]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - security/selinux/selinuxfs.c
projects / mirror_ubuntu-artful-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
KEYS: fix writing past end of user-supplied buffer in keyring_read()
[mirror_ubuntu-artful-kernel.git] / security / selinux / selinuxfs.c
1 /* Updated: Karl MacMillan <kmacmillan@tresys.com>
2 *
3 * Added conditional policy language extensions
4 *
5 * Updated: Hewlett-Packard <paul@paul-moore.com>
6 *
7 * Added support for the policy capability bitmap
8 *
9 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
10 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
11 * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation, version 2.
15 */
16
17 #include <linux/kernel.h>
18 #include <linux/pagemap.h>
19 #include <linux/slab.h>
20 #include <linux/vmalloc.h>
21 #include <linux/fs.h>
22 #include <linux/mutex.h>
23 #include <linux/init.h>
24 #include <linux/string.h>
25 #include <linux/security.h>
26 #include <linux/major.h>
27 #include <linux/seq_file.h>
28 #include <linux/percpu.h>
29 #include <linux/audit.h>
30 #include <linux/uaccess.h>
31 #include <linux/kobject.h>
32 #include <linux/ctype.h>
33 #include <linux/lsm_hooks.h>
34
35 /* selinuxfs pseudo filesystem for exporting the security policy API.
36 Based on the proc code and the fs/nfsd/nfsctl.c code. */
37
38 #include "flask.h"
39 #include "avc.h"
40 #include "avc_ss.h"
41 #include "security.h"
42 #include "objsec.h"
43 #include "conditional.h"
44
45 unsigned int selinux_checkreqprot = CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE;
46
47 static int __init checkreqprot_setup(char *str)
48 {
49 unsigned long checkreqprot;
50 if (!kstrtoul(str, 0, &checkreqprot))
51 selinux_checkreqprot = checkreqprot ? 1 : 0;
52 return 1;
53 }
54 __setup("checkreqprot=", checkreqprot_setup);
55
56 static DEFINE_MUTEX(sel_mutex);
57
58 /* global data for booleans */
59 static struct dentry *bool_dir;
60 static int bool_num;
61 static char **bool_pending_names;
62 static int *bool_pending_values;
63
64 /* global data for classes */
65 static struct dentry *class_dir;
66 static unsigned long last_class_ino;
67
68 static char policy_opened;
69
70 /* global data for policy capabilities */
71 static struct dentry *policycap_dir;
72
73 enum sel_inos {
74 SEL_ROOT_INO = 2,
75 SEL_LOAD, /* load policy */
76 SEL_ENFORCE, /* get or set enforcing status */
77 SEL_CONTEXT, /* validate context */
78 SEL_ACCESS, /* compute access decision */
79 SEL_CREATE, /* compute create labeling decision */
80 SEL_RELABEL, /* compute relabeling decision */
81 SEL_USER, /* compute reachable user contexts */
82 SEL_POLICYVERS, /* return policy version for this kernel */
83 SEL_COMMIT_BOOLS, /* commit new boolean values */
84 SEL_MLS, /* return if MLS policy is enabled */
85 SEL_DISABLE, /* disable SELinux until next reboot */
86 SEL_MEMBER, /* compute polyinstantiation membership decision */
87 SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */
88 SEL_COMPAT_NET, /* whether to use old compat network packet controls */
89 SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */
90 SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */
91 SEL_STATUS, /* export current status using mmap() */
92 SEL_POLICY, /* allow userspace to read the in kernel policy */
93 SEL_VALIDATE_TRANS, /* compute validatetrans decision */
94 SEL_INO_NEXT, /* The next inode number to use */
95 };
96
97 static unsigned long sel_last_ino = SEL_INO_NEXT - 1;
98
99 #define SEL_INITCON_INO_OFFSET 0x01000000
100 #define SEL_BOOL_INO_OFFSET 0x02000000
101 #define SEL_CLASS_INO_OFFSET 0x04000000
102 #define SEL_POLICYCAP_INO_OFFSET 0x08000000
103 #define SEL_INO_MASK 0x00ffffff
104
105 #define TMPBUFLEN 12
106 static ssize_t sel_read_enforce(struct file *filp, char __user *buf,
107 size_t count, loff_t *ppos)
108 {
109 char tmpbuf[TMPBUFLEN];
110 ssize_t length;
111
112 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", selinux_enforcing);
113 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
114 }
115
116 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
117 static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
118 size_t count, loff_t *ppos)
119
120 {
121 char *page = NULL;
122 ssize_t length;
123 int new_value;
124
125 if (count >= PAGE_SIZE)
126 return -ENOMEM;
127
128 /* No partial writes. */
129 if (*ppos != 0)
130 return -EINVAL;
131
132 page = memdup_user_nul(buf, count);
133 if (IS_ERR(page))
134 return PTR_ERR(page);
135
136 length = -EINVAL;
137 if (sscanf(page, "%d", &new_value) != 1)
138 goto out;
139
140 new_value = !!new_value;
141
142 if (new_value != selinux_enforcing) {
143 length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
144 SECCLASS_SECURITY, SECURITY__SETENFORCE,
145 NULL);
146 if (length)
147 goto out;
148 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
149 "enforcing=%d old_enforcing=%d auid=%u ses=%u",
150 new_value, selinux_enforcing,
151 from_kuid(&init_user_ns, audit_get_loginuid(current)),
152 audit_get_sessionid(current));
153 selinux_enforcing = new_value;
154 if (selinux_enforcing)
155 avc_ss_reset(0);
156 selnl_notify_setenforce(selinux_enforcing);
157 selinux_status_update_setenforce(selinux_enforcing);
158 if (!selinux_enforcing)
159 call_lsm_notifier(LSM_POLICY_CHANGE, NULL);
160 }
161 length = count;
162 out:
163 kfree(page);
164 return length;
165 }
166 #else
167 #define sel_write_enforce NULL
168 #endif
169
170 static const struct file_operations sel_enforce_ops = {
171 .read = sel_read_enforce,
172 .write = sel_write_enforce,
173 .llseek = generic_file_llseek,
174 };
175
176 static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf,
177 size_t count, loff_t *ppos)
178 {
179 char tmpbuf[TMPBUFLEN];
180 ssize_t length;
181 ino_t ino = file_inode(filp)->i_ino;
182 int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ?
183 security_get_reject_unknown() : !security_get_allow_unknown();
184
185 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown);
186 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
187 }
188
189 static const struct file_operations sel_handle_unknown_ops = {
190 .read = sel_read_handle_unknown,
191 .llseek = generic_file_llseek,
192 };
193
194 static int sel_open_handle_status(struct inode *inode, struct file *filp)
195 {
196 struct page *status = selinux_kernel_status_page();
197
198 if (!status)
199 return -ENOMEM;
200
201 filp->private_data = status;
202
203 return 0;
204 }
205
206 static ssize_t sel_read_handle_status(struct file *filp, char __user *buf,
207 size_t count, loff_t *ppos)
208 {
209 struct page *status = filp->private_data;
210
211 BUG_ON(!status);
212
213 return simple_read_from_buffer(buf, count, ppos,
214 page_address(status),
215 sizeof(struct selinux_kernel_status));
216 }
217
218 static int sel_mmap_handle_status(struct file *filp,
219 struct vm_area_struct *vma)
220 {
221 struct page *status = filp->private_data;
222 unsigned long size = vma->vm_end - vma->vm_start;
223
224 BUG_ON(!status);
225
226 /* only allows one page from the head */
227 if (vma->vm_pgoff > 0 || size != PAGE_SIZE)
228 return -EIO;
229 /* disallow writable mapping */
230 if (vma->vm_flags & VM_WRITE)
231 return -EPERM;
232 /* disallow mprotect() turns it into writable */
233 vma->vm_flags &= ~VM_MAYWRITE;
234
235 return remap_pfn_range(vma, vma->vm_start,
236 page_to_pfn(status),
237 size, vma->vm_page_prot);
238 }
239
240 static const struct file_operations sel_handle_status_ops = {
241 .open = sel_open_handle_status,
242 .read = sel_read_handle_status,
243 .mmap = sel_mmap_handle_status,
244 .llseek = generic_file_llseek,
245 };
246
247 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
248 static ssize_t sel_write_disable(struct file *file, const char __user *buf,
249 size_t count, loff_t *ppos)
250
251 {
252 char *page;
253 ssize_t length;
254 int new_value;
255
256 if (count >= PAGE_SIZE)
257 return -ENOMEM;
258
259 /* No partial writes. */
260 if (*ppos != 0)
261 return -EINVAL;
262
263 page = memdup_user_nul(buf, count);
264 if (IS_ERR(page))
265 return PTR_ERR(page);
266
267 length = -EINVAL;
268 if (sscanf(page, "%d", &new_value) != 1)
269 goto out;
270
271 if (new_value) {
272 length = selinux_disable();
273 if (length)
274 goto out;
275 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
276 "selinux=0 auid=%u ses=%u",
277 from_kuid(&init_user_ns, audit_get_loginuid(current)),
278 audit_get_sessionid(current));
279 }
280
281 length = count;
282 out:
283 kfree(page);
284 return length;
285 }
286 #else
287 #define sel_write_disable NULL
288 #endif
289
290 static const struct file_operations sel_disable_ops = {
291 .write = sel_write_disable,
292 .llseek = generic_file_llseek,
293 };
294
295 static ssize_t sel_read_policyvers(struct file *filp, char __user *buf,
296 size_t count, loff_t *ppos)
297 {
298 char tmpbuf[TMPBUFLEN];
299 ssize_t length;
300
301 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX);
302 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
303 }
304
305 static const struct file_operations sel_policyvers_ops = {
306 .read = sel_read_policyvers,
307 .llseek = generic_file_llseek,
308 };
309
310 /* declaration for sel_write_load */
311 static int sel_make_bools(void);
312 static int sel_make_classes(void);
313 static int sel_make_policycap(void);
314
315 /* declaration for sel_make_class_dirs */
316 static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
317 unsigned long *ino);
318
319 static ssize_t sel_read_mls(struct file *filp, char __user *buf,
320 size_t count, loff_t *ppos)
321 {
322 char tmpbuf[TMPBUFLEN];
323 ssize_t length;
324
325 length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
326 security_mls_enabled());
327 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
328 }
329
330 static const struct file_operations sel_mls_ops = {
331 .read = sel_read_mls,
332 .llseek = generic_file_llseek,
333 };
334
335 struct policy_load_memory {
336 size_t len;
337 void *data;
338 };
339
340 static int sel_open_policy(struct inode *inode, struct file *filp)
341 {
342 struct policy_load_memory *plm = NULL;
343 int rc;
344
345 BUG_ON(filp->private_data);
346
347 mutex_lock(&sel_mutex);
348
349 rc = avc_has_perm(current_sid(), SECINITSID_SECURITY,
350 SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL);
351 if (rc)
352 goto err;
353
354 rc = -EBUSY;
355 if (policy_opened)
356 goto err;
357
358 rc = -ENOMEM;
359 plm = kzalloc(sizeof(*plm), GFP_KERNEL);
360 if (!plm)
361 goto err;
362
363 if (i_size_read(inode) != security_policydb_len()) {
364 inode_lock(inode);
365 i_size_write(inode, security_policydb_len());
366 inode_unlock(inode);
367 }
368
369 rc = security_read_policy(&plm->data, &plm->len);
370 if (rc)
371 goto err;
372
373 policy_opened = 1;
374
375 filp->private_data = plm;
376
377 mutex_unlock(&sel_mutex);
378
379 return 0;
380 err:
381 mutex_unlock(&sel_mutex);
382
383 if (plm)
384 vfree(plm->data);
385 kfree(plm);
386 return rc;
387 }
388
389 static int sel_release_policy(struct inode *inode, struct file *filp)
390 {
391 struct policy_load_memory *plm = filp->private_data;
392
393 BUG_ON(!plm);
394
395 policy_opened = 0;
396
397 vfree(plm->data);
398 kfree(plm);
399
400 return 0;
401 }
402
403 static ssize_t sel_read_policy(struct file *filp, char __user *buf,
404 size_t count, loff_t *ppos)
405 {
406 struct policy_load_memory *plm = filp->private_data;
407 int ret;
408
409 mutex_lock(&sel_mutex);
410
411 ret = avc_has_perm(current_sid(), SECINITSID_SECURITY,
412 SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL);
413 if (ret)
414 goto out;
415
416 ret = simple_read_from_buffer(buf, count, ppos, plm->data, plm->len);
417 out:
418 mutex_unlock(&sel_mutex);
419 return ret;
420 }
421
422 static int sel_mmap_policy_fault(struct vm_fault *vmf)
423 {
424 struct policy_load_memory *plm = vmf->vma->vm_file->private_data;
425 unsigned long offset;
426 struct page *page;
427
428 if (vmf->flags & (FAULT_FLAG_MKWRITE | FAULT_FLAG_WRITE))
429 return VM_FAULT_SIGBUS;
430
431 offset = vmf->pgoff << PAGE_SHIFT;
432 if (offset >= roundup(plm->len, PAGE_SIZE))
433 return VM_FAULT_SIGBUS;
434
435 page = vmalloc_to_page(plm->data + offset);
436 get_page(page);
437
438 vmf->page = page;
439
440 return 0;
441 }
442
443 static const struct vm_operations_struct sel_mmap_policy_ops = {
444 .fault = sel_mmap_policy_fault,
445 .page_mkwrite = sel_mmap_policy_fault,
446 };
447
448 static int sel_mmap_policy(struct file *filp, struct vm_area_struct *vma)
449 {
450 if (vma->vm_flags & VM_SHARED) {
451 /* do not allow mprotect to make mapping writable */
452 vma->vm_flags &= ~VM_MAYWRITE;
453
454 if (vma->vm_flags & VM_WRITE)
455 return -EACCES;
456 }
457
458 vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP;
459 vma->vm_ops = &sel_mmap_policy_ops;
460
461 return 0;
462 }
463
464 static const struct file_operations sel_policy_ops = {
465 .open = sel_open_policy,
466 .read = sel_read_policy,
467 .mmap = sel_mmap_policy,
468 .release = sel_release_policy,
469 .llseek = generic_file_llseek,
470 };
471
472 static ssize_t sel_write_load(struct file *file, const char __user *buf,
473 size_t count, loff_t *ppos)
474
475 {
476 ssize_t length;
477 void *data = NULL;
478
479 mutex_lock(&sel_mutex);
480
481 length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
482 SECCLASS_SECURITY, SECURITY__LOAD_POLICY, NULL);
483 if (length)
484 goto out;
485
486 /* No partial writes. */
487 length = -EINVAL;
488 if (*ppos != 0)
489 goto out;
490
491 length = -EFBIG;
492 if (count > 64 * 1024 * 1024)
493 goto out;
494
495 length = -ENOMEM;
496 data = vmalloc(count);
497 if (!data)
498 goto out;
499
500 length = -EFAULT;
501 if (copy_from_user(data, buf, count) != 0)
502 goto out;
503
504 length = security_load_policy(data, count);
505 if (length) {
506 pr_warn_ratelimited("SELinux: failed to load policy\n");
507 goto out;
508 }
509
510 length = sel_make_bools();
511 if (length) {
512 pr_err("SELinux: failed to load policy booleans\n");
513 goto out1;
514 }
515
516 length = sel_make_classes();
517 if (length) {
518 pr_err("SELinux: failed to load policy classes\n");
519 goto out1;
520 }
521
522 length = sel_make_policycap();
523 if (length) {
524 pr_err("SELinux: failed to load policy capabilities\n");
525 goto out1;
526 }
527
528 length = count;
529
530 out1:
531 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
532 "policy loaded auid=%u ses=%u",
533 from_kuid(&init_user_ns, audit_get_loginuid(current)),
534 audit_get_sessionid(current));
535 out:
536 mutex_unlock(&sel_mutex);
537 vfree(data);
538 return length;
539 }
540
541 static const struct file_operations sel_load_ops = {
542 .write = sel_write_load,
543 .llseek = generic_file_llseek,
544 };
545
546 static ssize_t sel_write_context(struct file *file, char *buf, size_t size)
547 {
548 char *canon = NULL;
549 u32 sid, len;
550 ssize_t length;
551
552 length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
553 SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, NULL);
554 if (length)
555 goto out;
556
557 length = security_context_to_sid(buf, size, &sid, GFP_KERNEL);
558 if (length)
559 goto out;
560
561 length = security_sid_to_context(sid, &canon, &len);
562 if (length)
563 goto out;
564
565 length = -ERANGE;
566 if (len > SIMPLE_TRANSACTION_LIMIT) {
567 printk(KERN_ERR "SELinux: %s: context size (%u) exceeds "
568 "payload max\n", __func__, len);
569 goto out;
570 }
571
572 memcpy(buf, canon, len);
573 length = len;
574 out:
575 kfree(canon);
576 return length;
577 }
578
579 static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf,
580 size_t count, loff_t *ppos)
581 {
582 char tmpbuf[TMPBUFLEN];
583 ssize_t length;
584
585 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", selinux_checkreqprot);
586 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
587 }
588
589 static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
590 size_t count, loff_t *ppos)
591 {
592 char *page;
593 ssize_t length;
594 unsigned int new_value;
595
596 length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
597 SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT,
598 NULL);
599 if (length)
600 return length;
601
602 if (count >= PAGE_SIZE)
603 return -ENOMEM;
604
605 /* No partial writes. */
606 if (*ppos != 0)
607 return -EINVAL;
608
609 page = memdup_user_nul(buf, count);
610 if (IS_ERR(page))
611 return PTR_ERR(page);
612
613 length = -EINVAL;
614 if (sscanf(page, "%u", &new_value) != 1)
615 goto out;
616
617 selinux_checkreqprot = new_value ? 1 : 0;
618 length = count;
619 out:
620 kfree(page);
621 return length;
622 }
623 static const struct file_operations sel_checkreqprot_ops = {
624 .read = sel_read_checkreqprot,
625 .write = sel_write_checkreqprot,
626 .llseek = generic_file_llseek,
627 };
628
629 static ssize_t sel_write_validatetrans(struct file *file,
630 const char __user *buf,
631 size_t count, loff_t *ppos)
632 {
633 char *oldcon = NULL, *newcon = NULL, *taskcon = NULL;
634 char *req = NULL;
635 u32 osid, nsid, tsid;
636 u16 tclass;
637 int rc;
638
639 rc = avc_has_perm(current_sid(), SECINITSID_SECURITY,
640 SECCLASS_SECURITY, SECURITY__VALIDATE_TRANS, NULL);
641 if (rc)
642 goto out;
643
644 rc = -ENOMEM;
645 if (count >= PAGE_SIZE)
646 goto out;
647
648 /* No partial writes. */
649 rc = -EINVAL;
650 if (*ppos != 0)
651 goto out;
652
653 req = memdup_user_nul(buf, count);
654 if (IS_ERR(req)) {
655 rc = PTR_ERR(req);
656 req = NULL;
657 goto out;
658 }
659
660 rc = -ENOMEM;
661 oldcon = kzalloc(count + 1, GFP_KERNEL);
662 if (!oldcon)
663 goto out;
664
665 newcon = kzalloc(count + 1, GFP_KERNEL);
666 if (!newcon)
667 goto out;
668
669 taskcon = kzalloc(count + 1, GFP_KERNEL);
670 if (!taskcon)
671 goto out;
672
673 rc = -EINVAL;
674 if (sscanf(req, "%s %s %hu %s", oldcon, newcon, &tclass, taskcon) != 4)
675 goto out;
676
677 rc = security_context_str_to_sid(oldcon, &osid, GFP_KERNEL);
678 if (rc)
679 goto out;
680
681 rc = security_context_str_to_sid(newcon, &nsid, GFP_KERNEL);
682 if (rc)
683 goto out;
684
685 rc = security_context_str_to_sid(taskcon, &tsid, GFP_KERNEL);
686 if (rc)
687 goto out;
688
689 rc = security_validate_transition_user(osid, nsid, tsid, tclass);
690 if (!rc)
691 rc = count;
692 out:
693 kfree(req);
694 kfree(oldcon);
695 kfree(newcon);
696 kfree(taskcon);
697 return rc;
698 }
699
700 static const struct file_operations sel_transition_ops = {
701 .write = sel_write_validatetrans,
702 .llseek = generic_file_llseek,
703 };
704
705 /*
706 * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c
707 */
708 static ssize_t sel_write_access(struct file *file, char *buf, size_t size);
709 static ssize_t sel_write_create(struct file *file, char *buf, size_t size);
710 static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size);
711 static ssize_t sel_write_user(struct file *file, char *buf, size_t size);
712 static ssize_t sel_write_member(struct file *file, char *buf, size_t size);
713
714 static ssize_t (*write_op[])(struct file *, char *, size_t) = {
715 [SEL_ACCESS] = sel_write_access,
716 [SEL_CREATE] = sel_write_create,
717 [SEL_RELABEL] = sel_write_relabel,
718 [SEL_USER] = sel_write_user,
719 [SEL_MEMBER] = sel_write_member,
720 [SEL_CONTEXT] = sel_write_context,
721 };
722
723 static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos)
724 {
725 ino_t ino = file_inode(file)->i_ino;
726 char *data;
727 ssize_t rv;
728
729 if (ino >= ARRAY_SIZE(write_op) || !write_op[ino])
730 return -EINVAL;
731
732 data = simple_transaction_get(file, buf, size);
733 if (IS_ERR(data))
734 return PTR_ERR(data);
735
736 rv = write_op[ino](file, data, size);
737 if (rv > 0) {
738 simple_transaction_set(file, rv);
739 rv = size;
740 }
741 return rv;
742 }
743
744 static const struct file_operations transaction_ops = {
745 .write = selinux_transaction_write,
746 .read = simple_transaction_read,
747 .release = simple_transaction_release,
748 .llseek = generic_file_llseek,
749 };
750
751 /*
752 * payload - write methods
753 * If the method has a response, the response should be put in buf,
754 * and the length returned. Otherwise return 0 or and -error.
