1 // SPDX-License-Identifier: GPL-2.0-only 2 /* Updated: Karl MacMillan <kmacmillan@tresys.com> 3 * 4 * Added conditional policy language extensions 5 * 6 * Updated: Hewlett-Packard <paul@paul-moore.com> 7 * 8 * Added support for the policy capability bitmap 9 * 10 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 11 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 12 * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 13 */ 14 15 #include <linux/kernel.h> 16 #include <linux/pagemap.h> 17 #include <linux/slab.h> 18 #include <linux/vmalloc.h> 19 #include <linux/fs.h> 20 #include <linux/fs_context.h> 21 #include <linux/mount.h> 22 #include <linux/mutex.h> 23 #include <linux/namei.h> 24 #include <linux/init.h> 25 #include <linux/string.h> 26 #include <linux/security.h> 27 #include <linux/major.h> 28 #include <linux/seq_file.h> 29 #include <linux/percpu.h> 30 #include <linux/audit.h> 31 #include <linux/uaccess.h> 32 #include <linux/kobject.h> 33 #include <linux/ctype.h> 34 35 /* selinuxfs pseudo filesystem for exporting the security policy API. 36 Based on the proc code and the fs/nfsd/nfsctl.c code. */ 37 38 #include "flask.h" 39 #include "avc.h" 40 #include "avc_ss.h" 41 #include "security.h" 42 #include "objsec.h" 43 #include "conditional.h" 44 #include "ima.h" 45 46 enum sel_inos { 47 SEL_ROOT_INO = 2, 48 SEL_LOAD, /* load policy */ 49 SEL_ENFORCE, /* get or set enforcing status */ 50 SEL_CONTEXT, /* validate context */ 51 SEL_ACCESS, /* compute access decision */ 52 SEL_CREATE, /* compute create labeling decision */ 53 SEL_RELABEL, /* compute relabeling decision */ 54 SEL_USER, /* compute reachable user contexts */ 55 SEL_POLICYVERS, /* return policy version for this kernel */ 56 SEL_COMMIT_BOOLS, /* commit new boolean values */ 57 SEL_MLS, /* return if MLS policy is enabled */ 58 SEL_DISABLE, /* disable SELinux until next reboot */ 59 SEL_MEMBER, /* compute polyinstantiation membership decision */ 60 SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */ 61 SEL_COMPAT_NET, /* whether to use old compat network packet controls */ 62 SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */ 63 SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */ 64 SEL_STATUS, /* export current status using mmap() */ 65 SEL_POLICY, /* allow userspace to read the in kernel policy */ 66 SEL_VALIDATE_TRANS, /* compute validatetrans decision */ 67 SEL_INO_NEXT, /* The next inode number to use */ 68 }; 69 70 struct selinux_fs_info { 71 struct dentry *bool_dir; 72 unsigned int bool_num; 73 char **bool_pending_names; 74 int *bool_pending_values; 75 struct dentry *class_dir; 76 unsigned long last_class_ino; 77 bool policy_opened; 78 struct dentry *policycap_dir; 79 unsigned long last_ino; 80 struct super_block *sb; 81 }; 82 83 static int selinux_fs_info_create(struct super_block *sb) 84 { 85 struct selinux_fs_info *fsi; 86 87 fsi = kzalloc(sizeof(*fsi), GFP_KERNEL); 88 if (!fsi) 89 return -ENOMEM; 90 91 fsi->last_ino = SEL_INO_NEXT - 1; 92 fsi->sb = sb; 93 sb->s_fs_info = fsi; 94 return 0; 95 } 96 97 static void selinux_fs_info_free(struct super_block *sb) 98 { 99 struct selinux_fs_info *fsi = sb->s_fs_info; 100 unsigned int i; 101 102 if (fsi) { 103 for (i = 0; i < fsi->bool_num; i++) 104 kfree(fsi->bool_pending_names[i]); 105 kfree(fsi->bool_pending_names); 106 kfree(fsi->bool_pending_values); 107 } 108 kfree(sb->s_fs_info); 109 sb->s_fs_info = NULL; 110 } 111 112 #define SEL_INITCON_INO_OFFSET 0x01000000 113 #define SEL_BOOL_INO_OFFSET 0x02000000 114 #define SEL_CLASS_INO_OFFSET 0x04000000 115 #define SEL_POLICYCAP_INO_OFFSET 0x08000000 116 #define SEL_INO_MASK 0x00ffffff 117 118 #define BOOL_DIR_NAME "booleans" 119 #define CLASS_DIR_NAME "class" 120 #define POLICYCAP_DIR_NAME "policy_capabilities" 121 122 #define TMPBUFLEN 12 123 static ssize_t sel_read_enforce(struct file *filp, char __user *buf, 124 size_t count, loff_t *ppos) 125 { 126 char tmpbuf[TMPBUFLEN]; 127 ssize_t length; 128 129 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", 130 enforcing_enabled()); 131 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 132 } 133 134 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP 135 static ssize_t sel_write_enforce(struct file *file, const char __user *buf, 136 size_t count, loff_t *ppos) 137 138 { 139 char *page = NULL; 140 ssize_t length; 141 int scan_value; 142 bool old_value, new_value; 143 144 if (count >= PAGE_SIZE) 145 return -ENOMEM; 146 147 /* No partial writes. */ 148 if (*ppos != 0) 149 return -EINVAL; 150 151 page = memdup_user_nul(buf, count); 152 if (IS_ERR(page)) 153 return PTR_ERR(page); 154 155 length = -EINVAL; 156 if (sscanf(page, "%d", &scan_value) != 1) 157 goto out; 158 159 new_value = !!scan_value; 160 161 old_value = enforcing_enabled(); 162 if (new_value != old_value) { 163 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 164 SECCLASS_SECURITY, SECURITY__SETENFORCE, 165 NULL); 166 if (length) 167 goto out; 168 audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS, 169 "enforcing=%d old_enforcing=%d auid=%u ses=%u" 170 " enabled=1 old-enabled=1 lsm=selinux res=1", 171 new_value, old_value, 172 from_kuid(&init_user_ns, audit_get_loginuid(current)), 173 audit_get_sessionid(current)); 174 enforcing_set(new_value); 175 if (new_value) 176 avc_ss_reset(0); 177 selnl_notify_setenforce(new_value); 178 selinux_status_update_setenforce(new_value); 179 if (!new_value) 180 call_blocking_lsm_notifier(LSM_POLICY_CHANGE, NULL); 181 182 selinux_ima_measure_state(); 183 } 184 length = count; 185 out: 186 kfree(page); 187 return length; 188 } 189 #else 190 #define sel_write_enforce NULL 191 #endif 192 193 static const struct file_operations sel_enforce_ops = { 194 .read = sel_read_enforce, 195 .write = sel_write_enforce, 196 .llseek = generic_file_llseek, 197 }; 198 199 static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf, 200 size_t count, loff_t *ppos) 201 { 202 char tmpbuf[TMPBUFLEN]; 203 ssize_t length; 204 ino_t ino = file_inode(filp)->i_ino; 205 int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ? 206 security_get_reject_unknown() : 207 !security_get_allow_unknown(); 208 209 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown); 210 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 211 } 212 213 static const struct file_operations sel_handle_unknown_ops = { 214 .read = sel_read_handle_unknown, 215 .llseek = generic_file_llseek, 216 }; 217 218 static int sel_open_handle_status(struct inode *inode, struct file *filp) 219 { 220 struct page *status = selinux_kernel_status_page(); 221 222 if (!status) 223 return -ENOMEM; 224 225 filp->private_data = status; 226 227 return 0; 228 } 229 230 static ssize_t sel_read_handle_status(struct file *filp, char __user *buf, 231 size_t count, loff_t *ppos) 232 { 233 struct page *status = filp->private_data; 234 235 BUG_ON(!status); 236 237 return simple_read_from_buffer(buf, count, ppos, 238 page_address(status), 239 sizeof(struct selinux_kernel_status)); 240 } 241 242 static int sel_mmap_handle_status(struct file *filp, 243 struct vm_area_struct *vma) 244 { 245 struct page *status = filp->private_data; 246 unsigned long size = vma->vm_end - vma->vm_start; 247 248 BUG_ON(!status); 249 250 /* only allows one page from the head */ 251 if (vma->vm_pgoff > 0 || size != PAGE_SIZE) 252 return -EIO; 253 /* disallow writable mapping */ 254 if (vma->vm_flags & VM_WRITE) 255 return -EPERM; 256 /* disallow mprotect() turns it into writable */ 257 vm_flags_clear(vma, VM_MAYWRITE); 258 259 return remap_pfn_range(vma, vma->vm_start, 260 page_to_pfn(status), 261 size, vma->vm_page_prot); 262 } 263 264 static const struct file_operations sel_handle_status_ops = { 265 .open = sel_open_handle_status, 266 .read = sel_read_handle_status, 267 .mmap = sel_mmap_handle_status, 268 .llseek = generic_file_llseek, 269 }; 270 271 static ssize_t sel_write_disable(struct file *file, const char __user *buf, 272 size_t count, loff_t *ppos) 273 274 { 275 char *page; 276 ssize_t length; 277 int new_value; 278 279 if (count >= PAGE_SIZE) 280 return -ENOMEM; 281 282 /* No partial writes. */ 283 if (*ppos != 0) 284 return -EINVAL; 285 286 page = memdup_user_nul(buf, count); 287 if (IS_ERR(page)) 288 return PTR_ERR(page); 289 290 if (sscanf(page, "%d", &new_value) != 1) { 291 length = -EINVAL; 292 goto out; 293 } 294 length = count; 295 296 if (new_value) { 297 pr_err("SELinux: https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-runtime-disable\n"); 298 pr_err("SELinux: Runtime disable is not supported, use selinux=0 on the kernel cmdline.\n"); 299 } 300 301 out: 302 kfree(page); 303 return length; 304 } 305 306 static const struct file_operations sel_disable_ops = { 307 .write = sel_write_disable, 308 .llseek = generic_file_llseek, 309 }; 310 311 static ssize_t sel_read_policyvers(struct file *filp, char __user *buf, 312 size_t count, loff_t *ppos) 313 { 314 char tmpbuf[TMPBUFLEN]; 315 ssize_t length; 316 317 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX); 318 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 319 } 320 321 static const struct file_operations sel_policyvers_ops = { 322 .read = sel_read_policyvers, 323 .llseek = generic_file_llseek, 324 }; 325 326 /* declaration for sel_write_load */ 327 static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_dir, 328 unsigned int *bool_num, char ***bool_pending_names, 329 int **bool_pending_values); 330 static int sel_make_classes(struct selinux_policy *newpolicy, 331 struct dentry *class_dir, 332 unsigned long *last_class_ino); 333 334 /* declaration for sel_make_class_dirs */ 335 static struct dentry *sel_make_dir(struct dentry *dir, const char *name, 336 unsigned long *ino); 337 338 /* declaration for sel_make_policy_nodes */ 339 static struct dentry *sel_make_swapover_dir(struct super_block *sb, 340 unsigned long *ino); 341 342 static ssize_t sel_read_mls(struct file *filp, char __user *buf, 343 size_t count, loff_t *ppos) 344 { 345 char tmpbuf[TMPBUFLEN]; 346 ssize_t length; 347 348 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", 349 security_mls_enabled()); 350 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 351 } 352 353 static const struct file_operations sel_mls_ops = { 354 .read = sel_read_mls, 355 .llseek = generic_file_llseek, 356 }; 357 358 struct policy_load_memory { 359 size_t len; 360 void *data; 361 }; 362 363 static int sel_open_policy(struct inode *inode, struct file *filp) 364 { 365 struct selinux_fs_info *fsi = inode->i_sb->s_fs_info; 366 struct policy_load_memory *plm = NULL; 367 int rc; 368 369 BUG_ON(filp->private_data); 370 371 mutex_lock(&selinux_state.policy_mutex); 372 373 rc = avc_has_perm(current_sid(), SECINITSID_SECURITY, 374 SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL); 375 if (rc) 376 goto err; 377 378 rc = -EBUSY; 379 if (fsi->policy_opened) 380 goto err; 381 382 rc = -ENOMEM; 383 plm = kzalloc(sizeof(*plm), GFP_KERNEL); 384 if (!plm) 385 goto err; 386 387 rc = security_read_policy(&plm->data, &plm->len); 388 if (rc) 389 goto err; 390 391 if ((size_t)i_size_read(inode) != plm->len) { 392 inode_lock(inode); 393 i_size_write(inode, plm->len); 394 inode_unlock(inode); 395 } 396 397 fsi->policy_opened = 1; 398 399 filp->private_data = plm; 400 401 mutex_unlock(&selinux_state.policy_mutex); 402 403 return 0; 404 err: 405 mutex_unlock(&selinux_state.policy_mutex); 406 407 if (plm) 408 vfree(plm->data); 409 kfree(plm); 410 return rc; 411 } 412 413 static int sel_release_policy(struct inode *inode, struct file *filp) 414 { 415 struct selinux_fs_info *fsi = inode->i_sb->s_fs_info; 416 struct policy_load_memory *plm = filp->private_data; 417 418 BUG_ON(!plm); 419 420 fsi->policy_opened = 0; 421 422 vfree(plm->data); 423 kfree(plm); 424 425 return 0; 426 } 427 428 static ssize_t sel_read_policy(struct file *filp, char __user *buf, 429 size_t count, loff_t *ppos) 430 { 431 struct policy_load_memory *plm = filp->private_data; 432 int ret; 433 434 ret = avc_has_perm(current_sid(), SECINITSID_SECURITY, 435 SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL); 436 if (ret) 437 return ret; 438 439 return simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); 440 } 441 442 static vm_fault_t sel_mmap_policy_fault(struct vm_fault *vmf) 443 { 444 struct policy_load_memory *plm = vmf->vma->vm_file->private_data; 445 unsigned long offset; 446 struct page *page; 447 448 if (vmf->flags & (FAULT_FLAG_MKWRITE | FAULT_FLAG_WRITE)) 449 return VM_FAULT_SIGBUS; 450 451 offset = vmf->pgoff << PAGE_SHIFT; 452 if (offset >= roundup(plm->len, PAGE_SIZE)) 453 return VM_FAULT_SIGBUS; 454 455 page = vmalloc_to_page(plm->data + offset); 456 get_page(page); 457 458 vmf->page = page; 459 460 return 0; 461 } 462 463 static const struct vm_operations_struct sel_mmap_policy_ops = { 464 .fault = sel_mmap_policy_fault, 465 .page_mkwrite = sel_mmap_policy_fault, 466 }; 467 468 static int sel_mmap_policy(struct file *filp, struct vm_area_struct *vma) 469 { 470 if (vma->vm_flags & VM_SHARED) { 471 /* do not allow mprotect to make mapping writable */ 472 vm_flags_clear(vma, VM_MAYWRITE); 473 474 if (vma->vm_flags & VM_WRITE) 475 return -EACCES; 476 } 477 478 vm_flags_set(vma, VM_DONTEXPAND | VM_DONTDUMP); 479 vma->vm_ops = &sel_mmap_policy_ops; 480 481 return 0; 482 } 483 484 static const struct file_operations sel_policy_ops = { 485 .open = sel_open_policy, 486 .read = sel_read_policy, 487 .mmap = sel_mmap_policy, 488 .release = sel_release_policy, 489 .llseek = generic_file_llseek, 490 }; 491 492 static void sel_remove_old_bool_data(unsigned int bool_num, char **bool_names, 493 int *bool_values) 494 { 495 u32 i; 496 497 /* bool_dir cleanup */ 498 for (i = 0; i < bool_num; i++) 499 kfree(bool_names[i]); 500 kfree(bool_names); 501 kfree(bool_values); 502 } 503 504 static int sel_make_policy_nodes(struct selinux_fs_info *fsi, 505 struct selinux_policy *newpolicy) 506 { 507 int ret = 0; 508 struct dentry *tmp_parent, *tmp_bool_dir, *tmp_class_dir; 509 unsigned int bool_num = 0; 510 char **bool_names = NULL; 511 int *bool_values = NULL; 512 unsigned long tmp_ino = fsi->last_ino; /* Don't increment last_ino in this function */ 513 514 tmp_parent = sel_make_swapover_dir(fsi->sb, &tmp_ino); 515 if (IS_ERR(tmp_parent)) 516 return PTR_ERR(tmp_parent); 517 518 tmp_ino = fsi->bool_dir->d_inode->i_ino - 1; /* sel_make_dir will increment and set */ 519 tmp_bool_dir = sel_make_dir(tmp_parent, BOOL_DIR_NAME, &tmp_ino); 520 if (IS_ERR(tmp_bool_dir)) { 521 ret = PTR_ERR(tmp_bool_dir); 522 goto out; 523 } 524 525 tmp_ino = fsi->class_dir->d_inode->i_ino - 1; /* sel_make_dir will increment and set */ 526 tmp_class_dir = sel_make_dir(tmp_parent, CLASS_DIR_NAME, &tmp_ino); 527 if (IS_ERR(tmp_class_dir)) { 528 ret = PTR_ERR(tmp_class_dir); 529 goto out; 530 } 531 532 ret = sel_make_bools(newpolicy, tmp_bool_dir, &bool_num, 533 &bool_names, &bool_values); 534 if (ret) 535 goto out; 536 537 ret = sel_make_classes(newpolicy, tmp_class_dir, 538 &fsi->last_class_ino); 539 if (ret) 540 goto out; 541 542 lock_rename(tmp_parent, fsi->sb->s_root); 543 544 /* booleans */ 545 d_exchange(tmp_bool_dir, fsi->bool_dir); 546 547 swap(fsi->bool_num, bool_num); 548 swap(fsi->bool_pending_names, bool_names); 549 swap(fsi->bool_pending_values, bool_values); 550 551 fsi->bool_dir = tmp_bool_dir; 552 553 /* classes */ 554 d_exchange(tmp_class_dir, fsi->class_dir); 555 fsi->class_dir = tmp_class_dir; 556 557 unlock_rename(tmp_parent, fsi->sb->s_root); 558 559 out: 560 sel_remove_old_bool_data(bool_num, bool_names, bool_values); 561 /* Since the other temporary dirs are children of tmp_parent 562 * this will handle all the cleanup in the case of a failure before 563 * the swapover 564 */ 565 simple_recursive_removal(tmp_parent, NULL); 566 567 return ret; 568 } 569 570 static ssize_t sel_write_load(struct file *file, const char __user *buf, 571 size_t count, loff_t *ppos) 572 573 { 574 struct selinux_fs_info *fsi; 575 struct selinux_load_state load_state; 576 ssize_t length; 577 void *data = NULL; 578 579 /* no partial writes */ 580 if (*ppos) 581 return -EINVAL; 582 /* no empty policies */ 583 if (!count) 584 return -EINVAL; 585 586 mutex_lock(&selinux_state.policy_mutex); 587 588 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 589 SECCLASS_SECURITY, SECURITY__LOAD_POLICY, NULL); 590 if (length) 591 goto out; 592 593 data = vmalloc(count); 594 if (!data) { 595 length = -ENOMEM; 596 goto out; 597 } 598 if (copy_from_user(data, buf, count) != 0) { 599 length = -EFAULT; 600 goto out; 601 } 602 603 length = security_load_policy(data, count, &load_state); 604 if (length) { 605 pr_warn_ratelimited("SELinux: failed to load policy\n"); 606 goto out; 607 } 608 fsi = file_inode(file)->i_sb->s_fs_info; 609 length = sel_make_policy_nodes(fsi, load_state.policy); 610 if (length) { 611 pr_warn_ratelimited("SELinux: failed to initialize selinuxfs\n"); 612 selinux_policy_cancel(&load_state); 613 goto out; 614 } 615 616 selinux_policy_commit(&load_state); 617 length = count; 618 audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, 619 "auid=%u ses=%u lsm=selinux res=1", 620 from_kuid(&init_user_ns, audit_get_loginuid(current)), 621 audit_get_sessionid(current)); 622 623 out: 624 mutex_unlock(&selinux_state.policy_mutex); 625 vfree(data); 626 return length; 627 } 628 629 static const struct file_operations sel_load_ops = { 630 .write = sel_write_load, 631 .llseek = generic_file_llseek, 632 }; 633 634 static ssize_t sel_write_context(struct file *file, char *buf, size_t size) 635 { 636 char *canon = NULL; 637 u32 sid, len; 638 ssize_t length; 639 640 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 641 SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, NULL); 642 if (length) 643 goto out; 644 645 length = security_context_to_sid(buf, size, &sid, GFP_KERNEL); 646 if (length) 647 goto out; 648 649 length = security_sid_to_context(sid, &canon, &len); 650 if (length) 651 goto out; 652 653 length = -ERANGE; 654 if (len > SIMPLE_TRANSACTION_LIMIT) { 655 pr_err("SELinux: %s: context size (%u) exceeds " 656 "payload max\n", __func__, len); 657 goto out; 658 } 659 660 memcpy(buf, canon, len); 661 length = len; 662 out: 663 kfree(canon); 664 return length; 665 } 666 667 static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf, 668 size_t count, loff_t *ppos) 669 { 670 char tmpbuf[TMPBUFLEN]; 671 ssize_t length; 672 673 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", 674 checkreqprot_get()); 675 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 676 } 677 678 static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, 679 size_t count, loff_t *ppos) 680 { 681 char *page; 682 ssize_t length; 683 unsigned int new_value; 684 685 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 686 SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT, 687 NULL); 688 if (length) 689 return length; 690 691 if (count >= PAGE_SIZE) 692 return -ENOMEM; 693 694 /* No partial writes. */ 695 if (*ppos != 0) 696 return -EINVAL; 697 698 page = memdup_user_nul(buf, count); 699 if (IS_ERR(page)) 700 return PTR_ERR(page); 701 702 if (sscanf(page, "%u", &new_value) != 1) { 703 length = -EINVAL; 704 goto out; 705 } 706 length = count; 707 708 if (new_value) { 709 char comm[sizeof(current->comm)]; 710 711 memcpy(comm, current->comm, sizeof(comm)); 712 pr_err("SELinux: %s (%d) set checkreqprot to 1. This is no longer supported.\n", 713 comm, current->pid); 714 } 715 716 selinux_ima_measure_state(); 717 718 out: 719 kfree(page); 720 return length; 721 } 722 static const struct file_operations sel_checkreqprot_ops = { 723 .read = sel_read_checkreqprot, 724 .write = sel_write_checkreqprot, 725 .llseek = generic_file_llseek, 726 }; 727 728 static ssize_t sel_write_validatetrans(struct file *file, 729 const char __user *buf, 730 size_t count, loff_t *ppos) 731 { 732 char *oldcon = NULL, *newcon = NULL, *taskcon = NULL; 733 char *req = NULL; 734 u32 osid, nsid, tsid; 735 u16 tclass; 736 int rc; 737 738 rc = avc_has_perm(current_sid(), SECINITSID_SECURITY, 739 SECCLASS_SECURITY, SECURITY__VALIDATE_TRANS, NULL); 740 if (rc) 741 goto out; 742 743 rc = -ENOMEM; 744 if (count >= PAGE_SIZE) 745 goto out; 746 747 /* No partial writes. */ 748 rc = -EINVAL; 749 if (*ppos != 0) 750 goto out; 751 752 req = memdup_user_nul(buf, count); 753 if (IS_ERR(req)) { 754 rc = PTR_ERR(req); 755 req = NULL; 756 goto out; 757 } 758 759 rc = -ENOMEM; 760 oldcon = kzalloc(count + 1, GFP_KERNEL); 761 if (!oldcon) 762 goto out; 763 764 newcon = kzalloc(count + 1, GFP_KERNEL); 765 if (!newcon) 766 goto out; 767 768 taskcon = kzalloc(count + 1, GFP_KERNEL); 769 if (!taskcon) 770 goto out; 771 772 rc = -EINVAL; 773 if (sscanf(req, "%s %s %hu %s", oldcon, newcon, &tclass, taskcon) != 4) 774 goto out; 775 776 rc = security_context_str_to_sid(oldcon, &osid, GFP_KERNEL); 777 if (rc) 778 goto out; 779 780 rc = security_context_str_to_sid(newcon, &nsid, GFP_KERNEL); 781 if (rc) 782 goto out; 783 784 rc = security_context_str_to_sid(taskcon, &tsid, GFP_KERNEL); 785 if (rc) 786 goto out; 787 788 rc = security_validate_transition_user(osid, nsid, tsid, tclass); 789 if (!rc) 790 rc = count; 791 out: 792 kfree(req); 793 kfree(oldcon); 794 kfree(newcon); 795 kfree(taskcon); 796 return rc; 797 } 798 799 static const struct file_operations sel_transition_ops = { 800 .write = sel_write_validatetrans, 801 .llseek = generic_file_llseek, 802 }; 803 804 /* 805 * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c 806 */ 807 static ssize_t sel_write_access(struct file *file, char *buf, size_t size); 808 static ssize_t sel_write_create(struct file *file, char *buf, size_t size); 809 static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size); 810 static ssize_t sel_write_user(struct file *file, char *buf, size_t size); 811 static ssize_t sel_write_member(struct file *file, char *buf, size_t size); 812 813 static ssize_t (*const write_op[])(struct file *, char *, size_t) = { 814 [SEL_ACCESS] = sel_write_access, 815 [SEL_CREATE] = sel_write_create, 816 [SEL_RELABEL] = sel_write_relabel, 817 [SEL_USER] = sel_write_user, 818 [SEL_MEMBER] = sel_write_member, 819 [SEL_CONTEXT] = sel_write_context, 820 }; 821 822 static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos) 823 { 824 ino_t ino = file_inode(file)->i_ino; 825 char *data; 826 ssize_t rv; 827 828 if (ino >= ARRAY_SIZE(write_op) || !write_op[ino]) 829 return -EINVAL; 830 831 data = simple_transaction_get(file, buf, size); 832 if (IS_ERR(data)) 833 return PTR_ERR(data); 834 835 rv = write_op[ino](file, data, size); 836 if (rv > 0) { 837 simple_transaction_set(file, rv); 838 rv = size; 839 } 840 return rv; 841 } 842 843 static const struct file_operations transaction_ops = { 844 .write = selinux_transaction_write, 845 .read = simple_transaction_read, 846 .release = simple_transaction_release, 847 .llseek = generic_file_llseek, 848 }; 849 850 /* 851 * payload - write methods 852 * If the method has a response, the response should be put in buf, 853 * and the length returned. Otherwise return 0 or and -error. 854 */ 855 856 static ssize_t sel_write_access(struct file *file, char *buf, size_t size) 857 { 858 char *scon = NULL, *tcon = NULL; 859 u32 ssid, tsid; 860 u16 tclass; 861 struct av_decision avd; 862 ssize_t length; 863 864 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 865 SECCLASS_SECURITY, SECURITY__COMPUTE_AV, NULL); 866 if (length) 867 goto out; 868 869 length = -ENOMEM; 870 scon = kzalloc(size + 1, GFP_KERNEL); 871 if (!scon) 872 goto out; 873 874 length = -ENOMEM; 875 tcon = kzalloc(size + 1, GFP_KERNEL); 876 if (!tcon) 877 goto out; 878 879 length = -EINVAL; 880 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 881 goto out; 882 883 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL); 884 if (length) 885 goto out; 886 887 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL); 888 if (length) 889 goto out; 890 891 security_compute_av_user(ssid, tsid, tclass, &avd); 892 893 length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT, 894 "%x %x %x %x %u %x", 895 avd.allowed, 0xffffffff, 896 avd.auditallow, avd.auditdeny, 897 avd.seqno, avd.flags); 898 out: 899 kfree(tcon); 900 kfree(scon); 901 return length; 902 } 903 904 static ssize_t sel_write_create(struct file *file, char *buf, size_t size) 905 { 906 char *scon = NULL, *tcon = NULL; 907 char *namebuf = NULL, *objname = NULL; 908 u32 ssid, tsid, newsid; 909 u16 tclass; 910 ssize_t length; 911 char *newcon = NULL; 912 u32 len; 913 int nargs; 914 915 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 916 SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, 917 NULL); 918 if (length) 919 goto out; 920 921 length = -ENOMEM; 922 scon = kzalloc(size + 1, GFP_KERNEL); 923 if (!scon) 924 goto out; 925 926 length = -ENOMEM; 927 tcon = kzalloc(size + 1, GFP_KERNEL); 928 if (!tcon) 929 goto out; 930 931 length = -ENOMEM; 932 namebuf = kzalloc(size + 1, GFP_KERNEL); 933 if (!namebuf) 934 goto out; 935 936 length = -EINVAL; 937 nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf); 938 if (nargs < 3 || nargs > 4) 939 goto out; 940 if (nargs == 4) { 941 /* 942 * If and when the name of new object to be queried contains 943 * either whitespace or multibyte characters, they shall be 944 * encoded based on the percentage-encoding rule. 945 * If not encoded, the sscanf logic picks up only left-half 946 * of the supplied name; split by a whitespace unexpectedly. 947 */ 948 char *r, *w; 949 int c1, c2; 950 951 r = w = namebuf; 952 do { 953 c1 = *r++; 954 if (c1 == '+') 955 c1 = ' '; 956 else if (c1 == '%') { 957 c1 = hex_to_bin(*r++); 958 if (c1 < 0) 959 goto out; 960 c2 = hex_to_bin(*r++); 961 if (c2 < 0) 962 goto out; 963 c1 = (c1 << 4) | c2; 964 } 965 *w++ = c1; 966 } while (c1 != '\0'); 967 968 objname = namebuf; 969 } 970 971 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL); 972 if (length) 973 goto out; 974 975 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL); 976 if (length) 977 goto out; 978 979 length = security_transition_sid_user(ssid, tsid, tclass, 980 objname, &newsid); 981 if (length) 982 goto out; 983 984 length = security_sid_to_context(newsid, &newcon, &len); 985 if (length) 986 goto out; 987 988 length = -ERANGE; 989 if (len > SIMPLE_TRANSACTION_LIMIT) { 990 pr_err("SELinux: %s: context size (%u) exceeds " 991 "payload max\n", __func__, len); 992 goto out; 993 } 994 995 memcpy(buf, newcon, len); 996 length = len; 997 out: 998 kfree(newcon); 999 kfree(namebuf); 1000 kfree(tcon); 1001 kfree(scon); 1002 return length; 1003 } 1004 1005 static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size) 1006 { 1007 char *scon = NULL, *tcon = NULL; 1008 u32 ssid, tsid, newsid; 1009 u16 tclass; 1010 ssize_t length; 1011 char *newcon = NULL; 1012 u32 len; 1013 1014 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1015 SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, 1016 NULL); 1017 if (length) 1018 goto out; 1019 1020 length = -ENOMEM; 1021 scon = kzalloc(size + 1, GFP_KERNEL); 1022 if (!scon) 1023 goto out; 1024 1025 length = -ENOMEM; 1026 tcon = kzalloc(size + 1, GFP_KERNEL); 1027 if (!tcon) 1028 goto out; 1029 1030 length = -EINVAL; 1031 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 1032 goto out; 1033 1034 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL); 1035 if (length) 1036 goto out; 1037 1038 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL); 1039 if (length) 1040 goto out; 1041 1042 length = security_change_sid(ssid, tsid, tclass, &newsid); 1043 if (length) 1044 goto out; 1045 1046 length = security_sid_to_context(newsid, &newcon, &len); 1047 if (length) 1048 goto out; 1049 1050 length = -ERANGE; 1051 if (len > SIMPLE_TRANSACTION_LIMIT) 1052 goto out; 1053 1054 memcpy(buf, newcon, len); 1055 length = len; 1056 out: 1057 kfree(newcon); 1058 kfree(tcon); 1059 kfree(scon); 1060 return length; 1061 } 1062 1063 static ssize_t sel_write_user(struct file *file, char *buf, size_t size) 1064 { 1065 char *con = NULL, *user = NULL, *ptr; 1066 u32 sid, *sids = NULL; 1067 ssize_t length; 1068 char *newcon; 1069 int rc; 1070 u32 i, len, nsids; 1071 1072 pr_warn_ratelimited("SELinux: %s (%d) wrote to /sys/fs/selinux/user!" 1073 " This will not be supported in the future; please update your" 1074 " userspace.\n", current->comm, current->pid); 1075 1076 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1077 SECCLASS_SECURITY, SECURITY__COMPUTE_USER, 1078 NULL); 1079 if (length) 1080 goto out; 1081 1082 length = -ENOMEM; 1083 con = kzalloc(size + 1, GFP_KERNEL); 1084 if (!con) 1085 goto out; 1086 1087 length = -ENOMEM; 1088 user = kzalloc(size + 1, GFP_KERNEL); 1089 if (!user) 1090 goto out; 1091 1092 length = -EINVAL; 1093 if (sscanf(buf, "%s %s", con, user) != 2) 1094 goto out; 1095 1096 length = security_context_str_to_sid(con, &sid, GFP_KERNEL); 1097 if (length) 1098 goto out; 1099 1100 length = security_get_user_sids(sid, user, &sids, &nsids); 1101 if (length) 1102 goto out; 1103 1104 length = sprintf(buf, "%u", nsids) + 1; 1105 ptr = buf + length; 1106 for (i = 0; i < nsids; i++) { 1107 rc = security_sid_to_context(sids[i], &newcon, &len); 1108 if (rc) { 1109 length = rc; 1110 goto out; 1111 } 1112 if ((length + len) >= SIMPLE_TRANSACTION_LIMIT) { 1113 kfree(newcon); 1114 length = -ERANGE; 1115 goto out; 1116 } 1117 memcpy(ptr, newcon, len); 1118 kfree(newcon); 1119 ptr += len; 1120 length += len; 1121 } 1122 out: 1123 kfree(sids); 1124 kfree(user); 1125 kfree(con); 1126 return length; 1127 } 1128 1129 static ssize_t sel_write_member(struct file *file, char *buf, size_t size) 1130 { 1131 char *scon = NULL, *tcon = NULL; 1132 u32 ssid, tsid, newsid; 1133 u16 tclass; 1134 ssize_t length; 1135 char *newcon = NULL; 1136 u32 len; 1137 1138 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1139 SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, 1140 NULL); 1141 if (length) 1142 goto out; 1143 1144 length = -ENOMEM; 1145 scon = kzalloc(size + 1, GFP_KERNEL); 1146 if (!scon) 1147 goto out; 1148 1149 length = -ENOMEM; 1150 tcon = kzalloc(size + 1, GFP_KERNEL); 1151 if (!tcon) 1152 goto out; 1153 1154 length = -EINVAL; 1155 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 1156 goto out; 1157 1158 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL); 1159 if (length) 1160 goto out; 1161 1162 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL); 1163 if (length) 1164 goto out; 1165 1166 length = security_member_sid(ssid, tsid, tclass, &newsid); 1167 if (length) 1168 goto out; 1169 1170 length = security_sid_to_context(newsid, &newcon, &len); 1171 if (length) 1172 goto out; 1173 1174 length = -ERANGE; 1175 if (len > SIMPLE_TRANSACTION_LIMIT) { 1176 pr_err("SELinux: %s: context size (%u) exceeds " 1177 "payload max\n", __func__, len); 1178 goto out; 1179 } 1180 1181 memcpy(buf, newcon, len); 1182 length = len; 1183 out: 1184 kfree(newcon); 1185 kfree(tcon); 1186 kfree(scon); 1187 return length; 1188 } 1189 1190 static struct inode *sel_make_inode(struct super_block *sb, umode_t mode) 1191 { 1192 struct inode *ret = new_inode(sb); 1193 1194 if (ret) { 1195 ret->i_mode = mode; 1196 simple_inode_init_ts(ret); 1197 } 1198 return ret; 1199 } 1200 1201 static ssize_t sel_read_bool(struct file *filep, char __user *buf, 1202 size_t count, loff_t *ppos) 1203 { 1204 struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info; 1205 char *page = NULL; 1206 ssize_t length; 1207 ssize_t ret; 1208 int cur_enforcing; 1209 unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; 1210 const char *name = filep->f_path.dentry->d_name.name; 1211 1212 mutex_lock(&selinux_state.policy_mutex); 1213 1214 ret = -EINVAL; 1215 if (index >= fsi->bool_num || strcmp(name, 1216 fsi->bool_pending_names[index])) 1217 goto out_unlock; 1218 1219 ret = -ENOMEM; 1220 page = (char *)get_zeroed_page(GFP_KERNEL); 1221 if (!page) 1222 goto out_unlock; 1223 1224 cur_enforcing = security_get_bool_value(index); 1225 if (cur_enforcing < 0) { 1226 ret = cur_enforcing; 1227 goto out_unlock; 1228 } 1229 length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing, 1230 fsi->bool_pending_values[index]); 1231 mutex_unlock(&selinux_state.policy_mutex); 1232 ret = simple_read_from_buffer(buf, count, ppos, page, length); 1233 out_free: 1234 free_page((unsigned long)page); 1235 return ret; 1236 1237 out_unlock: 1238 mutex_unlock(&selinux_state.policy_mutex); 1239 goto out_free; 1240 } 1241 1242 static ssize_t sel_write_bool(struct file *filep, const char __user *buf, 1243 size_t count, loff_t *ppos) 1244 { 1245 struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info; 1246 char *page = NULL; 1247 ssize_t length; 1248 int new_value; 1249 unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; 1250 const char *name = filep->f_path.dentry->d_name.name; 1251 1252 if (count >= PAGE_SIZE) 1253 return -ENOMEM; 1254 1255 /* No partial writes. */ 1256 if (*ppos != 0) 1257 return -EINVAL; 1258 1259 page = memdup_user_nul(buf, count); 1260 if (IS_ERR(page)) 1261 return PTR_ERR(page); 1262 1263 mutex_lock(&selinux_state.policy_mutex); 1264 1265 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1266 SECCLASS_SECURITY, SECURITY__SETBOOL, 1267 NULL); 1268 if (length) 1269 goto out; 1270 1271 length = -EINVAL; 1272 if (index >= fsi->bool_num || strcmp(name, 1273 fsi->bool_pending_names[index])) 1274 goto out; 1275 1276 length = -EINVAL; 1277 if (sscanf(page, "%d", &new_value) != 1) 1278 goto out; 1279 1280 if (new_value) 1281 new_value = 1; 1282 1283 fsi->bool_pending_values[index] = new_value; 1284 length = count; 1285 1286 out: 1287 mutex_unlock(&selinux_state.policy_mutex); 1288 kfree(page); 1289 return length; 1290 } 1291 1292 static const struct file_operations sel_bool_ops = { 1293 .read = sel_read_bool, 1294 .write = sel_write_bool, 1295 .llseek = generic_file_llseek, 1296 }; 1297 1298 static ssize_t sel_commit_bools_write(struct file *filep, 1299 const char __user *buf, 1300 size_t count, loff_t *ppos) 1301 { 1302 struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info; 1303 char *page = NULL; 1304 ssize_t length; 1305 int new_value; 1306 1307 if (count >= PAGE_SIZE) 1308 return -ENOMEM; 1309 1310 /* No partial writes. */ 1311 if (*ppos != 0) 1312 return -EINVAL; 1313 1314 page = memdup_user_nul(buf, count); 1315 if (IS_ERR(page)) 1316 return PTR_ERR(page); 1317 1318 mutex_lock(&selinux_state.policy_mutex); 1319 1320 length = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1321 SECCLASS_SECURITY, SECURITY__SETBOOL, 1322 NULL); 1323 if (length) 1324 goto out; 1325 1326 length = -EINVAL; 1327 if (sscanf(page, "%d", &new_value) != 1) 1328 goto out; 1329 1330 length = 0; 1331 if (new_value && fsi->bool_pending_values) 1332 length = security_set_bools(fsi->bool_num, 1333 fsi->bool_pending_values); 1334 1335 if (!length) 1336 length = count; 1337 1338 out: 1339 mutex_unlock(&selinux_state.policy_mutex); 1340 kfree(page); 1341 return length; 1342 } 1343 1344 static const struct file_operations sel_commit_bools_ops = { 1345 .write = sel_commit_bools_write, 1346 .llseek = generic_file_llseek, 1347 }; 1348 1349 static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_dir, 1350 unsigned int *bool_num, char ***bool_pending_names, 1351 int **bool_pending_values) 1352 { 1353 int ret; 1354 char **names, *page; 1355 u32 i, num; 1356 1357 page = (char *)get_zeroed_page(GFP_KERNEL); 1358 if (!page) 1359 return -ENOMEM; 1360 1361 ret = security_get_bools(newpolicy, &num, &names, bool_pending_values); 1362 if (ret) 1363 goto out; 1364 1365 *bool_num = num; 1366 *bool_pending_names = names; 1367 1368 for (i = 0; i < num; i++) { 1369 struct dentry *dentry; 1370 struct inode *inode; 1371 struct inode_security_struct *isec; 1372 ssize_t len; 1373 u32 sid; 1374 1375 len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]); 1376 if (len >= PAGE_SIZE) { 1377 ret = -ENAMETOOLONG; 1378 break; 1379 } 1380 dentry = d_alloc_name(bool_dir, names[i]); 1381 if (!dentry) { 1382 ret = -ENOMEM; 1383 break; 1384 } 1385 1386 inode = sel_make_inode(bool_dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR); 1387 if (!inode) { 1388 dput(dentry); 1389 ret = -ENOMEM; 1390 break; 1391 } 1392 1393 isec = selinux_inode(inode); 1394 ret = selinux_policy_genfs_sid(newpolicy, "selinuxfs", page, 1395 SECCLASS_FILE, &sid); 1396 if (ret) { 1397 pr_warn_ratelimited("SELinux: no sid found, defaulting to security isid for %s\n", 1398 page); 1399 sid = SECINITSID_SECURITY; 1400 } 1401 1402 isec->sid = sid; 1403 isec->initialized = LABEL_INITIALIZED; 1404 inode->i_fop = &sel_bool_ops; 1405 inode->i_ino = i|SEL_BOOL_INO_OFFSET; 1406 d_add(dentry, inode); 1407 } 1408 out: 1409 free_page((unsigned long)page); 1410 return ret; 1411 } 1412 1413 static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf, 1414 size_t count, loff_t *ppos) 1415 { 1416 char tmpbuf[TMPBUFLEN]; 1417 ssize_t length; 1418 1419 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", 1420 avc_get_cache_threshold()); 1421 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 1422 } 1423 1424 static ssize_t sel_write_avc_cache_threshold(struct file *file, 1425 const char __user *buf, 1426 size_t count, loff_t *ppos) 1427 1428 { 1429 char *page; 1430 ssize_t ret; 1431 unsigned int new_value; 1432 1433 ret = avc_has_perm(current_sid(), SECINITSID_SECURITY, 1434 SECCLASS_SECURITY, SECURITY__SETSECPARAM, 1435 NULL); 1436 if (ret) 1437 return ret; 1438 1439 if (count >= PAGE_SIZE) 1440 return -ENOMEM; 1441 1442 /* No partial writes. */ 1443 if (*ppos != 0) 1444 return -EINVAL; 1445 1446 page = memdup_user_nul(buf, count); 1447 if (IS_ERR(page)) 1448 return PTR_ERR(page); 1449 1450 ret = -EINVAL; 1451 if (sscanf(page, "%u", &new_value) != 1) 1452 goto out; 1453 1454 avc_set_cache_threshold(new_value); 1455 1456 ret = count; 1457 out: 1458 kfree(page); 1459 return ret; 1460 } 1461 1462 static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf, 1463 size_t count, loff_t *ppos) 1464 { 1465 char *page; 1466 ssize_t length; 1467 1468 page = (char *)__get_free_page(GFP_KERNEL); 1469 if (!page) 1470 return -ENOMEM; 1471 1472 length = avc_get_hash_stats(page); 1473 if (length >= 0) 1474 length = simple_read_from_buffer(buf, count, ppos, page, length); 1475 free_page((unsigned long)page); 1476 1477 return length; 1478 } 1479 1480 static ssize_t sel_read_sidtab_hash_stats(struct file *filp, char __user *buf, 1481 size_t count, loff_t *ppos) 1482 { 1483 char *page; 1484 ssize_t length; 1485 1486 page = (char *)__get_free_page(GFP_KERNEL); 1487 if (!page) 1488 return -ENOMEM; 1489 1490 length = security_sidtab_hash_stats(page); 1491 if (length >= 0) 1492 length = simple_read_from_buffer(buf, count, ppos, page, 1493 length); 1494 free_page((unsigned long)page); 1495 1496 return length; 1497 } 1498 1499 static const struct file_operations sel_sidtab_hash_stats_ops = { 1500 .read = sel_read_sidtab_hash_stats, 1501 .llseek = generic_file_llseek, 1502 }; 1503 1504 static const struct file_operations sel_avc_cache_threshold_ops = { 1505 .read = sel_read_avc_cache_threshold, 1506 .write = sel_write_avc_cache_threshold, 1507 .llseek = generic_file_llseek, 1508 }; 1509 1510 static const struct file_operations sel_avc_hash_stats_ops = { 1511 .read = sel_read_avc_hash_stats, 1512 .llseek = generic_file_llseek, 1513 }; 1514 1515 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 1516 static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx) 1517 { 1518 int cpu; 1519 1520 for (cpu = *idx; cpu < nr_cpu_ids; ++cpu) { 1521 if (!cpu_possible(cpu)) 1522 continue; 1523 *idx = cpu + 1; 1524 return &per_cpu(avc_cache_stats, cpu); 1525 } 1526 (*idx)++; 1527 return NULL; 1528 } 1529 1530 static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos) 1531 { 1532 loff_t n = *pos - 1; 1533 1534 if (*pos == 0) 1535 return SEQ_START_TOKEN; 1536 1537 return sel_avc_get_stat_idx(&n); 1538 } 1539 1540 static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos) 1541 { 1542 return sel_avc_get_stat_idx(pos); 1543 } 1544 1545 static int sel_avc_stats_seq_show(struct seq_file *seq, void *v) 1546 { 1547 struct avc_cache_stats *st = v; 1548 1549 if (v == SEQ_START_TOKEN) { 1550 seq_puts(seq, 1551 "lookups hits misses allocations reclaims frees\n"); 1552 } else { 1553 unsigned int lookups = st->lookups; 1554 unsigned int misses = st->misses; 1555 unsigned int hits = lookups - misses; 1556 seq_printf(seq, "%u %u %u %u %u %u\n", lookups, 1557 hits, misses, st->allocations, 1558 st->reclaims, st->frees); 1559 } 1560 return 0; 1561 } 1562 1563 static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v) 1564 { } 1565 1566 static const struct seq_operations sel_avc_cache_stats_seq_ops = { 1567 .start = sel_avc_stats_seq_start, 1568 .next = sel_avc_stats_seq_next, 1569 .show = sel_avc_stats_seq_show, 1570 .stop = sel_avc_stats_seq_stop, 1571 }; 1572 1573 static int sel_open_avc_cache_stats(struct inode *inode, struct file *file) 1574 { 1575 return seq_open(file, &sel_avc_cache_stats_seq_ops); 1576 } 1577 1578 static const struct file_operations sel_avc_cache_stats_ops = { 1579 .open = sel_open_avc_cache_stats, 1580 .read = seq_read, 1581 .llseek = seq_lseek, 1582 .release = seq_release, 1583 }; 1584 #endif 1585 1586 static int sel_make_avc_files(struct dentry *dir) 1587 { 1588 struct super_block *sb = dir->d_sb; 1589 struct selinux_fs_info *fsi = sb->s_fs_info; 1590 unsigned int i; 1591 static const struct tree_descr files[] = { 1592 { "cache_threshold", 1593 &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR }, 1594 { "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO }, 1595 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 1596 { "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO }, 1597 #endif 1598 }; 1599 1600 for (i = 0; i < ARRAY_SIZE(files); i++) { 1601 struct inode *inode; 1602 struct dentry *dentry; 1603 1604 dentry = d_alloc_name(dir, files[i].name); 1605 if (!dentry) 1606 return -ENOMEM; 1607 1608 inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode); 1609 if (!inode) { 1610 dput(dentry); 1611 return -ENOMEM; 1612 } 1613 1614 inode->i_fop = files[i].ops; 1615 inode->i_ino = ++fsi->last_ino; 1616 d_add(dentry, inode); 1617 } 1618 1619 return 0; 1620 } 1621 1622 static int sel_make_ss_files(struct dentry *dir) 1623 { 1624 struct super_block *sb = dir->d_sb; 1625 struct selinux_fs_info *fsi = sb->s_fs_info; 1626 unsigned int i; 1627 static const struct tree_descr files[] = { 1628 { "sidtab_hash_stats", &sel_sidtab_hash_stats_ops, S_IRUGO }, 1629 }; 1630 1631 for (i = 0; i < ARRAY_SIZE(files); i++) { 1632 struct inode *inode; 1633 struct dentry *dentry; 1634 1635 dentry = d_alloc_name(dir, files[i].name); 1636 if (!dentry) 1637 return -ENOMEM; 1638 1639 inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode); 1640 if (!inode) { 1641 dput(dentry); 1642 return -ENOMEM; 1643 } 1644 1645 inode->i_fop = files[i].ops; 1646 inode->i_ino = ++fsi->last_ino; 1647 d_add(dentry, inode); 1648 } 1649 1650 return 0; 1651 } 1652 1653 static ssize_t sel_read_initcon(struct file *file, char __user *buf, 1654 size_t count, loff_t *ppos) 1655 { 1656 char *con; 1657 u32 sid, len; 1658 ssize_t ret; 1659 1660 sid = file_inode(file)->i_ino&SEL_INO_MASK; 1661 ret = security_sid_to_context(sid, &con, &len); 1662 if (ret) 1663 return ret; 1664 1665 ret = simple_read_from_buffer(buf, count, ppos, con, len); 1666 kfree(con); 1667 return ret; 1668 } 1669 1670 static const struct file_operations sel_initcon_ops = { 1671 .read = sel_read_initcon, 1672 .llseek = generic_file_llseek, 1673 }; 1674 1675 static int sel_make_initcon_files(struct dentry *dir) 1676 { 1677 unsigned int i; 1678 1679 for (i = 1; i <= SECINITSID_NUM; i++) { 1680 struct inode *inode; 1681 struct dentry *dentry; 1682 const char *s = security_get_initial_sid_context(i); 1683 1684 if (!s) 1685 continue; 1686 dentry = d_alloc_name(dir, s); 1687 if (!dentry) 1688 return -ENOMEM; 1689 1690 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1691 if (!inode) { 1692 dput(dentry); 1693 return -ENOMEM; 1694 } 1695 1696 inode->i_fop = &sel_initcon_ops; 1697 inode->i_ino = i|SEL_INITCON_INO_OFFSET; 1698 d_add(dentry, inode); 1699 } 1700 1701 return 0; 1702 } 1703 1704 static inline unsigned long sel_class_to_ino(u16 class) 1705 { 1706 return (class * (SEL_VEC_MAX + 1)) | SEL_CLASS_INO_OFFSET; 1707 } 1708 1709 static inline u16 sel_ino_to_class(unsigned long ino) 1710 { 1711 return (ino & SEL_INO_MASK) / (SEL_VEC_MAX + 1); 1712 } 1713 1714 static inline unsigned long sel_perm_to_ino(u16 class, u32 perm) 1715 { 1716 return (class * (SEL_VEC_MAX + 1) + perm) | SEL_CLASS_INO_OFFSET; 1717 } 1718 1719 static inline u32 sel_ino_to_perm(unsigned long ino) 1720 { 1721 return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1); 1722 } 1723 1724 static ssize_t sel_read_class(struct file *file, char __user *buf, 1725 size_t count, loff_t *ppos) 1726 { 1727 unsigned long ino = file_inode(file)->i_ino; 1728 char res[TMPBUFLEN]; 1729 ssize_t len = scnprintf(res, sizeof(res), "%d", sel_ino_to_class(ino)); 1730 return simple_read_from_buffer(buf, count, ppos, res, len); 1731 } 1732 1733 static const struct file_operations sel_class_ops = { 1734 .read = sel_read_class, 1735 .llseek = generic_file_llseek, 1736 }; 1737 1738 static ssize_t sel_read_perm(struct file *file, char __user *buf, 1739 size_t count, loff_t *ppos) 1740 { 1741 unsigned long ino = file_inode(file)->i_ino; 1742 char res[TMPBUFLEN]; 1743 ssize_t len = scnprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino)); 1744 return simple_read_from_buffer(buf, count, ppos, res, len); 1745 } 1746 1747 static const struct file_operations sel_perm_ops = { 1748 .read = sel_read_perm, 1749 .llseek = generic_file_llseek, 1750 }; 1751 1752 static ssize_t sel_read_policycap(struct file *file, char __user *buf, 1753 size_t count, loff_t *ppos) 1754 { 1755 int value; 1756 char tmpbuf[TMPBUFLEN]; 1757 ssize_t length; 1758 unsigned long i_ino = file_inode(file)->i_ino; 1759 1760 value = security_policycap_supported(i_ino & SEL_INO_MASK); 1761 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value); 1762 1763 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 1764 } 1765 1766 static const struct file_operations sel_policycap_ops = { 1767 .read = sel_read_policycap, 1768 .llseek = generic_file_llseek, 1769 }; 1770 1771 static int sel_make_perm_files(struct selinux_policy *newpolicy, 1772 char *objclass, int classvalue, 1773 struct dentry *dir) 1774 { 1775 u32 i, nperms; 1776 int rc; 1777 char **perms; 1778 1779 rc = security_get_permissions(newpolicy, objclass, &perms, &nperms); 1780 if (rc) 1781 return rc; 1782 1783 for (i = 0; i < nperms; i++) { 1784 struct inode *inode; 1785 struct dentry *dentry; 1786 1787 rc = -ENOMEM; 1788 dentry = d_alloc_name(dir, perms[i]); 1789 if (!dentry) 1790 goto out; 1791 1792 rc = -ENOMEM; 1793 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1794 if (!inode) { 1795 dput(dentry); 1796 goto out; 1797 } 1798 1799 inode->i_fop = &sel_perm_ops; 1800 /* i+1 since perm values are 1-indexed */ 1801 inode->i_ino = sel_perm_to_ino(classvalue, i + 1); 1802 d_add(dentry, inode); 1803 } 1804 rc = 0; 1805 out: 1806 for (i = 0; i < nperms; i++) 1807 kfree(perms[i]); 1808 kfree(perms); 1809 return rc; 1810 } 1811 1812 static int sel_make_class_dir_entries(struct selinux_policy *newpolicy, 1813 char *classname, int index, 1814 struct dentry *dir) 1815 { 1816 struct super_block *sb = dir->d_sb; 1817 struct selinux_fs_info *fsi = sb->s_fs_info; 1818 struct dentry *dentry = NULL; 1819 struct inode *inode = NULL; 1820 1821 dentry = d_alloc_name(dir, "index"); 1822 if (!dentry) 1823 return -ENOMEM; 1824 1825 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1826 if (!inode) { 1827 dput(dentry); 1828 return -ENOMEM; 1829 } 1830 1831 inode->i_fop = &sel_class_ops; 1832 inode->i_ino = sel_class_to_ino(index); 1833 d_add(dentry, inode); 1834 1835 dentry = sel_make_dir(dir, "perms", &fsi->last_class_ino); 1836 if (IS_ERR(dentry)) 1837 return PTR_ERR(dentry); 1838 1839 return sel_make_perm_files(newpolicy, classname, index, dentry); 1840 } 1841 1842 static int sel_make_classes(struct selinux_policy *newpolicy, 1843 struct dentry *class_dir, 1844 unsigned long *last_class_ino) 1845 { 1846 u32 i, nclasses; 1847 int rc; 1848 char **classes; 1849 1850 rc = security_get_classes(newpolicy, &classes, &nclasses); 1851 if (rc) 1852 return rc; 1853 1854 /* +2 since classes are 1-indexed */ 1855 *last_class_ino = sel_class_to_ino(nclasses + 2); 1856 1857 for (i = 0; i < nclasses; i++) { 1858 struct dentry *class_name_dir; 1859 1860 class_name_dir = sel_make_dir(class_dir, classes[i], 1861 last_class_ino); 1862 if (IS_ERR(class_name_dir)) { 1863 rc = PTR_ERR(class_name_dir); 1864 goto out; 1865 } 1866 1867 /* i+1 since class values are 1-indexed */ 1868 rc = sel_make_class_dir_entries(newpolicy, classes[i], i + 1, 1869 class_name_dir); 1870 if (rc) 1871 goto out; 1872 } 1873 rc = 0; 1874 out: 1875 for (i = 0; i < nclasses; i++) 1876 kfree(classes[i]); 1877 kfree(classes); 1878 return rc; 1879 } 1880 1881 static int sel_make_policycap(struct selinux_fs_info *fsi) 1882 { 1883 unsigned int iter; 1884 struct dentry *dentry = NULL; 1885 struct inode *inode = NULL; 1886 1887 for (iter = 0; iter <= POLICYDB_CAP_MAX; iter++) { 1888 if (iter < ARRAY_SIZE(selinux_policycap_names)) 1889 dentry = d_alloc_name(fsi->policycap_dir, 1890 selinux_policycap_names[iter]); 1891 else 1892 dentry = d_alloc_name(fsi->policycap_dir, "unknown"); 1893 1894 if (dentry == NULL) 1895 return -ENOMEM; 1896 1897 inode = sel_make_inode(fsi->sb, S_IFREG | 0444); 1898 if (inode == NULL) { 1899 dput(dentry); 1900 return -ENOMEM; 1901 } 1902 1903 inode->i_fop = &sel_policycap_ops; 1904 inode->i_ino = iter | SEL_POLICYCAP_INO_OFFSET; 1905 d_add(dentry, inode); 1906 } 1907 1908 return 0; 1909 } 1910 1911 static struct dentry *sel_make_dir(struct dentry *dir, const char *name, 1912 unsigned long *ino) 1913 { 1914 struct dentry *dentry = d_alloc_name(dir, name); 1915 struct inode *inode; 1916 1917 if (!dentry) 1918 return ERR_PTR(-ENOMEM); 1919 1920 inode = sel_make_inode(dir->d_sb, S_IFDIR | S_IRUGO | S_IXUGO); 1921 if (!inode) { 1922 dput(dentry); 1923 return ERR_PTR(-ENOMEM); 1924 } 1925 1926 inode->i_op = &simple_dir_inode_operations; 1927 inode->i_fop = &simple_dir_operations; 1928 inode->i_ino = ++(*ino); 1929 /* directory inodes start off with i_nlink == 2 (for "." entry) */ 1930 inc_nlink(inode); 1931 d_add(dentry, inode); 1932 /* bump link count on parent directory, too */ 1933 inc_nlink(d_inode(dir)); 1934 1935 return dentry; 1936 } 1937 1938 static int reject_all(struct mnt_idmap *idmap, struct inode *inode, int mask) 1939 { 1940 return -EPERM; // no access for anyone, root or no root. 1941 } 1942 1943 static const struct inode_operations swapover_dir_inode_operations = { 1944 .lookup = simple_lookup, 1945 .permission = reject_all, 1946 }; 1947 1948 static struct dentry *sel_make_swapover_dir(struct super_block *sb, 1949 unsigned long *ino) 1950 { 1951 struct dentry *dentry = d_alloc_name(sb->s_root, ".swapover"); 1952 struct inode *inode; 1953 1954 if (!dentry) 1955 return ERR_PTR(-ENOMEM); 1956 1957 inode = sel_make_inode(sb, S_IFDIR); 1958 if (!inode) { 1959 dput(dentry); 1960 return ERR_PTR(-ENOMEM); 1961 } 1962 1963 inode->i_op = &swapover_dir_inode_operations; 1964 inode->i_ino = ++(*ino); 1965 /* directory inodes start off with i_nlink == 2 (for "." entry) */ 1966 inc_nlink(inode); 1967 inode_lock(sb->s_root->d_inode); 1968 d_add(dentry, inode); 1969 inc_nlink(sb->s_root->d_inode); 1970 inode_unlock(sb->s_root->d_inode); 1971 return dentry; 1972 } 1973 1974 #define NULL_FILE_NAME "null" 1975 1976 static int sel_fill_super(struct super_block *sb, struct fs_context *fc) 1977 { 1978 struct selinux_fs_info *fsi; 1979 int ret; 1980 struct dentry *dentry; 1981 struct inode *inode; 1982 struct inode_security_struct *isec; 1983 1984 static const struct tree_descr selinux_files[] = { 1985 [SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR}, 1986 [SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR}, 1987 [SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO}, 1988 [SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO}, 1989 [SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO}, 1990 [SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO}, 1991 [SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO}, 1992 [SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO}, 1993 [SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR}, 1994 [SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO}, 1995 [SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR}, 1996 [SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO}, 1997 [SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR}, 1998 [SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO}, 1999 [SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO}, 2000 [SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO}, 2001 [SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO}, 2002 [SEL_VALIDATE_TRANS] = {"validatetrans", &sel_transition_ops, 2003 S_IWUGO}, 2004 /* last one */ {""} 2005 }; 2006 2007 ret = selinux_fs_info_create(sb); 2008 if (ret) 2009 goto err; 2010 2011 ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files); 2012 if (ret) 2013 goto err; 2014 2015 fsi = sb->s_fs_info; 2016 fsi->bool_dir = sel_make_dir(sb->s_root, BOOL_DIR_NAME, &fsi->last_ino); 2017 if (IS_ERR(fsi->bool_dir)) { 2018 ret = PTR_ERR(fsi->bool_dir); 2019 fsi->bool_dir = NULL; 2020 goto err; 2021 } 2022 2023 ret = -ENOMEM; 2024 dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME); 2025 if (!dentry) 2026 goto err; 2027 2028 ret = -ENOMEM; 2029 inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO); 2030 if (!inode) { 2031 dput(dentry); 2032 goto err; 2033 } 2034 2035 inode->i_ino = ++fsi->last_ino; 2036 isec = selinux_inode(inode); 2037 isec->sid = SECINITSID_DEVNULL; 2038 isec->sclass = SECCLASS_CHR_FILE; 2039 isec->initialized = LABEL_INITIALIZED; 2040 2041 init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3)); 2042 d_add(dentry, inode); 2043 2044 dentry = sel_make_dir(sb->s_root, "avc", &fsi->last_ino); 2045 if (IS_ERR(dentry)) { 2046 ret = PTR_ERR(dentry); 2047 goto err; 2048 } 2049 2050 ret = sel_make_avc_files(dentry); 2051 if (ret) 2052 goto err; 2053 2054 dentry = sel_make_dir(sb->s_root, "ss", &fsi->last_ino); 2055 if (IS_ERR(dentry)) { 2056 ret = PTR_ERR(dentry); 2057 goto err; 2058 } 2059 2060 ret = sel_make_ss_files(dentry); 2061 if (ret) 2062 goto err; 2063 2064 dentry = sel_make_dir(sb->s_root, "initial_contexts", &fsi->last_ino); 2065 if (IS_ERR(dentry)) { 2066 ret = PTR_ERR(dentry); 2067 goto err; 2068 } 2069 2070 ret = sel_make_initcon_files(dentry); 2071 if (ret) 2072 goto err; 2073 2074 fsi->class_dir = sel_make_dir(sb->s_root, CLASS_DIR_NAME, &fsi->last_ino); 2075 if (IS_ERR(fsi->class_dir)) { 2076 ret = PTR_ERR(fsi->class_dir); 2077 fsi->class_dir = NULL; 2078 goto err; 2079 } 2080 2081 fsi->policycap_dir = sel_make_dir(sb->s_root, POLICYCAP_DIR_NAME, 2082 &fsi->last_ino); 2083 if (IS_ERR(fsi->policycap_dir)) { 2084 ret = PTR_ERR(fsi->policycap_dir); 2085 fsi->policycap_dir = NULL; 2086 goto err; 2087 } 2088 2089 ret = sel_make_policycap(fsi); 2090 if (ret) { 2091 pr_err("SELinux: failed to load policy capabilities\n"); 2092 goto err; 2093 } 2094 2095 return 0; 2096 err: 2097 pr_err("SELinux: %s: failed while creating inodes\n", 2098 __func__); 2099 2100 selinux_fs_info_free(sb); 2101 2102 return ret; 2103 } 2104 2105 static int sel_get_tree(struct fs_context *fc) 2106 { 2107 return get_tree_single(fc, sel_fill_super); 2108 } 2109 2110 static const struct fs_context_operations sel_context_ops = { 2111 .get_tree = sel_get_tree, 2112 }; 2113 2114 static int sel_init_fs_context(struct fs_context *fc) 2115 { 2116 fc->ops = &sel_context_ops; 2117 return 0; 2118 } 2119 2120 static void sel_kill_sb(struct super_block *sb) 2121 { 2122 selinux_fs_info_free(sb); 2123 kill_litter_super(sb); 2124 } 2125 2126 static struct file_system_type sel_fs_type = { 2127 .name = "selinuxfs", 2128 .init_fs_context = sel_init_fs_context, 2129 .kill_sb = sel_kill_sb, 2130 }; 2131 2132 struct path selinux_null __ro_after_init; 2133 2134 static int __init init_sel_fs(void) 2135 { 2136 struct qstr null_name = QSTR_INIT(NULL_FILE_NAME, 2137 sizeof(NULL_FILE_NAME)-1); 2138 int err; 2139 2140 if (!selinux_enabled_boot) 2141 return 0; 2142 2143 err = sysfs_create_mount_point(fs_kobj, "selinux"); 2144 if (err) 2145 return err; 2146 2147 err = register_filesystem(&sel_fs_type); 2148 if (err) { 2149 sysfs_remove_mount_point(fs_kobj, "selinux"); 2150 return err; 2151 } 2152 2153 selinux_null.mnt = kern_mount(&sel_fs_type); 2154 if (IS_ERR(selinux_null.mnt)) { 2155 pr_err("selinuxfs: could not mount!\n"); 2156 err = PTR_ERR(selinux_null.mnt); 2157 selinux_null.mnt = NULL; 2158 return err; 2159 } 2160 2161 selinux_null.dentry = d_hash_and_lookup(selinux_null.mnt->mnt_root, 2162 &null_name); 2163 if (IS_ERR(selinux_null.dentry)) { 2164 pr_err("selinuxfs: could not lookup null!\n"); 2165 err = PTR_ERR(selinux_null.dentry); 2166 selinux_null.dentry = NULL; 2167 return err; 2168 } 2169 2170 /* 2171 * Try to pre-allocate the status page, so the sequence number of the 2172 * initial policy load can be stored. 2173 */ 2174 (void) selinux_kernel_status_page(); 2175 2176 return err; 2177 } 2178 2179 __initcall(init_sel_fs); 2180