf, newcon, len); 681 length = len; 682 out3: 683 kfree(newcon); 684 out2: 685 kfree(tcon); 686 out: 687 kfree(scon); 688 return length; 689 } 690 691 static struct inode *sel_make_inode(struct super_block *sb, int mode) 692 { 693 struct inode *ret = new_inode(sb); 694 695 if (ret) { 696 ret->i_mode = mode; 697 ret->i_uid = ret->i_gid = 0; 698 ret->i_blksize = PAGE_CACHE_SIZE; 699 ret->i_blocks = 0; 700 ret->i_atime = ret->i_mtime = ret->i_ctime = CURRENT_TIME; 701 } 702 return ret; 703 } 704 705 #define BOOL_INO_OFFSET 30 706 707 static ssize_t sel_read_bool(struct file *filep, char __user *buf, 708 size_t count, loff_t *ppos) 709 { 710 char *page = NULL; 711 ssize_t length; 712 ssize_t end; 713 ssize_t ret; 714 int cur_enforcing; 715 struct inode *inode; 716 717 down(&sel_sem); 718 719 ret = -EFAULT; 720 721 /* check to see if this file has been deleted */ 722 if (!filep->f_op) 723 goto out; 724 725 if (count > PAGE_SIZE) { 726 ret = -EINVAL; 727 goto out; 728 } 729 if (!(page = (char*)get_zeroed_page(GFP_KERNEL))) { 730 ret = -ENOMEM; 731 goto out; 732 } 733 734 inode = filep->f_dentry->d_inode; 735 cur_enforcing = security_get_bool_value(inode->i_ino - BOOL_INO_OFFSET); 736 if (cur_enforcing < 0) { 737 ret = cur_enforcing; 738 goto out; 739 } 740 741 length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing, 742 bool_pending_values[inode->i_ino - BOOL_INO_OFFSET]); 743 if (length < 0) { 744 ret = length; 745 goto out; 746 } 747 748 if (*ppos >= length) { 749 ret = 0; 750 goto out; 751 } 752 if (count + *ppos > length) 753 count = length - *ppos; 754 end = count + *ppos; 755 if (copy_to_user(buf, (char *) page + *ppos, count)) { 756 ret = -EFAULT; 757 goto out; 758 } 759 *ppos = end; 760 ret = count; 761 out: 762 up(&sel_sem); 763 if (page) 764 free_page((unsigned long)page); 765 return ret; 766 } 767 768 static ssize_t sel_write_bool(struct file *filep, const char __user *buf, 769 size_t count, loff_t *ppos) 770 { 771 char *page = NULL; 772 ssize_t length = -EFAULT; 773 int new_value; 774 struct inode *inode; 775 776 down(&sel_sem); 777 778 length = task_has_security(current, SECURITY__SETBOOL); 779 if (length) 780 goto out; 781 782 /* check to see if this file has been deleted */ 783 if (!filep->f_op) 784 goto out; 785 786 if (count >= PAGE_SIZE) { 787 length = -ENOMEM; 788 goto out; 789 } 790 if (*ppos != 0) { 791 /* No partial writes. */ 792 goto out; 793 } 794 page = (char*)get_zeroed_page(GFP_KERNEL); 795 if (!page) { 796 length = -ENOMEM; 797 goto out; 798 } 799 800 if (copy_from_user(page, buf, count)) 801 goto out; 802 803 length = -EINVAL; 804 if (sscanf(page, "%d", &new_value) != 1) 805 goto out; 806 807 if (new_value) 808 new_value = 1; 809 810 inode = filep->f_dentry->d_inode; 811 bool_pending_values[inode->i_ino - BOOL_INO_OFFSET] = new_value; 812 length = count; 813 814 out: 815 up(&sel_sem); 816 if (page) 817 free_page((unsigned long) page); 818 return length; 819 } 820 821 static struct file_operations sel_bool_ops = { 822 .read = sel_read_bool, 823 .write = sel_write_bool, 824 }; 825 826 static ssize_t sel_commit_bools_write(struct file *filep, 827 const char __user *buf, 828 size_t count, loff_t *ppos) 829 { 830 char *page = NULL; 831 ssize_t length = -EFAULT; 832 int new_value; 833 834 down(&sel_sem); 835 836 length = task_has_security(current, SECURITY__SETBOOL); 837 if (length) 838 goto out; 839 840 /* check to see if this file has been deleted */ 841 if (!filep->f_op) 842 goto out; 843 844 if (count >= PAGE_SIZE) { 845 length = -ENOMEM; 846 goto out; 847 } 848 if (*ppos != 0) { 849 /* No partial writes. */ 850 goto out; 851 } 852 page = (char*)get_zeroed_page(GFP_KERNEL); 853 if (!page) { 854 length = -ENOMEM; 855 goto out; 856 } 857 858 if (copy_from_user(page, buf, count)) 859 goto out; 860 861 length = -EINVAL; 862 if (sscanf(page, "%d", &new_value) != 1) 863 goto out; 864 865 if (new_value && bool_pending_values) { 