755 */
756
757 static ssize_t sel_write_access(struct file *file, char *buf, size_t size)
758 {
759 char *scon = NULL, *tcon = NULL;
760 u32 ssid, tsid;
761 u16 tclass;
762 struct av_decision avd;
763 ssize_t length;
764
765 length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
766 SECCLASS_SECURITY, SECURITY__COMPUTE_AV, NULL);
767 if (length)
768 goto out;
769
770 length = -ENOMEM;
771 scon = kzalloc(size + 1, GFP_KERNEL);
772 if (!scon)
773 goto out;
774
775 length = -ENOMEM;
776 tcon = kzalloc(size + 1, GFP_KERNEL);
777 if (!tcon)
778 goto out;
779
780 length = -EINVAL;
781 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
782 goto out;
783
784 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
785 if (length)
786 goto out;
787
788 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
789 if (length)
790 goto out;
791
792 security_compute_av_user(ssid, tsid, tclass, &avd);
793
794 length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT,
795 "%x %x %x %x %u %x",
796 avd.allowed, 0xffffffff,
797 avd.auditallow, avd.auditdeny,
798 avd.seqno, avd.flags);
799 out:
800 kfree(tcon);
801 kfree(scon);
802 return length;
803 }
804
805 static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
806 {
807 char *scon = NULL, *tcon = NULL;
808 char *namebuf = NULL, *objname = NULL;
809 u32 ssid, tsid, newsid;
810 u16 tclass;
811 ssize_t length;
812 char *newcon = NULL;
813 u32 len;
814 int nargs;
815
816 length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
817 SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE,
818 NULL);
819 if (length)
820 goto out;
821
822 length = -ENOMEM;
823 scon = kzalloc(size + 1, GFP_KERNEL);
824 if (!scon)
825 goto out;
826
827 length = -ENOMEM;
828 tcon = kzalloc(size + 1, GFP_KERNEL);
829 if (!tcon)
830 goto out;
831
832 length = -ENOMEM;
833 namebuf = kzalloc(size + 1, GFP_KERNEL);
834 if (!namebuf)
835 goto out;
836
837 length = -EINVAL;
838 nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf);
839 if (nargs < 3 || nargs > 4)
840 goto out;
841 if (nargs == 4) {
842 /*
843 * If and when the name of new object to be queried contains
844 * either whitespace or multibyte characters, they shall be
845 * encoded based on the percentage-encoding rule.
846 * If not encoded, the sscanf logic picks up only left-half
847 * of the supplied name; splitted by a whitespace unexpectedly.
848 */
849 char *r, *w;
850 int c1, c2;
851
852 r = w = namebuf;
853 do {
854 c1 = *r++;
855 if (c1 == '+')
856 c1 = ' ';
857 else if (c1 == '%') {
858 c1 = hex_to_bin(*r++);
859 if (c1 < 0)
860 goto out;
861 c2 = hex_to_bin(*r++);
862 if (c2 < 0)
863 goto out;
864 c1 = (c1 << 4) | c2;
865 }
866 *w++ = c1;
867 } while (c1 != '\0');
868
869 objname = namebuf;
870 }
871
872 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
873 if (length)
874 goto out;
875
876 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
877 if (length)
878 goto out;
879
880 length = security_transition_sid_user(ssid, tsid, tclass,
881 objname, &newsid);
882 if (length)
883 goto out;
884
885 length = security_sid_to_context(newsid, &newcon, &len);
886 if (length)
887 goto out;
888
889 length = -ERANGE;
890 if (len > SIMPLE_TRANSACTION_LIMIT) {
891 printk(KERN_ERR "SELinux: %s: context size (%u) exceeds "
892 "payload max\n", __func__, len);
893 goto out;
894 }
895
896 memcpy(buf, newcon, len);
897 length = len;
898 out:
899 kfree(newcon);
900 kfree(namebuf);
901 kfree(tcon);
902 kfree(scon);
903 return length;
904 }
905
906 static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size)
907 {
908 char *scon = NULL, *tcon = NULL;
909 u32 ssid, tsid, newsid;
910 u16 tclass;
911 ssize_t length;
912 char *newcon = NULL;
913 u32 len;
914
915 length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
916 SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL,
917 NULL);
918 if (length)
919 goto out;
920
921 length = -ENOMEM;
922 scon = kzalloc(size + 1, GFP_KERNEL);
923 if (!scon)
924 goto out;
925
926 length = -ENOMEM;
927 tcon = kzalloc(size + 1, GFP_KERNEL);
928 if (!tcon)
929 goto out;
930
931 length = -EINVAL;
932 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
933 goto out;
934
935 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
936 if (length)
937 goto out;
938
939 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
940 if (length)
941 goto out;
942
943 length = security_change_sid(ssid, tsid, tclass, &newsid);
944 if (length)
945 goto out;
946
947 length = security_sid_to_context(newsid, &newcon, &len);
948 if (length)
949 goto out;
950
951 length = -ERANGE;
952 if (len > SIMPLE_TRANSACTION_LIMIT)
953 goto out;
954
955 memcpy(buf, newcon, len);
956 length = len;
957 out:
958 kfree(newcon);
959 kfree(tcon);
960 kfree(scon);
961 return length;
962 }
963
964 static ssize_t sel_write_user(struct file *file, char *buf, size_t size)
965 {
966 char *con = NULL, *user = NULL, *ptr;
967 u32 sid, *sids = NULL;
968 ssize_t length;
969 char *newcon;
970 int i, rc;
971 u32 len, nsids;
972
973 length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
974 SECCLASS_SECURITY, SECURITY__COMPUTE_USER,
975 NULL);
976 if (length)
977 goto out;
978
979 length = -ENOMEM;
980 con = kzalloc(size + 1, GFP_KERNEL);
981 if (!con)
982 goto out;
983
984 length = -ENOMEM;
985 user = kzalloc(size + 1, GFP_KERNEL);
986 if (!user)
987 goto out;
988
989 length = -EINVAL;
990 if (sscanf(buf, "%s %s", con, user) != 2)
991 goto out;
992
993 length = security_context_str_to_sid(con, &sid, GFP_KERNEL);
994 if (length)
995 goto out;
996
997 length = security_get_user_sids(sid, user, &sids, &nsids);
998 if (length)
999 goto out;
1000
1001 length = sprintf(buf, "%u", nsids) + 1;
1002 ptr = buf + length;
1003 for (i = 0; i < nsids; i++) {
1004 rc = security_sid_to_context(sids[i], &newcon, &len);
1005 if (rc) {
1006 length = rc;
1007 goto out;
1008 }
1009 if ((length + len) >= SIMPLE_TRANSACTION_LIMIT) {
1010 kfree(newcon);
1011 length = -ERANGE;
1012 goto out;
1013 }
1014 memcpy(ptr, newcon, len);
1015 kfree(newcon);
1016 ptr += len;
1017 length += len;
1018 }
1019 out:
1020 kfree(sids);
1021 kfree(user);
1022 kfree(con);
1023 return length;
1024 }
1025
1026 static ssize_t sel_write_member(struct file *file, char *buf, size_t size)
1027 {
1028 char *scon = NULL, *tcon = NULL;
1029 u32 ssid, tsid, newsid;
1030 u16 tclass;
1031 ssize_t length;
1032 char *newcon = NULL;
1033 u32 len;
1034
1035 length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1036 SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER,
1037 NULL);
1038 if (length)
1039 goto out;
1040
1041 length = -ENOMEM;
1042 scon = kzalloc(size + 1, GFP_KERNEL);
1043 if (!scon)
1044 goto out;
1045
1046 length = -ENOMEM;
1047 tcon = kzalloc(size + 1, GFP_KERNEL);
1048 if (!tcon)
1049 goto out;
1050
1051 length = -EINVAL;
1052 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
1053 goto out;
1054
1055 length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
1056 if (length)
1057 goto out;
1058
1059 length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
1060 if (length)
1061 goto out;
1062
1063 length = security_member_sid(ssid, tsid, tclass, &newsid);
1064 if (length)
1065 goto out;
1066
1067 length = security_sid_to_context(newsid, &newcon, &len);
1068 if (length)
1069 goto out;
1070
1071 length = -ERANGE;
1072 if (len > SIMPLE_TRANSACTION_LIMIT) {
1073 printk(KERN_ERR "SELinux: %s: context size (%u) exceeds "
1074 "payload max\n", __func__, len);
1075 goto out;
1076 }
1077
1078 memcpy(buf, newcon, len);
1079 length = len;
1080 out:
1081 kfree(newcon);
1082 kfree(tcon);
1083 kfree(scon);
1084 return length;
1085 }
1086
1087 static struct inode *sel_make_inode(struct super_block *sb, int mode)
1088 {
1089 struct inode *ret = new_inode(sb);
1090
1091 if (ret) {
1092 ret->i_mode = mode;
1093 ret->i_atime = ret->i_mtime = ret->i_ctime = current_time(ret);
1094 }
1095 return ret;
1096 }
1097
1098 static ssize_t sel_read_bool(struct file *filep, char __user *buf,
1099 size_t count, loff_t *ppos)
1100 {
1101 char *page = NULL;
1102 ssize_t length;
1103 ssize_t ret;
1104 int cur_enforcing;
1105 unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
1106 const char *name = filep->f_path.dentry->d_name.name;
1107
1108 mutex_lock(&sel_mutex);
1109
1110 ret = -EINVAL;
1111 if (index >= bool_num || strcmp(name, bool_pending_names[index]))
1112 goto out;
1113
1114 ret = -ENOMEM;
1115 page = (char *)get_zeroed_page(GFP_KERNEL);
1116 if (!page)
1117 goto out;
1118
1119 cur_enforcing = security_get_bool_value(index);
1120 if (cur_enforcing < 0) {
1121 ret = cur_enforcing;
1122 goto out;
1123 }
1124 length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing,
1125 bool_pending_values[index]);
1126 ret = simple_read_from_buffer(buf, count, ppos, page, length);
1127 out:
1128 mutex_unlock(&sel_mutex);
1129 free_page((unsigned long)page);
1130 return ret;
1131 }
1132
1133 static ssize_t sel_write_bool(struct file *filep, const char __user *buf,
1134 size_t count, loff_t *ppos)
1135 {
1136 char *page = NULL;
1137 ssize_t length;
1138 int new_value;
1139 unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
1140 const char *name = filep->f_path.dentry->d_name.name;
1141
1142 mutex_lock(&sel_mutex);
1143
1144 length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1145 SECCLASS_SECURITY, SECURITY__SETBOOL,
1146 NULL);
1147 if (length)
1148 goto out;
1149
1150 length = -EINVAL;
1151 if (index >= bool_num || strcmp(name, bool_pending_names[index]))
1152 goto out;
1153
1154 length = -ENOMEM;
1155 if (count >= PAGE_SIZE)
1156 goto out;
1157
1158 /* No partial writes. */
1159 length = -EINVAL;
1160 if (*ppos != 0)
1161 goto out;
1162
1163 page = memdup_user_nul(buf, count);
1164 if (IS_ERR(page)) {
1165 length = PTR_ERR(page);
1166 page = NULL;
1167 goto out;
1168 }
1169
1170 length = -EINVAL;
1171 if (sscanf(page, "%d", &new_value) != 1)
1172 goto out;
1173
1174 if (new_value)
1175 new_value = 1;
1176
1177 bool_pending_values[index] = new_value;
1178 length = count;
1179
1180 out:
1181 mutex_unlock(&sel_mutex);
1182 kfree(page);
1183 return length;
1184 }
1185
1186 static const struct file_operations sel_bool_ops = {
1187 .read = sel_read_bool,
1188 .write = sel_write_bool,
1189 .llseek = generic_file_llseek,
1190 };
1191
1192 static ssize_t sel_commit_bools_write(struct file *filep,
1193 const char __user *buf,
1194 size_t count, loff_t *ppos)
1195 {
1196 char *page = NULL;
1197 ssize_t length;
1198 int new_value;
1199
1200 mutex_lock(&sel_mutex);
1201
1202 length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1203 SECCLASS_SECURITY, SECURITY__SETBOOL,
1204 NULL);
1205 if (length)
1206 goto out;
1207
1208 length = -ENOMEM;
1209 if (count >= PAGE_SIZE)
1210 goto out;
1211
1212 /* No partial writes. */
1213 length = -EINVAL;
1214 if (*ppos != 0)
1215 goto out;
1216
1217 page = memdup_user_nul(buf, count);
1218 if (IS_ERR(page)) {
1219 length = PTR_ERR(page);
1220 page = NULL;
1221 goto out;
1222 }
1223
1224 length = -EINVAL;
1225 if (sscanf(page, "%d", &new_value) != 1)
1226 goto out;
1227
1228 length = 0;
1229 if (new_value && bool_pending_values)
1230 length = security_set_bools(bool_num, bool_pending_values);
1231
1232 if (!length)
1233 length = count;
1234
1235 out:
1236 mutex_unlock(&sel_mutex);
1237 kfree(page);
1238 return length;
1239 }
1240
1241 static const struct file_operations sel_commit_bools_ops = {
1242 .write = sel_commit_bools_write,
1243 .llseek = generic_file_llseek,
1244 };
1245
1246 static void sel_remove_entries(struct dentry *de)
1247 {
1248 d_genocide(de);
1249 shrink_dcache_parent(de);
1250 }
1251
1252 #define BOOL_DIR_NAME "booleans"
1253
1254 static int sel_make_bools(void)
1255 {
1256 int i, ret;
1257 ssize_t len;
1258 struct dentry *dentry = NULL;
1259 struct dentry *dir = bool_dir;
1260 struct inode *inode = NULL;
1261 struct inode_security_struct *isec;
1262 char **names = NULL, *page;
1263 int num;
1264 int *values = NULL;
1265 u32 sid;
1266
1267 /* remove any existing files */
1268 for (i = 0; i < bool_num; i++)
1269 kfree(bool_pending_names[i]);
1270 kfree(bool_pending_names);
1271 kfree(bool_pending_values);
1272 bool_num = 0;
1273 bool_pending_names = NULL;
1274 bool_pending_values = NULL;
1275
1276 sel_remove_entries(dir);
1277
1278 ret = -ENOMEM;
1279 page = (char *)get_zeroed_page(GFP_KERNEL);
1280 if (!page)
1281 goto out;
1282
1283 ret = security_get_bools(&num, &names, &values);
1284 if (ret)
1285 goto out;
1286
1287 for (i = 0; i < num; i++) {
1288 ret = -ENOMEM;
1289 dentry = d_alloc_name(dir, names[i]);
1290 if (!dentry)
1291 goto out;
1292
1293 ret = -ENOMEM;
1294 inode = sel_make_inode(dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR);
1295 if (!inode)
1296 goto out;
1297
1298 ret = -ENAMETOOLONG;
1299 len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]);
1300 if (len >= PAGE_SIZE)
1301 goto out;
1302
1303 isec = (struct inode_security_struct *)selinux_inode(inode);
1304 ret = security_genfs_sid("selinuxfs", page, SECCLASS_FILE, &sid);
1305 if (ret) {
1306 pr_warn_ratelimited("SELinux: no sid found, defaulting to security isid for %s\n",
1307 page);
1308 sid = SECINITSID_SECURITY;
1309 }
1310
1311 isec->sid = sid;
1312 isec->initialized = LABEL_INITIALIZED;
1313 inode->i_fop = &sel_bool_ops;
1314 inode->i_ino = i|SEL_BOOL_INO_OFFSET;
1315 d_add(dentry, inode);
1316 }
1317 bool_num = num;
1318 bool_pending_names = names;
1319 bool_pending_values = values;
1320
1321 free_page((unsigned long)page);
1322 return 0;
1323 out:
1324 free_page((unsigned long)page);
1325
1326 if (names) {
1327 for (i = 0; i < num; i++)
1328 kfree(names[i]);
1329 kfree(names);
1330 }
1331 kfree(values);
1332 sel_remove_entries(dir);
1333
1334 return ret;
1335 }
1336
1337 #define NULL_FILE_NAME "null"
1338
1339 struct path selinux_null;
1340
1341 static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf,
1342 size_t count, loff_t *ppos)
1343 {
1344 char tmpbuf[TMPBUFLEN];
1345 ssize_t length;
1346
1347 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", avc_cache_threshold);
1348 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
1349 }
1350
1351 static ssize_t sel_write_avc_cache_threshold(struct file *file,
1352 const char __user *buf,
1353 size_t count, loff_t *ppos)
1354
1355 {
1356 char *page;
1357 ssize_t ret;
1358 unsigned int new_value;
1359
1360 ret = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1361 SECCLASS_SECURITY, SECURITY__SETSECPARAM,
1362 NULL);
1363 if (ret)
1364 return ret;
1365
1366 if (count >= PAGE_SIZE)
1367 return -ENOMEM;
1368
1369 /* No partial writes. */
1370 if (*ppos != 0)
1371 return -EINVAL;
1372
1373 page = memdup_user_nul(buf, count);
1374 if (IS_ERR(page))
1375 return PTR_ERR(page);
1376
1377 ret = -EINVAL;
1378 if (sscanf(page, "%u", &new_value) != 1)
1379 goto out;
1380
1381 avc_cache_threshold = new_value;
1382
1383 ret = count;
1384 out:
1385 kfree(page);
1386 return ret;
1387 }
1388
1389 static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf,
1390 size_t count, loff_t *ppos)
1391 {
1392 char *page;
1393 ssize_t length;
1394
1395 page = (char *)__get_free_page(GFP_KERNEL);
1396 if (!page)
1397 return -ENOMEM;
1398
1399 length = avc_get_hash_stats(page);
1400 if (length >= 0)
1401 length = simple_read_from_buffer(buf, count, ppos, page, length);
1402 free_page((unsigned long)page);
1403
1404 return length;
1405 }
1406
1407 static const struct file_operations sel_avc_cache_threshold_ops = {
1408 .read = sel_read_avc_cache_threshold,
1409 .write = sel_write_avc_cache_threshold,
1410 .llseek = generic_file_llseek,
1411 };
1412
1413 static const struct file_operations sel_avc_hash_stats_ops = {
1414 .read = sel_read_avc_hash_stats,
1415 .llseek = generic_file_llseek,
1416 };
1417
1418 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
1419 static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx)
1420 {
1421 int cpu;
1422
1423 for (cpu = *idx; cpu < nr_cpu_ids; ++cpu) {
1424 if (!cpu_possible(cpu))
1425 continue;
1426 *idx = cpu + 1;
1427 return &per_cpu(avc_cache_stats, cpu);
1428 }
1429 return NULL;
1430 }
1431
1432 static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos)
1433 {
1434 loff_t n = *pos - 1;
1435
1436 if (*pos == 0)
1437 return SEQ_START_TOKEN;
1438
1439 return sel_avc_get_stat_idx(&n);
1440 }
1441
1442 static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1443 {
1444 return sel_avc_get_stat_idx(pos);
1445 }
1446
1447 static int sel_avc_stats_seq_show(struct seq_file *seq, void *v)
1448 {
1449 struct avc_cache_stats *st = v;
1450
1451 if (v == SEQ_START_TOKEN) {
1452 seq_puts(seq,
1453 "lookups hits misses allocations reclaims frees\n");
1454 } else {
1455 unsigned int lookups = st->lookups;
1456 unsigned int misses = st->misses;
1457 unsigned int hits = lookups - misses;
1458 seq_printf(seq, "%u %u %u %u %u %u\n", lookups,
1459 hits, misses, st->allocations,
1460 st->reclaims, st->frees);
1461 }
1462 return 0;
1463 }
1464
1465 static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v)
1466 { }
1467
1468 static const struct seq_operations sel_avc_cache_stats_seq_ops = {
1469 .start = sel_avc_stats_seq_start,
1470 .next = sel_avc_stats_seq_next,
1471 .show = sel_avc_stats_seq_show,
1472 .stop = sel_avc_stats_seq_stop,
1473 };
1474
1475 static int sel_open_avc_cache_stats(struct inode *inode, struct file *file)
1476 {
1477 return seq_open(file, &sel_avc_cache_stats_seq_ops);
1478 }
1479
1480 static const struct file_operations sel_avc_cache_stats_ops = {
1481 .open = sel_open_avc_cache_stats,
1482 .read = seq_read,
1483 .llseek = seq_lseek,
1484 .release = seq_release,
1485 };
1486 #endif
1487
1488 static int sel_make_avc_files(struct dentry *dir)
1489 {
1490 int i;
1491 static const struct tree_descr files[] = {
1492 { "cache_threshold",
1493 &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR },
1494 { "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO },
1495 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
1496 { "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO },
1497 #endif
1498 };
1499
1500 for (i = 0; i < ARRAY_SIZE(files); i++) {
1501 struct inode *inode;
1502 struct dentry *dentry;
1503
1504 dentry = d_alloc_name(dir, files[i].name);
1505 if (!dentry)
1506 return -ENOMEM;
1507
1508 inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode);
1509 if (!inode)
1510 return -ENOMEM;
1511
1512 inode->i_fop = files[i].ops;
1513 inode->i_ino = ++sel_last_ino;
1514 d_add(dentry, inode);
1515 }
1516
1517 return 0;
1518 }
1519
1520 static ssize_t sel_read_initcon(struct file *file, char __user *buf,
1521 size_t count, loff_t *ppos)
1522 {
1523 char *con;
1524 u32 sid, len;
1525 ssize_t ret;
1526
1527 sid = file_inode(file)->i_ino&SEL_INO_MASK;
1528 ret = security_sid_to_context(sid, &con, &len);
1529 if (ret)
1530 return ret;
1531
1532 ret = simple_read_from_buffer(buf, count, ppos, con, len);
1533 kfree(con);
1534 return ret;
1535 }
1536
1537 static const struct file_operations sel_initcon_ops = {
1538 .read = sel_read_initcon,
1539 .llseek = generic_file_llseek,
1540 };
1541
1542 static int sel_make_initcon_files(struct dentry *dir)
1543 {
1544 int i;
1545
1546 for (i = 1; i <= SECINITSID_NUM; i++) {
1547 struct inode *inode;
1548 struct dentry *dentry;
1549 dentry = d_alloc_name(dir, security_get_initial_sid_context(i));
1550 if (!dentry)
1551 return -ENOMEM;
1552
1553 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1554 if (!inode)
1555 return -ENOMEM;
1556
1557 inode->i_fop = &sel_initcon_ops;
1558 inode->i_ino = i|SEL_INITCON_INO_OFFSET;
1559 d_add(dentry, inode);
1560 }
1561
1562 return 0;
1563 }
1564
1565 static inline unsigned long sel_class_to_ino(u16 class)
1566 {
1567 return (class * (SEL_VEC_MAX + 1)) | SEL_CLASS_INO_OFFSET;
1568 }
1569
1570 static inline u16 sel_ino_to_class(unsigned long ino)
1571 {
1572 return (ino & SEL_INO_MASK) / (SEL_VEC_MAX + 1);
1573 }
1574
1575 static inline unsigned long sel_perm_to_ino(u16 class, u32 perm)
1576 {
1577 return (class * (SEL_VEC_MAX + 1) + perm) | SEL_CLASS_INO_OFFSET;
1578 }
1579
1580 static inline u32 sel_ino_to_perm(unsigned long ino)
1581 {
1582 return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1);
1583 }
1584
1585 static ssize_t sel_read_class(struct file *file, char __user *buf,
1586 size_t count, loff_t *ppos)
1587 {
1588 unsigned long ino = file_inode(file)->i_ino;
1589 char res[TMPBUFLEN];
1590 ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_class(ino));
1591 return simple_read_from_buffer(buf, count, ppos, res, len);
1592 }
1593
1594 static const struct file_operations sel_class_ops = {
1595 .read = sel_read_class,
1596 .llseek = generic_file_llseek,
1597 };
1598
1599 static ssize_t sel_read_perm(struct file *file, char __user *buf,
1600 size_t count, loff_t *ppos)
1601 {
1602 unsigned long ino = file_inode(file)->i_ino;
1603 char res[TMPBUFLEN];
1604 ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino));
1605 return simple_read_from_buffer(buf, count, ppos, res, len);
1606 }
1607
1608 static const struct file_operations sel_perm_ops = {
1609 .read = sel_read_perm,
1610 .llseek = generic_file_llseek,
1611 };
1612
1613 static ssize_t sel_read_policycap(struct file *file, char __user *buf,
1614 size_t count, loff_t *ppos)
1615 {
1616 int value;
1617 char tmpbuf[TMPBUFLEN];
1618 ssize_t length;
1619 unsigned long i_ino = file_inode(file)->i_ino;
1620
1621 value = security_policycap_supported(i_ino & SEL_INO_MASK);
1622 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value);
1623
1624 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
1625 }
1626
1627 static const struct file_operations sel_policycap_ops = {
1628 .read = sel_read_policycap,
1629 .llseek = generic_file_llseek,
1630 };
1631
1632 static int sel_make_perm_files(char *objclass, int classvalue,
1633 struct dentry *dir)
1634 {
1635 int i, rc, nperms;
1636 char **perms;
1637
1638 rc = security_get_permissions(objclass, &perms, &nperms);
1639 if (rc)
1640 return rc;
1641
1642 for (i = 0; i < nperms; i++) {
1643 struct inode *inode;
1644 struct dentry *dentry;
1645
1646 rc = -ENOMEM;
1647 dentry = d_alloc_name(dir, perms[i]);
1648 if (!dentry)
1649 goto out;
1650
1651 rc = -ENOMEM;
1652 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1653 if (!inode)
1654 goto out;
1655
1656 inode->i_fop = &sel_perm_ops;
1657 /* i+1 since perm values are 1-indexed */
1658 inode->i_ino = sel_perm_to_ino(classvalue, i + 1);
1659 d_add(dentry, inode);
1660 }
1661 rc = 0;
1662 out:
1663 for (i = 0; i < nperms; i++)
1664 kfree(perms[i]);
1665 kfree(perms);
1666 return rc;
1667 }
1668
1669 static int sel_make_class_dir_entries(char *classname, int index,
1670 struct dentry *dir)
1671 {
1672 struct dentry *dentry = NULL;
1673 struct inode *inode = NULL;
1674 int rc;
1675
1676 dentry = d_alloc_name(dir, "index");
1677 if (!dentry)
1678 return -ENOMEM;
1679
1680 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1681 if (!inode)
1682 return -ENOMEM;
1683
1684 inode->i_fop = &sel_class_ops;
1685 inode->i_ino = sel_class_to_ino(index);
1686 d_add(dentry, inode);
1687
1688 dentry = sel_make_dir(dir, "perms", &last_class_ino);
1689 if (IS_ERR(dentry))
1690 return PTR_ERR(dentry);
1691
1692 rc = sel_make_perm_files(classname, index, dentry);
1693
1694 return rc;
1695 }
1696
1697 static int sel_make_classes(void)
1698 {
1699 int rc, nclasses, i;
1700 char **classes;
1701
1702 /* delete any existing entries */
1703 sel_remove_entries(class_dir);
1704
1705 rc = security_get_classes(&classes, &nclasses);
1706 if (rc)
1707 return rc;
1708
1709 /* +2 since classes are 1-indexed */
1710 last_class_ino = sel_class_to_ino(nclasses + 2);
1711
1712 for (i = 0; i < nclasses; i++) {
1713 struct dentry *class_name_dir;
1714
1715 class_name_dir = sel_make_dir(class_dir, classes[i],
1716 &last_class_ino);
1717 if (IS_ERR(class_name_dir)) {
1718 rc = PTR_ERR(class_name_dir);
1719 goto out;
1720 }
1721
1722 /* i+1 since class values are 1-indexed */
1723 rc = sel_make_class_dir_entries(classes[i], i + 1,
1724 class_name_dir);
1725 if (rc)
1726 goto out;
1727 }
1728 rc = 0;
1729 out:
1730 for (i = 0; i < nclasses; i++)
1731 kfree(classes[i]);
1732 kfree(classes);
1733 return rc;
1734 }
1735
1736 static int sel_make_policycap(void)
1737 {
1738 unsigned int iter;
1739 struct dentry *dentry = NULL;
1740 struct inode *inode = NULL;
1741
1742 sel_remove_entries(policycap_dir);
1743
1744 for (iter = 0; iter <= POLICYDB_CAPABILITY_MAX; iter++) {
1745 if (iter < ARRAY_SIZE(selinux_policycap_names))
1746 dentry = d_alloc_name(policycap_dir,
1747 selinux_policycap_names[iter]);
1748 else
1749 dentry = d_alloc_name(policycap_dir, "unknown");
1750
1751 if (dentry == NULL)
1752 return -ENOMEM;
1753
1754 inode = sel_make_inode(policycap_dir->d_sb, S_IFREG | S_IRUGO);
1755 if (inode == NULL)
1756 return -ENOMEM;
1757
1758 inode->i_fop = &sel_policycap_ops;
1759 inode->i_ino = iter | SEL_POLICYCAP_INO_OFFSET;
1760 d_add(dentry, inode);
1761 }
1762
1763 return 0;
1764 }
1765
1766 static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
1767 unsigned long *ino)
1768 {
1769 struct dentry *dentry = d_alloc_name(dir, name);
1770 struct inode *inode;
1771
1772 if (!dentry)
1773 return ERR_PTR(-ENOMEM);
1774
1775 inode = sel_make_inode(dir->d_sb, S_IFDIR | S_IRUGO | S_IXUGO);
1776 if (!inode) {
1777 dput(dentry);
1778 return ERR_PTR(-ENOMEM);
1779 }
1780
1781 inode->i_op = &simple_dir_inode_operations;
1782 inode->i_fop = &simple_dir_operations;
1783 inode->i_ino = ++(*ino);
1784 /* directory inodes start off with i_nlink == 2 (for "." entry) */
1785 inc_nlink(inode);
1786 d_add(dentry, inode);
1787 /* bump link count on parent directory, too */
1788 inc_nlink(d_inode(dir));
1789
1790 return dentry;
1791 }
1792
1793 static int sel_fill_super(struct super_block *sb, void *data, int silent)
1794 {
1795 int ret;
1796 struct dentry *dentry;
1797 struct inode *inode;
1798 struct inode_security_struct *isec;
1799
1800 static const struct tree_descr selinux_files[] = {
1801 [SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR},
1802 [SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR},
1803 [SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO},
1804 [SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO},
1805 [SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO},
1806 [SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO},
1807 [SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO},
1808 [SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO},
1809 [SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR},
1810 [SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO},
1811 [SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR},
1812 [SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO},
1813 [SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR},
1814 [SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO},
1815 [SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO},
1816 [SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO},
1817 [SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO},
1818 [SEL_VALIDATE_TRANS] = {"validatetrans", &sel_transition_ops,
1819 S_IWUGO},
1820 /* last one */ {""}
1821 };
1822 ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);
1823 if (ret)
1824 goto err;
1825
1826 bool_dir = sel_make_dir(sb->s_root, BOOL_DIR_NAME, &sel_last_ino);
1827 if (IS_ERR(bool_dir)) {
1828 ret = PTR_ERR(bool_dir);
1829 bool_dir = NULL;
1830 goto err;
1831 }
1832
1833 ret = -ENOMEM;
1834 dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME);
1835 if (!dentry)
1836 goto err;
1837
1838 ret = -ENOMEM;
1839 inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO);
1840 if (!inode)
1841 goto err;
1842
1843 inode->i_ino = ++sel_last_ino;
1844 isec = (struct inode_security_struct *)selinux_inode(inode);
1845 isec->sid = SECINITSID_DEVNULL;
1846 isec->sclass = SECCLASS_CHR_FILE;
1847 isec->initialized = LABEL_INITIALIZED;
1848
1849 init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3));
1850 d_add(dentry, inode);
1851 selinux_null.dentry = dentry;
1852
1853 dentry = sel_make_dir(sb->s_root, "avc", &sel_last_ino);
1854 if (IS_ERR(dentry)) {
1855 ret = PTR_ERR(dentry);
1856 goto err;
1857 }
1858
1859 ret = sel_make_avc_files(dentry);
1860 if (ret)
1861 goto err;
1862
1863 dentry = sel_make_dir(sb->s_root, "initial_contexts", &sel_last_ino);
1864 if (IS_ERR(dentry)) {
1865 ret = PTR_ERR(dentry);
1866 goto err;
1867 }
1868
1869 ret = sel_make_initcon_files(dentry);
1870 if (ret)
1871 goto err;
1872
1873 class_dir = sel_make_dir(sb->s_root, "class", &sel_last_ino);
1874 if (IS_ERR(class_dir)) {
1875 ret = PTR_ERR(class_dir);
1876 class_dir = NULL;
1877 goto err;
1878 }
1879
1880 policycap_dir = sel_make_dir(sb->s_root, "policy_capabilities", &sel_last_ino);
1881 if (IS_ERR(policycap_dir)) {
1882 ret = PTR_ERR(policycap_dir);
1883 policycap_dir = NULL;
1884 goto err;
1885 }
1886 return 0;
1887 err:
1888 printk(KERN_ERR "SELinux: %s: failed while creating inodes\n",
1889 __func__);
1890 return ret;
1891 }
1892
1893 static struct dentry *sel_mount(struct file_system_type *fs_type,
1894 int flags, const char *dev_name, void *data)
1895 {
1896 return mount_single(fs_type, flags, data, sel_fill_super);
1897 }
1898
1899 static struct file_system_type sel_fs_type = {
1900 .name = "selinuxfs",
1901 .mount = sel_mount,
1902 .kill_sb = kill_litter_super,
1903 };
1904
1905 struct vfsmount *selinuxfs_mount;
1906
1907 static int __init init_sel_fs(void)
1908 {
1909 int err;
1910
1911 if (!selinux_enabled)
1912 return 0;
1913
1914 err = sysfs_create_mount_point(fs_kobj, "selinux");
1915 if (err)
1916 return err;
1917
1918 err = register_filesystem(&sel_fs_type);
1919 if (err) {
1920 sysfs_remove_mount_point(fs_kobj, "selinux");
1921 return err;
1922 }
1923
1924 selinux_null.mnt = selinuxfs_mount = kern_mount(&sel_fs_type);
1925 if (IS_ERR(selinuxfs_mount)) {
1926 printk(KERN_ERR "selinuxfs: could not mount!\n");
1927 err = PTR_ERR(selinuxfs_mount);
1928 selinuxfs_mount = NULL;
1929 }
1930
1931 return err;
1932 }
1933
1934 __initcall(init_sel_fs);
1935
1936 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
1937 void exit_sel_fs(void)
1938 {
1939 sysfs_remove_mount_point(fs_kobj, "selinux");
1940 kern_unmount(selinuxfs_mount);
1941 unregister_filesystem(&sel_fs_type);
1942 }
1943 #endif
Ubuntu Artful kernel mirror