~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/selinux/hooks.c

Version: ~ [ linux-5.10-rc1 ] ~ [ linux-5.9.1 ] ~ [ linux-5.8.16 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.72 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.152 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.202 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.240 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.240 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.85 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  *  NSA Security-Enhanced Linux (SELinux) security module
  3  *
  4  *  This file contains the SELinux hook function implementations.
  5  *
  6  *  Authors:  Stephen Smalley, <sds@epoch.ncsc.mil>
  7  *            Chris Vance, <cvance@nai.com>
  8  *            Wayne Salamon, <wsalamon@nai.com>
  9  *            James Morris <jmorris@redhat.com>
 10  *
 11  *  Copyright (C) 2001,2002 Networks Associates Technology, Inc.
 12  *  Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
 13  *
 14  *      This program is free software; you can redistribute it and/or modify
 15  *      it under the terms of the GNU General Public License version 2,
 16  *      as published by the Free Software Foundation.
 17  */
 18 
 19 #define XATTR_SECURITY_PREFIX "security."
 20 #define XATTR_SELINUX_SUFFIX "selinux"
 21 #define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX
 22 
 23 #include <linux/config.h>
 24 #include <linux/module.h>
 25 #include <linux/init.h>
 26 #include <linux/kernel.h>
 27 #include <linux/ptrace.h>
 28 #include <linux/errno.h>
 29 #include <linux/sched.h>
 30 #include <linux/security.h>
 31 #include <linux/xattr.h>
 32 #include <linux/capability.h>
 33 #include <linux/unistd.h>
 34 #include <linux/mm.h>
 35 #include <linux/mman.h>
 36 #include <linux/slab.h>
 37 #include <linux/pagemap.h>
 38 #include <linux/swap.h>
 39 #include <linux/smp_lock.h>
 40 #include <linux/spinlock.h>
 41 #include <linux/file.h>
 42 #include <linux/namei.h>
 43 #include <linux/mount.h>
 44 #include <linux/ext2_fs.h>
 45 #include <linux/proc_fs.h>
 46 #include <linux/kd.h>
 47 #include <net/icmp.h>
 48 #include <net/ip.h>             /* for sysctl_local_port_range[] */
 49 #include <net/tcp.h>            /* struct or_callable used in sock_rcv_skb */
 50 #include <asm/uaccess.h>
 51 #include <asm/semaphore.h>
 52 #include <asm/ioctls.h>
 53 #include <linux/bitops.h>
 54 #include <linux/interrupt.h>
 55 #include <linux/netdevice.h>    /* for network interface checks */
 56 #include <linux/netlink.h>
 57 #include <linux/tcp.h>
 58 #include <linux/quota.h>
 59 #include <linux/un.h>           /* for Unix socket types */
 60 #include <net/af_unix.h>        /* for Unix socket types */
 61 
 62 #include "avc.h"
 63 #include "objsec.h"
 64 
 65 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
 66 int selinux_enforcing = 0;
 67 
 68 static int __init enforcing_setup(char *str)
 69 {
 70         selinux_enforcing = simple_strtol(str,NULL,0);
 71         return 1;
 72 }
 73 __setup("enforcing=", enforcing_setup);
 74 #endif
 75 
 76 #ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
 77 int selinux_enabled = 1;
 78 
 79 static int __init selinux_enabled_setup(char *str)
 80 {
 81         selinux_enabled = simple_strtol(str, NULL, 0);
 82         return 1;
 83 }
 84 __setup("selinux=", selinux_enabled_setup);
 85 #endif
 86 
 87 /* Original (dummy) security module. */
 88 static struct security_operations *original_ops = NULL;
 89 
 90 /* Minimal support for a secondary security module,
 91    just to allow the use of the dummy or capability modules.
 92    The owlsm module can alternatively be used as a secondary
 93    module as long as CONFIG_OWLSM_FD is not enabled. */
 94 static struct security_operations *secondary_ops = NULL;
 95 
 96 /* Lists of inode and superblock security structures initialized
 97    before the policy was loaded. */
 98 static LIST_HEAD(superblock_security_head);
 99 static spinlock_t sb_security_lock = SPIN_LOCK_UNLOCKED;
100 
101 /* Allocate and free functions for each kind of security blob. */
102 
103 static int task_alloc_security(struct task_struct *task)
104 {
105         struct task_security_struct *tsec;
106 
107         tsec = kmalloc(sizeof(struct task_security_struct), GFP_KERNEL);
108         if (!tsec)
109                 return -ENOMEM;
110 
111         memset(tsec, 0, sizeof(struct task_security_struct));
112         tsec->magic = SELINUX_MAGIC;
113         tsec->task = task;
114         tsec->osid = tsec->sid = SECINITSID_UNLABELED;
115         task->security = tsec;
116 
117         return 0;
118 }
119 
120 static void task_free_security(struct task_struct *task)
121 {
122         struct task_security_struct *tsec = task->security;
123 
124         if (!tsec || tsec->magic != SELINUX_MAGIC)
125                 return;
126 
127         task->security = NULL;
128         kfree(tsec);
129 }
130 
131 static int inode_alloc_security(struct inode *inode)
132 {
133         struct task_security_struct *tsec = current->security;
134         struct inode_security_struct *isec;
135 
136         isec = kmalloc(sizeof(struct inode_security_struct), GFP_KERNEL);
137         if (!isec)
138                 return -ENOMEM;
139 
140         memset(isec, 0, sizeof(struct inode_security_struct));
141         init_MUTEX(&isec->sem);
142         INIT_LIST_HEAD(&isec->list);
143         isec->magic = SELINUX_MAGIC;
144         isec->inode = inode;
145         isec->sid = SECINITSID_UNLABELED;
146         isec->sclass = SECCLASS_FILE;
147         if (tsec && tsec->magic == SELINUX_MAGIC)
148                 isec->task_sid = tsec->sid;
149         else
150                 isec->task_sid = SECINITSID_UNLABELED;
151         inode->i_security = isec;
152 
153         return 0;
154 }
155 
156 static void inode_free_security(struct inode *inode)
157 {
158         struct inode_security_struct *isec = inode->i_security;
159         struct superblock_security_struct *sbsec = inode->i_sb->s_security;
160 
161         if (!isec || isec->magic != SELINUX_MAGIC)
162                 return;
163 
164         spin_lock(&sbsec->isec_lock);
165         if (!list_empty(&isec->list))
166                 list_del_init(&isec->list);
167         spin_unlock(&sbsec->isec_lock);
168 
169         inode->i_security = NULL;
170         kfree(isec);
171 }
172 
173 static int file_alloc_security(struct file *file)
174 {
175         struct task_security_struct *tsec = current->security;
176         struct file_security_struct *fsec;
177 
178         fsec = kmalloc(sizeof(struct file_security_struct), GFP_ATOMIC);
179         if (!fsec)
180                 return -ENOMEM;
181 
182         memset(fsec, 0, sizeof(struct file_security_struct));
183         fsec->magic = SELINUX_MAGIC;
184         fsec->file = file;
185         if (tsec && tsec->magic == SELINUX_MAGIC) {
186                 fsec->sid = tsec->sid;
187                 fsec->fown_sid = tsec->sid;
188         } else {
189                 fsec->sid = SECINITSID_UNLABELED;
190                 fsec->fown_sid = SECINITSID_UNLABELED;
191         }
192         file->f_security = fsec;
193 
194         return 0;
195 }
196 
197 static void file_free_security(struct file *file)
198 {
199         struct file_security_struct *fsec = file->f_security;
200 
201         if (!fsec || fsec->magic != SELINUX_MAGIC)
202                 return;
203 
204         file->f_security = NULL;
205         kfree(fsec);
206 }
207 
208 static int superblock_alloc_security(struct super_block *sb)
209 {
210         struct superblock_security_struct *sbsec;
211 
212         sbsec = kmalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
213         if (!sbsec)
214                 return -ENOMEM;
215 
216         memset(sbsec, 0, sizeof(struct superblock_security_struct));
217         init_MUTEX(&sbsec->sem);
218         INIT_LIST_HEAD(&sbsec->list);
219         INIT_LIST_HEAD(&sbsec->isec_head);
220         spin_lock_init(&sbsec->isec_lock);
221         sbsec->magic = SELINUX_MAGIC;
222         sbsec->sb = sb;
223         sbsec->sid = SECINITSID_UNLABELED;
224         sb->s_security = sbsec;
225 
226         return 0;
227 }
228 
229 static void superblock_free_security(struct super_block *sb)
230 {
231         struct superblock_security_struct *sbsec = sb->s_security;
232 
233         if (!sbsec || sbsec->magic != SELINUX_MAGIC)
234                 return;
235 
236         spin_lock(&sb_security_lock);
237         if (!list_empty(&sbsec->list))
238                 list_del_init(&sbsec->list);
239         spin_unlock(&sb_security_lock);
240 
241         sb->s_security = NULL;
242         kfree(sbsec);
243 }
244 
245 /* The security server must be initialized before
246    any labeling or access decisions can be provided. */
247 extern int ss_initialized;
248 
249 /* The file system's label must be initialized prior to use. */
250 
251 static char *labeling_behaviors[5] = {
252         "uses xattr",
253         "uses transition SIDs",
254         "uses task SIDs",
255         "uses genfs_contexts",
256         "not configured for labeling"
257 };
258 
259 static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
260 
261 static inline int inode_doinit(struct inode *inode)
262 {
263         return inode_doinit_with_dentry(inode, NULL);
264 }
265 
266 static int superblock_doinit(struct super_block *sb)
267 {
268         struct superblock_security_struct *sbsec = sb->s_security;
269         struct dentry *root = sb->s_root;
270         struct inode *inode = root->d_inode;
271         int rc = 0;
272 
273         down(&sbsec->sem);
274         if (sbsec->initialized)
275                 goto out;
276 
277         if (!ss_initialized) {
278                 /* Defer initialization until selinux_complete_init,
279                    after the initial policy is loaded and the security
280                    server is ready to handle calls. */
281                 spin_lock(&sb_security_lock);
282                 if (list_empty(&sbsec->list))
283                         list_add(&sbsec->list, &superblock_security_head);
284                 spin_unlock(&sb_security_lock);
285                 goto out;
286         }
287 
288         /* Determine the labeling behavior to use for this filesystem type. */
289         rc = security_fs_use(sb->s_type->name, &sbsec->behavior, &sbsec->sid);
290         if (rc) {
291                 printk(KERN_WARNING "%s:  security_fs_use(%s) returned %d\n",
292                        __FUNCTION__, sb->s_type->name, rc);
293                 goto out;
294         }
295 
296         if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
297                 /* Make sure that the xattr handler exists and that no
298                    error other than -ENODATA is returned by getxattr on
299                    the root directory.  -ENODATA is ok, as this may be
300                    the first boot of the SELinux kernel before we have
301                    assigned xattr values to the filesystem. */
302                 if (!inode->i_op->getxattr) {
303                         printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
304                                "xattr support\n", sb->s_id, sb->s_type->name);
305                         rc = -EOPNOTSUPP;
306                         goto out;
307                 }
308                 rc = inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
309                 if (rc < 0 && rc != -ENODATA) {
310                         if (rc == -EOPNOTSUPP)
311                                 printk(KERN_WARNING "SELinux: (dev %s, type "
312                                        "%s) has no security xattr handler\n",
313                                        sb->s_id, sb->s_type->name);
314                         else
315                                 printk(KERN_WARNING "SELinux: (dev %s, type "
316                                        "%s) getxattr errno %d\n", sb->s_id,
317                                        sb->s_type->name, -rc);
318                         goto out;
319                 }
320         }
321 
322         if (strcmp(sb->s_type->name, "proc") == 0)
323                 sbsec->proc = 1;
324 
325         sbsec->initialized = 1;
326 
327         if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) {
328                 printk(KERN_INFO "SELinux: initialized (dev %s, type %s), unknown behavior\n",
329                        sb->s_id, sb->s_type->name);
330         }
331         else {
332                 printk(KERN_INFO "SELinux: initialized (dev %s, type %s), %s\n",
333                        sb->s_id, sb->s_type->name,
334                        labeling_behaviors[sbsec->behavior-1]);
335         }
336 
337         /* Initialize the root inode. */
338         rc = inode_doinit_with_dentry(sb->s_root->d_inode, sb->s_root);
339 
340         /* Initialize any other inodes associated with the superblock, e.g.
341            inodes created prior to initial policy load or inodes created
342            during get_sb by a pseudo filesystem that directly
343            populates itself. */
344         spin_lock(&sbsec->isec_lock);
345 next_inode:
346         if (!list_empty(&sbsec->isec_head)) {
347                 struct inode_security_struct *isec =
348                                 list_entry(sbsec->isec_head.next,
349                                            struct inode_security_struct, list);
350                 struct inode *inode = isec->inode;
351                 spin_unlock(&sbsec->isec_lock);
352                 inode = igrab(inode);
353                 if (inode) {
354                         inode_doinit(inode);
355                         iput(inode);
356                 }
357                 spin_lock(&sbsec->isec_lock);
358                 list_del_init(&isec->list);
359                 goto next_inode;
360         }
361         spin_unlock(&sbsec->isec_lock);
362 out:
363         up(&sbsec->sem);
364         return rc;
365 }
366 
367 static inline u16 inode_mode_to_security_class(umode_t mode)
368 {
369         switch (mode & S_IFMT) {
370         case S_IFSOCK:
371                 return SECCLASS_SOCK_FILE;
372         case S_IFLNK:
373                 return SECCLASS_LNK_FILE;
374         case S_IFREG:
375                 return SECCLASS_FILE;
376         case S_IFBLK:
377                 return SECCLASS_BLK_FILE;
378         case S_IFDIR:
379                 return SECCLASS_DIR;
380         case S_IFCHR:
381                 return SECCLASS_CHR_FILE;
382         case S_IFIFO:
383                 return SECCLASS_FIFO_FILE;
384 
385         }
386 
387         return SECCLASS_FILE;
388 }
389 
390 static inline u16 socket_type_to_security_class(int family, int type)
391 {
392         switch (family) {
393         case PF_UNIX:
394                 switch (type) {
395                 case SOCK_STREAM:
396                         return SECCLASS_UNIX_STREAM_SOCKET;
397                 case SOCK_DGRAM:
398                         return SECCLASS_UNIX_DGRAM_SOCKET;
399                 }
400         case PF_INET:
401         case PF_INET6:
402                 switch (type) {
403                 case SOCK_STREAM:
404                         return SECCLASS_TCP_SOCKET;
405                 case SOCK_DGRAM:
406                         return SECCLASS_UDP_SOCKET;
407                 case SOCK_RAW:
408                         return SECCLASS_RAWIP_SOCKET;
409                 }
410         case PF_NETLINK:
411                 return SECCLASS_NETLINK_SOCKET;
412         case PF_PACKET:
413                 return SECCLASS_PACKET_SOCKET;
414         case PF_KEY:
415                 return SECCLASS_KEY_SOCKET;
416         }
417 
418         return SECCLASS_SOCKET;
419 }
420 
421 #ifdef CONFIG_PROC_FS
422 static int selinux_proc_get_sid(struct proc_dir_entry *de,
423                                 u16 tclass,
424                                 u32 *sid)
425 {
426         int buflen, rc;
427         char *buffer, *path, *end;
428 
429         buffer = (char*)__get_free_page(GFP_KERNEL);
430         if (!buffer)
431                 return -ENOMEM;
432 
433         buflen = PAGE_SIZE;
434         end = buffer+buflen;
435         *--end = '\0';
436         buflen--;
437         path = end-1;
438         *path = '/';
439         while (de && de != de->parent) {
440                 buflen -= de->namelen + 1;
441                 if (buflen < 0)
442                         break;
443                 end -= de->namelen;
444                 memcpy(end, de->name, de->namelen);
445                 *--end = '/';
446                 path = end;
447                 de = de->parent;
448         }
449         rc = security_genfs_sid("proc", path, tclass, sid);
450         free_page((unsigned long)buffer);
451         return rc;
452 }
453 #else
454 static int selinux_proc_get_sid(struct proc_dir_entry *de,
455                                 u16 tclass,
456                                 u32 *sid)
457 {
458         return -EINVAL;
459 }
460 #endif
461 
462 /* The inode's security attributes must be initialized before first use. */
463 static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
464 {
465         struct superblock_security_struct *sbsec = NULL;
466         struct inode_security_struct *isec = inode->i_security;
467         u32 sid;
468         struct dentry *dentry;
469 #define INITCONTEXTLEN 255
470         char *context = NULL;
471         unsigned len = 0;
472         int rc = 0;
473         int hold_sem = 0;
474 
475         if (isec->initialized)
476                 goto out;
477 
478         down(&isec->sem);
479         hold_sem = 1;
480         if (isec->initialized)
481                 goto out;
482 
483         sbsec = inode->i_sb->s_security;
484         if (!sbsec->initialized) {
485                 /* Defer initialization until selinux_complete_init,
486                    after the initial policy is loaded and the security
487                    server is ready to handle calls. */
488                 spin_lock(&sbsec->isec_lock);
489                 if (list_empty(&isec->list))
490                         list_add(&isec->list, &sbsec->isec_head);
491                 spin_unlock(&sbsec->isec_lock);
492                 goto out;
493         }
494 
495         switch (sbsec->behavior) {
496         case SECURITY_FS_USE_XATTR:
497                 if (!inode->i_op->getxattr) {
498                         isec->sid = SECINITSID_FILE;
499                         break;
500                 }
501 
502                 /* Need a dentry, since the xattr API requires one.
503                    Life would be simpler if we could just pass the inode. */
504                 if (opt_dentry) {
505                         /* Called from d_instantiate or d_splice_alias. */
506                         dentry = dget(opt_dentry);
507                 } else {
508                         /* Called from selinux_complete_init, try to find a dentry. */
509                         dentry = d_find_alias(inode);
510                 }
511                 if (!dentry) {
512                         printk(KERN_WARNING "%s:  no dentry for dev=%s "
513                                "ino=%ld\n", __FUNCTION__, inode->i_sb->s_id,
514                                inode->i_ino);
515                         goto out;
516                 }
517 
518                 len = INITCONTEXTLEN;
519                 context = kmalloc(len, GFP_KERNEL);
520                 if (!context) {
521                         rc = -ENOMEM;
522                         dput(dentry);
523                         goto out;
524                 }
525                 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
526                                            context, len);
527                 if (rc == -ERANGE) {
528                         /* Need a larger buffer.  Query for the right size. */
529                         rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
530                                                    NULL, 0);
531                         if (rc < 0) {
532                                 dput(dentry);
533                                 goto out;
534                         }
535                         kfree(context);
536                         len = rc;
537                         context = kmalloc(len, GFP_KERNEL);
538                         if (!context) {
539                                 rc = -ENOMEM;
540                                 dput(dentry);
541                                 goto out;
542                         }
543                         rc = inode->i_op->getxattr(dentry,
544                                                    XATTR_NAME_SELINUX,
545                                                    context, len);
546                 }
547                 dput(dentry);
548                 if (rc < 0) {
549                         if (rc != -ENODATA) {
550                                 printk(KERN_WARNING "%s:  getxattr returned "
551                                        "%d for dev=%s ino=%ld\n", __FUNCTION__,
552                                        -rc, inode->i_sb->s_id, inode->i_ino);
553                                 kfree(context);
554                                 goto out;
555                         }
556                         /* Map ENODATA to the default file SID */
557                         sid = SECINITSID_FILE;
558                         rc = 0;
559                 } else {
560                         rc = security_context_to_sid(context, rc, &sid);
561                         if (rc) {
562                                 printk(KERN_WARNING "%s:  context_to_sid(%s) "
563                                        "returned %d for dev=%s ino=%ld\n",
564                                        __FUNCTION__, context, -rc,
565                                        inode->i_sb->s_id, inode->i_ino);
566                                 kfree(context);
567                                 goto out;
568                         }
569                 }
570                 kfree(context);
571                 isec->sid = sid;
572                 break;
573         case SECURITY_FS_USE_TASK:
574                 isec->sid = isec->task_sid;
575                 break;
576         case SECURITY_FS_USE_TRANS:
577                 /* Default to the fs SID. */
578                 isec->sid = sbsec->sid;
579 
580                 /* Try to obtain a transition SID. */
581                 isec->sclass = inode_mode_to_security_class(inode->i_mode);
582                 rc = security_transition_sid(isec->task_sid,
583                                              sbsec->sid,
584                                              isec->sclass,
585                                              &sid);
586                 if (rc)
587                         goto out;
588                 isec->sid = sid;
589                 break;
590         default:
591                 /* Default to the fs SID. */
592                 isec->sid = sbsec->sid;
593 
594                 if (sbsec->proc) {
595                         struct proc_inode *proci = PROC_I(inode);
596                         if (proci->pde) {
597                                 isec->sclass = inode_mode_to_security_class(inode->i_mode);
598                                 rc = selinux_proc_get_sid(proci->pde,
599                                                           isec->sclass,
600                                                           &sid);
601                                 if (rc)
602                                         goto out;
603                                 isec->sid = sid;
604                         }
605                 }
606                 break;
607         }
608 
609         isec->initialized = 1;
610 
611 out:
612         if (inode->i_sock) {
613                 struct socket *sock = SOCKET_I(inode);
614                 if (sock->sk) {
615                         isec->sclass = socket_type_to_security_class(sock->sk->sk_family,
616                                                                      sock->sk->sk_type);
617                 } else {
618                         isec->sclass = SECCLASS_SOCKET;
619                 }
620         } else {
621                 isec->sclass = inode_mode_to_security_class(inode->i_mode);
622         }
623 
624         if (hold_sem)
625                 up(&isec->sem);
626         return rc;
627 }
628 
629 /* Convert a Linux signal to an access vector. */
630 static inline u32 signal_to_av(int sig)
631 {
632         u32 perm = 0;
633 
634         switch (sig) {
635         case SIGCHLD:
636                 /* Commonly granted from child to parent. */
637                 perm = PROCESS__SIGCHLD;
638                 break;
639         case SIGKILL:
640                 /* Cannot be caught or ignored */
641                 perm = PROCESS__SIGKILL;
642                 break;
643         case SIGSTOP:
644                 /* Cannot be caught or ignored */
645                 perm = PROCESS__SIGSTOP;
646                 break;
647         default:
648                 /* All other signals. */
649                 perm = PROCESS__SIGNAL;
650                 break;
651         }
652 
653         return perm;
654 }
655 
656 /* Check permission betweeen a pair of tasks, e.g. signal checks,
657    fork check, ptrace check, etc. */
658 int task_has_perm(struct task_struct *tsk1,
659                   struct task_struct *tsk2,
660                   u32 perms)
661 {
662         struct task_security_struct *tsec1, *tsec2;
663 
664         tsec1 = tsk1->security;
665         tsec2 = tsk2->security;
666         return avc_has_perm(tsec1->sid, tsec2->sid,
667                             SECCLASS_PROCESS, perms, &tsec2->avcr, NULL);
668 }
669 
670 /* Check whether a task is allowed to use a capability. */
671 int task_has_capability(struct task_struct *tsk,
672                         int cap)
673 {
674         struct task_security_struct *tsec;
675         struct avc_audit_data ad;
676 
677         tsec = tsk->security;
678 
679         AVC_AUDIT_DATA_INIT(&ad,CAP);
680         ad.tsk = tsk;
681         ad.u.cap = cap;
682 
683         return avc_has_perm(tsec->sid, tsec->sid,
684                             SECCLASS_CAPABILITY, CAP_TO_MASK(cap), NULL, &ad);
685 }
686 
687 /* Check whether a task is allowed to use a system operation. */
688 int task_has_system(struct task_struct *tsk,
689                     u32 perms)
690 {
691         struct task_security_struct *tsec;
692 
693         tsec = tsk->security;
694 
695         return avc_has_perm(tsec->sid, SECINITSID_KERNEL,
696                             SECCLASS_SYSTEM, perms, NULL, NULL);
697 }
698 
699 /* Check whether a task has a particular permission to an inode.
700    The 'aeref' parameter is optional and allows other AVC
701    entry references to be passed (e.g. the one in the struct file).
702    The 'adp' parameter is optional and allows other audit
703    data to be passed (e.g. the dentry). */
704 int inode_has_perm(struct task_struct *tsk,
705                    struct inode *inode,
706                    u32 perms,
707                    struct avc_entry_ref *aeref,
708                    struct avc_audit_data *adp)
709 {
710         struct task_security_struct *tsec;
711         struct inode_security_struct *isec;
712         struct avc_audit_data ad;
713 
714         tsec = tsk->security;
715         isec = inode->i_security;
716 
717         if (!adp) {
718                 adp = &ad;
719                 AVC_AUDIT_DATA_INIT(&ad, FS);
720                 ad.u.fs.inode = inode;
721         }
722 
723         return avc_has_perm(tsec->sid, isec->sid, isec->sclass,
724                             perms, aeref ? aeref : &isec->avcr, adp);
725 }
726 
727 /* Same as inode_has_perm, but pass explicit audit data containing
728    the dentry to help the auditing code to more easily generate the
729    pathname if needed. */
730 static inline int dentry_has_perm(struct task_struct *tsk,
731                                   struct vfsmount *mnt,
732                                   struct dentry *dentry,
733                                   u32 av)
734 {
735         struct inode *inode = dentry->d_inode;
736         struct avc_audit_data ad;
737         AVC_AUDIT_DATA_INIT(&ad,FS);
738         ad.u.fs.mnt = mnt;
739         ad.u.fs.dentry = dentry;
740         return inode_has_perm(tsk, inode, av, NULL, &ad);
741 }
742 
743 /* Check whether a task can use an open file descriptor to
744    access an inode in a given way.  Check access to the
745    descriptor itself, and then use dentry_has_perm to
746    check a particular permission to the file.
747    Access to the descriptor is implicitly granted if it
748    has the same SID as the process.  If av is zero, then
749    access to the file is not checked, e.g. for cases
750    where only the descriptor is affected like seek. */
751 static inline int file_has_perm(struct task_struct *tsk,
752                                 struct file *file,
753                                 u32 av)
754 {
755         struct task_security_struct *tsec = tsk->security;
756         struct file_security_struct *fsec = file->f_security;
757         struct vfsmount *mnt = file->f_vfsmnt;
758         struct dentry *dentry = file->f_dentry;
759         struct inode *inode = dentry->d_inode;
760         struct avc_audit_data ad;
761         int rc;
762 
763         AVC_AUDIT_DATA_INIT(&ad, FS);
764         ad.u.fs.mnt = mnt;
765         ad.u.fs.dentry = dentry;
766 
767         if (tsec->sid != fsec->sid) {
768                 rc = avc_has_perm(tsec->sid, fsec->sid,
769                                   SECCLASS_FD,
770                                   FD__USE,
771                                   &fsec->avcr, &ad);
772                 if (rc)
773                         return rc;
774         }
775 
776         /* av is zero if only checking access to the descriptor. */
777         if (av)
778                 return inode_has_perm(tsk, inode, av, &fsec->inode_avcr, &ad);
779 
780         return 0;
781 }
782 
783 /* Check whether a task can create a file. */
784 static int may_create(struct inode *dir,
785                       struct dentry *dentry,
786                       u16 tclass)
787 {
788         struct task_security_struct *tsec;
789         struct inode_security_struct *dsec;
790         struct superblock_security_struct *sbsec;
791         u32 newsid;
792         struct avc_audit_data ad;
793         int rc;
794 
795         tsec = current->security;
796         dsec = dir->i_security;
797 
798         AVC_AUDIT_DATA_INIT(&ad, FS);
799         ad.u.fs.dentry = dentry;
800 
801         rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR,
802                           DIR__ADD_NAME | DIR__SEARCH,
803                           &dsec->avcr, &ad);
804         if (rc)
805                 return rc;
806 
807         if (tsec->create_sid) {
808                 newsid = tsec->create_sid;
809         } else {
810                 rc = security_transition_sid(tsec->sid, dsec->sid, tclass,
811                                              &newsid);
812                 if (rc)
813                         return rc;
814         }
815 
816         rc = avc_has_perm(tsec->sid, newsid, tclass, FILE__CREATE, NULL, &ad);
817         if (rc)
818                 return rc;
819 
820         sbsec = dir->i_sb->s_security;
821 
822         return avc_has_perm(newsid, sbsec->sid,
823                             SECCLASS_FILESYSTEM,
824                             FILESYSTEM__ASSOCIATE, NULL, &ad);
825 }
826 
827 #define MAY_LINK   0
828 #define MAY_UNLINK 1
829 #define MAY_RMDIR  2
830 
831 /* Check whether a task can link, unlink, or rmdir a file/directory. */
832 static int may_link(struct inode *dir,
833                     struct dentry *dentry,
834                     int kind)
835 
836 {
837         struct task_security_struct *tsec;
838         struct inode_security_struct *dsec, *isec;
839         struct avc_audit_data ad;
840         u32 av;
841         int rc;
842 
843         tsec = current->security;
844         dsec = dir->i_security;
845         isec = dentry->d_inode->i_security;
846 
847         AVC_AUDIT_DATA_INIT(&ad, FS);
848         ad.u.fs.dentry = dentry;
849 
850         av = DIR__SEARCH;
851         av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
852         rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR,
853                           av, &dsec->avcr, &ad);
854         if (rc)
855                 return rc;
856 
857         switch (kind) {
858         case MAY_LINK:
859                 av = FILE__LINK;
860                 break;
861         case MAY_UNLINK:
862                 av = FILE__UNLINK;
863                 break;
864         case MAY_RMDIR:
865                 av = DIR__RMDIR;
866                 break;
867         default:
868                 printk(KERN_WARNING "may_link:  unrecognized kind %d\n", kind);
869                 return 0;
870         }
871 
872         rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
873                           av, &isec->avcr, &ad);
874         return rc;
875 }
876 
877 static inline int may_rename(struct inode *old_dir,
878                              struct dentry *old_dentry,
879                              struct inode *new_dir,
880                              struct dentry *new_dentry)
881 {
882         struct task_security_struct *tsec;
883         struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
884         struct avc_audit_data ad;
885         u32 av;
886         int old_is_dir, new_is_dir;
887         int rc;
888 
889         tsec = current->security;
890         old_dsec = old_dir->i_security;
891         old_isec = old_dentry->d_inode->i_security;
892         old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
893         new_dsec = new_dir->i_security;
894 
895         AVC_AUDIT_DATA_INIT(&ad, FS);
896 
897         ad.u.fs.dentry = old_dentry;
898         rc = avc_has_perm(tsec->sid, old_dsec->sid, SECCLASS_DIR,
899                           DIR__REMOVE_NAME | DIR__SEARCH,
900                           &old_dsec->avcr, &ad);
901         if (rc)
902                 return rc;
903         rc = avc_has_perm(tsec->sid, old_isec->sid,
904                           old_isec->sclass,
905                           FILE__RENAME,
906                           &old_isec->avcr, &ad);
907         if (rc)
908                 return rc;
909         if (old_is_dir && new_dir != old_dir) {
910                 rc = avc_has_perm(tsec->sid, old_isec->sid,
911                                   old_isec->sclass,
912                                   DIR__REPARENT,
913                                   &old_isec->avcr, &ad);
914                 if (rc)
915                         return rc;
916         }
917 
918         ad.u.fs.dentry = new_dentry;
919         av = DIR__ADD_NAME | DIR__SEARCH;
920         if (new_dentry->d_inode)
921                 av |= DIR__REMOVE_NAME;
922         rc = avc_has_perm(tsec->sid, new_dsec->sid, SECCLASS_DIR,
923                           av,&new_dsec->avcr, &ad);
924         if (rc)
925                 return rc;
926         if (new_dentry->d_inode) {
927                 new_isec = new_dentry->d_inode->i_security;
928                 new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
929                 rc = avc_has_perm(tsec->sid, new_isec->sid,
930                                   new_isec->sclass,
931                                   (new_is_dir ? DIR__RMDIR : FILE__UNLINK),
932                                   &new_isec->avcr, &ad);
933                 if (rc)
934                         return rc;
935         }
936 
937         return 0;
938 }
939 
940 /* Check whether a task can perform a filesystem operation. */
941 int superblock_has_perm(struct task_struct *tsk,
942                         struct super_block *sb,
943                         u32 perms,
944                         struct avc_audit_data *ad)
945 {
946         struct task_security_struct *tsec;
947         struct superblock_security_struct *sbsec;
948 
949         tsec = tsk->security;
950         sbsec = sb->s_security;
951         return avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
952                             perms, NULL, ad);
953 }
954 
955 /* Convert a Linux mode and permission mask to an access vector. */
956 static inline u32 file_mask_to_av(int mode, int mask)
957 {
958         u32 av = 0;
959 
960         if ((mode & S_IFMT) != S_IFDIR) {
961                 if (mask & MAY_EXEC)
962                         av |= FILE__EXECUTE;
963                 if (mask & MAY_READ)
964                         av |= FILE__READ;
965 
966                 if (mask & MAY_APPEND)
967                         av |= FILE__APPEND;
968                 else if (mask & MAY_WRITE)
969                         av |= FILE__WRITE;
970 
971         } else {
972                 if (mask & MAY_EXEC)
973                         av |= DIR__SEARCH;
974                 if (mask & MAY_WRITE)
975                         av |= DIR__WRITE;
976                 if (mask & MAY_READ)
977                         av |= DIR__READ;
978         }
979 
980         return av;
981 }
982 
983 /* Convert a Linux file to an access vector. */
984 static inline u32 file_to_av(struct file *file)
985 {
986         u32 av = 0;
987 
988         if (file->f_mode & FMODE_READ)
989                 av |= FILE__READ;
990         if (file->f_mode & FMODE_WRITE) {
991                 if (file->f_flags & O_APPEND)
992                         av |= FILE__APPEND;
993                 else
994                         av |= FILE__WRITE;
995         }
996 
997         return av;
998 }
999 
1000 /* Set an inode's SID to a specified value. */
1001 int inode_security_set_sid(struct inode *inode, u32 sid)
1002 {
1003         struct inode_security_struct *isec = inode->i_security;
1004 
1005         down(&isec->sem);
1006         isec->sclass = inode_mode_to_security_class(inode->i_mode);
1007         isec->sid = sid;
1008         isec->initialized = 1;
1009         up(&isec->sem);
1010         return 0;
1011 }
1012 
1013 /* Set the security attributes on a newly created file. */
1014 static int post_create(struct inode *dir,
1015                        struct dentry *dentry)
1016 {
1017 
1018         struct task_security_struct *tsec;
1019         struct inode *inode;
1020         struct inode_security_struct *dsec;
1021         struct superblock_security_struct *sbsec;
1022         u32 newsid;
1023         char *context;
1024         unsigned int len;
1025         int rc;
1026 
1027         tsec = current->security;
1028         dsec = dir->i_security;
1029 
1030         inode = dentry->d_inode;
1031         if (!inode) {
1032                 /* Some file system types (e.g. NFS) may not instantiate
1033                    a dentry for all create operations (e.g. symlink),
1034                    so we have to check to see if the inode is non-NULL. */
1035                 printk(KERN_WARNING "post_create:  no inode, dir (dev=%s, "
1036                        "ino=%ld)\n", dir->i_sb->s_id, dir->i_ino);
1037                 return 0;
1038         }
1039 
1040         if (tsec->create_sid) {
1041                 newsid = tsec->create_sid;
1042         } else {
1043                 rc = security_transition_sid(tsec->sid, dsec->sid,
1044                                              inode_mode_to_security_class(inode->i_mode),
1045                                              &newsid);
1046                 if (rc) {
1047                         printk(KERN_WARNING "post_create:  "
1048                                "security_transition_sid failed, rc=%d (dev=%s "
1049                                "ino=%ld)\n",
1050                                -rc, inode->i_sb->s_id, inode->i_ino);
1051                         return rc;
1052                 }
1053         }
1054 
1055         rc = inode_security_set_sid(inode, newsid);
1056         if (rc) {
1057                 printk(KERN_WARNING "post_create:  inode_security_set_sid "
1058                        "failed, rc=%d (dev=%s ino=%ld)\n",
1059                        -rc, inode->i_sb->s_id, inode->i_ino);
1060                 return rc;
1061         }
1062 
1063         sbsec = dir->i_sb->s_security;
1064         if (!sbsec)
1065                 return 0;
1066 
1067         if (sbsec->behavior == SECURITY_FS_USE_XATTR &&
1068             inode->i_op->setxattr) {
1069                 /* Use extended attributes. */
1070                 rc = security_sid_to_context(newsid, &context, &len);
1071                 if (rc) {
1072                         printk(KERN_WARNING "post_create:  sid_to_context "
1073                                "failed, rc=%d (dev=%s ino=%ld)\n",
1074                                -rc, inode->i_sb->s_id, inode->i_ino);
1075                         return rc;
1076                 }
1077                 down(&inode->i_sem);
1078                 rc = inode->i_op->setxattr(dentry,
1079                                            XATTR_NAME_SELINUX,
1080                                            context, len, 0);
1081                 up(&inode->i_sem);
1082                 kfree(context);
1083                 if (rc < 0) {
1084                         printk(KERN_WARNING "post_create:  setxattr failed, "
1085                                "rc=%d (dev=%s ino=%ld)\n",
1086                                -rc, inode->i_sb->s_id, inode->i_ino);
1087                         return rc;
1088                 }
1089         }
1090 
1091         return 0;
1092 }
1093 
1094 
1095 /* Hook functions begin here. */
1096 
1097 static int selinux_ptrace(struct task_struct *parent, struct task_struct *child)
1098 {
1099         int rc;
1100 
1101         rc = secondary_ops->ptrace(parent,child);
1102         if (rc)
1103                 return rc;
1104 
1105         return task_has_perm(parent, child, PROCESS__PTRACE);
1106 }
1107 
1108 static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
1109                           kernel_cap_t *inheritable, kernel_cap_t *permitted)
1110 {
1111         int error;
1112 
1113         error = task_has_perm(current, target, PROCESS__GETCAP);
1114         if (error)
1115                 return error;
1116 
1117         return secondary_ops->capget(target, effective, inheritable, permitted);
1118 }
1119 
1120 static int selinux_capset_check(struct task_struct *target, kernel_cap_t *effective,
1121                                 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1122 {
1123         int error;
1124 
1125         error = task_has_perm(current, target, PROCESS__SETCAP);
1126         if (error)
1127                 return error;
1128 
1129         return secondary_ops->capset_check(target, effective, inheritable, permitted);
1130 }
1131 
1132 static void selinux_capset_set(struct task_struct *target, kernel_cap_t *effective,
1133                                kernel_cap_t *inheritable, kernel_cap_t *permitted)
1134 {
1135         int error;
1136 
1137         error = task_has_perm(current, target, PROCESS__SETCAP);
1138         if (error)
1139                 return;
1140 
1141         return secondary_ops->capset_set(target, effective, inheritable, permitted);
1142 }
1143 
1144 static int selinux_capable(struct task_struct *tsk, int cap)
1145 {
1146         int rc;
1147 
1148         rc = secondary_ops->capable(tsk, cap);
1149         if (rc)
1150                 return rc;
1151 
1152         return task_has_capability(tsk,cap);
1153 }
1154 
1155 static int selinux_sysctl(ctl_table *table, int op)
1156 {
1157         int error = 0;
1158         u32 av;
1159         struct task_security_struct *tsec;
1160         u32 tsid;
1161         int rc;
1162 
1163         tsec = current->security;
1164 
1165         rc = selinux_proc_get_sid(table->de, (op == 001) ?
1166                                   SECCLASS_DIR : SECCLASS_FILE, &tsid);
1167         if (rc) {
1168                 /* Default to the well-defined sysctl SID. */
1169                 tsid = SECINITSID_SYSCTL;
1170         }
1171 
1172         /* The op values are "defined" in sysctl.c, thereby creating
1173          * a bad coupling between this module and sysctl.c */
1174         if(op == 001) {
1175                 error = avc_has_perm(tsec->sid, tsid,
1176                                      SECCLASS_DIR, DIR__SEARCH, NULL, NULL);
1177         } else {
1178                 av = 0;
1179                 if (op & 004)
1180                         av |= FILE__READ;
1181                 if (op & 002)
1182                         av |= FILE__WRITE;
1183                 if (av)
1184                         error = avc_has_perm(tsec->sid, tsid,
1185                                              SECCLASS_FILE, av, NULL, NULL);
1186         }
1187 
1188         return error;
1189 }
1190 
1191 static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
1192 {
1193         int rc = 0;
1194 
1195         if (!sb)
1196                 return 0;
1197 
1198         switch (cmds) {
1199                 case Q_SYNC:
1200                 case Q_QUOTAON:
1201                 case Q_QUOTAOFF:
1202                 case Q_SETINFO:
1203                 case Q_SETQUOTA:
1204                         rc = superblock_has_perm(current,
1205                                                  sb,
1206                                                  FILESYSTEM__QUOTAMOD, NULL);
1207                         break;
1208                 case Q_GETFMT:
1209                 case Q_GETINFO:
1210                 case Q_GETQUOTA:
1211                         rc = superblock_has_perm(current,
1212                                                  sb,
1213                                                  FILESYSTEM__QUOTAGET, NULL);
1214                         break;
1215                 default:
1216                         rc = 0;  /* let the kernel handle invalid cmds */
1217                         break;
1218         }
1219         return rc;
1220 }
1221 
1222 static int selinux_quota_on(struct file *f)
1223 {
1224         return file_has_perm(current, f, FILE__QUOTAON);;
1225 }
1226 
1227 static int selinux_syslog(int type)
1228 {
1229         int rc;
1230 
1231         rc = secondary_ops->syslog(type);
1232         if (rc)
1233                 return rc;
1234 
1235         switch (type) {
1236                 case 3:         /* Read last kernel messages */
1237                         rc = task_has_system(current, SYSTEM__SYSLOG_READ);
1238                         break;
1239                 case 6:         /* Disable logging to console */
1240                 case 7:         /* Enable logging to console */
1241                 case 8:         /* Set level of messages printed to console */
1242                         rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
1243                         break;
1244                 case 0:         /* Close log */
1245                 case 1:         /* Open log */
1246                 case 2:         /* Read from log */
1247                 case 4:         /* Read/clear last kernel messages */
1248                 case 5:         /* Clear ring buffer */
1249                 default:
1250                         rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
1251                         break;
1252         }
1253         return rc;
1254 }
1255 
1256 /*
1257  * Check that a process has enough memory to allocate a new virtual
1258  * mapping. 0 means there is enough memory for the allocation to
1259  * succeed and -ENOMEM implies there is not.
1260  *
1261  * We currently support three overcommit policies, which are set via the
1262  * vm.overcommit_memory sysctl.  See Documentation/vm/overcommit-acounting
1263  *
1264  * Strict overcommit modes added 2002 Feb 26 by Alan Cox.
1265  * Additional code 2002 Jul 20 by Robert Love.
1266  */
1267 static int selinux_vm_enough_memory(long pages)
1268 {
1269         unsigned long free, allowed;
1270         int rc;
1271         struct task_security_struct *tsec = current->security;
1272 
1273         vm_acct_memory(pages);
1274 
1275         /*
1276          * Sometimes we want to use more memory than we have
1277          */
1278         if (sysctl_overcommit_memory == 1)
1279                 return 0;
1280 
1281         if (sysctl_overcommit_memory == 0) {
1282                 free = get_page_cache_size();
1283                 free += nr_free_pages();
1284                 free += nr_swap_pages;
1285 
1286                 /*
1287                  * Any slabs which are created with the
1288                  * SLAB_RECLAIM_ACCOUNT flag claim to have contents
1289                  * which are reclaimable, under pressure.  The dentry
1290                  * cache and most inode caches should fall into this
1291                  */
1292                 free += atomic_read(&slab_reclaim_pages);
1293 
1294                 /*
1295                  * Leave the last 3% for privileged processes.
1296                  * Don't audit the check, as it is applied to all processes
1297                  * that allocate mappings.
1298                  */
1299                 rc = secondary_ops->capable(current, CAP_SYS_ADMIN);
1300                 if (!rc) {
1301                         rc = avc_has_perm_noaudit(tsec->sid, tsec->sid,
1302                                                   SECCLASS_CAPABILITY,
1303                                                   CAP_TO_MASK(CAP_SYS_ADMIN),
1304                                                   NULL, NULL);
1305                 }
1306                 if (rc)
1307                         free -= free / 32;
1308 
1309                 if (free > pages)
1310                         return 0;
1311                 vm_unacct_memory(pages);
1312                 return -ENOMEM;
1313         }
1314 
1315         allowed = totalram_pages * sysctl_overcommit_ratio / 100;
1316         allowed += total_swap_pages;
1317 
1318         if (atomic_read(&vm_committed_space) < allowed)
1319                 return 0;
1320 
1321         vm_unacct_memory(pages);
1322 
1323         return -ENOMEM;
1324 }
1325 
1326 static int selinux_netlink_send(struct sk_buff *skb)
1327 {
1328         if (capable(CAP_NET_ADMIN))
1329                 cap_raise (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN);
1330         else
1331                 NETLINK_CB(skb).eff_cap = 0;
1332         return 0;
1333 }
1334 
1335 static int selinux_netlink_recv(struct sk_buff *skb)
1336 {
1337         if (!cap_raised(NETLINK_CB(skb).eff_cap, CAP_NET_ADMIN))
1338                 return -EPERM;
1339         return 0;
1340 }
1341 
1342 /* binprm security operations */
1343 
1344 static int selinux_bprm_alloc_security(struct linux_binprm *bprm)
1345 {
1346         struct bprm_security_struct *bsec;
1347 
1348         bsec = kmalloc(sizeof(struct bprm_security_struct), GFP_KERNEL);
1349         if (!bsec)
1350                 return -ENOMEM;
1351 
1352         memset(bsec, 0, sizeof *bsec);
1353         bsec->magic = SELINUX_MAGIC;
1354         bsec->bprm = bprm;
1355         bsec->sid = SECINITSID_UNLABELED;
1356         bsec->set = 0;
1357 
1358         bprm->security = bsec;
1359         return 0;
1360 }
1361 
1362 static int selinux_bprm_set_security(struct linux_binprm *bprm)
1363 {
1364         struct task_security_struct *tsec;
1365         struct inode *inode = bprm->file->f_dentry->d_inode;
1366         struct inode_security_struct *isec;
1367         struct bprm_security_struct *bsec;
1368         u32 newsid;
1369         struct avc_audit_data ad;
1370         int rc;
1371 
1372         rc = secondary_ops->bprm_set_security(bprm);
1373         if (rc)
1374                 return rc;
1375 
1376         bsec = bprm->security;
1377 
1378         if (bsec->set)
1379                 return 0;
1380 
1381         tsec = current->security;
1382         isec = inode->i_security;
1383 
1384         /* Default to the current task SID. */
1385         bsec->sid = tsec->sid;
1386 
1387         /* Reset create SID on execve. */
1388         tsec->create_sid = 0;
1389 
1390         if (tsec->exec_sid) {
1391                 newsid = tsec->exec_sid;
1392                 /* Reset exec SID on execve. */
1393                 tsec->exec_sid = 0;
1394         } else {
1395                 /* Check for a default transition on this program. */
1396                 rc = security_transition_sid(tsec->sid, isec->sid,
1397                                              SECCLASS_PROCESS, &newsid);
1398                 if (rc)
1399                         return rc;
1400         }
1401 
1402         AVC_AUDIT_DATA_INIT(&ad, FS);
1403         ad.u.fs.mnt = bprm->file->f_vfsmnt;
1404         ad.u.fs.dentry = bprm->file->f_dentry;
1405 
1406         if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID)
1407                 newsid = tsec->sid;
1408 
1409         if (tsec->sid == newsid) {
1410                 rc = avc_has_perm(tsec->sid, isec->sid,
1411                                   SECCLASS_FILE, FILE__EXECUTE_NO_TRANS,
1412                                   &isec->avcr, &ad);
1413                 if (rc)
1414                         return rc;
1415         } else {
1416                 /* Check permissions for the transition. */
1417                 rc = avc_has_perm(tsec->sid, newsid,
1418                                   SECCLASS_PROCESS, PROCESS__TRANSITION,
1419                                   NULL,
1420                                   &ad);
1421                 if (rc)
1422                         return rc;
1423 
1424                 rc = avc_has_perm(newsid, isec->sid,
1425                                   SECCLASS_FILE, FILE__ENTRYPOINT,
1426                                   &isec->avcr, &ad);
1427                 if (rc)
1428                         return rc;
1429 
1430                 /* Set the security field to the new SID. */
1431                 bsec->sid = newsid;
1432         }
1433 
1434         bsec->set = 1;
1435         return 0;
1436 }
1437 
1438 static int selinux_bprm_check_security (struct linux_binprm *bprm)
1439 {
1440         return 0;
1441 }
1442 
1443 
1444 static int selinux_bprm_secureexec (struct linux_binprm *bprm)
1445 {
1446         struct task_security_struct *tsec = current->security;
1447         int atsecure = 0;
1448 
1449         if (tsec->osid != tsec->sid) {
1450                 /* Enable secure mode for SIDs transitions unless
1451                    the noatsecure permission is granted between
1452                    the two SIDs, i.e. ahp returns 0. */
1453                 atsecure = avc_has_perm(tsec->osid, tsec->sid,
1454                                          SECCLASS_PROCESS,
1455                                          PROCESS__NOATSECURE, NULL, NULL);
1456         }
1457 
1458         /* Note that we must include the legacy uid/gid test below
1459            to retain it, as the new userland will simply use the
1460            value passed by AT_SECURE to decide whether to enable
1461            secure mode. */
1462         return ( atsecure || current->euid != current->uid ||
1463                 current->egid != current->gid);
1464 }
1465 
1466 static void selinux_bprm_free_security(struct linux_binprm *bprm)
1467 {
1468         struct bprm_security_struct *bsec = bprm->security;
1469         bprm->security = NULL;
1470         kfree(bsec);
1471 }
1472 
1473 /* Derived from fs/exec.c:flush_old_files. */
1474 static inline void flush_unauthorized_files(struct files_struct * files)
1475 {
1476         struct avc_audit_data ad;
1477         struct file *file;
1478         long j = -1;
1479 
1480         AVC_AUDIT_DATA_INIT(&ad,FS);
1481 
1482         spin_lock(&files->file_lock);
1483         for (;;) {
1484                 unsigned long set, i;
1485 
1486                 j++;
1487                 i = j * __NFDBITS;
1488                 if (i >= files->max_fds || i >= files->max_fdset)
1489                         break;
1490                 set = files->open_fds->fds_bits[j];
1491                 if (!set)
1492                         continue;
1493                 spin_unlock(&files->file_lock);
1494                 for ( ; set ; i++,set >>= 1) {
1495                         if (set & 1) {
1496                                 file = fget(i);
1497                                 if (!file)
1498                                         continue;
1499                                 if (file_has_perm(current,
1500                                                   file,
1501                                                   file_to_av(file)))
1502                                         sys_close(i);
1503                                 fput(file);
1504                         }
1505                 }
1506                 spin_lock(&files->file_lock);
1507 
1508         }
1509         spin_unlock(&files->file_lock);
1510 }
1511 
1512 static void selinux_bprm_compute_creds(struct linux_binprm *bprm)
1513 {
1514         struct task_security_struct *tsec, *psec;
1515         struct bprm_security_struct *bsec;
1516         u32 sid;
1517         struct av_decision avd;
1518         int rc;
1519 
1520         secondary_ops->bprm_compute_creds(bprm);
1521 
1522         tsec = current->security;
1523 
1524         bsec = bprm->security;
1525         sid = bsec->sid;
1526 
1527         tsec->osid = tsec->sid;
1528         if (tsec->sid != sid) {
1529                 /* Check for shared state.  If not ok, leave SID
1530                    unchanged and kill. */
1531                 if ((atomic_read(&current->fs->count) > 1 ||
1532                      atomic_read(&current->files->count) > 1 ||
1533                      atomic_read(&current->sighand->count) > 1)) {
1534                         rc = avc_has_perm(tsec->sid, sid,
1535                                           SECCLASS_PROCESS, PROCESS__SHARE,
1536                                           NULL, NULL);
1537                         if (rc) {
1538                                 force_sig_specific(SIGKILL, current);
1539                                 return;
1540                         }
1541                 }
1542 
1543                 /* Check for ptracing, and update the task SID if ok.
1544                    Otherwise, leave SID unchanged and kill. */
1545                 task_lock(current);
1546                 if (current->ptrace & PT_PTRACED) {
1547                         psec = current->parent->security;
1548                         rc = avc_has_perm_noaudit(psec->sid, sid,
1549                                           SECCLASS_PROCESS, PROCESS__PTRACE,
1550                                           NULL, &avd);
1551                         if (!rc)
1552                                 tsec->sid = sid;
1553                         task_unlock(current);
1554                         avc_audit(psec->sid, sid, SECCLASS_PROCESS,
1555                                   PROCESS__PTRACE, &avd, rc, NULL);
1556                         if (rc) {
1557                                 force_sig_specific(SIGKILL, current);
1558                                 return;
1559                         }
1560                 } else {
1561                         tsec->sid = sid;
1562                         task_unlock(current);
1563                 }
1564 
1565                 /* Close files for which the new task SID is not authorized. */
1566                 flush_unauthorized_files(current->files);
1567 
1568                 /* Wake up the parent if it is waiting so that it can
1569                    recheck wait permission to the new task SID. */
1570                 wake_up_interruptible(&current->parent->wait_chldexit);
1571         }
1572 }
1573 
1574 /* superblock security operations */
1575 
1576 static int selinux_sb_alloc_security(struct super_block *sb)
1577 {
1578         return superblock_alloc_security(sb);
1579 }
1580 
1581 static void selinux_sb_free_security(struct super_block *sb)
1582 {
1583         superblock_free_security(sb);
1584 }
1585 
1586 static int selinux_sb_kern_mount(struct super_block *sb)
1587 {
1588         struct avc_audit_data ad;
1589         int rc;
1590 
1591         rc = superblock_doinit(sb);
1592         if (rc)
1593                 return rc;
1594 
1595         AVC_AUDIT_DATA_INIT(&ad,FS);
1596         ad.u.fs.dentry = sb->s_root;
1597         return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad);
1598 }
1599 
1600 static int selinux_sb_statfs(struct super_block *sb)
1601 {
1602         struct avc_audit_data ad;
1603 
1604         AVC_AUDIT_DATA_INIT(&ad,FS);
1605         ad.u.fs.dentry = sb->s_root;
1606         return superblock_has_perm(current, sb, FILESYSTEM__GETATTR, &ad);
1607 }
1608 
1609 static int selinux_mount(char * dev_name,
1610                          struct nameidata *nd,
1611                          char * type,
1612                          unsigned long flags,
1613                          void * data)
1614 {
1615         if (flags & MS_REMOUNT)
1616                 return superblock_has_perm(current, nd->mnt->mnt_sb,
1617                                            FILESYSTEM__REMOUNT, NULL);
1618         else
1619                 return dentry_has_perm(current, nd->mnt, nd->dentry,
1620                                        FILE__MOUNTON);
1621 }
1622 
1623 static int selinux_umount(struct vfsmount *mnt, int flags)
1624 {
1625         return superblock_has_perm(current,mnt->mnt_sb,
1626                                    FILESYSTEM__UNMOUNT,NULL);
1627 }
1628 
1629 /* inode security operations */
1630 
1631 static int selinux_inode_alloc_security(struct inode *inode)
1632 {
1633         return inode_alloc_security(inode);
1634 }
1635 
1636 static void selinux_inode_free_security(struct inode *inode)
1637 {
1638         inode_free_security(inode);
1639 }
1640 
1641 static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask)
1642 {
1643         return may_create(dir, dentry, SECCLASS_FILE);
1644 }
1645 
1646 static void selinux_inode_post_create(struct inode *dir, struct dentry *dentry, int mask)
1647 {
1648         post_create(dir, dentry);
1649 }
1650 
1651 static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
1652 {
1653         int rc;
1654 
1655         rc = secondary_ops->inode_link(old_dentry,dir,new_dentry);
1656         if (rc)
1657                 return rc;
1658         return may_link(dir, old_dentry, MAY_LINK);
1659 }
1660 
1661 static void selinux_inode_post_link(struct dentry *old_dentry, struct inode *inode, struct dentry *new_dentry)
1662 {
1663         return;
1664 }
1665 
1666 static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
1667 {
1668         return may_link(dir, dentry, MAY_UNLINK);
1669 }
1670 
1671 static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
1672 {
1673         return may_create(dir, dentry, SECCLASS_LNK_FILE);
1674 }
1675 
1676 static void selinux_inode_post_symlink(struct inode *dir, struct dentry *dentry, const char *name)
1677 {
1678         post_create(dir, dentry);
1679 }
1680 
1681 static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask)
1682 {
1683         return may_create(dir, dentry, SECCLASS_DIR);
1684 }
1685 
1686 static void selinux_inode_post_mkdir(struct inode *dir, struct dentry *dentry, int mask)
1687 {
1688         post_create(dir, dentry);
1689 }
1690 
1691 static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
1692 {
1693         return may_link(dir, dentry, MAY_RMDIR);
1694 }
1695 
1696 static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
1697 {
1698         return may_create(dir, dentry, inode_mode_to_security_class(mode));
1699 }
1700 
1701 static void selinux_inode_post_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
1702 {
1703         post_create(dir, dentry);
1704 }
1705 
1706 static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
1707                                 struct inode *new_inode, struct dentry *new_dentry)
1708 {
1709         return may_rename(old_inode, old_dentry, new_inode, new_dentry);
1710 }
1711 
1712 static void selinux_inode_post_rename(struct inode *old_inode, struct dentry *old_dentry,
1713                                       struct inode *new_inode, struct dentry *new_dentry)
1714 {
1715         return;
1716 }
1717 
1718 static int selinux_inode_readlink(struct dentry *dentry)
1719 {
1720         return dentry_has_perm(current, NULL, dentry, FILE__READ);
1721 }
1722 
1723 static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
1724 {
1725         int rc;
1726 
1727         rc = secondary_ops->inode_follow_link(dentry,nameidata);
1728         if (rc)
1729                 return rc;
1730         return dentry_has_perm(current, NULL, dentry, FILE__READ);
1731 }
1732 
1733 static int selinux_inode_permission(struct inode *inode, int mask,
1734                                     struct nameidata *nd)
1735 {
1736         if (!mask) {
1737                 /* No permission to check.  Existence test. */
1738                 return 0;
1739         }
1740 
1741         if (nd && nd->dentry)
1742                 return dentry_has_perm(current, nd->mnt, nd->dentry,
1743                                        file_mask_to_av(inode->i_mode, mask));
1744 
1745         return inode_has_perm(current, inode,
1746                                file_mask_to_av(inode->i_mode, mask), NULL, NULL);
1747 }
1748 
1749 static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1750 {
1751         if (iattr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
1752                                ATTR_ATIME_SET | ATTR_MTIME_SET))
1753                 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
1754 
1755         return dentry_has_perm(current, NULL, dentry, FILE__WRITE);
1756 }
1757 
1758 static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
1759 {
1760         return dentry_has_perm(current, mnt, dentry, FILE__GETATTR);
1761 }
1762 
1763 static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags)
1764 {
1765         struct task_security_struct *tsec = current->security;
1766         struct inode *inode = dentry->d_inode;
1767         struct inode_security_struct *isec = inode->i_security;
1768         struct superblock_security_struct *sbsec;
1769         struct avc_audit_data ad;
1770         u32 newsid;
1771         int rc = 0;
1772 
1773         if (strcmp(name, XATTR_NAME_SELINUX)) {
1774                 if (!strncmp(name, XATTR_SECURITY_PREFIX,
1775                              sizeof XATTR_SECURITY_PREFIX - 1) &&
1776                     !capable(CAP_SYS_ADMIN)) {
1777                         /* A different attribute in the security namespace.
1778                            Restrict to administrator. */
1779                         return -EPERM;
1780                 }
1781 
1782                 /* Not an attribute we recognize, so just check the
1783                    ordinary setattr permission. */
1784                 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
1785         }
1786 
1787         AVC_AUDIT_DATA_INIT(&ad,FS);
1788         ad.u.fs.dentry = dentry;
1789 
1790         rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
1791                           FILE__RELABELFROM,
1792                           &isec->avcr, &ad);
1793         if (rc)
1794                 return rc;
1795 
1796         rc = security_context_to_sid(value, size, &newsid);
1797         if (rc)
1798                 return rc;
1799 
1800         rc = avc_has_perm(tsec->sid, newsid, isec->sclass,
1801                           FILE__RELABELTO, NULL, &ad);
1802         if (rc)
1803                 return rc;
1804 
1805         sbsec = inode->i_sb->s_security;
1806         if (!sbsec)
1807                 return 0;
1808 
1809         return avc_has_perm(newsid,
1810                             sbsec->sid,
1811                             SECCLASS_FILESYSTEM,
1812                             FILESYSTEM__ASSOCIATE,
1813                             NULL,
1814                             &ad);
1815 }
1816 
1817 static void selinux_inode_post_setxattr(struct dentry *dentry, char *name,
1818                                         void *value, size_t size, int flags)
1819 {
1820         struct inode *inode = dentry->d_inode;
1821         struct inode_security_struct *isec = inode->i_security;
1822         u32 newsid;
1823         int rc;
1824 
1825         if (strcmp(name, XATTR_NAME_SELINUX)) {
1826                 /* Not an attribute we recognize, so nothing to do. */
1827                 return;
1828         }
1829 
1830         rc = security_context_to_sid(value, size, &newsid);
1831         if (rc) {
1832                 printk(KERN_WARNING "%s:  unable to obtain SID for context "
1833                        "%s, rc=%d\n", __FUNCTION__, (char*)value, -rc);
1834                 return;
1835         }
1836 
1837         isec->sid = newsid;
1838         return;
1839 }
1840 
1841 static int selinux_inode_getxattr (struct dentry *dentry, char *name)
1842 {
1843         return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
1844 }
1845 
1846 static int selinux_inode_listxattr (struct dentry *dentry)
1847 {
1848         return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
1849 }
1850 
1851 static int selinux_inode_removexattr (struct dentry *dentry, char *name)
1852 {
1853         if (strcmp(name, XATTR_NAME_SELINUX)) {
1854                 if (!strncmp(name, XATTR_SECURITY_PREFIX,
1855                              sizeof XATTR_SECURITY_PREFIX - 1) &&
1856                     !capable(CAP_SYS_ADMIN)) {
1857                         /* A different attribute in the security namespace.
1858                            Restrict to administrator. */
1859                         return -EPERM;
1860                 }
1861 
1862                 /* Not an attribute we recognize, so just check the
1863                    ordinary setattr permission. Might want a separate
1864                    permission for removexattr. */
1865                 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
1866         }
1867 
1868         /* No one is allowed to remove a SELinux security label.
1869            You can change the label, but all data must be labeled. */
1870         return -EACCES;
1871 }
1872 
1873 static int selinux_inode_getsecurity(struct dentry *dentry, const char *name, void *buffer, size_t size)
1874 {
1875         struct inode *inode = dentry->d_inode;
1876         struct inode_security_struct *isec = inode->i_security;
1877         char *context;
1878         unsigned len;
1879         int rc;
1880 
1881         /* Permission check handled by selinux_inode_getxattr hook.*/
1882 
1883         if (strcmp(name, XATTR_SELINUX_SUFFIX))
1884                 return -EOPNOTSUPP;
1885 
1886         rc = security_sid_to_context(isec->sid, &context, &len);
1887         if (rc)
1888                 return rc;
1889 
1890         if (!buffer || !size) {
1891                 kfree(context);
1892                 return len;
1893         }
1894         if (size < len) {
1895                 kfree(context);
1896                 return -ERANGE;
1897         }
1898         memcpy(buffer, context, len);
1899         kfree(context);
1900         return len;
1901 }
1902 
1903 static int selinux_inode_setsecurity(struct dentry *dentry, const char *name,
1904                                      const void *value, size_t size, int flags)
1905 {
1906         struct inode *inode = dentry->d_inode;
1907         struct inode_security_struct *isec = inode->i_security;
1908         u32 newsid;
1909         int rc;
1910 
1911         if (strcmp(name, XATTR_SELINUX_SUFFIX))
1912                 return -EOPNOTSUPP;
1913 
1914         if (!value || !size)
1915                 return -EACCES;
1916 
1917         rc = security_context_to_sid((void*)value, size, &newsid);
1918         if (rc)
1919                 return rc;
1920 
1921         isec->sid = newsid;
1922         return 0;
1923 }
1924 
1925 static int selinux_inode_listsecurity(struct dentry *dentry, char *buffer)
1926 {
1927         const int len = sizeof(XATTR_NAME_SELINUX);
1928         if (buffer)
1929                 memcpy(buffer, XATTR_NAME_SELINUX, len);
1930         return len;
1931 }
1932 
1933 /* file security operations */
1934 
1935 static int selinux_file_permission(struct file *file, int mask)
1936 {
1937         struct inode *inode = file->f_dentry->d_inode;
1938 
1939         if (!mask) {
1940                 /* No permission to check.  Existence test. */
1941                 return 0;
1942         }
1943 
1944         /* file_mask_to_av won't add FILE__WRITE if MAY_APPEND is set */
1945         if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
1946                 mask |= MAY_APPEND;
1947 
1948         return file_has_perm(current, file,
1949                              file_mask_to_av(inode->i_mode, mask));
1950 }
1951 
1952 static int selinux_file_alloc_security(struct file *file)
1953 {
1954         return file_alloc_security(file);
1955 }
1956 
1957 static void selinux_file_free_security(struct file *file)
1958 {
1959         file_free_security(file);
1960 }
1961 
1962 static int selinux_file_ioctl(struct file *file, unsigned int cmd,
1963                               unsigned long arg)
1964 {
1965         int error = 0;
1966 
1967         switch (cmd) {
1968                 case FIONREAD:
1969                 /* fall through */
1970                 case FIBMAP:
1971                 /* fall through */
1972                 case FIGETBSZ:
1973                 /* fall through */
1974                 case EXT2_IOC_GETFLAGS:
1975                 /* fall through */
1976                 case EXT2_IOC_GETVERSION:
1977                         error = file_has_perm(current, file, FILE__GETATTR);
1978                         break;
1979 
1980                 case EXT2_IOC_SETFLAGS:
1981                 /* fall through */
1982                 case EXT2_IOC_SETVERSION:
1983                         error = file_has_perm(current, file, FILE__SETATTR);
1984                         break;
1985 
1986                 /* sys_ioctl() checks */
1987                 case FIONBIO:
1988                 /* fall through */
1989                 case FIOASYNC:
1990                         error = file_has_perm(current, file, 0);
1991                         break;
1992 
1993                 case KDSKBENT:
1994                 case KDSKBSENT:
1995                         if (!capable(CAP_SYS_TTY_CONFIG))
1996                                 error = -EPERM;
1997                         break;
1998 
1999                 /* default case assumes that the command will go
2000                  * to the file's ioctl() function.
2001                  */
2002                 default:
2003                         error = file_has_perm(current, file, FILE__IOCTL);
2004 
2005         }
2006         return error;
2007 }
2008 
2009 static int selinux_file_mmap(struct file *file, unsigned long prot, unsigned long flags)
2010 {
2011         u32 av;
2012 
2013         if (file) {
2014                 /* read access is always possible with a mapping */
2015                 av = FILE__READ;
2016 
2017                 /* write access only matters if the mapping is shared */
2018                 if ((flags & MAP_TYPE) == MAP_SHARED && (prot & PROT_WRITE))
2019                         av |= FILE__WRITE;
2020 
2021                 if (prot & PROT_EXEC)
2022                         av |= FILE__EXECUTE;
2023 
2024                 return file_has_perm(current, file, av);
2025         }
2026         return 0;
2027 }
2028 
2029 static int selinux_file_mprotect(struct vm_area_struct *vma,
2030                                  unsigned long prot)
2031 {
2032         return selinux_file_mmap(vma->vm_file, prot, vma->vm_flags);
2033 }
2034 
2035 static int selinux_file_lock(struct file *file, unsigned int cmd)
2036 {
2037         return file_has_perm(current, file, FILE__LOCK);
2038 }
2039 
2040 static int selinux_file_fcntl(struct file *file, unsigned int cmd,
2041                               unsigned long arg)
2042 {
2043         int err = 0;
2044 
2045         switch (cmd) {
2046                 case F_SETFL:
2047                         if (!file->f_dentry || !file->f_dentry->d_inode) {
2048                                 err = -EINVAL;
2049                                 break;
2050                         }
2051 
2052                         if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
2053                                 err = file_has_perm(current, file,FILE__WRITE);
2054                                 break;
2055                         }
2056                         /* fall through */
2057                 case F_SETOWN:
2058                 case F_SETSIG:
2059                 case F_GETFL:
2060                 case F_GETOWN:
2061                 case F_GETSIG:
2062                         /* Just check FD__USE permission */
2063                         err = file_has_perm(current, file, 0);
2064                         break;
2065                 case F_GETLK:
2066                 case F_SETLK:
2067                 case F_SETLKW:
2068 #if BITS_PER_LONG == 32
2069                 case F_GETLK64:
2070                 case F_SETLK64:
2071                 case F_SETLKW64:
2072 #endif
2073                         if (!file->f_dentry || !file->f_dentry->d_inode) {
2074                                 err = -EINVAL;
2075                                 break;
2076                         }
2077                         err = file_has_perm(current, file, FILE__LOCK);
2078                         break;
2079         }
2080 
2081         return err;
2082 }
2083 
2084 static int selinux_file_set_fowner(struct file *file)
2085 {
2086         struct task_security_struct *tsec;
2087         struct file_security_struct *fsec;
2088 
2089         tsec = current->security;
2090         fsec = file->f_security;
2091         fsec->fown_sid = tsec->sid;
2092 
2093         return 0;
2094 }
2095 
2096 static int selinux_file_send_sigiotask(struct task_struct *tsk,
2097                                        struct fown_struct *fown,
2098                                        int fd, int reason)
2099 {
2100         struct file *file;
2101         u32 perm;
2102         struct task_security_struct *tsec;
2103         struct file_security_struct *fsec;
2104 
2105         /* struct fown_struct is never outside the context of a struct file */
2106         file = (struct file *)((long)fown - offsetof(struct file,f_owner));
2107 
2108         tsec = tsk->security;
2109         fsec = file->f_security;
2110 
2111         if (!fown->signum)
2112                 perm = signal_to_av(SIGIO); /* as per send_sigio_to_task */
2113         else
2114                 perm = signal_to_av(fown->signum);
2115 
2116         return avc_has_perm(fsec->fown_sid, tsec->sid,
2117                             SECCLASS_PROCESS, perm, NULL, NULL);
2118 }
2119 
2120 static int selinux_file_receive(struct file *file)
2121 {
2122         return file_has_perm(current, file, file_to_av(file));
2123 }
2124 
2125 /* task security operations */
2126 
2127 static int selinux_task_create(unsigned long clone_flags)
2128 {
2129         return task_has_perm(current, current, PROCESS__FORK);
2130 }
2131 
2132 static int selinux_task_alloc_security(struct task_struct *tsk)
2133 {
2134         struct task_security_struct *tsec1, *tsec2;
2135         int rc;
2136 
2137         tsec1 = current->security;
2138 
2139         rc = task_alloc_security(tsk);
2140         if (rc)
2141                 return rc;
2142         tsec2 = tsk->security;
2143 
2144         tsec2->osid = tsec1->osid;
2145         tsec2->sid = tsec1->sid;
2146 
2147         /* Retain the exec and create SIDs across fork */
2148         tsec2->exec_sid = tsec1->exec_sid;
2149         tsec2->create_sid = tsec1->create_sid;
2150 
2151         return 0;
2152 }
2153 
2154 static void selinux_task_free_security(struct task_struct *tsk)
2155 {
2156         task_free_security(tsk);
2157 }
2158 
2159 static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
2160 {
2161         /* Since setuid only affects the current process, and
2162            since the SELinux controls are not based on the Linux
2163            identity attributes, SELinux does not need to control
2164            this operation.  However, SELinux does control the use
2165            of the CAP_SETUID and CAP_SETGID capabilities using the
2166            capable hook. */
2167         return 0;
2168 }
2169 
2170 static int selinux_task_post_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
2171 {
2172         return secondary_ops->task_post_setuid(id0,id1,id2,flags);
2173 }
2174 
2175 static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags)
2176 {
2177         /* See the comment for setuid above. */
2178         return 0;
2179 }
2180 
2181 static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
2182 {
2183         return task_has_perm(current, p, PROCESS__SETPGID);
2184 }
2185 
2186 static int selinux_task_getpgid(struct task_struct *p)
2187 {
2188         return task_has_perm(current, p, PROCESS__GETPGID);
2189 }
2190 
2191 static int selinux_task_getsid(struct task_struct *p)
2192 {
2193         return task_has_perm(current, p, PROCESS__GETSESSION);
2194 }
2195 
2196 static int selinux_task_setgroups(int gidsetsize, gid_t *grouplist)
2197 {
2198         /* See the comment for setuid above. */
2199         return 0;
2200 }
2201 
2202 static int selinux_task_setnice(struct task_struct *p, int nice)
2203 {
2204         return task_has_perm(current,p, PROCESS__SETSCHED);
2205 }
2206 
2207 static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim)
2208 {
2209         /* SELinux does not currently provide a process
2210            resource limit policy based on security contexts.
2211            It does control the use of the CAP_SYS_RESOURCE capability
2212            using the capable hook. */
2213         return 0;
2214 }
2215 
2216 static int selinux_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp)
2217 {
2218         struct task_security_struct *tsec1, *tsec2;
2219 
2220         tsec1 = current->security;
2221         tsec2 = p->security;
2222 
2223         /* No auditing from the setscheduler hook, since the runqueue lock
2224            is held and the system will deadlock if we try to log an audit
2225            message. */
2226         return avc_has_perm_noaudit(tsec1->sid, tsec2->sid,
2227                                     SECCLASS_PROCESS, PROCESS__SETSCHED,
2228                                     &tsec2->avcr, NULL);
2229 }
2230 
2231 static int selinux_task_getscheduler(struct task_struct *p)
2232 {
2233         return task_has_perm(current, p, PROCESS__GETSCHED);
2234 }
2235 
2236 static int selinux_task_kill(struct task_struct *p, struct siginfo *info, int sig)
2237 {
2238         u32 perm;
2239 
2240         if (info && ((unsigned long)info == 1 ||
2241                      (unsigned long)info == 2 || SI_FROMKERNEL(info)))
2242                 return 0;
2243 
2244         if (!sig)
2245                 perm = PROCESS__SIGNULL; /* null signal; existence test */
2246         else
2247                 perm = signal_to_av(sig);
2248 
2249         return task_has_perm(current, p, perm);
2250 }
2251 
2252 static int selinux_task_prctl(int option,
2253                               unsigned long arg2,
2254                               unsigned long arg3,
2255                               unsigned long arg4,
2256                               unsigned long arg5)
2257 {
2258         /* The current prctl operations do not appear to require
2259            any SELinux controls since they merely observe or modify
2260            the state of the current process. */
2261         return 0;
2262 }
2263 
2264 static int selinux_task_wait(struct task_struct *p)
2265 {
2266         u32 perm;
2267 
2268         perm = signal_to_av(p->exit_signal);
2269 
2270         return task_has_perm(p, current, perm);
2271 }
2272 
2273 static void selinux_task_reparent_to_init(struct task_struct *p)
2274 {
2275         struct task_security_struct *tsec;
2276 
2277         secondary_ops->task_reparent_to_init(p);
2278 
2279         tsec = p->security;
2280         tsec->osid = tsec->sid;
2281         tsec->sid = SECINITSID_KERNEL;
2282         return;
2283 }
2284 
2285 static void selinux_task_to_inode(struct task_struct *p,
2286                                   struct inode *inode)
2287 {
2288         struct task_security_struct *tsec = p->security;
2289         struct inode_security_struct *isec = inode->i_security;
2290 
2291         isec->sid = tsec->sid;
2292         isec->initialized = 1;
2293         return;
2294 }
2295 
2296 #ifdef CONFIG_SECURITY_NETWORK
2297 
2298 /* socket security operations */
2299 static int socket_has_perm(struct task_struct *task, struct socket *sock,
2300                            u32 perms)
2301 {
2302         struct inode_security_struct *isec;
2303         struct task_security_struct *tsec;
2304         struct avc_audit_data ad;
2305         int err;
2306 
2307         tsec = task->security;
2308         isec = SOCK_INODE(sock)->i_security;
2309 
2310         AVC_AUDIT_DATA_INIT(&ad,NET);
2311         ad.u.net.sk = sock->sk;
2312         err = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
2313                            perms, &isec->avcr, &ad);
2314 
2315         return err;
2316 }
2317 
2318 static int selinux_socket_create(int family, int type, int protocol)
2319 {
2320         int err;
2321         struct task_security_struct *tsec;
2322 
2323         tsec = current->security;
2324 
2325         err = avc_has_perm(tsec->sid, tsec->sid,
2326                            socket_type_to_security_class(family, type),
2327                            SOCKET__CREATE, NULL, NULL);
2328 
2329         return err;
2330 }
2331 
2332 static void selinux_socket_post_create(struct socket *sock, int family, int type, int protocol)
2333 {
2334         int err;
2335         struct inode_security_struct *isec;
2336         struct task_security_struct *tsec;
2337 
2338         err = inode_doinit(SOCK_INODE(sock));
2339         if (err < 0)
2340                 return;
2341         isec = SOCK_INODE(sock)->i_security;
2342 
2343         tsec = current->security;
2344         isec->sclass = socket_type_to_security_class(family, type);
2345         isec->sid = tsec->sid;
2346 
2347         return;
2348 }
2349 
2350 /* Range of port numbers used to automatically bind.
2351    Need to determine whether we should perform a name_bind
2352    permission check between the socket and the port number. */
2353 #define ip_local_port_range_0 sysctl_local_port_range[0]
2354 #define ip_local_port_range_1 sysctl_local_port_range[1]
2355 
2356 static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
2357 {
2358         int err;
2359 
2360         err = socket_has_perm(current, sock, SOCKET__BIND);
2361         if (err)
2362                 return err;
2363 
2364         /*
2365          * If PF_INET, check name_bind permission for the port.
2366          */
2367         if (sock->sk->sk_family == PF_INET) {
2368                 struct inode_security_struct *isec;
2369                 struct task_security_struct *tsec;
2370                 struct avc_audit_data ad;
2371                 struct sockaddr_in *addr = (struct sockaddr_in *)address;
2372                 unsigned short snum = ntohs(addr->sin_port);
2373                 struct sock *sk = sock->sk;
2374                 u32 sid;
2375 
2376                 tsec = current->security;
2377                 isec = SOCK_INODE(sock)->i_security;
2378 
2379                 if (snum&&(snum < max(PROT_SOCK,ip_local_port_range_0) ||
2380                            snum > ip_local_port_range_1)) {
2381                         err = security_port_sid(sk->sk_family, sk->sk_type,
2382                                                 sk->sk_protocol, snum, &sid);
2383                         if (err)
2384                                 return err;
2385                         AVC_AUDIT_DATA_INIT(&ad,NET);
2386                         ad.u.net.port = snum;
2387                         err = avc_has_perm(isec->sid, sid,
2388                                            isec->sclass,
2389                                            SOCKET__NAME_BIND, NULL, &ad);
2390                         if (err)
2391                                 return err;
2392                 }
2393         }
2394 
2395         return 0;
2396 }
2397 
2398 static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
2399 {
2400         int err;
2401         struct sock *sk = sock->sk;
2402         struct avc_audit_data ad;
2403         struct task_security_struct *tsec;
2404         struct inode_security_struct *isec;
2405 
2406         isec = SOCK_INODE(sock)->i_security;
2407 
2408         tsec = current->security;
2409 
2410         AVC_AUDIT_DATA_INIT(&ad, NET);
2411         ad.u.net.sk = sk;
2412         err = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
2413                            SOCKET__CONNECT, &isec->avcr, &ad);
2414         if (err)
2415                 return err;
2416 
2417         return 0;
2418 }
2419 
2420 static int selinux_socket_listen(struct socket *sock, int backlog)
2421 {
2422         int err;
2423         struct task_security_struct *tsec;
2424         struct inode_security_struct *isec;
2425         struct avc_audit_data ad;
2426 
2427         tsec = current->security;
2428 
2429         isec = SOCK_INODE(sock)->i_security;
2430 
2431         AVC_AUDIT_DATA_INIT(&ad, NET);
2432         ad.u.net.sk = sock->sk;
2433 
2434         err = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
2435                            SOCKET__LISTEN, &isec->avcr, &ad);
2436         if (err)
2437                 return err;
2438 
2439         return 0;
2440 }
2441 
2442 static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
2443 {
2444         int err;
2445         struct task_security_struct *tsec;
2446         struct inode_security_struct *isec;
2447         struct inode_security_struct *newisec;
2448         struct avc_audit_data ad;
2449 
2450         tsec = current->security;
2451 
2452         isec = SOCK_INODE(sock)->i_security;
2453 
2454         AVC_AUDIT_DATA_INIT(&ad, NET);
2455         ad.u.net.sk = sock->sk;
2456 
2457         err = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
2458                            SOCKET__ACCEPT, &isec->avcr, &ad);
2459         if (err)
2460                 return err;
2461 
2462         err = inode_doinit(SOCK_INODE(newsock));
2463         if (err < 0)
2464                 return err;
2465         newisec = SOCK_INODE(newsock)->i_security;
2466 
2467         newisec->sclass = isec->sclass;
2468         newisec->sid = isec->sid;
2469 
2470         return 0;
2471 }
2472 
2473 static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
2474                                   int size)
2475 {
2476         struct task_security_struct *tsec;
2477         struct inode_security_struct *isec;
2478         struct avc_audit_data ad;
2479         struct sock *sk;
2480         int err;
2481 
2482         isec = SOCK_INODE(sock)->i_security;
2483 
2484         tsec = current->security;
2485 
2486         sk = sock->sk;
2487 
2488         AVC_AUDIT_DATA_INIT(&ad, NET);
2489         ad.u.net.sk = sk;
2490         err = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
2491                            SOCKET__WRITE, &isec->avcr, &ad);
2492         if (err)
2493                 return err;
2494 
2495         return 0;
2496 }
2497 
2498 static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
2499                                   int size, int flags)
2500 {
2501         struct inode_security_struct *isec;
2502         struct task_security_struct *tsec;
2503         struct avc_audit_data ad;
2504         int err;
2505 
2506         isec = SOCK_INODE(sock)->i_security;
2507         tsec = current->security;
2508 
2509         AVC_AUDIT_DATA_INIT(&ad,NET);
2510         ad.u.net.sk = sock->sk;
2511         err = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
2512                            SOCKET__READ, &isec->avcr, &ad);
2513         if (err)
2514                 return err;
2515 
2516         return 0;
2517 }
2518 
2519 static int selinux_socket_getsockname(struct socket *sock)
2520 {
2521         struct inode_security_struct *isec;
2522         struct task_security_struct *tsec;
2523         struct avc_audit_data ad;
2524         int err;
2525 
2526         tsec = current->security;
2527         isec = SOCK_INODE(sock)->i_security;
2528 
2529         AVC_AUDIT_DATA_INIT(&ad,NET);
2530         ad.u.net.sk = sock->sk;
2531         err = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
2532                            SOCKET__GETATTR, &isec->avcr, &ad);
2533         if (err)
2534                 return err;
2535 
2536         return 0;
2537 }
2538 
2539 static int selinux_socket_getpeername(struct socket *sock)
2540 {
2541         struct inode_security_struct *isec;
2542         struct task_security_struct *tsec;
2543         struct avc_audit_data ad;
2544         int err;
2545 
2546         tsec = current->security;
2547         isec = SOCK_INODE(sock)->i_security;
2548 
2549         AVC_AUDIT_DATA_INIT(&ad,NET);
2550         ad.u.net.sk = sock->sk;
2551         err = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
2552                            SOCKET__GETATTR, &isec->avcr, &ad);
2553         if (err)
2554                 return err;
2555 
2556         return 0;
2557 }
2558 
2559 static int selinux_socket_setsockopt(struct socket *sock,int level,int optname)
2560 {
2561         return socket_has_perm(current, sock, SOCKET__SETOPT);
2562 }
2563 
2564 static int selinux_socket_getsockopt(struct socket *sock, int level,
2565                                      int optname)
2566 {
2567         return socket_has_perm(current, sock, SOCKET__GETOPT);
2568 }
2569 
2570 static int selinux_socket_shutdown(struct socket *sock, int how)
2571 {
2572         return socket_has_perm(current, sock, SOCKET__SHUTDOWN);
2573 }
2574 
2575 static int selinux_socket_unix_stream_connect(struct socket *sock,
2576                                               struct socket *other,
2577                                               struct sock *newsk)
2578 {
2579         struct inode_security_struct *isec;
2580         struct inode_security_struct *other_isec;
2581         struct avc_audit_data ad;
2582         int err;
2583 
2584         isec = SOCK_INODE(sock)->i_security;
2585         other_isec = SOCK_INODE(other)->i_security;
2586 
2587         AVC_AUDIT_DATA_INIT(&ad,NET);
2588         ad.u.net.sk = other->sk;
2589 
2590         err = avc_has_perm(isec->sid, other_isec->sid,
2591                            isec->sclass,
2592                            UNIX_STREAM_SOCKET__CONNECTTO,
2593                            &other_isec->avcr, &ad);
2594         if (err)
2595                 return err;
2596 
2597         return 0;
2598 }
2599 
2600 static int selinux_socket_unix_may_send(struct socket *sock,
2601                                         struct socket *other)
2602 {
2603         struct inode_security_struct *isec;
2604         struct inode_security_struct *other_isec;
2605         struct avc_audit_data ad;
2606         int err;
2607 
2608         isec = SOCK_INODE(sock)->i_security;
2609         other_isec = SOCK_INODE(other)->i_security;
2610 
2611         AVC_AUDIT_DATA_INIT(&ad,NET);
2612         ad.u.net.sk = other->sk;
2613 
2614         err = avc_has_perm(isec->sid, other_isec->sid,
2615                            isec->sclass,
2616                            SOCKET__SENDTO,
2617                            &other_isec->avcr, &ad);
2618         if (err)
2619                 return err;
2620 
2621         return 0;
2622 }
2623 
2624 #endif
2625 
2626 static int ipc_alloc_security(struct task_struct *task,
2627                               struct kern_ipc_perm *perm,
2628                               u16 sclass)
2629 {
2630         struct task_security_struct *tsec = task->security;
2631         struct ipc_security_struct *isec;
2632 
2633         isec = kmalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
2634         if (!isec)
2635                 return -ENOMEM;
2636 
2637         memset(isec, 0, sizeof(struct ipc_security_struct));
2638         isec->magic = SELINUX_MAGIC;
2639         isec->sclass = sclass;
2640         isec->ipc_perm = perm;
2641         if (tsec) {
2642                 isec->sid = tsec->sid;
2643         } else {
2644                 isec->sid = SECINITSID_UNLABELED;
2645         }
2646         perm->security = isec;
2647 
2648         return 0;
2649 }
2650 
2651 static void ipc_free_security(struct kern_ipc_perm *perm)
2652 {
2653         struct ipc_security_struct *isec = perm->security;
2654         if (!isec || isec->magic != SELINUX_MAGIC)
2655                 return;
2656 
2657         perm->security = NULL;
2658         kfree(isec);
2659 }
2660 
2661 static int msg_msg_alloc_security(struct msg_msg *msg)
2662 {
2663         struct msg_security_struct *msec;
2664 
2665         msec = kmalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
2666         if (!msec)
2667                 return -ENOMEM;
2668 
2669         memset(msec, 0, sizeof(struct msg_security_struct));
2670         msec->magic = SELINUX_MAGIC;
2671         msec->msg = msg;
2672         msec->sid = SECINITSID_UNLABELED;
2673         msg->security = msec;
2674 
2675         return 0;
2676 }
2677 
2678 static void msg_msg_free_security(struct msg_msg *msg)
2679 {
2680         struct msg_security_struct *msec = msg->security;
2681         if (!msec || msec->magic != SELINUX_MAGIC)
2682                 return;
2683 
2684         msg->security = NULL;
2685         kfree(msec);
2686 }
2687 
2688 static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
2689                         u16 sclass, u32 perms)
2690 {
2691         struct task_security_struct *tsec;
2692         struct ipc_security_struct *isec;
2693         struct avc_audit_data ad;
2694 
2695         tsec = current->security;
2696         isec = ipc_perms->security;
2697 
2698         AVC_AUDIT_DATA_INIT(&ad, IPC);
2699         ad.u.ipc_id = ipc_perms->key;
2700 
2701         return avc_has_perm(tsec->sid, isec->sid, sclass,
2702                             perms, &isec->avcr, &ad);
2703 }
2704 
2705 static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
2706 {
2707         return msg_msg_alloc_security(msg);
2708 }
2709 
2710 static void selinux_msg_msg_free_security(struct msg_msg *msg)
2711 {
2712         return msg_msg_free_security(msg);
2713 }
2714 
2715 /* message queue security operations */
2716 static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
2717 {
2718         struct task_security_struct *tsec;
2719         struct ipc_security_struct *isec;
2720         struct avc_audit_data ad;
2721         int rc;
2722 
2723         rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
2724         if (rc)
2725                 return rc;
2726 
2727         tsec = current->security;
2728         isec = msq->q_perm.security;
2729 
2730         AVC_AUDIT_DATA_INIT(&ad, IPC);
2731         ad.u.ipc_id = msq->q_perm.key;
2732 
2733         rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
2734                           MSGQ__CREATE, &isec->avcr, &ad);
2735         if (rc) {
2736                 ipc_free_security(&msq->q_perm);
2737                 return rc;
2738         }
2739         return 0;
2740 }
2741 
2742 static void selinux_msg_queue_free_security(struct msg_queue *msq)
2743 {
2744         ipc_free_security(&msq->q_perm);
2745 }
2746 
2747 static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
2748 {
2749         struct task_security_struct *tsec;
2750         struct ipc_security_struct *isec;
2751         struct avc_audit_data ad;
2752 
2753         tsec = current->security;
2754         isec = msq->q_perm.security;
2755 
2756         AVC_AUDIT_DATA_INIT(&ad, IPC);
2757         ad.u.ipc_id = msq->q_perm.key;
2758 
2759         return avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
2760                             MSGQ__ASSOCIATE, &isec->avcr, &ad);
2761 }
2762 
2763 static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
2764 {
2765         int err;
2766         int perms;
2767 
2768         switch(cmd) {
2769         case IPC_INFO:
2770         case MSG_INFO:
2771                 /* No specific object, just general system-wide information. */
2772                 return task_has_system(current, SYSTEM__IPC_INFO);
2773         case IPC_STAT:
2774         case MSG_STAT:
2775                 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
2776                 break;
2777         case IPC_SET:
2778                 perms = MSGQ__SETATTR;
2779                 break;
2780         case IPC_RMID:
2781                 perms = MSGQ__DESTROY;
2782                 break;
2783         default:
2784                 return 0;
2785         }
2786 
2787         err = ipc_has_perm(&msq->q_perm, SECCLASS_MSGQ, perms);
2788         return err;
2789 }
2790 
2791 static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
2792 {
2793         struct task_security_struct *tsec;
2794         struct ipc_security_struct *isec;
2795         struct msg_security_struct *msec;
2796         struct avc_audit_data ad;
2797         int rc;
2798 
2799         tsec = current->security;
2800         isec = msq->q_perm.security;
2801         msec = msg->security;
2802 
2803         /*
2804          * First time through, need to assign label to the message
2805          */
2806         if (msec->sid == SECINITSID_UNLABELED) {
2807                 /*
2808                  * Compute new sid based on current process and
2809                  * message queue this message will be stored in
2810                  */
2811                 rc = security_transition_sid(tsec->sid,
2812                                              isec->sid,
2813                                              SECCLASS_MSG,
2814                                              &msec->sid);
2815                 if (rc)
2816                         return rc;
2817         }
2818 
2819         AVC_AUDIT_DATA_INIT(&ad, IPC);
2820         ad.u.ipc_id = msq->q_perm.key;
2821 
2822         /* Can this process write to the queue? */
2823         rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
2824                           MSGQ__WRITE, &isec->avcr, &ad);
2825         if (!rc)
2826                 /* Can this process send the message */
2827                 rc = avc_has_perm(tsec->sid, msec->sid,
2828                                   SECCLASS_MSG, MSG__SEND,
2829                                   &msec->avcr, &ad);
2830         if (!rc)
2831                 /* Can the message be put in the queue? */
2832                 rc = avc_has_perm(msec->sid, isec->sid,
2833                                   SECCLASS_MSGQ, MSGQ__ENQUEUE,
2834                                   &isec->avcr, &ad);
2835 
2836         return rc;
2837 }
2838 
2839 static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
2840                                     struct task_struct *target,
2841                                     long type, int mode)
2842 {
2843         struct task_security_struct *tsec;
2844         struct ipc_security_struct *isec;
2845         struct msg_security_struct *msec;
2846         struct avc_audit_data ad;
2847         int rc;
2848 
2849         tsec = target->security;
2850         isec = msq->q_perm.security;
2851         msec = msg->security;
2852 
2853         AVC_AUDIT_DATA_INIT(&ad, IPC);
2854         ad.u.ipc_id = msq->q_perm.key;
2855 
2856         rc = avc_has_perm(tsec->sid, isec->sid,
2857                           SECCLASS_MSGQ, MSGQ__READ,
2858                           &isec->avcr, &ad);
2859         if (!rc)
2860                 rc = avc_has_perm(tsec->sid, msec->sid,
2861                                   SECCLASS_MSG, MSG__RECEIVE,
2862                                   &msec->avcr, &ad);
2863         return rc;
2864 }
2865 
2866 /* Shared Memory security operations */
2867 static int selinux_shm_alloc_security(struct shmid_kernel *shp)
2868 {
2869         struct task_security_struct *tsec;
2870         struct ipc_security_struct *isec;
2871         struct avc_audit_data ad;
2872         int rc;
2873 
2874         rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
2875         if (rc)
2876                 return rc;
2877 
2878         tsec = current->security;
2879         isec = shp->shm_perm.security;
2880 
2881         AVC_AUDIT_DATA_INIT(&ad, IPC);
2882         ad.u.ipc_id = shp->shm_perm.key;
2883 
2884         rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM,
2885                           SHM__CREATE, &isec->avcr, &ad);
2886         if (rc) {
2887                 ipc_free_security(&shp->shm_perm);
2888                 return rc;
2889         }
2890         return 0;
2891 }
2892 
2893 static void selinux_shm_free_security(struct shmid_kernel *shp)
2894 {
2895         ipc_free_security(&shp->shm_perm);
2896 }
2897 
2898 static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
2899 {
2900         struct task_security_struct *tsec;
2901         struct ipc_security_struct *isec;
2902         struct avc_audit_data ad;
2903 
2904         tsec = current->security;
2905         isec = shp->shm_perm.security;
2906 
2907         AVC_AUDIT_DATA_INIT(&ad, IPC);
2908         ad.u.ipc_id = shp->shm_perm.key;
2909 
2910         return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM,
2911                             SHM__ASSOCIATE, &isec->avcr, &ad);
2912 }
2913 
2914 /* Note, at this point, shp is locked down */
2915 static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
2916 {
2917         int perms;
2918         int err;
2919 
2920         switch(cmd) {
2921         case IPC_INFO:
2922         case SHM_INFO:
2923                 /* No specific object, just general system-wide information. */
2924                 return task_has_system(current, SYSTEM__IPC_INFO);
2925         case IPC_STAT:
2926         case SHM_STAT:
2927                 perms = SHM__GETATTR | SHM__ASSOCIATE;
2928                 break;
2929         case IPC_SET:
2930                 perms = SHM__SETATTR;
2931                 break;
2932         case SHM_LOCK:
2933         case SHM_UNLOCK:
2934                 perms = SHM__LOCK;
2935                 break;
2936         case IPC_RMID:
2937                 perms = SHM__DESTROY;
2938                 break;
2939         default:
2940                 return 0;
2941         }
2942 
2943         err = ipc_has_perm(&shp->shm_perm, SECCLASS_SHM, perms);
2944         return err;
2945 }
2946 
2947 static int selinux_shm_shmat(struct shmid_kernel *shp,
2948                              char *shmaddr, int shmflg)
2949 {
2950         u32 perms;
2951 
2952         if (shmflg & SHM_RDONLY)
2953                 perms = SHM__READ;
2954         else
2955                 perms = SHM__READ | SHM__WRITE;
2956 
2957         return ipc_has_perm(&shp->shm_perm, SECCLASS_SHM, perms);
2958 }
2959 
2960 /* Semaphore security operations */
2961 static int selinux_sem_alloc_security(struct sem_array *sma)
2962 {
2963         struct task_security_struct *tsec;
2964         struct ipc_security_struct *isec;
2965         struct avc_audit_data ad;
2966         int rc;
2967 
2968         rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
2969         if (rc)
2970                 return rc;
2971 
2972         tsec = current->security;
2973         isec = sma->sem_perm.security;
2974 
2975         AVC_AUDIT_DATA_INIT(&ad, IPC);
2976         ad.u.ipc_id = sma->sem_perm.key;
2977 
2978         rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM,
2979                           SEM__CREATE, &isec->avcr, &ad);
2980         if (rc) {
2981                 ipc_free_security(&sma->sem_perm);
2982                 return rc;
2983         }
2984         return 0;
2985 }
2986 
2987 static void selinux_sem_free_security(struct sem_array *sma)
2988 {
2989         ipc_free_security(&sma->sem_perm);
2990 }
2991 
2992 static int selinux_sem_associate(struct sem_array *sma, int semflg)
2993 {
2994         struct task_security_struct *tsec;
2995         struct ipc_security_struct *isec;
2996         struct avc_audit_data ad;
2997 
2998         tsec = current->security;
2999         isec = sma->sem_perm.security;
3000 
3001         AVC_AUDIT_DATA_INIT(&ad, IPC);
3002         ad.u.ipc_id = sma->sem_perm.key;
3003 
3004         return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM,
3005                             SEM__ASSOCIATE, &isec->avcr, &ad);
3006 }
3007 
3008 /* Note, at this point, sma is locked down */
3009 static int selinux_sem_semctl(struct sem_array *sma, int cmd)
3010 {
3011         int err;
3012         u32 perms;
3013 
3014         switch(cmd) {
3015         case IPC_INFO:
3016         case SEM_INFO:
3017                 /* No specific object, just general system-wide information. */
3018                 return task_has_system(current, SYSTEM__IPC_INFO);
3019         case GETPID:
3020         case GETNCNT:
3021         case GETZCNT:
3022                 perms = SEM__GETATTR;
3023                 break;
3024         case GETVAL:
3025         case GETALL:
3026                 perms = SEM__READ;
3027                 break;
3028         case SETVAL:
3029         case SETALL:
3030                 perms = SEM__WRITE;
3031                 break;
3032         case IPC_RMID:
3033                 perms = SEM__DESTROY;
3034                 break;
3035         case IPC_SET:
3036                 perms = SEM__SETATTR;
3037                 break;
3038         case IPC_STAT:
3039         case SEM_STAT:
3040                 perms = SEM__GETATTR | SEM__ASSOCIATE;
3041                 break;
3042         default:
3043                 return 0;
3044         }
3045 
3046         err = ipc_has_perm(&sma->sem_perm, SECCLASS_SEM, perms);
3047         return err;
3048 }
3049 
3050 static int selinux_sem_semop(struct sem_array *sma,
3051                              struct sembuf *sops, unsigned nsops, int alter)
3052 {
3053         u32 perms;
3054 
3055         if (alter)
3056                 perms = SEM__READ | SEM__WRITE;
3057         else
3058                 perms = SEM__READ;
3059 
3060         return ipc_has_perm(&sma->sem_perm, SECCLASS_SEM, perms);
3061 }
3062 
3063 static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
3064 {
3065         struct ipc_security_struct *isec = ipcp->security;
3066         u16 sclass = SECCLASS_IPC;
3067         u32 av = 0;
3068 
3069         if (isec && isec->magic == SELINUX_MAGIC)
3070                 sclass = isec->sclass;
3071 
3072         av = 0;
3073         if (flag & S_IRUGO)
3074                 av |= IPC__UNIX_READ;
3075         if (flag & S_IWUGO)
3076                 av |= IPC__UNIX_WRITE;
3077 
3078         if (av == 0)
3079                 return 0;
3080 
3081         return ipc_has_perm(ipcp, sclass, av);
3082 }
3083 
3084 /* module stacking operations */
3085 int selinux_register_security (const char *name, struct security_operations *ops)
3086 {
3087         if (secondary_ops != original_ops) {
3088                 printk(KERN_INFO "%s:  There is already a secondary security "
3089                        "module registered.\n", __FUNCTION__);
3090                 return -EINVAL;
3091         }
3092 
3093         secondary_ops = ops;
3094 
3095         printk(KERN_INFO "%s:  Registering secondary module %s\n",
3096                __FUNCTION__,
3097                name);
3098 
3099         return 0;
3100 }
3101 
3102 int selinux_unregister_security (const char *name, struct security_operations *ops)
3103 {
3104         if (ops != secondary_ops) {
3105                 printk (KERN_INFO "%s:  trying to unregister a security module "
3106                         "that is not registered.\n", __FUNCTION__);
3107                 return -EINVAL;
3108         }
3109 
3110         secondary_ops = original_ops;
3111 
3112         return 0;
3113 }
3114 
3115 static void selinux_d_instantiate (struct dentry *dentry, struct inode *inode)
3116 {
3117         if (inode)
3118                 inode_doinit_with_dentry(inode, dentry);
3119 }
3120 
3121 static int selinux_getprocattr(struct task_struct *p,
3122                                char *name, void *value, size_t size)
3123 {
3124         struct task_security_struct *tsec;
3125         u32 sid, len;
3126         char *context;
3127         int error;
3128 
3129         if (current != p) {
3130                 error = task_has_perm(current, p, PROCESS__GETATTR);
3131                 if (error)
3132                         return error;
3133         }
3134 
3135         if (!size)
3136                 return -ERANGE;
3137 
3138         tsec = p->security;
3139 
3140         if (!strcmp(name, "current"))
3141                 sid = tsec->sid;
3142         else if (!strcmp(name, "prev"))
3143                 sid = tsec->osid;
3144         else if (!strcmp(name, "exec"))
3145                 sid = tsec->exec_sid;
3146         else if (!strcmp(name, "fscreate"))
3147                 sid = tsec->create_sid;
3148         else
3149                 return -EINVAL;
3150 
3151         if (!sid)
3152                 return 0;
3153 
3154         error = security_sid_to_context(sid, &context, &len);
3155         if (error)
3156                 return error;
3157         if (len > size) {
3158                 kfree(context);
3159                 return -ERANGE;
3160         }
3161         memcpy(value, context, len);
3162         kfree(context);
3163         return len;
3164 }
3165 
3166 static int selinux_setprocattr(struct task_struct *p,
3167                                char *name, void *value, size_t size)
3168 {
3169         struct task_security_struct *tsec;
3170         u32 sid = 0;
3171         int error;
3172 
3173         if (current != p || !strcmp(name, "current")) {
3174                 /* SELinux only allows a process to change its own
3175                    security attributes, and it only allows the process
3176                    current SID to change via exec. */
3177                 return -EACCES;
3178         }
3179 
3180         /*
3181          * Basic control over ability to set these attributes at all.
3182          * current == p, but we'll pass them separately in case the
3183          * above restriction is ever removed.
3184          */
3185         if (!strcmp(name, "exec"))
3186                 error = task_has_perm(current, p, PROCESS__SETEXEC);
3187         else if (!strcmp(name, "fscreate"))
3188                 error = task_has_perm(current, p, PROCESS__SETFSCREATE);
3189         else
3190                 error = -EINVAL;
3191         if (error)
3192                 return error;
3193 
3194         /* Obtain a SID for the context, if one was specified. */
3195         if (size) {
3196                 int error;
3197                 error = security_context_to_sid(value, size, &sid);
3198                 if (error)
3199                         return error;
3200         }
3201 
3202         /* Permission checking based on the specified context is
3203            performed during the actual operation (execve,
3204            open/mkdir/...), when we know the full context of the
3205            operation.  See selinux_bprm_set_security for the execve
3206            checks and may_create for the file creation checks. The
3207            operation will then fail if the context is not permitted. */
3208         tsec = p->security;
3209         if (!strcmp(name, "exec"))
3210                 tsec->exec_sid = sid;
3211         else if (!strcmp(name, "fscreate"))
3212                 tsec->create_sid = sid;
3213         else
3214                 return -EINVAL;
3215 
3216         return size;
3217 }
3218 
3219 struct security_operations selinux_ops = {
3220         .ptrace =                       selinux_ptrace,
3221         .capget =                       selinux_capget,
3222         .capset_check =                 selinux_capset_check,
3223         .capset_set =                   selinux_capset_set,
3224         .sysctl =                       selinux_sysctl,
3225         .capable =                      selinux_capable,
3226         .quotactl =                     selinux_quotactl,
3227         .quota_on =                     selinux_quota_on,
3228         .syslog =                       selinux_syslog,
3229         .vm_enough_memory =             selinux_vm_enough_memory,
3230 
3231         .netlink_send =                 selinux_netlink_send,
3232         .netlink_recv =                 selinux_netlink_recv,
3233 
3234         .bprm_alloc_security =          selinux_bprm_alloc_security,
3235         .bprm_free_security =           selinux_bprm_free_security,
3236         .bprm_compute_creds =           selinux_bprm_compute_creds,
3237         .bprm_set_security =            selinux_bprm_set_security,
3238         .bprm_check_security =          selinux_bprm_check_security,
3239         .bprm_secureexec =              selinux_bprm_secureexec,
3240 
3241         .sb_alloc_security =            selinux_sb_alloc_security,
3242         .sb_free_security =             selinux_sb_free_security,
3243         .sb_kern_mount =                selinux_sb_kern_mount,
3244         .sb_statfs =                    selinux_sb_statfs,
3245         .sb_mount =                     selinux_mount,
3246         .sb_umount =                    selinux_umount,
3247 
3248         .inode_alloc_security =         selinux_inode_alloc_security,
3249         .inode_free_security =          selinux_inode_free_security,
3250         .inode_create =                 selinux_inode_create,
3251         .inode_post_create =            selinux_inode_post_create,
3252         .inode_link =                   selinux_inode_link,
3253         .inode_post_link =              selinux_inode_post_link,
3254         .inode_unlink =                 selinux_inode_unlink,
3255         .inode_symlink =                selinux_inode_symlink,
3256         .inode_post_symlink =           selinux_inode_post_symlink,
3257         .inode_mkdir =                  selinux_inode_mkdir,
3258         .inode_post_mkdir =             selinux_inode_post_mkdir,
3259         .inode_rmdir =                  selinux_inode_rmdir,
3260         .inode_mknod =                  selinux_inode_mknod,
3261         .inode_post_mknod =             selinux_inode_post_mknod,
3262         .inode_rename =                 selinux_inode_rename,
3263         .inode_post_rename =            selinux_inode_post_rename,
3264         .inode_readlink =               selinux_inode_readlink,
3265         .inode_follow_link =            selinux_inode_follow_link,
3266         .inode_permission =             selinux_inode_permission,
3267         .inode_setattr =                selinux_inode_setattr,
3268         .inode_getattr =                selinux_inode_getattr,
3269         .inode_setxattr =               selinux_inode_setxattr,
3270         .inode_post_setxattr =          selinux_inode_post_setxattr,
3271         .inode_getxattr =               selinux_inode_getxattr,
3272         .inode_listxattr =              selinux_inode_listxattr,
3273         .inode_removexattr =            selinux_inode_removexattr,
3274         .inode_getsecurity =            selinux_inode_getsecurity,
3275         .inode_setsecurity =            selinux_inode_setsecurity,
3276         .inode_listsecurity =           selinux_inode_listsecurity,
3277 
3278         .file_permission =              selinux_file_permission,
3279         .file_alloc_security =          selinux_file_alloc_security,
3280         .file_free_security =           selinux_file_free_security,
3281         .file_ioctl =                   selinux_file_ioctl,
3282         .file_mmap =                    selinux_file_mmap,
3283         .file_mprotect =                selinux_file_mprotect,
3284         .file_lock =                    selinux_file_lock,
3285         .file_fcntl =                   selinux_file_fcntl,
3286         .file_set_fowner =              selinux_file_set_fowner,
3287         .file_send_sigiotask =          selinux_file_send_sigiotask,
3288         .file_receive =                 selinux_file_receive,
3289 
3290         .task_create =                  selinux_task_create,
3291         .task_alloc_security =          selinux_task_alloc_security,
3292         .task_free_security =           selinux_task_free_security,
3293         .task_setuid =                  selinux_task_setuid,
3294         .task_post_setuid =             selinux_task_post_setuid,
3295         .task_setgid =                  selinux_task_setgid,
3296         .task_setpgid =                 selinux_task_setpgid,
3297         .task_getpgid =                 selinux_task_getpgid,
3298         .task_getsid =                  selinux_task_getsid,
3299         .task_setgroups =               selinux_task_setgroups,
3300         .task_setnice =                 selinux_task_setnice,
3301         .task_setrlimit =               selinux_task_setrlimit,
3302         .task_setscheduler =            selinux_task_setscheduler,
3303         .task_getscheduler =            selinux_task_getscheduler,
3304         .task_kill =                    selinux_task_kill,
3305         .task_wait =                    selinux_task_wait,
3306         .task_prctl =                   selinux_task_prctl,
3307         .task_reparent_to_init =        selinux_task_reparent_to_init,
3308         .task_to_inode =                selinux_task_to_inode,
3309 
3310         .ipc_permission =               selinux_ipc_permission,
3311 
3312         .msg_msg_alloc_security =       selinux_msg_msg_alloc_security,
3313         .msg_msg_free_security =        selinux_msg_msg_free_security,
3314 
3315         .msg_queue_alloc_security =     selinux_msg_queue_alloc_security,
3316         .msg_queue_free_security =      selinux_msg_queue_free_security,
3317         .msg_queue_associate =          selinux_msg_queue_associate,
3318         .msg_queue_msgctl =             selinux_msg_queue_msgctl,
3319         .msg_queue_msgsnd =             selinux_msg_queue_msgsnd,
3320         .msg_queue_msgrcv =             selinux_msg_queue_msgrcv,
3321 
3322         .shm_alloc_security =           selinux_shm_alloc_security,
3323         .shm_free_security =            selinux_shm_free_security,
3324         .shm_associate =                selinux_shm_associate,
3325         .shm_shmctl =                   selinux_shm_shmctl,
3326         .shm_shmat =                    selinux_shm_shmat,
3327 
3328         .sem_alloc_security =           selinux_sem_alloc_security,
3329         .sem_free_security =            selinux_sem_free_security,
3330         .sem_associate =                selinux_sem_associate,
3331         .sem_semctl =                   selinux_sem_semctl,
3332         .sem_semop =                    selinux_sem_semop,
3333 
3334         .register_security =            selinux_register_security,
3335         .unregister_security =          selinux_unregister_security,
3336 
3337         .d_instantiate =                selinux_d_instantiate,
3338 
3339         .getprocattr =                  selinux_getprocattr,
3340         .setprocattr =                  selinux_setprocattr,
3341 
3342 #ifdef CONFIG_SECURITY_NETWORK
3343         .unix_stream_connect =          selinux_socket_unix_stream_connect,
3344         .unix_may_send =                selinux_socket_unix_may_send,
3345 
3346         .socket_create =                selinux_socket_create,
3347         .socket_post_create =           selinux_socket_post_create,
3348         .socket_bind =                  selinux_socket_bind,
3349         .socket_connect =               selinux_socket_connect,
3350         .socket_listen =                selinux_socket_listen,
3351         .socket_accept =                selinux_socket_accept,
3352         .socket_sendmsg =               selinux_socket_sendmsg,
3353         .socket_recvmsg =               selinux_socket_recvmsg,
3354         .socket_getsockname =           selinux_socket_getsockname,
3355         .socket_getpeername =           selinux_socket_getpeername,
3356         .socket_getsockopt =            selinux_socket_getsockopt,
3357         .socket_setsockopt =            selinux_socket_setsockopt,
3358         .socket_shutdown =              selinux_socket_shutdown,
3359 #endif
3360 };
3361 
3362 __init int selinux_init(void)
3363 {
3364         struct task_security_struct *tsec;
3365 
3366         if (!selinux_enabled) {
3367                 printk(KERN_INFO "SELinux:  Disabled at boot.\n");
3368                 return 0;
3369         }
3370 
3371         printk(KERN_INFO "SELinux:  Initializing.\n");
3372 
3373         /* Set the security state for the initial task. */
3374         if (task_alloc_security(current))
3375                 panic("SELinux:  Failed to initialize initial task.\n");
3376         tsec = current->security;
3377         tsec->osid = tsec->sid = SECINITSID_KERNEL;
3378 
3379         avc_init();
3380 
3381         original_ops = secondary_ops = security_ops;
3382         if (!secondary_ops)
3383                 panic ("SELinux: No initial security operations\n");
3384         if (register_security (&selinux_ops))
3385                 panic("SELinux: Unable to register with kernel.\n");
3386 
3387         if (selinux_enforcing) {
3388                 printk(KERN_INFO "SELinux:  Starting in enforcing mode\n");
3389         } else {
3390                 printk(KERN_INFO "SELinux:  Starting in permissive mode\n");
3391         }
3392         return 0;
3393 }
3394 
3395 void selinux_complete_init(void)
3396 {
3397         printk(KERN_INFO "SELinux:  Completing initialization.\n");
3398 
3399         /* Set up any superblocks initialized prior to the policy load. */
3400         printk(KERN_INFO "SELinux:  Setting up existing superblocks.\n");
3401         spin_lock(&sb_security_lock);
3402 next_sb:
3403         if (!list_empty(&superblock_security_head)) {
3404                 struct superblock_security_struct *sbsec =
3405                                 list_entry(superblock_security_head.next,
3406                                            struct superblock_security_struct,
3407                                            list);
3408                 struct super_block *sb = sbsec->sb;
3409                 spin_lock(&sb_lock);
3410                 sb->s_count++;
3411                 spin_unlock(&sb_lock);
3412                 spin_unlock(&sb_security_lock);
3413                 down_read(&sb->s_umount);
3414                 if (sb->s_root)
3415                         superblock_doinit(sb);
3416                 drop_super(sb);
3417                 spin_lock(&sb_security_lock);
3418                 list_del_init(&sbsec->list);
3419                 goto next_sb;
3420         }
3421         spin_unlock(&sb_security_lock);
3422 }
3423 
3424 /* SELinux requires early initialization in order to label
3425    all processes and objects when they are created. */
3426 security_initcall(selinux_init);
3427 
3428 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp