~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/selinux/selinuxfs.c

Version: ~ [ linux-5.6-rc7 ] ~ [ linux-5.5.11 ] ~ [ linux-5.4.27 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.112 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.174 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.217 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.217 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.82 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /* Updated: Karl MacMillan <kmacmillan@tresys.com>
  2  *
  3  *      Added conditional policy language extensions
  4  *
  5  *  Updated: Hewlett-Packard <paul@paul-moore.com>
  6  *
  7  *      Added support for the policy capability bitmap
  8  *
  9  * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
 10  * Copyright (C) 2003 - 2004 Tresys Technology, LLC
 11  * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
 12  *      This program is free software; you can redistribute it and/or modify
 13  *      it under the terms of the GNU General Public License as published by
 14  *      the Free Software Foundation, version 2.
 15  */
 16 
 17 #include <linux/kernel.h>
 18 #include <linux/pagemap.h>
 19 #include <linux/slab.h>
 20 #include <linux/vmalloc.h>
 21 #include <linux/fs.h>
 22 #include <linux/mutex.h>
 23 #include <linux/init.h>
 24 #include <linux/string.h>
 25 #include <linux/security.h>
 26 #include <linux/major.h>
 27 #include <linux/seq_file.h>
 28 #include <linux/percpu.h>
 29 #include <linux/audit.h>
 30 #include <linux/uaccess.h>
 31 #include <linux/kobject.h>
 32 #include <linux/ctype.h>
 33 
 34 /* selinuxfs pseudo filesystem for exporting the security policy API.
 35    Based on the proc code and the fs/nfsd/nfsctl.c code. */
 36 
 37 #include "flask.h"
 38 #include "avc.h"
 39 #include "avc_ss.h"
 40 #include "security.h"
 41 #include "objsec.h"
 42 #include "conditional.h"
 43 
 44 /* Policy capability filenames */
 45 static char *policycap_names[] = {
 46         "network_peer_controls",
 47         "open_perms",
 48         "redhat1",
 49         "always_check_network"
 50 };
 51 
 52 unsigned int selinux_checkreqprot = CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE;
 53 
 54 static int __init checkreqprot_setup(char *str)
 55 {
 56         unsigned long checkreqprot;
 57         if (!kstrtoul(str, 0, &checkreqprot))
 58                 selinux_checkreqprot = checkreqprot ? 1 : 0;
 59         return 1;
 60 }
 61 __setup("checkreqprot=", checkreqprot_setup);
 62 
 63 static DEFINE_MUTEX(sel_mutex);
 64 
 65 /* global data for booleans */
 66 static struct dentry *bool_dir;
 67 static int bool_num;
 68 static char **bool_pending_names;
 69 static int *bool_pending_values;
 70 
 71 /* global data for classes */
 72 static struct dentry *class_dir;
 73 static unsigned long last_class_ino;
 74 
 75 static char policy_opened;
 76 
 77 /* global data for policy capabilities */
 78 static struct dentry *policycap_dir;
 79 
 80 /* Check whether a task is allowed to use a security operation. */
 81 static int task_has_security(struct task_struct *tsk,
 82                              u32 perms)
 83 {
 84         const struct task_security_struct *tsec;
 85         u32 sid = 0;
 86 
 87         rcu_read_lock();
 88         tsec = __task_cred(tsk)->security;
 89         if (tsec)
 90                 sid = tsec->sid;
 91         rcu_read_unlock();
 92         if (!tsec)
 93                 return -EACCES;
 94 
 95         return avc_has_perm(sid, SECINITSID_SECURITY,
 96                             SECCLASS_SECURITY, perms, NULL);
 97 }
 98 
 99 enum sel_inos {
100         SEL_ROOT_INO = 2,
101         SEL_LOAD,       /* load policy */
102         SEL_ENFORCE,    /* get or set enforcing status */
103         SEL_CONTEXT,    /* validate context */
104         SEL_ACCESS,     /* compute access decision */
105         SEL_CREATE,     /* compute create labeling decision */
106         SEL_RELABEL,    /* compute relabeling decision */
107         SEL_USER,       /* compute reachable user contexts */
108         SEL_POLICYVERS, /* return policy version for this kernel */
109         SEL_COMMIT_BOOLS, /* commit new boolean values */
110         SEL_MLS,        /* return if MLS policy is enabled */
111         SEL_DISABLE,    /* disable SELinux until next reboot */
112         SEL_MEMBER,     /* compute polyinstantiation membership decision */
113         SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */
114         SEL_COMPAT_NET, /* whether to use old compat network packet controls */
115         SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */
116         SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */
117         SEL_STATUS,     /* export current status using mmap() */
118         SEL_POLICY,     /* allow userspace to read the in kernel policy */
119         SEL_VALIDATE_TRANS, /* compute validatetrans decision */
120         SEL_INO_NEXT,   /* The next inode number to use */
121 };
122 
123 static unsigned long sel_last_ino = SEL_INO_NEXT - 1;
124 
125 #define SEL_INITCON_INO_OFFSET          0x01000000
126 #define SEL_BOOL_INO_OFFSET             0x02000000
127 #define SEL_CLASS_INO_OFFSET            0x04000000
128 #define SEL_POLICYCAP_INO_OFFSET        0x08000000
129 #define SEL_INO_MASK                    0x00ffffff
130 
131 #define TMPBUFLEN       12
132 static ssize_t sel_read_enforce(struct file *filp, char __user *buf,
133                                 size_t count, loff_t *ppos)
134 {
135         char tmpbuf[TMPBUFLEN];
136         ssize_t length;
137 
138         length = scnprintf(tmpbuf, TMPBUFLEN, "%d", selinux_enforcing);
139         return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
140 }
141 
142 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
143 static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
144                                  size_t count, loff_t *ppos)
145 
146 {
147         char *page = NULL;
148         ssize_t length;
149         int new_value;
150 
151         if (count >= PAGE_SIZE)
152                 return -ENOMEM;
153 
154         /* No partial writes. */
155         if (*ppos != 0)
156                 return -EINVAL;
157 
158         page = memdup_user_nul(buf, count);
159         if (IS_ERR(page))
160                 return PTR_ERR(page);
161 
162         length = -EINVAL;
163         if (sscanf(page, "%d", &new_value) != 1)
164                 goto out;
165 
166         if (new_value != selinux_enforcing) {
167                 length = task_has_security(current, SECURITY__SETENFORCE);
168                 if (length)
169                         goto out;
170                 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
171                         "enforcing=%d old_enforcing=%d auid=%u ses=%u",
172                         new_value, selinux_enforcing,
173                         from_kuid(&init_user_ns, audit_get_loginuid(current)),
174                         audit_get_sessionid(current));
175                 selinux_enforcing = new_value;
176                 if (selinux_enforcing)
177                         avc_ss_reset(0);
178                 selnl_notify_setenforce(selinux_enforcing);
179                 selinux_status_update_setenforce(selinux_enforcing);
180         }
181         length = count;
182 out:
183         kfree(page);
184         return length;
185 }
186 #else
187 #define sel_write_enforce NULL
188 #endif
189 
190 static const struct file_operations sel_enforce_ops = {
191         .read           = sel_read_enforce,
192         .write          = sel_write_enforce,
193         .llseek         = generic_file_llseek,
194 };
195 
196 static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf,
197                                         size_t count, loff_t *ppos)
198 {
199         char tmpbuf[TMPBUFLEN];
200         ssize_t length;
201         ino_t ino = file_inode(filp)->i_ino;
202         int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ?
203                 security_get_reject_unknown() : !security_get_allow_unknown();
204 
205         length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown);
206         return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
207 }
208 
209 static const struct file_operations sel_handle_unknown_ops = {
210         .read           = sel_read_handle_unknown,
211         .llseek         = generic_file_llseek,
212 };
213 
214 static int sel_open_handle_status(struct inode *inode, struct file *filp)
215 {
216         struct page    *status = selinux_kernel_status_page();
217 
218         if (!status)
219                 return -ENOMEM;
220 
221         filp->private_data = status;
222 
223         return 0;
224 }
225 
226 static ssize_t sel_read_handle_status(struct file *filp, char __user *buf,
227                                       size_t count, loff_t *ppos)
228 {
229         struct page    *status = filp->private_data;
230 
231         BUG_ON(!status);
232 
233         return simple_read_from_buffer(buf, count, ppos,
234                                        page_address(status),
235                                        sizeof(struct selinux_kernel_status));
236 }
237 
238 static int sel_mmap_handle_status(struct file *filp,
239                                   struct vm_area_struct *vma)
240 {
241         struct page    *status = filp->private_data;
242         unsigned long   size = vma->vm_end - vma->vm_start;
243 
244         BUG_ON(!status);
245 
246         /* only allows one page from the head */
247         if (vma->vm_pgoff > 0 || size != PAGE_SIZE)
248                 return -EIO;
249         /* disallow writable mapping */
250         if (vma->vm_flags & VM_WRITE)
251                 return -EPERM;
252         /* disallow mprotect() turns it into writable */
253         vma->vm_flags &= ~VM_MAYWRITE;
254 
255         return remap_pfn_range(vma, vma->vm_start,
256                                page_to_pfn(status),
257                                size, vma->vm_page_prot);
258 }
259 
260 static const struct file_operations sel_handle_status_ops = {
261         .open           = sel_open_handle_status,
262         .read           = sel_read_handle_status,
263         .mmap           = sel_mmap_handle_status,
264         .llseek         = generic_file_llseek,
265 };
266 
267 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
268 static ssize_t sel_write_disable(struct file *file, const char __user *buf,
269                                  size_t count, loff_t *ppos)
270 
271 {
272         char *page;
273         ssize_t length;
274         int new_value;
275 
276         if (count >= PAGE_SIZE)
277                 return -ENOMEM;
278 
279         /* No partial writes. */
280         if (*ppos != 0)
281                 return -EINVAL;
282 
283         page = memdup_user_nul(buf, count);
284         if (IS_ERR(page))
285                 return PTR_ERR(page);
286 
287         length = -EINVAL;
288         if (sscanf(page, "%d", &new_value) != 1)
289                 goto out;
290 
291         if (new_value) {
292                 length = selinux_disable();
293                 if (length)
294                         goto out;
295                 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
296                         "selinux=0 auid=%u ses=%u",
297                         from_kuid(&init_user_ns, audit_get_loginuid(current)),
298                         audit_get_sessionid(current));
299         }
300 
301         length = count;
302 out:
303         kfree(page);
304         return length;
305 }
306 #else
307 #define sel_write_disable NULL
308 #endif
309 
310 static const struct file_operations sel_disable_ops = {
311         .write          = sel_write_disable,
312         .llseek         = generic_file_llseek,
313 };
314 
315 static ssize_t sel_read_policyvers(struct file *filp, char __user *buf,
316                                    size_t count, loff_t *ppos)
317 {
318         char tmpbuf[TMPBUFLEN];
319         ssize_t length;
320 
321         length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX);
322         return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
323 }
324 
325 static const struct file_operations sel_policyvers_ops = {
326         .read           = sel_read_policyvers,
327         .llseek         = generic_file_llseek,
328 };
329 
330 /* declaration for sel_write_load */
331 static int sel_make_bools(void);
332 static int sel_make_classes(void);
333 static int sel_make_policycap(void);
334 
335 /* declaration for sel_make_class_dirs */
336 static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
337                         unsigned long *ino);
338 
339 static ssize_t sel_read_mls(struct file *filp, char __user *buf,
340                                 size_t count, loff_t *ppos)
341 {
342         char tmpbuf[TMPBUFLEN];
343         ssize_t length;
344 
345         length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
346                            security_mls_enabled());
347         return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
348 }
349 
350 static const struct file_operations sel_mls_ops = {
351         .read           = sel_read_mls,
352         .llseek         = generic_file_llseek,
353 };
354 
355 struct policy_load_memory {
356         size_t len;
357         void *data;
358 };
359 
360 static int sel_open_policy(struct inode *inode, struct file *filp)
361 {
362         struct policy_load_memory *plm = NULL;
363         int rc;
364 
365         BUG_ON(filp->private_data);
366 
367         mutex_lock(&sel_mutex);
368 
369         rc = task_has_security(current, SECURITY__READ_POLICY);
370         if (rc)
371                 goto err;
372 
373         rc = -EBUSY;
374         if (policy_opened)
375                 goto err;
376 
377         rc = -ENOMEM;
378         plm = kzalloc(sizeof(*plm), GFP_KERNEL);
379         if (!plm)
380                 goto err;
381 
382         if (i_size_read(inode) != security_policydb_len()) {
383                 inode_lock(inode);
384                 i_size_write(inode, security_policydb_len());
385                 inode_unlock(inode);
386         }
387 
388         rc = security_read_policy(&plm->data, &plm->len);
389         if (rc)
390                 goto err;
391 
392         policy_opened = 1;
393 
394         filp->private_data = plm;
395 
396         mutex_unlock(&sel_mutex);
397 
398         return 0;
399 err:
400         mutex_unlock(&sel_mutex);
401 
402         if (plm)
403                 vfree(plm->data);
404         kfree(plm);
405         return rc;
406 }
407 
408 static int sel_release_policy(struct inode *inode, struct file *filp)
409 {
410         struct policy_load_memory *plm = filp->private_data;
411 
412         BUG_ON(!plm);
413 
414         policy_opened = 0;
415 
416         vfree(plm->data);
417         kfree(plm);
418 
419         return 0;
420 }
421 
422 static ssize_t sel_read_policy(struct file *filp, char __user *buf,
423                                size_t count, loff_t *ppos)
424 {
425         struct policy_load_memory *plm = filp->private_data;
426         int ret;
427 
428         mutex_lock(&sel_mutex);
429 
430         ret = task_has_security(current, SECURITY__READ_POLICY);
431         if (ret)
432                 goto out;
433 
434         ret = simple_read_from_buffer(buf, count, ppos, plm->data, plm->len);
435 out:
436         mutex_unlock(&sel_mutex);
437         return ret;
438 }
439 
440 static int sel_mmap_policy_fault(struct vm_area_struct *vma,
441                                  struct vm_fault *vmf)
442 {
443         struct policy_load_memory *plm = vma->vm_file->private_data;
444         unsigned long offset;
445         struct page *page;
446 
447         if (vmf->flags & (FAULT_FLAG_MKWRITE | FAULT_FLAG_WRITE))
448                 return VM_FAULT_SIGBUS;
449 
450         offset = vmf->pgoff << PAGE_SHIFT;
451         if (offset >= roundup(plm->len, PAGE_SIZE))
452                 return VM_FAULT_SIGBUS;
453 
454         page = vmalloc_to_page(plm->data + offset);
455         get_page(page);
456 
457         vmf->page = page;
458 
459         return 0;
460 }
461 
462 static const struct vm_operations_struct sel_mmap_policy_ops = {
463         .fault = sel_mmap_policy_fault,
464         .page_mkwrite = sel_mmap_policy_fault,
465 };
466 
467 static int sel_mmap_policy(struct file *filp, struct vm_area_struct *vma)
468 {
469         if (vma->vm_flags & VM_SHARED) {
470                 /* do not allow mprotect to make mapping writable */
471                 vma->vm_flags &= ~VM_MAYWRITE;
472 
473                 if (vma->vm_flags & VM_WRITE)
474                         return -EACCES;
475         }
476 
477         vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP;
478         vma->vm_ops = &sel_mmap_policy_ops;
479 
480         return 0;
481 }
482 
483 static const struct file_operations sel_policy_ops = {
484         .open           = sel_open_policy,
485         .read           = sel_read_policy,
486         .mmap           = sel_mmap_policy,
487         .release        = sel_release_policy,
488         .llseek         = generic_file_llseek,
489 };
490 
491 static ssize_t sel_write_load(struct file *file, const char __user *buf,
492                               size_t count, loff_t *ppos)
493 
494 {
495         ssize_t length;
496         void *data = NULL;
497 
498         mutex_lock(&sel_mutex);
499 
500         length = task_has_security(current, SECURITY__LOAD_POLICY);
501         if (length)
502                 goto out;
503 
504         /* No partial writes. */
505         length = -EINVAL;
506         if (*ppos != 0)
507                 goto out;
508 
509         length = -EFBIG;
510         if (count > 64 * 1024 * 1024)
511                 goto out;
512 
513         length = -ENOMEM;
514         data = vmalloc(count);
515         if (!data)
516                 goto out;
517 
518         length = -EFAULT;
519         if (copy_from_user(data, buf, count) != 0)
520                 goto out;
521 
522         length = security_load_policy(data, count);
523         if (length)
524                 goto out;
525 
526         length = sel_make_bools();
527         if (length)
528                 goto out1;
529 
530         length = sel_make_classes();
531         if (length)
532                 goto out1;
533 
534         length = sel_make_policycap();
535         if (length)
536                 goto out1;
537 
538         length = count;
539 
540 out1:
541         audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
542                 "policy loaded auid=%u ses=%u",
543                 from_kuid(&init_user_ns, audit_get_loginuid(current)),
544                 audit_get_sessionid(current));
545 out:
546         mutex_unlock(&sel_mutex);
547         vfree(data);
548         return length;
549 }
550 
551 static const struct file_operations sel_load_ops = {
552         .write          = sel_write_load,
553         .llseek         = generic_file_llseek,
554 };
555 
556 static ssize_t sel_write_context(struct file *file, char *buf, size_t size)
557 {
558         char *canon = NULL;
559         u32 sid, len;
560         ssize_t length;
561 
562         length = task_has_security(current, SECURITY__CHECK_CONTEXT);
563         if (length)
564                 goto out;
565 
566         length = security_context_to_sid(buf, size, &sid, GFP_KERNEL);
567         if (length)
568                 goto out;
569 
570         length = security_sid_to_context(sid, &canon, &len);
571         if (length)
572                 goto out;
573 
574         length = -ERANGE;
575         if (len > SIMPLE_TRANSACTION_LIMIT) {
576                 printk(KERN_ERR "SELinux: %s:  context size (%u) exceeds "
577                         "payload max\n", __func__, len);
578                 goto out;
579         }
580 
581         memcpy(buf, canon, len);
582         length = len;
583 out:
584         kfree(canon);
585         return length;
586 }
587 
588 static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf,
589                                      size_t count, loff_t *ppos)
590 {
591         char tmpbuf[TMPBUFLEN];
592         ssize_t length;
593 
594         length = scnprintf(tmpbuf, TMPBUFLEN, "%u", selinux_checkreqprot);
595         return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
596 }
597 
598 static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
599                                       size_t count, loff_t *ppos)
600 {
601         char *page;
602         ssize_t length;
603         unsigned int new_value;
604 
605         length = task_has_security(current, SECURITY__SETCHECKREQPROT);
606         if (length)
607                 return length;
608 
609         if (count >= PAGE_SIZE)
610                 return -ENOMEM;
611 
612         /* No partial writes. */
613         if (*ppos != 0)
614                 return -EINVAL;
615 
616         page = memdup_user_nul(buf, count);
617         if (IS_ERR(page))
618                 return PTR_ERR(page);
619 
620         length = -EINVAL;
621         if (sscanf(page, "%u", &new_value) != 1)
622                 goto out;
623 
624         selinux_checkreqprot = new_value ? 1 : 0;
625         length = count;
626 out:
627         kfree(page);
628         return length;
629 }
630 static const struct file_operations sel_checkreqprot_ops = {
631         .read           = sel_read_checkreqprot,
632         .write          = sel_write_checkreqprot,
633         .llseek         = generic_file_llseek,
634 };
635 
636 static ssize_t sel_write_validatetrans(struct file *file,
637                                         const char __user *buf,
638                                         size_t count, loff_t *ppos)
639 {
640         char *oldcon = NULL, *newcon = NULL, *taskcon = NULL;
641         char *req = NULL;
642         u32 osid, nsid, tsid;
643         u16 tclass;
644         int rc;
645 
646         rc = task_has_security(current, SECURITY__VALIDATE_TRANS);
647         if (rc)
648                 goto out;
649 
650         rc = -ENOMEM;
651         if (count >= PAGE_SIZE)
652                 goto out;
653 
654         /* No partial writes. */
655         rc = -EINVAL;
656         if (*ppos != 0)
657                 goto out;
658 
659         rc = -ENOMEM;
660         req = kzalloc(count + 1, GFP_KERNEL);
661         if (!req)
662                 goto out;
663 
664         rc = -EFAULT;
665         if (copy_from_user(req, buf, count))
666                 goto out;
667 
668         rc = -ENOMEM;
669         oldcon = kzalloc(count + 1, GFP_KERNEL);
670         if (!oldcon)
671                 goto out;
672 
673         newcon = kzalloc(count + 1, GFP_KERNEL);
674         if (!newcon)
675                 goto out;
676 
677         taskcon = kzalloc(count + 1, GFP_KERNEL);
678         if (!taskcon)
679                 goto out;
680 
681         rc = -EINVAL;
682         if (sscanf(req, "%s %s %hu %s", oldcon, newcon, &tclass, taskcon) != 4)
683                 goto out;
684 
685         rc = security_context_str_to_sid(oldcon, &osid, GFP_KERNEL);
686         if (rc)
687                 goto out;
688 
689         rc = security_context_str_to_sid(newcon, &nsid, GFP_KERNEL);
690         if (rc)
691                 goto out;
692 
693         rc = security_context_str_to_sid(taskcon, &tsid, GFP_KERNEL);
694         if (rc)
695                 goto out;
696 
697         rc = security_validate_transition_user(osid, nsid, tsid, tclass);
698         if (!rc)
699                 rc = count;
700 out:
701         kfree(req);
702         kfree(oldcon);
703         kfree(newcon);
704         kfree(taskcon);
705         return rc;
706 }
707 
708 static const struct file_operations sel_transition_ops = {
709         .write          = sel_write_validatetrans,
710         .llseek         = generic_file_llseek,
711 };
712 
713 /*
714  * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c
715  */
716 static ssize_t sel_write_access(struct file *file, char *buf, size_t size);
717 static ssize_t sel_write_create(struct file *file, char *buf, size_t size);
718 static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size);
719 static ssize_t sel_write_user(struct file *file, char *buf, size_t size);
720 static ssize_t sel_write_member(struct file *file, char *buf, size_t size);
721 
722 static ssize_t (*write_op[])(struct file *, char *, size_t) = {
723         [SEL_ACCESS] = sel_write_access,
724         [SEL_CREATE] = sel_write_create,
725         [SEL_RELABEL] = sel_write_relabel,
726         [SEL_USER] = sel_write_user,
727         [SEL_MEMBER] = sel_write_member,
728         [SEL_CONTEXT] = sel_write_context,
729 };
730 
731 static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos)
732 {
733         ino_t ino = file_inode(file)->i_ino;
734         char *data;
735         ssize_t rv;
736 
737         if (ino >= ARRAY_SIZE(write_op) || !write_op[ino])
738                 return -EINVAL;
739 
740         data = simple_transaction_get(file, buf, size);
741         if (IS_ERR(data))
742                 return PTR_ERR(data);
743 
744         rv = write_op[ino](file, data, size);
745         if (rv > 0) {
746                 simple_transaction_set(file, rv);
747                 rv = size;
748         }
749         return rv;
750 }
751 
752 static const struct file_operations transaction_ops = {
753         .write          = selinux_transaction_write,
754         .read           = simple_transaction_read,
755         .release        = simple_transaction_release,
756         .llseek         = generic_file_llseek,
757 };
758 
759 /*
760  * payload - write methods
761  * If the method has a response, the response should be put in buf,
762  * and the length returned.  Otherwise return 0 or and -error.
763  */
764 
765 static ssize_t sel_write_access(struct file *file, char *buf, size_t size)
766 {
767         char *scon = NULL, *tcon = NULL;
768         u32 ssid, tsid;
769         u16 tclass;
770         struct av_decision avd;
771         ssize_t length;
772 
773         length = task_has_security(current, SECURITY__COMPUTE_AV);
774         if (length)
775                 goto out;
776 
777         length = -ENOMEM;
778         scon = kzalloc(size + 1, GFP_KERNEL);
779         if (!scon)
780                 goto out;
781 
782         length = -ENOMEM;
783         tcon = kzalloc(size + 1, GFP_KERNEL);
784         if (!tcon)
785                 goto out;
786 
787         length = -EINVAL;
788         if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
789                 goto out;
790 
791         length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
792         if (length)
793                 goto out;
794 
795         length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
796         if (length)
797                 goto out;
798 
799         security_compute_av_user(ssid, tsid, tclass, &avd);
800 
801         length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT,
802                           "%x %x %x %x %u %x",
803                           avd.allowed, 0xffffffff,
804                           avd.auditallow, avd.auditdeny,
805                           avd.seqno, avd.flags);
806 out:
807         kfree(tcon);
808         kfree(scon);
809         return length;
810 }
811 
812 static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
813 {
814         char *scon = NULL, *tcon = NULL;
815         char *namebuf = NULL, *objname = NULL;
816         u32 ssid, tsid, newsid;
817         u16 tclass;
818         ssize_t length;
819         char *newcon = NULL;
820         u32 len;
821         int nargs;
822 
823         length = task_has_security(current, SECURITY__COMPUTE_CREATE);
824         if (length)
825                 goto out;
826 
827         length = -ENOMEM;
828         scon = kzalloc(size + 1, GFP_KERNEL);
829         if (!scon)
830                 goto out;
831 
832         length = -ENOMEM;
833         tcon = kzalloc(size + 1, GFP_KERNEL);
834         if (!tcon)
835                 goto out;
836 
837         length = -ENOMEM;
838         namebuf = kzalloc(size + 1, GFP_KERNEL);
839         if (!namebuf)
840                 goto out;
841 
842         length = -EINVAL;
843         nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf);
844         if (nargs < 3 || nargs > 4)
845                 goto out;
846         if (nargs == 4) {
847                 /*
848                  * If and when the name of new object to be queried contains
849                  * either whitespace or multibyte characters, they shall be
850                  * encoded based on the percentage-encoding rule.
851                  * If not encoded, the sscanf logic picks up only left-half
852                  * of the supplied name; splitted by a whitespace unexpectedly.
853                  */
854                 char   *r, *w;
855                 int     c1, c2;
856 
857                 r = w = namebuf;
858                 do {
859                         c1 = *r++;
860                         if (c1 == '+')
861                                 c1 = ' ';
862                         else if (c1 == '%') {
863                                 c1 = hex_to_bin(*r++);
864                                 if (c1 < 0)
865                                         goto out;
866                                 c2 = hex_to_bin(*r++);
867                                 if (c2 < 0)
868                                         goto out;
869                                 c1 = (c1 << 4) | c2;
870                         }
871                         *w++ = c1;
872                 } while (c1 != '\0');
873 
874                 objname = namebuf;
875         }
876 
877         length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
878         if (length)
879                 goto out;
880 
881         length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
882         if (length)
883                 goto out;
884 
885         length = security_transition_sid_user(ssid, tsid, tclass,
886                                               objname, &newsid);
887         if (length)
888                 goto out;
889 
890         length = security_sid_to_context(newsid, &newcon, &len);
891         if (length)
892                 goto out;
893 
894         length = -ERANGE;
895         if (len > SIMPLE_TRANSACTION_LIMIT) {
896                 printk(KERN_ERR "SELinux: %s:  context size (%u) exceeds "
897                         "payload max\n", __func__, len);
898                 goto out;
899         }
900 
901         memcpy(buf, newcon, len);
902         length = len;
903 out:
904         kfree(newcon);
905         kfree(namebuf);
906         kfree(tcon);
907         kfree(scon);
908         return length;
909 }
910 
911 static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size)
912 {
913         char *scon = NULL, *tcon = NULL;
914         u32 ssid, tsid, newsid;
915         u16 tclass;
916         ssize_t length;
917         char *newcon = NULL;
918         u32 len;
919 
920         length = task_has_security(current, SECURITY__COMPUTE_RELABEL);
921         if (length)
922                 goto out;
923 
924         length = -ENOMEM;
925         scon = kzalloc(size + 1, GFP_KERNEL);
926         if (!scon)
927                 goto out;
928 
929         length = -ENOMEM;
930         tcon = kzalloc(size + 1, GFP_KERNEL);
931         if (!tcon)
932                 goto out;
933 
934         length = -EINVAL;
935         if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
936                 goto out;
937 
938         length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
939         if (length)
940                 goto out;
941 
942         length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
943         if (length)
944                 goto out;
945 
946         length = security_change_sid(ssid, tsid, tclass, &newsid);
947         if (length)
948                 goto out;
949 
950         length = security_sid_to_context(newsid, &newcon, &len);
951         if (length)
952                 goto out;
953 
954         length = -ERANGE;
955         if (len > SIMPLE_TRANSACTION_LIMIT)
956                 goto out;
957 
958         memcpy(buf, newcon, len);
959         length = len;
960 out:
961         kfree(newcon);
962         kfree(tcon);
963         kfree(scon);
964         return length;
965 }
966 
967 static ssize_t sel_write_user(struct file *file, char *buf, size_t size)
968 {
969         char *con = NULL, *user = NULL, *ptr;
970         u32 sid, *sids = NULL;
971         ssize_t length;
972         char *newcon;
973         int i, rc;
974         u32 len, nsids;
975 
976         length = task_has_security(current, SECURITY__COMPUTE_USER);
977         if (length)
978                 goto out;
979 
980         length = -ENOMEM;
981         con = kzalloc(size + 1, GFP_KERNEL);
982         if (!con)
983                 goto out;
984 
985         length = -ENOMEM;
986         user = kzalloc(size + 1, GFP_KERNEL);
987         if (!user)
988                 goto out;
989 
990         length = -EINVAL;
991         if (sscanf(buf, "%s %s", con, user) != 2)
992                 goto out;
993 
994         length = security_context_str_to_sid(con, &sid, GFP_KERNEL);
995         if (length)
996                 goto out;
997 
998         length = security_get_user_sids(sid, user, &sids, &nsids);
999         if (length)
1000                 goto out;
1001 
1002         length = sprintf(buf, "%u", nsids) + 1;
1003         ptr = buf + length;
1004         for (i = 0; i < nsids; i++) {
1005                 rc = security_sid_to_context(sids[i], &newcon, &len);
1006                 if (rc) {
1007                         length = rc;
1008                         goto out;
1009                 }
1010                 if ((length + len) >= SIMPLE_TRANSACTION_LIMIT) {
1011                         kfree(newcon);
1012                         length = -ERANGE;
1013                         goto out;
1014                 }
1015                 memcpy(ptr, newcon, len);
1016                 kfree(newcon);
1017                 ptr += len;
1018                 length += len;
1019         }
1020 out:
1021         kfree(sids);
1022         kfree(user);
1023         kfree(con);
1024         return length;
1025 }
1026 
1027 static ssize_t sel_write_member(struct file *file, char *buf, size_t size)
1028 {
1029         char *scon = NULL, *tcon = NULL;
1030         u32 ssid, tsid, newsid;
1031         u16 tclass;
1032         ssize_t length;
1033         char *newcon = NULL;
1034         u32 len;
1035 
1036         length = task_has_security(current, SECURITY__COMPUTE_MEMBER);
1037         if (length)
1038                 goto out;
1039 
1040         length = -ENOMEM;
1041         scon = kzalloc(size + 1, GFP_KERNEL);
1042         if (!scon)
1043                 goto out;
1044 
1045         length = -ENOMEM;
1046         tcon = kzalloc(size + 1, GFP_KERNEL);
1047         if (!tcon)
1048                 goto out;
1049 
1050         length = -EINVAL;
1051         if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
1052                 goto out;
1053 
1054         length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
1055         if (length)
1056                 goto out;
1057 
1058         length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
1059         if (length)
1060                 goto out;
1061 
1062         length = security_member_sid(ssid, tsid, tclass, &newsid);
1063         if (length)
1064                 goto out;
1065 
1066         length = security_sid_to_context(newsid, &newcon, &len);
1067         if (length)
1068                 goto out;
1069 
1070         length = -ERANGE;
1071         if (len > SIMPLE_TRANSACTION_LIMIT) {
1072                 printk(KERN_ERR "SELinux: %s:  context size (%u) exceeds "
1073                         "payload max\n", __func__, len);
1074                 goto out;
1075         }
1076 
1077         memcpy(buf, newcon, len);
1078         length = len;
1079 out:
1080         kfree(newcon);
1081         kfree(tcon);
1082         kfree(scon);
1083         return length;
1084 }
1085 
1086 static struct inode *sel_make_inode(struct super_block *sb, int mode)
1087 {
1088         struct inode *ret = new_inode(sb);
1089 
1090         if (ret) {
1091                 ret->i_mode = mode;
1092                 ret->i_atime = ret->i_mtime = ret->i_ctime = CURRENT_TIME;
1093         }
1094         return ret;
1095 }
1096 
1097 static ssize_t sel_read_bool(struct file *filep, char __user *buf,
1098                              size_t count, loff_t *ppos)
1099 {
1100         char *page = NULL;
1101         ssize_t length;
1102         ssize_t ret;
1103         int cur_enforcing;
1104         unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
1105         const char *name = filep->f_path.dentry->d_name.name;
1106 
1107         mutex_lock(&sel_mutex);
1108 
1109         ret = -EINVAL;
1110         if (index >= bool_num || strcmp(name, bool_pending_names[index]))
1111                 goto out;
1112 
1113         ret = -ENOMEM;
1114         page = (char *)get_zeroed_page(GFP_KERNEL);
1115         if (!page)
1116                 goto out;
1117 
1118         cur_enforcing = security_get_bool_value(index);
1119         if (cur_enforcing < 0) {
1120                 ret = cur_enforcing;
1121                 goto out;
1122         }
1123         length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing,
1124                           bool_pending_values[index]);
1125         ret = simple_read_from_buffer(buf, count, ppos, page, length);
1126 out:
1127         mutex_unlock(&sel_mutex);
1128         free_page((unsigned long)page);
1129         return ret;
1130 }
1131 
1132 static ssize_t sel_write_bool(struct file *filep, const char __user *buf,
1133                               size_t count, loff_t *ppos)
1134 {
1135         char *page = NULL;
1136         ssize_t length;
1137         int new_value;
1138         unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
1139         const char *name = filep->f_path.dentry->d_name.name;
1140 
1141         mutex_lock(&sel_mutex);
1142 
1143         length = task_has_security(current, SECURITY__SETBOOL);
1144         if (length)
1145                 goto out;
1146 
1147         length = -EINVAL;
1148         if (index >= bool_num || strcmp(name, bool_pending_names[index]))
1149                 goto out;
1150 
1151         length = -ENOMEM;
1152         if (count >= PAGE_SIZE)
1153                 goto out;
1154 
1155         /* No partial writes. */
1156         length = -EINVAL;
1157         if (*ppos != 0)
1158                 goto out;
1159 
1160         page = memdup_user_nul(buf, count);
1161         if (IS_ERR(page)) {
1162                 length = PTR_ERR(page);
1163                 page = NULL;
1164                 goto out;
1165         }
1166 
1167         length = -EINVAL;
1168         if (sscanf(page, "%d", &new_value) != 1)
1169                 goto out;
1170 
1171         if (new_value)
1172                 new_value = 1;
1173 
1174         bool_pending_values[index] = new_value;
1175         length = count;
1176 
1177 out:
1178         mutex_unlock(&sel_mutex);
1179         kfree(page);
1180         return length;
1181 }
1182 
1183 static const struct file_operations sel_bool_ops = {
1184         .read           = sel_read_bool,
1185         .write          = sel_write_bool,
1186         .llseek         = generic_file_llseek,
1187 };
1188 
1189 static ssize_t sel_commit_bools_write(struct file *filep,
1190                                       const char __user *buf,
1191                                       size_t count, loff_t *ppos)
1192 {
1193         char *page = NULL;
1194         ssize_t length;
1195         int new_value;
1196 
1197         mutex_lock(&sel_mutex);
1198 
1199         length = task_has_security(current, SECURITY__SETBOOL);
1200         if (length)
1201                 goto out;
1202 
1203         length = -ENOMEM;
1204         if (count >= PAGE_SIZE)
1205                 goto out;
1206 
1207         /* No partial writes. */
1208         length = -EINVAL;
1209         if (*ppos != 0)
1210                 goto out;
1211 
1212         page = memdup_user_nul(buf, count);
1213         if (IS_ERR(page)) {
1214                 length = PTR_ERR(page);
1215                 page = NULL;
1216                 goto out;
1217         }
1218 
1219         length = -EINVAL;
1220         if (sscanf(page, "%d", &new_value) != 1)
1221                 goto out;
1222 
1223         length = 0;
1224         if (new_value && bool_pending_values)
1225                 length = security_set_bools(bool_num, bool_pending_values);
1226 
1227         if (!length)
1228                 length = count;
1229 
1230 out:
1231         mutex_unlock(&sel_mutex);
1232         kfree(page);
1233         return length;
1234 }
1235 
1236 static const struct file_operations sel_commit_bools_ops = {
1237         .write          = sel_commit_bools_write,
1238         .llseek         = generic_file_llseek,
1239 };
1240 
1241 static void sel_remove_entries(struct dentry *de)
1242 {
1243         d_genocide(de);
1244         shrink_dcache_parent(de);
1245 }
1246 
1247 #define BOOL_DIR_NAME "booleans"
1248 
1249 static int sel_make_bools(void)
1250 {
1251         int i, ret;
1252         ssize_t len;
1253         struct dentry *dentry = NULL;
1254         struct dentry *dir = bool_dir;
1255         struct inode *inode = NULL;
1256         struct inode_security_struct *isec;
1257         char **names = NULL, *page;
1258         int num;
1259         int *values = NULL;
1260         u32 sid;
1261 
1262         /* remove any existing files */
1263         for (i = 0; i < bool_num; i++)
1264                 kfree(bool_pending_names[i]);
1265         kfree(bool_pending_names);
1266         kfree(bool_pending_values);
1267         bool_num = 0;
1268         bool_pending_names = NULL;
1269         bool_pending_values = NULL;
1270 
1271         sel_remove_entries(dir);
1272 
1273         ret = -ENOMEM;
1274         page = (char *)get_zeroed_page(GFP_KERNEL);
1275         if (!page)
1276                 goto out;
1277 
1278         ret = security_get_bools(&num, &names, &values);
1279         if (ret)
1280                 goto out;
1281 
1282         for (i = 0; i < num; i++) {
1283                 ret = -ENOMEM;
1284                 dentry = d_alloc_name(dir, names[i]);
1285                 if (!dentry)
1286                         goto out;
1287 
1288                 ret = -ENOMEM;
1289                 inode = sel_make_inode(dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR);
1290                 if (!inode)
1291                         goto out;
1292 
1293                 ret = -ENAMETOOLONG;
1294                 len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]);
1295                 if (len >= PAGE_SIZE)
1296                         goto out;
1297 
1298                 isec = (struct inode_security_struct *)inode->i_security;
1299                 ret = security_genfs_sid("selinuxfs", page, SECCLASS_FILE, &sid);
1300                 if (ret)
1301                         goto out;
1302 
1303                 isec->sid = sid;
1304                 isec->initialized = 1;
1305                 inode->i_fop = &sel_bool_ops;
1306                 inode->i_ino = i|SEL_BOOL_INO_OFFSET;
1307                 d_add(dentry, inode);
1308         }
1309         bool_num = num;
1310         bool_pending_names = names;
1311         bool_pending_values = values;
1312 
1313         free_page((unsigned long)page);
1314         return 0;
1315 out:
1316         free_page((unsigned long)page);
1317 
1318         if (names) {
1319                 for (i = 0; i < num; i++)
1320                         kfree(names[i]);
1321                 kfree(names);
1322         }
1323         kfree(values);
1324         sel_remove_entries(dir);
1325 
1326         return ret;
1327 }
1328 
1329 #define NULL_FILE_NAME "null"
1330 
1331 struct path selinux_null;
1332 
1333 static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf,
1334                                             size_t count, loff_t *ppos)
1335 {
1336         char tmpbuf[TMPBUFLEN];
1337         ssize_t length;
1338 
1339         length = scnprintf(tmpbuf, TMPBUFLEN, "%u", avc_cache_threshold);
1340         return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
1341 }
1342 
1343 static ssize_t sel_write_avc_cache_threshold(struct file *file,
1344                                              const char __user *buf,
1345                                              size_t count, loff_t *ppos)
1346 
1347 {
1348         char *page;
1349         ssize_t ret;
1350         int new_value;
1351 
1352         ret = task_has_security(current, SECURITY__SETSECPARAM);
1353         if (ret)
1354                 return ret;
1355 
1356         if (count >= PAGE_SIZE)
1357                 return -ENOMEM;
1358 
1359         /* No partial writes. */
1360         if (*ppos != 0)
1361                 return -EINVAL;
1362 
1363         page = memdup_user_nul(buf, count);
1364         if (IS_ERR(page))
1365                 return PTR_ERR(page);
1366 
1367         ret = -EINVAL;
1368         if (sscanf(page, "%u", &new_value) != 1)
1369                 goto out;
1370 
1371         avc_cache_threshold = new_value;
1372 
1373         ret = count;
1374 out:
1375         kfree(page);
1376         return ret;
1377 }
1378 
1379 static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf,
1380                                        size_t count, loff_t *ppos)
1381 {
1382         char *page;
1383         ssize_t length;
1384 
1385         page = (char *)__get_free_page(GFP_KERNEL);
1386         if (!page)
1387                 return -ENOMEM;
1388 
1389         length = avc_get_hash_stats(page);
1390         if (length >= 0)
1391                 length = simple_read_from_buffer(buf, count, ppos, page, length);
1392         free_page((unsigned long)page);
1393 
1394         return length;
1395 }
1396 
1397 static const struct file_operations sel_avc_cache_threshold_ops = {
1398         .read           = sel_read_avc_cache_threshold,
1399         .write          = sel_write_avc_cache_threshold,
1400         .llseek         = generic_file_llseek,
1401 };
1402 
1403 static const struct file_operations sel_avc_hash_stats_ops = {
1404         .read           = sel_read_avc_hash_stats,
1405         .llseek         = generic_file_llseek,
1406 };
1407 
1408 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
1409 static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx)
1410 {
1411         int cpu;
1412 
1413         for (cpu = *idx; cpu < nr_cpu_ids; ++cpu) {
1414                 if (!cpu_possible(cpu))
1415                         continue;
1416                 *idx = cpu + 1;
1417                 return &per_cpu(avc_cache_stats, cpu);
1418         }
1419         return NULL;
1420 }
1421 
1422 static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos)
1423 {
1424         loff_t n = *pos - 1;
1425 
1426         if (*pos == 0)
1427                 return SEQ_START_TOKEN;
1428 
1429         return sel_avc_get_stat_idx(&n);
1430 }
1431 
1432 static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1433 {
1434         return sel_avc_get_stat_idx(pos);
1435 }
1436 
1437 static int sel_avc_stats_seq_show(struct seq_file *seq, void *v)
1438 {
1439         struct avc_cache_stats *st = v;
1440 
1441         if (v == SEQ_START_TOKEN)
1442                 seq_printf(seq, "lookups hits misses allocations reclaims "
1443                            "frees\n");
1444         else {
1445                 unsigned int lookups = st->lookups;
1446                 unsigned int misses = st->misses;
1447                 unsigned int hits = lookups - misses;
1448                 seq_printf(seq, "%u %u %u %u %u %u\n", lookups,
1449                            hits, misses, st->allocations,
1450                            st->reclaims, st->frees);
1451         }
1452         return 0;
1453 }
1454 
1455 static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v)
1456 { }
1457 
1458 static const struct seq_operations sel_avc_cache_stats_seq_ops = {
1459         .start          = sel_avc_stats_seq_start,
1460         .next           = sel_avc_stats_seq_next,
1461         .show           = sel_avc_stats_seq_show,
1462         .stop           = sel_avc_stats_seq_stop,
1463 };
1464 
1465 static int sel_open_avc_cache_stats(struct inode *inode, struct file *file)
1466 {
1467         return seq_open(file, &sel_avc_cache_stats_seq_ops);
1468 }
1469 
1470 static const struct file_operations sel_avc_cache_stats_ops = {
1471         .open           = sel_open_avc_cache_stats,
1472         .read           = seq_read,
1473         .llseek         = seq_lseek,
1474         .release        = seq_release,
1475 };
1476 #endif
1477 
1478 static int sel_make_avc_files(struct dentry *dir)
1479 {
1480         int i;
1481         static struct tree_descr files[] = {
1482                 { "cache_threshold",
1483                   &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR },
1484                 { "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO },
1485 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
1486                 { "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO },
1487 #endif
1488         };
1489 
1490         for (i = 0; i < ARRAY_SIZE(files); i++) {
1491                 struct inode *inode;
1492                 struct dentry *dentry;
1493 
1494                 dentry = d_alloc_name(dir, files[i].name);
1495                 if (!dentry)
1496                         return -ENOMEM;
1497 
1498                 inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode);
1499                 if (!inode)
1500                         return -ENOMEM;
1501 
1502                 inode->i_fop = files[i].ops;
1503                 inode->i_ino = ++sel_last_ino;
1504                 d_add(dentry, inode);
1505         }
1506 
1507         return 0;
1508 }
1509 
1510 static ssize_t sel_read_initcon(struct file *file, char __user *buf,
1511                                 size_t count, loff_t *ppos)
1512 {
1513         char *con;
1514         u32 sid, len;
1515         ssize_t ret;
1516 
1517         sid = file_inode(file)->i_ino&SEL_INO_MASK;
1518         ret = security_sid_to_context(sid, &con, &len);
1519         if (ret)
1520                 return ret;
1521 
1522         ret = simple_read_from_buffer(buf, count, ppos, con, len);
1523         kfree(con);
1524         return ret;
1525 }
1526 
1527 static const struct file_operations sel_initcon_ops = {
1528         .read           = sel_read_initcon,
1529         .llseek         = generic_file_llseek,
1530 };
1531 
1532 static int sel_make_initcon_files(struct dentry *dir)
1533 {
1534         int i;
1535 
1536         for (i = 1; i <= SECINITSID_NUM; i++) {
1537                 struct inode *inode;
1538                 struct dentry *dentry;
1539                 dentry = d_alloc_name(dir, security_get_initial_sid_context(i));
1540                 if (!dentry)
1541                         return -ENOMEM;
1542 
1543                 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1544                 if (!inode)
1545                         return -ENOMEM;
1546 
1547                 inode->i_fop = &sel_initcon_ops;
1548                 inode->i_ino = i|SEL_INITCON_INO_OFFSET;
1549                 d_add(dentry, inode);
1550         }
1551 
1552         return 0;
1553 }
1554 
1555 static inline unsigned long sel_class_to_ino(u16 class)
1556 {
1557         return (class * (SEL_VEC_MAX + 1)) | SEL_CLASS_INO_OFFSET;
1558 }
1559 
1560 static inline u16 sel_ino_to_class(unsigned long ino)
1561 {
1562         return (ino & SEL_INO_MASK) / (SEL_VEC_MAX + 1);
1563 }
1564 
1565 static inline unsigned long sel_perm_to_ino(u16 class, u32 perm)
1566 {
1567         return (class * (SEL_VEC_MAX + 1) + perm) | SEL_CLASS_INO_OFFSET;
1568 }
1569 
1570 static inline u32 sel_ino_to_perm(unsigned long ino)
1571 {
1572         return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1);
1573 }
1574 
1575 static ssize_t sel_read_class(struct file *file, char __user *buf,
1576                                 size_t count, loff_t *ppos)
1577 {
1578         unsigned long ino = file_inode(file)->i_ino;
1579         char res[TMPBUFLEN];
1580         ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_class(ino));
1581         return simple_read_from_buffer(buf, count, ppos, res, len);
1582 }
1583 
1584 static const struct file_operations sel_class_ops = {
1585         .read           = sel_read_class,
1586         .llseek         = generic_file_llseek,
1587 };
1588 
1589 static ssize_t sel_read_perm(struct file *file, char __user *buf,
1590                                 size_t count, loff_t *ppos)
1591 {
1592         unsigned long ino = file_inode(file)->i_ino;
1593         char res[TMPBUFLEN];
1594         ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino));
1595         return simple_read_from_buffer(buf, count, ppos, res, len);
1596 }
1597 
1598 static const struct file_operations sel_perm_ops = {
1599         .read           = sel_read_perm,
1600         .llseek         = generic_file_llseek,
1601 };
1602 
1603 static ssize_t sel_read_policycap(struct file *file, char __user *buf,
1604                                   size_t count, loff_t *ppos)
1605 {
1606         int value;
1607         char tmpbuf[TMPBUFLEN];
1608         ssize_t length;
1609         unsigned long i_ino = file_inode(file)->i_ino;
1610 
1611         value = security_policycap_supported(i_ino & SEL_INO_MASK);
1612         length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value);
1613 
1614         return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
1615 }
1616 
1617 static const struct file_operations sel_policycap_ops = {
1618         .read           = sel_read_policycap,
1619         .llseek         = generic_file_llseek,
1620 };
1621 
1622 static int sel_make_perm_files(char *objclass, int classvalue,
1623                                 struct dentry *dir)
1624 {
1625         int i, rc, nperms;
1626         char **perms;
1627 
1628         rc = security_get_permissions(objclass, &perms, &nperms);
1629         if (rc)
1630                 return rc;
1631 
1632         for (i = 0; i < nperms; i++) {
1633                 struct inode *inode;
1634                 struct dentry *dentry;
1635 
1636                 rc = -ENOMEM;
1637                 dentry = d_alloc_name(dir, perms[i]);
1638                 if (!dentry)
1639                         goto out;
1640 
1641                 rc = -ENOMEM;
1642                 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1643                 if (!inode)
1644                         goto out;
1645 
1646                 inode->i_fop = &sel_perm_ops;
1647                 /* i+1 since perm values are 1-indexed */
1648                 inode->i_ino = sel_perm_to_ino(classvalue, i + 1);
1649                 d_add(dentry, inode);
1650         }
1651         rc = 0;
1652 out:
1653         for (i = 0; i < nperms; i++)
1654                 kfree(perms[i]);
1655         kfree(perms);
1656         return rc;
1657 }
1658 
1659 static int sel_make_class_dir_entries(char *classname, int index,
1660                                         struct dentry *dir)
1661 {
1662         struct dentry *dentry = NULL;
1663         struct inode *inode = NULL;
1664         int rc;
1665 
1666         dentry = d_alloc_name(dir, "index");
1667         if (!dentry)
1668                 return -ENOMEM;
1669 
1670         inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1671         if (!inode)
1672                 return -ENOMEM;
1673 
1674         inode->i_fop = &sel_class_ops;
1675         inode->i_ino = sel_class_to_ino(index);
1676         d_add(dentry, inode);
1677 
1678         dentry = sel_make_dir(dir, "perms", &last_class_ino);
1679         if (IS_ERR(dentry))
1680                 return PTR_ERR(dentry);
1681 
1682         rc = sel_make_perm_files(classname, index, dentry);
1683 
1684         return rc;
1685 }
1686 
1687 static int sel_make_classes(void)
1688 {
1689         int rc, nclasses, i;
1690         char **classes;
1691 
1692         /* delete any existing entries */
1693         sel_remove_entries(class_dir);
1694 
1695         rc = security_get_classes(&classes, &nclasses);
1696         if (rc)
1697                 return rc;
1698 
1699         /* +2 since classes are 1-indexed */
1700         last_class_ino = sel_class_to_ino(nclasses + 2);
1701 
1702         for (i = 0; i < nclasses; i++) {
1703                 struct dentry *class_name_dir;
1704 
1705                 class_name_dir = sel_make_dir(class_dir, classes[i],
1706                                 &last_class_ino);
1707                 if (IS_ERR(class_name_dir)) {
1708                         rc = PTR_ERR(class_name_dir);
1709                         goto out;
1710                 }
1711 
1712                 /* i+1 since class values are 1-indexed */
1713                 rc = sel_make_class_dir_entries(classes[i], i + 1,
1714                                 class_name_dir);
1715                 if (rc)
1716                         goto out;
1717         }
1718         rc = 0;
1719 out:
1720         for (i = 0; i < nclasses; i++)
1721                 kfree(classes[i]);
1722         kfree(classes);
1723         return rc;
1724 }
1725 
1726 static int sel_make_policycap(void)
1727 {
1728         unsigned int iter;
1729         struct dentry *dentry = NULL;
1730         struct inode *inode = NULL;
1731 
1732         sel_remove_entries(policycap_dir);
1733 
1734         for (iter = 0; iter <= POLICYDB_CAPABILITY_MAX; iter++) {
1735                 if (iter < ARRAY_SIZE(policycap_names))
1736                         dentry = d_alloc_name(policycap_dir,
1737                                               policycap_names[iter]);
1738                 else
1739                         dentry = d_alloc_name(policycap_dir, "unknown");
1740 
1741                 if (dentry == NULL)
1742                         return -ENOMEM;
1743 
1744                 inode = sel_make_inode(policycap_dir->d_sb, S_IFREG | S_IRUGO);
1745                 if (inode == NULL)
1746                         return -ENOMEM;
1747 
1748                 inode->i_fop = &sel_policycap_ops;
1749                 inode->i_ino = iter | SEL_POLICYCAP_INO_OFFSET;
1750                 d_add(dentry, inode);
1751         }
1752 
1753         return 0;
1754 }
1755 
1756 static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
1757                         unsigned long *ino)
1758 {
1759         struct dentry *dentry = d_alloc_name(dir, name);
1760         struct inode *inode;
1761 
1762         if (!dentry)
1763                 return ERR_PTR(-ENOMEM);
1764 
1765         inode = sel_make_inode(dir->d_sb, S_IFDIR | S_IRUGO | S_IXUGO);
1766         if (!inode) {
1767                 dput(dentry);
1768                 return ERR_PTR(-ENOMEM);
1769         }
1770 
1771         inode->i_op = &simple_dir_inode_operations;
1772         inode->i_fop = &simple_dir_operations;
1773         inode->i_ino = ++(*ino);
1774         /* directory inodes start off with i_nlink == 2 (for "." entry) */
1775         inc_nlink(inode);
1776         d_add(dentry, inode);
1777         /* bump link count on parent directory, too */
1778         inc_nlink(d_inode(dir));
1779 
1780         return dentry;
1781 }
1782 
1783 static int sel_fill_super(struct super_block *sb, void *data, int silent)
1784 {
1785         int ret;
1786         struct dentry *dentry;
1787         struct inode *inode;
1788         struct inode_security_struct *isec;
1789 
1790         static struct tree_descr selinux_files[] = {
1791                 [SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR},
1792                 [SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR},
1793                 [SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO},
1794                 [SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO},
1795                 [SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO},
1796                 [SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO},
1797                 [SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO},
1798                 [SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO},
1799                 [SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR},
1800                 [SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO},
1801                 [SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR},
1802                 [SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO},
1803                 [SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR},
1804                 [SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO},
1805                 [SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO},
1806                 [SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO},
1807                 [SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO},
1808                 [SEL_VALIDATE_TRANS] = {"validatetrans", &sel_transition_ops,
1809                                         S_IWUGO},
1810                 /* last one */ {""}
1811         };
1812         ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);
1813         if (ret)
1814                 goto err;
1815 
1816         bool_dir = sel_make_dir(sb->s_root, BOOL_DIR_NAME, &sel_last_ino);
1817         if (IS_ERR(bool_dir)) {
1818                 ret = PTR_ERR(bool_dir);
1819                 bool_dir = NULL;
1820                 goto err;
1821         }
1822 
1823         ret = -ENOMEM;
1824         dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME);
1825         if (!dentry)
1826                 goto err;
1827 
1828         ret = -ENOMEM;
1829         inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO);
1830         if (!inode)
1831                 goto err;
1832 
1833         inode->i_ino = ++sel_last_ino;
1834         isec = (struct inode_security_struct *)inode->i_security;
1835         isec->sid = SECINITSID_DEVNULL;
1836         isec->sclass = SECCLASS_CHR_FILE;
1837         isec->initialized = 1;
1838 
1839         init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3));
1840         d_add(dentry, inode);
1841         selinux_null.dentry = dentry;
1842 
1843         dentry = sel_make_dir(sb->s_root, "avc", &sel_last_ino);
1844         if (IS_ERR(dentry)) {
1845                 ret = PTR_ERR(dentry);
1846                 goto err;
1847         }
1848 
1849         ret = sel_make_avc_files(dentry);
1850         if (ret)
1851                 goto err;
1852 
1853         dentry = sel_make_dir(sb->s_root, "initial_contexts", &sel_last_ino);
1854         if (IS_ERR(dentry)) {
1855                 ret = PTR_ERR(dentry);
1856                 goto err;
1857         }
1858 
1859         ret = sel_make_initcon_files(dentry);
1860         if (ret)
1861                 goto err;
1862 
1863         class_dir = sel_make_dir(sb->s_root, "class", &sel_last_ino);
1864         if (IS_ERR(class_dir)) {
1865                 ret = PTR_ERR(class_dir);
1866                 class_dir = NULL;
1867                 goto err;
1868         }
1869 
1870         policycap_dir = sel_make_dir(sb->s_root, "policy_capabilities", &sel_last_ino);
1871         if (IS_ERR(policycap_dir)) {
1872                 ret = PTR_ERR(policycap_dir);
1873                 policycap_dir = NULL;
1874                 goto err;
1875         }
1876         return 0;
1877 err:
1878         printk(KERN_ERR "SELinux: %s:  failed while creating inodes\n",
1879                 __func__);
1880         return ret;
1881 }
1882 
1883 static struct dentry *sel_mount(struct file_system_type *fs_type,
1884                       int flags, const char *dev_name, void *data)
1885 {
1886         return mount_single(fs_type, flags, data, sel_fill_super);
1887 }
1888 
1889 static struct file_system_type sel_fs_type = {
1890         .name           = "selinuxfs",
1891         .mount          = sel_mount,
1892         .kill_sb        = kill_litter_super,
1893 };
1894 
1895 struct vfsmount *selinuxfs_mount;
1896 
1897 static int __init init_sel_fs(void)
1898 {
1899         int err;
1900 
1901         if (!selinux_enabled)
1902                 return 0;
1903 
1904         err = sysfs_create_mount_point(fs_kobj, "selinux");
1905         if (err)
1906                 return err;
1907 
1908         err = register_filesystem(&sel_fs_type);
1909         if (err) {
1910                 sysfs_remove_mount_point(fs_kobj, "selinux");
1911                 return err;
1912         }
1913 
1914         selinux_null.mnt = selinuxfs_mount = kern_mount(&sel_fs_type);
1915         if (IS_ERR(selinuxfs_mount)) {
1916                 printk(KERN_ERR "selinuxfs:  could not mount!\n");
1917                 err = PTR_ERR(selinuxfs_mount);
1918                 selinuxfs_mount = NULL;
1919         }
1920 
1921         return err;
1922 }
1923 
1924 __initcall(init_sel_fs);
1925 
1926 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
1927 void exit_sel_fs(void)
1928 {
1929         sysfs_remove_mount_point(fs_kobj, "selinux");
1930         kern_unmount(selinuxfs_mount);
1931         unregister_filesystem(&sel_fs_type);
1932 }
1933 #endif
1934 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp