~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/selinux/selinuxfs.c

Version: ~ [ linux-5.2-rc1 ] ~ [ linux-5.1.2 ] ~ [ linux-5.0.16 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.43 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.119 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.176 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.179 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.139 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.67 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.39.4 ] ~ [ linux-2.6.38.8 ] ~ [ linux-2.6.37.6 ] ~ [ linux-2.6.36.4 ] ~ [ linux-2.6.35.14 ] ~ [ linux-2.6.34.15 ] ~ [ linux-2.6.33.20 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /* Updated: Karl MacMillan <kmacmillan@tresys.com>
  2  *
  3  *      Added conditional policy language extensions
  4  *
  5  *  Updated: Hewlett-Packard <paul@paul-moore.com>
  6  *
  7  *      Added support for the policy capability bitmap
  8  *
  9  * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
 10  * Copyright (C) 2003 - 2004 Tresys Technology, LLC
 11  * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
 12  *      This program is free software; you can redistribute it and/or modify
 13  *      it under the terms of the GNU General Public License as published by
 14  *      the Free Software Foundation, version 2.
 15  */
 16 
 17 #include <linux/kernel.h>
 18 #include <linux/pagemap.h>
 19 #include <linux/slab.h>
 20 #include <linux/vmalloc.h>
 21 #include <linux/fs.h>
 22 #include <linux/mutex.h>
 23 #include <linux/init.h>
 24 #include <linux/string.h>
 25 #include <linux/security.h>
 26 #include <linux/major.h>
 27 #include <linux/seq_file.h>
 28 #include <linux/percpu.h>
 29 #include <linux/audit.h>
 30 #include <linux/uaccess.h>
 31 #include <linux/kobject.h>
 32 #include <linux/ctype.h>
 33 
 34 /* selinuxfs pseudo filesystem for exporting the security policy API.
 35    Based on the proc code and the fs/nfsd/nfsctl.c code. */
 36 
 37 #include "flask.h"
 38 #include "avc.h"
 39 #include "avc_ss.h"
 40 #include "security.h"
 41 #include "objsec.h"
 42 #include "conditional.h"
 43 
 44 /* Policy capability filenames */
 45 static char *policycap_names[] = {
 46         "network_peer_controls",
 47         "open_perms",
 48         "redhat1",
 49         "always_check_network"
 50 };
 51 
 52 unsigned int selinux_checkreqprot = CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE;
 53 
 54 static int __init checkreqprot_setup(char *str)
 55 {
 56         unsigned long checkreqprot;
 57         if (!kstrtoul(str, 0, &checkreqprot))
 58                 selinux_checkreqprot = checkreqprot ? 1 : 0;
 59         return 1;
 60 }
 61 __setup("checkreqprot=", checkreqprot_setup);
 62 
 63 static DEFINE_MUTEX(sel_mutex);
 64 
 65 /* global data for booleans */
 66 static struct dentry *bool_dir;
 67 static int bool_num;
 68 static char **bool_pending_names;
 69 static int *bool_pending_values;
 70 
 71 /* global data for classes */
 72 static struct dentry *class_dir;
 73 static unsigned long last_class_ino;
 74 
 75 static char policy_opened;
 76 
 77 /* global data for policy capabilities */
 78 static struct dentry *policycap_dir;
 79 
 80 /* Check whether a task is allowed to use a security operation. */
 81 static int task_has_security(struct task_struct *tsk,
 82                              u32 perms)
 83 {
 84         const struct task_security_struct *tsec;
 85         u32 sid = 0;
 86 
 87         rcu_read_lock();
 88         tsec = __task_cred(tsk)->security;
 89         if (tsec)
 90                 sid = tsec->sid;
 91         rcu_read_unlock();
 92         if (!tsec)
 93                 return -EACCES;
 94 
 95         return avc_has_perm(sid, SECINITSID_SECURITY,
 96                             SECCLASS_SECURITY, perms, NULL);
 97 }
 98 
 99 enum sel_inos {
100         SEL_ROOT_INO = 2,
101         SEL_LOAD,       /* load policy */
102         SEL_ENFORCE,    /* get or set enforcing status */
103         SEL_CONTEXT,    /* validate context */
104         SEL_ACCESS,     /* compute access decision */
105         SEL_CREATE,     /* compute create labeling decision */
106         SEL_RELABEL,    /* compute relabeling decision */
107         SEL_USER,       /* compute reachable user contexts */
108         SEL_POLICYVERS, /* return policy version for this kernel */
109         SEL_COMMIT_BOOLS, /* commit new boolean values */
110         SEL_MLS,        /* return if MLS policy is enabled */
111         SEL_DISABLE,    /* disable SELinux until next reboot */
112         SEL_MEMBER,     /* compute polyinstantiation membership decision */
113         SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */
114         SEL_COMPAT_NET, /* whether to use old compat network packet controls */
115         SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */
116         SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */
117         SEL_STATUS,     /* export current status using mmap() */
118         SEL_POLICY,     /* allow userspace to read the in kernel policy */
119         SEL_VALIDATE_TRANS, /* compute validatetrans decision */
120         SEL_INO_NEXT,   /* The next inode number to use */
121 };
122 
123 static unsigned long sel_last_ino = SEL_INO_NEXT - 1;
124 
125 #define SEL_INITCON_INO_OFFSET          0x01000000
126 #define SEL_BOOL_INO_OFFSET             0x02000000
127 #define SEL_CLASS_INO_OFFSET            0x04000000
128 #define SEL_POLICYCAP_INO_OFFSET        0x08000000
129 #define SEL_INO_MASK                    0x00ffffff
130 
131 #define TMPBUFLEN       12
132 static ssize_t sel_read_enforce(struct file *filp, char __user *buf,
133                                 size_t count, loff_t *ppos)
134 {
135         char tmpbuf[TMPBUFLEN];
136         ssize_t length;
137 
138         length = scnprintf(tmpbuf, TMPBUFLEN, "%d", selinux_enforcing);
139         return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
140 }
141 
142 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
143 static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
144                                  size_t count, loff_t *ppos)
145 
146 {
147         char *page = NULL;
148         ssize_t length;
149         int new_value;
150 
151         if (count >= PAGE_SIZE)
152                 return -ENOMEM;
153 
154         /* No partial writes. */
155         if (*ppos != 0)
156                 return -EINVAL;
157 
158         page = memdup_user_nul(buf, count);
159         if (IS_ERR(page))
160                 return PTR_ERR(page);
161 
162         length = -EINVAL;
163         if (sscanf(page, "%d", &new_value) != 1)
164                 goto out;
165 
166         new_value = !!new_value;
167 
168         if (new_value != selinux_enforcing) {
169                 length = task_has_security(current, SECURITY__SETENFORCE);
170                 if (length)
171                         goto out;
172                 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
173                         "enforcing=%d old_enforcing=%d auid=%u ses=%u",
174                         new_value, selinux_enforcing,
175                         from_kuid(&init_user_ns, audit_get_loginuid(current)),
176                         audit_get_sessionid(current));
177                 selinux_enforcing = new_value;
178                 if (selinux_enforcing)
179                         avc_ss_reset(0);
180                 selnl_notify_setenforce(selinux_enforcing);
181                 selinux_status_update_setenforce(selinux_enforcing);
182         }
183         length = count;
184 out:
185         kfree(page);
186         return length;
187 }
188 #else
189 #define sel_write_enforce NULL
190 #endif
191 
192 static const struct file_operations sel_enforce_ops = {
193         .read           = sel_read_enforce,
194         .write          = sel_write_enforce,
195         .llseek         = generic_file_llseek,
196 };
197 
198 static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf,
199                                         size_t count, loff_t *ppos)
200 {
201         char tmpbuf[TMPBUFLEN];
202         ssize_t length;
203         ino_t ino = file_inode(filp)->i_ino;
204         int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ?
