1 /* Updated: Karl MacMillan <kmacmillan@tresys.com> 2 * 3 * Added conditional policy language extensions 4 * 5 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 6 * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation, version 2. 10 */ 11 12 #include <linux/config.h> 13 #include <linux/kernel.h> 14 #include <linux/pagemap.h> 15 #include <linux/slab.h> 16 #include <linux/vmalloc.h> 17 #include <linux/fs.h> 18 #include <linux/mutex.h> 19 #include <linux/init.h> 20 #include <linux/string.h> 21 #include <linux/security.h> 22 #include <linux/major.h> 23 #include <linux/seq_file.h> 24 #include <linux/percpu.h> 25 #include <linux/audit.h> 26 #include <asm/uaccess.h> 27 #include <asm/semaphore.h> 28 29 /* selinuxfs pseudo filesystem for exporting the security policy API. 30 Based on the proc code and the fs/nfsd/nfsctl.c code. */ 31 32 #include "flask.h" 33 #include "avc.h" 34 #include "avc_ss.h" 35 #include "security.h" 36 #include "objsec.h" 37 #include "conditional.h" 38 39 unsigned int selinux_checkreqprot = CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE; 40 41 static int __init checkreqprot_setup(char *str) 42 { 43 selinux_checkreqprot = simple_strtoul(str,NULL,0) ? 1 : 0; 44 return 1; 45 } 46 __setup("checkreqprot=", checkreqprot_setup); 47 48 49 static DEFINE_MUTEX(sel_mutex); 50 51 /* global data for booleans */ 52 static struct dentry *bool_dir = NULL; 53 static int bool_num = 0; 54 static int *bool_pending_values = NULL; 55 56 extern void selnl_notify_setenforce(int val); 57 58 /* Check whether a task is allowed to use a security operation. */ 59 static int task_has_security(struct task_struct *tsk, 60 u32 perms) 61 { 62 struct task_security_struct *tsec; 63 64 tsec = tsk->security; 65 if (!tsec) 66 return -EACCES; 67 68 return avc_has_perm(tsec->sid, SECINITSID_SECURITY, 69 SECCLASS_SECURITY, perms, NULL); 70 } 71 72 enum sel_inos { 73 SEL_ROOT_INO = 2, 74 SEL_LOAD, /* load policy */ 75 SEL_ENFORCE, /* get or set enforcing status */ 76 SEL_CONTEXT, /* validate context */ 77 SEL_ACCESS, /* compute access decision */ 78 SEL_CREATE, /* compute create labeling decision */ 79 SEL_RELABEL, /* compute relabeling decision */ 80 SEL_USER, /* compute reachable user contexts */ 81 SEL_POLICYVERS, /* return policy version for this kernel */ 82 SEL_COMMIT_BOOLS, /* commit new boolean values */ 83 SEL_MLS, /* return if MLS policy is enabled */ 84 SEL_DISABLE, /* disable SELinux until next reboot */ 85 SEL_AVC, /* AVC management directory */ 86 SEL_MEMBER, /* compute polyinstantiation membership decision */ 87 SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */ 88 }; 89 90 #define TMPBUFLEN 12 91 static ssize_t sel_read_enforce(struct file *filp, char __user *buf, 92 size_t count, loff_t *ppos) 93 { 94 char tmpbuf[TMPBUFLEN]; 95 ssize_t length; 96 97 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", selinux_enforcing); 98 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 99 } 100 101 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP 102 static ssize_t sel_write_enforce(struct file * file, const char __user * buf, 103 size_t count, loff_t *ppos) 104 105 { 106 char *page; 107 ssize_t length; 108 int new_value; 109 110 if (count >= PAGE_SIZE) 111 return -ENOMEM; 112 if (*ppos != 0) { 113 /* No partial writes. */ 114 return -EINVAL; 115 } 116 page = (char*)get_zeroed_page(GFP_KERNEL); 117 if (!page) 118 return -ENOMEM; 119 length = -EFAULT; 120 if (copy_from_user(page, buf, count)) 121 goto out; 122 123 length = -EINVAL; 124 if (sscanf(page, "%d", &new_value) != 1) 125 goto out; 126 127 if (new_value != selinux_enforcing) { 128 length = task_has_security(current, SECURITY__SETENFORCE); 129 if (length) 130 goto out; 131 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, 132 "enforcing=%d old_enforcing=%d auid=%u", new_value, 133 selinux_enforcing, 134 audit_get_loginuid(current->audit_context)); 135 selinux_enforcing = new_value; 136 if (selinux_enforcing) 137 avc_ss_reset(0); 138 selnl_notify_setenforce(selinux_enforcing); 139 } 140 length = count; 141 out: 142 free_page((unsigned long) page); 