selinuxfs.c 44 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961
  1. /* Updated: Karl MacMillan <kmacmillan@tresys.com>
  2. *
  3. * Added conditional policy language extensions
  4. *
  5. * Updated: Hewlett-Packard <paul@paul-moore.com>
  6. *
  7. * Added support for the policy capability bitmap
  8. *
  9. * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
  10. * Copyright (C) 2003 - 2004 Tresys Technology, LLC
  11. * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
  12. * This program is free software; you can redistribute it and/or modify
  13. * it under the terms of the GNU General Public License as published by
  14. * the Free Software Foundation, version 2.
  15. */
  16. #include <linux/kernel.h>
  17. #include <linux/pagemap.h>
  18. #include <linux/slab.h>
  19. #include <linux/vmalloc.h>
  20. #include <linux/fs.h>
  21. #include <linux/mutex.h>
  22. #include <linux/init.h>
  23. #include <linux/string.h>
  24. #include <linux/security.h>
  25. #include <linux/major.h>
  26. #include <linux/seq_file.h>
  27. #include <linux/percpu.h>
  28. #include <linux/audit.h>
  29. #include <linux/uaccess.h>
  30. #include <linux/kobject.h>
  31. #include <linux/ctype.h>
  32. /* selinuxfs pseudo filesystem for exporting the security policy API.
  33. Based on the proc code and the fs/nfsd/nfsctl.c code. */
  34. #include "flask.h"
  35. #include "avc.h"
  36. #include "avc_ss.h"
  37. #include "security.h"
  38. #include "objsec.h"
  39. #include "conditional.h"
  40. static DEFINE_MUTEX(sel_mutex);
  41. /* global data for booleans */
  42. static struct dentry *bool_dir;
  43. static int bool_num;
  44. static char **bool_pending_names;
  45. static int *bool_pending_values;
  46. /* global data for classes */
  47. static struct dentry *class_dir;
  48. static unsigned long last_class_ino;
  49. static char policy_opened;
  50. /* global data for policy capabilities */
  51. static struct dentry *policycap_dir;
  52. enum sel_inos {
  53. SEL_ROOT_INO = 2,
  54. SEL_LOAD, /* load policy */
  55. SEL_ENFORCE, /* get or set enforcing status */
  56. SEL_CONTEXT, /* validate context */
  57. SEL_ACCESS, /* compute access decision */
  58. SEL_CREATE, /* compute create labeling decision */
  59. SEL_RELABEL, /* compute relabeling decision */
  60. SEL_USER, /* compute reachable user contexts */
  61. SEL_POLICYVERS, /* return policy version for this kernel */
  62. SEL_COMMIT_BOOLS, /* commit new boolean values */
  63. SEL_MLS, /* return if MLS policy is enabled */
  64. SEL_DISABLE, /* disable SELinux until next reboot */
  65. SEL_MEMBER, /* compute polyinstantiation membership decision */
  66. SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */
  67. SEL_COMPAT_NET, /* whether to use old compat network packet controls */
  68. SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */
  69. SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */
  70. SEL_STATUS, /* export current status using mmap() */
  71. SEL_POLICY, /* allow userspace to read the in kernel policy */
  72. SEL_VALIDATE_TRANS, /* compute validatetrans decision */
  73. SEL_INO_NEXT, /* The next inode number to use */
  74. };
  75. static unsigned long sel_last_ino = SEL_INO_NEXT - 1;
  76. #define SEL_INITCON_INO_OFFSET 0x01000000
  77. #define SEL_BOOL_INO_OFFSET 0x02000000
  78. #define SEL_CLASS_INO_OFFSET 0x04000000
  79. #define SEL_POLICYCAP_INO_OFFSET 0x08000000
  80. #define SEL_INO_MASK 0x00ffffff
  81. #define TMPBUFLEN 12
  82. static ssize_t sel_read_enforce(struct file *filp, char __user *buf,
  83. size_t count, loff_t *ppos)
  84. {
  85. char tmpbuf[TMPBUFLEN];
  86. ssize_t length;
  87. length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
  88. is_enforcing(&selinux_state));
  89. return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
  90. }
  91. #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
  92. static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
  93. size_t count, loff_t *ppos)
  94. {
  95. char *page = NULL;
  96. ssize_t length;
  97. int old_value, new_value;
  98. if (count >= PAGE_SIZE)
  99. return -ENOMEM;
  100. /* No partial writes. */
  101. if (*ppos != 0)
  102. return -EINVAL;
  103. page = memdup_user_nul(buf, count);
  104. if (IS_ERR(page))
  105. return PTR_ERR(page);
  106. length = -EINVAL;
  107. if (sscanf(page, "%d", &new_value) != 1)
  108. goto out;
  109. new_value = !!new_value;
  110. old_value = is_enforcing(&selinux_state);
  111. if (new_value != old_value) {
  112. length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
  113. SECCLASS_SECURITY, SECURITY__SETENFORCE,
  114. NULL);
  115. if (length)
  116. goto out;
  117. audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
  118. "enforcing=%d old_enforcing=%d auid=%u ses=%u",
  119. new_value, old_value,
  120. from_kuid(&init_user_ns, audit_get_loginuid(current)),
  121. audit_get_sessionid(current));
  122. set_enforcing(&selinux_state, new_value);
  123. if (new_value)
  124. avc_ss_reset(0);
  125. selnl_notify_setenforce(new_value);
  126. selinux_status_update_setenforce(&selinux_state,
  127. new_value);
  128. if (!new_value)
  129. call_lsm_notifier(LSM_POLICY_CHANGE, NULL);
  130. }
  131. length = count;
  132. out:
  133. kfree(page);
  134. return length;
  135. }
  136. #else
  137. #define sel_write_enforce NULL
  138. #endif
  139. static const struct file_operations sel_enforce_ops = {
  140. .read = sel_read_enforce,
  141. .write = sel_write_enforce,
  142. .llseek = generic_file_llseek,
  143. };
  144. static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf,
  145. size_t count, loff_t *ppos)
  146. {
  147. char tmpbuf[TMPBUFLEN];
  148. ssize_t length;
  149. ino_t ino = file_inode(filp)->i_ino;
  150. int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ?
