selinuxfs.c 43 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955
  1. /* Updated: Karl MacMillan <kmacmillan@tresys.com>
  2. *
  3. * Added conditional policy language extensions
  4. *
  5. * Updated: Hewlett-Packard <paul.moore@hp.com>
  6. *
  7. * Added support for the policy capability bitmap
  8. *
  9. * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
  10. * Copyright (C) 2003 - 2004 Tresys Technology, LLC
  11. * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
  12. * This program is free software; you can redistribute it and/or modify
  13. * it under the terms of the GNU General Public License as published by
  14. * the Free Software Foundation, version 2.
  15. */
  16. #include <linux/kernel.h>
  17. #include <linux/pagemap.h>
  18. #include <linux/slab.h>
  19. #include <linux/vmalloc.h>
  20. #include <linux/fs.h>
  21. #include <linux/mutex.h>
  22. #include <linux/init.h>
  23. #include <linux/string.h>
  24. #include <linux/security.h>
  25. #include <linux/major.h>
  26. #include <linux/seq_file.h>
  27. #include <linux/percpu.h>
  28. #include <linux/audit.h>
  29. #include <linux/uaccess.h>
  30. /* selinuxfs pseudo filesystem for exporting the security policy API.
  31. Based on the proc code and the fs/nfsd/nfsctl.c code. */
  32. #include "flask.h"
  33. #include "avc.h"
  34. #include "avc_ss.h"
  35. #include "security.h"
  36. #include "objsec.h"
  37. #include "conditional.h"
  38. /* Policy capability filenames */
  39. static char *policycap_names[] = {
  40. "network_peer_controls",
  41. "open_perms"
  42. };
  43. unsigned int selinux_checkreqprot = CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE;
  44. static int __init checkreqprot_setup(char *str)
  45. {
  46. unsigned long checkreqprot;
  47. if (!strict_strtoul(str, 0, &checkreqprot))
  48. selinux_checkreqprot = checkreqprot ? 1 : 0;
  49. return 1;
  50. }
  51. __setup("checkreqprot=", checkreqprot_setup);
  52. static DEFINE_MUTEX(sel_mutex);
  53. /* global data for booleans */
  54. static struct dentry *bool_dir;
  55. static int bool_num;
  56. static char **bool_pending_names;
  57. static int *bool_pending_values;
  58. /* global data for classes */
  59. static struct dentry *class_dir;
  60. static unsigned long last_class_ino;
  61. static char policy_opened;
  62. /* global data for policy capabilities */
  63. static struct dentry *policycap_dir;
  64. extern void selnl_notify_setenforce(int val);
  65. /* Check whether a task is allowed to use a security operation. */
  66. static int task_has_security(struct task_struct *tsk,
  67. u32 perms)
  68. {
  69. const struct task_security_struct *tsec;
  70. u32 sid = 0;
  71. rcu_read_lock();
  72. tsec = __task_cred(tsk)->security;
  73. if (tsec)
  74. sid = tsec->sid;
  75. rcu_read_unlock();
  76. if (!tsec)
  77. return -EACCES;
  78. return avc_has_perm(sid, SECINITSID_SECURITY,
  79. SECCLASS_SECURITY, perms, NULL);
  80. }
  81. enum sel_inos {
  82. SEL_ROOT_INO = 2,
  83. SEL_LOAD, /* load policy */
  84. SEL_ENFORCE, /* get or set enforcing status */
  85. SEL_CONTEXT, /* validate context */
  86. SEL_ACCESS, /* compute access decision */
  87. SEL_CREATE, /* compute create labeling decision */
  88. SEL_RELABEL, /* compute relabeling decision */
  89. SEL_USER, /* compute reachable user contexts */
  90. SEL_POLICYVERS, /* return policy version for this kernel */
  91. SEL_COMMIT_BOOLS, /* commit new boolean values */
  92. SEL_MLS, /* return if MLS policy is enabled */
  93. SEL_DISABLE, /* disable SELinux until next reboot */
  94. SEL_MEMBER, /* compute polyinstantiation membership decision */
  95. SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */
  96. SEL_COMPAT_NET, /* whether to use old compat network packet controls */
  97. SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */
  98. SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */
  99. SEL_STATUS, /* export current status using mmap() */
  100. SEL_POLICY, /* allow userspace to read the in kernel policy */
  101. SEL_INO_NEXT, /* The next inode number to use */
  102. };
  103. static unsigned long sel_last_ino = SEL_INO_NEXT - 1;
  104. #define SEL_INITCON_INO_OFFSET 0x01000000
  105. #define SEL_BOOL_INO_OFFSET 0x02000000
  106. #define SEL_CLASS_INO_OFFSET 0x04000000
  107. #define SEL_POLICYCAP_INO_OFFSET 0x08000000
  108. #define SEL_INO_MASK 0x00ffffff
  109. #define TMPBUFLEN 12
  110. static ssize_t sel_read_enforce(struct file *filp, char __user *buf,
  111. size_t count, loff_t *ppos)
  112. {
  113. char tmpbuf[TMPBUFLEN];
  114. ssize_t length;
  115. length = scnprintf(tmpbuf, TMPBUFLEN, "%d", selinux_enforcing);
  116. return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
  117. }
  118. #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
  119. static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
  120. size_t count, loff_t *ppos)
  121. {
  122. char *page;
  123. ssize_t length;
  124. int new_value;
  125. if (count >= PAGE_SIZE)
  126. return -ENOMEM;
  127. if (*ppos != 0) {
  128. /* No partial writes. */
  129. return -EINVAL;
  130. }
  131. page = (char *)get_zeroed_page(GFP_KERNEL);
  132. if (!page)
  133. return -ENOMEM;
  134. length = -EFAULT;
  135. if (copy_from_user(page, buf, count))
  136. goto out;
  137. length = -EINVAL;
  138. if (sscanf(page, "%d", &new_value) != 1)
  139. goto out;
  140. if (new_value != selinux_enforcing) {
  141. length = task_has_security(current, SECURITY__SETENFORCE);
  142. if (length)
  143. goto out;
  144. audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
  145. "enforcing=%d old_enforcing=%d auid=%u ses=%u",
  146. new_value, selinux_enforcing,
  147. audit_get_loginuid(current),
  148. audit_get_sessionid(current));
  149. selinux_enforcing = new_value;
  150. if (selinux_enforcing)
  151. avc_ss_reset(0);
  152. selnl_notify_setenforce(selinux_enforcing);
  153. selinux_status_update_setenforce(selinux_enforcing);
  154. }
  155. length = count;
  156. out:
  157. free_page((unsigned long) page);
  158. return length;
  159. }
  160. #else
  161. #define sel_write_enforce NULL
  162. #endif
  163. static const struct file_operations sel_enforce_ops = {
  164. .read = sel_read_enforce,
  165. .write = sel_write_enforce,
  166. .llseek = generic_file_llseek,
  167. };
  168. static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf,
  169. size_t count, loff_t *ppos)
  170. {
  171. char tmpbuf[TMPBUFLEN];
  172. ssize_t length;
  173. ino_t ino = filp->f_path.dentry->d_inode->i_ino;
  174. int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ?
  175. security_get_reject_unknown() : !security_get_allow_unknown();
  176. length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown);
  177. return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
  178. }
  179. static const struct file_operations sel_handle_unknown_ops = {
  180. .read = sel_read_handle_unknown,
  181. .llseek = generic_file_llseek,
  182. };
  183. static int sel_open_handle_status(struct inode *inode, struct file *filp)
  184. {
  185. struct page *status = selinux_kernel_status_page();
  186. if (!status)
  187. return -ENOMEM;
  188. filp->private_data = status;
  189. return 0;
  190. }
  191. static ssize_t sel_read_handle_status(struct file *filp, char __user *buf,
  192. size_t count, loff_t *ppos)
  193. {
  194. struct page *status = filp->private_data;
  195. BUG_ON(!status);
  196. return simple_read_from_buffer(buf, count, ppos,
  197. page_address(status),
  198. sizeof(struct selinux_kernel_status));
  199. }
  200. static int sel_mmap_handle_status(struct file *filp,
  201. struct vm_area_struct *vma)
  202. {
  203. struct page *status = filp->private_data;
  204. unsigned long size = vma->vm_end - vma->vm_start;
  205. BUG_ON(!status);
  206. /* only allows one page from the head */
  207. if (vma->vm_pgoff > 0 || size != PAGE_SIZE)
  208. return -EIO;
  209. /* disallow writable mapping */
  210. if (vma->vm_flags & VM_WRITE)
  211. return -EPERM;
  212. /* disallow mprotect() turns it into writable */
  213. vma->vm_flags &= ~VM_MAYWRITE;
  214. return remap_pfn_range(vma, vma->vm_start,
  215. page_to_pfn(status),
  216. size, vma->vm_page_prot);
  217. }
  218. static const struct file_operations sel_handle_status_ops = {
  219. .open = sel_open_handle_status,
  220. .read = sel_read_handle_status,
  221. .mmap = sel_mmap_handle_status,
  222. .llseek = generic_file_llseek,
  223. };
  224. #ifdef CONFIG_SECURITY_SELINUX_DISABLE
  225. static ssize_t sel_write_disable(struct file *file, const char __user *buf,
  226. size_t count, loff_t *ppos)
  227. {
  228. char *page;
  229. ssize_t length;
  230. int new_value;
  231. extern int selinux_disable(void);
  232. if (count >= PAGE_SIZE)
  233. return -ENOMEM;
  234. if (*ppos != 0) {
  235. /* No partial writes. */
  236. return -EINVAL;
  237. }
  238. page = (char *)get_zeroed_page(GFP_KERNEL);
  239. if (!page)
  240. return -ENOMEM;
  241. length = -EFAULT;
  242. if (copy_from_user(page, buf, count))
  243. goto out;
  244. length = -EINVAL;
  245. if (sscanf(page, "%d", &new_value) != 1)
  246. goto out;
  247. if (new_value) {
  248. length = selinux_disable();
  249. if (length < 0)
  250. goto out;
  251. audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
  252. "selinux=0 auid=%u ses=%u",
  253. audit_get_loginuid(current),
  254. audit_get_sessionid(current));
  255. }
  256. length = count;
  257. out:
  258. free_page((unsigned long) page);
  259. return length;
  260. }
  261. #else
  262. #define sel_write_disable NULL
  263. #endif
  264. static const struct file_operations sel_disable_ops = {
  265. .write = sel_write_disable,
  266. .llseek = generic_file_llseek,
  267. };
  268. static ssize_t sel_read_policyvers(struct file *filp, char __user *buf,
  269. size_t count, loff_t *ppos)
  270. {
  271. char tmpbuf[TMPBUFLEN];
  272. ssize_t length;
  273. length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX);
  274. return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
  275. }
  276. static const struct file_operations sel_policyvers_ops = {
  277. .read = sel_read_policyvers,
  278. .llseek = generic_file_llseek,
  279. };
  280. /* declaration for sel_write_load */
  281. static int sel_make_bools(void);
  282. static int sel_make_classes(void);
  283. static int sel_make_policycap(void);
  284. /* declaration for sel_make_class_dirs */
  285. static int sel_make_dir(struct inode *dir, struct dentry *dentry,
  286. unsigned long *ino);
  287. static ssize_t sel_read_mls(struct file *filp, char __user *buf,
  288. size_t count, loff_t *ppos)
  289. {
  290. char tmpbuf[TMPBUFLEN];
  291. ssize_t length;
  292. length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
  293. security_mls_enabled());
  294. return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
  295. }
  296. static const struct file_operations sel_mls_ops = {
  297. .read = sel_read_mls,
  298. .llseek = generic_file_llseek,
  299. };
  300. struct policy_load_memory {
  301. size_t len;
  302. void *data;
  303. };
  304. static int sel_open_policy(struct inode *inode, struct file *filp)
  305. {
  306. struct policy_load_memory *plm = NULL;
  307. int rc;
  308. BUG_ON(filp->private_data);
  309. mutex_lock(&sel_mutex);
  310. rc = task_has_security(current, SECURITY__READ_POLICY);
  311. if (rc)
  312. goto err;
  313. rc = -EBUSY;
  314. if (policy_opened)
  315. goto err;
  316. rc = -ENOMEM;
  317. plm = kzalloc(sizeof(*plm), GFP_KERNEL);
  318. if (!plm)
  319. goto err;
  320. if (i_size_read(inode) != security_policydb_len()) {
  321. mutex_lock(&inode->i_mutex);
  322. i_size_write(inode, security_policydb_len());
  323. mutex_unlock(&inode->i_mutex);
  324. }
  325. rc = security_read_policy(&plm->data, &plm->len);
  326. if (rc)
  327. goto err;
  328. policy_opened = 1;
  329. filp->private_data = plm;
  330. mutex_unlock(&sel_mutex);
  331. return 0;
  332. err:
  333. mutex_unlock(&sel_mutex);
  334. if (plm)
  335. vfree(plm->data);
  336. kfree(plm);
  337. return rc;
  338. }
  339. static int sel_release_policy(struct inode *inode, struct file *filp)
  340. {
  341. struct policy_load_memory *plm = filp->private_data;
  342. BUG_ON(!plm);
  343. policy_opened = 0;
  344. vfree(plm->data);
  345. kfree(plm);
  346. return 0;
  347. }
  348. static ssize_t sel_read_policy(struct file *filp, char __user *buf,
  349. size_t count, loff_t *ppos)
  350. {
  351. struct policy_load_memory *plm = filp->private_data;
  352. int ret;
  353. mutex_lock(&sel_mutex);
  354. ret = task_has_security(current, SECURITY__READ_POLICY);
  355. if (ret)
  356. goto out;
  357. ret = simple_read_from_buffer(buf, count, ppos, plm->data, plm->len);
  358. out:
  359. mutex_unlock(&sel_mutex);
  360. return ret;
  361. }
  362. static int sel_mmap_policy_fault(struct vm_area_struct *vma,
  363. struct vm_fault *vmf)
  364. {
  365. struct policy_load_memory *plm = vma->vm_file->private_data;
  366. unsigned long offset;
  367. struct page *page;
  368. if (vmf->flags & (FAULT_FLAG_MKWRITE | FAULT_FLAG_WRITE))
  369. return VM_FAULT_SIGBUS;
  370. offset = vmf->pgoff << PAGE_SHIFT;
  371. if (offset >= roundup(plm->len, PAGE_SIZE))
  372. return VM_FAULT_SIGBUS;
  373. page = vmalloc_to_page(plm->data + offset);
  374. get_page(page);
  375. vmf->page = page;
  376. return 0;
  377. }
  378. static struct vm_operations_struct sel_mmap_policy_ops = {
  379. .fault = sel_mmap_policy_fault,
  380. .page_mkwrite = sel_mmap_policy_fault,
  381. };
  382. int sel_mmap_policy(struct file *filp, struct vm_area_struct *vma)
  383. {
  384. if (vma->vm_flags & VM_SHARED) {
  385. /* do not allow mprotect to make mapping writable */
  386. vma->vm_flags &= ~VM_MAYWRITE;
  387. if (vma->vm_flags & VM_WRITE)
  388. return -EACCES;
  389. }
  390. vma->vm_flags |= VM_RESERVED;
  391. vma->vm_ops = &sel_mmap_policy_ops;
  392. return 0;
  393. }
  394. static const struct file_operations sel_policy_ops = {
  395. .open = sel_open_policy,
  396. .read = sel_read_policy,
  397. .mmap = sel_mmap_policy,
  398. .release = sel_release_policy,
  399. };
  400. static ssize_t sel_write_load(struct file *file, const char __user *buf,
  401. size_t count, loff_t *ppos)
  402. {
  403. int ret;
  404. ssize_t length;
  405. void *data = NULL;
  406. mutex_lock(&sel_mutex);
  407. length = task_has_security(current, SECURITY__LOAD_POLICY);
  408. if (length)
  409. goto out;
  410. if (*ppos != 0) {
  411. /* No partial writes. */
  412. length = -EINVAL;
  413. goto out;
  414. }
  415. if ((count > 64 * 1024 * 1024)
  416. || (data = vmalloc(count)) == NULL) {
  417. length = -ENOMEM;
  418. goto out;
  419. }
  420. length = -EFAULT;
  421. if (copy_from_user(data, buf, count) != 0)
  422. goto out;
  423. length = security_load_policy(data, count);
  424. if (length)
  425. goto out;
  426. ret = sel_make_bools();
  427. if (ret) {
  428. length = ret;
  429. goto out1;
  430. }
  431. ret = sel_make_classes();
  432. if (ret) {
  433. length = ret;
  434. goto out1;
  435. }
  436. ret = sel_make_policycap();
  437. if (ret)
  438. length = ret;
  439. else
  440. length = count;
  441. out1:
  442. audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
  443. "policy loaded auid=%u ses=%u",
  444. audit_get_loginuid(current),
  445. audit_get_sessionid(current));
  446. out:
  447. mutex_unlock(&sel_mutex);
  448. vfree(data);
  449. return length;
  450. }
  451. static const struct file_operations sel_load_ops = {
  452. .write = sel_write_load,
  453. .llseek = generic_file_llseek,
  454. };
  455. static ssize_t sel_write_context(struct file *file, char *buf, size_t size)
  456. {
  457. char *canon;
  458. u32 sid, len;
  459. ssize_t length;
  460. length = task_has_security(current, SECURITY__CHECK_CONTEXT);
  461. if (length)
  462. return length;
  463. length = security_context_to_sid(buf, size, &sid);
  464. if (length < 0)
  465. return length;
  466. length = security_sid_to_context(sid, &canon, &len);
  467. if (length < 0)
  468. return length;
  469. if (len > SIMPLE_TRANSACTION_LIMIT) {
  470. printk(KERN_ERR "SELinux: %s: context size (%u) exceeds "
  471. "payload max\n", __func__, len);
  472. length = -ERANGE;
  473. goto out;
  474. }
  475. memcpy(buf, canon, len);
  476. length = len;
  477. out:
  478. kfree(canon);
  479. return length;
  480. }
  481. static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf,
  482. size_t count, loff_t *ppos)
  483. {
  484. char tmpbuf[TMPBUFLEN];
  485. ssize_t length;
  486. length = scnprintf(tmpbuf, TMPBUFLEN, "%u", selinux_checkreqprot);
  487. return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
  488. }
  489. static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
  490. size_t count, loff_t *ppos)
  491. {
  492. char *page;
  493. ssize_t length;
  494. unsigned int new_value;
  495. length = task_has_security(current, SECURITY__SETCHECKREQPROT);
  496. if (length)
  497. return length;
  498. if (count >= PAGE_SIZE)
  499. return -ENOMEM;
  500. if (*ppos != 0) {
  501. /* No partial writes. */
  502. return -EINVAL;
  503. }
  504. page = (char *)get_zeroed_page(GFP_KERNEL);
  505. if (!page)
  506. return -ENOMEM;
  507. length = -EFAULT;
  508. if (copy_from_user(page, buf, count))
  509. goto out;
  510. length = -EINVAL;
  511. if (sscanf(page, "%u", &new_value) != 1)
  512. goto out;
  513. selinux_checkreqprot = new_value ? 1 : 0;
  514. length = count;
  515. out:
  516. free_page((unsigned long) page);
  517. return length;
  518. }
  519. static const struct file_operations sel_checkreqprot_ops = {
  520. .read = sel_read_checkreqprot,
  521. .write = sel_write_checkreqprot,
  522. .llseek = generic_file_llseek,
  523. };
  524. /*
  525. * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c
  526. */
  527. static ssize_t sel_write_access(struct file *file, char *buf, size_t size);
  528. static ssize_t sel_write_create(struct file *file, char *buf, size_t size);
  529. static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size);
  530. static ssize_t sel_write_user(struct file *file, char *buf, size_t size);
  531. static ssize_t sel_write_member(struct file *file, char *buf, size_t size);
  532. static ssize_t (*write_op[])(struct file *, char *, size_t) = {
  533. [SEL_ACCESS] = sel_write_access,
  534. [SEL_CREATE] = sel_write_create,
  535. [SEL_RELABEL] = sel_write_relabel,
  536. [SEL_USER] = sel_write_user,
  537. [SEL_MEMBER] = sel_write_member,
  538. [SEL_CONTEXT] = sel_write_context,
  539. };
  540. static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos)
  541. {
  542. ino_t ino = file->f_path.dentry->d_inode->i_ino;
  543. char *data;
  544. ssize_t rv;
  545. if (ino >= ARRAY_SIZE(write_op) || !write_op[ino])
  546. return -EINVAL;
  547. data = simple_transaction_get(file, buf, size);
  548. if (IS_ERR(data))
  549. return PTR_ERR(data);
  550. rv = write_op[ino](file, data, size);
  551. if (rv > 0) {
  552. simple_transaction_set(file, rv);
  553. rv = size;
  554. }
  555. return rv;
  556. }
  557. static const struct file_operations transaction_ops = {
  558. .write = selinux_transaction_write,
  559. .read = simple_transaction_read,
  560. .release = simple_transaction_release,
  561. .llseek = generic_file_llseek,
  562. };
  563. /*
  564. * payload - write methods
  565. * If the method has a response, the response should be put in buf,
  566. * and the length returned. Otherwise return 0 or and -error.
  567. */
  568. static ssize_t sel_write_access(struct file *file, char *buf, size_t size)
  569. {
  570. char *scon, *tcon;
  571. u32 ssid, tsid;
  572. u16 tclass;
  573. struct av_decision avd;
  574. ssize_t length;
  575. length = task_has_security(current, SECURITY__COMPUTE_AV);
  576. if (length)
  577. return length;
  578. length = -ENOMEM;
  579. scon = kzalloc(size + 1, GFP_KERNEL);
  580. if (!scon)
  581. return length;
  582. tcon = kzalloc(size + 1, GFP_KERNEL);
  583. if (!tcon)
  584. goto out;
  585. length = -EINVAL;
  586. if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
  587. goto out2;
  588. length = security_context_to_sid(scon, strlen(scon) + 1, &ssid);
  589. if (length < 0)
  590. goto out2;
  591. length = security_context_to_sid(tcon, strlen(tcon) + 1, &tsid);
  592. if (length < 0)
  593. goto out2;
  594. security_compute_av_user(ssid, tsid, tclass, &avd);
  595. length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT,
  596. "%x %x %x %x %u %x",
  597. avd.allowed, 0xffffffff,
  598. avd.auditallow, avd.auditdeny,
  599. avd.seqno, avd.flags);
  600. out2:
  601. kfree(tcon);
  602. out:
  603. kfree(scon);
  604. return length;
  605. }
  606. static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
  607. {
  608. char *scon, *tcon;
  609. u32 ssid, tsid, newsid;
  610. u16 tclass;
  611. ssize_t length;
  612. char *newcon;
  613. u32 len;
  614. length = task_has_security(current, SECURITY__COMPUTE_CREATE);
  615. if (length)
  616. return length;
  617. length = -ENOMEM;
  618. scon = kzalloc(size + 1, GFP_KERNEL);
  619. if (!scon)
  620. return length;
  621. tcon = kzalloc(size + 1, GFP_KERNEL);
  622. if (!tcon)
  623. goto out;
  624. length = -EINVAL;
  625. if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
  626. goto out2;
  627. length = security_context_to_sid(scon, strlen(scon) + 1, &ssid);
  628. if (length < 0)
  629. goto out2;
  630. length = security_context_to_sid(tcon, strlen(tcon) + 1, &tsid);
  631. if (length < 0)
  632. goto out2;
  633. length = security_transition_sid_user(ssid, tsid, tclass, &newsid);
  634. if (length < 0)
  635. goto out2;
  636. length = security_sid_to_context(newsid, &newcon, &len);
  637. if (length < 0)
  638. goto out2;
  639. if (len > SIMPLE_TRANSACTION_LIMIT) {
  640. printk(KERN_ERR "SELinux: %s: context size (%u) exceeds "
  641. "payload max\n", __func__, len);
  642. length = -ERANGE;
  643. goto out3;
  644. }
  645. memcpy(buf, newcon, len);
  646. length = len;
  647. out3:
  648. kfree(newcon);
  649. out2:
  650. kfree(tcon);
  651. out:
  652. kfree(scon);
  653. return length;
  654. }
  655. static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size)
  656. {
  657. char *scon, *tcon;
  658. u32 ssid, tsid, newsid;
  659. u16 tclass;
  660. ssize_t length;
  661. char *newcon;
  662. u32 len;
  663. length = task_has_security(current, SECURITY__COMPUTE_RELABEL);
  664. if (length)
  665. return length;
  666. length = -ENOMEM;
  667. scon = kzalloc(size + 1, GFP_KERNEL);
  668. if (!scon)
  669. return length;
  670. tcon = kzalloc(size + 1, GFP_KERNEL);
  671. if (!tcon)
  672. goto out;
  673. length = -EINVAL;
  674. if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
  675. goto out2;
  676. length = security_context_to_sid(scon, strlen(scon) + 1, &ssid);
  677. if (length < 0)
  678. goto out2;
  679. length = security_context_to_sid(tcon, strlen(tcon) + 1, &tsid);
  680. if (length < 0)
  681. goto out2;
  682. length = security_change_sid(ssid, tsid, tclass, &newsid);
  683. if (length < 0)
  684. goto out2;
  685. length = security_sid_to_context(newsid, &newcon, &len);
  686. if (length < 0)
  687. goto out2;
  688. if (len > SIMPLE_TRANSACTION_LIMIT) {
  689. length = -ERANGE;
  690. goto out3;
  691. }
  692. memcpy(buf, newcon, len);
  693. length = len;
  694. out3:
  695. kfree(newcon);
  696. out2:
  697. kfree(tcon);
  698. out:
  699. kfree(scon);
  700. return length;
  701. }
  702. static ssize_t sel_write_user(struct file *file, char *buf, size_t size)
  703. {
  704. char *con, *user, *ptr;
  705. u32 sid, *sids;
  706. ssize_t length;
  707. char *newcon;
  708. int i, rc;
  709. u32 len, nsids;
  710. length = task_has_security(current, SECURITY__COMPUTE_USER);
  711. if (length)
  712. return length;
  713. length = -ENOMEM;
  714. con = kzalloc(size + 1, GFP_KERNEL);
  715. if (!con)
  716. return length;
  717. user = kzalloc(size + 1, GFP_KERNEL);
  718. if (!user)
  719. goto out;
  720. length = -EINVAL;
  721. if (sscanf(buf, "%s %s", con, user) != 2)
  722. goto out2;
  723. length = security_context_to_sid(con, strlen(con) + 1, &sid);
  724. if (length < 0)
  725. goto out2;
  726. length = security_get_user_sids(sid, user, &sids, &nsids);
  727. if (length < 0)
  728. goto out2;
  729. length = sprintf(buf, "%u", nsids) + 1;
  730. ptr = buf + length;
  731. for (i = 0; i < nsids; i++) {
  732. rc = security_sid_to_context(sids[i], &newcon, &len);
  733. if (rc) {
  734. length = rc;
  735. goto out3;
  736. }
  737. if ((length + len) >= SIMPLE_TRANSACTION_LIMIT) {
  738. kfree(newcon);
  739. length = -ERANGE;
  740. goto out3;
  741. }
  742. memcpy(ptr, newcon, len);
  743. kfree(newcon);
  744. ptr += len;
  745. length += len;
  746. }
  747. out3:
  748. kfree(sids);
  749. out2:
  750. kfree(user);
  751. out:
  752. kfree(con);
  753. return length;
  754. }
  755. static ssize_t sel_write_member(struct file *file, char *buf, size_t size)
  756. {
  757. char *scon, *tcon;
  758. u32 ssid, tsid, newsid;
  759. u16 tclass;
  760. ssize_t length;
  761. char *newcon;
  762. u32 len;
  763. length = task_has_security(current, SECURITY__COMPUTE_MEMBER);
  764. if (length)
  765. return length;
  766. length = -ENOMEM;
  767. scon = kzalloc(size + 1, GFP_KERNEL);
  768. if (!scon)
  769. return length;
  770. tcon = kzalloc(size + 1, GFP_KERNEL);
  771. if (!tcon)
  772. goto out;
  773. length = -EINVAL;
  774. if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
  775. goto out2;
  776. length = security_context_to_sid(scon, strlen(scon) + 1, &ssid);
  777. if (length < 0)
  778. goto out2;
  779. length = security_context_to_sid(tcon, strlen(tcon) + 1, &tsid);
  780. if (length < 0)
  781. goto out2;
  782. length = security_member_sid(ssid, tsid, tclass, &newsid);
  783. if (length < 0)
  784. goto out2;
  785. length = security_sid_to_context(newsid, &newcon, &len);
  786. if (length < 0)
  787. goto out2;
  788. if (len > SIMPLE_TRANSACTION_LIMIT) {
  789. printk(KERN_ERR "SELinux: %s: context size (%u) exceeds "
  790. "payload max\n", __func__, len);
  791. length = -ERANGE;
  792. goto out3;
  793. }
  794. memcpy(buf, newcon, len);
  795. length = len;
  796. out3:
  797. kfree(newcon);
  798. out2:
  799. kfree(tcon);
  800. out:
  801. kfree(scon);
  802. return length;
  803. }
  804. static struct inode *sel_make_inode(struct super_block *sb, int mode)
  805. {
  806. struct inode *ret = new_inode(sb);
  807. if (ret) {
  808. ret->i_ino = get_next_ino();
  809. ret->i_mode = mode;
  810. ret->i_atime = ret->i_mtime = ret->i_ctime = CURRENT_TIME;
  811. }
  812. return ret;
  813. }
  814. static ssize_t sel_read_bool(struct file *filep, char __user *buf,
  815. size_t count, loff_t *ppos)
  816. {
  817. char *page = NULL;
  818. ssize_t length;
  819. ssize_t ret;
  820. int cur_enforcing;
  821. struct inode *inode = filep->f_path.dentry->d_inode;
  822. unsigned index = inode->i_ino & SEL_INO_MASK;
  823. const char *name = filep->f_path.dentry->d_name.name;
  824. mutex_lock(&sel_mutex);
  825. if (index >= bool_num || strcmp(name, bool_pending_names[index])) {
  826. ret = -EINVAL;
  827. goto out;
  828. }
  829. page = (char *)get_zeroed_page(GFP_KERNEL);
  830. if (!page) {
  831. ret = -ENOMEM;
  832. goto out;
  833. }
  834. cur_enforcing = security_get_bool_value(index);
  835. if (cur_enforcing < 0) {
  836. ret = cur_enforcing;
  837. goto out;
  838. }
  839. length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing,
  840. bool_pending_values[index]);
  841. ret = simple_read_from_buffer(buf, count, ppos, page, length);
  842. out:
  843. mutex_unlock(&sel_mutex);
  844. if (page)
  845. free_page((unsigned long)page);
  846. return ret;
  847. }
  848. static ssize_t sel_write_bool(struct file *filep, const char __user *buf,
  849. size_t count, loff_t *ppos)
  850. {
  851. char *page = NULL;
  852. ssize_t length;
  853. int new_value;
  854. struct inode *inode = filep->f_path.dentry->d_inode;
  855. unsigned index = inode->i_ino & SEL_INO_MASK;
  856. const char *name = filep->f_path.dentry->d_name.name;
  857. mutex_lock(&sel_mutex);
  858. length = task_has_security(current, SECURITY__SETBOOL);
  859. if (length)
  860. goto out;
  861. if (index >= bool_num || strcmp(name, bool_pending_names[index])) {
  862. length = -EINVAL;
  863. goto out;
  864. }
  865. if (count >= PAGE_SIZE) {
  866. length = -ENOMEM;
  867. goto out;
  868. }
  869. if (*ppos != 0) {
  870. /* No partial writes. */
  871. length = -EINVAL;
  872. goto out;
  873. }
  874. page = (char *)get_zeroed_page(GFP_KERNEL);
  875. if (!page) {
  876. length = -ENOMEM;
  877. goto out;
  878. }
  879. length = -EFAULT;
  880. if (copy_from_user(page, buf, count))
  881. goto out;
  882. length = -EINVAL;
  883. if (sscanf(page, "%d", &new_value) != 1)
  884. goto out;
  885. if (new_value)
  886. new_value = 1;
  887. bool_pending_values[index] = new_value;
  888. length = count;
  889. out:
  890. mutex_unlock(&sel_mutex);
  891. if (page)
  892. free_page((unsigned long) page);
  893. return length;
  894. }
  895. static const struct file_operations sel_bool_ops = {
  896. .read = sel_read_bool,
  897. .write = sel_write_bool,
  898. .llseek = generic_file_llseek,
  899. };
  900. static ssize_t sel_commit_bools_write(struct file *filep,
  901. const char __user *buf,
  902. size_t count, loff_t *ppos)
  903. {
  904. char *page = NULL;
  905. ssize_t length;
  906. int new_value;
  907. mutex_lock(&sel_mutex);
  908. length = task_has_security(current, SECURITY__SETBOOL);
  909. if (length)
  910. goto out;
  911. if (count >= PAGE_SIZE) {
  912. length = -ENOMEM;
  913. goto out;
  914. }
  915. if (*ppos != 0) {
  916. /* No partial writes. */
  917. goto out;
  918. }
  919. page = (char *)get_zeroed_page(GFP_KERNEL);
  920. if (!page) {
  921. length = -ENOMEM;
  922. goto out;
  923. }
  924. length = -EFAULT;
  925. if (copy_from_user(page, buf, count))
  926. goto out;
  927. length = -EINVAL;
  928. if (sscanf(page, "%d", &new_value) != 1)
  929. goto out;
  930. if (new_value && bool_pending_values)
  931. security_set_bools(bool_num, bool_pending_values);
  932. length = count;
  933. out:
  934. mutex_unlock(&sel_mutex);
  935. if (page)
  936. free_page((unsigned long) page);
  937. return length;
  938. }
  939. static const struct file_operations sel_commit_bools_ops = {
  940. .write = sel_commit_bools_write,
  941. .llseek = generic_file_llseek,
  942. };
  943. static void sel_remove_entries(struct dentry *de)
  944. {
  945. struct list_head *node;
  946. spin_lock(&de->d_lock);
  947. node = de->d_subdirs.next;
  948. while (node != &de->d_subdirs) {
  949. struct dentry *d = list_entry(node, struct dentry, d_u.d_child);
  950. spin_lock_nested(&d->d_lock, DENTRY_D_LOCK_NESTED);
  951. list_del_init(node);
  952. if (d->d_inode) {
  953. dget_locked_dlock(d);
  954. spin_unlock(&de->d_lock);
  955. spin_unlock(&d->d_lock);
  956. d_delete(d);
  957. simple_unlink(de->d_inode, d);
  958. dput(d);
  959. spin_lock(&de->d_lock);
  960. } else
  961. spin_unlock(&d->d_lock);
  962. node = de->d_subdirs.next;
  963. }
  964. spin_unlock(&de->d_lock);
  965. }
  966. #define BOOL_DIR_NAME "booleans"
  967. static int sel_make_bools(void)
  968. {
  969. int i, ret = 0;
  970. ssize_t len;
  971. struct dentry *dentry = NULL;
  972. struct dentry *dir = bool_dir;
  973. struct inode *inode = NULL;
  974. struct inode_security_struct *isec;
  975. char **names = NULL, *page;
  976. int num;
  977. int *values = NULL;
  978. u32 sid;
  979. /* remove any existing files */
  980. for (i = 0; i < bool_num; i++)
  981. kfree(bool_pending_names[i]);
  982. kfree(bool_pending_names);
  983. kfree(bool_pending_values);
  984. bool_pending_names = NULL;
  985. bool_pending_values = NULL;
  986. sel_remove_entries(dir);
  987. page = (char *)get_zeroed_page(GFP_KERNEL);
  988. if (!page)
  989. return -ENOMEM;
  990. ret = security_get_bools(&num, &names, &values);
  991. if (ret != 0)
  992. goto out;
  993. for (i = 0; i < num; i++) {
  994. dentry = d_alloc_name(dir, names[i]);
  995. if (!dentry) {
  996. ret = -ENOMEM;
  997. goto err;
  998. }
  999. inode = sel_make_inode(dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR);
  1000. if (!inode) {
  1001. ret = -ENOMEM;
  1002. goto err;
  1003. }
  1004. len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]);
  1005. if (len < 0) {
  1006. ret = -EINVAL;
  1007. goto err;
  1008. } else if (len >= PAGE_SIZE) {
  1009. ret = -ENAMETOOLONG;
  1010. goto err;
  1011. }
  1012. isec = (struct inode_security_struct *)inode->i_security;
  1013. ret = security_genfs_sid("selinuxfs", page, SECCLASS_FILE, &sid);
  1014. if (ret)
  1015. goto err;
  1016. isec->sid = sid;
  1017. isec->initialized = 1;
  1018. inode->i_fop = &sel_bool_ops;
  1019. inode->i_ino = i|SEL_BOOL_INO_OFFSET;
  1020. d_add(dentry, inode);
  1021. }
  1022. bool_num = num;
  1023. bool_pending_names = names;
  1024. bool_pending_values = values;
  1025. out:
  1026. free_page((unsigned long)page);
  1027. return ret;
  1028. err:
  1029. if (names) {
  1030. for (i = 0; i < num; i++)
  1031. kfree(names[i]);
  1032. kfree(names);
  1033. }
  1034. kfree(values);
  1035. sel_remove_entries(dir);
  1036. ret = -ENOMEM;
  1037. goto out;
  1038. }
  1039. #define NULL_FILE_NAME "null"
  1040. struct dentry *selinux_null;
  1041. static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf,
  1042. size_t count, loff_t *ppos)
  1043. {
  1044. char tmpbuf[TMPBUFLEN];
  1045. ssize_t length;
  1046. length = scnprintf(tmpbuf, TMPBUFLEN, "%u", avc_cache_threshold);
  1047. return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
  1048. }
  1049. static ssize_t sel_write_avc_cache_threshold(struct file *file,
  1050. const char __user *buf,
  1051. size_t count, loff_t *ppos)
  1052. {
  1053. char *page;
  1054. ssize_t ret;
  1055. int new_value;
  1056. if (count >= PAGE_SIZE) {
  1057. ret = -ENOMEM;
  1058. goto out;
  1059. }
  1060. if (*ppos != 0) {
  1061. /* No partial writes. */
  1062. ret = -EINVAL;
  1063. goto out;
  1064. }
  1065. page = (char *)get_zeroed_page(GFP_KERNEL);
  1066. if (!page) {
  1067. ret = -ENOMEM;
  1068. goto out;
  1069. }
  1070. if (copy_from_user(page, buf, count)) {
  1071. ret = -EFAULT;
  1072. goto out_free;
  1073. }
  1074. if (sscanf(page, "%u", &new_value) != 1) {
  1075. ret = -EINVAL;
  1076. goto out;
  1077. }
  1078. if (new_value != avc_cache_threshold) {
  1079. ret = task_has_security(current, SECURITY__SETSECPARAM);
  1080. if (ret)
  1081. goto out_free;
  1082. avc_cache_threshold = new_value;
  1083. }
  1084. ret = count;
  1085. out_free:
  1086. free_page((unsigned long)page);
  1087. out:
  1088. return ret;
  1089. }
  1090. static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf,
  1091. size_t count, loff_t *ppos)
  1092. {
  1093. char *page;
  1094. ssize_t ret = 0;
  1095. page = (char *)__get_free_page(GFP_KERNEL);
  1096. if (!page) {
  1097. ret = -ENOMEM;
  1098. goto out;
  1099. }
  1100. ret = avc_get_hash_stats(page);
  1101. if (ret >= 0)
  1102. ret = simple_read_from_buffer(buf, count, ppos, page, ret);
  1103. free_page((unsigned long)page);
  1104. out:
  1105. return ret;
  1106. }
  1107. static const struct file_operations sel_avc_cache_threshold_ops = {
  1108. .read = sel_read_avc_cache_threshold,
  1109. .write = sel_write_avc_cache_threshold,
  1110. .llseek = generic_file_llseek,
  1111. };
  1112. static const struct file_operations sel_avc_hash_stats_ops = {
  1113. .read = sel_read_avc_hash_stats,
  1114. .llseek = generic_file_llseek,
  1115. };
  1116. #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
  1117. static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx)
  1118. {
  1119. int cpu;
  1120. for (cpu = *idx; cpu < nr_cpu_ids; ++cpu) {
  1121. if (!cpu_possible(cpu))
  1122. continue;
  1123. *idx = cpu + 1;
  1124. return &per_cpu(avc_cache_stats, cpu);
  1125. }
  1126. return NULL;
  1127. }
  1128. static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos)
  1129. {
  1130. loff_t n = *pos - 1;
  1131. if (*pos == 0)
  1132. return SEQ_START_TOKEN;
  1133. return sel_avc_get_stat_idx(&n);
  1134. }
  1135. static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos)
  1136. {
  1137. return sel_avc_get_stat_idx(pos);
  1138. }
  1139. static int sel_avc_stats_seq_show(struct seq_file *seq, void *v)
  1140. {
  1141. struct avc_cache_stats *st = v;
  1142. if (v == SEQ_START_TOKEN)
  1143. seq_printf(seq, "lookups hits misses allocations reclaims "
  1144. "frees\n");
  1145. else
  1146. seq_printf(seq, "%u %u %u %u %u %u\n", st->lookups,
  1147. st->hits, st->misses, st->allocations,
  1148. st->reclaims, st->frees);
  1149. return 0;
  1150. }
  1151. static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v)
  1152. { }
  1153. static const struct seq_operations sel_avc_cache_stats_seq_ops = {
  1154. .start = sel_avc_stats_seq_start,
  1155. .next = sel_avc_stats_seq_next,
  1156. .show = sel_avc_stats_seq_show,
  1157. .stop = sel_avc_stats_seq_stop,
  1158. };
  1159. static int sel_open_avc_cache_stats(struct inode *inode, struct file *file)
  1160. {
  1161. return seq_open(file, &sel_avc_cache_stats_seq_ops);
  1162. }
  1163. static const struct file_operations sel_avc_cache_stats_ops = {
  1164. .open = sel_open_avc_cache_stats,
  1165. .read = seq_read,
  1166. .llseek = seq_lseek,
  1167. .release = seq_release,
  1168. };
  1169. #endif
  1170. static int sel_make_avc_files(struct dentry *dir)
  1171. {
  1172. int i, ret = 0;
  1173. static struct tree_descr files[] = {
  1174. { "cache_threshold",
  1175. &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR },
  1176. { "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO },
  1177. #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
  1178. { "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO },
  1179. #endif
  1180. };
  1181. for (i = 0; i < ARRAY_SIZE(files); i++) {
  1182. struct inode *inode;
  1183. struct dentry *dentry;
  1184. dentry = d_alloc_name(dir, files[i].name);
  1185. if (!dentry) {
  1186. ret = -ENOMEM;
  1187. goto out;
  1188. }
  1189. inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode);
  1190. if (!inode) {
  1191. ret = -ENOMEM;
  1192. goto out;
  1193. }
  1194. inode->i_fop = files[i].ops;
  1195. inode->i_ino = ++sel_last_ino;
  1196. d_add(dentry, inode);
  1197. }
  1198. out:
  1199. return ret;
  1200. }
  1201. static ssize_t sel_read_initcon(struct file *file, char __user *buf,
  1202. size_t count, loff_t *ppos)
  1203. {
  1204. struct inode *inode;
  1205. char *con;
  1206. u32 sid, len;
  1207. ssize_t ret;
  1208. inode = file->f_path.dentry->d_inode;
  1209. sid = inode->i_ino&SEL_INO_MASK;
  1210. ret = security_sid_to_context(sid, &con, &len);
  1211. if (ret < 0)
  1212. return ret;
  1213. ret = simple_read_from_buffer(buf, count, ppos, con, len);
  1214. kfree(con);
  1215. return ret;
  1216. }
  1217. static const struct file_operations sel_initcon_ops = {
  1218. .read = sel_read_initcon,
  1219. .llseek = generic_file_llseek,
  1220. };
  1221. static int sel_make_initcon_files(struct dentry *dir)
  1222. {
  1223. int i, ret = 0;
  1224. for (i = 1; i <= SECINITSID_NUM; i++) {
  1225. struct inode *inode;
  1226. struct dentry *dentry;
  1227. dentry = d_alloc_name(dir, security_get_initial_sid_context(i));
  1228. if (!dentry) {
  1229. ret = -ENOMEM;
  1230. goto out;
  1231. }
  1232. inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
  1233. if (!inode) {
  1234. ret = -ENOMEM;
  1235. goto out;
  1236. }
  1237. inode->i_fop = &sel_initcon_ops;
  1238. inode->i_ino = i|SEL_INITCON_INO_OFFSET;
  1239. d_add(dentry, inode);
  1240. }
  1241. out:
  1242. return ret;
  1243. }
  1244. static inline unsigned int sel_div(unsigned long a, unsigned long b)
  1245. {
  1246. return a / b - (a % b < 0);
  1247. }
  1248. static inline unsigned long sel_class_to_ino(u16 class)
  1249. {
  1250. return (class * (SEL_VEC_MAX + 1)) | SEL_CLASS_INO_OFFSET;
  1251. }
  1252. static inline u16 sel_ino_to_class(unsigned long ino)
  1253. {
  1254. return sel_div(ino & SEL_INO_MASK, SEL_VEC_MAX + 1);
  1255. }
  1256. static inline unsigned long sel_perm_to_ino(u16 class, u32 perm)
  1257. {
  1258. return (class * (SEL_VEC_MAX + 1) + perm) | SEL_CLASS_INO_OFFSET;
  1259. }
  1260. static inline u32 sel_ino_to_perm(unsigned long ino)
  1261. {
  1262. return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1);
  1263. }
  1264. static ssize_t sel_read_class(struct file *file, char __user *buf,
  1265. size_t count, loff_t *ppos)
  1266. {
  1267. ssize_t rc, len;
  1268. char *page;
  1269. unsigned long ino = file->f_path.dentry->d_inode->i_ino;
  1270. page = (char *)__get_free_page(GFP_KERNEL);
  1271. if (!page) {
  1272. rc = -ENOMEM;
  1273. goto out;
  1274. }
  1275. len = snprintf(page, PAGE_SIZE, "%d", sel_ino_to_class(ino));
  1276. rc = simple_read_from_buffer(buf, count, ppos, page, len);
  1277. free_page((unsigned long)page);
  1278. out:
  1279. return rc;
  1280. }
  1281. static const struct file_operations sel_class_ops = {
  1282. .read = sel_read_class,
  1283. .llseek = generic_file_llseek,
  1284. };
  1285. static ssize_t sel_read_perm(struct file *file, char __user *buf,
  1286. size_t count, loff_t *ppos)
  1287. {
  1288. ssize_t rc, len;
  1289. char *page;
  1290. unsigned long ino = file->f_path.dentry->d_inode->i_ino;
  1291. page = (char *)__get_free_page(GFP_KERNEL);
  1292. if (!page) {
  1293. rc = -ENOMEM;
  1294. goto out;
  1295. }
  1296. len = snprintf(page, PAGE_SIZE, "%d", sel_ino_to_perm(ino));
  1297. rc = simple_read_from_buffer(buf, count, ppos, page, len);
  1298. free_page((unsigned long)page);
  1299. out:
  1300. return rc;
  1301. }
  1302. static const struct file_operations sel_perm_ops = {
  1303. .read = sel_read_perm,
  1304. .llseek = generic_file_llseek,
  1305. };
  1306. static ssize_t sel_read_policycap(struct file *file, char __user *buf,
  1307. size_t count, loff_t *ppos)
  1308. {
  1309. int value;
  1310. char tmpbuf[TMPBUFLEN];
  1311. ssize_t length;
  1312. unsigned long i_ino = file->f_path.dentry->d_inode->i_ino;
  1313. value = security_policycap_supported(i_ino & SEL_INO_MASK);
  1314. length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value);
  1315. return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
  1316. }
  1317. static const struct file_operations sel_policycap_ops = {
  1318. .read = sel_read_policycap,
  1319. .llseek = generic_file_llseek,
  1320. };
  1321. static int sel_make_perm_files(char *objclass, int classvalue,
  1322. struct dentry *dir)
  1323. {
  1324. int i, rc = 0, nperms;
  1325. char **perms;
  1326. rc = security_get_permissions(objclass, &perms, &nperms);
  1327. if (rc)
  1328. goto out;
  1329. for (i = 0; i < nperms; i++) {
  1330. struct inode *inode;
  1331. struct dentry *dentry;
  1332. dentry = d_alloc_name(dir, perms[i]);
  1333. if (!dentry) {
  1334. rc = -ENOMEM;
  1335. goto out1;
  1336. }
  1337. inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
  1338. if (!inode) {
  1339. rc = -ENOMEM;
  1340. goto out1;
  1341. }
  1342. inode->i_fop = &sel_perm_ops;
  1343. /* i+1 since perm values are 1-indexed */
  1344. inode->i_ino = sel_perm_to_ino(classvalue, i + 1);
  1345. d_add(dentry, inode);
  1346. }
  1347. out1:
  1348. for (i = 0; i < nperms; i++)
  1349. kfree(perms[i]);
  1350. kfree(perms);
  1351. out:
  1352. return rc;
  1353. }
  1354. static int sel_make_class_dir_entries(char *classname, int index,
  1355. struct dentry *dir)
  1356. {
  1357. struct dentry *dentry = NULL;
  1358. struct inode *inode = NULL;
  1359. int rc;
  1360. dentry = d_alloc_name(dir, "index");
  1361. if (!dentry) {
  1362. rc = -ENOMEM;
  1363. goto out;
  1364. }
  1365. inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
  1366. if (!inode) {
  1367. rc = -ENOMEM;
  1368. goto out;
  1369. }
  1370. inode->i_fop = &sel_class_ops;
  1371. inode->i_ino = sel_class_to_ino(index);
  1372. d_add(dentry, inode);
  1373. dentry = d_alloc_name(dir, "perms");
  1374. if (!dentry) {
  1375. rc = -ENOMEM;
  1376. goto out;
  1377. }
  1378. rc = sel_make_dir(dir->d_inode, dentry, &last_class_ino);
  1379. if (rc)
  1380. goto out;
  1381. rc = sel_make_perm_files(classname, index, dentry);
  1382. out:
  1383. return rc;
  1384. }
  1385. static void sel_remove_classes(void)
  1386. {
  1387. struct list_head *class_node;
  1388. list_for_each(class_node, &class_dir->d_subdirs) {
  1389. struct dentry *class_subdir = list_entry(class_node,
  1390. struct dentry, d_u.d_child);
  1391. struct list_head *class_subdir_node;
  1392. list_for_each(class_subdir_node, &class_subdir->d_subdirs) {
  1393. struct dentry *d = list_entry(class_subdir_node,
  1394. struct dentry, d_u.d_child);
  1395. if (d->d_inode)
  1396. if (d->d_inode->i_mode & S_IFDIR)
  1397. sel_remove_entries(d);
  1398. }
  1399. sel_remove_entries(class_subdir);
  1400. }
  1401. sel_remove_entries(class_dir);
  1402. }
  1403. static int sel_make_classes(void)
  1404. {
  1405. int rc = 0, nclasses, i;
  1406. char **classes;
  1407. /* delete any existing entries */
  1408. sel_remove_classes();
  1409. rc = security_get_classes(&classes, &nclasses);
  1410. if (rc < 0)
  1411. goto out;
  1412. /* +2 since classes are 1-indexed */
  1413. last_class_ino = sel_class_to_ino(nclasses + 2);
  1414. for (i = 0; i < nclasses; i++) {
  1415. struct dentry *class_name_dir;
  1416. class_name_dir = d_alloc_name(class_dir, classes[i]);
  1417. if (!class_name_dir) {
  1418. rc = -ENOMEM;
  1419. goto out1;
  1420. }
  1421. rc = sel_make_dir(class_dir->d_inode, class_name_dir,
  1422. &last_class_ino);
  1423. if (rc)
  1424. goto out1;
  1425. /* i+1 since class values are 1-indexed */
  1426. rc = sel_make_class_dir_entries(classes[i], i + 1,
  1427. class_name_dir);
  1428. if (rc)
  1429. goto out1;
  1430. }
  1431. out1:
  1432. for (i = 0; i < nclasses; i++)
  1433. kfree(classes[i]);
  1434. kfree(classes);
  1435. out:
  1436. return rc;
  1437. }
  1438. static int sel_make_policycap(void)
  1439. {
  1440. unsigned int iter;
  1441. struct dentry *dentry = NULL;
  1442. struct inode *inode = NULL;
  1443. sel_remove_entries(policycap_dir);
  1444. for (iter = 0; iter <= POLICYDB_CAPABILITY_MAX; iter++) {
  1445. if (iter < ARRAY_SIZE(policycap_names))
  1446. dentry = d_alloc_name(policycap_dir,
  1447. policycap_names[iter]);
  1448. else
  1449. dentry = d_alloc_name(policycap_dir, "unknown");
  1450. if (dentry == NULL)
  1451. return -ENOMEM;
  1452. inode = sel_make_inode(policycap_dir->d_sb, S_IFREG | S_IRUGO);
  1453. if (inode == NULL)
  1454. return -ENOMEM;
  1455. inode->i_fop = &sel_policycap_ops;
  1456. inode->i_ino = iter | SEL_POLICYCAP_INO_OFFSET;
  1457. d_add(dentry, inode);
  1458. }
  1459. return 0;
  1460. }
  1461. static int sel_make_dir(struct inode *dir, struct dentry *dentry,
  1462. unsigned long *ino)
  1463. {
  1464. int ret = 0;
  1465. struct inode *inode;
  1466. inode = sel_make_inode(dir->i_sb, S_IFDIR | S_IRUGO | S_IXUGO);
  1467. if (!inode) {
  1468. ret = -ENOMEM;
  1469. goto out;
  1470. }
  1471. inode->i_op = &simple_dir_inode_operations;
  1472. inode->i_fop = &simple_dir_operations;
  1473. inode->i_ino = ++(*ino);
  1474. /* directory inodes start off with i_nlink == 2 (for "." entry) */
  1475. inc_nlink(inode);
  1476. d_add(dentry, inode);
  1477. /* bump link count on parent directory, too */
  1478. inc_nlink(dir);
  1479. out:
  1480. return ret;
  1481. }
  1482. static int sel_fill_super(struct super_block *sb, void *data, int silent)
  1483. {
  1484. int ret;
  1485. struct dentry *dentry;
  1486. struct inode *inode, *root_inode;
  1487. struct inode_security_struct *isec;
  1488. static struct tree_descr selinux_files[] = {
  1489. [SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR},
  1490. [SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR},
  1491. [SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO},
  1492. [SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO},
  1493. [SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO},
  1494. [SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO},
  1495. [SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO},
  1496. [SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO},
  1497. [SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR},
  1498. [SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO},
  1499. [SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR},
  1500. [SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO},
  1501. [SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR},
  1502. [SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO},
  1503. [SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO},
  1504. [SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO},
  1505. [SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUSR},
  1506. /* last one */ {""}
  1507. };
  1508. ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);
  1509. if (ret)
  1510. goto err;
  1511. root_inode = sb->s_root->d_inode;
  1512. dentry = d_alloc_name(sb->s_root, BOOL_DIR_NAME);
  1513. if (!dentry) {
  1514. ret = -ENOMEM;
  1515. goto err;
  1516. }
  1517. ret = sel_make_dir(root_inode, dentry, &sel_last_ino);
  1518. if (ret)
  1519. goto err;
  1520. bool_dir = dentry;
  1521. dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME);
  1522. if (!dentry) {
  1523. ret = -ENOMEM;
  1524. goto err;
  1525. }
  1526. inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO);
  1527. if (!inode) {
  1528. ret = -ENOMEM;
  1529. goto err;
  1530. }
  1531. inode->i_ino = ++sel_last_ino;
  1532. isec = (struct inode_security_struct *)inode->i_security;
  1533. isec->sid = SECINITSID_DEVNULL;
  1534. isec->sclass = SECCLASS_CHR_FILE;
  1535. isec->initialized = 1;
  1536. init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3));
  1537. d_add(dentry, inode);
  1538. selinux_null = dentry;
  1539. dentry = d_alloc_name(sb->s_root, "avc");
  1540. if (!dentry) {
  1541. ret = -ENOMEM;
  1542. goto err;
  1543. }
  1544. ret = sel_make_dir(root_inode, dentry, &sel_last_ino);
  1545. if (ret)
  1546. goto err;
  1547. ret = sel_make_avc_files(dentry);
  1548. if (ret)
  1549. goto err;
  1550. dentry = d_alloc_name(sb->s_root, "initial_contexts");
  1551. if (!dentry) {
  1552. ret = -ENOMEM;
  1553. goto err;
  1554. }
  1555. ret = sel_make_dir(root_inode, dentry, &sel_last_ino);
  1556. if (ret)
  1557. goto err;
  1558. ret = sel_make_initcon_files(dentry);
  1559. if (ret)
  1560. goto err;
  1561. dentry = d_alloc_name(sb->s_root, "class");
  1562. if (!dentry) {
  1563. ret = -ENOMEM;
  1564. goto err;
  1565. }
  1566. ret = sel_make_dir(root_inode, dentry, &sel_last_ino);
  1567. if (ret)
  1568. goto err;
  1569. class_dir = dentry;
  1570. dentry = d_alloc_name(sb->s_root, "policy_capabilities");
  1571. if (!dentry) {
  1572. ret = -ENOMEM;
  1573. goto err;
  1574. }
  1575. ret = sel_make_dir(root_inode, dentry, &sel_last_ino);
  1576. if (ret)
  1577. goto err;
  1578. policycap_dir = dentry;
  1579. out:
  1580. return ret;
  1581. err:
  1582. printk(KERN_ERR "SELinux: %s: failed while creating inodes\n",
  1583. __func__);
  1584. goto out;
  1585. }
  1586. static struct dentry *sel_mount(struct file_system_type *fs_type,
  1587. int flags, const char *dev_name, void *data)
  1588. {
  1589. return mount_single(fs_type, flags, data, sel_fill_super);
  1590. }
  1591. static struct file_system_type sel_fs_type = {
  1592. .name = "selinuxfs",
  1593. .mount = sel_mount,
  1594. .kill_sb = kill_litter_super,
  1595. };
  1596. struct vfsmount *selinuxfs_mount;
  1597. static int __init init_sel_fs(void)
  1598. {
  1599. int err;
  1600. if (!selinux_enabled)
  1601. return 0;
  1602. err = register_filesystem(&sel_fs_type);
  1603. if (!err) {
  1604. selinuxfs_mount = kern_mount(&sel_fs_type);
  1605. if (IS_ERR(selinuxfs_mount)) {
  1606. printk(KERN_ERR "selinuxfs: could not mount!\n");
  1607. err = PTR_ERR(selinuxfs_mount);
  1608. selinuxfs_mount = NULL;
  1609. }
  1610. }
  1611. return err;
  1612. }
  1613. __initcall(init_sel_fs);
  1614. #ifdef CONFIG_SECURITY_SELINUX_DISABLE
  1615. void exit_sel_fs(void)
  1616. {
  1617. unregister_filesystem(&sel_fs_type);
  1618. }
  1619. #endif