143 return length; 144 } 145 #else 146 #define sel_write_enforce NULL 147 #endif 148 149 static struct file_operations sel_enforce_ops = { 150 .read = sel_read_enforce, 151 .write = sel_write_enforce, 152 }; 153 154 #ifdef CONFIG_SECURITY_SELINUX_DISABLE 155 static ssize_t sel_write_disable(struct file * file, const char __user * buf, 156 size_t count, loff_t *ppos) 157 158 { 159 char *page; 160 ssize_t length; 161 int new_value; 162 extern int selinux_disable(void); 163 164 if (count >= PAGE_SIZE) 165 return -ENOMEM; 166 if (*ppos != 0) { 167 /* No partial writes. */ 168 return -EINVAL; 169 } 170 page = (char*)get_zeroed_page(GFP_KERNEL); 171 if (!page) 172 return -ENOMEM; 173 length = -EFAULT; 174 if (copy_from_user(page, buf, count)) 175 goto out; 176 177 length = -EINVAL; 178 if (sscanf(page, "%d", &new_value) != 1) 179 goto out; 180 181 if (new_value) { 182 length = selinux_disable(); 183 if (length < 0) 184 goto out; 185 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, 186 "selinux=0 auid=%u", 187 audit_get_loginuid(current->audit_context)); 188 } 189 190 length = count; 191 out: 192 free_page((unsigned long) page); 193 return length; 194 } 195 #else 196 #define sel_write_disable NULL 197 #endif 198 199 static struct file_operations sel_disable_ops = { 200 .write = sel_write_disable, 201 }; 202 203 static ssize_t sel_read_policyvers(struct file *filp, char __user *buf, 204 size_t count, loff_t *ppos) 205 { 206 char tmpbuf[TMPBUFLEN]; 207 ssize_t length; 208 209 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX); 210 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 211 } 212 213 static struct file_operations sel_policyvers_ops = { 214 .read = sel_read_policyvers, 215 }; 216 217 /* declaration for sel_write_load */ 218 static int sel_make_bools(void); 219 220 static ssize_t sel_read_mls(struct file *filp, char __user *buf, 221 size_t count, loff_t *ppos) 222 { 223 char tmpbuf[TMPBUFLEN]; 224 ssize_t length; 225 226 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", selinux_mls_enabled); 227 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 228 } 229 230 static struct file_operations sel_mls_ops = { 231 .read = sel_read_mls, 232 }; 233 234 static ssize_t sel_write_load(struct file * file, const char __user * buf, 235 size_t count, loff_t *ppos) 236 237 { 238 int ret; 239 ssize_t length; 240 void *data = NULL; 241 242 mutex_lock(&sel_mutex); 243 244 length = task_has_security(current, SECURITY__LOAD_POLICY); 245 if (length) 246 goto out; 247 248 if (*ppos != 0) { 249 /* No partial writes. */ 250 length = -EINVAL; 251 goto out; 252 } 253 254 if ((count > 64 * 1024 * 1024) 255 || (data = vmalloc(count)) == NULL) { 256 length = -ENOMEM; 257 goto out; 258 } 259 260 length = -EFAULT; 261 if (copy_from_user(data, buf, count) != 0) 262 goto out; 263 264 length = security_load_policy(data, count); 265 if (length) 266 goto out; 267 268 ret = sel_make_bools(); 269 if (ret) 270 length = ret; 271 else 272 length = count; 273 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, 274 "policy loaded auid=%u", 275 audit_get_loginuid(current->audit_context)); 276 out: 277 mutex_unlock(&sel_mutex); 278 vfree(data); 279 return length; 280 } 281 282 static struct file_operations sel_load_ops = { 283 .write = sel_write_load, 284 }; 285 286 static ssize_t sel_write_context(struct file * file, char *buf, size_t size) 287 { 288 char *canon; 289 u32 sid, len; 290 ssize_t length; 291 292 length = task_has_security(current, SECURITY__CHECK_CONTEXT); 293 if (length) 294 return length; 295 296 length = security_context_to_sid(buf, size, &sid); 297 if (length < 0) 298 return length; 299 300 length = security_sid_to_context(sid, &canon, &len); 301 if (length < 0) 302 return length; 303 304 if (len > SIMPLE_TRANSACTION_LIMIT) { 305 printk(KERN_ERR "%s: context size (%u) exceeds payload " 306 "max\n", __FUNCTION__, len); 307 length = -ERANGE; 308 goto out; 309 } 310 311 memcpy(buf, canon, len); 312 length = len; 313 out: 314 kfree(canon); 315 return length; 316 } 317 318 static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf, 319 size_t count, loff_t *ppos) 320 { 321 char tmpbuf[TMPBUFLEN]; 322 ssize_t length; 323 324 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", selinux_checkreqprot); 325 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 326 } 327 328 static ssize_t sel_write_checkreqprot(struct file * file, const char __user * buf, 329 size_t count, loff_t *ppos) 330 { 331 char *page; 332 ssize_t length; 333 unsigned int new_value; 334 335 length = task_has_security(current, SECURITY__SETCHECKREQPROT); 336 if (length) 337 return length; 338 339 if (count >= PAGE_SIZE) 340 return -ENOMEM; 341 if (*ppos != 0) { 342 /* No partial writes. */ 343 return -EINVAL; 344 } 345 page = (char*)get_zeroed_page(GFP_KERNEL); 346 if (!page) 347 return -ENOMEM; 348 length = -EFAULT; 349 if (copy_from_user(page, buf, count)) 350 goto out; 351 352 length = -EINVAL; 353 if (sscanf(page, "%u", &new_value) != 1) 354 goto out; 355 356 selinux_checkreqprot = new_value ? 1 : 0; 357 length = count; 358 out: 359 free_page((unsigned long) page); 360 return length; 361 } 362 static struct file_operations sel_checkreqprot_ops = { 363 .read = sel_read_checkreqprot, 364 .write = sel_write_checkreqprot, 365 }; 366 367 /* 368 * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c 369 */ 370 static ssize_t sel_write_access(struct file * file, char *buf, size_t size); 371 static ssize_t sel_write_create(struct file * file, char *buf, size_t size); 372 static ssize_t sel_write_relabel(struct file * file, char *buf, size_t size); 373 static ssize_t sel_write_user(struct file * file, char *buf, size_t size); 374 static ssize_t sel_write_member(struct file * file, char *buf, size_t size); 375 376 static ssize_t (*write_op[])(struct file *, char *, size_t) = { 377 [SEL_ACCESS] = sel_write_access, 378 [SEL_CREATE] = sel_write_create, 379 [SEL_RELABEL] = sel_write_relabel, 380 [SEL_USER] = sel_write_user, 381 [SEL_MEMBER] = sel_write_member, 382 [SEL_CONTEXT] = sel_write_context, 383 }; 384 385 static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos) 386 { 387 ino_t ino = file->f_dentry->d_inode->i_ino; 388 char *data; 389 ssize_t rv; 390 391 if (ino >= ARRAY_SIZE(write_op) || !write_op[ino]) 392 return -EINVAL; 393 394 data = simple_transaction_get(file, buf, size); 395 if (IS_ERR(data)) 396 return PTR_ERR(data); 397 398 rv = write_op[ino](file, data, size); 399 if (rv>0) { 400 simple_transaction_set(file, rv); 401 rv = size; 402 } 403 return rv; 404 } 405 406 static struct file_operations transaction_ops = { 407 .write = selinux_transaction_write, 408 .read = simple_transaction_read, 409 .release = simple_transaction_release, 410 }; 411 412 /* 413 * payload - write methods 414 * If the method has a response, the response should be put in buf, 415 * and the length returned. Otherwise return 0 or and -error. 416 */ 417 418 static ssize_t sel_write_access(struct file * file, char *buf, size_t size) 419 { 420 char *scon, *tcon; 421 u32 ssid, tsid; 422 u16 tclass; 423 u32 req; 424 struct av_decision avd; 425 ssize_t length; 426 427 length = task_has_security(current, SECURITY__COMPUTE_AV); 428 if (length) 429 return length; 430 431 length = -ENOMEM; 432 scon = kzalloc(size+1, GFP_KERNEL); 433 if (!scon) 434 return length; 435 436 tcon = kzalloc(size+1, GFP_KERNEL); 437 if (!tcon) 438 goto out; 439 440 length = -EINVAL; 441 if (sscanf(buf, "%s %s %hu %x", scon, tcon, &tclass, &req) != 4) 442 goto out2; 443 444 length = security_context_to_sid(scon, strlen(scon)+1, &ssid); 445 if (length < 0) 446 goto out2; 447 length = security_context_to_sid(tcon, strlen(tcon)+1, &tsid); 448 if (length < 0) 449 goto out2; 450 451 length = security_compute_av(ssid, tsid, tclass, req, &avd); 452 if (length < 0) 453 goto out2; 454 455 length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT, 456 "%x %x %x %x %u", 457 avd.allowed, avd.decided, 458 avd.auditallow, avd.auditdeny, 459 avd.seqno); 460 out2: 461 kfree(tcon); 462 out: 463 kfree(scon); 464 return length; 465 } 466 467 static ssize_t sel_write_create(struct file * file, char *buf, size_t size) 468 { 469 char *scon, *tcon; 470 u32 ssid, tsid, newsid; 471 u16 tclass; 472 ssize_t length; 473 char *newcon; 474 u32 len; 475 476 length = task_has_security(current, SECURITY__COMPUTE_CREATE); 477 if (length) 478 return length; 479 480 length = -ENOMEM; 481 scon = kzalloc(size+1, GFP_KERNEL); 482 if (!scon) 483 return length; 484 485 tcon = kzalloc(size+1, GFP_KERNEL); 486 if (!tcon) 487 goto out; 488 489 length = -EINVAL; 490 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 491 goto out2; 492 493 length = security_context_to_sid(scon, strlen(scon)+1, &ssid); 494 if (length < 0) 495 goto out2; 496 length = security_context_to_sid(tcon, strlen(tcon)+1, &tsid); 497 if (length < 0) 498 goto out2; 499 500 length = security_transition_sid(ssid, tsid, tclass, &newsid); 501 if (length < 0) 502 goto out2; 503 504 length = security_sid_to_context(newsid, &newcon, &len); 505 if (length < 0) 506 goto out2; 507 508 if (len > SIMPLE_TRANSACTION_LIMIT) { 509 printk(KERN_ERR "%s: context size (%u) exceeds payload " 510 "max\n", __FUNCTION__, len); 511 length = -ERANGE; 512 goto out3; 513 } 514 515 memcpy(buf, newcon, len); 516 length = len; 517 out3: 518 kfree(newcon); 519 out2: 520 kfree(tcon); 521 out: 522 kfree(scon); 523 return length; 524 } 525 526 static ssize_t sel_write_relabel(struct file * file, char *buf, size_t size) 527 { 528 char *scon, *tcon; 529 u32 ssid, tsid, newsid; 530 u16 tclass; 531 ssize_t length; 532 char *newcon; 533 u32 len; 534 535 length = task_has_security(current, SECURITY__COMPUTE_RELABEL); 536 if (length) 537 return length; 538 539 length = -ENOMEM; 540 scon = kzalloc(size+1, GFP_KERNEL); 541 if (!scon) 542 return length; 543 544 tcon = kzalloc(size+1, GFP_KERNEL); 545 if (!tcon) 546 goto out; 547 548 length = -EINVAL; 549 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 550 goto out2; 551 552 length = security_context_to_sid(scon, strlen(scon)+1, &ssid); 553 if (length < 0) 554 goto out2; 555 length = security_context_to_sid(tcon, strlen(tcon)+1, &tsid); 556 if (length < 0) 557 goto out2; 558 559 length = security_change_sid(ssid, tsid, tclass, &newsid); 560 if (length < 0) 561 goto out2; 562 563 length = security_sid_to_context(newsid, &newcon, &len); 564 if (length < 0) 565 goto out2; 566 567 if (len > SIMPLE_TRANSACTION_LIMIT) { 568 length = -ERANGE; 569 goto out3; 570 } 571 572 memcpy(buf, newcon, len); 573 length = len; 574 out3: 575 kfree(newcon); 576 out2: 577 kfree(tcon); 578 out: 579 kfree(scon); 580 return length; 581 } 582 583 static ssize_t sel_write_user(struct file * file, char *buf, size_t size) 584 { 585 char *con, *user, *ptr; 586 u32 sid, *sids; 587 ssize_t length; 588 char *newcon; 589 int i, rc; 590 u32 len, nsids; 591 592 length = task_has_security(current, SECURITY__COMPUTE_USER); 593 if (length) 594 return length; 595 596 length = -ENOMEM; 597 con = kzalloc(size+1, GFP_KERNEL); 598 if (!con) 599 return length; 600 601 user = kzalloc(size+1, GFP_KERNEL); 602 if (!user) 603 goto out; 604 605 length = -EINVAL; 606 if (sscanf(buf, "%s %s", con, user) != 2) 607 goto out2; 608 609 length = security_context_to_sid(con, strlen(con)+1, &sid); 610 if (length < 0) 611 goto out2; 612 613 length = security_get_user_sids(sid, user, &sids, &nsids); 614 if (length < 0) 615 goto out2; 616 617 length = sprintf(buf, "%u", nsids) + 1; 618 ptr = buf + length; 619 for (i = 0; i < nsids; i++) { 620 rc = security_sid_to_context(sids[i], &newcon, &len); 621 if (rc) { 622 length = rc; 623 goto out3; 624 } 625 if ((length + len) >= SIMPLE_TRANSACTION_LIMIT) { 626 kfree(newcon); 627 length = -ERANGE; 628 goto out3; 629 } 630 memcpy(ptr, newcon, len); 631 kfree(newcon); 632 ptr += len; 633 length += len; 634 } 635 out3: 636 kfree(sids); 637 out2: 638 kfree(user); 639 out: 640 kfree(con); 641 return length; 642 } 643 644 static ssize_t sel_write_member(struct file * file, char *buf, size_t size) 645 { 646 char *scon, *tcon; 647 u32 ssid, tsid, newsid; 648 u16 tclass; 649 ssize_t length; 650 char *newcon; 651 u32 len; 652 653 length = task_has_security(current, SECURITY__COMPUTE_MEMBER); 654 if (length) 655 return length; 656 657 length = -ENOMEM; 658 scon = kzalloc(size+1, GFP_KERNEL); 659 if (!scon) 660 return length; 661 662 tcon = kzalloc(size+1, GFP_KERNEL); 663 if (!tcon) 664 goto out; 665 666 length = -EINVAL; 667 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 668 goto out2; 669 670 length = security_context_to_sid(scon, strlen(scon)+1, &ssid); 671 if (length < 0) 672 goto out2; 673 length = security_context_to_sid(tcon, strlen(tcon)+1, &tsid); 674 if (length < 0) 675 goto out2; 676 677 length = security_member_sid(ssid, tsid, tclass, &newsid); 678 if (length < 0) 679 goto out2; 680 681 length = security_sid_to_context(newsid, &newcon, &len); 682 if (length < 0) 683 goto out2; 684 685 if (len > SIMPLE_TRANSACTION_LIMIT) { 686 printk(KERN_ERR "%s: context size (%u) exceeds payload " 687 "max\n", __FUNCTION__, len); 688 length = -ERANGE; 689 goto out3; 690 } 691 692 memcpy(buf, newcon, len); 693 length = len; 694 out3: 695 kfree(newcon); 696 out2: 697 kfree(tcon); 698 out: 699 kfree(scon); 700 return length; 701 } 702 703 static struct inode *sel_make_inode(struct super_block *sb, int mode) 704 { 705 struct inode *ret = new_inode(sb); 706 707 if (ret) { 708 ret->i_mode = mode; 709 ret->i_uid = ret->i_gid = 0; 710 ret->i_blksize = PAGE_CACHE_SIZE; 711 ret->i_blocks = 0; 712 ret->i_atime = ret->i_mtime = ret->i_ctime = CURRENT_TIME; 713 } 714 return ret; 715 } 716 717 #define BOOL_INO_OFFSET 30 718 719 static ssize_t sel_read_bool(struct file *filep, char __user *buf, 720 size_t count, loff_t *ppos) 721 { 722 char *page = NULL; 723 ssize_t length; 724 ssize_t ret; 725 int cur_enforcing; 726 struct inode *inode; 727 728 mutex_lock(&sel_mutex); 729 730 ret = -EFAULT; 731 732 /* check to see if this file has been deleted */ 733 if (!filep->f_op) 734 goto out; 735 736 if (count > PAGE_SIZE) { 737 ret = -EINVAL; 738 goto out; 739 } 740 if (!(page = (char*)get_zeroed_page(GFP_KERNEL))) { 741 ret = -ENOMEM; 742 goto out; 743 } 744 745 inode = filep->f_dentry->d_inode; 746 cur_enforcing = security_get_bool_value(inode->i_ino - BOOL_INO_OFFSET); 747 if (cur_enforcing < 0) { 748 ret = cur_enforcing; 749 goto out; 750 } 751 752 length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing, 753 bool_pending_values[inode->i_ino - BOOL_INO_OFFSET]); 754 ret = simple_read_from_buffer(buf, count, ppos, page, length); 755 out: 756 mutex_unlock(&sel_mutex); 757 if (page) 758 free_page((unsigned long)page); 759 return ret; 760 } 761 762 static ssize_t sel_write_bool(struct file *filep, const char __user *buf, 763 size_t count, loff_t *ppos) 764 { 765 char *page = NULL; 766 ssize_t length = -EFAULT; 767 int new_value; 768 struct inode *inode; 769 770 mutex_lock(&sel_mutex); 771 772 length = task_has_security(current, SECURITY__SETBOOL); 773 if (length) 774 goto out; 775 776 /* check to see if this file has been deleted */ 777 if (!filep->f_op) 778 goto out; 779 780 if (count >= PAGE_SIZE) { 781 length = -ENOMEM; 782 goto out; 783 } 784 if (*ppos != 0) { 785 /* No partial writes. */ 786 goto out; 787 } 788 page = (char*)get_zeroed_page(GFP_KERNEL); 789 if (!page) { 790 length = -ENOMEM; 791 goto out; 792 } 793 794 if (copy_from_user(page, buf, count)) 795 goto out; 796 797 length = -EINVAL; 798 if (sscanf(page, "%d", &new_value) != 1) 799 goto out; 800 801 if (new_value) 802 new_value = 1; 803 804 inode = filep->f_dentry->d_inode; 805 bool_pending_values[inode->i_ino - BOOL_INO_OFFSET] = new_value; 806 length = count; 807 808 out: 809 mutex_unlock(&sel_mutex); 810 if (page) 811 free_page((unsigned long) page); 812 return length; 813 } 814 815 static struct file_operations sel_bool_ops = { 816 .read = sel_read_bool, 817 .write = sel_write_bool, 818 }; 819 820 static ssize_t sel_commit_bools_write(struct file *filep, 821 const char __user *buf, 822 size_t count, loff_t *ppos) 823 { 824 char *page = NULL; 825 ssize_t length = -EFAULT; 826 int new_value; 827 828 mutex_lock(&sel_mutex); 829 830 length = task_has_security(current, SECURITY__SETBOOL); 831 if (length) 832 goto out; 833 834 /* check to see if this file has been deleted */ 835 if (!filep->f_op) 836 goto out; 837 838 if (count >= PAGE_SIZE) { 839 length = -ENOMEM; 840 goto out; 841 } 842 if (*ppos != 0) { 843 /* No partial writes. */ 844 goto out; 845 } 846 page = (char*)get_zeroed_page(GFP_KERNEL); 847 if (!page) { 848 length = -ENOMEM; 849 goto out; 850 } 851 852 if (copy_from_user(page, buf, count)) 853 goto out; 854 855 length = -EINVAL; 856 if (sscanf(page, "%d", &new_value) != 1) 857 goto out; 858 859 if (new_value && bool_pending_values) { 860 security_set_bools(bool_num, bool_pending_values); 861 } 862 863 length = count; 864 865 out: 866 mutex_unlock(&sel_mutex); 867 if (page) 868 free_page((unsigned long) page); 869 return length; 870 } 871 872 static struct file_operations sel_commit_bools_ops = { 873 .write = sel_commit_bools_write, 874 }; 875 876 /* delete booleans - partial revoke() from 877 * fs/proc/generic.c proc_kill_inodes */ 878 static void sel_remove_bools(struct dentry *de) 879 { 880 struct list_head *p, *node; 881 struct super_block *sb = de->d_sb; 882 883 spin_lock(&dcache_lock); 884 node = de->d_subdirs.next; 885 while (node != &de->d_subdirs) { 886 struct dentry *d = list_entry(node, struct dentry, d_u.d_child); 887 list_del_init(node); 888 889 if (d->d_inode) { 890 d = dget_locked(d); 891 spin_unlock(&dcache_lock); 892 d_delete(d); 893 simple_unlink(de->d_inode, d); 894 dput(d); 895 spin_lock(&dcache_lock); 896 } 897 node = de->d_subdirs.next; 898 } 899 900 spin_unlock(&dcache_lock); 901 902 file_list_lock(); 903 list_for_each(p, &sb->s_files) { 904 struct file * filp = list_entry(p, struct file, f_u.fu_list); 905 struct dentry * dentry = filp->f_dentry; 906 907 if (dentry->d_parent != de) { 908 continue; 909 } 910 filp->f_op = NULL; 911 } 912 file_list_unlock(); 913 } 914 915 #define BOOL_DIR_NAME "booleans" 916 917 static int sel_make_bools(void) 918 { 919 int i, ret = 0; 920 ssize_t len; 921 struct dentry *dentry = NULL; 922 struct dentry *dir = bool_dir; 923 struct inode *inode = NULL; 924 struct inode_security_struct *isec; 925 char **names = NULL, *page; 926 int num; 927 int *values = NULL; 928 u32 sid; 929 930 /* remove any existing files */ 931 kfree(bool_pending_values); 932 bool_pending_values = NULL; 933 934 sel_remove_bools(dir); 935 936 if (!(page = (char*)get_zeroed_page(GFP_KERNEL))) 937 return -ENOMEM; 938 939 ret = security_get_bools(&num, &names, &values); 940 if (ret != 0) 941 goto out; 942 943 for (i = 0; i < num; i++) { 944 dentry = d_alloc_name(dir, names[i]); 945 if (!dentry) { 946 ret = -ENOMEM; 947 goto err; 948 } 949 inode = sel_make_inode(dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR); 950 if (!inode) { 951 ret = -ENOMEM; 952 goto err; 953 } 954 955 len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]); 956 if (len < 0) { 957 ret = -EINVAL; 958 goto err; 959 } else if (len >= PAGE_SIZE) { 960 ret = -ENAMETOOLONG; 961 goto err; 962 } 963 isec = (struct inode_security_struct*)inode->i_security; 964 if ((ret = security_genfs_sid("selinuxfs", page, SECCLASS_FILE, &sid))) 965 goto err; 966 isec->sid = sid; 967 isec->initialized = 1; 968 inode->i_fop = &sel_bool_ops; 969 inode->i_ino = i + BOOL_INO_OFFSET; 970 d_add(dentry, inode); 971 } 972 bool_num = num; 973 bool_pending_values = values; 974 out: 975 free_page((unsigned long)page); 976 if (names) { 977 for (i = 0; i < num; i++) 978 kfree(names[i]); 979 kfree(names); 980 } 981 return ret; 982 err: 983 kfree(values); 984 sel_remove_bools(dir); 985 ret = -ENOMEM; 986 goto out; 987 } 988 989 #define NULL_FILE_NAME "null" 990 991 struct dentry *selinux_null = NULL; 992 993 static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf, 994 size_t count, loff_t *ppos) 995 { 996 char tmpbuf[TMPBUFLEN]; 997 ssize_t length; 998 999 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", avc_cache_threshold); 1000 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 1001 } 1002 1003 static ssize_t sel_write_avc_cache_threshold(struct file * file, 1004 const char __user * buf, 1005 size_t count, loff_t *ppos) 1006 1007 { 1008 char *page; 1009 ssize_t ret; 1010 int new_value; 1011 1012 if (count >= PAGE_SIZE) { 1013 ret = -ENOMEM; 1014 goto out; 1015 } 1016 1017 if (*ppos != 0) { 1018 /* No partial writes. */ 1019 ret = -EINVAL; 1020 goto out; 1021 } 1022 1023 page = (char*)get_zeroed_page(GFP_KERNEL); 1024 if (!page) { 1025 ret = -ENOMEM; 1026 goto out; 1027 } 1028 1029 if (copy_from_user(page, buf, count)) { 1030 ret = -EFAULT; 1031 goto out_free; 1032 } 1033 1034 if (sscanf(page, "%u", &new_value) != 1) { 1035 ret = -EINVAL; 1036 goto out; 1037 } 1038 1039 if (new_value != avc_cache_threshold) { 1040 ret = task_has_security(current, SECURITY__SETSECPARAM); 1041 if (ret) 1042 goto out_free; 1043 avc_cache_threshold = new_value; 1044 } 1045 ret = count; 1046 out_free: 1047 free_page((unsigned long)page); 1048 out: 1049 return ret; 1050 } 1051 1052 static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf, 1053 size_t count, loff_t *ppos) 1054 { 1055 char *page; 1056 ssize_t ret = 0; 1057 1058 page = (char *)__get_free_page(GFP_KERNEL); 1059 if (!page) { 1060 ret = -ENOMEM; 1061 goto out; 1062 } 1063 ret = avc_get_hash_stats(page); 1064 if (ret >= 0) 1065 ret = simple_read_from_buffer(buf, count, ppos, page, ret); 1066 free_page((unsigned long)page); 1067 out: 1068 return ret; 1069 } 1070 1071 static struct file_operations sel_avc_cache_threshold_ops = { 1072 .read = sel_read_avc_cache_threshold, 1073 .write = sel_write_avc_cache_threshold, 1074 }; 1075 1076 static struct file_operations sel_avc_hash_stats_ops = { 1077 .read = sel_read_avc_hash_stats, 1078 }; 1079 1080 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 1081 static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx) 1082 { 1083 int cpu; 1084 1085 for (cpu = *idx; cpu < NR_CPUS; ++cpu) { 1086 if (!cpu_possible(cpu)) 1087 continue; 1088 *idx = cpu + 1; 1089 return &per_cpu(avc_cache_stats, cpu); 1090 } 1091 return NULL; 1092 } 1093 1094 static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos) 1095 { 1096 loff_t n = *pos - 1; 1097 1098 if (*pos == 0) 1099 return SEQ_START_TOKEN; 1100 1101 return sel_avc_get_stat_idx(&n); 1102 } 1103 1104 static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos) 1105 { 1106 return sel_avc_get_stat_idx(pos); 1107 } 1108 1109 static int sel_avc_stats_seq_show(struct seq_file *seq, void *v) 1110 { 1111 struct avc_cache_stats *st = v; 1112 1113 if (v == SEQ_START_TOKEN) 1114 seq_printf(seq, "lookups hits misses allocations reclaims " 1115 "frees\n"); 1116 else 1117 seq_printf(seq, "%u %u %u %u %u %u\n", st->lookups, 1118 st->hits, st->misses, st->allocations, 1119 st->reclaims, st->frees); 1120 return 0; 1121 } 1122 1123 static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v) 1124 { } 1125 1126 static struct seq_operations sel_avc_cache_stats_seq_ops = { 1127 .start = sel_avc_stats_seq_start, 1128 .next = sel_avc_stats_seq_next, 1129 .show = sel_avc_stats_seq_show, 1130 .stop = sel_avc_stats_seq_stop, 1131 }; 1132 1133 static int sel_open_avc_cache_stats(struct inode *inode, struct file *file) 1134 { 1135 return seq_open(file, &sel_avc_cache_stats_seq_ops); 1136 } 1137 1138 static struct file_operations sel_avc_cache_stats_ops = { 1139 .open = sel_open_avc_cache_stats, 1140 .read = seq_read, 1141 .llseek = seq_lseek, 1142 .release = seq_release, 1143 }; 1144 #endif 1145 1146 static int sel_make_avc_files(struct dentry *dir) 1147 { 1148 int i, ret = 0; 1149 static struct tree_descr files[] = { 1150 { "cache_threshold", 1151 &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR }, 1152 { "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO }, 1153 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 1154 { "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO }, 1155 #endif 1156 }; 1157 1158 for (i = 0; i < ARRAY_SIZE(files); i++) { 1159 struct inode *inode; 1160 struct dentry *dentry; 1161 1162 dentry = d_alloc_name(dir, files[i].name); 1163 if (!dentry) { 1164 ret = -ENOMEM; 1165 goto out; 1166 } 1167 1168 inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode); 1169 if (!inode) { 1170 ret = -ENOMEM; 1171 goto out; 1172 } 1173 inode->i_fop = files[i].ops; 1174 d_add(dentry, inode); 1175 } 1176 out: 1177 return ret; 1178 } 1179 1180 static int sel_make_dir(struct inode *dir, struct dentry *dentry) 1181 { 1182 int ret = 0; 1183 struct inode *inode; 1184 1185 inode = sel_make_inode(dir->i_sb, S_IFDIR | S_IRUGO | S_IXUGO); 1186 if (!inode) { 1187 ret = -ENOMEM; 1188 goto out; 1189 } 1190 inode->i_op = &simple_dir_inode_operations; 1191 inode->i_fop = &simple_dir_operations; 1192 /* directory inodes start off with i_nlink == 2 (for "." entry) */ 1193 inode->i_nlink++; 1194 d_add(dentry, inode); 1195 /* bump link count on parent directory, too */ 1196 dir->i_nlink++; 1197 out: 1198 return ret; 1199 } 1200 1201 static int sel_fill_super(struct super_block * sb, void * data, int silent) 1202 { 1203 int ret; 1204 struct dentry *dentry; 1205 struct inode *inode, *root_inode; 1206 struct inode_security_struct *isec; 1207 1208 static struct tree_descr selinux_files[] = { 1209 [SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR}, 1210 [SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR}, 1211 [SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO}, 1212 [SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO}, 1213 [SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO}, 1214 [SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO}, 1215 [SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO}, 1216 [SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO}, 1217 [SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR}, 1218 [SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO}, 1219 [SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR}, 1220 [SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO}, 1221 [SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR}, 1222 /* last one */ {""} 1223 }; 1224 ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files); 1225 if (ret) 1226 goto err; 1227 1228 root_inode = sb->s_root->d_inode; 1229 1230 dentry = d_alloc_name(sb->s_root, BOOL_DIR_NAME); 1231 if (!dentry) { 1232 ret = -ENOMEM; 1233 goto err; 1234 } 1235 1236 ret = sel_make_dir(root_inode, dentry); 1237 if (ret) 1238 goto err; 1239 1240 bool_dir = dentry; 1241 1242 dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME); 1243 if (!dentry) { 1244 ret = -ENOMEM; 1245 goto err; 1246 } 1247 1248 inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO); 1249 if (!inode) { 1250 ret = -ENOMEM; 1251 goto err; 1252 } 1253 isec = (struct inode_security_struct*)inode->i_security; 1254 isec->sid = SECINITSID_DEVNULL; 1255 isec->sclass = SECCLASS_CHR_FILE; 1256 isec->initialized = 1; 1257 1258 init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3)); 1259 d_add(dentry, inode); 1260 selinux_null = dentry; 1261 1262 dentry = d_alloc_name(sb->s_root, "avc"); 1263 if (!dentry) { 1264 ret = -ENOMEM; 1265 goto err; 1266 } 1267 1268 ret = sel_make_dir(root_inode, dentry); 1269 if (ret) 1270 goto err; 1271 1272 ret = sel_make_avc_files(dentry); 1273 if (ret) 1274 goto err; 1275 out: 1276 return ret; 1277 err: 1278 printk(KERN_ERR "%s: failed while creating inodes\n", __FUNCTION__); 1279 goto out; 1280 } 1281 1282 static struct super_block *sel_get_sb(struct file_system_type *fs_type, 1283 int flags, const char *dev_name, void *data) 1284 { 1285 return get_sb_single(fs_type, flags, data, sel_fill_super); 1286 } 1287 1288 static struct file_system_type sel_fs_type = { 1289 .name = "selinuxfs", 1290 .get_sb = sel_get_sb, 1291 .kill_sb = kill_litter_super, 1292 }; 1293 1294 struct vfsmount *selinuxfs_mount; 1295 1296 static int __init init_sel_fs(void) 1297 { 1298 int err; 1299 1300 if (!selinux_enabled) 1301 return 0; 1302 err = register_filesystem(&sel_fs_type); 1303 if (!err) { 1304 selinuxfs_mount = kern_mount(&sel_fs_type); 1305 if (IS_ERR(selinuxfs_mount)) { 1306 printk(KERN_ERR "selinuxfs: could not mount!\n"); 1307 err = PTR_ERR(selinuxfs_mount); 1308 selinuxfs_mount = NULL; 1309 } 1310 } 1311 return err; 1312 } 1313 1314 __initcall(init_sel_fs); 1315 1316 #ifdef CONFIG_SECURITY_SELINUX_DISABLE 1317 void exit_sel_fs(void) 1318 { 1319 unregister_filesystem(&sel_fs_type); 1320 } 1321 #endif 1322