866 security_set_bools(bool_num, bool_pending_values); 867 } 868 869 length = count; 870 871 out: 872 up(&sel_sem); 873 if (page) 874 free_page((unsigned long) page); 875 return length; 876 } 877 878 static struct file_operations sel_commit_bools_ops = { 879 .write = sel_commit_bools_write, 880 }; 881 882 /* delete booleans - partial revoke() from 883 * fs/proc/generic.c proc_kill_inodes */ 884 static void sel_remove_bools(struct dentry *de) 885 { 886 struct list_head *p, *node; 887 struct super_block *sb = de->d_sb; 888 889 spin_lock(&dcache_lock); 890 node = de->d_subdirs.next; 891 while (node != &de->d_subdirs) { 892 struct dentry *d = list_entry(node, struct dentry, d_u.d_child); 893 list_del_init(node); 894 895 if (d->d_inode) { 896 d = dget_locked(d); 897 spin_unlock(&dcache_lock); 898 d_delete(d); 899 simple_unlink(de->d_inode, d); 900 dput(d); 901 spin_lock(&dcache_lock); 902 } 903 node = de->d_subdirs.next; 904 } 905 906 spin_unlock(&dcache_lock); 907 908 file_list_lock(); 909 list_for_each(p, &sb->s_files) { 910 struct file * filp = list_entry(p, struct file, f_u.fu_list); 911 struct dentry * dentry = filp->f_dentry; 912 913 if (dentry->d_parent != de) { 914 continue; 915 } 916 filp->f_op = NULL; 917 } 918 file_list_unlock(); 919 } 920 921 #define BOOL_DIR_NAME "booleans" 922 923 static int sel_make_bools(void) 924 { 925 int i, ret = 0; 926 ssize_t len; 927 struct dentry *dentry = NULL; 928 struct dentry *dir = bool_dir; 929 struct inode *inode = NULL; 930 struct inode_security_struct *isec; 931 char **names = NULL, *page; 932 int num; 933 int *values = NULL; 934 u32 sid; 935 936 /* remove any existing files */ 937 kfree(bool_pending_values); 938 bool_pending_values = NULL; 939 940 sel_remove_bools(dir); 941 942 if (!(page = (char*)get_zeroed_page(GFP_KERNEL))) 943 return -ENOMEM; 944 945 ret = security_get_bools(&num, &names, &values); 946 if (ret != 0) 947 goto out; 948 949 for (i = 0; i < num; i++) { 950 dentry = d_alloc_name(dir, names[i]); 951 if (!dentry) { 952 ret = -ENOMEM; 953 goto err; 954 } 955 inode = sel_make_inode(dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR); 956 if (!inode) { 957 ret = -ENOMEM; 958 goto err; 959 } 960 961 len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]); 962 if (len < 0) { 963 ret = -EINVAL; 964 goto err; 965 } else if (len >= PAGE_SIZE) { 966 ret = -ENAMETOOLONG; 967 goto err; 968 } 969 isec = (struct inode_security_struct*)inode->i_security; 970 if ((ret = security_genfs_sid("selinuxfs", page, SECCLASS_FILE, &sid))) 971 goto err; 972 isec->sid = sid; 973 isec->initialized = 1; 974 inode->i_fop = &sel_bool_ops; 975 inode->i_ino = i + BOOL_INO_OFFSET; 976 d_add(dentry, inode); 977 } 978 bool_num = num; 979 bool_pending_values = values; 980 out: 981 free_page((unsigned long)page); 982 if (names) { 983 for (i = 0; i < num; i++) 984 kfree(names[i]); 985 kfree(names); 986 } 987 return ret; 988 err: 989 kfree(values); 990 d_genocide(dir); 991 ret = -ENOMEM; 992 goto out; 993 } 994 995 #define NULL_FILE_NAME "null" 996 997 struct dentry *selinux_null = NULL; 998 999 static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf, 1000 size_t count, loff_t *ppos) 1001 { 1002 char tmpbuf[TMPBUFLEN]; 1003 ssize_t length; 1004 1005 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", avc_cache_threshold); 1006 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 1007 } 1008 1009 static ssize_t sel_write_avc_cache_threshold(struct file * file, 1010 const char __user * buf, 1011 size_t count, loff_t *ppos) 1012 1013 { 1014 char *page; 1015 ssize_t ret; 1016 int new_value; 1017 1018 if (count >= PAGE_SIZE) { 1019 ret = -ENOMEM; 1020 goto out; 1021 } 1022 1023 if (*ppos != 0) { 1024 /* No partial writes. */ 1025 ret = -EINVAL; 1026 goto out; 1027 } 1028 1029 page = (char*)get_zeroed_page(GFP_KERNEL); 1030 if (!page) { 1031 ret = -ENOMEM; 1032 goto out; 1033 } 1034 1035 if (copy_from_user(page, buf, count)) { 1036 ret = -EFAULT; 1037 goto out_free; 1038 } 1039 1040 if (sscanf(page, "%u", &new_value) != 1) { 1041 ret = -EINVAL; 1042 goto out; 1043 } 1044 1045 if (new_value != avc_cache_threshold) { 1046 ret = task_has_security(current, SECURITY__SETSECPARAM); 1047 if (ret) 1048 goto out_free; 1049 avc_cache_threshold = new_value; 1050 } 1051 ret = count; 1052 out_free: 1053 free_page((unsigned long)page); 1054 out: 1055 return ret; 1056 } 1057 1058 static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf, 1059 size_t count, loff_t *ppos) 1060 { 1061 char *page; 1062 ssize_t ret = 0; 1063 1064 page = (char *)__get_free_page(GFP_KERNEL); 1065 if (!page) { 1066 ret = -ENOMEM; 1067 goto out; 1068 } 1069 ret = avc_get_hash_stats(page); 1070 if (ret >= 0) 1071 ret = simple_read_from_buffer(buf, count, ppos, page, ret); 1072 free_page((unsigned long)page); 1073 out: 1074 return ret; 1075 } 1076 1077 static struct file_operations sel_avc_cache_threshold_ops = { 1078 .read = sel_read_avc_cache_threshold, 1079 .write = sel_write_avc_cache_threshold, 1080 }; 1081 1082 static struct file_operations sel_avc_hash_stats_ops = { 1083 .read = sel_read_avc_hash_stats, 1084 }; 1085 1086 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 1087 static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx) 1088 { 1089 int cpu; 1090 1091 for (cpu = *idx; cpu < NR_CPUS; ++cpu) { 1092 if (!cpu_possible(cpu)) 1093 continue; 1094 *idx = cpu + 1; 1095 return &per_cpu(avc_cache_stats, cpu); 1096 } 1097 return NULL; 1098 } 1099 1100 static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos) 1101 { 1102 loff_t n = *pos - 1; 1103 1104 if (*pos == 0) 1105 return SEQ_START_TOKEN; 1106 1107 return sel_avc_get_stat_idx(&n); 1108 } 1109 1110 static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos) 1111 { 1112 return sel_avc_get_stat_idx(pos); 1113 } 1114 1115 static int sel_avc_stats_seq_show(struct seq_file *seq, void *v) 1116 { 1117 struct avc_cache_stats *st = v; 1118 1119 if (v == SEQ_START_TOKEN) 1120 seq_printf(seq, "lookups hits misses allocations reclaims " 1121 "frees\n"); 1122 else 1123 seq_printf(seq, "%u %u %u %u %u %u\n", st->lookups, 1124 st->hits, st->misses, st->allocations, 1125 st->reclaims, st->frees); 1126 return 0; 1127 } 1128 1129 static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v) 1130 { } 1131 1132 static struct seq_operations sel_avc_cache_stats_seq_ops = { 1133 .start = sel_avc_stats_seq_start, 1134 .next = sel_avc_stats_seq_next, 1135 .show = sel_avc_stats_seq_show, 1136 .stop = sel_avc_stats_seq_stop, 1137 }; 1138 1139 static int sel_open_avc_cache_stats(struct inode *inode, struct file *file) 1140 { 1141 return seq_open(file, &sel_avc_cache_stats_seq_ops); 1142 } 1143 1144 static struct file_operations sel_avc_cache_stats_ops = { 1145 .open = sel_open_avc_cache_stats, 1146 .read = seq_read, 1147 .llseek = seq_lseek, 1148 .release = seq_release, 1149 }; 1150 #endif 1151 1152 static int sel_make_avc_files(struct dentry *dir) 1153 { 1154 int i, ret = 0; 1155 static struct tree_descr files[] = { 1156 { "cache_threshold", 1157 &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR }, 1158 { "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO }, 1159 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 1160 { "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO }, 1161 #endif 1162 }; 1163 1164 for (i = 0; i < ARRAY_SIZE(files); i++) { 1165 struct inode *inode; 1166 struct dentry *dentry; 1167 1168 dentry = d_alloc_name(dir, files[i].name); 1169 if (!dentry) { 1170 ret = -ENOMEM; 1171 goto err; 1172 } 1173 1174 inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode); 1175 if (!inode) { 1176 ret = -ENOMEM; 1177 goto err; 1178 } 1179 inode->i_fop = files[i].ops; 1180 d_add(dentry, inode); 1181 } 1182 out: 1183 return ret; 1184 err: 1185 d_genocide(dir); 1186 goto out; 1187 } 1188 1189 static int sel_make_dir(struct super_block *sb, struct dentry *dentry) 1190 { 1191 int ret = 0; 1192 struct inode *inode; 1193 1194 inode = sel_make_inode(sb, S_IFDIR | S_IRUGO | S_IXUGO); 1195 if (!inode) { 1196 ret = -ENOMEM; 1197 goto out; 1198 } 1199 inode->i_op = &simple_dir_inode_operations; 1200 inode->i_fop = &simple_dir_operations; 1201 d_add(dentry, inode); 1202 out: 1203 return ret; 1204 } 1205 1206 static int sel_fill_super(struct super_block * sb, void * data, int silent) 1207 { 1208 int ret; 1209 struct dentry *dentry; 1210 struct inode *inode; 1211 struct inode_security_struct *isec; 1212 1213 static struct tree_descr selinux_files[] = { 1214 [SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR}, 1215 [SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR}, 1216 [SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO}, 1217 [SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO}, 1218 [SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO}, 1219 [SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO}, 1220 [SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO}, 1221 [SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO}, 1222 [SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR}, 1223 [SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO}, 1224 [SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR}, 1225 [SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO}, 1226 [SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR}, 1227 /* last one */ {""} 1228 }; 1229 ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files); 1230 if (ret) 1231 return ret; 1232 1233 dentry = d_alloc_name(sb->s_root, BOOL_DIR_NAME); 1234 if (!dentry) 1235 return -ENOMEM; 1236 1237 inode = sel_make_inode(sb, S_IFDIR | S_IRUGO | S_IXUGO); 1238 if (!inode) 1239 goto out; 1240 inode->i_op = &simple_dir_inode_operations; 1241 inode->i_fop = &simple_dir_operations; 1242 d_add(dentry, inode); 1243 bool_dir = dentry; 1244 ret = sel_make_bools(); 1245 if (ret) 1246 goto out; 1247 1248 dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME); 1249 if (!dentry) 1250 return -ENOMEM; 1251 1252 inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO); 1253 if (!inode) 1254 goto out; 1255 isec = (struct inode_security_struct*)inode->i_security; 1256 isec->sid = SECINITSID_DEVNULL; 1257 isec->sclass = SECCLASS_CHR_FILE; 1258 isec->initialized = 1; 1259 1260 init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3)); 1261 d_add(dentry, inode); 1262 selinux_null = dentry; 1263 1264 dentry = d_alloc_name(sb->s_root, "avc"); 1265 if (!dentry) 1266 return -ENOMEM; 1267 1268 ret = sel_make_dir(sb, dentry); 1269 if (ret) 1270 goto out; 1271 1272 ret = sel_make_avc_files(dentry); 1273 if (ret) 1274 goto out; 1275 1276 return 0; 1277 out: 1278 dput(dentry); 1279 printk(KERN_ERR "%s: failed while creating inodes\n", __FUNCTION__); 1280 return -ENOMEM; 1281 } 1282 1283 static struct super_block *sel_get_sb(struct file_system_type *fs_type, 1284 int flags, const char *dev_name, void *data) 1285 { 1286 return get_sb_single(fs_type, flags, data, sel_fill_super); 1287 } 1288 1289 static struct file_system_type sel_fs_type = { 1290 .name = "selinuxfs", 1291 .get_sb = sel_get_sb, 1292 .kill_sb = kill_litter_super, 1293 }; 1294 1295 struct vfsmount *selinuxfs_mount; 1296 1297 static int __init init_sel_fs(void) 1298 { 1299 int err; 1300 1301 if (!selinux_enabled) 1302 return 0; 1303 err = register_filesystem(&sel_fs_type); 1304 if (!err) { 1305 selinuxfs_mount = kern_mount(&sel_fs_type); 1306 if (IS_ERR(selinuxfs_mount)) { 1307 printk(KERN_ERR "selinuxfs: could not mount!\n"); 1308 err = PTR_ERR(selinuxfs_mount); 1309 selinuxfs_mount = NULL; 1310 } 1311 } 1312 return err; 1313 } 1314 1315 __initcall(init_sel_fs); 1316 1317 #ifdef CONFIG_SECURITY_SELINUX_DISABLE 1318 void exit_sel_fs(void) 1319 { 1320 unregister_filesystem(&sel_fs_type); 1321 } 1322 #endif 1323