205                 security_get_reject_unknown() : !security_get_allow_unknown();
206 
207         length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown);
208         return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
209 }
210 
211 static const struct file_operations sel_handle_unknown_ops = {
212         .read           = sel_read_handle_unknown,
213         .llseek         = generic_file_llseek,
214 };
215 
216 static int sel_open_handle_status(struct inode *inode, struct file *filp)
217 {
218         struct page    *status = selinux_kernel_status_page();
219 
220         if (!status)
221                 return -ENOMEM;
222 
223         filp->private_data = status;
224 
225         return 0;
226 }
227 
228 static ssize_t sel_read_handle_status(struct file *filp, char __user *buf,
229                                       size_t count, loff_t *ppos)
230 {
231         struct page    *status = filp->private_data;
232 
233         BUG_ON(!status);
234 
235         return simple_read_from_buffer(buf, count, ppos,
236                                        page_address(status),
237                                        sizeof(struct selinux_kernel_status));
238 }
239 
240 static int sel_mmap_handle_status(struct file *filp,
241                                   struct vm_area_struct *vma)
242 {
243         struct page    *status = filp->private_data;
244         unsigned long   size = vma->vm_end - vma->vm_start;
245 
246         BUG_ON(!status);
247 
248         /* only allows one page from the head */
249         if (vma->vm_pgoff > 0 || size != PAGE_SIZE)
250                 return -EIO;
251         /* disallow writable mapping */
252         if (vma->vm_flags & VM_WRITE)
253                 return -EPERM;
254         /* disallow mprotect() turns it into writable */
255         vma->vm_flags &= ~VM_MAYWRITE;
256 
257         return remap_pfn_range(vma, vma->vm_start,
258                                page_to_pfn(status),
259                                size, vma->vm_page_prot);
260 }
261 
262 static const struct file_operations sel_handle_status_ops = {
263         .open           = sel_open_handle_status,
264         .read           = sel_read_handle_status,
265         .mmap           = sel_mmap_handle_status,
266         .llseek         = generic_file_llseek,
267 };
268 
269 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
270 static ssize_t sel_write_disable(struct file *file, const char __user *buf,
271                                  size_t count, loff_t *ppos)
272 
273 {
274         char *page;
275         ssize_t length;
276         int new_value;
277 
278         if (count >= PAGE_SIZE)
279                 return -ENOMEM;
280 
281         /* No partial writes. */
282         if (*ppos != 0)
283                 return -EINVAL;
284 
285         page = memdup_user_nul(buf, count);
286         if (IS_ERR(page))
287                 return PTR_ERR(page);
288 
289         length = -EINVAL;
290         if (sscanf(page, "%d", &new_value) != 1)
291                 goto out;
292 
293         if (new_value) {
294                 length = selinux_disable();
295                 if (length)
296                         goto out;
297                 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
298                         "selinux=0 auid=%u ses=%u",
299                         from_kuid(&init_user_ns, audit_get_loginuid(current)),
300                         audit_get_sessionid(current));
301         }
302 
303         length = count;
304 out:
305         kfree(page);
306         return length;
307 }
308 #else
309 #define sel_write_disable NULL
310 #endif
311 
312 static const struct file_operations sel_disable_ops = {
313         .write          = sel_write_disable,
314         .llseek         = generic_file_llseek,
315 };
316 
317 static ssize_t sel_read_policyvers(struct file *filp, char __user *buf,
318                                    size_t count, loff_t *ppos)
319 {
320         char tmpbuf[TMPBUFLEN];
321         ssize_t length;
322 
323         length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX);
324         return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
325 }
326 
327 static const struct file_operations sel_policyvers_ops = {
328         .read           = sel_read_policyvers,
329         .llseek         = generic_file_llseek,
330 };
331 
332 /* declaration for sel_write_load */
333 static int sel_make_bools(void);
334 static int sel_make_classes(void);
335 static int sel_make_policycap(void);
336 
337 /* declaration for sel_make_class_dirs */
338 static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
339                         unsigned long *ino);
340 
341 static ssize_t sel_read_mls(struct file *filp, char __user *buf,
342                                 size_t count, loff_t *ppos)
343 {
344         char tmpbuf[TMPBUFLEN];
345         ssize_t length;
346 
347         length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
348                            security_mls_enabled());
349         return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
350 }
351 
352 static const struct file_operations sel_mls_ops = {
353         .read           = sel_read_mls,
354         .llseek         = generic_file_llseek,
355 };
356 
357 struct policy_load_memory {
358         size_t len;
359         void *data;
360 };
361 
362 static int sel_open_policy(struct inode *inode, struct file *filp)
363 {
364         struct policy_load_memory *plm = NULL;
365         int rc;
366 
367         BUG_ON(filp->private_data);
368 
369         mutex_lock(&sel_mutex);
370 
371         rc = task_has_security(current, SECURITY__READ_POLICY);
372         if (rc)
373                 goto err;
374 
375         rc = -EBUSY;
376         if (policy_opened)
377                 goto err;
378 
379         rc = -ENOMEM;
380         plm = kzalloc(sizeof(*plm), GFP_KERNEL);
381         if (!plm)
382                 goto err;
383 
384         if (i_size_read(inode) != security_policydb_len()) {
385                 inode_lock(inode);
386                 i_size_write(inode, security_policydb_len());
387                 inode_unlock(inode);
388         }
389 
390         rc = security_read_policy(&plm->data, &plm->len);
391         if (rc)
392                 goto err;
393 
394         policy_opened = 1;
395 
396         filp->private_data = plm;
397 
398         mutex_unlock(&sel_mutex);
399 
400         return 0;
401 err:
402         mutex_unlock(&sel_mutex);
403 
404         if (plm)
405                 vfree(plm->data);
406         kfree(plm);
407         return rc;
408 }
409 
410 static int sel_release_policy(struct inode *inode, struct file *filp)
411 {
412         struct policy_load_memory *plm = filp->private_data;
413 
414         BUG_ON(!plm);
415 
416         policy_opened = 0;
417 
418         vfree(plm->data);
419         kfree(plm);
420 
421         return 0;
422 }
423 
424 static ssize_t sel_read_policy(struct file *filp, char __user *buf,
425                                size_t count, loff_t *ppos)
426 {
427         struct policy_load_memory *plm = filp->private_data;
428         int ret;
429 
430         mutex_lock(&sel_mutex);
431 
432         ret = task_has_security(current, SECURITY__READ_POLICY);
433         if (ret)
434                 goto out;
435 
436         ret = simple_read_from_buffer(buf, count, ppos, plm->data, plm->len);
437 out:
438         mutex_unlock(&sel_mutex);
439         return ret;
440 }
441 
442 static int sel_mmap_policy_fault(struct vm_area_struct *vma,
443                                  struct vm_fault *vmf)
444 {
445         struct policy_load_memory *plm = vma->vm_file->private_data;
446         unsigned long offset;
447         struct page *page;
448 
449         if (vmf->flags & (FAULT_FLAG_MKWRITE | FAULT_FLAG_WRITE))
450                 return VM_FAULT_SIGBUS;
451 
452         offset = vmf->pgoff << PAGE_SHIFT;
453         if (offset >= roundup(plm->len, PAGE_SIZE))
454                 return VM_FAULT_SIGBUS;
455 
456         page = vmalloc_to_page(plm->data + offset);
457         get_page(page);
458 
459         vmf->page = page;
460 
461         return 0;
462 }
463 
464 static const struct vm_operations_struct sel_mmap_policy_ops = {
465         .fault = sel_mmap_policy_fault,
466         .page_mkwrite = sel_mmap_policy_fault,
467 };
468 
469 static int sel_mmap_policy(struct file *filp, struct vm_area_struct *vma)
470 {
471         if (vma->vm_flags & VM_SHARED) {
472                 /* do not allow mprotect to make mapping writable */
473                 vma->vm_flags &= ~VM_MAYWRITE;
474 
475                 if (vma->vm_flags & VM_WRITE)
476                         return -EACCES;
477         }
478 
479         vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP;
480         vma->vm_ops = &sel_mmap_policy_ops;
481 
482         return 0;
483 }
484 
485 static const struct file_operations sel_policy_ops = {
486         .open           = sel_open_policy,
487         .read           = sel_read_policy,
488         .mmap           = sel_mmap_policy,
489         .release        = sel_release_policy,
490         .llseek         = generic_file_llseek,
491 };
492 
493 static ssize_t sel_write_load(struct file *file, const char __user *buf,
494                               size_t count, loff_t *ppos)
495 
496 {
497         ssize_t length;
498         void *data = NULL;
499 
500         mutex_lock(&sel_mutex);
501 
502         length = task_has_security(current, SECURITY__LOAD_POLICY);
503         if (length)
504                 goto out;
505 
506         /* No partial writes. */
507         length = -EINVAL;
508         if (*ppos != 0)
509                 goto out;
510 
511         length = -EFBIG;
512         if (count > 64 * 1024 * 1024)
513                 goto out;
514 
515         length = -ENOMEM;
516         data = vmalloc(count);
517         if (!data)
518                 goto out;
519 
520         length = -EFAULT;
521         if (copy_from_user(data, buf, count) != 0)
522                 goto out;
523 
524         length = security_load_policy(data, count);
525         if (length)
526                 goto out;
527 
528         length = sel_make_bools();
529         if (length)
530                 goto out1;
531 
532         length = sel_make_classes();
533         if (length)
534                 goto out1;
535 
536         length = sel_make_policycap();
537         if (length)
538                 goto out1;
539 
540         length = count;
541 
542 out1:
543         audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
544                 "policy loaded auid=%u ses=%u",
545                 from_kuid(&init_user_ns, audit_get_loginuid(current)),
546                 audit_get_sessionid(current));
547 out:
548         mutex_unlock(&sel_mutex);
549         vfree(data);
550         return length;
551 }
552 
553 static const struct file_operations sel_load_ops = {
554         .write          = sel_write_load,
555         .llseek         = generic_file_llseek,
556 };
557 
558 static ssize_t sel_write_context(struct file *file, char *buf, size_t size)
559 {
560         char *canon = NULL;
561         u32 sid, len;
562         ssize_t length;
563 
564         length = task_has_security(current, SECURITY__CHECK_CONTEXT);
565         if (length)
566                 goto out;
567 
568         length = security_context_to_sid(buf, size, &sid, GFP_KERNEL);
569         if (length)
570                 goto out;
571 
572         length = security_sid_to_context(sid, &canon, &len);
573         if (length)
574                 goto out;
575 
576         length = -ERANGE;
577         if (len > SIMPLE_TRANSACTION_LIMIT) {
578                 printk(KERN_ERR "SELinux: %s:  context size (%u) exceeds "
579                         "payload max\n", __func__, len);
580                 goto out;
581         }
582 
583         memcpy(buf, canon, len);
584         length = len;
585 out:
586         kfree(canon);
587         return length;
588 }
589 
590 static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf,
591                                      size_t count, loff_t *ppos)
592 {
593         char tmpbuf[TMPBUFLEN];
594         ssize_t length;
595 
596         length = scnprintf(tmpbuf, TMPBUFLEN, "%u", selinux_checkreqprot);
597         return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
598 }
599 
600 static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
601                                       size_t count, loff_t *ppos)
602 {
603         char *page;
604         ssize_t length;
605         unsigned int new_value;
606 
607         length = task_has_security(current, SECURITY__SETCHECKREQPROT);
608         if (length)
609                 return length;
610 
611         if (count >= PAGE_SIZE)
612                 return -ENOMEM;
613 
614         /* No partial writes. */
615         if (*ppos != 0)
616                 return -EINVAL;
617 
618         page = memdup_user_nul(buf, count);
619         if (IS_ERR(page))
620                 return PTR_ERR(page);
621 
622         length = -EINVAL;
623         if (sscanf(page, "%u", &new_value) != 1)
624                 goto out;
625 
626         selinux_checkreqprot = new_value ? 1 : 0;
627         length = count;
628 out:
629         kfree(page);
630         return length;
631 }
632 static const struct file_operations sel_checkreqprot_ops = {
633         .read           = sel_read_checkreqprot,
634         .write          = sel_write_checkreqprot,
635         .llseek         = generic_file_llseek,
636 };
637 
638 static ssize_t sel_write_validatetrans(struct file *file,
639                                         const char __user *buf,
640                                         size_t count, loff_t *ppos)
641 {
642         char *oldcon = NULL, *newcon = NULL, *taskcon = NULL;
643         char *req = NULL;
644         u32 osid, nsid, tsid;
645         u16 tclass;
646         int rc;
647 
648         rc = task_has_security(current, SECURITY__VALIDATE_TRANS);
649         if (rc)
650                 goto out;
651 
652         rc = -ENOMEM;
653         if (count >= PAGE_SIZE)
654                 goto out;
655 
656         /* No partial writes. */
657         rc = -EINVAL;
658         if (*ppos != 0)
659                 goto out;
660 
661         rc = -ENOMEM;
662         req = kzalloc(count + 1, GFP_KERNEL);
663         if (!req)
664                 goto out;
665 
666         rc = -EFAULT;
667         if (copy_from_user(req, buf, count))
668                 goto out;
669 
670         rc = -ENOMEM;
671         oldcon = kzalloc(count + 1, GFP_KERNEL);
672         if (!oldcon)
673                 goto out;
674 
675         newcon = kzalloc(count + 1, GFP_KERNEL);
676         if (!newcon)
677                 goto out;
678 
679         taskcon = kzalloc(count + 1, GFP_KERNEL);
680         if (!taskcon)
681                 goto out;
682 
683         rc = -EINVAL;
684         if (sscanf(req, "%s %s %hu %s", oldcon, newcon, &tclass, taskcon) != 4)
685                 goto out;
686 
687         rc = security_context_str_to_sid(oldcon, &osid, GFP_KERNEL);
688         if (rc)
689                 goto out;
690 
691         rc = security_context_str_to_sid(newcon, &nsid, GFP_KERNEL);
692         if (rc)
693                 goto out;
694 
695         rc = security_context_str_to_sid(taskcon, &tsid, GFP_KERNEL);
696         if (rc)
697                 goto out;
698 
699         rc = security_validate_transition_user(osid, nsid, tsid, tclass);
700         if (!rc)
701                 rc = count;
702 out:
703         kfree(req);
704         kfree(oldcon);
705         kfree(newcon);
706         kfree(taskcon);
707         return rc;
708 }
709 
710 static const struct file_operations sel_transition_ops = {
711         .write          = sel_write_validatetrans,
712         .llseek         = generic_file_llseek,
713 };
714 
715 /*
716  * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c
717  */
718 static ssize_t sel_write_access(struct file *file, char *buf, size_t size);
719 static ssize_t sel_write_create(struct file *file, char *buf, size_t size);
720 static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size);
721 static ssize_t sel_write_user(struct file *file, char *buf, size_t size);
722 static ssize_t sel_write_member(struct file *file, char *buf, size_t size);
723 
724 static ssize_t (*write_op[])(struct file *, char *, size_t) = {
725         [SEL_ACCESS] = sel_write_access,
726         [SEL_CREATE] = sel_write_create,
727         [SEL_RELABEL] = sel_write_relabel,
728         [SEL_USER] = sel_write_user,
729         [SEL_MEMBER] = sel_write_member,
730         [SEL_CONTEXT] = sel_write_context,
731 };
732 
733 static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos)
734 {
735         ino_t ino = file_inode(file)->i_ino;
736         char *data;
737         ssize_t rv;
738 
739         if (ino >= ARRAY_SIZE(write_op) || !write_op[ino])
740                 return -EINVAL;
741 
742         data = simple_transaction_get(file, buf, size);
743         if (IS_ERR(data))
744                 return PTR_ERR(data);
745 
746         rv = write_op[ino](file, data, size);
747         if (rv > 0) {
748                 simple_transaction_set(file, rv);
749                 rv = size;
750         }
751         return rv;
752 }
753 
754 static const struct file_operations transaction_ops = {
755         .write          = selinux_transaction_write,
756         .read           = simple_transaction_read,
757         .release        = simple_transaction_release,
758         .llseek         = generic_file_llseek,
759 };
760 
761 /*
762  * payload - write methods
763  * If the method has a response, the response should be put in buf,
764  * and the length returned.  Otherwise return 0 or and -error.
