]>
Commit | Line | Data |
---|---|---|
1 | /* Updated: Karl MacMillan <kmacmillan@tresys.com> | |
2 | * | |
3 | * Added conditional policy language extensions | |
4 | * | |
5 | * Updated: Hewlett-Packard <paul@paul-moore.com> | |
6 | * | |
7 | * Added support for the policy capability bitmap | |
8 | * | |
9 | * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. | |
10 | * Copyright (C) 2003 - 2004 Tresys Technology, LLC | |
11 | * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> | |
12 | * This program is free software; you can redistribute it and/or modify | |
13 | * it under the terms of the GNU General Public License as published by | |
14 | * the Free Software Foundation, version 2. | |
15 | */ | |
16 | ||
17 | #include <linux/kernel.h> | |
18 | #include <linux/pagemap.h> | |
19 | #include <linux/slab.h> | |
20 | #include <linux/vmalloc.h> | |
21 | #include <linux/fs.h> | |
22 | #include <linux/mutex.h> | |
23 | #include <linux/init.h> | |
24 | #include <linux/string.h> | |
25 | #include <linux/security.h> | |
26 | #include <linux/major.h> | |
27 | #include <linux/seq_file.h> | |
28 | #include <linux/percpu.h> | |
29 | #include <linux/audit.h> | |
30 | #include <linux/uaccess.h> | |
31 | #include <linux/kobject.h> | |
32 | #include <linux/ctype.h> | |
33 | ||
34 | /* selinuxfs pseudo filesystem for exporting the security policy API. | |
35 | Based on the proc code and the fs/nfsd/nfsctl.c code. */ | |
36 | ||
37 | #include "flask.h" | |
38 | #include "avc.h" | |
39 | #include "avc_ss.h" | |
40 | #include "security.h" | |
41 | #include "objsec.h" | |
42 | #include "conditional.h" | |
43 | ||
44 | /* Policy capability filenames */ | |
45 | static char *policycap_names[] = { | |
46 | "network_peer_controls", | |
47 | "open_perms", | |
48 | "redhat1", | |
49 | "always_check_network" | |
50 | }; | |
51 | ||
52 | unsigned int selinux_checkreqprot = CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE; | |
53 | ||
54 | static int __init checkreqprot_setup(char *str) | |
55 | { | |
56 | unsigned long checkreqprot; | |
57 | if (!kstrtoul(str, 0, &checkreqprot)) | |
58 | selinux_checkreqprot = checkreqprot ? 1 : 0; | |
59 | return 1; | |
60 | } | |
61 | __setup("checkreqprot=", checkreqprot_setup); | |
62 | ||
63 | static DEFINE_MUTEX(sel_mutex); | |
64 | ||
65 | /* global data for booleans */ | |
66 | static struct dentry *bool_dir; | |
67 | static int bool_num; | |
68 | static char **bool_pending_names; | |
69 | static int *bool_pending_values; | |
70 | ||
71 | /* global data for classes */ | |
72 | static struct dentry *class_dir; | |
73 | static unsigned long last_class_ino; | |
74 | ||
75 | static char policy_opened; | |
76 | ||
77 | /* global data for policy capabilities */ | |
78 | static struct dentry *policycap_dir; | |
79 | ||
80 | /* Check whether a task is allowed to use a security operation. */ | |
81 | static int task_has_security(struct task_struct *tsk, | |
82 | u32 perms) | |
83 | { | |
84 | const struct task_security_struct *tsec; | |
85 | u32 sid = 0; | |
86 | ||
87 | rcu_read_lock(); | |
88 | tsec = __task_cred(tsk)->security; | |
89 | if (tsec) | |
90 | sid = tsec->sid; | |
91 | rcu_read_unlock(); | |
92 | if (!tsec) | |
93 | return -EACCES; | |
94 | ||
95 | return avc_has_perm(sid, SECINITSID_SECURITY, | |
96 | SECCLASS_SECURITY, perms, NULL); | |
97 | } | |
98 | ||
99 | enum sel_inos { | |
100 | SEL_ROOT_INO = 2, | |
101 | SEL_LOAD, /* load policy */ | |
102 | SEL_ENFORCE, /* get or set enforcing status */ | |
103 | SEL_CONTEXT, /* validate context */ | |
104 | SEL_ACCESS, /* compute access decision */ | |
105 | SEL_CREATE, /* compute create labeling decision */ | |
106 | SEL_RELABEL, /* compute relabeling decision */ | |
107 | SEL_USER, /* compute reachable user contexts */ | |
108 | SEL_POLICYVERS, /* return policy version for this kernel */ | |
109 | SEL_COMMIT_BOOLS, /* commit new boolean values */ | |
110 | SEL_MLS, /* return if MLS policy is enabled */ | |
111 | SEL_DISABLE, /* disable SELinux until next reboot */ | |
112 | SEL_MEMBER, /* compute polyinstantiation membership decision */ | |
113 | SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */ | |
114 | SEL_COMPAT_NET, /* whether to use old compat network packet controls */ | |
115 | SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */ | |
116 | SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */ | |
117 | SEL_STATUS, /* export current status using mmap() */ | |
118 | SEL_POLICY, /* allow userspace to read the in kernel policy */ | |
119 | SEL_INO_NEXT, /* The next inode number to use */ | |
120 | }; | |
121 | ||
122 | static unsigned long sel_last_ino = SEL_INO_NEXT - 1; | |
123 | ||
124 | #define SEL_INITCON_INO_OFFSET 0x01000000 | |
125 | #define SEL_BOOL_INO_OFFSET 0x02000000 | |
126 | #define SEL_CLASS_INO_OFFSET 0x04000000 | |
127 | #define SEL_POLICYCAP_INO_OFFSET 0x08000000 | |
128 | #define SEL_INO_MASK 0x00ffffff | |
129 | ||
130 | #define TMPBUFLEN 12 | |
131 | static ssize_t sel_read_enforce(struct file *filp, char __user *buf, | |
132 | size_t count, loff_t *ppos) | |
133 | { | |
134 | char tmpbuf[TMPBUFLEN]; | |
135 | ssize_t length; | |
136 | ||
137 | length = scnprintf(tmpbuf, TMPBUFLEN, "%d", selinux_enforcing); | |
138 | return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); | |
139 | } | |
140 | ||
141 | #ifdef CONFIG_SECURITY_SELINUX_DEVELOP | |
142 | static ssize_t sel_write_enforce(struct file *file, const char __user *buf, | |
143 | size_t count, loff_t *ppos) | |
144 | ||
145 | { | |
146 | char *page = NULL; | |
147 | ssize_t length; | |
148 | int new_value; | |
149 | ||
150 | length = -ENOMEM; | |
151 | if (count >= PAGE_SIZE) | |
152 | goto out; | |
153 | ||
154 | /* No partial writes. */ | |
155 | length = -EINVAL; | |
156 | if (*ppos != 0) | |
157 | goto out; | |
158 | ||
159 | length = -ENOMEM; | |
160 | page = (char *)get_zeroed_page(GFP_KERNEL); | |
161 | if (!page) | |
162 | goto out; | |
163 | ||
164 | length = -EFAULT; | |
165 | if (copy_from_user(page, buf, count)) | |
166 | goto out; | |
167 | ||
168 | length = -EINVAL; | |
169 | if (sscanf(page, "%d", &new_value) != 1) | |
170 | goto out; | |
171 | ||
172 | if (new_value != selinux_enforcing) { | |
173 | length = task_has_security(current, SECURITY__SETENFORCE); | |
174 | if (length) | |
175 | goto out; | |
176 | audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, | |
177 | "enforcing=%d old_enforcing=%d auid=%u ses=%u", | |
178 | new_value, selinux_enforcing, | |
179 | from_kuid(&init_user_ns, audit_get_loginuid(current)), | |
180 | audit_get_sessionid(current)); | |
181 | selinux_enforcing = new_value; | |
182 | if (selinux_enforcing) | |
183 | avc_ss_reset(0); | |
184 | selnl_notify_setenforce(selinux_enforcing); | |
185 | selinux_status_update_setenforce(selinux_enforcing); | |
186 | } | |
187 | length = count; | |
188 | out: | |
189 | free_page((unsigned long) page); | |
190 | return length; | |
191 | } | |
192 | #else | |
193 | #define sel_write_enforce NULL | |
194 | #endif | |
195 | ||
196 | static const struct file_operations sel_enforce_ops = { | |
197 | .read = sel_read_enforce, | |
198 | .write = sel_write_enforce, | |
199 | .llseek = generic_file_llseek, | |
200 | }; | |
201 | ||
202 | static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf, | |
203 | size_t count, loff_t *ppos) | |
204 | { | |
205 | char tmpbuf[TMPBUFLEN]; | |
206 | ssize_t length; | |
207 | ino_t ino = file_inode(filp)->i_ino; | |
208 | int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ? | |
209 | security_get_reject_unknown() : !security_get_allow_unknown(); | |
210 | ||
211 | length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown); | |
212 | return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); | |
213 | } | |
214 | ||
215 | static const struct file_operations sel_handle_unknown_ops = { | |
216 | .read = sel_read_handle_unknown, | |
217 | .llseek = generic_file_llseek, | |
218 | }; | |
219 | ||
220 | static int sel_open_handle_status(struct inode *inode, struct file *filp) | |
221 | { | |
222 | struct page *status = selinux_kernel_status_page(); | |
223 | ||
224 | if (!status) | |
225 | return -ENOMEM; | |
226 | ||
227 | filp->private_data = status; | |
228 | ||
229 | return 0; | |
230 | } | |
231 | ||
232 | static ssize_t sel_read_handle_status(struct file *filp, char __user *buf, | |
233 | size_t count, loff_t *ppos) | |
234 | { | |
235 | struct page *status = filp->private_data; | |
236 | ||
237 | BUG_ON(!status); | |
238 | ||
239 | return simple_read_from_buffer(buf, count, ppos, | |
240 | page_address(status), | |
241 | sizeof(struct selinux_kernel_status)); | |
242 | } | |
243 | ||
244 | static int sel_mmap_handle_status(struct file *filp, | |
245 | struct vm_area_struct *vma) | |
246 | { | |
247 | struct page *status = filp->private_data; | |
248 | unsigned long size = vma->vm_end - vma->vm_start; | |
249 | ||
250 | BUG_ON(!status); | |
251 | ||
252 | /* only allows one page from the head */ | |
253 | if (vma->vm_pgoff > 0 || size != PAGE_SIZE) | |
254 | return -EIO; | |
255 | /* disallow writable mapping */ | |
256 | if (vma->vm_flags & VM_WRITE) | |
257 | return -EPERM; | |
258 | /* disallow mprotect() turns it into writable */ | |
259 | vma->vm_flags &= ~VM_MAYWRITE; | |
260 | ||
261 | return remap_pfn_range(vma, vma->vm_start, | |
262 | page_to_pfn(status), | |
263 | size, vma->vm_page_prot); | |
264 | } | |
265 | ||
266 | static const struct file_operations sel_handle_status_ops = { | |
267 | .open = sel_open_handle_status, | |
268 | .read = sel_read_handle_status, | |
269 | .mmap = sel_mmap_handle_status, | |
270 | .llseek = generic_file_llseek, | |
271 | }; | |
272 | ||
273 | #ifdef CONFIG_SECURITY_SELINUX_DISABLE | |
274 | static ssize_t sel_write_disable(struct file *file, const char __user *buf, | |
275 | size_t count, loff_t *ppos) | |
276 | ||
277 | { | |
278 | char *page = NULL; | |
279 | ssize_t length; | |
280 | int new_value; | |
281 | ||
282 | length = -ENOMEM; | |
283 | if (count >= PAGE_SIZE) | |
284 | goto out; | |
285 | ||
286 | /* No partial writes. */ | |
287 | length = -EINVAL; | |
288 | if (*ppos != 0) | |
289 | goto out; | |
290 | ||
291 | length = -ENOMEM; | |
292 | page = (char *)get_zeroed_page(GFP_KERNEL); | |
293 | if (!page) | |
294 | goto out; | |
295 | ||
296 | length = -EFAULT; | |
297 | if (copy_from_user(page, buf, count)) | |
298 | goto out; | |
299 | ||
300 | length = -EINVAL; | |
301 | if (sscanf(page, "%d", &new_value) != 1) | |
302 | goto out; | |
303 | ||
304 | if (new_value) { | |
305 | length = selinux_disable(); | |
306 | if (length) | |
307 | goto out; | |
308 | audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, | |
309 | "selinux=0 auid=%u ses=%u", | |
310 | from_kuid(&init_user_ns, audit_get_loginuid(current)), | |
311 | audit_get_sessionid(current)); | |
312 | } | |
313 | ||
314 | length = count; | |
315 | out: | |
316 | free_page((unsigned long) page); | |
317 | return length; | |
318 | } | |
319 | #else | |
320 | #define sel_write_disable NULL | |
321 | #endif | |
322 | ||
323 | static const struct file_operations sel_disable_ops = { | |
324 | .write = sel_write_disable, | |
325 | .llseek = generic_file_llseek, | |
326 | }; | |
327 | ||
328 | static ssize_t sel_read_policyvers(struct file *filp, char __user *buf, | |
329 | size_t count, loff_t *ppos) | |
330 | { | |
331 | char tmpbuf[TMPBUFLEN]; | |
332 | ssize_t length; | |
333 | ||
334 | length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX); | |
335 | return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); | |
336 | } | |
337 | ||
338 | static const struct file_operations sel_policyvers_ops = { | |
339 | .read = sel_read_policyvers, | |
340 | .llseek = generic_file_llseek, | |
341 | }; | |
342 | ||
343 | /* declaration for sel_write_load */ | |
344 | static int sel_make_bools(void); | |
345 | static int sel_make_classes(void); | |
346 | static int sel_make_policycap(void); | |
347 | ||
348 | /* declaration for sel_make_class_dirs */ | |
349 | static struct dentry *sel_make_dir(struct dentry *dir, const char *name, | |
350 | unsigned long *ino); | |
351 | ||
352 | static ssize_t sel_read_mls(struct file *filp, char __user *buf, | |
353 | size_t count, loff_t *ppos) | |
354 | { | |
355 | char tmpbuf[TMPBUFLEN]; | |
356 | ssize_t length; | |
357 | ||
358 | length = scnprintf(tmpbuf, TMPBUFLEN, "%d", | |
359 | security_mls_enabled()); | |
360 | return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); | |
361 | } | |
362 | ||
363 | static const struct file_operations sel_mls_ops = { | |
364 | .read = sel_read_mls, | |
365 | .llseek = generic_file_llseek, | |
366 | }; | |
367 | ||
368 | struct policy_load_memory { | |
369 | size_t len; | |
370 | void *data; | |
371 | }; | |
372 | ||
373 | static int sel_open_policy(struct inode *inode, struct file *filp) | |
374 | { | |
375 | struct policy_load_memory *plm = NULL; | |
376 | int rc; | |
377 | ||
378 | BUG_ON(filp->private_data); | |
379 | ||
380 | mutex_lock(&sel_mutex); | |
381 | ||
382 | rc = task_has_security(current, SECURITY__READ_POLICY); | |
383 | if (rc) | |
384 | goto err; | |
385 | ||
386 | rc = -EBUSY; | |
387 | if (policy_opened) | |
388 | goto err; | |
389 | ||
390 | rc = -ENOMEM; | |
391 | plm = kzalloc(sizeof(*plm), GFP_KERNEL); | |
392 | if (!plm) | |
393 | goto err; | |
394 | ||
395 | if (i_size_read(inode) != security_policydb_len()) { | |
396 | mutex_lock(&inode->i_mutex); | |
397 | i_size_write(inode, security_policydb_len()); | |
398 | mutex_unlock(&inode->i_mutex); | |
399 | } | |
400 | ||
401 | rc = security_read_policy(&plm->data, &plm->len); | |
402 | if (rc) | |
403 | goto err; | |
404 | ||
405 | policy_opened = 1; | |
406 | ||
407 | filp->private_data = plm; | |
408 | ||
409 | mutex_unlock(&sel_mutex); | |
410 | ||
411 | return 0; | |
412 | err: | |
413 | mutex_unlock(&sel_mutex); | |
414 | ||
415 | if (plm) | |
416 | vfree(plm->data); | |
417 | kfree(plm); | |
418 | return rc; | |
419 | } | |
420 | ||
421 | static int sel_release_policy(struct inode *inode, struct file *filp) | |
422 | { | |
423 | struct policy_load_memory *plm = filp->private_data; | |
424 | ||
425 | BUG_ON(!plm); | |
426 | ||
427 | policy_opened = 0; | |
428 | ||
429 | vfree(plm->data); | |
430 | kfree(plm); | |
431 | ||
432 | return 0; | |
433 | } | |
434 | ||
435 | static ssize_t sel_read_policy(struct file *filp, char __user *buf, | |
436 | size_t count, loff_t *ppos) | |
437 | { | |
438 | struct policy_load_memory *plm = filp->private_data; | |
439 | int ret; | |
440 | ||
441 | mutex_lock(&sel_mutex); | |
442 | ||
443 | ret = task_has_security(current, SECURITY__READ_POLICY); | |
444 | if (ret) | |
445 | goto out; | |
446 | ||
447 | ret = simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); | |
448 | out: | |
449 | mutex_unlock(&sel_mutex); | |
450 | return ret; | |
451 | } | |
452 | ||
453 | static int sel_mmap_policy_fault(struct vm_area_struct *vma, | |
454 | struct vm_fault *vmf) | |
455 | { | |
456 | struct policy_load_memory *plm = vma->vm_file->private_data; | |
457 | unsigned long offset; | |
458 | struct page *page; | |
459 | ||
460 | if (vmf->flags & (FAULT_FLAG_MKWRITE | FAULT_FLAG_WRITE)) | |
461 | return VM_FAULT_SIGBUS; | |
462 | ||
463 | offset = vmf->pgoff << PAGE_SHIFT; | |
464 | if (offset >= roundup(plm->len, PAGE_SIZE)) | |
465 | return VM_FAULT_SIGBUS; | |
466 | ||
467 | page = vmalloc_to_page(plm->data + offset); | |
468 | get_page(page); | |
469 | ||
470 | vmf->page = page; | |
471 | ||
472 | return 0; | |
473 | } | |
474 | ||
475 | static const struct vm_operations_struct sel_mmap_policy_ops = { | |
476 | .fault = sel_mmap_policy_fault, | |
477 | .page_mkwrite = sel_mmap_policy_fault, | |
478 | }; | |
479 | ||
480 | static int sel_mmap_policy(struct file *filp, struct vm_area_struct *vma) | |
481 | { | |
482 | if (vma->vm_flags & VM_SHARED) { | |
483 | /* do not allow mprotect to make mapping writable */ | |
484 | vma->vm_flags &= ~VM_MAYWRITE; | |
485 | ||
486 | if (vma->vm_flags & VM_WRITE) | |
487 | return -EACCES; | |
488 | } | |
489 | ||
490 | vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP; | |
491 | vma->vm_ops = &sel_mmap_policy_ops; | |
492 | ||
493 | return 0; | |
494 | } | |
495 | ||
496 | static const struct file_operations sel_policy_ops = { | |
497 | .open = sel_open_policy, | |
498 | .read = sel_read_policy, | |
499 | .mmap = sel_mmap_policy, | |
500 | .release = sel_release_policy, | |
501 | .llseek = generic_file_llseek, | |
502 | }; | |
503 | ||
504 | static ssize_t sel_write_load(struct file *file, const char __user *buf, | |
505 | size_t count, loff_t *ppos) | |
506 | ||
507 | { | |
508 | ssize_t length; | |
509 | void *data = NULL; | |
510 | ||
511 | mutex_lock(&sel_mutex); | |
512 | ||
513 | length = task_has_security(current, SECURITY__LOAD_POLICY); | |
514 | if (length) | |
515 | goto out; | |
516 | ||
517 | /* No partial writes. */ | |
518 | length = -EINVAL; | |
519 | if (*ppos != 0) | |
520 | goto out; | |
521 | ||
522 | length = -EFBIG; | |
523 | if (count > 64 * 1024 * 1024) | |
524 | goto out; | |
525 | ||
526 | length = -ENOMEM; | |
527 | data = vmalloc(count); | |
528 | if (!data) | |
529 | goto out; | |
530 | ||
531 | length = -EFAULT; | |
532 | if (copy_from_user(data, buf, count) != 0) | |
533 | goto out; | |
534 | ||
535 | length = security_load_policy(data, count); | |
536 | if (length) | |
537 | goto out; | |
538 | ||
539 | length = sel_make_bools(); | |
540 | if (length) | |
541 | goto out1; | |
542 | ||
543 | length = sel_make_classes(); | |
544 | if (length) | |
545 | goto out1; | |
546 | ||
547 | length = sel_make_policycap(); | |
548 | if (length) | |
549 | goto out1; | |
550 | ||
551 | length = count; | |
552 | ||
553 | out1: | |
554 | audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, | |
555 | "policy loaded auid=%u ses=%u", | |
556 | from_kuid(&init_user_ns, audit_get_loginuid(current)), | |
557 | audit_get_sessionid(current)); | |
558 | out: | |
559 | mutex_unlock(&sel_mutex); | |
560 | vfree(data); | |
561 | return length; | |
562 | } | |
563 | ||
564 | static const struct file_operations sel_load_ops = { | |
565 | .write = sel_write_load, | |
566 | .llseek = generic_file_llseek, | |
567 | }; | |
568 | ||
569 | static ssize_t sel_write_context(struct file *file, char *buf, size_t size) | |
570 | { | |
571 | char *canon = NULL; | |
572 | u32 sid, len; | |
573 | ssize_t length; | |
574 | ||
575 | length = task_has_security(current, SECURITY__CHECK_CONTEXT); | |
576 | if (length) | |
577 | goto out; | |
578 | ||
579 | length = security_context_to_sid(buf, size, &sid, GFP_KERNEL); | |
580 | if (length) | |
581 | goto out; | |
582 | ||
583 | length = security_sid_to_context(sid, &canon, &len); | |
584 | if (length) | |
585 | goto out; | |
586 | ||
587 | length = -ERANGE; | |
588 | if (len > SIMPLE_TRANSACTION_LIMIT) { | |
589 | printk(KERN_ERR "SELinux: %s: context size (%u) exceeds " | |
590 | "payload max\n", __func__, len); | |
591 | goto out; | |
592 | } | |
593 | ||
594 | memcpy(buf, canon, len); | |
595 | length = len; | |
596 | out: | |
597 | kfree(canon); | |
598 | return length; | |
599 | } | |
600 | ||
601 | static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf, | |
602 | size_t count, loff_t *ppos) | |
603 | { | |
604 | char tmpbuf[TMPBUFLEN]; | |
605 | ssize_t length; | |
606 | ||
607 | length = scnprintf(tmpbuf, TMPBUFLEN, "%u", selinux_checkreqprot); | |
608 | return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); | |
609 | } | |
610 | ||
611 | static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, | |
612 | size_t count, loff_t *ppos) | |
613 | { | |
614 | char *page = NULL; | |
615 | ssize_t length; | |
616 | unsigned int new_value; | |
617 | ||
618 | length = task_has_security(current, SECURITY__SETCHECKREQPROT); | |
619 | if (length) | |
620 | goto out; | |
621 | ||
622 | length = -ENOMEM; | |
623 | if (count >= PAGE_SIZE) | |
624 | goto out; | |
625 | ||
626 | /* No partial writes. */ | |
627 | length = -EINVAL; | |
628 | if (*ppos != 0) | |
629 | goto out; | |
630 | ||
631 | length = -ENOMEM; | |
632 | page = (char *)get_zeroed_page(GFP_KERNEL); | |
633 | if (!page) | |
634 | goto out; | |
635 | ||
636 | length = -EFAULT; | |
637 | if (copy_from_user(page, buf, count)) | |
638 | goto out; | |
639 | ||
640 | length = -EINVAL; | |
641 | if (sscanf(page, "%u", &new_value) != 1) | |
642 | goto out; | |
643 | ||
644 | selinux_checkreqprot = new_value ? 1 : 0; | |
645 | length = count; | |
646 | out: | |
647 | free_page((unsigned long) page); | |
648 | return length; | |
649 | } | |
650 | static const struct file_operations sel_checkreqprot_ops = { | |
651 | .read = sel_read_checkreqprot, | |
652 | .write = sel_write_checkreqprot, | |
653 | .llseek = generic_file_llseek, | |
654 | }; | |
655 | ||
656 | /* | |
657 | * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c | |
658 | */ | |
659 | static ssize_t sel_write_access(struct file *file, char *buf, size_t size); | |
660 | static ssize_t sel_write_create(struct file *file, char *buf, size_t size); | |
661 | static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size); | |
662 | static ssize_t sel_write_user(struct file *file, char *buf, size_t size); | |
663 | static ssize_t sel_write_member(struct file *file, char *buf, size_t size); | |
664 | ||
665 | static ssize_t (*write_op[])(struct file *, char *, size_t) = { | |
666 | [SEL_ACCESS] = sel_write_access, | |
667 | [SEL_CREATE] = sel_write_create, | |
668 | [SEL_RELABEL] = sel_write_relabel, | |
669 | [SEL_USER] = sel_write_user, | |
670 | [SEL_MEMBER] = sel_write_member, | |
671 | [SEL_CONTEXT] = sel_write_context, | |
672 | }; | |
673 | ||
674 | static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos) | |
675 | { | |
676 | ino_t ino = file_inode(file)->i_ino; | |
677 | char *data; | |
678 | ssize_t rv; | |
679 | ||
680 | if (ino >= ARRAY_SIZE(write_op) || !write_op[ino]) | |
681 | return -EINVAL; | |
682 | ||
683 | data = simple_transaction_get(file, buf, size); | |
684 | if (IS_ERR(data)) | |
685 | return PTR_ERR(data); | |
686 | ||
687 | rv = write_op[ino](file, data, size); | |
688 | if (rv > 0) { | |
689 | simple_transaction_set(file, rv); | |
690 | rv = size; | |
691 | } | |
692 | return rv; | |
693 | } | |
694 | ||
695 | static const struct file_operations transaction_ops = { | |
696 | .write = selinux_transaction_write, | |
697 | .read = simple_transaction_read, | |
698 | .release = simple_transaction_release, | |
699 | .llseek = generic_file_llseek, | |
700 | }; | |
701 | ||
702 | /* | |
703 | * payload - write methods | |
704 | * If the method has a response, the response should be put in buf, | |
705 | * and the length returned. Otherwise return 0 or and -error. | |
706 | */ | |
707 | ||
708 | static ssize_t sel_write_access(struct file *file, char *buf, size_t size) | |
709 | { | |
710 | char *scon = NULL, *tcon = NULL; | |
711 | u32 ssid, tsid; | |
712 | u16 tclass; | |
713 | struct av_decision avd; | |
714 | ssize_t length; | |
715 | ||
716 | length = task_has_security(current, SECURITY__COMPUTE_AV); | |
717 | if (length) | |
718 | goto out; | |
719 | ||
720 | length = -ENOMEM; | |
721 | scon = kzalloc(size + 1, GFP_KERNEL); | |
722 | if (!scon) | |
723 | goto out; | |
724 | ||
725 | length = -ENOMEM; | |
726 | tcon = kzalloc(size + 1, GFP_KERNEL); | |
727 | if (!tcon) | |
728 | goto out; | |
729 | ||
730 | length = -EINVAL; | |
731 | if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) | |
732 | goto out; | |
733 | ||
734 | length = security_context_to_sid(scon, strlen(scon) + 1, &ssid, | |
735 | GFP_KERNEL); | |
736 | if (length) | |
737 | goto out; | |
738 | ||
739 | length = security_context_to_sid(tcon, strlen(tcon) + 1, &tsid, | |
740 | GFP_KERNEL); | |
741 | if (length) | |
742 | goto out; | |
743 | ||
744 | security_compute_av_user(ssid, tsid, tclass, &avd); | |
745 | ||
746 | length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT, | |
747 | "%x %x %x %x %u %x", | |
748 | avd.allowed, 0xffffffff, | |
749 | avd.auditallow, avd.auditdeny, | |
750 | avd.seqno, avd.flags); | |
751 | out: | |
752 | kfree(tcon); | |
753 | kfree(scon); | |
754 | return length; | |
755 | } | |
756 | ||
757 | static ssize_t sel_write_create(struct file *file, char *buf, size_t size) | |
758 | { | |
759 | char *scon = NULL, *tcon = NULL; | |
760 | char *namebuf = NULL, *objname = NULL; | |
761 | u32 ssid, tsid, newsid; | |
762 | u16 tclass; | |
763 | ssize_t length; | |
764 | char *newcon = NULL; | |
765 | u32 len; | |
766 | int nargs; | |
767 | ||
768 | length = task_has_security(current, SECURITY__COMPUTE_CREATE); | |
769 | if (length) | |
770 | goto out; | |
771 | ||
772 | length = -ENOMEM; | |
773 | scon = kzalloc(size + 1, GFP_KERNEL); | |
774 | if (!scon) | |
775 | goto out; | |
776 | ||
777 | length = -ENOMEM; | |
778 | tcon = kzalloc(size + 1, GFP_KERNEL); | |
779 | if (!tcon) | |
780 | goto out; | |
781 | ||
782 | length = -ENOMEM; | |
783 | namebuf = kzalloc(size + 1, GFP_KERNEL); | |
784 | if (!namebuf) | |
785 | goto out; | |
786 | ||
787 | length = -EINVAL; | |
788 | nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf); | |
789 | if (nargs < 3 || nargs > 4) | |
790 | goto out; | |
791 | if (nargs == 4) { | |
792 | /* | |
793 | * If and when the name of new object to be queried contains | |
794 | * either whitespace or multibyte characters, they shall be | |
795 | * encoded based on the percentage-encoding rule. | |
796 | * If not encoded, the sscanf logic picks up only left-half | |
797 | * of the supplied name; splitted by a whitespace unexpectedly. | |
798 | */ | |
799 | char *r, *w; | |
800 | int c1, c2; | |
801 | ||
802 | r = w = namebuf; | |
803 | do { | |
804 | c1 = *r++; | |
805 | if (c1 == '+') | |
806 | c1 = ' '; | |
807 | else if (c1 == '%') { | |
808 | c1 = hex_to_bin(*r++); | |
809 | if (c1 < 0) | |
810 | goto out; | |
811 | c2 = hex_to_bin(*r++); | |
812 | if (c2 < 0) | |
813 | goto out; | |
814 | c1 = (c1 << 4) | c2; | |
815 | } | |
816 | *w++ = c1; | |
817 | } while (c1 != '\0'); | |
818 | ||
819 | objname = namebuf; | |
820 | } | |
821 | ||
822 | length = security_context_to_sid(scon, strlen(scon) + 1, &ssid, | |
823 | GFP_KERNEL); | |
824 | if (length) | |
825 | goto out; | |
826 | ||
827 | length = security_context_to_sid(tcon, strlen(tcon) + 1, &tsid, | |
828 | GFP_KERNEL); | |
829 | if (length) | |
830 | goto out; | |
831 | ||
832 | length = security_transition_sid_user(ssid, tsid, tclass, | |
833 | objname, &newsid); | |
834 | if (length) | |
835 | goto out; | |
836 | ||
837 | length = security_sid_to_context(newsid, &newcon, &len); | |
838 | if (length) | |
839 | goto out; | |
840 | ||
841 | length = -ERANGE; | |
842 | if (len > SIMPLE_TRANSACTION_LIMIT) { | |
843 | printk(KERN_ERR "SELinux: %s: context size (%u) exceeds " | |
844 | "payload max\n", __func__, len); | |
845 | goto out; | |
846 | } | |
847 | ||
848 | memcpy(buf, newcon, len); | |
849 | length = len; | |
850 | out: | |
851 | kfree(newcon); | |
852 | kfree(namebuf); | |
853 | kfree(tcon); | |
854 | kfree(scon); | |
855 | return length; | |
856 | } | |
857 | ||
858 | static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size) | |
859 | { | |
860 | char *scon = NULL, *tcon = NULL; | |
861 | u32 ssid, tsid, newsid; | |
862 | u16 tclass; | |
863 | ssize_t length; | |
864 | char *newcon = NULL; | |
865 | u32 len; | |
866 | ||
867 | length = task_has_security(current, SECURITY__COMPUTE_RELABEL); | |
868 | if (length) | |
869 | goto out; | |
870 | ||
871 | length = -ENOMEM; | |
872 | scon = kzalloc(size + 1, GFP_KERNEL); | |
873 | if (!scon) | |
874 | goto out; | |
875 | ||
876 | length = -ENOMEM; | |
877 | tcon = kzalloc(size + 1, GFP_KERNEL); | |
878 | if (!tcon) | |
879 | goto out; | |
880 | ||
881 | length = -EINVAL; | |
882 | if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) | |
883 | goto out; | |
884 | ||
885 | length = security_context_to_sid(scon, strlen(scon) + 1, &ssid, | |
886 | GFP_KERNEL); | |
887 | if (length) | |
888 | goto out; | |
889 | ||
890 | length = security_context_to_sid(tcon, strlen(tcon) + 1, &tsid, | |
891 | GFP_KERNEL); | |
892 | if (length) | |
893 | goto out; | |
894 | ||
895 | length = security_change_sid(ssid, tsid, tclass, &newsid); | |
896 | if (length) | |
897 | goto out; | |
898 | ||
899 | length = security_sid_to_context(newsid, &newcon, &len); | |
900 | if (length) | |
901 | goto out; | |
902 | ||
903 | length = -ERANGE; | |
904 | if (len > SIMPLE_TRANSACTION_LIMIT) | |
905 | goto out; | |
906 | ||
907 | memcpy(buf, newcon, len); | |
908 | length = len; | |
909 | out: | |
910 | kfree(newcon); | |
911 | kfree(tcon); | |
912 | kfree(scon); | |
913 | return length; | |
914 | } | |
915 | ||
916 | static ssize_t sel_write_user(struct file *file, char *buf, size_t size) | |
917 | { | |
918 | char *con = NULL, *user = NULL, *ptr; | |
919 | u32 sid, *sids = NULL; | |
920 | ssize_t length; | |
921 | char *newcon; | |
922 | int i, rc; | |
923 | u32 len, nsids; | |
924 | ||
925 | length = task_has_security(current, SECURITY__COMPUTE_USER); | |
926 | if (length) | |
927 | goto out; | |
928 | ||
929 | length = -ENOMEM; | |
930 | con = kzalloc(size + 1, GFP_KERNEL); | |
931 | if (!con) | |
932 | goto out; | |
933 | ||
934 | length = -ENOMEM; | |
935 | user = kzalloc(size + 1, GFP_KERNEL); | |
936 | if (!user) | |
937 | goto out; | |
938 | ||
939 | length = -EINVAL; | |
940 | if (sscanf(buf, "%s %s", con, user) != 2) | |
941 | goto out; | |
942 | ||
943 | length = security_context_to_sid(con, strlen(con) + 1, &sid, GFP_KERNEL); | |
944 | if (length) | |
945 | goto out; | |
946 | ||
947 | length = security_get_user_sids(sid, user, &sids, &nsids); | |
948 | if (length) | |
949 | goto out; | |
950 | ||
951 | length = sprintf(buf, "%u", nsids) + 1; | |
952 | ptr = buf + length; | |
953 | for (i = 0; i < nsids; i++) { | |
954 | rc = security_sid_to_context(sids[i], &newcon, &len); | |
955 | if (rc) { | |
956 | length = rc; | |
957 | goto out; | |
958 | } | |
959 | if ((length + len) >= SIMPLE_TRANSACTION_LIMIT) { | |
960 | kfree(newcon); | |
961 | length = -ERANGE; | |
962 | goto out; | |
963 | } | |
964 | memcpy(ptr, newcon, len); | |
965 | kfree(newcon); | |
966 | ptr += len; | |
967 | length += len; | |
968 | } | |
969 | out: | |
970 | kfree(sids); | |
971 | kfree(user); | |
972 | kfree(con); | |
973 | return length; | |
974 | } | |
975 | ||
976 | static ssize_t sel_write_member(struct file *file, char *buf, size_t size) | |
977 | { | |
978 | char *scon = NULL, *tcon = NULL; | |
979 | u32 ssid, tsid, newsid; | |
980 | u16 tclass; | |
981 | ssize_t length; | |
982 | char *newcon = NULL; | |
983 | u32 len; | |
984 | ||
985 | length = task_has_security(current, SECURITY__COMPUTE_MEMBER); | |
986 | if (length) | |
987 | goto out; | |
988 | ||
989 | length = -ENOMEM; | |
990 | scon = kzalloc(size + 1, GFP_KERNEL); | |
991 | if (!scon) | |
992 | goto out; | |
993 | ||
994 | length = -ENOMEM; | |
995 | tcon = kzalloc(size + 1, GFP_KERNEL); | |
996 | if (!tcon) | |
997 | goto out; | |
998 | ||
999 | length = -EINVAL; | |
1000 | if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) | |
1001 | goto out; | |
1002 | ||
1003 | length = security_context_to_sid(scon, strlen(scon) + 1, &ssid, | |
1004 | GFP_KERNEL); | |
1005 | if (length) | |
1006 | goto out; | |
1007 | ||
1008 | length = security_context_to_sid(tcon, strlen(tcon) + 1, &tsid, | |
1009 | GFP_KERNEL); | |
1010 | if (length) | |
1011 | goto out; | |
1012 | ||
1013 | length = security_member_sid(ssid, tsid, tclass, &newsid); | |
1014 | if (length) | |
1015 | goto out; | |
1016 | ||
1017 | length = security_sid_to_context(newsid, &newcon, &len); | |
1018 | if (length) | |
1019 | goto out; | |
1020 | ||
1021 | length = -ERANGE; | |
1022 | if (len > SIMPLE_TRANSACTION_LIMIT) { | |
1023 | printk(KERN_ERR "SELinux: %s: context size (%u) exceeds " | |
1024 | "payload max\n", __func__, len); | |
1025 | goto out; | |
1026 | } | |
1027 | ||
1028 | memcpy(buf, newcon, len); | |
1029 | length = len; | |
1030 | out: | |
1031 | kfree(newcon); | |
1032 | kfree(tcon); | |
1033 | kfree(scon); | |
1034 | return length; | |
1035 | } | |
1036 | ||
1037 | static struct inode *sel_make_inode(struct super_block *sb, int mode) | |
1038 | { | |
1039 | struct inode *ret = new_inode(sb); | |
1040 | ||
1041 | if (ret) { | |
1042 | ret->i_mode = mode; | |
1043 | ret->i_atime = ret->i_mtime = ret->i_ctime = CURRENT_TIME; | |
1044 | } | |
1045 | return ret; | |
1046 | } | |
1047 | ||
1048 | static ssize_t sel_read_bool(struct file *filep, char __user *buf, | |
1049 | size_t count, loff_t *ppos) | |
1050 | { | |
1051 | char *page = NULL; | |
1052 | ssize_t length; | |
1053 | ssize_t ret; | |
1054 | int cur_enforcing; | |
1055 | unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; | |
1056 | const char *name = filep->f_path.dentry->d_name.name; | |
1057 | ||
1058 | mutex_lock(&sel_mutex); | |
1059 | ||
1060 | ret = -EINVAL; | |
1061 | if (index >= bool_num || strcmp(name, bool_pending_names[index])) | |
1062 | goto out; | |
1063 | ||
1064 | ret = -ENOMEM; | |
1065 | page = (char *)get_zeroed_page(GFP_KERNEL); | |
1066 | if (!page) | |
1067 | goto out; | |
1068 | ||
1069 | cur_enforcing = security_get_bool_value(index); | |
1070 | if (cur_enforcing < 0) { | |
1071 | ret = cur_enforcing; | |
1072 | goto out; | |
1073 | } | |
1074 | length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing, | |
1075 | bool_pending_values[index]); | |
1076 | ret = simple_read_from_buffer(buf, count, ppos, page, length); | |
1077 | out: | |
1078 | mutex_unlock(&sel_mutex); | |
1079 | free_page((unsigned long)page); | |
1080 | return ret; | |
1081 | } | |
1082 | ||
1083 | static ssize_t sel_write_bool(struct file *filep, const char __user *buf, | |
1084 | size_t count, loff_t *ppos) | |
1085 | { | |
1086 | char *page = NULL; | |
1087 | ssize_t length; | |
1088 | int new_value; | |
1089 | unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; | |
1090 | const char *name = filep->f_path.dentry->d_name.name; | |
1091 | ||
1092 | mutex_lock(&sel_mutex); | |
1093 | ||
1094 | length = task_has_security(current, SECURITY__SETBOOL); | |
1095 | if (length) | |
1096 | goto out; | |
1097 | ||
1098 | length = -EINVAL; | |
1099 | if (index >= bool_num || strcmp(name, bool_pending_names[index])) | |
1100 | goto out; | |
1101 | ||
1102 | length = -ENOMEM; | |
1103 | if (count >= PAGE_SIZE) | |
1104 | goto out; | |
1105 | ||
1106 | /* No partial writes. */ | |
1107 | length = -EINVAL; | |
1108 | if (*ppos != 0) | |
1109 | goto out; | |
1110 | ||
1111 | length = -ENOMEM; | |
1112 | page = (char *)get_zeroed_page(GFP_KERNEL); | |
1113 | if (!page) | |
1114 | goto out; | |
1115 | ||
1116 | length = -EFAULT; | |
1117 | if (copy_from_user(page, buf, count)) | |
1118 | goto out; | |
1119 | ||
1120 | length = -EINVAL; | |
1121 | if (sscanf(page, "%d", &new_value) != 1) | |
1122 | goto out; | |
1123 | ||
1124 | if (new_value) | |
1125 | new_value = 1; | |
1126 | ||
1127 | bool_pending_values[index] = new_value; | |
1128 | length = count; | |
1129 | ||
1130 | out: | |
1131 | mutex_unlock(&sel_mutex); | |
1132 | free_page((unsigned long) page); | |
1133 | return length; | |
1134 | } | |
1135 | ||
1136 | static const struct file_operations sel_bool_ops = { | |
1137 | .read = sel_read_bool, | |
1138 | .write = sel_write_bool, | |
1139 | .llseek = generic_file_llseek, | |
1140 | }; | |
1141 | ||
1142 | static ssize_t sel_commit_bools_write(struct file *filep, | |
1143 | const char __user *buf, | |
1144 | size_t count, loff_t *ppos) | |
1145 | { | |
1146 | char *page = NULL; | |
1147 | ssize_t length; | |
1148 | int new_value; | |
1149 | ||
1150 | mutex_lock(&sel_mutex); | |
1151 | ||
1152 | length = task_has_security(current, SECURITY__SETBOOL); | |
1153 | if (length) | |
1154 | goto out; | |
1155 | ||
1156 | length = -ENOMEM; | |
1157 | if (count >= PAGE_SIZE) | |
1158 | goto out; | |
1159 | ||
1160 | /* No partial writes. */ | |
1161 | length = -EINVAL; | |
1162 | if (*ppos != 0) | |
1163 | goto out; | |
1164 | ||
1165 | length = -ENOMEM; | |
1166 | page = (char *)get_zeroed_page(GFP_KERNEL); | |
1167 | if (!page) | |
1168 | goto out; | |
1169 | ||
1170 | length = -EFAULT; | |
1171 | if (copy_from_user(page, buf, count)) | |
1172 | goto out; | |
1173 | ||
1174 | length = -EINVAL; | |
1175 | if (sscanf(page, "%d", &new_value) != 1) | |
1176 | goto out; | |
1177 | ||
1178 | length = 0; | |
1179 | if (new_value && bool_pending_values) | |
1180 | length = security_set_bools(bool_num, bool_pending_values); | |
1181 | ||
1182 | if (!length) | |
1183 | length = count; | |
1184 | ||
1185 | out: | |
1186 | mutex_unlock(&sel_mutex); | |
1187 | free_page((unsigned long) page); | |
1188 | return length; | |
1189 | } | |
1190 | ||
1191 | static const struct file_operations sel_commit_bools_ops = { | |
1192 | .write = sel_commit_bools_write, | |
1193 | .llseek = generic_file_llseek, | |
1194 | }; | |
1195 | ||
1196 | static void sel_remove_entries(struct dentry *de) | |
1197 | { | |
1198 | d_genocide(de); | |
1199 | shrink_dcache_parent(de); | |
1200 | } | |
1201 | ||
1202 | #define BOOL_DIR_NAME "booleans" | |
1203 | ||
1204 | static int sel_make_bools(void) | |
1205 | { | |
1206 | int i, ret; | |
1207 | ssize_t len; | |
1208 | struct dentry *dentry = NULL; | |
1209 | struct dentry *dir = bool_dir; | |
1210 | struct inode *inode = NULL; | |
1211 | struct inode_security_struct *isec; | |
1212 | char **names = NULL, *page; | |
1213 | int num; | |
1214 | int *values = NULL; | |
1215 | u32 sid; | |
1216 | ||
1217 | /* remove any existing files */ | |
1218 | for (i = 0; i < bool_num; i++) | |
1219 | kfree(bool_pending_names[i]); | |
1220 | kfree(bool_pending_names); | |
1221 | kfree(bool_pending_values); | |
1222 | bool_num = 0; | |
1223 | bool_pending_names = NULL; | |
1224 | bool_pending_values = NULL; | |
1225 | ||
1226 | sel_remove_entries(dir); | |
1227 | ||
1228 | ret = -ENOMEM; | |
1229 | page = (char *)get_zeroed_page(GFP_KERNEL); | |
1230 | if (!page) | |
1231 | goto out; | |
1232 | ||
1233 | ret = security_get_bools(&num, &names, &values); | |
1234 | if (ret) | |
1235 | goto out; | |
1236 | ||
1237 | for (i = 0; i < num; i++) { | |
1238 | ret = -ENOMEM; | |
1239 | dentry = d_alloc_name(dir, names[i]); | |
1240 | if (!dentry) | |
1241 | goto out; | |
1242 | ||
1243 | ret = -ENOMEM; | |
1244 | inode = sel_make_inode(dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR); | |
1245 | if (!inode) | |
1246 | goto out; | |
1247 | ||
1248 | ret = -ENAMETOOLONG; | |
1249 | len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]); | |
1250 | if (len >= PAGE_SIZE) | |
1251 | goto out; | |
1252 | ||
1253 | isec = (struct inode_security_struct *)inode->i_security; | |
1254 | ret = security_genfs_sid("selinuxfs", page, SECCLASS_FILE, &sid); | |
1255 | if (ret) | |
1256 | goto out; | |
1257 | ||
1258 | isec->sid = sid; | |
1259 | isec->initialized = 1; | |
1260 | inode->i_fop = &sel_bool_ops; | |
1261 | inode->i_ino = i|SEL_BOOL_INO_OFFSET; | |
1262 | d_add(dentry, inode); | |
1263 | } | |
1264 | bool_num = num; | |
1265 | bool_pending_names = names; | |
1266 | bool_pending_values = values; | |
1267 | ||
1268 | free_page((unsigned long)page); | |
1269 | return 0; | |
1270 | out: | |
1271 | free_page((unsigned long)page); | |
1272 | ||
1273 | if (names) { | |
1274 | for (i = 0; i < num; i++) | |
1275 | kfree(names[i]); | |
1276 | kfree(names); | |
1277 | } | |
1278 | kfree(values); | |
1279 | sel_remove_entries(dir); | |
1280 | ||
1281 | return ret; | |
1282 | } | |
1283 | ||
1284 | #define NULL_FILE_NAME "null" | |
1285 | ||
1286 | struct path selinux_null; | |
1287 | ||
1288 | static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf, | |
1289 | size_t count, loff_t *ppos) | |
1290 | { | |
1291 | char tmpbuf[TMPBUFLEN]; | |
1292 | ssize_t length; | |
1293 | ||
1294 | length = scnprintf(tmpbuf, TMPBUFLEN, "%u", avc_cache_threshold); | |
1295 | return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); | |
1296 | } | |
1297 | ||
1298 | static ssize_t sel_write_avc_cache_threshold(struct file *file, | |
1299 | const char __user *buf, | |
1300 | size_t count, loff_t *ppos) | |
1301 | ||
1302 | { | |
1303 | char *page = NULL; | |
1304 | ssize_t ret; | |
1305 | int new_value; | |
1306 | ||
1307 | ret = task_has_security(current, SECURITY__SETSECPARAM); | |
1308 | if (ret) | |
1309 | goto out; | |
1310 | ||
1311 | ret = -ENOMEM; | |
1312 | if (count >= PAGE_SIZE) | |
1313 | goto out; | |
1314 | ||
1315 | /* No partial writes. */ | |
1316 | ret = -EINVAL; | |
1317 | if (*ppos != 0) | |
1318 | goto out; | |
1319 | ||
1320 | ret = -ENOMEM; | |
1321 | page = (char *)get_zeroed_page(GFP_KERNEL); | |
1322 | if (!page) | |
1323 | goto out; | |
1324 | ||
1325 | ret = -EFAULT; | |
1326 | if (copy_from_user(page, buf, count)) | |
1327 | goto out; | |
1328 | ||
1329 | ret = -EINVAL; | |
1330 | if (sscanf(page, "%u", &new_value) != 1) | |
1331 | goto out; | |
1332 | ||
1333 | avc_cache_threshold = new_value; | |
1334 | ||
1335 | ret = count; | |
1336 | out: | |
1337 | free_page((unsigned long)page); | |
1338 | return ret; | |
1339 | } | |
1340 | ||
1341 | static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf, | |
1342 | size_t count, loff_t *ppos) | |
1343 | { | |
1344 | char *page; | |
1345 | ssize_t length; | |
1346 | ||
1347 | page = (char *)__get_free_page(GFP_KERNEL); | |
1348 | if (!page) | |
1349 | return -ENOMEM; | |
1350 | ||
1351 | length = avc_get_hash_stats(page); | |
1352 | if (length >= 0) | |
1353 | length = simple_read_from_buffer(buf, count, ppos, page, length); | |
1354 | free_page((unsigned long)page); | |
1355 | ||
1356 | return length; | |
1357 | } | |
1358 | ||
1359 | static const struct file_operations sel_avc_cache_threshold_ops = { | |
1360 | .read = sel_read_avc_cache_threshold, | |
1361 | .write = sel_write_avc_cache_threshold, | |
1362 | .llseek = generic_file_llseek, | |
1363 | }; | |
1364 | ||
1365 | static const struct file_operations sel_avc_hash_stats_ops = { | |
1366 | .read = sel_read_avc_hash_stats, | |
1367 | .llseek = generic_file_llseek, | |
1368 | }; | |
1369 | ||
1370 | #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS | |
1371 | static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx) | |
1372 | { | |
1373 | int cpu; | |
1374 | ||
1375 | for (cpu = *idx; cpu < nr_cpu_ids; ++cpu) { | |
1376 | if (!cpu_possible(cpu)) | |
1377 | continue; | |
1378 | *idx = cpu + 1; | |
1379 | return &per_cpu(avc_cache_stats, cpu); | |
1380 | } | |
1381 | return NULL; | |
1382 | } | |
1383 | ||
1384 | static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos) | |
1385 | { | |
1386 | loff_t n = *pos - 1; | |
1387 | ||
1388 | if (*pos == 0) | |
1389 | return SEQ_START_TOKEN; | |
1390 | ||
1391 | return sel_avc_get_stat_idx(&n); | |
1392 | } | |
1393 | ||
1394 | static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos) | |
1395 | { | |
1396 | return sel_avc_get_stat_idx(pos); | |
1397 | } | |
1398 | ||
1399 | static int sel_avc_stats_seq_show(struct seq_file *seq, void *v) | |
1400 | { | |
1401 | struct avc_cache_stats *st = v; | |
1402 | ||
1403 | if (v == SEQ_START_TOKEN) | |
1404 | seq_printf(seq, "lookups hits misses allocations reclaims " | |
1405 | "frees\n"); | |
1406 | else { | |
1407 | unsigned int lookups = st->lookups; | |
1408 | unsigned int misses = st->misses; | |
1409 | unsigned int hits = lookups - misses; | |
1410 | seq_printf(seq, "%u %u %u %u %u %u\n", lookups, | |
1411 | hits, misses, st->allocations, | |
1412 | st->reclaims, st->frees); | |
1413 | } | |
1414 | return 0; | |
1415 | } | |
1416 | ||
1417 | static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v) | |
1418 | { } | |
1419 | ||
1420 | static const struct seq_operations sel_avc_cache_stats_seq_ops = { | |
1421 | .start = sel_avc_stats_seq_start, | |
1422 | .next = sel_avc_stats_seq_next, | |
1423 | .show = sel_avc_stats_seq_show, | |
1424 | .stop = sel_avc_stats_seq_stop, | |
1425 | }; | |
1426 | ||
1427 | static int sel_open_avc_cache_stats(struct inode *inode, struct file *file) | |
1428 | { | |
1429 | return seq_open(file, &sel_avc_cache_stats_seq_ops); | |
1430 | } | |
1431 | ||
1432 | static const struct file_operations sel_avc_cache_stats_ops = { | |
1433 | .open = sel_open_avc_cache_stats, | |
1434 | .read = seq_read, | |
1435 | .llseek = seq_lseek, | |
1436 | .release = seq_release, | |
1437 | }; | |
1438 | #endif | |
1439 | ||
1440 | static int sel_make_avc_files(struct dentry *dir) | |
1441 | { | |
1442 | int i; | |
1443 | static struct tree_descr files[] = { | |
1444 | { "cache_threshold", | |
1445 | &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR }, | |
1446 | { "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO }, | |
1447 | #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS | |
1448 | { "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO }, | |
1449 | #endif | |
1450 | }; | |
1451 | ||
1452 | for (i = 0; i < ARRAY_SIZE(files); i++) { | |
1453 | struct inode *inode; | |
1454 | struct dentry *dentry; | |
1455 | ||
1456 | dentry = d_alloc_name(dir, files[i].name); | |
1457 | if (!dentry) | |
1458 | return -ENOMEM; | |
1459 | ||
1460 | inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode); | |
1461 | if (!inode) | |
1462 | return -ENOMEM; | |
1463 | ||
1464 | inode->i_fop = files[i].ops; | |
1465 | inode->i_ino = ++sel_last_ino; | |
1466 | d_add(dentry, inode); | |
1467 | } | |
1468 | ||
1469 | return 0; | |
1470 | } | |
1471 | ||
1472 | static ssize_t sel_read_initcon(struct file *file, char __user *buf, | |
1473 | size_t count, loff_t *ppos) | |
1474 | { | |
1475 | char *con; | |
1476 | u32 sid, len; | |
1477 | ssize_t ret; | |
1478 | ||
1479 | sid = file_inode(file)->i_ino&SEL_INO_MASK; | |
1480 | ret = security_sid_to_context(sid, &con, &len); | |
1481 | if (ret) | |
1482 | return ret; | |
1483 | ||
1484 | ret = simple_read_from_buffer(buf, count, ppos, con, len); | |
1485 | kfree(con); | |
1486 | return ret; | |
1487 | } | |
1488 | ||
1489 | static const struct file_operations sel_initcon_ops = { | |
1490 | .read = sel_read_initcon, | |
1491 | .llseek = generic_file_llseek, | |
1492 | }; | |
1493 | ||
1494 | static int sel_make_initcon_files(struct dentry *dir) | |
1495 | { | |
1496 | int i; | |
1497 | ||
1498 | for (i = 1; i <= SECINITSID_NUM; i++) { | |
1499 | struct inode *inode; | |
1500 | struct dentry *dentry; | |
1501 | dentry = d_alloc_name(dir, security_get_initial_sid_context(i)); | |
1502 | if (!dentry) | |
1503 | return -ENOMEM; | |
1504 | ||
1505 | inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); | |
1506 | if (!inode) | |
1507 | return -ENOMEM; | |
1508 | ||
1509 | inode->i_fop = &sel_initcon_ops; | |
1510 | inode->i_ino = i|SEL_INITCON_INO_OFFSET; | |
1511 | d_add(dentry, inode); | |
1512 | } | |
1513 | ||
1514 | return 0; | |
1515 | } | |
1516 | ||
1517 | static inline unsigned long sel_class_to_ino(u16 class) | |
1518 | { | |
1519 | return (class * (SEL_VEC_MAX + 1)) | SEL_CLASS_INO_OFFSET; | |
1520 | } | |
1521 | ||
1522 | static inline u16 sel_ino_to_class(unsigned long ino) | |
1523 | { | |
1524 | return (ino & SEL_INO_MASK) / (SEL_VEC_MAX + 1); | |
1525 | } | |
1526 | ||
1527 | static inline unsigned long sel_perm_to_ino(u16 class, u32 perm) | |
1528 | { | |
1529 | return (class * (SEL_VEC_MAX + 1) + perm) | SEL_CLASS_INO_OFFSET; | |
1530 | } | |
1531 | ||
1532 | static inline u32 sel_ino_to_perm(unsigned long ino) | |
1533 | { | |
1534 | return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1); | |
1535 | } | |
1536 | ||
1537 | static ssize_t sel_read_class(struct file *file, char __user *buf, | |
1538 | size_t count, loff_t *ppos) | |
1539 | { | |
1540 | unsigned long ino = file_inode(file)->i_ino; | |
1541 | char res[TMPBUFLEN]; | |
1542 | ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_class(ino)); | |
1543 | return simple_read_from_buffer(buf, count, ppos, res, len); | |
1544 | } | |
1545 | ||
1546 | static const struct file_operations sel_class_ops = { | |
1547 | .read = sel_read_class, | |
1548 | .llseek = generic_file_llseek, | |
1549 | }; | |
1550 | ||
1551 | static ssize_t sel_read_perm(struct file *file, char __user *buf, | |
1552 | size_t count, loff_t *ppos) | |
1553 | { | |
1554 | unsigned long ino = file_inode(file)->i_ino; | |
1555 | char res[TMPBUFLEN]; | |
1556 | ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino)); | |
1557 | return simple_read_from_buffer(buf, count, ppos, res, len); | |
1558 | } | |
1559 | ||
1560 | static const struct file_operations sel_perm_ops = { | |
1561 | .read = sel_read_perm, | |
1562 | .llseek = generic_file_llseek, | |
1563 | }; | |
1564 | ||
1565 | static ssize_t sel_read_policycap(struct file *file, char __user *buf, | |
1566 | size_t count, loff_t *ppos) | |
1567 | { | |
1568 | int value; | |
1569 | char tmpbuf[TMPBUFLEN]; | |
1570 | ssize_t length; | |
1571 | unsigned long i_ino = file_inode(file)->i_ino; | |
1572 | ||
1573 | value = security_policycap_supported(i_ino & SEL_INO_MASK); | |
1574 | length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value); | |
1575 | ||
1576 | return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); | |
1577 | } | |
1578 | ||
1579 | static const struct file_operations sel_policycap_ops = { | |
1580 | .read = sel_read_policycap, | |
1581 | .llseek = generic_file_llseek, | |
1582 | }; | |
1583 | ||
1584 | static int sel_make_perm_files(char *objclass, int classvalue, | |
1585 | struct dentry *dir) | |
1586 | { | |
1587 | int i, rc, nperms; | |
1588 | char **perms; | |
1589 | ||
1590 | rc = security_get_permissions(objclass, &perms, &nperms); | |
1591 | if (rc) | |
1592 | return rc; | |
1593 | ||
1594 | for (i = 0; i < nperms; i++) { | |
1595 | struct inode *inode; | |
1596 | struct dentry *dentry; | |
1597 | ||
1598 | rc = -ENOMEM; | |
1599 | dentry = d_alloc_name(dir, perms[i]); | |
1600 | if (!dentry) | |
1601 | goto out; | |
1602 | ||
1603 | rc = -ENOMEM; | |
1604 | inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); | |
1605 | if (!inode) | |
1606 | goto out; | |
1607 | ||
1608 | inode->i_fop = &sel_perm_ops; | |
1609 | /* i+1 since perm values are 1-indexed */ | |
1610 | inode->i_ino = sel_perm_to_ino(classvalue, i + 1); | |
1611 | d_add(dentry, inode); | |
1612 | } | |
1613 | rc = 0; | |
1614 | out: | |
1615 | for (i = 0; i < nperms; i++) | |
1616 | kfree(perms[i]); | |
1617 | kfree(perms); | |
1618 | return rc; | |
1619 | } | |
1620 | ||
1621 | static int sel_make_class_dir_entries(char *classname, int index, | |
1622 | struct dentry *dir) | |
1623 | { | |
1624 | struct dentry *dentry = NULL; | |
1625 | struct inode *inode = NULL; | |
1626 | int rc; | |
1627 | ||
1628 | dentry = d_alloc_name(dir, "index"); | |
1629 | if (!dentry) | |
1630 | return -ENOMEM; | |
1631 | ||
1632 | inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); | |
1633 | if (!inode) | |
1634 | return -ENOMEM; | |
1635 | ||
1636 | inode->i_fop = &sel_class_ops; | |
1637 | inode->i_ino = sel_class_to_ino(index); | |
1638 | d_add(dentry, inode); | |
1639 | ||
1640 | dentry = sel_make_dir(dir, "perms", &last_class_ino); | |
1641 | if (IS_ERR(dentry)) | |
1642 | return PTR_ERR(dentry); | |
1643 | ||
1644 | rc = sel_make_perm_files(classname, index, dentry); | |
1645 | ||
1646 | return rc; | |
1647 | } | |
1648 | ||
1649 | static int sel_make_classes(void) | |
1650 | { | |
1651 | int rc, nclasses, i; | |
1652 | char **classes; | |
1653 | ||
1654 | /* delete any existing entries */ | |
1655 | sel_remove_entries(class_dir); | |
1656 | ||
1657 | rc = security_get_classes(&classes, &nclasses); | |
1658 | if (rc) | |
1659 | return rc; | |
1660 | ||
1661 | /* +2 since classes are 1-indexed */ | |
1662 | last_class_ino = sel_class_to_ino(nclasses + 2); | |
1663 | ||
1664 | for (i = 0; i < nclasses; i++) { | |
1665 | struct dentry *class_name_dir; | |
1666 | ||
1667 | class_name_dir = sel_make_dir(class_dir, classes[i], | |
1668 | &last_class_ino); | |
1669 | if (IS_ERR(class_name_dir)) { | |
1670 | rc = PTR_ERR(class_name_dir); | |
1671 | goto out; | |
1672 | } | |
1673 | ||
1674 | /* i+1 since class values are 1-indexed */ | |
1675 | rc = sel_make_class_dir_entries(classes[i], i + 1, | |
1676 | class_name_dir); | |
1677 | if (rc) | |
1678 | goto out; | |
1679 | } | |
1680 | rc = 0; | |
1681 | out: | |
1682 | for (i = 0; i < nclasses; i++) | |
1683 | kfree(classes[i]); | |
1684 | kfree(classes); | |
1685 | return rc; | |
1686 | } | |
1687 | ||
1688 | static int sel_make_policycap(void) | |
1689 | { | |
1690 | unsigned int iter; | |
1691 | struct dentry *dentry = NULL; | |
1692 | struct inode *inode = NULL; | |
1693 | ||
1694 | sel_remove_entries(policycap_dir); | |
1695 | ||
1696 | for (iter = 0; iter <= POLICYDB_CAPABILITY_MAX; iter++) { | |
1697 | if (iter < ARRAY_SIZE(policycap_names)) | |
1698 | dentry = d_alloc_name(policycap_dir, | |
1699 | policycap_names[iter]); | |
1700 | else | |
1701 | dentry = d_alloc_name(policycap_dir, "unknown"); | |
1702 | ||
1703 | if (dentry == NULL) | |
1704 | return -ENOMEM; | |
1705 | ||
1706 | inode = sel_make_inode(policycap_dir->d_sb, S_IFREG | S_IRUGO); | |
1707 | if (inode == NULL) | |
1708 | return -ENOMEM; | |
1709 | ||
1710 | inode->i_fop = &sel_policycap_ops; | |
1711 | inode->i_ino = iter | SEL_POLICYCAP_INO_OFFSET; | |
1712 | d_add(dentry, inode); | |
1713 | } | |
1714 | ||
1715 | return 0; | |
1716 | } | |
1717 | ||
1718 | static struct dentry *sel_make_dir(struct dentry *dir, const char *name, | |
1719 | unsigned long *ino) | |
1720 | { | |
1721 | struct dentry *dentry = d_alloc_name(dir, name); | |
1722 | struct inode *inode; | |
1723 | ||
1724 | if (!dentry) | |
1725 | return ERR_PTR(-ENOMEM); | |
1726 | ||
1727 | inode = sel_make_inode(dir->d_sb, S_IFDIR | S_IRUGO | S_IXUGO); | |
1728 | if (!inode) { | |
1729 | dput(dentry); | |
1730 | return ERR_PTR(-ENOMEM); | |
1731 | } | |
1732 | ||
1733 | inode->i_op = &simple_dir_inode_operations; | |
1734 | inode->i_fop = &simple_dir_operations; | |
1735 | inode->i_ino = ++(*ino); | |
1736 | /* directory inodes start off with i_nlink == 2 (for "." entry) */ | |
1737 | inc_nlink(inode); | |
1738 | d_add(dentry, inode); | |
1739 | /* bump link count on parent directory, too */ | |
1740 | inc_nlink(d_inode(dir)); | |
1741 | ||
1742 | return dentry; | |
1743 | } | |
1744 | ||
1745 | static int sel_fill_super(struct super_block *sb, void *data, int silent) | |
1746 | { | |
1747 | int ret; | |
1748 | struct dentry *dentry; | |
1749 | struct inode *inode; | |
1750 | struct inode_security_struct *isec; | |
1751 | ||
1752 | static struct tree_descr selinux_files[] = { | |
1753 | [SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR}, | |
1754 | [SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR}, | |
1755 | [SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO}, | |
1756 | [SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO}, | |
1757 | [SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO}, | |
1758 | [SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO}, | |
1759 | [SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO}, | |
1760 | [SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO}, | |
1761 | [SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR}, | |
1762 | [SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO}, | |
1763 | [SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR}, | |
1764 | [SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO}, | |
1765 | [SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR}, | |
1766 | [SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO}, | |
1767 | [SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO}, | |
1768 | [SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO}, | |
1769 | [SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO}, | |
1770 | /* last one */ {""} | |
1771 | }; | |
1772 | ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files); | |
1773 | if (ret) | |
1774 | goto err; | |
1775 | ||
1776 | bool_dir = sel_make_dir(sb->s_root, BOOL_DIR_NAME, &sel_last_ino); | |
1777 | if (IS_ERR(bool_dir)) { | |
1778 | ret = PTR_ERR(bool_dir); | |
1779 | bool_dir = NULL; | |
1780 | goto err; | |
1781 | } | |
1782 | ||
1783 | ret = -ENOMEM; | |
1784 | dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME); | |
1785 | if (!dentry) | |
1786 | goto err; | |
1787 | ||
1788 | ret = -ENOMEM; | |
1789 | inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO); | |
1790 | if (!inode) | |
1791 | goto err; | |
1792 | ||
1793 | inode->i_ino = ++sel_last_ino; | |
1794 | isec = (struct inode_security_struct *)inode->i_security; | |
1795 | isec->sid = SECINITSID_DEVNULL; | |
1796 | isec->sclass = SECCLASS_CHR_FILE; | |
1797 | isec->initialized = 1; | |
1798 | ||
1799 | init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3)); | |
1800 | d_add(dentry, inode); | |
1801 | selinux_null.dentry = dentry; | |
1802 | ||
1803 | dentry = sel_make_dir(sb->s_root, "avc", &sel_last_ino); | |
1804 | if (IS_ERR(dentry)) { | |
1805 | ret = PTR_ERR(dentry); | |
1806 | goto err; | |
1807 | } | |
1808 | ||
1809 | ret = sel_make_avc_files(dentry); | |
1810 | if (ret) | |
1811 | goto err; | |
1812 | ||
1813 | dentry = sel_make_dir(sb->s_root, "initial_contexts", &sel_last_ino); | |
1814 | if (IS_ERR(dentry)) { | |
1815 | ret = PTR_ERR(dentry); | |
1816 | goto err; | |
1817 | } | |
1818 | ||
1819 | ret = sel_make_initcon_files(dentry); | |
1820 | if (ret) | |
1821 | goto err; | |
1822 | ||
1823 | class_dir = sel_make_dir(sb->s_root, "class", &sel_last_ino); | |
1824 | if (IS_ERR(class_dir)) { | |
1825 | ret = PTR_ERR(class_dir); | |
1826 | class_dir = NULL; | |
1827 | goto err; | |
1828 | } | |
1829 | ||
1830 | policycap_dir = sel_make_dir(sb->s_root, "policy_capabilities", &sel_last_ino); | |
1831 | if (IS_ERR(policycap_dir)) { | |
1832 | ret = PTR_ERR(policycap_dir); | |
1833 | policycap_dir = NULL; | |
1834 | goto err; | |
1835 | } | |
1836 | return 0; | |
1837 | err: | |
1838 | printk(KERN_ERR "SELinux: %s: failed while creating inodes\n", | |
1839 | __func__); | |
1840 | return ret; | |
1841 | } | |
1842 | ||
1843 | static struct dentry *sel_mount(struct file_system_type *fs_type, | |
1844 | int flags, const char *dev_name, void *data) | |
1845 | { | |
1846 | return mount_single(fs_type, flags, data, sel_fill_super); | |
1847 | } | |
1848 | ||
1849 | static struct file_system_type sel_fs_type = { | |
1850 | .name = "selinuxfs", | |
1851 | .mount = sel_mount, | |
1852 | .kill_sb = kill_litter_super, | |
1853 | }; | |
1854 | ||
1855 | struct vfsmount *selinuxfs_mount; | |
1856 | ||
1857 | static int __init init_sel_fs(void) | |
1858 | { | |
1859 | int err; | |
1860 | ||
1861 | if (!selinux_enabled) | |
1862 | return 0; | |
1863 | ||
1864 | err = sysfs_create_mount_point(fs_kobj, "selinux"); | |
1865 | if (err) | |
1866 | return err; | |
1867 | ||
1868 | err = register_filesystem(&sel_fs_type); | |
1869 | if (err) { | |
1870 | sysfs_remove_mount_point(fs_kobj, "selinux"); | |
1871 | return err; | |
1872 | } | |
1873 | ||
1874 | selinux_null.mnt = selinuxfs_mount = kern_mount(&sel_fs_type); | |
1875 | if (IS_ERR(selinuxfs_mount)) { | |
1876 | printk(KERN_ERR "selinuxfs: could not mount!\n"); | |
1877 | err = PTR_ERR(selinuxfs_mount); | |
1878 | selinuxfs_mount = NULL; | |
1879 | } | |
1880 | ||
1881 | return err; | |
1882 | } | |
1883 | ||
1884 | __initcall(init_sel_fs); | |
1885 | ||
1886 | #ifdef CONFIG_SECURITY_SELINUX_DISABLE | |
1887 | void exit_sel_fs(void) | |
1888 | { | |
1889 | sysfs_remove_mount_point(fs_kobj, "selinux"); | |
1890 | kern_unmount(selinuxfs_mount); | |
1891 | unregister_filesystem(&sel_fs_type); | |
1892 | } | |
1893 | #endif |