selinuxfs.c 43 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932
  1. /* Updated: Karl MacMillan <kmacmillan@tresys.com>
  2. *
  3. * Added conditional policy language extensions
  4. *
  5. * Updated: Hewlett-Packard <paul@paul-moore.com>
  6. *
  7. * Added support for the policy capability bitmap
  8. *
  9. * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
  10. * Copyright (C) 2003 - 2004 Tresys Technology, LLC
  11. * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
  12. * This program is free software; you can redistribute it and/or modify
  13. * it under the terms of the GNU General Public License as published by
  14. * the Free Software Foundation, version 2.
  15. */
  16. #include <linux/kernel.h>
  17. #include <linux/pagemap.h>
  18. #include <linux/slab.h>
  19. #include <linux/vmalloc.h>
  20. #include <linux/fs.h>
  21. #include <linux/mutex.h>
  22. #include <linux/init.h>
  23. #include <linux/string.h>
  24. #include <linux/security.h>
  25. #include <linux/major.h>
  26. #include <linux/seq_file.h>
  27. #include <linux/percpu.h>
  28. #include <linux/audit.h>
  29. #include <linux/uaccess.h>
  30. #include <linux/kobject.h>
  31. #include <linux/ctype.h>
  32. /* selinuxfs pseudo filesystem for exporting the security policy API.
  33. Based on the proc code and the fs/nfsd/nfsctl.c code. */
  34. #include "flask.h"
  35. #include "avc.h"
  36. #include "avc_ss.h"
  37. #include "security.h"
  38. #include "objsec.h"
  39. #include "conditional.h"
  40. /* Policy capability filenames */
  41. static char *policycap_names[] = {
  42. "network_peer_controls",
  43. "open_perms",
  44. "redhat1",
  45. "always_check_network"
  46. };
  47. unsigned int selinux_checkreqprot = CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE;
  48. static int __init checkreqprot_setup(char *str)
  49. {
  50. unsigned long checkreqprot;
  51. if (!strict_strtoul(str, 0, &checkreqprot))
  52. selinux_checkreqprot = checkreqprot ? 1 : 0;
  53. return 1;
  54. }
  55. __setup("checkreqprot=", checkreqprot_setup);
  56. static DEFINE_MUTEX(sel_mutex);
  57. /* global data for booleans */
  58. static struct dentry *bool_dir;
  59. static int bool_num;
  60. static char **bool_pending_names;
  61. static int *bool_pending_values;
  62. /* global data for classes */
  63. static struct dentry *class_dir;
  64. static unsigned long last_class_ino;
  65. static char policy_opened;
  66. /* global data for policy capabilities */
  67. static struct dentry *policycap_dir;
  68. /* Check whether a task is allowed to use a security operation. */
  69. static int task_has_security(struct task_struct *tsk,
  70. u32 perms)
  71. {
  72. const struct task_security_struct *tsec;
  73. u32 sid = 0;
  74. rcu_read_lock();
  75. tsec = __task_cred(tsk)->security;
  76. if (tsec)
  77. sid = tsec->sid;
  78. rcu_read_unlock();
  79. if (!tsec)
  80. return -EACCES;
  81. return avc_has_perm(sid, SECINITSID_SECURITY,
  82. SECCLASS_SECURITY, perms, NULL);
  83. }
  84. enum sel_inos {
  85. SEL_ROOT_INO = 2,
  86. SEL_LOAD, /* load policy */
  87. SEL_ENFORCE, /* get or set enforcing status */
  88. SEL_CONTEXT, /* validate context */
  89. SEL_ACCESS, /* compute access decision */
  90. SEL_CREATE, /* compute create labeling decision */
  91. SEL_RELABEL, /* compute relabeling decision */
  92. SEL_USER, /* compute reachable user contexts */
  93. SEL_POLICYVERS, /* return policy version for this kernel */
  94. SEL_COMMIT_BOOLS, /* commit new boolean values */
  95. SEL_MLS, /* return if MLS policy is enabled */
  96. SEL_DISABLE, /* disable SELinux until next reboot */
  97. SEL_MEMBER, /* compute polyinstantiation membership decision */
  98. SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */
  99. SEL_COMPAT_NET, /* whether to use old compat network packet controls */
  100. SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */
  101. SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */
  102. SEL_STATUS, /* export current status using mmap() */
  103. SEL_POLICY, /* allow userspace to read the in kernel policy */
  104. SEL_INO_NEXT, /* The next inode number to use */
  105. };
  106. static unsigned long sel_last_ino = SEL_INO_NEXT - 1;
  107. #define SEL_INITCON_INO_OFFSET 0x01000000
  108. #define SEL_BOOL_INO_OFFSET 0x02000000
  109. #define SEL_CLASS_INO_OFFSET 0x04000000
  110. #define SEL_POLICYCAP_INO_OFFSET 0x08000000
  111. #define SEL_INO_MASK 0x00ffffff
  112. #define TMPBUFLEN 12
  113. static ssize_t sel_read_enforce(struct file *filp, char __user *buf,
  114. size_t count, loff_t *ppos)
  115. {
  116. char tmpbuf[TMPBUFLEN];
  117. ssize_t length;
  118. length = scnprintf(tmpbuf, TMPBUFLEN, "%d", selinux_enforcing);
  119. return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
  120. }
  121. #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
  122. static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
  123. size_t count, loff_t *ppos)
  124. {
  125. char *page = NULL;
  126. ssize_t length;
  127. int new_value;
  128. length = -ENOMEM;
  129. if (count >= PAGE_SIZE)
  130. goto out;
  131. /* No partial writes. */
  132. length = EINVAL;
  133. if (*ppos != 0)
  134. goto out;
  135. length = -ENOMEM;
  136. page = (char *)get_zeroed_page(GFP_KERNEL);
  137. if (!page)
  138. goto out;
  139. length = -EFAULT;
  140. if (copy_from_user(page, buf, count))
  141. goto out;
  142. length = -EINVAL;
  143. if (sscanf(page, "%d", &new_value) != 1)
  144. goto out;
  145. if (new_value != selinux_enforcing) {
  146. length = task_has_security(current, SECURITY__SETENFORCE);
  147. if (length)
  148. goto out;
  149. audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
  150. "enforcing=%d old_enforcing=%d auid=%u ses=%u",
  151. new_value, selinux_enforcing,
  152. from_kuid(&init_user_ns, audit_get_loginuid(current)),
  153. audit_get_sessionid(current));
  154. selinux_enforcing = new_value;
  155. if (selinux_enforcing)
  156. avc_ss_reset(0);
  157. selnl_notify_setenforce(selinux_enforcing);
  158. selinux_status_update_setenforce(selinux_enforcing);
  159. }
  160. length = count;
  161. out:
  162. free_page((unsigned long) page);
  163. return length;
  164. }
  165. #else
  166. #define sel_write_enforce NULL
  167. #endif
  168. static const struct file_operations sel_enforce_ops = {
  169. .read = sel_read_enforce,
  170. .write = sel_write_enforce,
  171. .llseek = generic_file_llseek,
  172. };
  173. static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf,
  174. size_t count, loff_t *ppos)
  175. {
  176. char tmpbuf[TMPBUFLEN];
  177. ssize_t length;
  178. ino_t ino = file_inode(filp)->i_ino;
  179. int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ?
  180. security_get_reject_unknown() : !security_get_allow_unknown();
  181. length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown);
  182. return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
  183. }
  184. static const struct file_operations sel_handle_unknown_ops = {
  185. .read = sel_read_handle_unknown,
  186. .llseek = generic_file_llseek,
  187. };
  188. static int sel_open_handle_status(struct inode *inode, struct file *filp)
  189. {
  190. struct page *status = selinux_kernel_status_page();
  191. if (!status)
  192. return -ENOMEM;
  193. filp->private_data = status;
  194. return 0;
  195. }
  196. static ssize_t sel_read_handle_status(struct file *filp, char __user *buf,
  197. size_t count, loff_t *ppos)
  198. {
  199. struct page *status = filp->private_data;
  200. BUG_ON(!status);
  201. return simple_read_from_buffer(buf, count, ppos,
  202. page_address(status),
  203. sizeof(struct selinux_kernel_status));
  204. }
  205. static int sel_mmap_handle_status(struct file *filp,
  206. struct vm_area_struct *vma)
  207. {
  208. struct page *status = filp->private_data;
  209. unsigned long size = vma->vm_end - vma->vm_start;
  210. BUG_ON(!status);
  211. /* only allows one page from the head */
  212. if (vma->vm_pgoff > 0 || size != PAGE_SIZE)
  213. return -EIO;
  214. /* disallow writable mapping */
  215. if (vma->vm_flags & VM_WRITE)
  216. return -EPERM;
  217. /* disallow mprotect() turns it into writable */
  218. vma->vm_flags &= ~VM_MAYWRITE;
  219. return remap_pfn_range(vma, vma->vm_start,
  220. page_to_pfn(status),
  221. size, vma->vm_page_prot);
  222. }
  223. static const struct file_operations sel_handle_status_ops = {
  224. .open = sel_open_handle_status,
  225. .read = sel_read_handle_status,
  226. .mmap = sel_mmap_handle_status,
  227. .llseek = generic_file_llseek,
  228. };
  229. #ifdef CONFIG_SECURITY_SELINUX_DISABLE
  230. static ssize_t sel_write_disable(struct file *file, const char __user *buf,
  231. size_t count, loff_t *ppos)
  232. {
  233. char *page = NULL;
  234. ssize_t length;
  235. int new_value;
  236. length = -ENOMEM;
  237. if (count >= PAGE_SIZE)
  238. goto out;
  239. /* No partial writes. */
  240. length = -EINVAL;
  241. if (*ppos != 0)
  242. goto out;
  243. length = -ENOMEM;
  244. page = (char *)get_zeroed_page(GFP_KERNEL);
  245. if (!page)
  246. goto out;
  247. length = -EFAULT;
  248. if (copy_from_user(page, buf, count))
  249. goto out;
  250. length = -EINVAL;
  251. if (sscanf(page, "%d", &new_value) != 1)
  252. goto out;
  253. if (new_value) {
  254. length = selinux_disable();
  255. if (length)
  256. goto out;
  257. audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
  258. "selinux=0 auid=%u ses=%u",
  259. from_kuid(&init_user_ns, audit_get_loginuid(current)),
  260. audit_get_sessionid(current));
  261. }
  262. length = count;
  263. out:
  264. free_page((unsigned long) page);
  265. return length;
  266. }
  267. #else
  268. #define sel_write_disable NULL
  269. #endif
  270. static const struct file_operations sel_disable_ops = {
  271. .write = sel_write_disable,
  272. .llseek = generic_file_llseek,
  273. };
  274. static ssize_t sel_read_policyvers(struct file *filp, char __user *buf,
  275. size_t count, loff_t *ppos)
  276. {
  277. char tmpbuf[TMPBUFLEN];
  278. ssize_t length;
  279. length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX);
  280. return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
  281. }
  282. static const struct file_operations sel_policyvers_ops = {
  283. .read = sel_read_policyvers,
  284. .llseek = generic_file_llseek,
  285. };
  286. /* declaration for sel_write_load */
  287. static int sel_make_bools(void);
  288. static int sel_make_classes(void);
  289. static int sel_make_policycap(void);
  290. /* declaration for sel_make_class_dirs */
  291. static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
  292. unsigned long *ino);
  293. static ssize_t sel_read_mls(struct file *filp, char __user *buf,
  294. size_t count, loff_t *ppos)
  295. {
  296. char tmpbuf[TMPBUFLEN];
  297. ssize_t length;
  298. length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
  299. security_mls_enabled());
  300. return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
  301. }
  302. static const struct file_operations sel_mls_ops = {
  303. .read = sel_read_mls,
  304. .llseek = generic_file_llseek,
  305. };
  306. struct policy_load_memory {
  307. size_t len;
  308. void *data;
  309. };
  310. static int sel_open_policy(struct inode *inode, struct file *filp)
  311. {
  312. struct policy_load_memory *plm = NULL;
  313. int rc;
  314. BUG_ON(filp->private_data);
  315. mutex_lock(&sel_mutex);
  316. rc = task_has_security(current, SECURITY__READ_POLICY);
  317. if (rc)
  318. goto err;
  319. rc = -EBUSY;
  320. if (policy_opened)
  321. goto err;
  322. rc = -ENOMEM;
  323. plm = kzalloc(sizeof(*plm), GFP_KERNEL);
  324. if (!plm)
  325. goto err;
  326. if (i_size_read(inode) != security_policydb_len()) {
  327. mutex_lock(&inode->i_mutex);
  328. i_size_write(inode, security_policydb_len());
  329. mutex_unlock(&inode->i_mutex);
  330. }
  331. rc = security_read_policy(&plm->data, &plm->len);
  332. if (rc)
  333. goto err;
  334. policy_opened = 1;
  335. filp->private_data = plm;
  336. mutex_unlock(&sel_mutex);
  337. return 0;
  338. err:
  339. mutex_unlock(&sel_mutex);
  340. if (plm)
  341. vfree(plm->data);
  342. kfree(plm);
  343. return rc;
  344. }
  345. static int sel_release_policy(struct inode *inode, struct file *filp)
  346. {
  347. struct policy_load_memory *plm = filp->private_data;
  348. BUG_ON(!plm);
  349. policy_opened = 0;
  350. vfree(plm->data);
  351. kfree(plm);
  352. return 0;
  353. }
  354. static ssize_t sel_read_policy(struct file *filp, char __user *buf,
  355. size_t count, loff_t *ppos)
  356. {
  357. struct policy_load_memory *plm = filp->private_data;
  358. int ret;
  359. mutex_lock(&sel_mutex);
  360. ret = task_has_security(current, SECURITY__READ_POLICY);
  361. if (ret)
  362. goto out;
  363. ret = simple_read_from_buffer(buf, count, ppos, plm->data, plm->len);
  364. out:
  365. mutex_unlock(&sel_mutex);
  366. return ret;
  367. }
  368. static int sel_mmap_policy_fault(struct vm_area_struct *vma,
  369. struct vm_fault *vmf)
  370. {
  371. struct policy_load_memory *plm = vma->vm_file->private_data;
  372. unsigned long offset;
  373. struct page *page;
  374. if (vmf->flags & (FAULT_FLAG_MKWRITE | FAULT_FLAG_WRITE))
  375. return VM_FAULT_SIGBUS;
  376. offset = vmf->pgoff << PAGE_SHIFT;
  377. if (offset >= roundup(plm->len, PAGE_SIZE))
  378. return VM_FAULT_SIGBUS;
  379. page = vmalloc_to_page(plm->data + offset);
  380. get_page(page);
  381. vmf->page = page;
  382. return 0;
  383. }
  384. static struct vm_operations_struct sel_mmap_policy_ops = {
  385. .fault = sel_mmap_policy_fault,
  386. .page_mkwrite = sel_mmap_policy_fault,
  387. };
  388. static int sel_mmap_policy(struct file *filp, struct vm_area_struct *vma)
  389. {
  390. if (vma->vm_flags & VM_SHARED) {
  391. /* do not allow mprotect to make mapping writable */
  392. vma->vm_flags &= ~VM_MAYWRITE;
  393. if (vma->vm_flags & VM_WRITE)
  394. return -EACCES;
  395. }
  396. vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP;
  397. vma->vm_ops = &sel_mmap_policy_ops;
  398. return 0;
  399. }
  400. static const struct file_operations sel_policy_ops = {
  401. .open = sel_open_policy,
  402. .read = sel_read_policy,
  403. .mmap = sel_mmap_policy,
  404. .release = sel_release_policy,
  405. .llseek = generic_file_llseek,
  406. };
  407. static ssize_t sel_write_load(struct file *file, const char __user *buf,
  408. size_t count, loff_t *ppos)
  409. {
  410. ssize_t length;
  411. void *data = NULL;
  412. mutex_lock(&sel_mutex);
  413. length = task_has_security(current, SECURITY__LOAD_POLICY);
  414. if (length)
  415. goto out;
  416. /* No partial writes. */
  417. length = -EINVAL;
  418. if (*ppos != 0)
  419. goto out;
  420. length = -EFBIG;
  421. if (count > 64 * 1024 * 1024)
  422. goto out;
  423. length = -ENOMEM;
  424. data = vmalloc(count);
  425. if (!data)
  426. goto out;
  427. length = -EFAULT;
  428. if (copy_from_user(data, buf, count) != 0)
  429. goto out;
  430. length = security_load_policy(data, count);
  431. if (length)
  432. goto out;
  433. length = sel_make_bools();
  434. if (length)
  435. goto out1;
  436. length = sel_make_classes();
  437. if (length)
  438. goto out1;
  439. length = sel_make_policycap();
  440. if (length)
  441. goto out1;
  442. length = count;
  443. out1:
  444. audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
  445. "policy loaded auid=%u ses=%u",
  446. from_kuid(&init_user_ns, audit_get_loginuid(current)),
  447. audit_get_sessionid(current));
  448. out:
  449. mutex_unlock(&sel_mutex);
  450. vfree(data);
  451. return length;
  452. }
  453. static const struct file_operations sel_load_ops = {
  454. .write = sel_write_load,
  455. .llseek = generic_file_llseek,
  456. };
  457. static ssize_t sel_write_context(struct file *file, char *buf, size_t size)
  458. {
  459. char *canon = NULL;
  460. u32 sid, len;
  461. ssize_t length;
  462. length = task_has_security(current, SECURITY__CHECK_CONTEXT);
  463. if (length)
  464. goto out;
  465. length = security_context_to_sid(buf, size, &sid);
  466. if (length)
  467. goto out;
  468. length = security_sid_to_context(sid, &canon, &len);
  469. if (length)
  470. goto out;
  471. length = -ERANGE;
  472. if (len > SIMPLE_TRANSACTION_LIMIT) {
  473. printk(KERN_ERR "SELinux: %s: context size (%u) exceeds "
  474. "payload max\n", __func__, len);
  475. goto out;
  476. }
  477. memcpy(buf, canon, len);
  478. length = len;
  479. out:
  480. kfree(canon);
  481. return length;
  482. }
  483. static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf,
  484. size_t count, loff_t *ppos)
  485. {
  486. char tmpbuf[TMPBUFLEN];
  487. ssize_t length;
  488. length = scnprintf(tmpbuf, TMPBUFLEN, "%u", selinux_checkreqprot);
  489. return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
  490. }
  491. static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
  492. size_t count, loff_t *ppos)
  493. {
  494. char *page = NULL;
  495. ssize_t length;
  496. unsigned int new_value;
  497. length = task_has_security(current, SECURITY__SETCHECKREQPROT);
  498. if (length)
  499. goto out;
  500. length = -ENOMEM;
  501. if (count >= PAGE_SIZE)
  502. goto out;
  503. /* No partial writes. */
  504. length = -EINVAL;
  505. if (*ppos != 0)
  506. goto out;
  507. length = -ENOMEM;
  508. page = (char *)get_zeroed_page(GFP_KERNEL);
  509. if (!page)
  510. goto out;
  511. length = -EFAULT;
  512. if (copy_from_user(page, buf, count))
  513. goto out;
  514. length = -EINVAL;
  515. if (sscanf(page, "%u", &new_value) != 1)
  516. goto out;
  517. selinux_checkreqprot = new_value ? 1 : 0;
  518. length = count;
  519. out:
  520. free_page((unsigned long) page);
  521. return length;
  522. }
  523. static const struct file_operations sel_checkreqprot_ops = {
  524. .read = sel_read_checkreqprot,
  525. .write = sel_write_checkreqprot,
  526. .llseek = generic_file_llseek,
  527. };
  528. /*
  529. * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c
  530. */
  531. static ssize_t sel_write_access(struct file *file, char *buf, size_t size);
  532. static ssize_t sel_write_create(struct file *file, char *buf, size_t size);
  533. static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size);
  534. static ssize_t sel_write_user(struct file *file, char *buf, size_t size);
  535. static ssize_t sel_write_member(struct file *file, char *buf, size_t size);
  536. static ssize_t (*write_op[])(struct file *, char *, size_t) = {
  537. [SEL_ACCESS] = sel_write_access,
  538. [SEL_CREATE] = sel_write_create,
  539. [SEL_RELABEL] = sel_write_relabel,
  540. [SEL_USER] = sel_write_user,
  541. [SEL_MEMBER] = sel_write_member,
  542. [SEL_CONTEXT] = sel_write_context,
  543. };
  544. static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos)
  545. {
  546. ino_t ino = file_inode(file)->i_ino;
  547. char *data;
  548. ssize_t rv;
  549. if (ino >= ARRAY_SIZE(write_op) || !write_op[ino])
  550. return -EINVAL;
  551. data = simple_transaction_get(file, buf, size);
  552. if (IS_ERR(data))
  553. return PTR_ERR(data);
  554. rv = write_op[ino](file, data, size);
  555. if (rv > 0) {
  556. simple_transaction_set(file, rv);
  557. rv = size;
  558. }
  559. return rv;
  560. }
  561. static const struct file_operations transaction_ops = {
  562. .write = selinux_transaction_write,
  563. .read = simple_transaction_read,
  564. .release = simple_transaction_release,
  565. .llseek = generic_file_llseek,
  566. };
  567. /*
  568. * payload - write methods
  569. * If the method has a response, the response should be put in buf,
  570. * and the length returned. Otherwise return 0 or and -error.
  571. */
  572. static ssize_t sel_write_access(struct file *file, char *buf, size_t size)
  573. {
  574. char *scon = NULL, *tcon = NULL;
  575. u32 ssid, tsid;
  576. u16 tclass;
  577. struct av_decision avd;
  578. ssize_t length;
  579. length = task_has_security(current, SECURITY__COMPUTE_AV);
  580. if (length)
  581. goto out;
  582. length = -ENOMEM;
  583. scon = kzalloc(size + 1, GFP_KERNEL);
  584. if (!scon)
  585. goto out;
  586. length = -ENOMEM;
  587. tcon = kzalloc(size + 1, GFP_KERNEL);
  588. if (!tcon)
  589. goto out;
  590. length = -EINVAL;
  591. if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
  592. goto out;
  593. length = security_context_to_sid(scon, strlen(scon) + 1, &ssid);
  594. if (length)
  595. goto out;
  596. length = security_context_to_sid(tcon, strlen(tcon) + 1, &tsid);
  597. if (length)
  598. goto out;
  599. security_compute_av_user(ssid, tsid, tclass, &avd);
  600. length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT,
  601. "%x %x %x %x %u %x",
  602. avd.allowed, 0xffffffff,
  603. avd.auditallow, avd.auditdeny,
  604. avd.seqno, avd.flags);
  605. out:
  606. kfree(tcon);
  607. kfree(scon);
  608. return length;
  609. }
  610. static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
  611. {
  612. char *scon = NULL, *tcon = NULL;
  613. char *namebuf = NULL, *objname = NULL;
  614. u32 ssid, tsid, newsid;
  615. u16 tclass;
  616. ssize_t length;
  617. char *newcon = NULL;
  618. u32 len;
  619. int nargs;
  620. length = task_has_security(current, SECURITY__COMPUTE_CREATE);
  621. if (length)
  622. goto out;
  623. length = -ENOMEM;
  624. scon = kzalloc(size + 1, GFP_KERNEL);
  625. if (!scon)
  626. goto out;
  627. length = -ENOMEM;
  628. tcon = kzalloc(size + 1, GFP_KERNEL);
  629. if (!tcon)
  630. goto out;
  631. length = -ENOMEM;
  632. namebuf = kzalloc(size + 1, GFP_KERNEL);
  633. if (!namebuf)
  634. goto out;
  635. length = -EINVAL;
  636. nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf);
  637. if (nargs < 3 || nargs > 4)
  638. goto out;
  639. if (nargs == 4) {
  640. /*
  641. * If and when the name of new object to be queried contains
  642. * either whitespace or multibyte characters, they shall be
  643. * encoded based on the percentage-encoding rule.
  644. * If not encoded, the sscanf logic picks up only left-half
  645. * of the supplied name; splitted by a whitespace unexpectedly.
  646. */
  647. char *r, *w;
  648. int c1, c2;
  649. r = w = namebuf;
  650. do {
  651. c1 = *r++;
  652. if (c1 == '+')
  653. c1 = ' ';
  654. else if (c1 == '%') {
  655. c1 = hex_to_bin(*r++);
  656. if (c1 < 0)
  657. goto out;
  658. c2 = hex_to_bin(*r++);
  659. if (c2 < 0)
  660. goto out;
  661. c1 = (c1 << 4) | c2;
  662. }
  663. *w++ = c1;
  664. } while (c1 != '\0');
  665. objname = namebuf;
  666. }
  667. length = security_context_to_sid(scon, strlen(scon) + 1, &ssid);
  668. if (length)
  669. goto out;
  670. length = security_context_to_sid(tcon, strlen(tcon) + 1, &tsid);
  671. if (length)
  672. goto out;
  673. length = security_transition_sid_user(ssid, tsid, tclass,
  674. objname, &newsid);
  675. if (length)
  676. goto out;
  677. length = security_sid_to_context(newsid, &newcon, &len);
  678. if (length)
  679. goto out;
  680. length = -ERANGE;
  681. if (len > SIMPLE_TRANSACTION_LIMIT) {
  682. printk(KERN_ERR "SELinux: %s: context size (%u) exceeds "
  683. "payload max\n", __func__, len);
  684. goto out;
  685. }
  686. memcpy(buf, newcon, len);
  687. length = len;
  688. out:
  689. kfree(newcon);
  690. kfree(namebuf);
  691. kfree(tcon);
  692. kfree(scon);
  693. return length;
  694. }
  695. static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size)
  696. {
  697. char *scon = NULL, *tcon = NULL;
  698. u32 ssid, tsid, newsid;
  699. u16 tclass;
  700. ssize_t length;
  701. char *newcon = NULL;
  702. u32 len;
  703. length = task_has_security(current, SECURITY__COMPUTE_RELABEL);
  704. if (length)
  705. goto out;
  706. length = -ENOMEM;
  707. scon = kzalloc(size + 1, GFP_KERNEL);
  708. if (!scon)
  709. goto out;
  710. length = -ENOMEM;
  711. tcon = kzalloc(size + 1, GFP_KERNEL);
  712. if (!tcon)
  713. goto out;
  714. length = -EINVAL;
  715. if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
  716. goto out;
  717. length = security_context_to_sid(scon, strlen(scon) + 1, &ssid);
  718. if (length)
  719. goto out;
  720. length = security_context_to_sid(tcon, strlen(tcon) + 1, &tsid);
  721. if (length)
  722. goto out;
  723. length = security_change_sid(ssid, tsid, tclass, &newsid);
  724. if (length)
  725. goto out;
  726. length = security_sid_to_context(newsid, &newcon, &len);
  727. if (length)
  728. goto out;
  729. length = -ERANGE;
  730. if (len > SIMPLE_TRANSACTION_LIMIT)
  731. goto out;
  732. memcpy(buf, newcon, len);
  733. length = len;
  734. out:
  735. kfree(newcon);
  736. kfree(tcon);
  737. kfree(scon);
  738. return length;
  739. }
  740. static ssize_t sel_write_user(struct file *file, char *buf, size_t size)
  741. {
  742. char *con = NULL, *user = NULL, *ptr;
  743. u32 sid, *sids = NULL;
  744. ssize_t length;
  745. char *newcon;
  746. int i, rc;
  747. u32 len, nsids;
  748. length = task_has_security(current, SECURITY__COMPUTE_USER);
  749. if (length)
  750. goto out;
  751. length = -ENOMEM;
  752. con = kzalloc(size + 1, GFP_KERNEL);
  753. if (!con)
  754. goto out;
  755. length = -ENOMEM;
  756. user = kzalloc(size + 1, GFP_KERNEL);
  757. if (!user)
  758. goto out;
  759. length = -EINVAL;
  760. if (sscanf(buf, "%s %s", con, user) != 2)
  761. goto out;
  762. length = security_context_to_sid(con, strlen(con) + 1, &sid);
  763. if (length)
  764. goto out;
  765. length = security_get_user_sids(sid, user, &sids, &nsids);
  766. if (length)
  767. goto out;
  768. length = sprintf(buf, "%u", nsids) + 1;
  769. ptr = buf + length;
  770. for (i = 0; i < nsids; i++) {
  771. rc = security_sid_to_context(sids[i], &newcon, &len);
  772. if (rc) {
  773. length = rc;
  774. goto out;
  775. }
  776. if ((length + len) >= SIMPLE_TRANSACTION_LIMIT) {
  777. kfree(newcon);
  778. length = -ERANGE;
  779. goto out;
  780. }
  781. memcpy(ptr, newcon, len);
  782. kfree(newcon);
  783. ptr += len;
  784. length += len;
  785. }
  786. out:
  787. kfree(sids);
  788. kfree(user);
  789. kfree(con);
  790. return length;
  791. }
  792. static ssize_t sel_write_member(struct file *file, char *buf, size_t size)
  793. {
  794. char *scon = NULL, *tcon = NULL;
  795. u32 ssid, tsid, newsid;
  796. u16 tclass;
  797. ssize_t length;
  798. char *newcon = NULL;
  799. u32 len;
  800. length = task_has_security(current, SECURITY__COMPUTE_MEMBER);
  801. if (length)
  802. goto out;
  803. length = -ENOMEM;
  804. scon = kzalloc(size + 1, GFP_KERNEL);
  805. if (!scon)
  806. goto out;
  807. length = -ENOMEM;
  808. tcon = kzalloc(size + 1, GFP_KERNEL);
  809. if (!tcon)
  810. goto out;
  811. length = -EINVAL;
  812. if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
  813. goto out;
  814. length = security_context_to_sid(scon, strlen(scon) + 1, &ssid);
  815. if (length)
  816. goto out;
  817. length = security_context_to_sid(tcon, strlen(tcon) + 1, &tsid);
  818. if (length)
  819. goto out;
  820. length = security_member_sid(ssid, tsid, tclass, &newsid);
  821. if (length)
  822. goto out;
  823. length = security_sid_to_context(newsid, &newcon, &len);
  824. if (length)
  825. goto out;
  826. length = -ERANGE;
  827. if (len > SIMPLE_TRANSACTION_LIMIT) {
  828. printk(KERN_ERR "SELinux: %s: context size (%u) exceeds "
  829. "payload max\n", __func__, len);
  830. goto out;
  831. }
  832. memcpy(buf, newcon, len);
  833. length = len;
  834. out:
  835. kfree(newcon);
  836. kfree(tcon);
  837. kfree(scon);
  838. return length;
  839. }
  840. static struct inode *sel_make_inode(struct super_block *sb, int mode)
  841. {
  842. struct inode *ret = new_inode(sb);
  843. if (ret) {
  844. ret->i_mode = mode;
  845. ret->i_atime = ret->i_mtime = ret->i_ctime = CURRENT_TIME;
  846. }
  847. return ret;
  848. }
  849. static ssize_t sel_read_bool(struct file *filep, char __user *buf,
  850. size_t count, loff_t *ppos)
  851. {
  852. char *page = NULL;
  853. ssize_t length;
  854. ssize_t ret;
  855. int cur_enforcing;
  856. unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
  857. const char *name = filep->f_path.dentry->d_name.name;
  858. mutex_lock(&sel_mutex);
  859. ret = -EINVAL;
  860. if (index >= bool_num || strcmp(name, bool_pending_names[index]))
  861. goto out;
  862. ret = -ENOMEM;
  863. page = (char *)get_zeroed_page(GFP_KERNEL);
  864. if (!page)
  865. goto out;
  866. cur_enforcing = security_get_bool_value(index);
  867. if (cur_enforcing < 0) {
  868. ret = cur_enforcing;
  869. goto out;
  870. }
  871. length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing,
  872. bool_pending_values[index]);
  873. ret = simple_read_from_buffer(buf, count, ppos, page, length);
  874. out:
  875. mutex_unlock(&sel_mutex);
  876. free_page((unsigned long)page);
  877. return ret;
  878. }
  879. static ssize_t sel_write_bool(struct file *filep, const char __user *buf,
  880. size_t count, loff_t *ppos)
  881. {
  882. char *page = NULL;
  883. ssize_t length;
  884. int new_value;
  885. unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
  886. const char *name = filep->f_path.dentry->d_name.name;
  887. mutex_lock(&sel_mutex);
  888. length = task_has_security(current, SECURITY__SETBOOL);
  889. if (length)
  890. goto out;
  891. length = -EINVAL;
  892. if (index >= bool_num || strcmp(name, bool_pending_names[index]))
  893. goto out;
  894. length = -ENOMEM;
  895. if (count >= PAGE_SIZE)
  896. goto out;
  897. /* No partial writes. */
  898. length = -EINVAL;
  899. if (*ppos != 0)
  900. goto out;
  901. length = -ENOMEM;
  902. page = (char *)get_zeroed_page(GFP_KERNEL);
  903. if (!page)
  904. goto out;
  905. length = -EFAULT;
  906. if (copy_from_user(page, buf, count))
  907. goto out;
  908. length = -EINVAL;
  909. if (sscanf(page, "%d", &new_value) != 1)
  910. goto out;
  911. if (new_value)
  912. new_value = 1;
  913. bool_pending_values[index] = new_value;
  914. length = count;
  915. out:
  916. mutex_unlock(&sel_mutex);
  917. free_page((unsigned long) page);
  918. return length;
  919. }
  920. static const struct file_operations sel_bool_ops = {
  921. .read = sel_read_bool,
  922. .write = sel_write_bool,
  923. .llseek = generic_file_llseek,
  924. };
  925. static ssize_t sel_commit_bools_write(struct file *filep,
  926. const char __user *buf,
  927. size_t count, loff_t *ppos)
  928. {
  929. char *page = NULL;
  930. ssize_t length;
  931. int new_value;
  932. mutex_lock(&sel_mutex);
  933. length = task_has_security(current, SECURITY__SETBOOL);
  934. if (length)
  935. goto out;
  936. length = -ENOMEM;
  937. if (count >= PAGE_SIZE)
  938. goto out;
  939. /* No partial writes. */
  940. length = -EINVAL;
  941. if (*ppos != 0)
  942. goto out;
  943. length = -ENOMEM;
  944. page = (char *)get_zeroed_page(GFP_KERNEL);
  945. if (!page)
  946. goto out;
  947. length = -EFAULT;
  948. if (copy_from_user(page, buf, count))
  949. goto out;
  950. length = -EINVAL;
  951. if (sscanf(page, "%d", &new_value) != 1)
  952. goto out;
  953. length = 0;
  954. if (new_value && bool_pending_values)
  955. length = security_set_bools(bool_num, bool_pending_values);
  956. if (!length)
  957. length = count;
  958. out:
  959. mutex_unlock(&sel_mutex);
  960. free_page((unsigned long) page);
  961. return length;
  962. }
  963. static const struct file_operations sel_commit_bools_ops = {
  964. .write = sel_commit_bools_write,
  965. .llseek = generic_file_llseek,
  966. };
  967. static void sel_remove_entries(struct dentry *de)
  968. {
  969. struct list_head *node;
  970. spin_lock(&de->d_lock);
  971. node = de->d_subdirs.next;
  972. while (node != &de->d_subdirs) {
  973. struct dentry *d = list_entry(node, struct dentry, d_u.d_child);
  974. spin_lock_nested(&d->d_lock, DENTRY_D_LOCK_NESTED);
  975. list_del_init(node);
  976. if (d->d_inode) {
  977. dget_dlock(d);
  978. spin_unlock(&de->d_lock);
  979. spin_unlock(&d->d_lock);
  980. d_delete(d);
  981. simple_unlink(de->d_inode, d);
  982. dput(d);
  983. spin_lock(&de->d_lock);
  984. } else
  985. spin_unlock(&d->d_lock);
  986. node = de->d_subdirs.next;
  987. }
  988. spin_unlock(&de->d_lock);
  989. }
  990. #define BOOL_DIR_NAME "booleans"
  991. static int sel_make_bools(void)
  992. {
  993. int i, ret;
  994. ssize_t len;
  995. struct dentry *dentry = NULL;
  996. struct dentry *dir = bool_dir;
  997. struct inode *inode = NULL;
  998. struct inode_security_struct *isec;
  999. char **names = NULL, *page;
  1000. int num;
  1001. int *values = NULL;
  1002. u32 sid;
  1003. /* remove any existing files */
  1004. for (i = 0; i < bool_num; i++)
  1005. kfree(bool_pending_names[i]);
  1006. kfree(bool_pending_names);
  1007. kfree(bool_pending_values);
  1008. bool_num = 0;
  1009. bool_pending_names = NULL;
  1010. bool_pending_values = NULL;
  1011. sel_remove_entries(dir);
  1012. ret = -ENOMEM;
  1013. page = (char *)get_zeroed_page(GFP_KERNEL);
  1014. if (!page)
  1015. goto out;
  1016. ret = security_get_bools(&num, &names, &values);
  1017. if (ret)
  1018. goto out;
  1019. for (i = 0; i < num; i++) {
  1020. ret = -ENOMEM;
  1021. dentry = d_alloc_name(dir, names[i]);
  1022. if (!dentry)
  1023. goto out;
  1024. ret = -ENOMEM;
  1025. inode = sel_make_inode(dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR);
  1026. if (!inode)
  1027. goto out;
  1028. ret = -ENAMETOOLONG;
  1029. len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]);
  1030. if (len >= PAGE_SIZE)
  1031. goto out;
  1032. isec = (struct inode_security_struct *)inode->i_security;
  1033. ret = security_genfs_sid("selinuxfs", page, SECCLASS_FILE, &sid);
  1034. if (ret)
  1035. goto out;
  1036. isec->sid = sid;
  1037. isec->initialized = 1;
  1038. inode->i_fop = &sel_bool_ops;
  1039. inode->i_ino = i|SEL_BOOL_INO_OFFSET;
  1040. d_add(dentry, inode);
  1041. }
  1042. bool_num = num;
  1043. bool_pending_names = names;
  1044. bool_pending_values = values;
  1045. free_page((unsigned long)page);
  1046. return 0;
  1047. out:
  1048. free_page((unsigned long)page);
  1049. if (names) {
  1050. for (i = 0; i < num; i++)
  1051. kfree(names[i]);
  1052. kfree(names);
  1053. }
  1054. kfree(values);
  1055. sel_remove_entries(dir);
  1056. return ret;
  1057. }
  1058. #define NULL_FILE_NAME "null"
  1059. struct path selinux_null;
  1060. static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf,
  1061. size_t count, loff_t *ppos)
  1062. {
  1063. char tmpbuf[TMPBUFLEN];
  1064. ssize_t length;
  1065. length = scnprintf(tmpbuf, TMPBUFLEN, "%u", avc_cache_threshold);
  1066. return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
  1067. }
  1068. static ssize_t sel_write_avc_cache_threshold(struct file *file,
  1069. const char __user *buf,
  1070. size_t count, loff_t *ppos)
  1071. {
  1072. char *page = NULL;
  1073. ssize_t ret;
  1074. int new_value;
  1075. ret = task_has_security(current, SECURITY__SETSECPARAM);
  1076. if (ret)
  1077. goto out;
  1078. ret = -ENOMEM;
  1079. if (count >= PAGE_SIZE)
  1080. goto out;
  1081. /* No partial writes. */
  1082. ret = -EINVAL;
  1083. if (*ppos != 0)
  1084. goto out;
  1085. ret = -ENOMEM;
  1086. page = (char *)get_zeroed_page(GFP_KERNEL);
  1087. if (!page)
  1088. goto out;
  1089. ret = -EFAULT;
  1090. if (copy_from_user(page, buf, count))
  1091. goto out;
  1092. ret = -EINVAL;
  1093. if (sscanf(page, "%u", &new_value) != 1)
  1094. goto out;
  1095. avc_cache_threshold = new_value;
  1096. ret = count;
  1097. out:
  1098. free_page((unsigned long)page);
  1099. return ret;
  1100. }
  1101. static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf,
  1102. size_t count, loff_t *ppos)
  1103. {
  1104. char *page;
  1105. ssize_t length;
  1106. page = (char *)__get_free_page(GFP_KERNEL);
  1107. if (!page)
  1108. return -ENOMEM;
  1109. length = avc_get_hash_stats(page);
  1110. if (length >= 0)
  1111. length = simple_read_from_buffer(buf, count, ppos, page, length);
  1112. free_page((unsigned long)page);
  1113. return length;
  1114. }
  1115. static const struct file_operations sel_avc_cache_threshold_ops = {
  1116. .read = sel_read_avc_cache_threshold,
  1117. .write = sel_write_avc_cache_threshold,
  1118. .llseek = generic_file_llseek,
  1119. };
  1120. static const struct file_operations sel_avc_hash_stats_ops = {
  1121. .read = sel_read_avc_hash_stats,
  1122. .llseek = generic_file_llseek,
  1123. };
  1124. #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
  1125. static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx)
  1126. {
  1127. int cpu;
  1128. for (cpu = *idx; cpu < nr_cpu_ids; ++cpu) {
  1129. if (!cpu_possible(cpu))
  1130. continue;
  1131. *idx = cpu + 1;
  1132. return &per_cpu(avc_cache_stats, cpu);
  1133. }
  1134. return NULL;
  1135. }
  1136. static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos)
  1137. {
  1138. loff_t n = *pos - 1;
  1139. if (*pos == 0)
  1140. return SEQ_START_TOKEN;
  1141. return sel_avc_get_stat_idx(&n);
  1142. }
  1143. static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos)
  1144. {
  1145. return sel_avc_get_stat_idx(pos);
  1146. }
  1147. static int sel_avc_stats_seq_show(struct seq_file *seq, void *v)
  1148. {
  1149. struct avc_cache_stats *st = v;
  1150. if (v == SEQ_START_TOKEN)
  1151. seq_printf(seq, "lookups hits misses allocations reclaims "
  1152. "frees\n");
  1153. else {
  1154. unsigned int lookups = st->lookups;
  1155. unsigned int misses = st->misses;
  1156. unsigned int hits = lookups - misses;
  1157. seq_printf(seq, "%u %u %u %u %u %u\n", lookups,
  1158. hits, misses, st->allocations,
  1159. st->reclaims, st->frees);
  1160. }
  1161. return 0;
  1162. }
  1163. static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v)
  1164. { }
  1165. static const struct seq_operations sel_avc_cache_stats_seq_ops = {
  1166. .start = sel_avc_stats_seq_start,
  1167. .next = sel_avc_stats_seq_next,
  1168. .show = sel_avc_stats_seq_show,
  1169. .stop = sel_avc_stats_seq_stop,
  1170. };
  1171. static int sel_open_avc_cache_stats(struct inode *inode, struct file *file)
  1172. {
  1173. return seq_open(file, &sel_avc_cache_stats_seq_ops);
  1174. }
  1175. static const struct file_operations sel_avc_cache_stats_ops = {
  1176. .open = sel_open_avc_cache_stats,
  1177. .read = seq_read,
  1178. .llseek = seq_lseek,
  1179. .release = seq_release,
  1180. };
  1181. #endif
  1182. static int sel_make_avc_files(struct dentry *dir)
  1183. {
  1184. int i;
  1185. static struct tree_descr files[] = {
  1186. { "cache_threshold",
  1187. &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR },
  1188. { "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO },
  1189. #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
  1190. { "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO },
  1191. #endif
  1192. };
  1193. for (i = 0; i < ARRAY_SIZE(files); i++) {
  1194. struct inode *inode;
  1195. struct dentry *dentry;
  1196. dentry = d_alloc_name(dir, files[i].name);
  1197. if (!dentry)
  1198. return -ENOMEM;
  1199. inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode);
  1200. if (!inode)
  1201. return -ENOMEM;
  1202. inode->i_fop = files[i].ops;
  1203. inode->i_ino = ++sel_last_ino;
  1204. d_add(dentry, inode);
  1205. }
  1206. return 0;
  1207. }
  1208. static ssize_t sel_read_initcon(struct file *file, char __user *buf,
  1209. size_t count, loff_t *ppos)
  1210. {
  1211. char *con;
  1212. u32 sid, len;
  1213. ssize_t ret;
  1214. sid = file_inode(file)->i_ino&SEL_INO_MASK;
  1215. ret = security_sid_to_context(sid, &con, &len);
  1216. if (ret)
  1217. return ret;
  1218. ret = simple_read_from_buffer(buf, count, ppos, con, len);
  1219. kfree(con);
  1220. return ret;
  1221. }
  1222. static const struct file_operations sel_initcon_ops = {
  1223. .read = sel_read_initcon,
  1224. .llseek = generic_file_llseek,
  1225. };
  1226. static int sel_make_initcon_files(struct dentry *dir)
  1227. {
  1228. int i;
  1229. for (i = 1; i <= SECINITSID_NUM; i++) {
  1230. struct inode *inode;
  1231. struct dentry *dentry;
  1232. dentry = d_alloc_name(dir, security_get_initial_sid_context(i));
  1233. if (!dentry)
  1234. return -ENOMEM;
  1235. inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
  1236. if (!inode)
  1237. return -ENOMEM;
  1238. inode->i_fop = &sel_initcon_ops;
  1239. inode->i_ino = i|SEL_INITCON_INO_OFFSET;
  1240. d_add(dentry, inode);
  1241. }
  1242. return 0;
  1243. }
  1244. static inline unsigned long sel_class_to_ino(u16 class)
  1245. {
  1246. return (class * (SEL_VEC_MAX + 1)) | SEL_CLASS_INO_OFFSET;
  1247. }
  1248. static inline u16 sel_ino_to_class(unsigned long ino)
  1249. {
  1250. return (ino & SEL_INO_MASK) / (SEL_VEC_MAX + 1);
  1251. }
  1252. static inline unsigned long sel_perm_to_ino(u16 class, u32 perm)
  1253. {
  1254. return (class * (SEL_VEC_MAX + 1) + perm) | SEL_CLASS_INO_OFFSET;
  1255. }
  1256. static inline u32 sel_ino_to_perm(unsigned long ino)
  1257. {
  1258. return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1);
  1259. }
  1260. static ssize_t sel_read_class(struct file *file, char __user *buf,
  1261. size_t count, loff_t *ppos)
  1262. {
  1263. unsigned long ino = file_inode(file)->i_ino;
  1264. char res[TMPBUFLEN];
  1265. ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_class(ino));
  1266. return simple_read_from_buffer(buf, count, ppos, res, len);
  1267. }
  1268. static const struct file_operations sel_class_ops = {
  1269. .read = sel_read_class,
  1270. .llseek = generic_file_llseek,
  1271. };
  1272. static ssize_t sel_read_perm(struct file *file, char __user *buf,
  1273. size_t count, loff_t *ppos)
  1274. {
  1275. unsigned long ino = file_inode(file)->i_ino;
  1276. char res[TMPBUFLEN];
  1277. ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino));
  1278. return simple_read_from_buffer(buf, count, ppos, res, len);
  1279. }
  1280. static const struct file_operations sel_perm_ops = {
  1281. .read = sel_read_perm,
  1282. .llseek = generic_file_llseek,
  1283. };
  1284. static ssize_t sel_read_policycap(struct file *file, char __user *buf,
  1285. size_t count, loff_t *ppos)
  1286. {
  1287. int value;
  1288. char tmpbuf[TMPBUFLEN];
  1289. ssize_t length;
  1290. unsigned long i_ino = file_inode(file)->i_ino;
  1291. value = security_policycap_supported(i_ino & SEL_INO_MASK);
  1292. length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value);
  1293. return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
  1294. }
  1295. static const struct file_operations sel_policycap_ops = {
  1296. .read = sel_read_policycap,
  1297. .llseek = generic_file_llseek,
  1298. };
  1299. static int sel_make_perm_files(char *objclass, int classvalue,
  1300. struct dentry *dir)
  1301. {
  1302. int i, rc, nperms;
  1303. char **perms;
  1304. rc = security_get_permissions(objclass, &perms, &nperms);
  1305. if (rc)
  1306. return rc;
  1307. for (i = 0; i < nperms; i++) {
  1308. struct inode *inode;
  1309. struct dentry *dentry;
  1310. rc = -ENOMEM;
  1311. dentry = d_alloc_name(dir, perms[i]);
  1312. if (!dentry)
  1313. goto out;
  1314. rc = -ENOMEM;
  1315. inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
  1316. if (!inode)
  1317. goto out;
  1318. inode->i_fop = &sel_perm_ops;
  1319. /* i+1 since perm values are 1-indexed */
  1320. inode->i_ino = sel_perm_to_ino(classvalue, i + 1);
  1321. d_add(dentry, inode);
  1322. }
  1323. rc = 0;
  1324. out:
  1325. for (i = 0; i < nperms; i++)
  1326. kfree(perms[i]);
  1327. kfree(perms);
  1328. return rc;
  1329. }
  1330. static int sel_make_class_dir_entries(char *classname, int index,
  1331. struct dentry *dir)
  1332. {
  1333. struct dentry *dentry = NULL;
  1334. struct inode *inode = NULL;
  1335. int rc;
  1336. dentry = d_alloc_name(dir, "index");
  1337. if (!dentry)
  1338. return -ENOMEM;
  1339. inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
  1340. if (!inode)
  1341. return -ENOMEM;
  1342. inode->i_fop = &sel_class_ops;
  1343. inode->i_ino = sel_class_to_ino(index);
  1344. d_add(dentry, inode);
  1345. dentry = sel_make_dir(dir, "perms", &last_class_ino);
  1346. if (IS_ERR(dentry))
  1347. return PTR_ERR(dentry);
  1348. rc = sel_make_perm_files(classname, index, dentry);
  1349. return rc;
  1350. }
  1351. static void sel_remove_classes(void)
  1352. {
  1353. struct list_head *class_node;
  1354. list_for_each(class_node, &class_dir->d_subdirs) {
  1355. struct dentry *class_subdir = list_entry(class_node,
  1356. struct dentry, d_u.d_child);
  1357. struct list_head *class_subdir_node;
  1358. list_for_each(class_subdir_node, &class_subdir->d_subdirs) {
  1359. struct dentry *d = list_entry(class_subdir_node,
  1360. struct dentry, d_u.d_child);
  1361. if (d->d_inode)
  1362. if (d->d_inode->i_mode & S_IFDIR)
  1363. sel_remove_entries(d);
  1364. }
  1365. sel_remove_entries(class_subdir);
  1366. }
  1367. sel_remove_entries(class_dir);
  1368. }
  1369. static int sel_make_classes(void)
  1370. {
  1371. int rc, nclasses, i;
  1372. char **classes;
  1373. /* delete any existing entries */
  1374. sel_remove_classes();
  1375. rc = security_get_classes(&classes, &nclasses);
  1376. if (rc)
  1377. return rc;
  1378. /* +2 since classes are 1-indexed */
  1379. last_class_ino = sel_class_to_ino(nclasses + 2);
  1380. for (i = 0; i < nclasses; i++) {
  1381. struct dentry *class_name_dir;
  1382. class_name_dir = sel_make_dir(class_dir, classes[i],
  1383. &last_class_ino);
  1384. if (IS_ERR(class_name_dir)) {
  1385. rc = PTR_ERR(class_name_dir);
  1386. goto out;
  1387. }
  1388. /* i+1 since class values are 1-indexed */
  1389. rc = sel_make_class_dir_entries(classes[i], i + 1,
  1390. class_name_dir);
  1391. if (rc)
  1392. goto out;
  1393. }
  1394. rc = 0;
  1395. out:
  1396. for (i = 0; i < nclasses; i++)
  1397. kfree(classes[i]);
  1398. kfree(classes);
  1399. return rc;
  1400. }
  1401. static int sel_make_policycap(void)
  1402. {
  1403. unsigned int iter;
  1404. struct dentry *dentry = NULL;
  1405. struct inode *inode = NULL;
  1406. sel_remove_entries(policycap_dir);
  1407. for (iter = 0; iter <= POLICYDB_CAPABILITY_MAX; iter++) {
  1408. if (iter < ARRAY_SIZE(policycap_names))
  1409. dentry = d_alloc_name(policycap_dir,
  1410. policycap_names[iter]);
  1411. else
  1412. dentry = d_alloc_name(policycap_dir, "unknown");
  1413. if (dentry == NULL)
  1414. return -ENOMEM;
  1415. inode = sel_make_inode(policycap_dir->d_sb, S_IFREG | S_IRUGO);
  1416. if (inode == NULL)
  1417. return -ENOMEM;
  1418. inode->i_fop = &sel_policycap_ops;
  1419. inode->i_ino = iter | SEL_POLICYCAP_INO_OFFSET;
  1420. d_add(dentry, inode);
  1421. }
  1422. return 0;
  1423. }
  1424. static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
  1425. unsigned long *ino)
  1426. {
  1427. struct dentry *dentry = d_alloc_name(dir, name);
  1428. struct inode *inode;
  1429. if (!dentry)
  1430. return ERR_PTR(-ENOMEM);
  1431. inode = sel_make_inode(dir->d_sb, S_IFDIR | S_IRUGO | S_IXUGO);
  1432. if (!inode) {
  1433. dput(dentry);
  1434. return ERR_PTR(-ENOMEM);
  1435. }
  1436. inode->i_op = &simple_dir_inode_operations;
  1437. inode->i_fop = &simple_dir_operations;
  1438. inode->i_ino = ++(*ino);
  1439. /* directory inodes start off with i_nlink == 2 (for "." entry) */
  1440. inc_nlink(inode);
  1441. d_add(dentry, inode);
  1442. /* bump link count on parent directory, too */
  1443. inc_nlink(dir->d_inode);
  1444. return dentry;
  1445. }
  1446. static int sel_fill_super(struct super_block *sb, void *data, int silent)
  1447. {
  1448. int ret;
  1449. struct dentry *dentry;
  1450. struct inode *inode;
  1451. struct inode_security_struct *isec;
  1452. static struct tree_descr selinux_files[] = {
  1453. [SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR},
  1454. [SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR},
  1455. [SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO},
  1456. [SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO},
  1457. [SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO},
  1458. [SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO},
  1459. [SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO},
  1460. [SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO},
  1461. [SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR},
  1462. [SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO},
  1463. [SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR},
  1464. [SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO},
  1465. [SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR},
  1466. [SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO},
  1467. [SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO},
  1468. [SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO},
  1469. [SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO},
  1470. /* last one */ {""}
  1471. };
  1472. ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);
  1473. if (ret)
  1474. goto err;
  1475. bool_dir = sel_make_dir(sb->s_root, BOOL_DIR_NAME, &sel_last_ino);
  1476. if (IS_ERR(bool_dir)) {
  1477. ret = PTR_ERR(bool_dir);
  1478. bool_dir = NULL;
  1479. goto err;
  1480. }
  1481. ret = -ENOMEM;
  1482. dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME);
  1483. if (!dentry)
  1484. goto err;
  1485. ret = -ENOMEM;
  1486. inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO);
  1487. if (!inode)
  1488. goto err;
  1489. inode->i_ino = ++sel_last_ino;
  1490. isec = (struct inode_security_struct *)inode->i_security;
  1491. isec->sid = SECINITSID_DEVNULL;
  1492. isec->sclass = SECCLASS_CHR_FILE;
  1493. isec->initialized = 1;
  1494. init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3));
  1495. d_add(dentry, inode);
  1496. selinux_null.dentry = dentry;
  1497. dentry = sel_make_dir(sb->s_root, "avc", &sel_last_ino);
  1498. if (IS_ERR(dentry)) {
  1499. ret = PTR_ERR(dentry);
  1500. goto err;
  1501. }
  1502. ret = sel_make_avc_files(dentry);
  1503. if (ret)
  1504. goto err;
  1505. dentry = sel_make_dir(sb->s_root, "initial_contexts", &sel_last_ino);
  1506. if (IS_ERR(dentry)) {
  1507. ret = PTR_ERR(dentry);
  1508. goto err;
  1509. }
  1510. ret = sel_make_initcon_files(dentry);
  1511. if (ret)
  1512. goto err;
  1513. class_dir = sel_make_dir(sb->s_root, "class", &sel_last_ino);
  1514. if (IS_ERR(class_dir)) {
  1515. ret = PTR_ERR(class_dir);
  1516. class_dir = NULL;
  1517. goto err;
  1518. }
  1519. policycap_dir = sel_make_dir(sb->s_root, "policy_capabilities", &sel_last_ino);
  1520. if (IS_ERR(policycap_dir)) {
  1521. ret = PTR_ERR(policycap_dir);
  1522. policycap_dir = NULL;
  1523. goto err;
  1524. }
  1525. return 0;
  1526. err:
  1527. printk(KERN_ERR "SELinux: %s: failed while creating inodes\n",
  1528. __func__);
  1529. return ret;
  1530. }
  1531. static struct dentry *sel_mount(struct file_system_type *fs_type,
  1532. int flags, const char *dev_name, void *data)
  1533. {
  1534. return mount_single(fs_type, flags, data, sel_fill_super);
  1535. }
  1536. static struct file_system_type sel_fs_type = {
  1537. .name = "selinuxfs",
  1538. .mount = sel_mount,
  1539. .kill_sb = kill_litter_super,
  1540. };
  1541. struct vfsmount *selinuxfs_mount;
  1542. static struct kobject *selinuxfs_kobj;
  1543. static int __init init_sel_fs(void)
  1544. {
  1545. int err;
  1546. if (!selinux_enabled)
  1547. return 0;
  1548. selinuxfs_kobj = kobject_create_and_add("selinux", fs_kobj);
  1549. if (!selinuxfs_kobj)
  1550. return -ENOMEM;
  1551. err = register_filesystem(&sel_fs_type);
  1552. if (err) {
  1553. kobject_put(selinuxfs_kobj);
  1554. return err;
  1555. }
  1556. selinux_null.mnt = selinuxfs_mount = kern_mount(&sel_fs_type);
  1557. if (IS_ERR(selinuxfs_mount)) {
  1558. printk(KERN_ERR "selinuxfs: could not mount!\n");
  1559. err = PTR_ERR(selinuxfs_mount);
  1560. selinuxfs_mount = NULL;
  1561. }
  1562. return err;
  1563. }
  1564. __initcall(init_sel_fs);
  1565. #ifdef CONFIG_SECURITY_SELINUX_DISABLE
  1566. void exit_sel_fs(void)
  1567. {
  1568. kobject_put(selinuxfs_kobj);
  1569. kern_unmount(selinuxfs_mount);
  1570. unregister_filesystem(&sel_fs_type);
  1571. }
  1572. #endif