  151. security_get_reject_unknown(&selinux_state) :
  152. !security_get_allow_unknown(&selinux_state);
  153. length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown);
  154. return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
  155. }
  156. static const struct file_operations sel_handle_unknown_ops = {
  157. .read = sel_read_handle_unknown,
  158. .llseek = generic_file_llseek,
  159. };
  160. static int sel_open_handle_status(struct inode *inode, struct file *filp)
  161. {
  162. struct page *status = selinux_kernel_status_page(&selinux_state);
  163. if (!status)
  164. return -ENOMEM;
  165. filp->private_data = status;
  166. return 0;
  167. }
  168. static ssize_t sel_read_handle_status(struct file *filp, char __user *buf,
  169. size_t count, loff_t *ppos)
  170. {
  171. struct page *status = filp->private_data;
  172. BUG_ON(!status);
  173. return simple_read_from_buffer(buf, count, ppos,
  174. page_address(status),
  175. sizeof(struct selinux_kernel_status));
  176. }
  177. static int sel_mmap_handle_status(struct file *filp,
  178. struct vm_area_struct *vma)
  179. {
  180. struct page *status = filp->private_data;
  181. unsigned long size = vma->vm_end - vma->vm_start;
  182. BUG_ON(!status);
  183. /* only allows one page from the head */
  184. if (vma->vm_pgoff > 0 || size != PAGE_SIZE)
  185. return -EIO;
  186. /* disallow writable mapping */
  187. if (vma->vm_flags & VM_WRITE)
  188. return -EPERM;
  189. /* disallow mprotect() turns it into writable */
  190. vma->vm_flags &= ~VM_MAYWRITE;
  191. return remap_pfn_range(vma, vma->vm_start,
  192. page_to_pfn(status),
  193. size, vma->vm_page_prot);
  194. }
  195. static const struct file_operations sel_handle_status_ops = {
  196. .open = sel_open_handle_status,
  197. .read = sel_read_handle_status,
  198. .mmap = sel_mmap_handle_status,
  199. .llseek = generic_file_llseek,
  200. };
  201. #ifdef CONFIG_SECURITY_SELINUX_DISABLE
  202. static ssize_t sel_write_disable(struct file *file, const char __user *buf,
  203. size_t count, loff_t *ppos)
  204. {
  205. char *page;
  206. ssize_t length;
  207. int new_value;
  208. if (count >= PAGE_SIZE)
  209. return -ENOMEM;
  210. /* No partial writes. */
  211. if (*ppos != 0)
  212. return -EINVAL;
  213. page = memdup_user_nul(buf, count);
  214. if (IS_ERR(page))
  215. return PTR_ERR(page);
  216. length = -EINVAL;
  217. if (sscanf(page, "%d", &new_value) != 1)
  218. goto out;
  219. if (new_value) {
  220. length = selinux_disable(&selinux_state);
  221. if (length)
  222. goto out;
  223. audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
  224. "selinux=0 auid=%u ses=%u",
  225. from_kuid(&init_user_ns, audit_get_loginuid(current)),
  226. audit_get_sessionid(current));
  227. }
  228. length = count;
  229. out:
  230. kfree(page);
  231. return length;
  232. }
  233. #else
  234. #define sel_write_disable NULL
  235. #endif
  236. static const struct file_operations sel_disable_ops = {
  237. .write = sel_write_disable,
  238. .llseek = generic_file_llseek,
  239. };
  240. static ssize_t sel_read_policyvers(struct file *filp, char __user *buf,
  241. size_t count, loff_t *ppos)
  242. {
  243. char tmpbuf[TMPBUFLEN];
  244. ssize_t length;
  245. length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX);
  246. return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
  247. }
  248. static const struct file_operations sel_policyvers_ops = {
  249. .read = sel_read_policyvers,
  250. .llseek = generic_file_llseek,
  251. };
  252. /* declaration for sel_write_load */
  253. static int sel_make_bools(void);
  254. static int sel_make_classes(void);
  255. static int sel_make_policycap(void);
  256. /* declaration for sel_make_class_dirs */
  257. static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
  258. unsigned long *ino);
  259. static ssize_t sel_read_mls(struct file *filp, char __user *buf,
  260. size_t count, loff_t *ppos)
  261. {
  262. char tmpbuf[TMPBUFLEN];
  263. ssize_t length;
  264. length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
  265. security_mls_enabled(&selinux_state));
  266. return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
  267. }
  268. static const struct file_operations sel_mls_ops = {
  269. .read = sel_read_mls,
  270. .llseek = generic_file_llseek,
  271. };
  272. struct policy_load_memory {
  273. size_t len;
  274. void *data;
  275. };
  276. static int sel_open_policy(struct inode *inode, struct file *filp)
  277. {
  278. struct policy_load_memory *plm = NULL;
  279. int rc;
  280. BUG_ON(filp->private_data);
  281. mutex_lock(&sel_mutex);
  282. rc = avc_has_perm(current_sid(), SECINITSID_SECURITY,
  283. SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL);
  284. if (rc)
  285. goto err;
  286. rc = -EBUSY;
  287. if (policy_opened)
  288. goto err;
  289. rc = -ENOMEM;
  290. plm = kzalloc(sizeof(*plm), GFP_KERNEL);
  291. if (!plm)
  292. goto err;
  293. if (i_size_read(inode) != security_policydb_len(&selinux_state)) {
  294. inode_lock(inode);
  295. i_size_write(inode, security_policydb_len(&selinux_state));
  296. inode_unlock(inode);
  297. }
  298. rc = security_read_policy(&selinux_state, &plm->data, &plm->len);
  299. if (rc)
  300. goto err;
  301. policy_opened = 1;
  302. filp->private_data = plm;
  303. mutex_unlock(&sel_mutex);
  304. return 0;
  305. err:
  306. mutex_unlock(&sel_mutex);
  307. if (plm)
  308. vfree(plm->data);
  309. kfree(plm);
  310. return rc;
  311. }
  312. static int sel_release_policy(struct inode *inode, struct file *filp)
  313. {
  314. struct policy_load_memory *plm = filp->private_data;
  315. BUG_ON(!plm);
  316. policy_opened = 0;
  317. vfree(plm->data);
  318. kfree(plm);
  319. return 0;
  320. }
  321. static ssize_t sel_read_policy(struct file *filp, char __user *buf,
  322. size_t count, loff_t *ppos)
  323. {
  324. struct policy_load_memory *plm = filp->private_data;
  325. int ret;
  326. mutex_lock(&sel_mutex);
  327. ret = avc_has_perm(current_sid(), SECINITSID_SECURITY,
  328. SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL);
  329. if (ret)
  330. goto out;
  331. ret = simple_read_from_buffer(buf, count, ppos, plm->data, plm->len);
  332. out:
  333. mutex_unlock(&sel_mutex);
  334. return ret;
  335. }
  336. static int sel_mmap_policy_fault(struct vm_fault *vmf)
  337. {
  338. struct policy_load_memory *plm = vmf->vma->vm_file->private_data;
  339. unsigned long offset;
  340. struct page *page;
  341. if (vmf->flags & (FAULT_FLAG_MKWRITE | FAULT_FLAG_WRITE))
  342. return VM_FAULT_SIGBUS;
  343. offset = vmf->pgoff << PAGE_SHIFT;
  344. if (offset >= roundup(plm->len, PAGE_SIZE))
  345. return VM_FAULT_SIGBUS;
  346. page = vmalloc_to_page(plm->data + offset);
  347. get_page(page);
  348. vmf->page = page;
  349. return 0;
  350. }
  351. static const struct vm_operations_struct sel_mmap_policy_ops = {
  352. .fault = sel_mmap_policy_fault,
  353. .page_mkwrite = sel_mmap_policy_fault,
  354. };
  355. static int sel_mmap_policy(struct file *filp, struct vm_area_struct *vma)
  356. {
  357. if (vma->vm_flags & VM_SHARED) {
  358. /* do not allow mprotect to make mapping writable */
  359. vma->vm_flags &= ~VM_MAYWRITE;
  360. if (vma->vm_flags & VM_WRITE)
  361. return -EACCES;
  362. }
  363. vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP;
  364. vma->vm_ops = &sel_mmap_policy_ops;
  365. return 0;
  366. }
  367. static const struct file_operations sel_policy_ops = {
  368. .open = sel_open_policy,
  369. .read = sel_read_policy,
  370. .mmap = sel_mmap_policy,
  371. .release = sel_release_policy,
  372. .llseek = generic_file_llseek,
  373. };
  374. static ssize_t sel_write_load(struct file *file, const char __user *buf,
  375. size_t count, loff_t *ppos)
  376. {
  377. ssize_t length;
  378. void *data = NULL;
  379. mutex_lock(&sel_mutex);
  380. length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
  381. SECCLASS_SECURITY, SECURITY__LOAD_POLICY, NULL);
  382. if (length)
  383. goto out;
  384. /* No partial writes. */
  385. length = -EINVAL;
  386. if (*ppos != 0)
  387. goto out;
  388. length = -EFBIG;
  389. if (count > 64 * 1024 * 1024)
  390. goto out;
  391. length = -ENOMEM;
  392. data = vmalloc(count);
  393. if (!data)
  394. goto out;
  395. length = -EFAULT;
  396. if (copy_from_user(data, buf, count) != 0)
  397. goto out;
  398. length = security_load_policy(&selinux_state, data, count);
  399. if (length) {
  400. pr_warn_ratelimited("SELinux: failed to load policy\n");
  401. goto out;
  402. }
  403. length = sel_make_bools();
  404. if (length) {
  405. pr_err("SELinux: failed to load policy booleans\n");
  406. goto out1;
  407. }
  408. length = sel_make_classes();
  409. if (length) {
  410. pr_err("SELinux: failed to load policy classes\n");
  411. goto out1;
  412. }
  413. length = sel_make_policycap();
  414. if (length) {
  415. pr_err("SELinux: failed to load policy capabilities\n");
  416. goto out1;
  417. }
  418. length = count;
  419. out1:
  420. audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
  421. "policy loaded auid=%u ses=%u",
  422. from_kuid(&init_user_ns, audit_get_loginuid(current)),
  423. audit_get_sessionid(current));
  424. out:
  425. mutex_unlock(&sel_mutex);
  426. vfree(data);
  427. return length;
  428. }
  429. static const struct file_operations sel_load_ops = {
  430. .write = sel_write_load,
  431. .llseek = generic_file_llseek,
  432. };
  433. static ssize_t sel_write_context(struct file *file, char *buf, size_t size)
  434. {
  435. char *canon = NULL;
  436. u32 sid, len;
  437. ssize_t length;
  438. length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
  439. SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, NULL);
  440. if (length)
  441. goto out;
  442. length = security_context_to_sid(&selinux_state, buf, size,
  443. &sid, GFP_KERNEL);
  444. if (length)
  445. goto out;
  446. length = security_sid_to_context(&selinux_state, sid, &canon, &len);
  447. if (length)
  448. goto out;
  449. length = -ERANGE;
  450. if (len > SIMPLE_TRANSACTION_LIMIT) {
  451. printk(KERN_ERR "SELinux: %s: context size (%u) exceeds "
  452. "payload max\n", __func__, len);
  453. goto out;
  454. }
  455. memcpy(buf, canon, len);
  456. length = len;
  457. out:
  458. kfree(canon);
  459. return length;
  460. }
  461. static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf,
  462. size_t count, loff_t *ppos)
  463. {
  464. char tmpbuf[TMPBUFLEN];
  465. ssize_t length;
  466. length = scnprintf(tmpbuf, TMPBUFLEN, "%u", selinux_state.checkreqprot);
  467. return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
  468. }
  469. static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
  470. size_t count, loff_t *ppos)
  471. {
  472. char *page;
  473. ssize_t length;
  474. unsigned int new_value;
  475. length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
  476. SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT,
  477. NULL);
  478. if (length)
  479. return length;
  480. if (count >= PAGE_SIZE)
  481. return -ENOMEM;
  482. /* No partial writes. */
  483. if (*ppos != 0)
  484. return -EINVAL;
  485. page = memdup_user_nul(buf, count);
  486. if (IS_ERR(page))
  487. return PTR_ERR(page);
  488. length = -EINVAL;
  489. if (sscanf(page, "%u", &new_value) != 1)
  490. goto out;
  491. selinux_state.checkreqprot = new_value ? 1 : 0;
  492. length = count;
  493. out:
  494. kfree(page);
  495. return length;
  496. }
  497. static const struct file_operations sel_checkreqprot_ops = {
  498. .read = sel_read_checkreqprot,
  499. .write = sel_write_checkreqprot,
  500. .llseek = generic_file_llseek,
  501. };
  502. static ssize_t sel_write_validatetrans(struct file *file,
  503. const char __user *buf,
  504. size_t count, loff_t *ppos)
  505. {
  506. char *oldcon = NULL, *newcon = NULL, *taskcon = NULL;
  507. char *req = NULL;
  508. u32 osid, nsid, tsid;
  509. u16 tclass;
  510. int rc;
  511. rc = avc_has_perm(current_sid(), SECINITSID_SECURITY,
  512. SECCLASS_SECURITY, SECURITY__VALIDATE_TRANS, NULL);
  513. if (rc)
  514. goto out;
  515. rc = -ENOMEM;
  516. if (count >= PAGE_SIZE)
  517. goto out;
  518. /* No partial writes. */
  519. rc = -EINVAL;
  520. if (*ppos != 0)
  521. goto out;
  522. req = memdup_user_nul(buf, count);
  523. if (IS_ERR(req)) {
  524. rc = PTR_ERR(req);
  525. req = NULL;
  526. goto out;
  527. }
  528. rc = -ENOMEM;
  529. oldcon = kzalloc(count + 1, GFP_KERNEL);
  530. if (!oldcon)
  531. goto out;
  532. newcon = kzalloc(count + 1, GFP_KERNEL);
  533. if (!newcon)
  534. goto out;
  535. taskcon = kzalloc(count + 1, GFP_KERNEL);
  536. if (!taskcon)
  537. goto out;
  538. rc = -EINVAL;
  539. if (sscanf(req, "%s %s %hu %s", oldcon, newcon, &tclass, taskcon) != 4)
  540. goto out;
  541. rc = security_context_str_to_sid(&selinux_state, oldcon, &osid,
  542. GFP_KERNEL);
  543. if (rc)
  544. goto out;
  545. rc = security_context_str_to_sid(&selinux_state, newcon, &nsid,
  546. GFP_KERNEL);
  547. if (rc)
  548. goto out;
  549. rc = security_context_str_to_sid(&selinux_state, taskcon, &tsid,
  550. GFP_KERNEL);
  551. if (rc)
  552. goto out;
  553. rc = security_validate_transition_user(&selinux_state, osid, nsid,
  554. tsid, tclass);
  555. if (!rc)
  556. rc = count;
  557. out:
  558. kfree(req);
  559. kfree(oldcon);
  560. kfree(newcon);
  561. kfree(taskcon);
  562. return rc;
  563. }
  564. static const struct file_operations sel_transition_ops = {
  565. .write = sel_write_validatetrans,
  566. .llseek = generic_file_llseek,
  567. };
  568. /*
  569. * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c
  570. */
  571. static ssize_t sel_write_access(struct file *file, char *buf, size_t size);
  572. static ssize_t sel_write_create(struct file *file, char *buf, size_t size);
  573. static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size);
  574. static ssize_t sel_write_user(struct file *file, char *buf, size_t size);
  575. static ssize_t sel_write_member(struct file *file, char *buf, size_t size);
  576. static ssize_t (*write_op[])(struct file *, char *, size_t) = {
  577. [SEL_ACCESS] = sel_write_access,
  578. [SEL_CREATE] = sel_write_create,
  579. [SEL_RELABEL] = sel_write_relabel,
  580. [SEL_USER] = sel_write_user,
  581. [SEL_MEMBER] = sel_write_member,
  582. [SEL_CONTEXT] = sel_write_context,
  583. };
  584. static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos)
  585. {
  586. ino_t ino = file_inode(file)->i_ino;
  587. char *data;
  588. ssize_t rv;
  589. if (ino >= ARRAY_SIZE(write_op) || !write_op[ino])
  590. return -EINVAL;
  591. data = simple_transaction_get(file, buf, size);
  592. if (IS_ERR(data))
  593. return PTR_ERR(data);
  594. rv = write_op[ino](file, data, size);
  595. if (rv > 0) {
  596. simple_transaction_set(file, rv);
  597. rv = size;
  598. }
  599. return rv;
  600. }
  601. static const struct file_operations transaction_ops = {
  602. .write = selinux_transaction_write,
  603. .read = simple_transaction_read,
  604. .release = simple_transaction_release,
  605. .llseek = generic_file_llseek,
  606. };
  607. /*
  608. * payload - write methods
  609. * If the method has a response, the response should be put in buf,
  610. * and the length returned. Otherwise return 0 or and -error.
  611. */
  612. static ssize_t sel_write_access(struct file *file, char *buf, size_t size)
  613. {
  614. char *scon = NULL, *tcon = NULL;
  615. u32 ssid, tsid;
  616. u16 tclass;
  617. struct av_decision avd;
  618. ssize_t length;
  619. length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
  620. SECCLASS_SECURITY, SECURITY__COMPUTE_AV, NULL);
  621. if (length)
  622. goto out;
  623. length = -ENOMEM;
  624. scon = kzalloc(size + 1, GFP_KERNEL);
  625. if (!scon)
  626. goto out;
  627. length = -ENOMEM;
  628. tcon = kzalloc(size + 1, GFP_KERNEL);
  629. if (!tcon)
  630. goto out;
  631. length = -EINVAL;
  632. if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
  633. goto out;
  634. length = security_context_str_to_sid(&selinux_state, scon, &ssid,
  635. GFP_KERNEL);
  636. if (length)
  637. goto out;
  638. length = security_context_str_to_sid(&selinux_state, tcon, &tsid,
  639. GFP_KERNEL);
  640. if (length)
  641. goto out;
  642. security_compute_av_user(&selinux_state, ssid, tsid, tclass, &avd);
  643. length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT,
  644. "%x %x %x %x %u %x",
  645. avd.allowed, 0xffffffff,
  646. avd.auditallow, avd.auditdeny,
  647. avd.seqno, avd.flags);
  648. out:
  649. kfree(tcon);
  650. kfree(scon);
  651. return length;
  652. }
  653. static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
  654. {
  655. char *scon = NULL, *tcon = NULL;
  656. char *namebuf = NULL, *objname = NULL;
  657. u32 ssid, tsid, newsid;
  658. u16 tclass;
  659. ssize_t length;
  660. char *newcon = NULL;
  661. u32 len;
  662. int nargs;
  663. length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
  664. SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE,
  665. NULL);
  666. if (length)
  667. goto out;
  668. length = -ENOMEM;
  669. scon = kzalloc(size + 1, GFP_KERNEL);
  670. if (!scon)
  671. goto out;
  672. length = -ENOMEM;
  673. tcon = kzalloc(size + 1, GFP_KERNEL);
  674. if (!tcon)
  675. goto out;
  676. length = -ENOMEM;
  677. namebuf = kzalloc(size + 1, GFP_KERNEL);
  678. if (!namebuf)
  679. goto out;
  680. length = -EINVAL;
  681. nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf);
  682. if (nargs < 3 || nargs > 4)
  683. goto out;
  684. if (nargs == 4) {
  685. /*
  686. * If and when the name of new object to be queried contains
  687. * either whitespace or multibyte characters, they shall be
  688. * encoded based on the percentage-encoding rule.
  689. * If not encoded, the sscanf logic picks up only left-half
  690. * of the supplied name; splitted by a whitespace unexpectedly.
  691. */
  692. char *r, *w;
  693. int c1, c2;
  694. r = w = namebuf;
  695. do {
  696. c1 = *r++;
  697. if (c1 == '+')
  698. c1 = ' ';
  699. else if (c1 == '%') {
  700. c1 = hex_to_bin(*r++);
  701. if (c1 < 0)
  702. goto out;
  703. c2 = hex_to_bin(*r++);
  704. if (c2 < 0)
  705. goto out;
  706. c1 = (c1 << 4) | c2;
  707. }
  708. *w++ = c1;
  709. } while (c1 != '\0');
  710. objname = namebuf;
  711. }
  712. length = security_context_str_to_sid(&selinux_state, scon, &ssid,
  713. GFP_KERNEL);
  714. if (length)
  715. goto out;
  716. length = security_context_str_to_sid(&selinux_state, tcon, &tsid,
  717. GFP_KERNEL);
  718. if (length)
  719. goto out;
  720. length = security_transition_sid_user(&selinux_state, ssid, tsid,
  721. tclass, objname, &newsid);
  722. if (length)
  723. goto out;
  724. length = security_sid_to_context(&selinux_state, newsid, &newcon,
  725. &len);
  726. if (length)
  727. goto out;
  728. length = -ERANGE;
  729. if (len > SIMPLE_TRANSACTION_LIMIT) {
  730. printk(KERN_ERR "SELinux: %s: context size (%u) exceeds "
  731. "payload max\n", __func__, len);
  732. goto out;
  733. }
  734. memcpy(buf, newcon, len);
  735. length = len;
  736. out:
  737. kfree(newcon);
  738. kfree(namebuf);
  739. kfree(tcon);
  740. kfree(scon);
  741. return length;
  742. }
  743. static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size)
  744. {
  745. char *scon = NULL, *tcon = NULL;
  746. u32 ssid, tsid, newsid;
  747. u16 tclass;
  748. ssize_t length;
  749. char *newcon = NULL;
  750. u32 len;
  751. length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
  752. SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL,
  753. NULL);
  754. if (length)
  755. goto out;
  756. length = -ENOMEM;
  757. scon = kzalloc(size + 1, GFP_KERNEL);
  758. if (!scon)
  759. goto out;
  760. length = -ENOMEM;
  761. tcon = kzalloc(size + 1, GFP_KERNEL);
  762. if (!tcon)
  763. goto out;
  764. length = -EINVAL;
  765. if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
  766. goto out;
  767. length = security_context_str_to_sid(&selinux_state, scon, &ssid,
  768. GFP_KERNEL);
  769. if (length)
  770. goto out;
  771. length = security_context_str_to_sid(&selinux_state, tcon, &tsid,
  772. GFP_KERNEL);
  773. if (length)
  774. goto out;
  775. length = security_change_sid(&selinux_state, ssid, tsid, tclass,
  776. &newsid);
  777. if (length)
  778. goto out;
  779. length = security_sid_to_context(&selinux_state, newsid, &newcon,
  780. &len);
  781. if (length)
  782. goto out;
  783. length = -ERANGE;
  784. if (len > SIMPLE_TRANSACTION_LIMIT)
  785. goto out;
  786. memcpy(buf, newcon, len);
  787. length = len;
  788. out:
  789. kfree(newcon);
  790. kfree(tcon);
  791. kfree(scon);
  792. return length;
  793. }
  794. static ssize_t sel_write_user(struct file *file, char *buf, size_t size)
  795. {
  796. char *con = NULL, *user = NULL, *ptr;
  797. u32 sid, *sids = NULL;
  798. ssize_t length;
  799. char *newcon;
  800. int i, rc;
  801. u32 len, nsids;
  802. length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
  803. SECCLASS_SECURITY, SECURITY__COMPUTE_USER,
  804. NULL);
  805. if (length)
  806. goto out;
  807. length = -ENOMEM;
  808. con = kzalloc(size + 1, GFP_KERNEL);
  809. if (!con)
  810. goto out;
  811. length = -ENOMEM;
  812. user = kzalloc(size + 1, GFP_KERNEL);
  813. if (!user)
  814. goto out;
  815. length = -EINVAL;
  816. if (sscanf(buf, "%s %s", con, user) != 2)
  817. goto out;
  818. length = security_context_str_to_sid(&selinux_state, con, &sid,
  819. GFP_KERNEL);
  820. if (length)
  821. goto out;
  822. length = security_get_user_sids(&selinux_state, sid, user, &sids,
  823. &nsids);
  824. if (length)
  825. goto out;
  826. length = sprintf(buf, "%u", nsids) + 1;
  827. ptr = buf + length;
  828. for (i = 0; i < nsids; i++) {
  829. rc = security_sid_to_context(&selinux_state, sids[i],
  830. &newcon, &len);
  831. if (rc) {
  832. length = rc;
  833. goto out;
  834. }
  835. if ((length + len) >= SIMPLE_TRANSACTION_LIMIT) {
  836. kfree(newcon);
  837. length = -ERANGE;
  838. goto out;
  839. }
  840. memcpy(ptr, newcon, len);
  841. kfree(newcon);
  842. ptr += len;
  843. length += len;
  844. }
  845. out:
  846. kfree(sids);
  847. kfree(user);
  848. kfree(con);
  849. return length;
  850. }
  851. static ssize_t sel_write_member(struct file *file, char *buf, size_t size)
  852. {
  853. char *scon = NULL, *tcon = NULL;
  854. u32 ssid, tsid, newsid;
  855. u16 tclass;
  856. ssize_t length;
  857. char *newcon = NULL;
  858. u32 len;
  859. length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
  860. SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER,
  861. NULL);
  862. if (length)
  863. goto out;
  864. length = -ENOMEM;
  865. scon = kzalloc(size + 1, GFP_KERNEL);
  866. if (!scon)
  867. goto out;
  868. length = -ENOMEM;
  869. tcon = kzalloc(size + 1, GFP_KERNEL);
  870. if (!tcon)
  871. goto out;
  872. length = -EINVAL;
  873. if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
  874. goto out;
  875. length = security_context_str_to_sid(&selinux_state, scon, &ssid,
  876. GFP_KERNEL);
  877. if (length)
  878. goto out;
  879. length = security_context_str_to_sid(&selinux_state, tcon, &tsid,
  880. GFP_KERNEL);
  881. if (length)
  882. goto out;
  883. length = security_member_sid(&selinux_state, ssid, tsid, tclass,
  884. &newsid);
  885. if (length)
  886. goto out;
  887. length = security_sid_to_context(&selinux_state, newsid, &newcon,
  888. &len);
  889. if (length)
  890. goto out;
  891. length = -ERANGE;
  892. if (len > SIMPLE_TRANSACTION_LIMIT) {
  893. printk(KERN_ERR "SELinux: %s: context size (%u) exceeds "
  894. "payload max\n", __func__, len);
  895. goto out;
  896. }
  897. memcpy(buf, newcon, len);
  898. length = len;
  899. out:
  900. kfree(newcon);
  901. kfree(tcon);
  902. kfree(scon);
  903. return length;
  904. }
  905. static struct inode *sel_make_inode(struct super_block *sb, int mode)
  906. {
  907. struct inode *ret = new_inode(sb);
  908. if (ret) {
  909. ret->i_mode = mode;
  910. ret->i_atime = ret->i_mtime = ret->i_ctime = current_time(ret);
  911. }
  912. return ret;
  913. }
  914. static ssize_t sel_read_bool(struct file *filep, char __user *buf,
  915. size_t count, loff_t *ppos)
  916. {
  917. char *page = NULL;
  918. ssize_t length;
  919. ssize_t ret;
  920. int cur_enforcing;
  921. unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
  922. const char *name = filep->f_path.dentry->d_name.name;
  923. mutex_lock(&sel_mutex);
  924. ret = -EINVAL;
  925. if (index >= bool_num || strcmp(name, bool_pending_names[index]))
  926. goto out;
  927. ret = -ENOMEM;
  928. page = (char *)get_zeroed_page(GFP_KERNEL);
  929. if (!page)
  930. goto out;
  931. cur_enforcing = security_get_bool_value(&selinux_state, index);
  932. if (cur_enforcing < 0) {
  933. ret = cur_enforcing;
  934. goto out;
  935. }
  936. length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing,
  937. bool_pending_values[index]);
  938. ret = simple_read_from_buffer(buf, count, ppos, page, length);
  939. out:
  940. mutex_unlock(&sel_mutex);
  941. free_page((unsigned long)page);
  942. return ret;
  943. }
  944. static ssize_t sel_write_bool(struct file *filep, const char __user *buf,
  945. size_t count, loff_t *ppos)
  946. {
  947. char *page = NULL;
  948. ssize_t length;
  949. int new_value;
  950. unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
  951. const char *name = filep->f_path.dentry->d_name.name;
  952. mutex_lock(&sel_mutex);
  953. length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
  954. SECCLASS_SECURITY, SECURITY__SETBOOL,
  955. NULL);
  956. if (length)
  957. goto out;
  958. length = -EINVAL;
  959. if (index >= bool_num || strcmp(name, bool_pending_names[index]))
  960. goto out;
  961. length = -ENOMEM;
  962. if (count >= PAGE_SIZE)
  963. goto out;
  964. /* No partial writes. */
  965. length = -EINVAL;
  966. if (*ppos != 0)
  967. goto out;
  968. page = memdup_user_nul(buf, count);
  969. if (IS_ERR(page)) {
  970. length = PTR_ERR(page);
  971. page = NULL;
  972. goto out;
  973. }
  974. length = -EINVAL;
  975. if (sscanf(page, "%d", &new_value) != 1)
  976. goto out;
  977. if (new_value)
  978. new_value = 1;
  979. bool_pending_values[index] = new_value;
  980. length = count;
  981. out:
  982. mutex_unlock(&sel_mutex);
  983. kfree(page);
  984. return length;
  985. }
  986. static const struct file_operations sel_bool_ops = {
  987. .read = sel_read_bool,
  988. .write = sel_write_bool,
  989. .llseek = generic_file_llseek,
  990. };
  991. static ssize_t sel_commit_bools_write(struct file *filep,
  992. const char __user *buf,
  993. size_t count, loff_t *ppos)
  994. {
  995. char *page = NULL;
  996. ssize_t length;
  997. int new_value;
  998. mutex_lock(&sel_mutex);
  999. length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
  1000. SECCLASS_SECURITY, SECURITY__SETBOOL,
  1001. NULL);
  1002. if (length)
  1003. goto out;
  1004. length = -ENOMEM;
  1005. if (count >= PAGE_SIZE)
  1006. goto out;
  1007. /* No partial writes. */
  1008. length = -EINVAL;
  1009. if (*ppos != 0)
  1010. goto out;
  1011. page = memdup_user_nul(buf, count);
  1012. if (IS_ERR(page)) {
  1013. length = PTR_ERR(page);
  1014. page = NULL;
  1015. goto out;
  1016. }
  1017. length = -EINVAL;
  1018. if (sscanf(page, "%d", &new_value) != 1)
  1019. goto out;
  1020. length = 0;
  1021. if (new_value && bool_pending_values)
  1022. length = security_set_bools(&selinux_state, bool_num,
  1023. bool_pending_values);
  1024. if (!length)
  1025. length = count;
  1026. out:
  1027. mutex_unlock(&sel_mutex);
  1028. kfree(page);
  1029. return length;
  1030. }
  1031. static const struct file_operations sel_commit_bools_ops = {
  1032. .write = sel_commit_bools_write,
  1033. .llseek = generic_file_llseek,
  1034. };
  1035. static void sel_remove_entries(struct dentry *de)
  1036. {
  1037. d_genocide(de);
  1038. shrink_dcache_parent(de);
  1039. }
  1040. #define BOOL_DIR_NAME "booleans"
  1041. static int sel_make_bools(void)
  1042. {
  1043. int i, ret;
  1044. ssize_t len;
  1045. struct dentry *dentry = NULL;
  1046. struct dentry *dir = bool_dir;
  1047. struct inode *inode = NULL;
  1048. struct inode_security_struct *isec;
  1049. char **names = NULL, *page;
  1050. int num;
  1051. int *values = NULL;
  1052. u32 sid;
  1053. /* remove any existing files */
  1054. for (i = 0; i < bool_num; i++)
  1055. kfree(bool_pending_names[i]);
  1056. kfree(bool_pending_names);
  1057. kfree(bool_pending_values);
  1058. bool_num = 0;
  1059. bool_pending_names = NULL;
  1060. bool_pending_values = NULL;
  1061. sel_remove_entries(dir);
  1062. ret = -ENOMEM;
  1063. page = (char *)get_zeroed_page(GFP_KERNEL);
  1064. if (!page)
  1065. goto out;
  1066. ret = security_get_bools(&selinux_state, &num, &names, &values);
  1067. if (ret)
  1068. goto out;
  1069. for (i = 0; i < num; i++) {
  1070. ret = -ENOMEM;
  1071. dentry = d_alloc_name(dir, names[i]);
  1072. if (!dentry)
  1073. goto out;
  1074. ret = -ENOMEM;
  1075. inode = sel_make_inode(dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR);
  1076. if (!inode)
  1077. goto out;
  1078. ret = -ENAMETOOLONG;
  1079. len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]);
  1080. if (len >= PAGE_SIZE)
  1081. goto out;
  1082. isec = (struct inode_security_struct *)inode->i_security;
  1083. ret = security_genfs_sid(&selinux_state, "selinuxfs", page,
  1084. SECCLASS_FILE, &sid);
  1085. if (ret) {
  1086. pr_warn_ratelimited("SELinux: no sid found, defaulting to security isid for %s\n",
  1087. page);
  1088. sid = SECINITSID_SECURITY;
  1089. }
  1090. isec->sid = sid;
  1091. isec->initialized = LABEL_INITIALIZED;
  1092. inode->i_fop = &sel_bool_ops;
  1093. inode->i_ino = i|SEL_BOOL_INO_OFFSET;
  1094. d_add(dentry, inode);
  1095. }
  1096. bool_num = num;
  1097. bool_pending_names = names;
  1098. bool_pending_values = values;
  1099. free_page((unsigned long)page);
  1100. return 0;
  1101. out:
  1102. free_page((unsigned long)page);
  1103. if (names) {
  1104. for (i = 0; i < num; i++)
  1105. kfree(names[i]);
  1106. kfree(names);
  1107. }
  1108. kfree(values);
  1109. sel_remove_entries(dir);
  1110. return ret;
  1111. }
  1112. #define NULL_FILE_NAME "null"
  1113. struct path selinux_null;
  1114. static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf,
  1115. size_t count, loff_t *ppos)
  1116. {
  1117. char tmpbuf[TMPBUFLEN];
  1118. ssize_t length;
  1119. length = scnprintf(tmpbuf, TMPBUFLEN, "%u", avc_cache_threshold);
  1120. return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
  1121. }
  1122. static ssize_t sel_write_avc_cache_threshold(struct file *file,
  1123. const char __user *buf,
  1124. size_t count, loff_t *ppos)
  1125. {
  1126. char *page;
  1127. ssize_t ret;
  1128. unsigned int new_value;
  1129. ret = avc_has_perm(current_sid(), SECINITSID_SECURITY,
  1130. SECCLASS_SECURITY, SECURITY__SETSECPARAM,
  1131. NULL);
  1132. if (ret)
  1133. return ret;
  1134. if (count >= PAGE_SIZE)
  1135. return -ENOMEM;
  1136. /* No partial writes. */
  1137. if (*ppos != 0)
  1138. return -EINVAL;
  1139. page = memdup_user_nul(buf, count);
  1140. if (IS_ERR(page))
  1141. return PTR_ERR(page);
  1142. ret = -EINVAL;
  1143. if (sscanf(page, "%u", &new_value) != 1)
  1144. goto out;
  1145. avc_cache_threshold = new_value;
  1146. ret = count;
  1147. out:
  1148. kfree(page);
  1149. return ret;
  1150. }
  1151. static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf,
  1152. size_t count, loff_t *ppos)
  1153. {
  1154. char *page;
  1155. ssize_t length;
  1156. page = (char *)__get_free_page(GFP_KERNEL);
  1157. if (!page)
  1158. return -ENOMEM;
  1159. length = avc_get_hash_stats(page);
  1160. if (length >= 0)
  1161. length = simple_read_from_buffer(buf, count, ppos, page, length);
  1162. free_page((unsigned long)page);
  1163. return length;
  1164. }
  1165. static const struct file_operations sel_avc_cache_threshold_ops = {
  1166. .read = sel_read_avc_cache_threshold,
  1167. .write = sel_write_avc_cache_threshold,
  1168. .llseek = generic_file_llseek,
  1169. };
  1170. static const struct file_operations sel_avc_hash_stats_ops = {
  1171. .read = sel_read_avc_hash_stats,
  1172. .llseek = generic_file_llseek,
  1173. };
  1174. #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
  1175. static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx)
  1176. {
  1177. int cpu;
  1178. for (cpu = *idx; cpu < nr_cpu_ids; ++cpu) {
  1179. if (!cpu_possible(cpu))
  1180. continue;
  1181. *idx = cpu + 1;
  1182. return &per_cpu(avc_cache_stats, cpu);
  1183. }
  1184. return NULL;
  1185. }
  1186. static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos)
  1187. {
  1188. loff_t n = *pos - 1;
  1189. if (*pos == 0)
  1190. return SEQ_START_TOKEN;
  1191. return sel_avc_get_stat_idx(&n);
  1192. }
  1193. static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos)
  1194. {
  1195. return sel_avc_get_stat_idx(pos);
  1196. }
  1197. static int sel_avc_stats_seq_show(struct seq_file *seq, void *v)
  1198. {
  1199. struct avc_cache_stats *st = v;
  1200. if (v == SEQ_START_TOKEN) {
  1201. seq_puts(seq,
  1202. "lookups hits misses allocations reclaims frees\n");
  1203. } else {
  1204. unsigned int lookups = st->lookups;
  1205. unsigned int misses = st->misses;
  1206. unsigned int hits = lookups - misses;
  1207. seq_printf(seq, "%u %u %u %u %u %u\n", lookups,
  1208. hits, misses, st->allocations,
  1209. st->reclaims, st->frees);
  1210. }
  1211. return 0;
  1212. }
  1213. static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v)
  1214. { }
  1215. static const struct seq_operations sel_avc_cache_stats_seq_ops = {
  1216. .start = sel_avc_stats_seq_start,
  1217. .next = sel_avc_stats_seq_next,
  1218. .show = sel_avc_stats_seq_show,
  1219. .stop = sel_avc_stats_seq_stop,
  1220. };
  1221. static int sel_open_avc_cache_stats(struct inode *inode, struct file *file)
  1222. {
  1223. return seq_open(file, &sel_avc_cache_stats_seq_ops);
  1224. }
  1225. static const struct file_operations sel_avc_cache_stats_ops = {
  1226. .open = sel_open_avc_cache_stats,
  1227. .read = seq_read,
  1228. .llseek = seq_lseek,
  1229. .release = seq_release,
  1230. };
  1231. #endif
  1232. static int sel_make_avc_files(struct dentry *dir)
  1233. {
  1234. int i;
  1235. static const struct tree_descr files[] = {
  1236. { "cache_threshold",
  1237. &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR },
  1238. { "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO },
  1239. #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
  1240. { "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO },
  1241. #endif
  1242. };
  1243. for (i = 0; i < ARRAY_SIZE(files); i++) {
  1244. struct inode *inode;
  1245. struct dentry *dentry;
  1246. dentry = d_alloc_name(dir, files[i].name);
  1247. if (!dentry)
  1248. return -ENOMEM;
  1249. inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode);
  1250. if (!inode)
  1251. return -ENOMEM;
  1252. inode->i_fop = files[i].ops;
  1253. inode->i_ino = ++sel_last_ino;
  1254. d_add(dentry, inode);
  1255. }
  1256. return 0;
  1257. }
  1258. static ssize_t sel_read_initcon(struct file *file, char __user *buf,
  1259. size_t count, loff_t *ppos)
  1260. {
  1261. char *con;
  1262. u32 sid, len;
  1263. ssize_t ret;
  1264. sid = file_inode(file)->i_ino&SEL_INO_MASK;
  1265. ret = security_sid_to_context(&selinux_state, sid, &con, &len);
  1266. if (ret)
  1267. return ret;
  1268. ret = simple_read_from_buffer(buf, count, ppos, con, len);
  1269. kfree(con);
  1270. return ret;
  1271. }
  1272. static const struct file_operations sel_initcon_ops = {
  1273. .read = sel_read_initcon,
  1274. .llseek = generic_file_llseek,
  1275. };
  1276. static int sel_make_initcon_files(struct dentry *dir)
  1277. {
  1278. int i;
  1279. for (i = 1; i <= SECINITSID_NUM; i++) {
  1280. struct inode *inode;
  1281. struct dentry *dentry;
  1282. dentry = d_alloc_name(dir, security_get_initial_sid_context(i));
  1283. if (!dentry)
  1284. return -ENOMEM;
  1285. inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
  1286. if (!inode)
  1287. return -ENOMEM;
  1288. inode->i_fop = &sel_initcon_ops;
  1289. inode->i_ino = i|SEL_INITCON_INO_OFFSET;
  1290. d_add(dentry, inode);
  1291. }
  1292. return 0;
  1293. }
  1294. static inline unsigned long sel_class_to_ino(u16 class)
  1295. {
  1296. return (class * (SEL_VEC_MAX + 1)) | SEL_CLASS_INO_OFFSET;
  1297. }
  1298. static inline u16 sel_ino_to_class(unsigned long ino)
  1299. {
  1300. return (ino & SEL_INO_MASK) / (SEL_VEC_MAX + 1);
  1301. }
  1302. static inline unsigned long sel_perm_to_ino(u16 class, u32 perm)
  1303. {
  1304. return (class * (SEL_VEC_MAX + 1) + perm) | SEL_CLASS_INO_OFFSET;
  1305. }
  1306. static inline u32 sel_ino_to_perm(unsigned long ino)
  1307. {
  1308. return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1);
  1309. }
  1310. static ssize_t sel_read_class(struct file *file, char __user *buf,
  1311. size_t count, loff_t *ppos)
  1312. {
  1313. unsigned long ino = file_inode(file)->i_ino;
  1314. char res[TMPBUFLEN];
  1315. ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_class(ino));
  1316. return simple_read_from_buffer(buf, count, ppos, res, len);
  1317. }
  1318. static const struct file_operations sel_class_ops = {
  1319. .read = sel_read_class,
  1320. .llseek = generic_file_llseek,
  1321. };
  1322. static ssize_t sel_read_perm(struct file *file, char __user *buf,
  1323. size_t count, loff_t *ppos)
  1324. {
  1325. unsigned long ino = file_inode(file)->i_ino;
  1326. char res[TMPBUFLEN];
  1327. ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino));
  1328. return simple_read_from_buffer(buf, count, ppos, res, len);
  1329. }
  1330. static const struct file_operations sel_perm_ops = {
  1331. .read = sel_read_perm,
  1332. .llseek = generic_file_llseek,
  1333. };
  1334. static ssize_t sel_read_policycap(struct file *file, char __user *buf,
  1335. size_t count, loff_t *ppos)
  1336. {
  1337. int value;
  1338. char tmpbuf[TMPBUFLEN];
  1339. ssize_t length;
  1340. unsigned long i_ino = file_inode(file)->i_ino;
  1341. value = security_policycap_supported(&selinux_state,
  1342. i_ino & SEL_INO_MASK);
  1343. length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value);
  1344. return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
  1345. }
  1346. static const struct file_operations sel_policycap_ops = {
  1347. .read = sel_read_policycap,
  1348. .llseek = generic_file_llseek,
  1349. };
  1350. static int sel_make_perm_files(char *objclass, int classvalue,
  1351. struct dentry *dir)
  1352. {
  1353. int i, rc, nperms;
  1354. char **perms;
  1355. rc = security_get_permissions(&selinux_state, objclass, &perms,
  1356. &nperms);
  1357. if (rc)
  1358. return rc;
  1359. for (i = 0; i < nperms; i++) {
  1360. struct inode *inode;
  1361. struct dentry *dentry;
  1362. rc = -ENOMEM;
  1363. dentry = d_alloc_name(dir, perms[i]);
  1364. if (!dentry)
  1365. goto out;
  1366. rc = -ENOMEM;
  1367. inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
  1368. if (!inode)
  1369. goto out;
  1370. inode->i_fop = &sel_perm_ops;
  1371. /* i+1 since perm values are 1-indexed */
  1372. inode->i_ino = sel_perm_to_ino(classvalue, i + 1);
  1373. d_add(dentry, inode);
  1374. }
  1375. rc = 0;
  1376. out:
  1377. for (i = 0; i < nperms; i++)
  1378. kfree(perms[i]);
  1379. kfree(perms);
  1380. return rc;
  1381. }
  1382. static int sel_make_class_dir_entries(char *classname, int index,
  1383. struct dentry *dir)
  1384. {
  1385. struct dentry *dentry = NULL;
  1386. struct inode *inode = NULL;
  1387. int rc;
  1388. dentry = d_alloc_name(dir, "index");
  1389. if (!dentry)
  1390. return -ENOMEM;
  1391. inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
  1392. if (!inode)
  1393. return -ENOMEM;
  1394. inode->i_fop = &sel_class_ops;
  1395. inode->i_ino = sel_class_to_ino(index);
  1396. d_add(dentry, inode);
  1397. dentry = sel_make_dir(dir, "perms", &last_class_ino);
  1398. if (IS_ERR(dentry))
  1399. return PTR_ERR(dentry);
  1400. rc = sel_make_perm_files(classname, index, dentry);
  1401. return rc;
  1402. }
  1403. static int sel_make_classes(void)
  1404. {
  1405. int rc, nclasses, i;
  1406. char **classes;
  1407. /* delete any existing entries */
  1408. sel_remove_entries(class_dir);
  1409. rc = security_get_classes(&selinux_state, &classes, &nclasses);
  1410. if (rc)
  1411. return rc;
  1412. /* +2 since classes are 1-indexed */
  1413. last_class_ino = sel_class_to_ino(nclasses + 2);
  1414. for (i = 0; i < nclasses; i++) {
  1415. struct dentry *class_name_dir;
  1416. class_name_dir = sel_make_dir(class_dir, classes[i],
  1417. &last_class_ino);
  1418. if (IS_ERR(class_name_dir)) {
  1419. rc = PTR_ERR(class_name_dir);
  1420. goto out;
  1421. }
  1422. /* i+1 since class values are 1-indexed */
  1423. rc = sel_make_class_dir_entries(classes[i], i + 1,
  1424. class_name_dir);
  1425. if (rc)
  1426. goto out;
  1427. }
  1428. rc = 0;
  1429. out:
  1430. for (i = 0; i < nclasses; i++)
  1431. kfree(classes[i]);
  1432. kfree(classes);
  1433. return rc;
  1434. }
  1435. static int sel_make_policycap(void)
  1436. {
  1437. unsigned int iter;
  1438. struct dentry *dentry = NULL;
  1439. struct inode *inode = NULL;
  1440. sel_remove_entries(policycap_dir);
  1441. for (iter = 0; iter <= POLICYDB_CAPABILITY_MAX; iter++) {
  1442. if (iter < ARRAY_SIZE(selinux_policycap_names))
  1443. dentry = d_alloc_name(policycap_dir,
  1444. selinux_policycap_names[iter]);
  1445. else
  1446. dentry = d_alloc_name(policycap_dir, "unknown");
  1447. if (dentry == NULL)
  1448. return -ENOMEM;
  1449. inode = sel_make_inode(policycap_dir->d_sb, S_IFREG | S_IRUGO);
  1450. if (inode == NULL)
  1451. return -ENOMEM;
  1452. inode->i_fop = &sel_policycap_ops;
  1453. inode->i_ino = iter | SEL_POLICYCAP_INO_OFFSET;
  1454. d_add(dentry, inode);
  1455. }
  1456. return 0;
  1457. }
  1458. static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
  1459. unsigned long *ino)
  1460. {
  1461. struct dentry *dentry = d_alloc_name(dir, name);
  1462. struct inode *inode;
  1463. if (!dentry)
  1464. return ERR_PTR(-ENOMEM);
  1465. inode = sel_make_inode(dir->d_sb, S_IFDIR | S_IRUGO | S_IXUGO);
  1466. if (!inode) {
  1467. dput(dentry);
  1468. return ERR_PTR(-ENOMEM);
  1469. }
  1470. inode->i_op = &simple_dir_inode_operations;
  1471. inode->i_fop = &simple_dir_operations;
  1472. inode->i_ino = ++(*ino);
  1473. /* directory inodes start off with i_nlink == 2 (for "." entry) */
  1474. inc_nlink(inode);
  1475. d_add(dentry, inode);
  1476. /* bump link count on parent directory, too */
  1477. inc_nlink(d_inode(dir));
  1478. return dentry;
  1479. }
  1480. static int sel_fill_super(struct super_block *sb, void *data, int silent)
  1481. {
  1482. int ret;
  1483. struct dentry *dentry;
  1484. struct inode *inode;
  1485. struct inode_security_struct *isec;
  1486. static const struct tree_descr selinux_files[] = {
  1487. [SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR},
  1488. [SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR},
  1489. [SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO},
  1490. [SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO},
  1491. [SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO},
  1492. [SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO},
  1493. [SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO},
  1494. [SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO},
  1495. [SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR},
  1496. [SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO},
  1497. [SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR},
  1498. [SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO},
  1499. [SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR},
  1500. [SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO},
  1501. [SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO},
  1502. [SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO},
  1503. [SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO},
  1504. [SEL_VALIDATE_TRANS] = {"validatetrans", &sel_transition_ops,
  1505. S_IWUGO},
  1506. /* last one */ {""}
  1507. };
  1508. ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);
  1509. if (ret)
  1510. goto err;
  1511. bool_dir = sel_make_dir(sb->s_root, BOOL_DIR_NAME, &sel_last_ino);
  1512. if (IS_ERR(bool_dir)) {
  1513. ret = PTR_ERR(bool_dir);
  1514. bool_dir = NULL;
  1515. goto err;
  1516. }
  1517. ret = -ENOMEM;
  1518. dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME);
  1519. if (!dentry)
  1520. goto err;
  1521. ret = -ENOMEM;
  1522. inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO);
  1523. if (!inode)
  1524. goto err;
  1525. inode->i_ino = ++sel_last_ino;
  1526. isec = (struct inode_security_struct *)inode->i_security;
  1527. isec->sid = SECINITSID_DEVNULL;
  1528. isec->sclass = SECCLASS_CHR_FILE;
  1529. isec->initialized = LABEL_INITIALIZED;
  1530. init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3));
  1531. d_add(dentry, inode);
  1532. selinux_null.dentry = dentry;
  1533. dentry = sel_make_dir(sb->s_root, "avc", &sel_last_ino);
  1534. if (IS_ERR(dentry)) {
  1535. ret = PTR_ERR(dentry);
  1536. goto err;
  1537. }
  1538. ret = sel_make_avc_files(dentry);
  1539. if (ret)
  1540. goto err;
  1541. dentry = sel_make_dir(sb->s_root, "initial_contexts", &sel_last_ino);
  1542. if (IS_ERR(dentry)) {
  1543. ret = PTR_ERR(dentry);
  1544. goto err;
  1545. }
  1546. ret = sel_make_initcon_files(dentry);
  1547. if (ret)
  1548. goto err;
  1549. class_dir = sel_make_dir(sb->s_root, "class", &sel_last_ino);
  1550. if (IS_ERR(class_dir)) {
  1551. ret = PTR_ERR(class_dir);
  1552. class_dir = NULL;
  1553. goto err;
  1554. }
  1555. policycap_dir = sel_make_dir(sb->s_root, "policy_capabilities", &sel_last_ino);
  1556. if (IS_ERR(policycap_dir)) {
  1557. ret = PTR_ERR(policycap_dir);
  1558. policycap_dir = NULL;
  1559. goto err;
  1560. }
  1561. return 0;
  1562. err:
  1563. printk(KERN_ERR "SELinux: %s: failed while creating inodes\n",
  1564. __func__);
  1565. return ret;
  1566. }
  1567. static struct dentry *sel_mount(struct file_system_type *fs_type,
  1568. int flags, const char *dev_name, void *data)
  1569. {
  1570. return mount_single(fs_type, flags, data, sel_fill_super);
  1571. }
  1572. static struct file_system_type sel_fs_type = {
  1573. .name = "selinuxfs",
  1574. .mount = sel_mount,
  1575. .kill_sb = kill_litter_super,
  1576. };
  1577. struct vfsmount *selinuxfs_mount;
  1578. static int __init init_sel_fs(void)
  1579. {
  1580. int err;
  1581. if (!selinux_enabled)
  1582. return 0;
  1583. err = sysfs_create_mount_point(fs_kobj, "selinux");
  1584. if (err)
  1585. return err;
  1586. err = register_filesystem(&sel_fs_type);
  1587. if (err) {
  1588. sysfs_remove_mount_point(fs_kobj, "selinux");
  1589. return err;
  1590. }
  1591. selinux_null.mnt = selinuxfs_mount = kern_mount(&sel_fs_type);
  1592. if (IS_ERR(selinuxfs_mount)) {
  1593. printk(KERN_ERR "selinuxfs: could not mount!\n");
  1594. err = PTR_ERR(selinuxfs_mount);
  1595. selinuxfs_mount = NULL;
  1596. }
  1597. return err;
  1598. }
  1599. __initcall(init_sel_fs);
  1600. #ifdef CONFIG_SECURITY_SELINUX_DISABLE
  1601. void exit_sel_fs(void)
  1602. {
  1603. sysfs_remove_mount_point(fs_kobj, "selinux");
  1604. kern_unmount(selinuxfs_mount);
  1605. unregister_filesystem(&sel_fs_type);
  1606. }
  1607. #endif