765  */
766 
767 static ssize_t sel_write_access(struct file *file, char *buf, size_t size)
768 {
769         char *scon = NULL, *tcon = NULL;
770         u32 ssid, tsid;
771         u16 tclass;
772         struct av_decision avd;
773         ssize_t length;
774 
775         length = task_has_security(current, SECURITY__COMPUTE_AV);
776         if (length)
777                 goto out;
778 
779         length = -ENOMEM;
780         scon = kzalloc(size + 1, GFP_KERNEL);
781         if (!scon)
782                 goto out;
783 
784         length = -ENOMEM;
785         tcon = kzalloc(size + 1, GFP_KERNEL);
786         if (!tcon)
787                 goto out;
788 
789         length = -EINVAL;
790         if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
791                 goto out;
792 
793         length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
794         if (length)
795                 goto out;
796 
797         length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
798         if (length)
799                 goto out;
800 
801         security_compute_av_user(ssid, tsid, tclass, &avd);
802 
803         length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT,
804                           "%x %x %x %x %u %x",
805                           avd.allowed, 0xffffffff,
806                           avd.auditallow, avd.auditdeny,
807                           avd.seqno, avd.flags);
808 out:
809         kfree(tcon);
810         kfree(scon);
811         return length;
812 }
813 
814 static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
815 {
816         char *scon = NULL, *tcon = NULL;
817         char *namebuf = NULL, *objname = NULL;
818         u32 ssid, tsid, newsid;
819         u16 tclass;
820         ssize_t length;
821         char *newcon = NULL;
822         u32 len;
823         int nargs;
824 
825         length = task_has_security(current, SECURITY__COMPUTE_CREATE);
826         if (length)
827                 goto out;
828 
829         length = -ENOMEM;
830         scon = kzalloc(size + 1, GFP_KERNEL);
831         if (!scon)
832                 goto out;
833 
834         length = -ENOMEM;
835         tcon = kzalloc(size + 1, GFP_KERNEL);
836         if (!tcon)
837                 goto out;
838 
839         length = -ENOMEM;
840         namebuf = kzalloc(size + 1, GFP_KERNEL);
841         if (!namebuf)
842                 goto out;
843 
844         length = -EINVAL;
845         nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf);
846         if (nargs < 3 || nargs > 4)
847                 goto out;
848         if (nargs == 4) {
849                 /*
850                  * If and when the name of new object to be queried contains
851                  * either whitespace or multibyte characters, they shall be
852                  * encoded based on the percentage-encoding rule.
853                  * If not encoded, the sscanf logic picks up only left-half
854                  * of the supplied name; splitted by a whitespace unexpectedly.
855                  */
856                 char   *r, *w;
857                 int     c1, c2;
858 
859                 r = w = namebuf;
860                 do {
861                         c1 = *r++;
862                         if (c1 == '+')
863                                 c1 = ' ';
864                         else if (c1 == '%') {
865                                 c1 = hex_to_bin(*r++);
866                                 if (c1 < 0)
867                                         goto out;
868                                 c2 = hex_to_bin(*r++);
869                                 if (c2 < 0)
870                                         goto out;
871                                 c1 = (c1 << 4) | c2;
872                         }
873                         *w++ = c1;
874                 } while (c1 != '\0');
875 
876                 objname = namebuf;
877         }
878 
879         length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
880         if (length)
881                 goto out;
882 
883         length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
884         if (length)
885                 goto out;
886 
887         length = security_transition_sid_user(ssid, tsid, tclass,
888                                               objname, &newsid);
889         if (length)
890                 goto out;
891 
892         length = security_sid_to_context(newsid, &newcon, &len);
893         if (length)
894                 goto out;
895 
896         length = -ERANGE;
897         if (len > SIMPLE_TRANSACTION_LIMIT) {
898                 printk(KERN_ERR "SELinux: %s:  context size (%u) exceeds "
899                         "payload max\n", __func__, len);
900                 goto out;
901         }
902 
903         memcpy(buf, newcon, len);
904         length = len;
905 out:
906         kfree(newcon);
907         kfree(namebuf);
908         kfree(tcon);
909         kfree(scon);
910         return length;
911 }
912 
913 static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size)
914 {
915         char *scon = NULL, *tcon = NULL;
916         u32 ssid, tsid, newsid;
917         u16 tclass;
918         ssize_t length;
919         char *newcon = NULL;
920         u32 len;
921 
922         length = task_has_security(current, SECURITY__COMPUTE_RELABEL);
923         if (length)
924                 goto out;
925 
926         length = -ENOMEM;
927         scon = kzalloc(size + 1, GFP_KERNEL);
928         if (!scon)
929                 goto out;
930 
931         length = -ENOMEM;
932         tcon = kzalloc(size + 1, GFP_KERNEL);
933         if (!tcon)
934                 goto out;
935 
936         length = -EINVAL;
937         if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
938                 goto out;
939 
940         length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
941         if (length)
942                 goto out;
943 
944         length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
945         if (length)
946                 goto out;
947 
948         length = security_change_sid(ssid, tsid, tclass, &newsid);
949         if (length)
950                 goto out;
951 
952         length = security_sid_to_context(newsid, &newcon, &len);
953         if (length)
954                 goto out;
955 
956         length = -ERANGE;
957         if (len > SIMPLE_TRANSACTION_LIMIT)
958                 goto out;
959 
960         memcpy(buf, newcon, len);
961         length = len;
962 out:
963         kfree(newcon);
964         kfree(tcon);
965         kfree(scon);
966         return length;
967 }
968 
969 static ssize_t sel_write_user(struct file *file, char *buf, size_t size)
970 {
971         char *con = NULL, *user = NULL, *ptr;
972         u32 sid, *sids = NULL;
973         ssize_t length;
974         char *newcon;
975         int i, rc;
976         u32 len, nsids;
977 
978         length = task_has_security(current, SECURITY__COMPUTE_USER);
979         if (length)
980                 goto out;
981 
982         length = -ENOMEM;
983         con = kzalloc(size + 1, GFP_KERNEL);
984         if (!con)
985                 goto out;
986 
987         length = -ENOMEM;
988         user = kzalloc(size + 1, GFP_KERNEL);
989         if (!user)
990                 goto out;
991 
992         length = -EINVAL;
993         if (sscanf(buf, "%s %s", con, user) != 2)
994                 goto out;
995 
996         length = security_context_str_to_sid(con, &sid, GFP_KERNEL);
997         if (length)
998                 goto out;
999 
1000         length = security_get_user_sids(sid, user, &sids, &nsids);
1001         if (length)
1002                 goto out;
1003 
1004         length = sprintf(buf, "%u", nsids) + 1;
1005         ptr = buf + length;
1006         for (i = 0; i < nsids; i++) {
1007                 rc = security_sid_to_context(sids[i], &newcon, &len);
1008                 if (rc) {
1009                         length = rc;
1010                         goto out;
1011                 }
1012                 if ((length + len) >= SIMPLE_TRANSACTION_LIMIT) {
1013                         kfree(newcon);
1014                         length = -ERANGE;
1015                         goto out;
1016                 }
1017                 memcpy(ptr, newcon, len);
1018                 kfree(newcon);
1019                 ptr += len;
1020                 length += len;
1021         }
1022 out:
1023         kfree(sids);
1024         kfree(user);
1025         kfree(con);
1026         return length;
1027 }
1028 
1029 static ssize_t sel_write_member(struct file *file, char *buf, size_t size)
1030 {
1031         char *scon = NULL, *tcon = NULL;
1032         u32 ssid, tsid, newsid;
1033         u16 tclass;
1034         ssize_t length;
1035         char *newcon = NULL;
1036         u32 len;
1037 
1038         length = task_has_security(current, SECURITY__COMPUTE_MEMBER);
1039         if (length)
1040                 goto out;
1041 
1042         length = -ENOMEM;
1043         scon = kzalloc(size + 1, GFP_KERNEL);
1044         if (!scon)
1045                 goto out;
1046 
1047         length = -ENOMEM;
1048         tcon = kzalloc(size + 1, GFP_KERNEL);
1049         if (!tcon)
1050                 goto out;
1051 
1052         length = -EINVAL;
1053         if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
1054                 goto out;
1055 
1056         length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
1057         if (length)
1058                 goto out;
1059 
1060         length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
1061         if (length)
1062                 goto out;
1063 
1064         length = security_member_sid(ssid, tsid, tclass, &newsid);
1065         if (length)
1066                 goto out;
1067 
1068         length = security_sid_to_context(newsid, &newcon, &len);
1069         if (length)
1070                 goto out;
1071 
1072         length = -ERANGE;
1073         if (len > SIMPLE_TRANSACTION_LIMIT) {
1074                 printk(KERN_ERR "SELinux: %s:  context size (%u) exceeds "
1075                         "payload max\n", __func__, len);
1076                 goto out;
1077         }
1078 
1079         memcpy(buf, newcon, len);
1080         length = len;
1081 out:
1082         kfree(newcon);
1083         kfree(tcon);
1084         kfree(scon);
1085         return length;
1086 }
1087 
1088 static struct inode *sel_make_inode(struct super_block *sb, int mode)
1089 {
1090         struct inode *ret = new_inode(sb);
1091 
1092         if (ret) {
1093                 ret->i_mode = mode;
1094                 ret->i_atime = ret->i_mtime = ret->i_ctime = current_time(ret);
1095         }
1096         return ret;
1097 }
1098 
1099 static ssize_t sel_read_bool(struct file *filep, char __user *buf,
1100                              size_t count, loff_t *ppos)
1101 {
1102         char *page = NULL;
1103         ssize_t length;
1104         ssize_t ret;
1105         int cur_enforcing;
1106         unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
1107         const char *name = filep->f_path.dentry->d_name.name;
1108 
1109         mutex_lock(&sel_mutex);
1110 
1111         ret = -EINVAL;
1112         if (index >= bool_num || strcmp(name, bool_pending_names[index]))
1113                 goto out;
1114 
1115         ret = -ENOMEM;
1116         page = (char *)get_zeroed_page(GFP_KERNEL);
1117         if (!page)
1118                 goto out;
1119 
1120         cur_enforcing = security_get_bool_value(index);
1121         if (cur_enforcing < 0) {
1122                 ret = cur_enforcing;
1123                 goto out;
1124         }
1125         length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing,
1126                           bool_pending_values[index]);
1127         ret = simple_read_from_buffer(buf, count, ppos, page, length);
1128 out:
1129         mutex_unlock(&sel_mutex);
1130         free_page((unsigned long)page);
1131         return ret;
1132 }
1133 
1134 static ssize_t sel_write_bool(struct file *filep, const char __user *buf,
1135                               size_t count, loff_t *ppos)
1136 {
1137         char *page = NULL;
1138         ssize_t length;
1139         int new_value;
1140         unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
1141         const char *name = filep->f_path.dentry->d_name.name;
1142 
1143         mutex_lock(&sel_mutex);
1144 
1145         length = task_has_security(current, SECURITY__SETBOOL);
1146         if (length)
1147                 goto out;
1148 
1149         length = -EINVAL;
1150         if (index >= bool_num || strcmp(name, bool_pending_names[index]))
1151                 goto out;
1152 
1153         length = -ENOMEM;
1154         if (count >= PAGE_SIZE)
1155                 goto out;
1156 
1157         /* No partial writes. */
1158         length = -EINVAL;
1159         if (*ppos != 0)
1160                 goto out;
1161 
1162         page = memdup_user_nul(buf, count);
1163         if (IS_ERR(page)) {
1164                 length = PTR_ERR(page);
1165                 page = NULL;
1166                 goto out;
1167         }
1168 
1169         length = -EINVAL;
1170         if (sscanf(page, "%d", &new_value) != 1)
1171                 goto out;
1172 
1173         if (new_value)
1174                 new_value = 1;
1175 
1176         bool_pending_values[index] = new_value;
1177         length = count;
1178 
1179 out:
1180         mutex_unlock(&sel_mutex);
1181         kfree(page);
1182         return length;
1183 }
1184 
1185 static const struct file_operations sel_bool_ops = {
1186         .read           = sel_read_bool,
1187         .write          = sel_write_bool,
1188         .llseek         = generic_file_llseek,
1189 };
1190 
1191 static ssize_t sel_commit_bools_write(struct file *filep,
1192                                       const char __user *buf,
1193                                       size_t count, loff_t *ppos)
1194 {
1195         char *page = NULL;
1196         ssize_t length;
1197         int new_value;
1198 
1199         mutex_lock(&sel_mutex);
1200 
1201         length = task_has_security(current, SECURITY__SETBOOL);
1202         if (length)
1203                 goto out;
1204 
1205         length = -ENOMEM;
1206         if (count >= PAGE_SIZE)
1207                 goto out;
1208 
1209         /* No partial writes. */
1210         length = -EINVAL;
1211         if (*ppos != 0)
1212                 goto out;
1213 
1214         page = memdup_user_nul(buf, count);
1215         if (IS_ERR(page)) {
1216                 length = PTR_ERR(page);
1217                 page = NULL;
1218                 goto out;
1219         }
1220 
1221         length = -EINVAL;
1222         if (sscanf(page, "%d", &new_value) != 1)
1223                 goto out;
1224 
1225         length = 0;
1226         if (new_value && bool_pending_values)
1227                 length = security_set_bools(bool_num, bool_pending_values);
1228 
1229         if (!length)
1230                 length = count;
1231 
1232 out:
1233         mutex_unlock(&sel_mutex);
1234         kfree(page);
1235         return length;
1236 }
1237 
1238 static const struct file_operations sel_commit_bools_ops = {
1239         .write          = sel_commit_bools_write,
1240         .llseek         = generic_file_llseek,
1241 };
1242 
1243 static void sel_remove_entries(struct dentry *de)
1244 {
1245         d_genocide(de);
1246         shrink_dcache_parent(de);
1247 }
1248 
1249 #define BOOL_DIR_NAME "booleans"
1250 
1251 static int sel_make_bools(void)
1252 {
1253         int i, ret;
1254         ssize_t len;
1255         struct dentry *dentry = NULL;
1256         struct dentry *dir = bool_dir;
1257         struct inode *inode = NULL;
1258         struct inode_security_struct *isec;
1259         char **names = NULL, *page;
1260         int num;
1261         int *values = NULL;
1262         u32 sid;
1263 
1264         /* remove any existing files */
1265         for (i = 0; i < bool_num; i++)
1266                 kfree(bool_pending_names[i]);
1267         kfree(bool_pending_names);
1268         kfree(bool_pending_values);
1269         bool_num = 0;
1270         bool_pending_names = NULL;
1271         bool_pending_values = NULL;
1272 
1273         sel_remove_entries(dir);
1274 
1275         ret = -ENOMEM;
1276         page = (char *)get_zeroed_page(GFP_KERNEL);
1277         if (!page)
1278                 goto out;
1279 
1280         ret = security_get_bools(&num, &names, &values);
1281         if (ret)
1282                 goto out;
1283 
1284         for (i = 0; i < num; i++) {
1285                 ret = -ENOMEM;
1286                 dentry = d_alloc_name(dir, names[i]);
1287                 if (!dentry)
1288                         goto out;
1289 
1290                 ret = -ENOMEM;
1291                 inode = sel_make_inode(dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR);
1292                 if (!inode)
1293                         goto out;
1294 
1295                 ret = -ENAMETOOLONG;
1296                 len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]);
1297                 if (len >= PAGE_SIZE)
1298                         goto out;
1299 
1300                 isec = (struct inode_security_struct *)inode->i_security;
1301                 ret = security_genfs_sid("selinuxfs", page, SECCLASS_FILE, &sid);
1302                 if (ret)
1303                         goto out;
1304 
1305                 isec->sid = sid;
1306                 isec->initialized = LABEL_INITIALIZED;
1307                 inode->i_fop = &sel_bool_ops;
1308                 inode->i_ino = i|SEL_BOOL_INO_OFFSET;
1309                 d_add(dentry, inode);
1310         }
1311         bool_num = num;
1312         bool_pending_names = names;
1313         bool_pending_values = values;
1314 
1315         free_page((unsigned long)page);
1316         return 0;
1317 out:
1318         free_page((unsigned long)page);
1319 
1320         if (names) {
1321                 for (i = 0; i < num; i++)
1322                         kfree(names[i]);
1323                 kfree(names);
1324         }
1325         kfree(values);
1326         sel_remove_entries(dir);
1327 
1328         return ret;
1329 }
1330 
1331 #define NULL_FILE_NAME "null"
1332 
1333 struct path selinux_null;
1334 
1335 static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf,
1336                                             size_t count, loff_t *ppos)
1337 {
1338         char tmpbuf[TMPBUFLEN];
1339         ssize_t length;
1340 
1341         length = scnprintf(tmpbuf, TMPBUFLEN, "%u", avc_cache_threshold);
1342         return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
1343 }
1344 
1345 static ssize_t sel_write_avc_cache_threshold(struct file *file,
1346                                              const char __user *buf,
1347                                              size_t count, loff_t *ppos)
1348 
1349 {
1350         char *page;
1351         ssize_t ret;
1352         unsigned int new_value;
1353 
1354         ret = task_has_security(current, SECURITY__SETSECPARAM);
1355         if (ret)
1356                 return ret;
1357 
1358         if (count >= PAGE_SIZE)
1359                 return -ENOMEM;
1360 
1361         /* No partial writes. */
1362         if (*ppos != 0)
1363                 return -EINVAL;
1364 
1365         page = memdup_user_nul(buf, count);
1366         if (IS_ERR(page))
1367                 return PTR_ERR(page);
1368 
1369         ret = -EINVAL;
1370         if (sscanf(page, "%u", &new_value) != 1)
1371                 goto out;
1372 
1373         avc_cache_threshold = new_value;
1374 
1375         ret = count;
1376 out:
1377         kfree(page);
1378         return ret;
1379 }
1380 
1381 static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf,
1382                                        size_t count, loff_t *ppos)
1383 {
1384         char *page;
1385         ssize_t length;
1386 
1387         page = (char *)__get_free_page(GFP_KERNEL);
1388         if (!page)
1389                 return -ENOMEM;
1390 
1391         length = avc_get_hash_stats(page);
1392         if (length >= 0)
1393                 length = simple_read_from_buffer(buf, count, ppos, page, length);
1394         free_page((unsigned long)page);
1395 
1396         return length;
1397 }
1398 
1399 static const struct file_operations sel_avc_cache_threshold_ops = {
1400         .read           = sel_read_avc_cache_threshold,
1401         .write          = sel_write_avc_cache_threshold,
1402         .llseek         = generic_file_llseek,
1403 };
1404 
1405 static const struct file_operations sel_avc_hash_stats_ops = {
1406         .read           = sel_read_avc_hash_stats,
1407         .llseek         = generic_file_llseek,
1408 };
1409 
1410 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
1411 static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx)
1412 {
1413         int cpu;
1414 
1415         for (cpu = *idx; cpu < nr_cpu_ids; ++cpu) {
1416                 if (!cpu_possible(cpu))
1417                         continue;
1418                 *idx = cpu + 1;
1419                 return &per_cpu(avc_cache_stats, cpu);
1420         }
1421         return NULL;
1422 }
1423 
1424 static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos)
1425 {
1426         loff_t n = *pos - 1;
1427 
1428         if (*pos == 0)
1429                 return SEQ_START_TOKEN;
1430 
1431         return sel_avc_get_stat_idx(&n);
1432 }
1433 
1434 static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1435 {
1436         return sel_avc_get_stat_idx(pos);
1437 }
1438 
1439 static int sel_avc_stats_seq_show(struct seq_file *seq, void *v)
1440 {
1441         struct avc_cache_stats *st = v;
1442 
1443         if (v == SEQ_START_TOKEN)
1444                 seq_printf(seq, "lookups hits misses allocations reclaims "
1445                            "frees\n");
1446         else {
1447                 unsigned int lookups = st->lookups;
1448                 unsigned int misses = st->misses;
1449                 unsigned int hits = lookups - misses;
1450                 seq_printf(seq, "%u %u %u %u %u %u\n", lookups,
1451                            hits, misses, st->allocations,
1452                            st->reclaims, st->frees);
1453         }
1454         return 0;
1455 }
1456 
1457 static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v)
1458 { }
1459 
1460 static const struct seq_operations sel_avc_cache_stats_seq_ops = {
1461         .start          = sel_avc_stats_seq_start,
1462         .next           = sel_avc_stats_seq_next,
1463         .show           = sel_avc_stats_seq_show,
1464         .stop           = sel_avc_stats_seq_stop,
1465 };
1466 
1467 static int sel_open_avc_cache_stats(struct inode *inode, struct file *file)
1468 {
1469         return seq_open(file, &sel_avc_cache_stats_seq_ops);
1470 }
1471 
1472 static const struct file_operations sel_avc_cache_stats_ops = {
1473         .open           = sel_open_avc_cache_stats,
1474         .read           = seq_read,
1475         .llseek         = seq_lseek,
1476         .release        = seq_release,
1477 };
1478 #endif
1479 
1480 static int sel_make_avc_files(struct dentry *dir)
1481 {
1482         int i;
1483         static struct tree_descr files[] = {
1484                 { "cache_threshold",
1485                   &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR },
1486                 { "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO },
1487 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
1488                 { "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO },
1489 #endif
1490         };
1491 
1492         for (i = 0; i < ARRAY_SIZE(files); i++) {
1493                 struct inode *inode;
1494                 struct dentry *dentry;
1495 
1496                 dentry = d_alloc_name(dir, files[i].name);
1497                 if (!dentry)
1498                         return -ENOMEM;
1499 
1500                 inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode);
1501                 if (!inode)
1502                         return -ENOMEM;
1503 
1504                 inode->i_fop = files[i].ops;
1505                 inode->i_ino = ++sel_last_ino;
1506                 d_add(dentry, inode);
1507         }
1508 
1509         return 0;
1510 }
1511 
1512 static ssize_t sel_read_initcon(struct file *file, char __user *buf,
1513                                 size_t count, loff_t *ppos)
1514 {
1515         char *con;
1516         u32 sid, len;
1517         ssize_t ret;
1518 
1519         sid = file_inode(file)->i_ino&SEL_INO_MASK;
1520         ret = security_sid_to_context(sid, &con, &len);
1521         if (ret)
1522                 return ret;
1523 
1524         ret = simple_read_from_buffer(buf, count, ppos, con, len);
1525         kfree(con);
1526         return ret;
1527 }
1528 
1529 static const struct file_operations sel_initcon_ops = {
1530         .read           = sel_read_initcon,
1531         .llseek         = generic_file_llseek,
1532 };
1533 
1534 static int sel_make_initcon_files(struct dentry *dir)
1535 {
1536         int i;
1537 
1538         for (i = 1; i <= SECINITSID_NUM; i++) {
1539                 struct inode *inode;
1540                 struct dentry *dentry;
1541                 dentry = d_alloc_name(dir, security_get_initial_sid_context(i));
1542                 if (!dentry)
1543                         return -ENOMEM;
1544 
1545                 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1546                 if (!inode)
1547                         return -ENOMEM;
1548 
1549                 inode->i_fop = &sel_initcon_ops;
1550                 inode->i_ino = i|SEL_INITCON_INO_OFFSET;
1551                 d_add(dentry, inode);
1552         }
1553 
1554         return 0;
1555 }
1556 
1557 static inline unsigned long sel_class_to_ino(u16 class)
1558 {
1559         return (class * (SEL_VEC_MAX + 1)) | SEL_CLASS_INO_OFFSET;
1560 }
1561 
1562 static inline u16 sel_ino_to_class(unsigned long ino)
1563 {
1564         return (ino & SEL_INO_MASK) / (SEL_VEC_MAX + 1);
1565 }
1566 
1567 static inline unsigned long sel_perm_to_ino(u16 class, u32 perm)
1568 {
1569         return (class * (SEL_VEC_MAX + 1) + perm) | SEL_CLASS_INO_OFFSET;
1570 }
1571 
1572 static inline u32 sel_ino_to_perm(unsigned long ino)
1573 {
1574         return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1);
1575 }
1576 
1577 static ssize_t sel_read_class(struct file *file, char __user *buf,
1578                                 size_t count, loff_t *ppos)
1579 {
1580         unsigned long ino = file_inode(file)->i_ino;
1581         char res[TMPBUFLEN];
1582         ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_class(ino));
1583         return simple_read_from_buffer(buf, count, ppos, res, len);
1584 }
1585 
1586 static const struct file_operations sel_class_ops = {
1587         .read           = sel_read_class,
1588         .llseek         = generic_file_llseek,
1589 };
1590 
1591 static ssize_t sel_read_perm(struct file *file, char __user *buf,
1592                                 size_t count, loff_t *ppos)
1593 {
1594         unsigned long ino = file_inode(file)->i_ino;
1595         char res[TMPBUFLEN];
1596         ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino));
1597         return simple_read_from_buffer(buf, count, ppos, res, len);
1598 }
1599 
1600 static const struct file_operations sel_perm_ops = {
1601         .read           = sel_read_perm,
1602         .llseek         = generic_file_llseek,
1603 };
1604 
1605 static ssize_t sel_read_policycap(struct file *file, char __user *buf,
1606                                   size_t count, loff_t *ppos)
1607 {
1608         int value;
1609         char tmpbuf[TMPBUFLEN];
1610         ssize_t length;
1611         unsigned long i_ino = file_inode(file)->i_ino;
1612 
1613         value = security_policycap_supported(i_ino & SEL_INO_MASK);
1614         length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value);
1615 
1616         return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
1617 }
1618 
1619 static const struct file_operations sel_policycap_ops = {
1620         .read           = sel_read_policycap,
1621         .llseek         = generic_file_llseek,
1622 };
1623 
1624 static int sel_make_perm_files(char *objclass, int classvalue,
1625                                 struct dentry *dir)
1626 {
1627         int i, rc, nperms;
1628         char **perms;
1629 
1630         rc = security_get_permissions(objclass, &perms, &nperms);
1631         if (rc)
1632                 return rc;
1633 
1634         for (i = 0; i < nperms; i++) {
1635                 struct inode *inode;
1636                 struct dentry *dentry;
1637 
1638                 rc = -ENOMEM;
1639                 dentry = d_alloc_name(dir, perms[i]);
1640                 if (!dentry)
1641                         goto out;
1642 
1643                 rc = -ENOMEM;
1644                 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1645                 if (!inode)
1646                         goto out;
1647 
1648                 inode->i_fop = &sel_perm_ops;
1649                 /* i+1 since perm values are 1-indexed */
1650                 inode->i_ino = sel_perm_to_ino(classvalue, i + 1);
1651                 d_add(dentry, inode);
1652         }
1653         rc = 0;
1654 out:
1655         for (i = 0; i < nperms; i++)
1656                 kfree(perms[i]);
1657         kfree(perms);
1658         return rc;
1659 }
1660 
1661 static int sel_make_class_dir_entries(char *classname, int index,
1662                                         struct dentry *dir)
1663 {
1664         struct dentry *dentry = NULL;
1665         struct inode *inode = NULL;
1666         int rc;
1667 
1668         dentry = d_alloc_name(dir, "index");
1669         if (!dentry)
1670                 return -ENOMEM;
1671 
1672         inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1673         if (!inode)
1674                 return -ENOMEM;
1675 
1676         inode->i_fop = &sel_class_ops;
1677         inode->i_ino = sel_class_to_ino(index);
1678         d_add(dentry, inode);
1679 
1680         dentry = sel_make_dir(dir, "perms", &last_class_ino);
1681         if (IS_ERR(dentry))
1682                 return PTR_ERR(dentry);
1683 
1684         rc = sel_make_perm_files(classname, index, dentry);
1685 
1686         return rc;
1687 }
1688 
1689 static int sel_make_classes(void)
1690 {
1691         int rc, nclasses, i;
1692         char **classes;
1693 
1694         /* delete any existing entries */
1695         sel_remove_entries(class_dir);
1696 
1697         rc = security_get_classes(&classes, &nclasses);
1698         if (rc)
1699                 return rc;
1700 
1701         /* +2 since classes are 1-indexed */
1702         last_class_ino = sel_class_to_ino(nclasses + 2);
1703 
1704         for (i = 0; i < nclasses; i++) {
1705                 struct dentry *class_name_dir;
1706 
1707                 class_name_dir = sel_make_dir(class_dir, classes[i],
1708                                 &last_class_ino);
1709                 if (IS_ERR(class_name_dir)) {
1710                         rc = PTR_ERR(class_name_dir);
1711                         goto out;
1712                 }
1713 
1714                 /* i+1 since class values are 1-indexed */
1715                 rc = sel_make_class_dir_entries(classes[i], i + 1,
1716                                 class_name_dir);
1717                 if (rc)
1718                         goto out;
1719         }
1720         rc = 0;
1721 out:
1722         for (i = 0; i < nclasses; i++)
1723                 kfree(classes[i]);
1724         kfree(classes);
1725         return rc;
1726 }
1727 
1728 static int sel_make_policycap(void)
1729 {
1730         unsigned int iter;
1731         struct dentry *dentry = NULL;
1732         struct inode *inode = NULL;
1733 
1734         sel_remove_entries(policycap_dir);
1735 
1736         for (iter = 0; iter <= POLICYDB_CAPABILITY_MAX; iter++) {
1737                 if (iter < ARRAY_SIZE(policycap_names))
1738                         dentry = d_alloc_name(policycap_dir,
1739                                               policycap_names[iter]);
1740                 else
1741                         dentry = d_alloc_name(policycap_dir, "unknown");
1742 
1743                 if (dentry == NULL)
1744                         return -ENOMEM;
1745 
1746                 inode = sel_make_inode(policycap_dir->d_sb, S_IFREG | S_IRUGO);
1747                 if (inode == NULL)
1748                         return -ENOMEM;
1749 
1750                 inode->i_fop = &sel_policycap_ops;
1751                 inode->i_ino = iter | SEL_POLICYCAP_INO_OFFSET;
1752                 d_add(dentry, inode);
1753         }
1754 
1755         return 0;
1756 }
1757 
1758 static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
1759                         unsigned long *ino)
1760 {
1761         struct dentry *dentry = d_alloc_name(dir, name);
1762         struct inode *inode;
1763 
1764         if (!dentry)
1765                 return ERR_PTR(-ENOMEM);
1766 
1767         inode = sel_make_inode(dir->d_sb, S_IFDIR | S_IRUGO | S_IXUGO);
1768         if (!inode) {
1769                 dput(dentry);
1770                 return ERR_PTR(-ENOMEM);
1771         }
1772 
1773         inode->i_op = &simple_dir_inode_operations;
1774         inode->i_fop = &simple_dir_operations;
1775         inode->i_ino = ++(*ino);
1776         /* directory inodes start off with i_nlink == 2 (for "." entry) */
1777         inc_nlink(inode);
1778         d_add(dentry, inode);
1779         /* bump link count on parent directory, too */
1780         inc_nlink(d_inode(dir));
1781 
1782         return dentry;
1783 }
1784 
1785 static int sel_fill_super(struct super_block *sb, void *data, int silent)
1786 {
1787         int ret;
1788         struct dentry *dentry;
1789         struct inode *inode;
1790         struct inode_security_struct *isec;
1791 
1792         static struct tree_descr selinux_files[] = {
1793                 [SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR},
1794                 [SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR},
1795                 [SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO},
1796                 [SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO},
1797                 [SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO},
1798                 [SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO},
1799                 [SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO},
1800                 [SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO},
1801                 [SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR},
1802                 [SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO},
1803                 [SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR},
1804                 [SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO},
1805                 [SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR},
1806                 [SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO},
1807                 [SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO},
1808                 [SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO},
1809                 [SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO},
1810                 [SEL_VALIDATE_TRANS] = {"validatetrans", &sel_transition_ops,
1811                                         S_IWUGO},
1812                 /* last one */ {""}
1813         };
1814         ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);
1815         if (ret)
1816                 goto err;
1817 
1818         bool_dir = sel_make_dir(sb->s_root, BOOL_DIR_NAME, &sel_last_ino);
1819         if (IS_ERR(bool_dir)) {
1820                 ret = PTR_ERR(bool_dir);
1821                 bool_dir = NULL;
1822                 goto err;
1823         }
1824 
1825         ret = -ENOMEM;
1826         dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME);
1827         if (!dentry)
1828                 goto err;
1829 
1830         ret = -ENOMEM;
1831         inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO);
1832         if (!inode)
1833                 goto err;
1834 
1835         inode->i_ino = ++sel_last_ino;
1836         isec = (struct inode_security_struct *)inode->i_security;
1837         isec->sid = SECINITSID_DEVNULL;
1838         isec->sclass = SECCLASS_CHR_FILE;
1839         isec->initialized = LABEL_INITIALIZED;
1840 
1841         init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3));
1842         d_add(dentry, inode);
1843         selinux_null.dentry = dentry;
1844 
1845         dentry = sel_make_dir(sb->s_root, "avc", &sel_last_ino);
1846         if (IS_ERR(dentry)) {
1847                 ret = PTR_ERR(dentry);
1848                 goto err;
1849         }
1850 
1851         ret = sel_make_avc_files(dentry);
1852         if (ret)
1853                 goto err;
1854 
1855         dentry = sel_make_dir(sb->s_root, "initial_contexts", &sel_last_ino);
1856         if (IS_ERR(dentry)) {
1857                 ret = PTR_ERR(dentry);
1858                 goto err;
1859         }
1860 
1861         ret = sel_make_initcon_files(dentry);
1862         if (ret)
1863                 goto err;
1864 
1865         class_dir = sel_make_dir(sb->s_root, "class", &sel_last_ino);
1866         if (IS_ERR(class_dir)) {
1867                 ret = PTR_ERR(class_dir);
1868                 class_dir = NULL;
1869                 goto err;
1870         }
1871 
1872         policycap_dir = sel_make_dir(sb->s_root, "policy_capabilities", &sel_last_ino);
1873         if (IS_ERR(policycap_dir)) {
1874                 ret = PTR_ERR(policycap_dir);
1875                 policycap_dir = NULL;
1876                 goto err;
1877         }
1878         return 0;
1879 err:
1880         printk(KERN_ERR "SELinux: %s:  failed while creating inodes\n",
1881                 __func__);
1882         return ret;
1883 }
1884 
1885 static struct dentry *sel_mount(struct file_system_type *fs_type,
1886                       int flags, const char *dev_name, void *data)
1887 {
1888         return mount_single(fs_type, flags, data, sel_fill_super);
1889 }
1890 
1891 static struct file_system_type sel_fs_type = {
1892         .name           = "selinuxfs",
1893         .mount          = sel_mount,
1894         .kill_sb        = kill_litter_super,
1895 };
1896 
1897 struct vfsmount *selinuxfs_mount;
1898 
1899 static int __init init_sel_fs(void)
1900 {
1901         int err;
1902 
1903         if (!selinux_enabled)
1904                 return 0;
1905 
1906         err = sysfs_create_mount_point(fs_kobj, "selinux");
1907         if (err)
1908                 return err;
1909 
1910         err = register_filesystem(&sel_fs_type);
1911         if (err) {
1912                 sysfs_remove_mount_point(fs_kobj, "selinux");
1913                 return err;
1914         }
1915 
1916         selinux_null.mnt = selinuxfs_mount = kern_mount(&sel_fs_type);
1917         if (IS_ERR(selinuxfs_mount)) {
1918                 printk(KERN_ERR "selinuxfs:  could not mount!\n");
1919                 err = PTR_ERR(selinuxfs_mount);
1920                 selinuxfs_mount = NULL;
1921         }
1922 
1923         return err;
1924 }
1925 
1926 __initcall(init_sel_fs);
1927 
1928 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
1929 void exit_sel_fs(void)
1930 {
1931         sysfs_remove_mount_point(fs_kobj, "selinux");
1932         kern_unmount(selinuxfs_mount);
1933         unregister_filesystem(&sel_fs_type);
1934 }
1935 #endif
1936 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp