Eric Lee / smarc-ti-linux-kernel

Download as
Browse Code ยป

Commit f48b7399840b453e7282b523f535561fe9638a2d

Authored by Eric Paris
1 parent 0dc1ba24f7

LSM: split LSM_AUDIT_DATA_FS into _PATH and _INODE 

The lsm common audit code has wacky contortions making sure which pieces
of information are set based on if it was given a path, dentry, or
inode.  Split this into path and inode to get rid of some of the code
complexity.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>

Showing 6 changed files with 78 additions and 73 deletions Inline Diff

include/linux/lsm_audit.h
Diff comments   View file @ f48b739
1 /* 1 /*
2 * Common LSM logging functions 2 * Common LSM logging functions
3 * Heavily borrowed from selinux/avc.h 3 * Heavily borrowed from selinux/avc.h
4 * 4 *
5 * Author : Etienne BASSET <etienne.basset@ensta.org> 5 * Author : Etienne BASSET <etienne.basset@ensta.org>
6 * 6 *
7 * All credits to : Stephen Smalley, <sds@epoch.ncsc.mil> 7 * All credits to : Stephen Smalley, <sds@epoch.ncsc.mil>
8 * All BUGS to : Etienne BASSET <etienne.basset@ensta.org> 8 * All BUGS to : Etienne BASSET <etienne.basset@ensta.org>
9 */ 9 */
10 #ifndef _LSM_COMMON_LOGGING_ 10 #ifndef _LSM_COMMON_LOGGING_
11 #define _LSM_COMMON_LOGGING_ 11 #define _LSM_COMMON_LOGGING_
12 12
13 #include <linux/stddef.h> 13 #include <linux/stddef.h>
14 #include <linux/errno.h> 14 #include <linux/errno.h>
15 #include <linux/kernel.h> 15 #include <linux/kernel.h>
16 #include <linux/kdev_t.h> 16 #include <linux/kdev_t.h>
17 #include <linux/spinlock.h> 17 #include <linux/spinlock.h>
18 #include <linux/init.h> 18 #include <linux/init.h>
19 #include <linux/audit.h> 19 #include <linux/audit.h>
20 #include <linux/in6.h> 20 #include <linux/in6.h>
21 #include <linux/path.h> 21 #include <linux/path.h>
22 #include <linux/key.h> 22 #include <linux/key.h>
23 #include <linux/skbuff.h> 23 #include <linux/skbuff.h>
24 #include <asm/system.h> 24 #include <asm/system.h>
25 25
26 26
27 /* Auxiliary data to use in generating the audit record. */ 27 /* Auxiliary data to use in generating the audit record. */
28 struct common_audit_data { 28 struct common_audit_data {
29 char type; 29 char type;
30 #define LSM_AUDIT_DATA_FS 1 30 #define LSM_AUDIT_DATA_PATH 1
31 #define LSM_AUDIT_DATA_NET 2 31 #define LSM_AUDIT_DATA_NET 2
32 #define LSM_AUDIT_DATA_CAP 3 32 #define LSM_AUDIT_DATA_CAP 3
33 #define LSM_AUDIT_DATA_IPC 4 33 #define LSM_AUDIT_DATA_IPC 4
34 #define LSM_AUDIT_DATA_TASK 5 34 #define LSM_AUDIT_DATA_TASK 5
35 #define LSM_AUDIT_DATA_KEY 6 35 #define LSM_AUDIT_DATA_KEY 6
36 #define LSM_AUDIT_DATA_NONE 7 36 #define LSM_AUDIT_DATA_NONE 7
37 #define LSM_AUDIT_DATA_KMOD 8 37 #define LSM_AUDIT_DATA_KMOD 8
38 #define LSM_AUDIT_DATA_INODE 9
38 struct task_struct *tsk; 39 struct task_struct *tsk;
39 union { 40 union {
40 struct { 41 struct path path;
41 struct path path; 42 struct inode *inode;
42 struct inode *inode;
43 } fs;
44 struct { 43 struct {
45 int netif; 44 int netif;
46 struct sock *sk; 45 struct sock *sk;
47 u16 family; 46 u16 family;
48 __be16 dport; 47 __be16 dport;
49 __be16 sport; 48 __be16 sport;
50 union { 49 union {
51 struct { 50 struct {
52 __be32 daddr; 51 __be32 daddr;
53 __be32 saddr; 52 __be32 saddr;
54 } v4; 53 } v4;
55 struct { 54 struct {
56 struct in6_addr daddr; 55 struct in6_addr daddr;
57 struct in6_addr saddr; 56 struct in6_addr saddr;
58 } v6; 57 } v6;
59 } fam; 58 } fam;
60 } net; 59 } net;
61 int cap; 60 int cap;
62 int ipc_id; 61 int ipc_id;
63 struct task_struct *tsk; 62 struct task_struct *tsk;
64 #ifdef CONFIG_KEYS 63 #ifdef CONFIG_KEYS
65 struct { 64 struct {
66 key_serial_t key; 65 key_serial_t key;
67 char *key_desc; 66 char *key_desc;
68 } key_struct; 67 } key_struct;
69 #endif 68 #endif
70 char *kmod_name; 69 char *kmod_name;
71 } u; 70 } u;
72 /* this union contains LSM specific data */ 71 /* this union contains LSM specific data */
73 union { 72 union {
74 #ifdef CONFIG_SECURITY_SMACK 73 #ifdef CONFIG_SECURITY_SMACK
75 /* SMACK data */ 74 /* SMACK data */
76 struct smack_audit_data { 75 struct smack_audit_data {
77 const char *function; 76 const char *function;
78 char *subject; 77 char *subject;
79 char *object; 78 char *object;
80 char *request; 79 char *request;
81 int result; 80 int result;
82 } smack_audit_data; 81 } smack_audit_data;
83 #endif 82 #endif
84 #ifdef CONFIG_SECURITY_SELINUX 83 #ifdef CONFIG_SECURITY_SELINUX
85 /* SELinux data */ 84 /* SELinux data */
86 struct { 85 struct {
87 u32 ssid; 86 u32 ssid;
88 u32 tsid; 87 u32 tsid;
89 u16 tclass; 88 u16 tclass;
90 u32 requested; 89 u32 requested;
91 u32 audited; 90 u32 audited;
92 u32 denied; 91 u32 denied;
93 /* 92 /*
94 * auditdeny is a bit tricky and unintuitive. See the 93 * auditdeny is a bit tricky and unintuitive. See the
95 * comments in avc.c for it's meaning and usage. 94 * comments in avc.c for it's meaning and usage.
96 */ 95 */
97 u32 auditdeny; 96 u32 auditdeny;
98 struct av_decision *avd; 97 struct av_decision *avd;
99 int result; 98 int result;
100 } selinux_audit_data; 99 } selinux_audit_data;
101 #endif 100 #endif
102 #ifdef CONFIG_SECURITY_APPARMOR 101 #ifdef CONFIG_SECURITY_APPARMOR
103 struct { 102 struct {
104 int error; 103 int error;
105 int op; 104 int op;
106 int type; 105 int type;
107 void *profile; 106 void *profile;
108 const char *name; 107 const char *name;
109 const char *info; 108 const char *info;
110 union { 109 union {
111 void *target; 110 void *target;
112 struct { 111 struct {
113 long pos; 112 long pos;
114 void *target; 113 void *target;
115 } iface; 114 } iface;
116 struct { 115 struct {
117 int rlim; 116 int rlim;
118 unsigned long max; 117 unsigned long max;
119 } rlim; 118 } rlim;
120 struct { 119 struct {
121 const char *target; 120 const char *target;
122 u32 request; 121 u32 request;
123 u32 denied; 122 u32 denied;
124 uid_t ouid; 123 uid_t ouid;
125 } fs; 124 } fs;
126 }; 125 };
127 } apparmor_audit_data; 126 } apparmor_audit_data;
128 #endif 127 #endif
129 }; 128 };
130 /* these callback will be implemented by a specific LSM */ 129 /* these callback will be implemented by a specific LSM */
131 void (*lsm_pre_audit)(struct audit_buffer *, void *); 130 void (*lsm_pre_audit)(struct audit_buffer *, void *);
132 void (*lsm_post_audit)(struct audit_buffer *, void *); 131 void (*lsm_post_audit)(struct audit_buffer *, void *);
133 }; 132 };
134 133
135 #define v4info fam.v4 134 #define v4info fam.v4
136 #define v6info fam.v6 135 #define v6info fam.v6
137 136
138 int ipv4_skb_to_auditdata(struct sk_buff *skb, 137 int ipv4_skb_to_auditdata(struct sk_buff *skb,
139 struct common_audit_data *ad, u8 *proto); 138 struct common_audit_data *ad, u8 *proto);
140 139
141 int ipv6_skb_to_auditdata(struct sk_buff *skb, 140 int ipv6_skb_to_auditdata(struct sk_buff *skb,
142 struct common_audit_data *ad, u8 *proto); 141 struct common_audit_data *ad, u8 *proto);
143 142
144 /* Initialize an LSM audit data structure. */ 143 /* Initialize an LSM audit data structure. */
145 #define COMMON_AUDIT_DATA_INIT(_d, _t) \ 144 #define COMMON_AUDIT_DATA_INIT(_d, _t) \
146 { memset((_d), 0, sizeof(struct common_audit_data)); \ 145 { memset((_d), 0, sizeof(struct common_audit_data)); \
147 (_d)->type = LSM_AUDIT_DATA_##_t; } 146 (_d)->type = LSM_AUDIT_DATA_##_t; }
148 147
149 void common_lsm_audit(struct common_audit_data *a); 148 void common_lsm_audit(struct common_audit_data *a);
150 149
151 #endif 150 #endif
security/lsm_audit.c
Diff comments   View file @ f48b739
1 /* 1 /*
2 * common LSM auditing functions 2 * common LSM auditing functions
3 * 3 *
4 * Based on code written for SELinux by : 4 * Based on code written for SELinux by :
5 * Stephen Smalley, <sds@epoch.ncsc.mil> 5 * Stephen Smalley, <sds@epoch.ncsc.mil>
6 * James Morris <jmorris@redhat.com> 6 * James Morris <jmorris@redhat.com>
7 * Author : Etienne Basset, <etienne.basset@ensta.org> 7 * Author : Etienne Basset, <etienne.basset@ensta.org>
8 * 8 *
9 * This program is free software; you can redistribute it and/or modify 9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2, 10 * it under the terms of the GNU General Public License version 2,
11 * as published by the Free Software Foundation. 11 * as published by the Free Software Foundation.
12 */ 12 */
13 13
14 #include <linux/types.h> 14 #include <linux/types.h>
15 #include <linux/stddef.h> 15 #include <linux/stddef.h>
16 #include <linux/kernel.h> 16 #include <linux/kernel.h>
17 #include <linux/gfp.h> 17 #include <linux/gfp.h>
18 #include <linux/fs.h> 18 #include <linux/fs.h>
19 #include <linux/init.h> 19 #include <linux/init.h>
20 #include <net/sock.h> 20 #include <net/sock.h>
21 #include <linux/un.h> 21 #include <linux/un.h>
22 #include <net/af_unix.h> 22 #include <net/af_unix.h>
23 #include <linux/audit.h> 23 #include <linux/audit.h>
24 #include <linux/ipv6.h> 24 #include <linux/ipv6.h>
25 #include <linux/ip.h> 25 #include <linux/ip.h>
26 #include <net/ip.h> 26 #include <net/ip.h>
27 #include <net/ipv6.h> 27 #include <net/ipv6.h>
28 #include <linux/tcp.h> 28 #include <linux/tcp.h>
29 #include <linux/udp.h> 29 #include <linux/udp.h>
30 #include <linux/dccp.h> 30 #include <linux/dccp.h>
31 #include <linux/sctp.h> 31 #include <linux/sctp.h>
32 #include <linux/lsm_audit.h> 32 #include <linux/lsm_audit.h>
33 33
34 /** 34 /**
35 * ipv4_skb_to_auditdata : fill auditdata from skb 35 * ipv4_skb_to_auditdata : fill auditdata from skb
36 * @skb : the skb 36 * @skb : the skb
37 * @ad : the audit data to fill 37 * @ad : the audit data to fill
38 * @proto : the layer 4 protocol 38 * @proto : the layer 4 protocol
39 * 39 *
40 * return 0 on success 40 * return 0 on success
41 */ 41 */
42 int ipv4_skb_to_auditdata(struct sk_buff *skb, 42 int ipv4_skb_to_auditdata(struct sk_buff *skb,
43 struct common_audit_data *ad, u8 *proto) 43 struct common_audit_data *ad, u8 *proto)
44 { 44 {
45 int ret = 0; 45 int ret = 0;
46 struct iphdr *ih; 46 struct iphdr *ih;
47 47
48 ih = ip_hdr(skb); 48 ih = ip_hdr(skb);
49 if (ih == NULL) 49 if (ih == NULL)
50 return -EINVAL; 50 return -EINVAL;
51 51
52 ad->u.net.v4info.saddr = ih->saddr; 52 ad->u.net.v4info.saddr = ih->saddr;
53 ad->u.net.v4info.daddr = ih->daddr; 53 ad->u.net.v4info.daddr = ih->daddr;
54 54
55 if (proto) 55 if (proto)
56 *proto = ih->protocol; 56 *proto = ih->protocol;
57 /* non initial fragment */ 57 /* non initial fragment */
58 if (ntohs(ih->frag_off) & IP_OFFSET) 58 if (ntohs(ih->frag_off) & IP_OFFSET)
59 return 0; 59 return 0;
60 60
61 switch (ih->protocol) { 61 switch (ih->protocol) {
62 case IPPROTO_TCP: { 62 case IPPROTO_TCP: {
63 struct tcphdr *th = tcp_hdr(skb); 63 struct tcphdr *th = tcp_hdr(skb);
64 if (th == NULL) 64 if (th == NULL)
65 break; 65 break;
66 66
67 ad->u.net.sport = th->source; 67 ad->u.net.sport = th->source;
68 ad->u.net.dport = th->dest; 68 ad->u.net.dport = th->dest;
69 break; 69 break;
70 } 70 }
71 case IPPROTO_UDP: { 71 case IPPROTO_UDP: {
72 struct udphdr *uh = udp_hdr(skb); 72 struct udphdr *uh = udp_hdr(skb);
73 if (uh == NULL) 73 if (uh == NULL)
74 break; 74 break;
75 75
76 ad->u.net.sport = uh->source; 76 ad->u.net.sport = uh->source;
77 ad->u.net.dport = uh->dest; 77 ad->u.net.dport = uh->dest;
78 break; 78 break;
79 } 79 }
80 case IPPROTO_DCCP: { 80 case IPPROTO_DCCP: {
81 struct dccp_hdr *dh = dccp_hdr(skb); 81 struct dccp_hdr *dh = dccp_hdr(skb);
82 if (dh == NULL) 82 if (dh == NULL)
83 break; 83 break;
84 84
85 ad->u.net.sport = dh->dccph_sport; 85 ad->u.net.sport = dh->dccph_sport;
86 ad->u.net.dport = dh->dccph_dport; 86 ad->u.net.dport = dh->dccph_dport;
87 break; 87 break;
88 } 88 }
89 case IPPROTO_SCTP: { 89 case IPPROTO_SCTP: {
90 struct sctphdr *sh = sctp_hdr(skb); 90 struct sctphdr *sh = sctp_hdr(skb);
91 if (sh == NULL) 91 if (sh == NULL)
92 break; 92 break;
93 ad->u.net.sport = sh->source; 93 ad->u.net.sport = sh->source;
94 ad->u.net.dport = sh->dest; 94 ad->u.net.dport = sh->dest;
95 break; 95 break;
96 } 96 }
97 default: 97 default:
98 ret = -EINVAL; 98 ret = -EINVAL;
99 } 99 }
100 return ret; 100 return ret;
101 } 101 }
102 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 102 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
103 /** 103 /**
104 * ipv6_skb_to_auditdata : fill auditdata from skb 104 * ipv6_skb_to_auditdata : fill auditdata from skb
105 * @skb : the skb 105 * @skb : the skb
106 * @ad : the audit data to fill 106 * @ad : the audit data to fill
107 * @proto : the layer 4 protocol 107 * @proto : the layer 4 protocol
108 * 108 *
109 * return 0 on success 109 * return 0 on success
110 */ 110 */
111 int ipv6_skb_to_auditdata(struct sk_buff *skb, 111 int ipv6_skb_to_auditdata(struct sk_buff *skb,
112 struct common_audit_data *ad, u8 *proto) 112 struct common_audit_data *ad, u8 *proto)
113 { 113 {
114 int offset, ret = 0; 114 int offset, ret = 0;
115 struct ipv6hdr *ip6; 115 struct ipv6hdr *ip6;
116 u8 nexthdr; 116 u8 nexthdr;
117 117
118 ip6 = ipv6_hdr(skb); 118 ip6 = ipv6_hdr(skb);
119 if (ip6 == NULL) 119 if (ip6 == NULL)
120 return -EINVAL; 120 return -EINVAL;
121 ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr); 121 ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr);
122 ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr); 122 ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr);
123 ret = 0; 123 ret = 0;
124 /* IPv6 can have several extension header before the Transport header 124 /* IPv6 can have several extension header before the Transport header
125 * skip them */ 125 * skip them */
126 offset = skb_network_offset(skb); 126 offset = skb_network_offset(skb);
127 offset += sizeof(*ip6); 127 offset += sizeof(*ip6);
128 nexthdr = ip6->nexthdr; 128 nexthdr = ip6->nexthdr;
129 offset = ipv6_skip_exthdr(skb, offset, &nexthdr); 129 offset = ipv6_skip_exthdr(skb, offset, &nexthdr);
130 if (offset < 0) 130 if (offset < 0)
131 return 0; 131 return 0;
132 if (proto) 132 if (proto)
133 *proto = nexthdr; 133 *proto = nexthdr;
134 switch (nexthdr) { 134 switch (nexthdr) {
135 case IPPROTO_TCP: { 135 case IPPROTO_TCP: {
136 struct tcphdr _tcph, *th; 136 struct tcphdr _tcph, *th;
137 137
138 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); 138 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
139 if (th == NULL) 139 if (th == NULL)
140 break; 140 break;
141 141
142 ad->u.net.sport = th->source; 142 ad->u.net.sport = th->source;
143 ad->u.net.dport = th->dest; 143 ad->u.net.dport = th->dest;
144 break; 144 break;
145 } 145 }
146 case IPPROTO_UDP: { 146 case IPPROTO_UDP: {
147 struct udphdr _udph, *uh; 147 struct udphdr _udph, *uh;
148 148
149 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); 149 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
150 if (uh == NULL) 150 if (uh == NULL)
151 break; 151 break;
152 152
153 ad->u.net.sport = uh->source; 153 ad->u.net.sport = uh->source;
154 ad->u.net.dport = uh->dest; 154 ad->u.net.dport = uh->dest;
155 break; 155 break;
156 } 156 }
157 case IPPROTO_DCCP: { 157 case IPPROTO_DCCP: {
158 struct dccp_hdr _dccph, *dh; 158 struct dccp_hdr _dccph, *dh;
159 159
160 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); 160 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
161 if (dh == NULL) 161 if (dh == NULL)
162 break; 162 break;
163 163
164 ad->u.net.sport = dh->dccph_sport; 164 ad->u.net.sport = dh->dccph_sport;
165 ad->u.net.dport = dh->dccph_dport; 165 ad->u.net.dport = dh->dccph_dport;
166 break; 166 break;
167 } 167 }
168 case IPPROTO_SCTP: { 168 case IPPROTO_SCTP: {
169 struct sctphdr _sctph, *sh; 169 struct sctphdr _sctph, *sh;
170 170
171 sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph); 171 sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph);
172 if (sh == NULL) 172 if (sh == NULL)
173 break; 173 break;
174 ad->u.net.sport = sh->source; 174 ad->u.net.sport = sh->source;
175 ad->u.net.dport = sh->dest; 175 ad->u.net.dport = sh->dest;
176 break; 176 break;
177 } 177 }
178 default: 178 default:
179 ret = -EINVAL; 179 ret = -EINVAL;
180 } 180 }
181 return ret; 181 return ret;
182 } 182 }
183 #endif 183 #endif
184 184
185 185
186 static inline void print_ipv6_addr(struct audit_buffer *ab, 186 static inline void print_ipv6_addr(struct audit_buffer *ab,
187 struct in6_addr *addr, __be16 port, 187 struct in6_addr *addr, __be16 port,
188 char *name1, char *name2) 188 char *name1, char *name2)
189 { 189 {
190 if (!ipv6_addr_any(addr)) 190 if (!ipv6_addr_any(addr))
191 audit_log_format(ab, " %s=%pI6c", name1, addr); 191 audit_log_format(ab, " %s=%pI6c", name1, addr);
192 if (port) 192 if (port)
193 audit_log_format(ab, " %s=%d", name2, ntohs(port)); 193 audit_log_format(ab, " %s=%d", name2, ntohs(port));
194 } 194 }
195 195
196 static inline void print_ipv4_addr(struct audit_buffer *ab, __be32 addr, 196 static inline void print_ipv4_addr(struct audit_buffer *ab, __be32 addr,
197 __be16 port, char *name1, char *name2) 197 __be16 port, char *name1, char *name2)
198 { 198 {
199 if (addr) 199 if (addr)
200 audit_log_format(ab, " %s=%pI4", name1, &addr); 200 audit_log_format(ab, " %s=%pI4", name1, &addr);
201 if (port) 201 if (port)
202 audit_log_format(ab, " %s=%d", name2, ntohs(port)); 202 audit_log_format(ab, " %s=%d", name2, ntohs(port));
203 } 203 }
204 204
205 /** 205 /**
206 * dump_common_audit_data - helper to dump common audit data 206 * dump_common_audit_data - helper to dump common audit data
207 * @a : common audit data 207 * @a : common audit data
208 * 208 *
209 */ 209 */
210 static void dump_common_audit_data(struct audit_buffer *ab, 210 static void dump_common_audit_data(struct audit_buffer *ab,
211 struct common_audit_data *a) 211 struct common_audit_data *a)
212 { 212 {
213 struct inode *inode = NULL;
214 struct task_struct *tsk = current; 213 struct task_struct *tsk = current;
215 214
216 if (a->tsk) 215 if (a->tsk)
217 tsk = a->tsk; 216 tsk = a->tsk;
218 if (tsk && tsk->pid) { 217 if (tsk && tsk->pid) {
219 audit_log_format(ab, " pid=%d comm=", tsk->pid); 218 audit_log_format(ab, " pid=%d comm=", tsk->pid);
220 audit_log_untrustedstring(ab, tsk->comm); 219 audit_log_untrustedstring(ab, tsk->comm);
221 } 220 }
222 221
223 switch (a->type) { 222 switch (a->type) {
224 case LSM_AUDIT_DATA_NONE: 223 case LSM_AUDIT_DATA_NONE:
225 return; 224 return;
226 case LSM_AUDIT_DATA_IPC: 225 case LSM_AUDIT_DATA_IPC:
227 audit_log_format(ab, " key=%d ", a->u.ipc_id); 226 audit_log_format(ab, " key=%d ", a->u.ipc_id);
228 break; 227 break;
229 case LSM_AUDIT_DATA_CAP: 228 case LSM_AUDIT_DATA_CAP:
230 audit_log_format(ab, " capability=%d ", a->u.cap); 229 audit_log_format(ab, " capability=%d ", a->u.cap);
231 break; 230 break;
232 case LSM_AUDIT_DATA_FS: 231 case LSM_AUDIT_DATA_PATH: {
233 if (a->u.fs.path.dentry) { 232 struct dentry *dentry = a->u.path.dentry;
234 struct dentry *dentry = a->u.fs.path.dentry; 233 struct inode *inode;
235 if (a->u.fs.path.mnt) { 234
236 audit_log_d_path(ab, "path=", &a->u.fs.path); 235 if (a->u.path.mnt) {
237 } else { 236 audit_log_d_path(ab, "path=", &a->u.path);
238 audit_log_format(ab, " name="); 237 } else {
239 audit_log_untrustedstring(ab, 238 audit_log_format(ab, " name=");
240 dentry->d_name.name); 239 audit_log_untrustedstring(ab,
241 } 240 dentry->d_name.name);
242 inode = dentry->d_inode;
243 } else if (a->u.fs.inode) {
244 struct dentry *dentry;
245 inode = a->u.fs.inode;
246 dentry = d_find_alias(inode);
247 if (dentry) {
248 audit_log_format(ab, " name=");
249 audit_log_untrustedstring(ab,
250 dentry->d_name.name);
251 dput(dentry);
252 }
253 } 241 }
242 inode = dentry->d_inode;
254 if (inode) 243 if (inode)
255 audit_log_format(ab, " dev=%s ino=%lu", 244 audit_log_format(ab, " dev=%s ino=%lu",
256 inode->i_sb->s_id, 245 inode->i_sb->s_id,
257 inode->i_ino); 246 inode->i_ino);
258 break; 247 break;
248 }
249 case LSM_AUDIT_DATA_INODE: {
250 struct dentry *dentry;
251 struct inode *inode;
252
253 inode = a->u.inode;
254 dentry = d_find_alias(inode);
255 if (dentry) {
256 audit_log_format(ab, " name=");
257 audit_log_untrustedstring(ab,
258 dentry->d_name.name);
259 dput(dentry);
260 }
261 audit_log_format(ab, " dev=%s ino=%lu", inode->i_sb->s_id,
262 inode->i_ino);
263 break;
264 }
259 case LSM_AUDIT_DATA_TASK: 265 case LSM_AUDIT_DATA_TASK:
260 tsk = a->u.tsk; 266 tsk = a->u.tsk;
261 if (tsk && tsk->pid) { 267 if (tsk && tsk->pid) {
262 audit_log_format(ab, " pid=%d comm=", tsk->pid); 268 audit_log_format(ab, " pid=%d comm=", tsk->pid);
263 audit_log_untrustedstring(ab, tsk->comm); 269 audit_log_untrustedstring(ab, tsk->comm);
264 } 270 }
265 break; 271 break;
266 case LSM_AUDIT_DATA_NET: 272 case LSM_AUDIT_DATA_NET:
267 if (a->u.net.sk) { 273 if (a->u.net.sk) {
268 struct sock *sk = a->u.net.sk; 274 struct sock *sk = a->u.net.sk;
269 struct unix_sock *u; 275 struct unix_sock *u;
270 int len = 0; 276 int len = 0;
271 char *p = NULL; 277 char *p = NULL;
272 278
273 switch (sk->sk_family) { 279 switch (sk->sk_family) {
274 case AF_INET: { 280 case AF_INET: {
275 struct inet_sock *inet = inet_sk(sk); 281 struct inet_sock *inet = inet_sk(sk);
276 282
277 print_ipv4_addr(ab, inet->inet_rcv_saddr, 283 print_ipv4_addr(ab, inet->inet_rcv_saddr,
278 inet->inet_sport, 284 inet->inet_sport,
279 "laddr", "lport"); 285 "laddr", "lport");
280 print_ipv4_addr(ab, inet->inet_daddr, 286 print_ipv4_addr(ab, inet->inet_daddr,
281 inet->inet_dport, 287 inet->inet_dport,
282 "faddr", "fport"); 288 "faddr", "fport");
283 break; 289 break;
284 } 290 }
285 case AF_INET6: { 291 case AF_INET6: {
286 struct inet_sock *inet = inet_sk(sk); 292 struct inet_sock *inet = inet_sk(sk);
287 struct ipv6_pinfo *inet6 = inet6_sk(sk); 293 struct ipv6_pinfo *inet6 = inet6_sk(sk);
288 294
289 print_ipv6_addr(ab, &inet6->rcv_saddr, 295 print_ipv6_addr(ab, &inet6->rcv_saddr,
290 inet->inet_sport, 296 inet->inet_sport,
291 "laddr", "lport"); 297 "laddr", "lport");
292 print_ipv6_addr(ab, &inet6->daddr, 298 print_ipv6_addr(ab, &inet6->daddr,
293 inet->inet_dport, 299 inet->inet_dport,
294 "faddr", "fport"); 300 "faddr", "fport");
295 break; 301 break;
296 } 302 }
297 case AF_UNIX: 303 case AF_UNIX:
298 u = unix_sk(sk); 304 u = unix_sk(sk);
299 if (u->dentry) { 305 if (u->dentry) {
300 struct path path = { 306 struct path path = {
301 .dentry = u->dentry, 307 .dentry = u->dentry,
302 .mnt = u->mnt 308 .mnt = u->mnt
303 }; 309 };
304 audit_log_d_path(ab, "path=", &path); 310 audit_log_d_path(ab, "path=", &path);
305 break; 311 break;
306 } 312 }
307 if (!u->addr) 313 if (!u->addr)
308 break; 314 break;
309 len = u->addr->len-sizeof(short); 315 len = u->addr->len-sizeof(short);
310 p = &u->addr->name->sun_path[0]; 316 p = &u->addr->name->sun_path[0];
311 audit_log_format(ab, " path="); 317 audit_log_format(ab, " path=");
312 if (*p) 318 if (*p)
313 audit_log_untrustedstring(ab, p); 319 audit_log_untrustedstring(ab, p);
314 else 320 else
315 audit_log_n_hex(ab, p, len); 321 audit_log_n_hex(ab, p, len);
316 break; 322 break;
317 } 323 }
318 } 324 }
319 325
320 switch (a->u.net.family) { 326 switch (a->u.net.family) {
321 case AF_INET: 327 case AF_INET:
322 print_ipv4_addr(ab, a->u.net.v4info.saddr, 328 print_ipv4_addr(ab, a->u.net.v4info.saddr,
323 a->u.net.sport, 329 a->u.net.sport,
324 "saddr", "src"); 330 "saddr", "src");
325 print_ipv4_addr(ab, a->u.net.v4info.daddr, 331 print_ipv4_addr(ab, a->u.net.v4info.daddr,
326 a->u.net.dport, 332 a->u.net.dport,
327 "daddr", "dest"); 333 "daddr", "dest");
328 break; 334 break;
329 case AF_INET6: 335 case AF_INET6:
330 print_ipv6_addr(ab, &a->u.net.v6info.saddr, 336 print_ipv6_addr(ab, &a->u.net.v6info.saddr,
331 a->u.net.sport, 337 a->u.net.sport,
332 "saddr", "src"); 338 "saddr", "src");
333 print_ipv6_addr(ab, &a->u.net.v6info.daddr, 339 print_ipv6_addr(ab, &a->u.net.v6info.daddr,
334 a->u.net.dport, 340 a->u.net.dport,
335 "daddr", "dest"); 341 "daddr", "dest");
336 break; 342 break;
337 } 343 }
338 if (a->u.net.netif > 0) { 344 if (a->u.net.netif > 0) {
339 struct net_device *dev; 345 struct net_device *dev;
340 346
341 /* NOTE: we always use init's namespace */ 347 /* NOTE: we always use init's namespace */
342 dev = dev_get_by_index(&init_net, a->u.net.netif); 348 dev = dev_get_by_index(&init_net, a->u.net.netif);
343 if (dev) { 349 if (dev) {
344 audit_log_format(ab, " netif=%s", dev->name); 350 audit_log_format(ab, " netif=%s", dev->name);
345 dev_put(dev); 351 dev_put(dev);
346 } 352 }
347 } 353 }
348 break; 354 break;
349 #ifdef CONFIG_KEYS 355 #ifdef CONFIG_KEYS
350 case LSM_AUDIT_DATA_KEY: 356 case LSM_AUDIT_DATA_KEY:
351 audit_log_format(ab, " key_serial=%u", a->u.key_struct.key); 357 audit_log_format(ab, " key_serial=%u", a->u.key_struct.key);
352 if (a->u.key_struct.key_desc) { 358 if (a->u.key_struct.key_desc) {
353 audit_log_format(ab, " key_desc="); 359 audit_log_format(ab, " key_desc=");
354 audit_log_untrustedstring(ab, a->u.key_struct.key_desc); 360 audit_log_untrustedstring(ab, a->u.key_struct.key_desc);
355 } 361 }
356 break; 362 break;
357 #endif 363 #endif
358 case LSM_AUDIT_DATA_KMOD: 364 case LSM_AUDIT_DATA_KMOD:
359 audit_log_format(ab, " kmod="); 365 audit_log_format(ab, " kmod=");
360 audit_log_untrustedstring(ab, a->u.kmod_name); 366 audit_log_untrustedstring(ab, a->u.kmod_name);
361 break; 367 break;
362 } /* switch (a->type) */ 368 } /* switch (a->type) */
363 } 369 }
364 370
365 /** 371 /**
366 * common_lsm_audit - generic LSM auditing function 372 * common_lsm_audit - generic LSM auditing function
367 * @a: auxiliary audit data 373 * @a: auxiliary audit data
368 * 374 *
369 * setup the audit buffer for common security information 375 * setup the audit buffer for common security information
370 * uses callback to print LSM specific information 376 * uses callback to print LSM specific information
371 */ 377 */
372 void common_lsm_audit(struct common_audit_data *a) 378 void common_lsm_audit(struct common_audit_data *a)
373 { 379 {
374 struct audit_buffer *ab; 380 struct audit_buffer *ab;
375 381
376 if (a == NULL) 382 if (a == NULL)
377 return; 383 return;
378 /* we use GFP_ATOMIC so we won't sleep */ 384 /* we use GFP_ATOMIC so we won't sleep */
379 ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_AVC); 385 ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_AVC);
380 386
381 if (ab == NULL) 387 if (ab == NULL)
382 return; 388 return;
security/selinux/avc.c
Diff comments   View file @ f48b739
1 /* 1 /*
2 * Implementation of the kernel access vector cache (AVC). 2 * Implementation of the kernel access vector cache (AVC).
3 * 3 *
4 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 4 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil>
5 * James Morris <jmorris@redhat.com> 5 * James Morris <jmorris@redhat.com>
6 * 6 *
7 * Update: KaiGai, Kohei <kaigai@ak.jp.nec.com> 7 * Update: KaiGai, Kohei <kaigai@ak.jp.nec.com>
8 * Replaced the avc_lock spinlock by RCU. 8 * Replaced the avc_lock spinlock by RCU.
9 * 9 *
10 * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com> 10 * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
11 * 11 *
12 * This program is free software; you can redistribute it and/or modify 12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License version 2, 13 * it under the terms of the GNU General Public License version 2,
14 * as published by the Free Software Foundation. 14 * as published by the Free Software Foundation.
15 */ 15 */
16 #include <linux/types.h> 16 #include <linux/types.h>
17 #include <linux/stddef.h> 17 #include <linux/stddef.h>
18 #include <linux/kernel.h> 18 #include <linux/kernel.h>
19 #include <linux/slab.h> 19 #include <linux/slab.h>
20 #include <linux/fs.h> 20 #include <linux/fs.h>
21 #include <linux/dcache.h> 21 #include <linux/dcache.h>
22 #include <linux/init.h> 22 #include <linux/init.h>
23 #include <linux/skbuff.h> 23 #include <linux/skbuff.h>
24 #include <linux/percpu.h> 24 #include <linux/percpu.h>
25 #include <net/sock.h> 25 #include <net/sock.h>
26 #include <linux/un.h> 26 #include <linux/un.h>
27 #include <net/af_unix.h> 27 #include <net/af_unix.h>
28 #include <linux/ip.h> 28 #include <linux/ip.h>
29 #include <linux/audit.h> 29 #include <linux/audit.h>
30 #include <linux/ipv6.h> 30 #include <linux/ipv6.h>
31 #include <net/ipv6.h> 31 #include <net/ipv6.h>
32 #include "avc.h" 32 #include "avc.h"
33 #include "avc_ss.h" 33 #include "avc_ss.h"
34 #include "classmap.h" 34 #include "classmap.h"
35 35
36 #define AVC_CACHE_SLOTS 512 36 #define AVC_CACHE_SLOTS 512
37 #define AVC_DEF_CACHE_THRESHOLD 512 37 #define AVC_DEF_CACHE_THRESHOLD 512
38 #define AVC_CACHE_RECLAIM 16 38 #define AVC_CACHE_RECLAIM 16
39 39
40 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 40 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
41 #define avc_cache_stats_incr(field) \ 41 #define avc_cache_stats_incr(field) \
42 do { \ 42 do { \
43 per_cpu(avc_cache_stats, get_cpu()).field++; \ 43 per_cpu(avc_cache_stats, get_cpu()).field++; \
44 put_cpu(); \ 44 put_cpu(); \
45 } while (0) 45 } while (0)
46 #else 46 #else
47 #define avc_cache_stats_incr(field) do {} while (0) 47 #define avc_cache_stats_incr(field) do {} while (0)
48 #endif 48 #endif
49 49
50 struct avc_entry { 50 struct avc_entry {
51 u32 ssid; 51 u32 ssid;
52 u32 tsid; 52 u32 tsid;
53 u16 tclass; 53 u16 tclass;
54 struct av_decision avd; 54 struct av_decision avd;
55 }; 55 };
56 56
57 struct avc_node { 57 struct avc_node {
58 struct avc_entry ae; 58 struct avc_entry ae;
59 struct hlist_node list; /* anchored in avc_cache->slots[i] */ 59 struct hlist_node list; /* anchored in avc_cache->slots[i] */
60 struct rcu_head rhead; 60 struct rcu_head rhead;
61 }; 61 };
62 62
63 struct avc_cache { 63 struct avc_cache {
64 struct hlist_head slots[AVC_CACHE_SLOTS]; /* head for avc_node->list */ 64 struct hlist_head slots[AVC_CACHE_SLOTS]; /* head for avc_node->list */
65 spinlock_t slots_lock[AVC_CACHE_SLOTS]; /* lock for writes */ 65 spinlock_t slots_lock[AVC_CACHE_SLOTS]; /* lock for writes */
66 atomic_t lru_hint; /* LRU hint for reclaim scan */ 66 atomic_t lru_hint; /* LRU hint for reclaim scan */
67 atomic_t active_nodes; 67 atomic_t active_nodes;
68 u32 latest_notif; /* latest revocation notification */ 68 u32 latest_notif; /* latest revocation notification */
69 }; 69 };
70 70
71 struct avc_callback_node { 71 struct avc_callback_node {
72 int (*callback) (u32 event, u32 ssid, u32 tsid, 72 int (*callback) (u32 event, u32 ssid, u32 tsid,
73 u16 tclass, u32 perms, 73 u16 tclass, u32 perms,
74 u32 *out_retained); 74 u32 *out_retained);
75 u32 events; 75 u32 events;
76 u32 ssid; 76 u32 ssid;
77 u32 tsid; 77 u32 tsid;
78 u16 tclass; 78 u16 tclass;
79 u32 perms; 79 u32 perms;
80 struct avc_callback_node *next; 80 struct avc_callback_node *next;
81 }; 81 };
82 82
83 /* Exported via selinufs */ 83 /* Exported via selinufs */
84 unsigned int avc_cache_threshold = AVC_DEF_CACHE_THRESHOLD; 84 unsigned int avc_cache_threshold = AVC_DEF_CACHE_THRESHOLD;
85 85
86 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 86 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
87 DEFINE_PER_CPU(struct avc_cache_stats, avc_cache_stats) = { 0 }; 87 DEFINE_PER_CPU(struct avc_cache_stats, avc_cache_stats) = { 0 };
88 #endif 88 #endif
89 89
90 static struct avc_cache avc_cache; 90 static struct avc_cache avc_cache;
91 static struct avc_callback_node *avc_callbacks; 91 static struct avc_callback_node *avc_callbacks;
92 static struct kmem_cache *avc_node_cachep; 92 static struct kmem_cache *avc_node_cachep;
93 93
94 static inline int avc_hash(u32 ssid, u32 tsid, u16 tclass) 94 static inline int avc_hash(u32 ssid, u32 tsid, u16 tclass)
95 { 95 {
96 return (ssid ^ (tsid<<2) ^ (tclass<<4)) & (AVC_CACHE_SLOTS - 1); 96 return (ssid ^ (tsid<<2) ^ (tclass<<4)) & (AVC_CACHE_SLOTS - 1);
97 } 97 }
98 98
99 /** 99 /**
100 * avc_dump_av - Display an access vector in human-readable form. 100 * avc_dump_av - Display an access vector in human-readable form.
101 * @tclass: target security class 101 * @tclass: target security class
102 * @av: access vector 102 * @av: access vector
103 */ 103 */
104 static void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av) 104 static void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av)
105 { 105 {
106 const char **perms; 106 const char **perms;
107 int i, perm; 107 int i, perm;
108 108
109 if (av == 0) { 109 if (av == 0) {
110 audit_log_format(ab, " null"); 110 audit_log_format(ab, " null");
111 return; 111 return;
112 } 112 }
113 113
114 perms = secclass_map[tclass-1].perms; 114 perms = secclass_map[tclass-1].perms;
115 115
116 audit_log_format(ab, " {"); 116 audit_log_format(ab, " {");
117 i = 0; 117 i = 0;
118 perm = 1; 118 perm = 1;
119 while (i < (sizeof(av) * 8)) { 119 while (i < (sizeof(av) * 8)) {
120 if ((perm & av) && perms[i]) { 120 if ((perm & av) && perms[i]) {
121 audit_log_format(ab, " %s", perms[i]); 121 audit_log_format(ab, " %s", perms[i]);
122 av &= ~perm; 122 av &= ~perm;
123 } 123 }
124 i++; 124 i++;
125 perm <<= 1; 125 perm <<= 1;
126 } 126 }
127 127
128 if (av) 128 if (av)
129 audit_log_format(ab, " 0x%x", av); 129 audit_log_format(ab, " 0x%x", av);
130 130
131 audit_log_format(ab, " }"); 131 audit_log_format(ab, " }");
132 } 132 }
133 133
134 /** 134 /**
135 * avc_dump_query - Display a SID pair and a class in human-readable form. 135 * avc_dump_query - Display a SID pair and a class in human-readable form.
136 * @ssid: source security identifier 136 * @ssid: source security identifier
137 * @tsid: target security identifier 137 * @tsid: target security identifier
138 * @tclass: target security class 138 * @tclass: target security class
139 */ 139 */
140 static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tclass) 140 static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tclass)
141 { 141 {
142 int rc; 142 int rc;
143 char *scontext; 143 char *scontext;
144 u32 scontext_len; 144 u32 scontext_len;
145 145
146 rc = security_sid_to_context(ssid, &scontext, &scontext_len); 146 rc = security_sid_to_context(ssid, &scontext, &scontext_len);
147 if (rc) 147 if (rc)
148 audit_log_format(ab, "ssid=%d", ssid); 148 audit_log_format(ab, "ssid=%d", ssid);
149 else { 149 else {
150 audit_log_format(ab, "scontext=%s", scontext); 150 audit_log_format(ab, "scontext=%s", scontext);
151 kfree(scontext); 151 kfree(scontext);
152 } 152 }
153 153
154 rc = security_sid_to_context(tsid, &scontext, &scontext_len); 154 rc = security_sid_to_context(tsid, &scontext, &scontext_len);
155 if (rc) 155 if (rc)
156 audit_log_format(ab, " tsid=%d", tsid); 156 audit_log_format(ab, " tsid=%d", tsid);
157 else { 157 else {
158 audit_log_format(ab, " tcontext=%s", scontext); 158 audit_log_format(ab, " tcontext=%s", scontext);
159 kfree(scontext); 159 kfree(scontext);
160 } 160 }
161 161
162 BUG_ON(tclass >= ARRAY_SIZE(secclass_map)); 162 BUG_ON(tclass >= ARRAY_SIZE(secclass_map));
163 audit_log_format(ab, " tclass=%s", secclass_map[tclass-1].name); 163 audit_log_format(ab, " tclass=%s", secclass_map[tclass-1].name);
164 } 164 }
165 165
166 /** 166 /**
167 * avc_init - Initialize the AVC. 167 * avc_init - Initialize the AVC.
168 * 168 *
169 * Initialize the access vector cache. 169 * Initialize the access vector cache.
170 */ 170 */
171 void __init avc_init(void) 171 void __init avc_init(void)
172 { 172 {
173 int i; 173 int i;
174 174
175 for (i = 0; i < AVC_CACHE_SLOTS; i++) { 175 for (i = 0; i < AVC_CACHE_SLOTS; i++) {
176 INIT_HLIST_HEAD(&avc_cache.slots[i]); 176 INIT_HLIST_HEAD(&avc_cache.slots[i]);
177 spin_lock_init(&avc_cache.slots_lock[i]); 177 spin_lock_init(&avc_cache.slots_lock[i]);
178 } 178 }
179 atomic_set(&avc_cache.active_nodes, 0); 179 atomic_set(&avc_cache.active_nodes, 0);
180 atomic_set(&avc_cache.lru_hint, 0); 180 atomic_set(&avc_cache.lru_hint, 0);
181 181
182 avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node), 182 avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node),
183 0, SLAB_PANIC, NULL); 183 0, SLAB_PANIC, NULL);
184 184
185 audit_log(current->audit_context, GFP_KERNEL, AUDIT_KERNEL, "AVC INITIALIZED\n"); 185 audit_log(current->audit_context, GFP_KERNEL, AUDIT_KERNEL, "AVC INITIALIZED\n");
186 } 186 }
187 187
188 int avc_get_hash_stats(char *page) 188 int avc_get_hash_stats(char *page)
189 { 189 {
190 int i, chain_len, max_chain_len, slots_used; 190 int i, chain_len, max_chain_len, slots_used;
191 struct avc_node *node; 191 struct avc_node *node;
192 struct hlist_head *head; 192 struct hlist_head *head;
193 193
194 rcu_read_lock(); 194 rcu_read_lock();
195 195
196 slots_used = 0; 196 slots_used = 0;
197 max_chain_len = 0; 197 max_chain_len = 0;
198 for (i = 0; i < AVC_CACHE_SLOTS; i++) { 198 for (i = 0; i < AVC_CACHE_SLOTS; i++) {
199 head = &avc_cache.slots[i]; 199 head = &avc_cache.slots[i];
200 if (!hlist_empty(head)) { 200 if (!hlist_empty(head)) {
201 struct hlist_node *next; 201 struct hlist_node *next;
202 202
203 slots_used++; 203 slots_used++;
204 chain_len = 0; 204 chain_len = 0;
205 hlist_for_each_entry_rcu(node, next, head, list) 205 hlist_for_each_entry_rcu(node, next, head, list)
206 chain_len++; 206 chain_len++;
207 if (chain_len > max_chain_len) 207 if (chain_len > max_chain_len)
208 max_chain_len = chain_len; 208 max_chain_len = chain_len;
209 } 209 }
210 } 210 }
211 211
212 rcu_read_unlock(); 212 rcu_read_unlock();
213 213
214 return scnprintf(page, PAGE_SIZE, "entries: %d\nbuckets used: %d/%d\n" 214 return scnprintf(page, PAGE_SIZE, "entries: %d\nbuckets used: %d/%d\n"
215 "longest chain: %d\n", 215 "longest chain: %d\n",
216 atomic_read(&avc_cache.active_nodes), 216 atomic_read(&avc_cache.active_nodes),
217 slots_used, AVC_CACHE_SLOTS, max_chain_len); 217 slots_used, AVC_CACHE_SLOTS, max_chain_len);
218 } 218 }
219 219
220 static void avc_node_free(struct rcu_head *rhead) 220 static void avc_node_free(struct rcu_head *rhead)
221 { 221 {
222 struct avc_node *node = container_of(rhead, struct avc_node, rhead); 222 struct avc_node *node = container_of(rhead, struct avc_node, rhead);
223 kmem_cache_free(avc_node_cachep, node); 223 kmem_cache_free(avc_node_cachep, node);
224 avc_cache_stats_incr(frees); 224 avc_cache_stats_incr(frees);
225 } 225 }
226 226
227 static void avc_node_delete(struct avc_node *node) 227 static void avc_node_delete(struct avc_node *node)
228 { 228 {
229 hlist_del_rcu(&node->list); 229 hlist_del_rcu(&node->list);
230 call_rcu(&node->rhead, avc_node_free); 230 call_rcu(&node->rhead, avc_node_free);
231 atomic_dec(&avc_cache.active_nodes); 231 atomic_dec(&avc_cache.active_nodes);
232 } 232 }
233 233
234 static void avc_node_kill(struct avc_node *node) 234 static void avc_node_kill(struct avc_node *node)
235 { 235 {
236 kmem_cache_free(avc_node_cachep, node); 236 kmem_cache_free(avc_node_cachep, node);
237 avc_cache_stats_incr(frees); 237 avc_cache_stats_incr(frees);
238 atomic_dec(&avc_cache.active_nodes); 238 atomic_dec(&avc_cache.active_nodes);
239 } 239 }
240 240
241 static void avc_node_replace(struct avc_node *new, struct avc_node *old) 241 static void avc_node_replace(struct avc_node *new, struct avc_node *old)
242 { 242 {
243 hlist_replace_rcu(&old->list, &new->list); 243 hlist_replace_rcu(&old->list, &new->list);
244 call_rcu(&old->rhead, avc_node_free); 244 call_rcu(&old->rhead, avc_node_free);
245 atomic_dec(&avc_cache.active_nodes); 245 atomic_dec(&avc_cache.active_nodes);
246 } 246 }
247 247
248 static inline int avc_reclaim_node(void) 248 static inline int avc_reclaim_node(void)
249 { 249 {
250 struct avc_node *node; 250 struct avc_node *node;
251 int hvalue, try, ecx; 251 int hvalue, try, ecx;
252 unsigned long flags; 252 unsigned long flags;
253 struct hlist_head *head; 253 struct hlist_head *head;
254 struct hlist_node *next; 254 struct hlist_node *next;
255 spinlock_t *lock; 255 spinlock_t *lock;
256 256
257 for (try = 0, ecx = 0; try < AVC_CACHE_SLOTS; try++) { 257 for (try = 0, ecx = 0; try < AVC_CACHE_SLOTS; try++) {
258 hvalue = atomic_inc_return(&avc_cache.lru_hint) & (AVC_CACHE_SLOTS - 1); 258 hvalue = atomic_inc_return(&avc_cache.lru_hint) & (AVC_CACHE_SLOTS - 1);
259 head = &avc_cache.slots[hvalue]; 259 head = &avc_cache.slots[hvalue];
260 lock = &avc_cache.slots_lock[hvalue]; 260 lock = &avc_cache.slots_lock[hvalue];
261 261
262 if (!spin_trylock_irqsave(lock, flags)) 262 if (!spin_trylock_irqsave(lock, flags))
263 continue; 263 continue;
264 264
265 rcu_read_lock(); 265 rcu_read_lock();
266 hlist_for_each_entry(node, next, head, list) { 266 hlist_for_each_entry(node, next, head, list) {
267 avc_node_delete(node); 267 avc_node_delete(node);
268 avc_cache_stats_incr(reclaims); 268 avc_cache_stats_incr(reclaims);
269 ecx++; 269 ecx++;
270 if (ecx >= AVC_CACHE_RECLAIM) { 270 if (ecx >= AVC_CACHE_RECLAIM) {
271 rcu_read_unlock(); 271 rcu_read_unlock();
272 spin_unlock_irqrestore(lock, flags); 272 spin_unlock_irqrestore(lock, flags);
273 goto out; 273 goto out;
274 } 274 }
275 } 275 }
276 rcu_read_unlock(); 276 rcu_read_unlock();
277 spin_unlock_irqrestore(lock, flags); 277 spin_unlock_irqrestore(lock, flags);
278 } 278 }
279 out: 279 out:
280 return ecx; 280 return ecx;
281 } 281 }
282 282
283 static struct avc_node *avc_alloc_node(void) 283 static struct avc_node *avc_alloc_node(void)
284 { 284 {
285 struct avc_node *node; 285 struct avc_node *node;
286 286
287 node = kmem_cache_zalloc(avc_node_cachep, GFP_ATOMIC); 287 node = kmem_cache_zalloc(avc_node_cachep, GFP_ATOMIC);
288 if (!node) 288 if (!node)
289 goto out; 289 goto out;
290 290
291 INIT_HLIST_NODE(&node->list); 291 INIT_HLIST_NODE(&node->list);
292 avc_cache_stats_incr(allocations); 292 avc_cache_stats_incr(allocations);
293 293
294 if (atomic_inc_return(&avc_cache.active_nodes) > avc_cache_threshold) 294 if (atomic_inc_return(&avc_cache.active_nodes) > avc_cache_threshold)
295 avc_reclaim_node(); 295 avc_reclaim_node();
296 296
297 out: 297 out:
298 return node; 298 return node;
299 } 299 }
300 300
301 static void avc_node_populate(struct avc_node *node, u32 ssid, u32 tsid, u16 tclass, struct av_decision *avd) 301 static void avc_node_populate(struct avc_node *node, u32 ssid, u32 tsid, u16 tclass, struct av_decision *avd)
302 { 302 {
303 node->ae.ssid = ssid; 303 node->ae.ssid = ssid;
304 node->ae.tsid = tsid; 304 node->ae.tsid = tsid;
305 node->ae.tclass = tclass; 305 node->ae.tclass = tclass;
306 memcpy(&node->ae.avd, avd, sizeof(node->ae.avd)); 306 memcpy(&node->ae.avd, avd, sizeof(node->ae.avd));
307 } 307 }
308 308
309 static inline struct avc_node *avc_search_node(u32 ssid, u32 tsid, u16 tclass) 309 static inline struct avc_node *avc_search_node(u32 ssid, u32 tsid, u16 tclass)
310 { 310 {
311 struct avc_node *node, *ret = NULL; 311 struct avc_node *node, *ret = NULL;
312 int hvalue; 312 int hvalue;
313 struct hlist_head *head; 313 struct hlist_head *head;
314 struct hlist_node *next; 314 struct hlist_node *next;
315 315
316 hvalue = avc_hash(ssid, tsid, tclass); 316 hvalue = avc_hash(ssid, tsid, tclass);
317 head = &avc_cache.slots[hvalue]; 317 head = &avc_cache.slots[hvalue];
318 hlist_for_each_entry_rcu(node, next, head, list) { 318 hlist_for_each_entry_rcu(node, next, head, list) {
319 if (ssid == node->ae.ssid && 319 if (ssid == node->ae.ssid &&
320 tclass == node->ae.tclass && 320 tclass == node->ae.tclass &&
321 tsid == node->ae.tsid) { 321 tsid == node->ae.tsid) {
322 ret = node; 322 ret = node;
323 break; 323 break;
324 } 324 }
325 } 325 }
326 326
327 return ret; 327 return ret;
328 } 328 }
329 329
330 /** 330 /**
331 * avc_lookup - Look up an AVC entry. 331 * avc_lookup - Look up an AVC entry.
332 * @ssid: source security identifier 332 * @ssid: source security identifier
333 * @tsid: target security identifier 333 * @tsid: target security identifier
334 * @tclass: target security class 334 * @tclass: target security class
335 * 335 *
336 * Look up an AVC entry that is valid for the 336 * Look up an AVC entry that is valid for the
337 * (@ssid, @tsid), interpreting the permissions 337 * (@ssid, @tsid), interpreting the permissions
338 * based on @tclass. If a valid AVC entry exists, 338 * based on @tclass. If a valid AVC entry exists,
339 * then this function returns the avc_node. 339 * then this function returns the avc_node.
340 * Otherwise, this function returns NULL. 340 * Otherwise, this function returns NULL.
341 */ 341 */
342 static struct avc_node *avc_lookup(u32 ssid, u32 tsid, u16 tclass) 342 static struct avc_node *avc_lookup(u32 ssid, u32 tsid, u16 tclass)
343 { 343 {
344 struct avc_node *node; 344 struct avc_node *node;
345 345
346 avc_cache_stats_incr(lookups); 346 avc_cache_stats_incr(lookups);
347 node = avc_search_node(ssid, tsid, tclass); 347 node = avc_search_node(ssid, tsid, tclass);
348 348
349 if (node) 349 if (node)
350 avc_cache_stats_incr(hits); 350 avc_cache_stats_incr(hits);
351 else 351 else
352 avc_cache_stats_incr(misses); 352 avc_cache_stats_incr(misses);
353 353
354 return node; 354 return node;
355 } 355 }
356 356
357 static int avc_latest_notif_update(int seqno, int is_insert) 357 static int avc_latest_notif_update(int seqno, int is_insert)
358 { 358 {
359 int ret = 0; 359 int ret = 0;
360 static DEFINE_SPINLOCK(notif_lock); 360 static DEFINE_SPINLOCK(notif_lock);
361 unsigned long flag; 361 unsigned long flag;
362 362
363 spin_lock_irqsave(&notif_lock, flag); 363 spin_lock_irqsave(&notif_lock, flag);
364 if (is_insert) { 364 if (is_insert) {
365 if (seqno < avc_cache.latest_notif) { 365 if (seqno < avc_cache.latest_notif) {
366 printk(KERN_WARNING "SELinux: avc: seqno %d < latest_notif %d\n", 366 printk(KERN_WARNING "SELinux: avc: seqno %d < latest_notif %d\n",
367 seqno, avc_cache.latest_notif); 367 seqno, avc_cache.latest_notif);
368 ret = -EAGAIN; 368 ret = -EAGAIN;
369 } 369 }
370 } else { 370 } else {
371 if (seqno > avc_cache.latest_notif) 371 if (seqno > avc_cache.latest_notif)
372 avc_cache.latest_notif = seqno; 372 avc_cache.latest_notif = seqno;
373 } 373 }
374 spin_unlock_irqrestore(&notif_lock, flag); 374 spin_unlock_irqrestore(&notif_lock, flag);
375 375
376 return ret; 376 return ret;
377 } 377 }
378 378
379 /** 379 /**
380 * avc_insert - Insert an AVC entry. 380 * avc_insert - Insert an AVC entry.
381 * @ssid: source security identifier 381 * @ssid: source security identifier
382 * @tsid: target security identifier 382 * @tsid: target security identifier
383 * @tclass: target security class 383 * @tclass: target security class
384 * @avd: resulting av decision 384 * @avd: resulting av decision
385 * 385 *
386 * Insert an AVC entry for the SID pair 386 * Insert an AVC entry for the SID pair
387 * (@ssid, @tsid) and class @tclass. 387 * (@ssid, @tsid) and class @tclass.
388 * The access vectors and the sequence number are 388 * The access vectors and the sequence number are
389 * normally provided by the security server in 389 * normally provided by the security server in
390 * response to a security_compute_av() call. If the 390 * response to a security_compute_av() call. If the
391 * sequence number @avd->seqno is not less than the latest 391 * sequence number @avd->seqno is not less than the latest
392 * revocation notification, then the function copies 392 * revocation notification, then the function copies
393 * the access vectors into a cache entry, returns 393 * the access vectors into a cache entry, returns
394 * avc_node inserted. Otherwise, this function returns NULL. 394 * avc_node inserted. Otherwise, this function returns NULL.
395 */ 395 */
396 static struct avc_node *avc_insert(u32 ssid, u32 tsid, u16 tclass, struct av_decision *avd) 396 static struct avc_node *avc_insert(u32 ssid, u32 tsid, u16 tclass, struct av_decision *avd)
397 { 397 {
398 struct avc_node *pos, *node = NULL; 398 struct avc_node *pos, *node = NULL;
399 int hvalue; 399 int hvalue;
400 unsigned long flag; 400 unsigned long flag;
401 401
402 if (avc_latest_notif_update(avd->seqno, 1)) 402 if (avc_latest_notif_update(avd->seqno, 1))
403 goto out; 403 goto out;
404 404
405 node = avc_alloc_node(); 405 node = avc_alloc_node();
406 if (node) { 406 if (node) {
407 struct hlist_head *head; 407 struct hlist_head *head;
408 struct hlist_node *next; 408 struct hlist_node *next;
409 spinlock_t *lock; 409 spinlock_t *lock;
410 410
411 hvalue = avc_hash(ssid, tsid, tclass); 411 hvalue = avc_hash(ssid, tsid, tclass);
412 avc_node_populate(node, ssid, tsid, tclass, avd); 412 avc_node_populate(node, ssid, tsid, tclass, avd);
413 413
414 head = &avc_cache.slots[hvalue]; 414 head = &avc_cache.slots[hvalue];
415 lock = &avc_cache.slots_lock[hvalue]; 415 lock = &avc_cache.slots_lock[hvalue];
416 416
417 spin_lock_irqsave(lock, flag); 417 spin_lock_irqsave(lock, flag);
418 hlist_for_each_entry(pos, next, head, list) { 418 hlist_for_each_entry(pos, next, head, list) {
419 if (pos->ae.ssid == ssid && 419 if (pos->ae.ssid == ssid &&
420 pos->ae.tsid == tsid && 420 pos->ae.tsid == tsid &&
421 pos->ae.tclass == tclass) { 421 pos->ae.tclass == tclass) {
422 avc_node_replace(node, pos); 422 avc_node_replace(node, pos);
423 goto found; 423 goto found;
424 } 424 }
425 } 425 }
426 hlist_add_head_rcu(&node->list, head); 426 hlist_add_head_rcu(&node->list, head);
427 found: 427 found:
428 spin_unlock_irqrestore(lock, flag); 428 spin_unlock_irqrestore(lock, flag);
429 } 429 }
430 out: 430 out:
431 return node; 431 return node;
432 } 432 }
433 433
434 /** 434 /**
435 * avc_audit_pre_callback - SELinux specific information 435 * avc_audit_pre_callback - SELinux specific information
436 * will be called by generic audit code 436 * will be called by generic audit code
437 * @ab: the audit buffer 437 * @ab: the audit buffer
438 * @a: audit_data 438 * @a: audit_data
439 */ 439 */
440 static void avc_audit_pre_callback(struct audit_buffer *ab, void *a) 440 static void avc_audit_pre_callback(struct audit_buffer *ab, void *a)
441 { 441 {
442 struct common_audit_data *ad = a; 442 struct common_audit_data *ad = a;
443 audit_log_format(ab, "avc: %s ", 443 audit_log_format(ab, "avc: %s ",
444 ad->selinux_audit_data.denied ? "denied" : "granted"); 444 ad->selinux_audit_data.denied ? "denied" : "granted");
445 avc_dump_av(ab, ad->selinux_audit_data.tclass, 445 avc_dump_av(ab, ad->selinux_audit_data.tclass,
446 ad->selinux_audit_data.audited); 446 ad->selinux_audit_data.audited);
447 audit_log_format(ab, " for "); 447 audit_log_format(ab, " for ");
448 } 448 }
449 449
450 /** 450 /**
451 * avc_audit_post_callback - SELinux specific information 451 * avc_audit_post_callback - SELinux specific information
452 * will be called by generic audit code 452 * will be called by generic audit code
453 * @ab: the audit buffer 453 * @ab: the audit buffer
454 * @a: audit_data 454 * @a: audit_data
455 */ 455 */
456 static void avc_audit_post_callback(struct audit_buffer *ab, void *a) 456 static void avc_audit_post_callback(struct audit_buffer *ab, void *a)
457 { 457 {
458 struct common_audit_data *ad = a; 458 struct common_audit_data *ad = a;
459 audit_log_format(ab, " "); 459 audit_log_format(ab, " ");
460 avc_dump_query(ab, ad->selinux_audit_data.ssid, 460 avc_dump_query(ab, ad->selinux_audit_data.ssid,
461 ad->selinux_audit_data.tsid, 461 ad->selinux_audit_data.tsid,
462 ad->selinux_audit_data.tclass); 462 ad->selinux_audit_data.tclass);
463 } 463 }
464 464
465 /** 465 /**
466 * avc_audit - Audit the granting or denial of permissions. 466 * avc_audit - Audit the granting or denial of permissions.
467 * @ssid: source security identifier 467 * @ssid: source security identifier
468 * @tsid: target security identifier 468 * @tsid: target security identifier
469 * @tclass: target security class 469 * @tclass: target security class
470 * @requested: requested permissions 470 * @requested: requested permissions
471 * @avd: access vector decisions 471 * @avd: access vector decisions
472 * @result: result from avc_has_perm_noaudit 472 * @result: result from avc_has_perm_noaudit
473 * @a: auxiliary audit data 473 * @a: auxiliary audit data
474 * @flags: VFS walk flags 474 * @flags: VFS walk flags
475 * 475 *
476 * Audit the granting or denial of permissions in accordance 476 * Audit the granting or denial of permissions in accordance
477 * with the policy. This function is typically called by 477 * with the policy. This function is typically called by
478 * avc_has_perm() after a permission check, but can also be 478 * avc_has_perm() after a permission check, but can also be
479 * called directly by callers who use avc_has_perm_noaudit() 479 * called directly by callers who use avc_has_perm_noaudit()
480 * in order to separate the permission check from the auditing. 480 * in order to separate the permission check from the auditing.
481 * For example, this separation is useful when the permission check must 481 * For example, this separation is useful when the permission check must
482 * be performed under a lock, to allow the lock to be released 482 * be performed under a lock, to allow the lock to be released
483 * before calling the auditing code. 483 * before calling the auditing code.
484 */ 484 */
485 int avc_audit(u32 ssid, u32 tsid, 485 int avc_audit(u32 ssid, u32 tsid,
486 u16 tclass, u32 requested, 486 u16 tclass, u32 requested,
487 struct av_decision *avd, int result, struct common_audit_data *a, 487 struct av_decision *avd, int result, struct common_audit_data *a,
488 unsigned flags) 488 unsigned flags)
489 { 489 {
490 struct common_audit_data stack_data; 490 struct common_audit_data stack_data;
491 u32 denied, audited; 491 u32 denied, audited;
492 denied = requested & ~avd->allowed; 492 denied = requested & ~avd->allowed;
493 if (denied) { 493 if (denied) {
494 audited = denied & avd->auditdeny; 494 audited = denied & avd->auditdeny;
495 /* 495 /*
496 * a->selinux_audit_data.auditdeny is TRICKY! Setting a bit in 496 * a->selinux_audit_data.auditdeny is TRICKY! Setting a bit in
497 * this field means that ANY denials should NOT be audited if 497 * this field means that ANY denials should NOT be audited if
498 * the policy contains an explicit dontaudit rule for that 498 * the policy contains an explicit dontaudit rule for that
499 * permission. Take notice that this is unrelated to the 499 * permission. Take notice that this is unrelated to the
500 * actual permissions that were denied. As an example lets 500 * actual permissions that were denied. As an example lets
501 * assume: 501 * assume:
502 * 502 *
503 * denied == READ 503 * denied == READ
504 * avd.auditdeny & ACCESS == 0 (not set means explicit rule) 504 * avd.auditdeny & ACCESS == 0 (not set means explicit rule)
505 * selinux_audit_data.auditdeny & ACCESS == 1 505 * selinux_audit_data.auditdeny & ACCESS == 1
506 * 506 *
507 * We will NOT audit the denial even though the denied 507 * We will NOT audit the denial even though the denied
508 * permission was READ and the auditdeny checks were for 508 * permission was READ and the auditdeny checks were for
509 * ACCESS 509 * ACCESS
510 */ 510 */
511 if (a && 511 if (a &&
512 a->selinux_audit_data.auditdeny && 512 a->selinux_audit_data.auditdeny &&
513 !(a->selinux_audit_data.auditdeny & avd->auditdeny)) 513 !(a->selinux_audit_data.auditdeny & avd->auditdeny))
514 audited = 0; 514 audited = 0;
515 } else if (result) 515 } else if (result)
516 audited = denied = requested; 516 audited = denied = requested;
517 else 517 else
518 audited = requested & avd->auditallow; 518 audited = requested & avd->auditallow;
519 if (!audited) 519 if (!audited)
520 return 0; 520 return 0;
521 521
522 if (!a) { 522 if (!a) {
523 a = &stack_data; 523 a = &stack_data;
524 COMMON_AUDIT_DATA_INIT(a, NONE); 524 COMMON_AUDIT_DATA_INIT(a, NONE);
525 } 525 }
526 526
527 /* 527 /*
528 * When in a RCU walk do the audit on the RCU retry. This is because 528 * When in a RCU walk do the audit on the RCU retry. This is because
529 * the collection of the dname in an inode audit message is not RCU 529 * the collection of the dname in an inode audit message is not RCU
530 * safe. Note this may drop some audits when the situation changes 530 * safe. Note this may drop some audits when the situation changes
531 * during retry. However this is logically just as if the operation 531 * during retry. However this is logically just as if the operation
532 * happened a little later. 532 * happened a little later.
533 */ 533 */
534 if ((a->type == LSM_AUDIT_DATA_FS) && 534 if ((a->type == LSM_AUDIT_DATA_INODE) &&
535 (flags & IPERM_FLAG_RCU)) 535 (flags & IPERM_FLAG_RCU))
536 return -ECHILD; 536 return -ECHILD;
537 537
538 a->selinux_audit_data.tclass = tclass; 538 a->selinux_audit_data.tclass = tclass;
539 a->selinux_audit_data.requested = requested; 539 a->selinux_audit_data.requested = requested;
540 a->selinux_audit_data.ssid = ssid; 540 a->selinux_audit_data.ssid = ssid;
541 a->selinux_audit_data.tsid = tsid; 541 a->selinux_audit_data.tsid = tsid;
542 a->selinux_audit_data.audited = audited; 542 a->selinux_audit_data.audited = audited;
543 a->selinux_audit_data.denied = denied; 543 a->selinux_audit_data.denied = denied;
544 a->lsm_pre_audit = avc_audit_pre_callback; 544 a->lsm_pre_audit = avc_audit_pre_callback;
545 a->lsm_post_audit = avc_audit_post_callback; 545 a->lsm_post_audit = avc_audit_post_callback;
546 common_lsm_audit(a); 546 common_lsm_audit(a);
547 return 0; 547 return 0;
548 } 548 }
549 549
550 /** 550 /**
551 * avc_add_callback - Register a callback for security events. 551 * avc_add_callback - Register a callback for security events.
552 * @callback: callback function 552 * @callback: callback function
553 * @events: security events 553 * @events: security events
554 * @ssid: source security identifier or %SECSID_WILD 554 * @ssid: source security identifier or %SECSID_WILD
555 * @tsid: target security identifier or %SECSID_WILD 555 * @tsid: target security identifier or %SECSID_WILD
556 * @tclass: target security class 556 * @tclass: target security class
557 * @perms: permissions 557 * @perms: permissions
558 * 558 *
559 * Register a callback function for events in the set @events 559 * Register a callback function for events in the set @events
560 * related to the SID pair (@ssid, @tsid) 560 * related to the SID pair (@ssid, @tsid)
561 * and the permissions @perms, interpreting 561 * and the permissions @perms, interpreting
562 * @perms based on @tclass. Returns %0 on success or 562 * @perms based on @tclass. Returns %0 on success or
563 * -%ENOMEM if insufficient memory exists to add the callback. 563 * -%ENOMEM if insufficient memory exists to add the callback.
564 */ 564 */
565 int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid, 565 int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
566 u16 tclass, u32 perms, 566 u16 tclass, u32 perms,
567 u32 *out_retained), 567 u32 *out_retained),
568 u32 events, u32 ssid, u32 tsid, 568 u32 events, u32 ssid, u32 tsid,
569 u16 tclass, u32 perms) 569 u16 tclass, u32 perms)
570 { 570 {
571 struct avc_callback_node *c; 571 struct avc_callback_node *c;
572 int rc = 0; 572 int rc = 0;
573 573
574 c = kmalloc(sizeof(*c), GFP_ATOMIC); 574 c = kmalloc(sizeof(*c), GFP_ATOMIC);
575 if (!c) { 575 if (!c) {
576 rc = -ENOMEM; 576 rc = -ENOMEM;
577 goto out; 577 goto out;
578 } 578 }
579 579
580 c->callback = callback; 580 c->callback = callback;
581 c->events = events; 581 c->events = events;
582 c->ssid = ssid; 582 c->ssid = ssid;
583 c->tsid = tsid; 583 c->tsid = tsid;
584 c->perms = perms; 584 c->perms = perms;
585 c->next = avc_callbacks; 585 c->next = avc_callbacks;
586 avc_callbacks = c; 586 avc_callbacks = c;
587 out: 587 out:
588 return rc; 588 return rc;
589 } 589 }
590 590
591 static inline int avc_sidcmp(u32 x, u32 y) 591 static inline int avc_sidcmp(u32 x, u32 y)
592 { 592 {
593 return (x == y || x == SECSID_WILD || y == SECSID_WILD); 593 return (x == y || x == SECSID_WILD || y == SECSID_WILD);
594 } 594 }
595 595
596 /** 596 /**
597 * avc_update_node Update an AVC entry 597 * avc_update_node Update an AVC entry
598 * @event : Updating event 598 * @event : Updating event
599 * @perms : Permission mask bits 599 * @perms : Permission mask bits
600 * @ssid,@tsid,@tclass : identifier of an AVC entry 600 * @ssid,@tsid,@tclass : identifier of an AVC entry
601 * @seqno : sequence number when decision was made 601 * @seqno : sequence number when decision was made
602 * 602 *
603 * if a valid AVC entry doesn't exist,this function returns -ENOENT. 603 * if a valid AVC entry doesn't exist,this function returns -ENOENT.
604 * if kmalloc() called internal returns NULL, this function returns -ENOMEM. 604 * if kmalloc() called internal returns NULL, this function returns -ENOMEM.
605 * otherwise, this function updates the AVC entry. The original AVC-entry object 605 * otherwise, this function updates the AVC entry. The original AVC-entry object
606 * will release later by RCU. 606 * will release later by RCU.
607 */ 607 */
608 static int avc_update_node(u32 event, u32 perms, u32 ssid, u32 tsid, u16 tclass, 608 static int avc_update_node(u32 event, u32 perms, u32 ssid, u32 tsid, u16 tclass,
609 u32 seqno) 609 u32 seqno)
610 { 610 {
611 int hvalue, rc = 0; 611 int hvalue, rc = 0;
612 unsigned long flag; 612 unsigned long flag;
613 struct avc_node *pos, *node, *orig = NULL; 613 struct avc_node *pos, *node, *orig = NULL;
614 struct hlist_head *head; 614 struct hlist_head *head;
615 struct hlist_node *next; 615 struct hlist_node *next;
616 spinlock_t *lock; 616 spinlock_t *lock;
617 617
618 node = avc_alloc_node(); 618 node = avc_alloc_node();
619 if (!node) { 619 if (!node) {
620 rc = -ENOMEM; 620 rc = -ENOMEM;
621 goto out; 621 goto out;
622 } 622 }
623 623
624 /* Lock the target slot */ 624 /* Lock the target slot */
625 hvalue = avc_hash(ssid, tsid, tclass); 625 hvalue = avc_hash(ssid, tsid, tclass);
626 626
627 head = &avc_cache.slots[hvalue]; 627 head = &avc_cache.slots[hvalue];
628 lock = &avc_cache.slots_lock[hvalue]; 628 lock = &avc_cache.slots_lock[hvalue];
629 629
630 spin_lock_irqsave(lock, flag); 630 spin_lock_irqsave(lock, flag);
631 631
632 hlist_for_each_entry(pos, next, head, list) { 632 hlist_for_each_entry(pos, next, head, list) {
633 if (ssid == pos->ae.ssid && 633 if (ssid == pos->ae.ssid &&
634 tsid == pos->ae.tsid && 634 tsid == pos->ae.tsid &&
635 tclass == pos->ae.tclass && 635 tclass == pos->ae.tclass &&
636 seqno == pos->ae.avd.seqno){ 636 seqno == pos->ae.avd.seqno){
637 orig = pos; 637 orig = pos;
638 break; 638 break;
639 } 639 }
640 } 640 }
641 641
642 if (!orig) { 642 if (!orig) {
643 rc = -ENOENT; 643 rc = -ENOENT;
644 avc_node_kill(node); 644 avc_node_kill(node);
645 goto out_unlock; 645 goto out_unlock;
646 } 646 }
647 647
648 /* 648 /*
649 * Copy and replace original node. 649 * Copy and replace original node.
650 */ 650 */
651 651
652 avc_node_populate(node, ssid, tsid, tclass, &orig->ae.avd); 652 avc_node_populate(node, ssid, tsid, tclass, &orig->ae.avd);
653 653
654 switch (event) { 654 switch (event) {
655 case AVC_CALLBACK_GRANT: 655 case AVC_CALLBACK_GRANT:
656 node->ae.avd.allowed |= perms; 656 node->ae.avd.allowed |= perms;
657 break; 657 break;
658 case AVC_CALLBACK_TRY_REVOKE: 658 case AVC_CALLBACK_TRY_REVOKE:
659 case AVC_CALLBACK_REVOKE: 659 case AVC_CALLBACK_REVOKE:
660 node->ae.avd.allowed &= ~perms; 660 node->ae.avd.allowed &= ~perms;
661 break; 661 break;
662 case AVC_CALLBACK_AUDITALLOW_ENABLE: 662 case AVC_CALLBACK_AUDITALLOW_ENABLE:
663 node->ae.avd.auditallow |= perms; 663 node->ae.avd.auditallow |= perms;
664 break; 664 break;
665 case AVC_CALLBACK_AUDITALLOW_DISABLE: 665 case AVC_CALLBACK_AUDITALLOW_DISABLE:
666 node->ae.avd.auditallow &= ~perms; 666 node->ae.avd.auditallow &= ~perms;
667 break; 667 break;
668 case AVC_CALLBACK_AUDITDENY_ENABLE: 668 case AVC_CALLBACK_AUDITDENY_ENABLE:
669 node->ae.avd.auditdeny |= perms; 669 node->ae.avd.auditdeny |= perms;
670 break; 670 break;
671 case AVC_CALLBACK_AUDITDENY_DISABLE: 671 case AVC_CALLBACK_AUDITDENY_DISABLE:
672 node->ae.avd.auditdeny &= ~perms; 672 node->ae.avd.auditdeny &= ~perms;
673 break; 673 break;
674 } 674 }
675 avc_node_replace(node, orig); 675 avc_node_replace(node, orig);
676 out_unlock: 676 out_unlock:
677 spin_unlock_irqrestore(lock, flag); 677 spin_unlock_irqrestore(lock, flag);
678 out: 678 out:
679 return rc; 679 return rc;
680 } 680 }
681 681
682 /** 682 /**
683 * avc_flush - Flush the cache 683 * avc_flush - Flush the cache
684 */ 684 */
685 static void avc_flush(void) 685 static void avc_flush(void)
686 { 686 {
687 struct hlist_head *head; 687 struct hlist_head *head;
688 struct hlist_node *next; 688 struct hlist_node *next;
689 struct avc_node *node; 689 struct avc_node *node;
690 spinlock_t *lock; 690 spinlock_t *lock;
691 unsigned long flag; 691 unsigned long flag;
692 int i; 692 int i;
693 693
694 for (i = 0; i < AVC_CACHE_SLOTS; i++) { 694 for (i = 0; i < AVC_CACHE_SLOTS; i++) {
695 head = &avc_cache.slots[i]; 695 head = &avc_cache.slots[i];
696 lock = &avc_cache.slots_lock[i]; 696 lock = &avc_cache.slots_lock[i];
697 697
698 spin_lock_irqsave(lock, flag); 698 spin_lock_irqsave(lock, flag);
699 /* 699 /*
700 * With preemptable RCU, the outer spinlock does not 700 * With preemptable RCU, the outer spinlock does not
701 * prevent RCU grace periods from ending. 701 * prevent RCU grace periods from ending.
702 */ 702 */
703 rcu_read_lock(); 703 rcu_read_lock();
704 hlist_for_each_entry(node, next, head, list) 704 hlist_for_each_entry(node, next, head, list)
705 avc_node_delete(node); 705 avc_node_delete(node);
706 rcu_read_unlock(); 706 rcu_read_unlock();
707 spin_unlock_irqrestore(lock, flag); 707 spin_unlock_irqrestore(lock, flag);
708 } 708 }
709 } 709 }
710 710
711 /** 711 /**
712 * avc_ss_reset - Flush the cache and revalidate migrated permissions. 712 * avc_ss_reset - Flush the cache and revalidate migrated permissions.
713 * @seqno: policy sequence number 713 * @seqno: policy sequence number
714 */ 714 */
715 int avc_ss_reset(u32 seqno) 715 int avc_ss_reset(u32 seqno)
716 { 716 {
717 struct avc_callback_node *c; 717 struct avc_callback_node *c;
718 int rc = 0, tmprc; 718 int rc = 0, tmprc;
719 719
720 avc_flush(); 720 avc_flush();
721 721
722 for (c = avc_callbacks; c; c = c->next) { 722 for (c = avc_callbacks; c; c = c->next) {
723 if (c->events & AVC_CALLBACK_RESET) { 723 if (c->events & AVC_CALLBACK_RESET) {
724 tmprc = c->callback(AVC_CALLBACK_RESET, 724 tmprc = c->callback(AVC_CALLBACK_RESET,
725 0, 0, 0, 0, NULL); 725 0, 0, 0, 0, NULL);
726 /* save the first error encountered for the return 726 /* save the first error encountered for the return
727 value and continue processing the callbacks */ 727 value and continue processing the callbacks */
728 if (!rc) 728 if (!rc)
729 rc = tmprc; 729 rc = tmprc;
730 } 730 }
731 } 731 }
732 732
733 avc_latest_notif_update(seqno, 0); 733 avc_latest_notif_update(seqno, 0);
734 return rc; 734 return rc;
735 } 735 }
736 736
737 /** 737 /**
738 * avc_has_perm_noaudit - Check permissions but perform no auditing. 738 * avc_has_perm_noaudit - Check permissions but perform no auditing.
739 * @ssid: source security identifier 739 * @ssid: source security identifier
740 * @tsid: target security identifier 740 * @tsid: target security identifier
741 * @tclass: target security class 741 * @tclass: target security class
742 * @requested: requested permissions, interpreted based on @tclass 742 * @requested: requested permissions, interpreted based on @tclass
743 * @flags: AVC_STRICT or 0 743 * @flags: AVC_STRICT or 0
744 * @avd: access vector decisions 744 * @avd: access vector decisions
745 * 745 *
746 * Check the AVC to determine whether the @requested permissions are granted 746 * Check the AVC to determine whether the @requested permissions are granted
747 * for the SID pair (@ssid, @tsid), interpreting the permissions 747 * for the SID pair (@ssid, @tsid), interpreting the permissions
748 * based on @tclass, and call the security server on a cache miss to obtain 748 * based on @tclass, and call the security server on a cache miss to obtain
749 * a new decision and add it to the cache. Return a copy of the decisions 749 * a new decision and add it to the cache. Return a copy of the decisions
750 * in @avd. Return %0 if all @requested permissions are granted, 750 * in @avd. Return %0 if all @requested permissions are granted,
751 * -%EACCES if any permissions are denied, or another -errno upon 751 * -%EACCES if any permissions are denied, or another -errno upon
752 * other errors. This function is typically called by avc_has_perm(), 752 * other errors. This function is typically called by avc_has_perm(),
753 * but may also be called directly to separate permission checking from 753 * but may also be called directly to separate permission checking from
754 * auditing, e.g. in cases where a lock must be held for the check but 754 * auditing, e.g. in cases where a lock must be held for the check but
755 * should be released for the auditing. 755 * should be released for the auditing.
756 */ 756 */
757 int avc_has_perm_noaudit(u32 ssid, u32 tsid, 757 int avc_has_perm_noaudit(u32 ssid, u32 tsid,
758 u16 tclass, u32 requested, 758 u16 tclass, u32 requested,
759 unsigned flags, 759 unsigned flags,
760 struct av_decision *in_avd) 760 struct av_decision *in_avd)
761 { 761 {
762 struct avc_node *node; 762 struct avc_node *node;
763 struct av_decision avd_entry, *avd; 763 struct av_decision avd_entry, *avd;
764 int rc = 0; 764 int rc = 0;
765 u32 denied; 765 u32 denied;
766 766
767 BUG_ON(!requested); 767 BUG_ON(!requested);
768 768
769 rcu_read_lock(); 769 rcu_read_lock();
770 770
771 node = avc_lookup(ssid, tsid, tclass); 771 node = avc_lookup(ssid, tsid, tclass);
772 if (!node) { 772 if (!node) {
773 rcu_read_unlock(); 773 rcu_read_unlock();
774 774
775 if (in_avd) 775 if (in_avd)
776 avd = in_avd; 776 avd = in_avd;
777 else 777 else
778 avd = &avd_entry; 778 avd = &avd_entry;
779 779
780 security_compute_av(ssid, tsid, tclass, avd); 780 security_compute_av(ssid, tsid, tclass, avd);
781 rcu_read_lock(); 781 rcu_read_lock();
782 node = avc_insert(ssid, tsid, tclass, avd); 782 node = avc_insert(ssid, tsid, tclass, avd);
783 } else { 783 } else {
784 if (in_avd) 784 if (in_avd)
785 memcpy(in_avd, &node->ae.avd, sizeof(*in_avd)); 785 memcpy(in_avd, &node->ae.avd, sizeof(*in_avd));
786 avd = &node->ae.avd; 786 avd = &node->ae.avd;
787 } 787 }
788 788
789 denied = requested & ~(avd->allowed); 789 denied = requested & ~(avd->allowed);
790 790
791 if (denied) { 791 if (denied) {
792 if (flags & AVC_STRICT) 792 if (flags & AVC_STRICT)
793 rc = -EACCES; 793 rc = -EACCES;
794 else if (!selinux_enforcing || (avd->flags & AVD_FLAGS_PERMISSIVE)) 794 else if (!selinux_enforcing || (avd->flags & AVD_FLAGS_PERMISSIVE))
795 avc_update_node(AVC_CALLBACK_GRANT, requested, ssid, 795 avc_update_node(AVC_CALLBACK_GRANT, requested, ssid,
796 tsid, tclass, avd->seqno); 796 tsid, tclass, avd->seqno);
797 else 797 else
798 rc = -EACCES; 798 rc = -EACCES;
799 } 799 }
800 800
801 rcu_read_unlock(); 801 rcu_read_unlock();
802 return rc; 802 return rc;
803 } 803 }
804 804
805 /** 805 /**
806 * avc_has_perm - Check permissions and perform any appropriate auditing. 806 * avc_has_perm - Check permissions and perform any appropriate auditing.
807 * @ssid: source security identifier 807 * @ssid: source security identifier
808 * @tsid: target security identifier 808 * @tsid: target security identifier
809 * @tclass: target security class 809 * @tclass: target security class
810 * @requested: requested permissions, interpreted based on @tclass 810 * @requested: requested permissions, interpreted based on @tclass
811 * @auditdata: auxiliary audit data 811 * @auditdata: auxiliary audit data
812 * @flags: VFS walk flags 812 * @flags: VFS walk flags
813 * 813 *
814 * Check the AVC to determine whether the @requested permissions are granted 814 * Check the AVC to determine whether the @requested permissions are granted
815 * for the SID pair (@ssid, @tsid), interpreting the permissions 815 * for the SID pair (@ssid, @tsid), interpreting the permissions
816 * based on @tclass, and call the security server on a cache miss to obtain 816 * based on @tclass, and call the security server on a cache miss to obtain
817 * a new decision and add it to the cache. Audit the granting or denial of 817 * a new decision and add it to the cache. Audit the granting or denial of
818 * permissions in accordance with the policy. Return %0 if all @requested 818 * permissions in accordance with the policy. Return %0 if all @requested
819 * permissions are granted, -%EACCES if any permissions are denied, or 819 * permissions are granted, -%EACCES if any permissions are denied, or
820 * another -errno upon other errors. 820 * another -errno upon other errors.
821 */ 821 */
822 int avc_has_perm_flags(u32 ssid, u32 tsid, u16 tclass, 822 int avc_has_perm_flags(u32 ssid, u32 tsid, u16 tclass,
823 u32 requested, struct common_audit_data *auditdata, 823 u32 requested, struct common_audit_data *auditdata,
824 unsigned flags) 824 unsigned flags)
825 { 825 {
826 struct av_decision avd; 826 struct av_decision avd;
827 int rc, rc2; 827 int rc, rc2;
828 828
829 rc = avc_has_perm_noaudit(ssid, tsid, tclass, requested, 0, &avd); 829 rc = avc_has_perm_noaudit(ssid, tsid, tclass, requested, 0, &avd);
830 830
831 rc2 = avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata, 831 rc2 = avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata,
832 flags); 832 flags);
833 if (rc2) 833 if (rc2)
834 return rc2; 834 return rc2;
835 return rc; 835 return rc;
836 } 836 }
837 837
838 u32 avc_policy_seqno(void) 838 u32 avc_policy_seqno(void)
839 { 839 {
840 return avc_cache.latest_notif; 840 return avc_cache.latest_notif;
841 } 841 }
842 842
843 void avc_disable(void) 843 void avc_disable(void)
844 { 844 {
845 /* 845 /*
846 * If you are looking at this because you have realized that we are 846 * If you are looking at this because you have realized that we are
847 * not destroying the avc_node_cachep it might be easy to fix, but 847 * not destroying the avc_node_cachep it might be easy to fix, but
848 * I don't know the memory barrier semantics well enough to know. It's 848 * I don't know the memory barrier semantics well enough to know. It's
849 * possible that some other task dereferenced security_ops when 849 * possible that some other task dereferenced security_ops when
850 * it still pointed to selinux operations. If that is the case it's 850 * it still pointed to selinux operations. If that is the case it's
851 * possible that it is about to use the avc and is about to need the 851 * possible that it is about to use the avc and is about to need the
852 * avc_node_cachep. I know I could wrap the security.c security_ops call 852 * avc_node_cachep. I know I could wrap the security.c security_ops call
853 * in an rcu_lock, but seriously, it's not worth it. Instead I just flush 853 * in an rcu_lock, but seriously, it's not worth it. Instead I just flush
854 * the cache and get that memory back. 854 * the cache and get that memory back.
855 */ 855 */
856 if (avc_node_cachep) { 856 if (avc_node_cachep) {
857 avc_flush(); 857 avc_flush();
858 /* kmem_cache_destroy(avc_node_cachep); */ 858 /* kmem_cache_destroy(avc_node_cachep); */
859 } 859 }
860 } 860 }
861 861
security/selinux/hooks.c
Diff comments   View file @ f48b739
1 /* 1 /*
2 * NSA Security-Enhanced Linux (SELinux) security module 2 * NSA Security-Enhanced Linux (SELinux) security module
3 * 3 *
4 * This file contains the SELinux hook function implementations. 4 * This file contains the SELinux hook function implementations.
5 * 5 *
6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> 6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil>
7 * Chris Vance, <cvance@nai.com> 7 * Chris Vance, <cvance@nai.com>
8 * Wayne Salamon, <wsalamon@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com>
9 * James Morris <jmorris@redhat.com> 9 * James Morris <jmorris@redhat.com>
10 * 10 *
11 * Copyright (C) 2001,2002 Networks Associates Technology, Inc. 11 * Copyright (C) 2001,2002 Networks Associates Technology, Inc.
12 * Copyright (C) 2003-2008 Red Hat, Inc., James Morris <jmorris@redhat.com> 12 * Copyright (C) 2003-2008 Red Hat, Inc., James Morris <jmorris@redhat.com>
13 * Eric Paris <eparis@redhat.com> 13 * Eric Paris <eparis@redhat.com>
14 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 14 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
15 * <dgoeddel@trustedcs.com> 15 * <dgoeddel@trustedcs.com>
16 * Copyright (C) 2006, 2007, 2009 Hewlett-Packard Development Company, L.P. 16 * Copyright (C) 2006, 2007, 2009 Hewlett-Packard Development Company, L.P.
17 * Paul Moore <paul.moore@hp.com> 17 * Paul Moore <paul.moore@hp.com>
18 * Copyright (C) 2007 Hitachi Software Engineering Co., Ltd. 18 * Copyright (C) 2007 Hitachi Software Engineering Co., Ltd.
19 * Yuichi Nakamura <ynakam@hitachisoft.jp> 19 * Yuichi Nakamura <ynakam@hitachisoft.jp>
20 * 20 *
21 * This program is free software; you can redistribute it and/or modify 21 * This program is free software; you can redistribute it and/or modify
22 * it under the terms of the GNU General Public License version 2, 22 * it under the terms of the GNU General Public License version 2,
23 * as published by the Free Software Foundation. 23 * as published by the Free Software Foundation.
24 */ 24 */
25 25
26 #include <linux/init.h> 26 #include <linux/init.h>
27 #include <linux/kd.h> 27 #include <linux/kd.h>
28 #include <linux/kernel.h> 28 #include <linux/kernel.h>
29 #include <linux/tracehook.h> 29 #include <linux/tracehook.h>
30 #include <linux/errno.h> 30 #include <linux/errno.h>
31 #include <linux/ext2_fs.h> 31 #include <linux/ext2_fs.h>
32 #include <linux/sched.h> 32 #include <linux/sched.h>
33 #include <linux/security.h> 33 #include <linux/security.h>
34 #include <linux/xattr.h> 34 #include <linux/xattr.h>
35 #include <linux/capability.h> 35 #include <linux/capability.h>
36 #include <linux/unistd.h> 36 #include <linux/unistd.h>
37 #include <linux/mm.h> 37 #include <linux/mm.h>
38 #include <linux/mman.h> 38 #include <linux/mman.h>
39 #include <linux/slab.h> 39 #include <linux/slab.h>
40 #include <linux/pagemap.h> 40 #include <linux/pagemap.h>
41 #include <linux/proc_fs.h> 41 #include <linux/proc_fs.h>
42 #include <linux/swap.h> 42 #include <linux/swap.h>
43 #include <linux/spinlock.h> 43 #include <linux/spinlock.h>
44 #include <linux/syscalls.h> 44 #include <linux/syscalls.h>
45 #include <linux/dcache.h> 45 #include <linux/dcache.h>
46 #include <linux/file.h> 46 #include <linux/file.h>
47 #include <linux/fdtable.h> 47 #include <linux/fdtable.h>
48 #include <linux/namei.h> 48 #include <linux/namei.h>
49 #include <linux/mount.h> 49 #include <linux/mount.h>
50 #include <linux/netfilter_ipv4.h> 50 #include <linux/netfilter_ipv4.h>
51 #include <linux/netfilter_ipv6.h> 51 #include <linux/netfilter_ipv6.h>
52 #include <linux/tty.h> 52 #include <linux/tty.h>
53 #include <net/icmp.h> 53 #include <net/icmp.h>
54 #include <net/ip.h> /* for local_port_range[] */ 54 #include <net/ip.h> /* for local_port_range[] */
55 #include <net/tcp.h> /* struct or_callable used in sock_rcv_skb */ 55 #include <net/tcp.h> /* struct or_callable used in sock_rcv_skb */
56 #include <net/net_namespace.h> 56 #include <net/net_namespace.h>
57 #include <net/netlabel.h> 57 #include <net/netlabel.h>
58 #include <linux/uaccess.h> 58 #include <linux/uaccess.h>
59 #include <asm/ioctls.h> 59 #include <asm/ioctls.h>
60 #include <asm/atomic.h> 60 #include <asm/atomic.h>
61 #include <linux/bitops.h> 61 #include <linux/bitops.h>
62 #include <linux/interrupt.h> 62 #include <linux/interrupt.h>
63 #include <linux/netdevice.h> /* for network interface checks */ 63 #include <linux/netdevice.h> /* for network interface checks */
64 #include <linux/netlink.h> 64 #include <linux/netlink.h>
65 #include <linux/tcp.h> 65 #include <linux/tcp.h>
66 #include <linux/udp.h> 66 #include <linux/udp.h>
67 #include <linux/dccp.h> 67 #include <linux/dccp.h>
68 #include <linux/quota.h> 68 #include <linux/quota.h>
69 #include <linux/un.h> /* for Unix socket types */ 69 #include <linux/un.h> /* for Unix socket types */
70 #include <net/af_unix.h> /* for Unix socket types */ 70 #include <net/af_unix.h> /* for Unix socket types */
71 #include <linux/parser.h> 71 #include <linux/parser.h>
72 #include <linux/nfs_mount.h> 72 #include <linux/nfs_mount.h>
73 #include <net/ipv6.h> 73 #include <net/ipv6.h>
74 #include <linux/hugetlb.h> 74 #include <linux/hugetlb.h>
75 #include <linux/personality.h> 75 #include <linux/personality.h>
76 #include <linux/audit.h> 76 #include <linux/audit.h>
77 #include <linux/string.h> 77 #include <linux/string.h>
78 #include <linux/selinux.h> 78 #include <linux/selinux.h>
79 #include <linux/mutex.h> 79 #include <linux/mutex.h>
80 #include <linux/posix-timers.h> 80 #include <linux/posix-timers.h>
81 #include <linux/syslog.h> 81 #include <linux/syslog.h>
82 82
83 #include "avc.h" 83 #include "avc.h"
84 #include "objsec.h" 84 #include "objsec.h"
85 #include "netif.h" 85 #include "netif.h"
86 #include "netnode.h" 86 #include "netnode.h"
87 #include "netport.h" 87 #include "netport.h"
88 #include "xfrm.h" 88 #include "xfrm.h"
89 #include "netlabel.h" 89 #include "netlabel.h"
90 #include "audit.h" 90 #include "audit.h"
91 91
92 #define NUM_SEL_MNT_OPTS 5 92 #define NUM_SEL_MNT_OPTS 5
93 93
94 extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm); 94 extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm);
95 extern struct security_operations *security_ops; 95 extern struct security_operations *security_ops;
96 96
97 /* SECMARK reference count */ 97 /* SECMARK reference count */
98 atomic_t selinux_secmark_refcount = ATOMIC_INIT(0); 98 atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
99 99
100 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP 100 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
101 int selinux_enforcing; 101 int selinux_enforcing;
102 102
103 static int __init enforcing_setup(char *str) 103 static int __init enforcing_setup(char *str)
104 { 104 {
105 unsigned long enforcing; 105 unsigned long enforcing;
106 if (!strict_strtoul(str, 0, &enforcing)) 106 if (!strict_strtoul(str, 0, &enforcing))
107 selinux_enforcing = enforcing ? 1 : 0; 107 selinux_enforcing = enforcing ? 1 : 0;
108 return 1; 108 return 1;
109 } 109 }
110 __setup("enforcing=", enforcing_setup); 110 __setup("enforcing=", enforcing_setup);
111 #endif 111 #endif
112 112
113 #ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM 113 #ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
114 int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE; 114 int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
115 115
116 static int __init selinux_enabled_setup(char *str) 116 static int __init selinux_enabled_setup(char *str)
117 { 117 {
118 unsigned long enabled; 118 unsigned long enabled;
119 if (!strict_strtoul(str, 0, &enabled)) 119 if (!strict_strtoul(str, 0, &enabled))
120 selinux_enabled = enabled ? 1 : 0; 120 selinux_enabled = enabled ? 1 : 0;
121 return 1; 121 return 1;
122 } 122 }
123 __setup("selinux=", selinux_enabled_setup); 123 __setup("selinux=", selinux_enabled_setup);
124 #else 124 #else
125 int selinux_enabled = 1; 125 int selinux_enabled = 1;
126 #endif 126 #endif
127 127
128 static struct kmem_cache *sel_inode_cache; 128 static struct kmem_cache *sel_inode_cache;
129 129
130 /** 130 /**
131 * selinux_secmark_enabled - Check to see if SECMARK is currently enabled 131 * selinux_secmark_enabled - Check to see if SECMARK is currently enabled
132 * 132 *
133 * Description: 133 * Description:
134 * This function checks the SECMARK reference counter to see if any SECMARK 134 * This function checks the SECMARK reference counter to see if any SECMARK
135 * targets are currently configured, if the reference counter is greater than 135 * targets are currently configured, if the reference counter is greater than
136 * zero SECMARK is considered to be enabled. Returns true (1) if SECMARK is 136 * zero SECMARK is considered to be enabled. Returns true (1) if SECMARK is
137 * enabled, false (0) if SECMARK is disabled. 137 * enabled, false (0) if SECMARK is disabled.
138 * 138 *
139 */ 139 */
140 static int selinux_secmark_enabled(void) 140 static int selinux_secmark_enabled(void)
141 { 141 {
142 return (atomic_read(&selinux_secmark_refcount) > 0); 142 return (atomic_read(&selinux_secmark_refcount) > 0);
143 } 143 }
144 144
145 /* 145 /*
146 * initialise the security for the init task 146 * initialise the security for the init task
147 */ 147 */
148 static void cred_init_security(void) 148 static void cred_init_security(void)
149 { 149 {
150 struct cred *cred = (struct cred *) current->real_cred; 150 struct cred *cred = (struct cred *) current->real_cred;
151 struct task_security_struct *tsec; 151 struct task_security_struct *tsec;
152 152
153 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL); 153 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
154 if (!tsec) 154 if (!tsec)
155 panic("SELinux: Failed to initialize initial task.\n"); 155 panic("SELinux: Failed to initialize initial task.\n");
156 156
157 tsec->osid = tsec->sid = SECINITSID_KERNEL; 157 tsec->osid = tsec->sid = SECINITSID_KERNEL;
158 cred->security = tsec; 158 cred->security = tsec;
159 } 159 }
160 160
161 /* 161 /*
162 * get the security ID of a set of credentials 162 * get the security ID of a set of credentials
163 */ 163 */
164 static inline u32 cred_sid(const struct cred *cred) 164 static inline u32 cred_sid(const struct cred *cred)
165 { 165 {
166 const struct task_security_struct *tsec; 166 const struct task_security_struct *tsec;
167 167
168 tsec = cred->security; 168 tsec = cred->security;
169 return tsec->sid; 169 return tsec->sid;
170 } 170 }
171 171
172 /* 172 /*
173 * get the objective security ID of a task 173 * get the objective security ID of a task
174 */ 174 */
175 static inline u32 task_sid(const struct task_struct *task) 175 static inline u32 task_sid(const struct task_struct *task)
176 { 176 {
177 u32 sid; 177 u32 sid;
178 178
179 rcu_read_lock(); 179 rcu_read_lock();
180 sid = cred_sid(__task_cred(task)); 180 sid = cred_sid(__task_cred(task));
181 rcu_read_unlock(); 181 rcu_read_unlock();
182 return sid; 182 return sid;
183 } 183 }
184 184
185 /* 185 /*
186 * get the subjective security ID of the current task 186 * get the subjective security ID of the current task
187 */ 187 */
188 static inline u32 current_sid(void) 188 static inline u32 current_sid(void)
189 { 189 {
190 const struct task_security_struct *tsec = current_security(); 190 const struct task_security_struct *tsec = current_security();
191 191
192 return tsec->sid; 192 return tsec->sid;
193 } 193 }
194 194
195 /* Allocate and free functions for each kind of security blob. */ 195 /* Allocate and free functions for each kind of security blob. */
196 196
197 static int inode_alloc_security(struct inode *inode) 197 static int inode_alloc_security(struct inode *inode)
198 { 198 {
199 struct inode_security_struct *isec; 199 struct inode_security_struct *isec;
200 u32 sid = current_sid(); 200 u32 sid = current_sid();
201 201
202 isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS); 202 isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
203 if (!isec) 203 if (!isec)
204 return -ENOMEM; 204 return -ENOMEM;
205 205
206 mutex_init(&isec->lock); 206 mutex_init(&isec->lock);
207 INIT_LIST_HEAD(&isec->list); 207 INIT_LIST_HEAD(&isec->list);
208 isec->inode = inode; 208 isec->inode = inode;
209 isec->sid = SECINITSID_UNLABELED; 209 isec->sid = SECINITSID_UNLABELED;
210 isec->sclass = SECCLASS_FILE; 210 isec->sclass = SECCLASS_FILE;
211 isec->task_sid = sid; 211 isec->task_sid = sid;
212 inode->i_security = isec; 212 inode->i_security = isec;
213 213
214 return 0; 214 return 0;
215 } 215 }
216 216
217 static void inode_free_security(struct inode *inode) 217 static void inode_free_security(struct inode *inode)
218 { 218 {
219 struct inode_security_struct *isec = inode->i_security; 219 struct inode_security_struct *isec = inode->i_security;
220 struct superblock_security_struct *sbsec = inode->i_sb->s_security; 220 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
221 221
222 spin_lock(&sbsec->isec_lock); 222 spin_lock(&sbsec->isec_lock);
223 if (!list_empty(&isec->list)) 223 if (!list_empty(&isec->list))
224 list_del_init(&isec->list); 224 list_del_init(&isec->list);
225 spin_unlock(&sbsec->isec_lock); 225 spin_unlock(&sbsec->isec_lock);
226 226
227 inode->i_security = NULL; 227 inode->i_security = NULL;
228 kmem_cache_free(sel_inode_cache, isec); 228 kmem_cache_free(sel_inode_cache, isec);
229 } 229 }
230 230
231 static int file_alloc_security(struct file *file) 231 static int file_alloc_security(struct file *file)
232 { 232 {
233 struct file_security_struct *fsec; 233 struct file_security_struct *fsec;
234 u32 sid = current_sid(); 234 u32 sid = current_sid();
235 235
236 fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL); 236 fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
237 if (!fsec) 237 if (!fsec)
238 return -ENOMEM; 238 return -ENOMEM;
239 239
240 fsec->sid = sid; 240 fsec->sid = sid;
241 fsec->fown_sid = sid; 241 fsec->fown_sid = sid;
242 file->f_security = fsec; 242 file->f_security = fsec;
243 243
244 return 0; 244 return 0;
245 } 245 }
246 246
247 static void file_free_security(struct file *file) 247 static void file_free_security(struct file *file)
248 { 248 {
249 struct file_security_struct *fsec = file->f_security; 249 struct file_security_struct *fsec = file->f_security;
250 file->f_security = NULL; 250 file->f_security = NULL;
251 kfree(fsec); 251 kfree(fsec);
252 } 252 }
253 253
254 static int superblock_alloc_security(struct super_block *sb) 254 static int superblock_alloc_security(struct super_block *sb)
255 { 255 {
256 struct superblock_security_struct *sbsec; 256 struct superblock_security_struct *sbsec;
257 257
258 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL); 258 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
259 if (!sbsec) 259 if (!sbsec)
260 return -ENOMEM; 260 return -ENOMEM;
261 261
262 mutex_init(&sbsec->lock); 262 mutex_init(&sbsec->lock);
263 INIT_LIST_HEAD(&sbsec->isec_head); 263 INIT_LIST_HEAD(&sbsec->isec_head);
264 spin_lock_init(&sbsec->isec_lock); 264 spin_lock_init(&sbsec->isec_lock);
265 sbsec->sb = sb; 265 sbsec->sb = sb;
266 sbsec->sid = SECINITSID_UNLABELED; 266 sbsec->sid = SECINITSID_UNLABELED;
267 sbsec->def_sid = SECINITSID_FILE; 267 sbsec->def_sid = SECINITSID_FILE;
268 sbsec->mntpoint_sid = SECINITSID_UNLABELED; 268 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
269 sb->s_security = sbsec; 269 sb->s_security = sbsec;
270 270
271 return 0; 271 return 0;
272 } 272 }
273 273
274 static void superblock_free_security(struct super_block *sb) 274 static void superblock_free_security(struct super_block *sb)
275 { 275 {
276 struct superblock_security_struct *sbsec = sb->s_security; 276 struct superblock_security_struct *sbsec = sb->s_security;
277 sb->s_security = NULL; 277 sb->s_security = NULL;
278 kfree(sbsec); 278 kfree(sbsec);
279 } 279 }
280 280
281 /* The security server must be initialized before 281 /* The security server must be initialized before
282 any labeling or access decisions can be provided. */ 282 any labeling or access decisions can be provided. */
283 extern int ss_initialized; 283 extern int ss_initialized;
284 284
285 /* The file system's label must be initialized prior to use. */ 285 /* The file system's label must be initialized prior to use. */
286 286
287 static const char *labeling_behaviors[6] = { 287 static const char *labeling_behaviors[6] = {
288 "uses xattr", 288 "uses xattr",
289 "uses transition SIDs", 289 "uses transition SIDs",
290 "uses task SIDs", 290 "uses task SIDs",
291 "uses genfs_contexts", 291 "uses genfs_contexts",
292 "not configured for labeling", 292 "not configured for labeling",
293 "uses mountpoint labeling", 293 "uses mountpoint labeling",
294 }; 294 };
295 295
296 static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry); 296 static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
297 297
298 static inline int inode_doinit(struct inode *inode) 298 static inline int inode_doinit(struct inode *inode)
299 { 299 {
300 return inode_doinit_with_dentry(inode, NULL); 300 return inode_doinit_with_dentry(inode, NULL);
301 } 301 }
302 302
303 enum { 303 enum {
304 Opt_error = -1, 304 Opt_error = -1,
305 Opt_context = 1, 305 Opt_context = 1,
306 Opt_fscontext = 2, 306 Opt_fscontext = 2,
307 Opt_defcontext = 3, 307 Opt_defcontext = 3,
308 Opt_rootcontext = 4, 308 Opt_rootcontext = 4,
309 Opt_labelsupport = 5, 309 Opt_labelsupport = 5,
310 }; 310 };
311 311
312 static const match_table_t tokens = { 312 static const match_table_t tokens = {
313 {Opt_context, CONTEXT_STR "%s"}, 313 {Opt_context, CONTEXT_STR "%s"},
314 {Opt_fscontext, FSCONTEXT_STR "%s"}, 314 {Opt_fscontext, FSCONTEXT_STR "%s"},
315 {Opt_defcontext, DEFCONTEXT_STR "%s"}, 315 {Opt_defcontext, DEFCONTEXT_STR "%s"},
316 {Opt_rootcontext, ROOTCONTEXT_STR "%s"}, 316 {Opt_rootcontext, ROOTCONTEXT_STR "%s"},
317 {Opt_labelsupport, LABELSUPP_STR}, 317 {Opt_labelsupport, LABELSUPP_STR},
318 {Opt_error, NULL}, 318 {Opt_error, NULL},
319 }; 319 };
320 320
321 #define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n" 321 #define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
322 322
323 static int may_context_mount_sb_relabel(u32 sid, 323 static int may_context_mount_sb_relabel(u32 sid,
324 struct superblock_security_struct *sbsec, 324 struct superblock_security_struct *sbsec,
325 const struct cred *cred) 325 const struct cred *cred)
326 { 326 {
327 const struct task_security_struct *tsec = cred->security; 327 const struct task_security_struct *tsec = cred->security;
328 int rc; 328 int rc;
329 329
330 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, 330 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
331 FILESYSTEM__RELABELFROM, NULL); 331 FILESYSTEM__RELABELFROM, NULL);
332 if (rc) 332 if (rc)
333 return rc; 333 return rc;
334 334
335 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM, 335 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
336 FILESYSTEM__RELABELTO, NULL); 336 FILESYSTEM__RELABELTO, NULL);
337 return rc; 337 return rc;
338 } 338 }
339 339
340 static int may_context_mount_inode_relabel(u32 sid, 340 static int may_context_mount_inode_relabel(u32 sid,
341 struct superblock_security_struct *sbsec, 341 struct superblock_security_struct *sbsec,
342 const struct cred *cred) 342 const struct cred *cred)
343 { 343 {
344 const struct task_security_struct *tsec = cred->security; 344 const struct task_security_struct *tsec = cred->security;
345 int rc; 345 int rc;
346 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, 346 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
347 FILESYSTEM__RELABELFROM, NULL); 347 FILESYSTEM__RELABELFROM, NULL);
348 if (rc) 348 if (rc)
349 return rc; 349 return rc;
350 350
351 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, 351 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
352 FILESYSTEM__ASSOCIATE, NULL); 352 FILESYSTEM__ASSOCIATE, NULL);
353 return rc; 353 return rc;
354 } 354 }
355 355
356 static int sb_finish_set_opts(struct super_block *sb) 356 static int sb_finish_set_opts(struct super_block *sb)
357 { 357 {
358 struct superblock_security_struct *sbsec = sb->s_security; 358 struct superblock_security_struct *sbsec = sb->s_security;
359 struct dentry *root = sb->s_root; 359 struct dentry *root = sb->s_root;
360 struct inode *root_inode = root->d_inode; 360 struct inode *root_inode = root->d_inode;
361 int rc = 0; 361 int rc = 0;
362 362
363 if (sbsec->behavior == SECURITY_FS_USE_XATTR) { 363 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
364 /* Make sure that the xattr handler exists and that no 364 /* Make sure that the xattr handler exists and that no
365 error other than -ENODATA is returned by getxattr on 365 error other than -ENODATA is returned by getxattr on
366 the root directory. -ENODATA is ok, as this may be 366 the root directory. -ENODATA is ok, as this may be
367 the first boot of the SELinux kernel before we have 367 the first boot of the SELinux kernel before we have
368 assigned xattr values to the filesystem. */ 368 assigned xattr values to the filesystem. */
369 if (!root_inode->i_op->getxattr) { 369 if (!root_inode->i_op->getxattr) {
370 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no " 370 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
371 "xattr support\n", sb->s_id, sb->s_type->name); 371 "xattr support\n", sb->s_id, sb->s_type->name);
372 rc = -EOPNOTSUPP; 372 rc = -EOPNOTSUPP;
373 goto out; 373 goto out;
374 } 374 }
375 rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0); 375 rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
376 if (rc < 0 && rc != -ENODATA) { 376 if (rc < 0 && rc != -ENODATA) {
377 if (rc == -EOPNOTSUPP) 377 if (rc == -EOPNOTSUPP)
378 printk(KERN_WARNING "SELinux: (dev %s, type " 378 printk(KERN_WARNING "SELinux: (dev %s, type "
379 "%s) has no security xattr handler\n", 379 "%s) has no security xattr handler\n",
380 sb->s_id, sb->s_type->name); 380 sb->s_id, sb->s_type->name);
381 else 381 else
382 printk(KERN_WARNING "SELinux: (dev %s, type " 382 printk(KERN_WARNING "SELinux: (dev %s, type "
383 "%s) getxattr errno %d\n", sb->s_id, 383 "%s) getxattr errno %d\n", sb->s_id,
384 sb->s_type->name, -rc); 384 sb->s_type->name, -rc);
385 goto out; 385 goto out;
386 } 386 }
387 } 387 }
388 388
389 sbsec->flags |= (SE_SBINITIALIZED | SE_SBLABELSUPP); 389 sbsec->flags |= (SE_SBINITIALIZED | SE_SBLABELSUPP);
390 390
391 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) 391 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
392 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n", 392 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
393 sb->s_id, sb->s_type->name); 393 sb->s_id, sb->s_type->name);
394 else 394 else
395 printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n", 395 printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
396 sb->s_id, sb->s_type->name, 396 sb->s_id, sb->s_type->name,
397 labeling_behaviors[sbsec->behavior-1]); 397 labeling_behaviors[sbsec->behavior-1]);
398 398
399 if (sbsec->behavior == SECURITY_FS_USE_GENFS || 399 if (sbsec->behavior == SECURITY_FS_USE_GENFS ||
400 sbsec->behavior == SECURITY_FS_USE_MNTPOINT || 400 sbsec->behavior == SECURITY_FS_USE_MNTPOINT ||
401 sbsec->behavior == SECURITY_FS_USE_NONE || 401 sbsec->behavior == SECURITY_FS_USE_NONE ||
402 sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) 402 sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
403 sbsec->flags &= ~SE_SBLABELSUPP; 403 sbsec->flags &= ~SE_SBLABELSUPP;
404 404
405 /* Special handling for sysfs. Is genfs but also has setxattr handler*/ 405 /* Special handling for sysfs. Is genfs but also has setxattr handler*/
406 if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0) 406 if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0)
407 sbsec->flags |= SE_SBLABELSUPP; 407 sbsec->flags |= SE_SBLABELSUPP;
408 408
409 /* Initialize the root inode. */ 409 /* Initialize the root inode. */
410 rc = inode_doinit_with_dentry(root_inode, root); 410 rc = inode_doinit_with_dentry(root_inode, root);
411 411
412 /* Initialize any other inodes associated with the superblock, e.g. 412 /* Initialize any other inodes associated with the superblock, e.g.
413 inodes created prior to initial policy load or inodes created 413 inodes created prior to initial policy load or inodes created
414 during get_sb by a pseudo filesystem that directly 414 during get_sb by a pseudo filesystem that directly
415 populates itself. */ 415 populates itself. */
416 spin_lock(&sbsec->isec_lock); 416 spin_lock(&sbsec->isec_lock);
417 next_inode: 417 next_inode:
418 if (!list_empty(&sbsec->isec_head)) { 418 if (!list_empty(&sbsec->isec_head)) {
419 struct inode_security_struct *isec = 419 struct inode_security_struct *isec =
420 list_entry(sbsec->isec_head.next, 420 list_entry(sbsec->isec_head.next,
421 struct inode_security_struct, list); 421 struct inode_security_struct, list);
422 struct inode *inode = isec->inode; 422 struct inode *inode = isec->inode;
423 spin_unlock(&sbsec->isec_lock); 423 spin_unlock(&sbsec->isec_lock);
424 inode = igrab(inode); 424 inode = igrab(inode);
425 if (inode) { 425 if (inode) {
426 if (!IS_PRIVATE(inode)) 426 if (!IS_PRIVATE(inode))
427 inode_doinit(inode); 427 inode_doinit(inode);
428 iput(inode); 428 iput(inode);
429 } 429 }
430 spin_lock(&sbsec->isec_lock); 430 spin_lock(&sbsec->isec_lock);
431 list_del_init(&isec->list); 431 list_del_init(&isec->list);
432 goto next_inode; 432 goto next_inode;
433 } 433 }
434 spin_unlock(&sbsec->isec_lock); 434 spin_unlock(&sbsec->isec_lock);
435 out: 435 out:
436 return rc; 436 return rc;
437 } 437 }
438 438
439 /* 439 /*
440 * This function should allow an FS to ask what it's mount security 440 * This function should allow an FS to ask what it's mount security
441 * options were so it can use those later for submounts, displaying 441 * options were so it can use those later for submounts, displaying
442 * mount options, or whatever. 442 * mount options, or whatever.
443 */ 443 */
444 static int selinux_get_mnt_opts(const struct super_block *sb, 444 static int selinux_get_mnt_opts(const struct super_block *sb,
445 struct security_mnt_opts *opts) 445 struct security_mnt_opts *opts)
446 { 446 {
447 int rc = 0, i; 447 int rc = 0, i;
448 struct superblock_security_struct *sbsec = sb->s_security; 448 struct superblock_security_struct *sbsec = sb->s_security;
449 char *context = NULL; 449 char *context = NULL;
450 u32 len; 450 u32 len;
451 char tmp; 451 char tmp;
452 452
453 security_init_mnt_opts(opts); 453 security_init_mnt_opts(opts);
454 454
455 if (!(sbsec->flags & SE_SBINITIALIZED)) 455 if (!(sbsec->flags & SE_SBINITIALIZED))
456 return -EINVAL; 456 return -EINVAL;
457 457
458 if (!ss_initialized) 458 if (!ss_initialized)
459 return -EINVAL; 459 return -EINVAL;
460 460
461 tmp = sbsec->flags & SE_MNTMASK; 461 tmp = sbsec->flags & SE_MNTMASK;
462 /* count the number of mount options for this sb */ 462 /* count the number of mount options for this sb */
463 for (i = 0; i < 8; i++) { 463 for (i = 0; i < 8; i++) {
464 if (tmp & 0x01) 464 if (tmp & 0x01)
465 opts->num_mnt_opts++; 465 opts->num_mnt_opts++;
466 tmp >>= 1; 466 tmp >>= 1;
467 } 467 }
468 /* Check if the Label support flag is set */ 468 /* Check if the Label support flag is set */
469 if (sbsec->flags & SE_SBLABELSUPP) 469 if (sbsec->flags & SE_SBLABELSUPP)
470 opts->num_mnt_opts++; 470 opts->num_mnt_opts++;
471 471
472 opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC); 472 opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);
473 if (!opts->mnt_opts) { 473 if (!opts->mnt_opts) {
474 rc = -ENOMEM; 474 rc = -ENOMEM;
475 goto out_free; 475 goto out_free;
476 } 476 }
477 477
478 opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC); 478 opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC);
479 if (!opts->mnt_opts_flags) { 479 if (!opts->mnt_opts_flags) {
480 rc = -ENOMEM; 480 rc = -ENOMEM;
481 goto out_free; 481 goto out_free;
482 } 482 }
483 483
484 i = 0; 484 i = 0;
485 if (sbsec->flags & FSCONTEXT_MNT) { 485 if (sbsec->flags & FSCONTEXT_MNT) {
486 rc = security_sid_to_context(sbsec->sid, &context, &len); 486 rc = security_sid_to_context(sbsec->sid, &context, &len);
487 if (rc) 487 if (rc)
488 goto out_free; 488 goto out_free;
489 opts->mnt_opts[i] = context; 489 opts->mnt_opts[i] = context;
490 opts->mnt_opts_flags[i++] = FSCONTEXT_MNT; 490 opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;
491 } 491 }
492 if (sbsec->flags & CONTEXT_MNT) { 492 if (sbsec->flags & CONTEXT_MNT) {
493 rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len); 493 rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);
494 if (rc) 494 if (rc)
495 goto out_free; 495 goto out_free;
496 opts->mnt_opts[i] = context; 496 opts->mnt_opts[i] = context;
497 opts->mnt_opts_flags[i++] = CONTEXT_MNT; 497 opts->mnt_opts_flags[i++] = CONTEXT_MNT;
498 } 498 }
499 if (sbsec->flags & DEFCONTEXT_MNT) { 499 if (sbsec->flags & DEFCONTEXT_MNT) {
500 rc = security_sid_to_context(sbsec->def_sid, &context, &len); 500 rc = security_sid_to_context(sbsec->def_sid, &context, &len);
501 if (rc) 501 if (rc)
502 goto out_free; 502 goto out_free;
503 opts->mnt_opts[i] = context; 503 opts->mnt_opts[i] = context;
504 opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT; 504 opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT;
505 } 505 }
506 if (sbsec->flags & ROOTCONTEXT_MNT) { 506 if (sbsec->flags & ROOTCONTEXT_MNT) {
507 struct inode *root = sbsec->sb->s_root->d_inode; 507 struct inode *root = sbsec->sb->s_root->d_inode;
508 struct inode_security_struct *isec = root->i_security; 508 struct inode_security_struct *isec = root->i_security;
509 509
510 rc = security_sid_to_context(isec->sid, &context, &len); 510 rc = security_sid_to_context(isec->sid, &context, &len);
511 if (rc) 511 if (rc)
512 goto out_free; 512 goto out_free;
513 opts->mnt_opts[i] = context; 513 opts->mnt_opts[i] = context;
514 opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT; 514 opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT;
515 } 515 }
516 if (sbsec->flags & SE_SBLABELSUPP) { 516 if (sbsec->flags & SE_SBLABELSUPP) {
517 opts->mnt_opts[i] = NULL; 517 opts->mnt_opts[i] = NULL;
518 opts->mnt_opts_flags[i++] = SE_SBLABELSUPP; 518 opts->mnt_opts_flags[i++] = SE_SBLABELSUPP;
519 } 519 }
520 520
521 BUG_ON(i != opts->num_mnt_opts); 521 BUG_ON(i != opts->num_mnt_opts);
522 522
523 return 0; 523 return 0;
524 524
525 out_free: 525 out_free:
526 security_free_mnt_opts(opts); 526 security_free_mnt_opts(opts);
527 return rc; 527 return rc;
528 } 528 }
529 529
530 static int bad_option(struct superblock_security_struct *sbsec, char flag, 530 static int bad_option(struct superblock_security_struct *sbsec, char flag,
531 u32 old_sid, u32 new_sid) 531 u32 old_sid, u32 new_sid)
532 { 532 {
533 char mnt_flags = sbsec->flags & SE_MNTMASK; 533 char mnt_flags = sbsec->flags & SE_MNTMASK;
534 534
535 /* check if the old mount command had the same options */ 535 /* check if the old mount command had the same options */
536 if (sbsec->flags & SE_SBINITIALIZED) 536 if (sbsec->flags & SE_SBINITIALIZED)
537 if (!(sbsec->flags & flag) || 537 if (!(sbsec->flags & flag) ||
538 (old_sid != new_sid)) 538 (old_sid != new_sid))
539 return 1; 539 return 1;
540 540
541 /* check if we were passed the same options twice, 541 /* check if we were passed the same options twice,
542 * aka someone passed context=a,context=b 542 * aka someone passed context=a,context=b
543 */ 543 */
544 if (!(sbsec->flags & SE_SBINITIALIZED)) 544 if (!(sbsec->flags & SE_SBINITIALIZED))
545 if (mnt_flags & flag) 545 if (mnt_flags & flag)
546 return 1; 546 return 1;
547 return 0; 547 return 0;
548 } 548 }
549 549
550 /* 550 /*
551 * Allow filesystems with binary mount data to explicitly set mount point 551 * Allow filesystems with binary mount data to explicitly set mount point
552 * labeling information. 552 * labeling information.
553 */ 553 */
554 static int selinux_set_mnt_opts(struct super_block *sb, 554 static int selinux_set_mnt_opts(struct super_block *sb,
555 struct security_mnt_opts *opts) 555 struct security_mnt_opts *opts)
556 { 556 {
557 const struct cred *cred = current_cred(); 557 const struct cred *cred = current_cred();
558 int rc = 0, i; 558 int rc = 0, i;
559 struct superblock_security_struct *sbsec = sb->s_security; 559 struct superblock_security_struct *sbsec = sb->s_security;
560 const char *name = sb->s_type->name; 560 const char *name = sb->s_type->name;
561 struct inode *inode = sbsec->sb->s_root->d_inode; 561 struct inode *inode = sbsec->sb->s_root->d_inode;
562 struct inode_security_struct *root_isec = inode->i_security; 562 struct inode_security_struct *root_isec = inode->i_security;
563 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0; 563 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
564 u32 defcontext_sid = 0; 564 u32 defcontext_sid = 0;
565 char **mount_options = opts->mnt_opts; 565 char **mount_options = opts->mnt_opts;
566 int *flags = opts->mnt_opts_flags; 566 int *flags = opts->mnt_opts_flags;
567 int num_opts = opts->num_mnt_opts; 567 int num_opts = opts->num_mnt_opts;
568 568
569 mutex_lock(&sbsec->lock); 569 mutex_lock(&sbsec->lock);
570 570
571 if (!ss_initialized) { 571 if (!ss_initialized) {
572 if (!num_opts) { 572 if (!num_opts) {
573 /* Defer initialization until selinux_complete_init, 573 /* Defer initialization until selinux_complete_init,
574 after the initial policy is loaded and the security 574 after the initial policy is loaded and the security
575 server is ready to handle calls. */ 575 server is ready to handle calls. */
576 goto out; 576 goto out;
577 } 577 }
578 rc = -EINVAL; 578 rc = -EINVAL;
579 printk(KERN_WARNING "SELinux: Unable to set superblock options " 579 printk(KERN_WARNING "SELinux: Unable to set superblock options "
580 "before the security server is initialized\n"); 580 "before the security server is initialized\n");
581 goto out; 581 goto out;
582 } 582 }
583 583
584 /* 584 /*
585 * Binary mount data FS will come through this function twice. Once 585 * Binary mount data FS will come through this function twice. Once
586 * from an explicit call and once from the generic calls from the vfs. 586 * from an explicit call and once from the generic calls from the vfs.
587 * Since the generic VFS calls will not contain any security mount data 587 * Since the generic VFS calls will not contain any security mount data
588 * we need to skip the double mount verification. 588 * we need to skip the double mount verification.
589 * 589 *
590 * This does open a hole in which we will not notice if the first 590 * This does open a hole in which we will not notice if the first
591 * mount using this sb set explict options and a second mount using 591 * mount using this sb set explict options and a second mount using
592 * this sb does not set any security options. (The first options 592 * this sb does not set any security options. (The first options
593 * will be used for both mounts) 593 * will be used for both mounts)
594 */ 594 */
595 if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA) 595 if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
596 && (num_opts == 0)) 596 && (num_opts == 0))
597 goto out; 597 goto out;
598 598
599 /* 599 /*
600 * parse the mount options, check if they are valid sids. 600 * parse the mount options, check if they are valid sids.
601 * also check if someone is trying to mount the same sb more 601 * also check if someone is trying to mount the same sb more
602 * than once with different security options. 602 * than once with different security options.
603 */ 603 */
604 for (i = 0; i < num_opts; i++) { 604 for (i = 0; i < num_opts; i++) {
605 u32 sid; 605 u32 sid;
606 606
607 if (flags[i] == SE_SBLABELSUPP) 607 if (flags[i] == SE_SBLABELSUPP)
608 continue; 608 continue;
609 rc = security_context_to_sid(mount_options[i], 609 rc = security_context_to_sid(mount_options[i],
610 strlen(mount_options[i]), &sid); 610 strlen(mount_options[i]), &sid);
611 if (rc) { 611 if (rc) {
612 printk(KERN_WARNING "SELinux: security_context_to_sid" 612 printk(KERN_WARNING "SELinux: security_context_to_sid"
613 "(%s) failed for (dev %s, type %s) errno=%d\n", 613 "(%s) failed for (dev %s, type %s) errno=%d\n",
614 mount_options[i], sb->s_id, name, rc); 614 mount_options[i], sb->s_id, name, rc);
615 goto out; 615 goto out;
616 } 616 }
617 switch (flags[i]) { 617 switch (flags[i]) {
618 case FSCONTEXT_MNT: 618 case FSCONTEXT_MNT:
619 fscontext_sid = sid; 619 fscontext_sid = sid;
620 620
621 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, 621 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
622 fscontext_sid)) 622 fscontext_sid))
623 goto out_double_mount; 623 goto out_double_mount;
624 624
625 sbsec->flags |= FSCONTEXT_MNT; 625 sbsec->flags |= FSCONTEXT_MNT;
626 break; 626 break;
627 case CONTEXT_MNT: 627 case CONTEXT_MNT:
628 context_sid = sid; 628 context_sid = sid;
629 629
630 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, 630 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
631 context_sid)) 631 context_sid))
632 goto out_double_mount; 632 goto out_double_mount;
633 633
634 sbsec->flags |= CONTEXT_MNT; 634 sbsec->flags |= CONTEXT_MNT;
635 break; 635 break;
636 case ROOTCONTEXT_MNT: 636 case ROOTCONTEXT_MNT:
637 rootcontext_sid = sid; 637 rootcontext_sid = sid;
638 638
639 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, 639 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
640 rootcontext_sid)) 640 rootcontext_sid))
641 goto out_double_mount; 641 goto out_double_mount;
642 642
643 sbsec->flags |= ROOTCONTEXT_MNT; 643 sbsec->flags |= ROOTCONTEXT_MNT;
644 644
645 break; 645 break;
646 case DEFCONTEXT_MNT: 646 case DEFCONTEXT_MNT:
647 defcontext_sid = sid; 647 defcontext_sid = sid;
648 648
649 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, 649 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
650 defcontext_sid)) 650 defcontext_sid))
651 goto out_double_mount; 651 goto out_double_mount;
652 652
653 sbsec->flags |= DEFCONTEXT_MNT; 653 sbsec->flags |= DEFCONTEXT_MNT;
654 654
655 break; 655 break;
656 default: 656 default:
657 rc = -EINVAL; 657 rc = -EINVAL;
658 goto out; 658 goto out;
659 } 659 }
660 } 660 }
661 661
662 if (sbsec->flags & SE_SBINITIALIZED) { 662 if (sbsec->flags & SE_SBINITIALIZED) {
663 /* previously mounted with options, but not on this attempt? */ 663 /* previously mounted with options, but not on this attempt? */
664 if ((sbsec->flags & SE_MNTMASK) && !num_opts) 664 if ((sbsec->flags & SE_MNTMASK) && !num_opts)
665 goto out_double_mount; 665 goto out_double_mount;
666 rc = 0; 666 rc = 0;
667 goto out; 667 goto out;
668 } 668 }
669 669
670 if (strcmp(sb->s_type->name, "proc") == 0) 670 if (strcmp(sb->s_type->name, "proc") == 0)
671 sbsec->flags |= SE_SBPROC; 671 sbsec->flags |= SE_SBPROC;
672 672
673 /* Determine the labeling behavior to use for this filesystem type. */ 673 /* Determine the labeling behavior to use for this filesystem type. */
674 rc = security_fs_use((sbsec->flags & SE_SBPROC) ? "proc" : sb->s_type->name, &sbsec->behavior, &sbsec->sid); 674 rc = security_fs_use((sbsec->flags & SE_SBPROC) ? "proc" : sb->s_type->name, &sbsec->behavior, &sbsec->sid);
675 if (rc) { 675 if (rc) {
676 printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n", 676 printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
677 __func__, sb->s_type->name, rc); 677 __func__, sb->s_type->name, rc);
678 goto out; 678 goto out;
679 } 679 }
680 680
681 /* sets the context of the superblock for the fs being mounted. */ 681 /* sets the context of the superblock for the fs being mounted. */
682 if (fscontext_sid) { 682 if (fscontext_sid) {
683 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred); 683 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
684 if (rc) 684 if (rc)
685 goto out; 685 goto out;
686 686
687 sbsec->sid = fscontext_sid; 687 sbsec->sid = fscontext_sid;
688 } 688 }
689 689
690 /* 690 /*
691 * Switch to using mount point labeling behavior. 691 * Switch to using mount point labeling behavior.
692 * sets the label used on all file below the mountpoint, and will set 692 * sets the label used on all file below the mountpoint, and will set
693 * the superblock context if not already set. 693 * the superblock context if not already set.
694 */ 694 */
695 if (context_sid) { 695 if (context_sid) {
696 if (!fscontext_sid) { 696 if (!fscontext_sid) {
697 rc = may_context_mount_sb_relabel(context_sid, sbsec, 697 rc = may_context_mount_sb_relabel(context_sid, sbsec,
698 cred); 698 cred);
699 if (rc) 699 if (rc)
700 goto out; 700 goto out;
701 sbsec->sid = context_sid; 701 sbsec->sid = context_sid;
702 } else { 702 } else {
703 rc = may_context_mount_inode_relabel(context_sid, sbsec, 703 rc = may_context_mount_inode_relabel(context_sid, sbsec,
704 cred); 704 cred);
705 if (rc) 705 if (rc)
706 goto out; 706 goto out;
707 } 707 }
708 if (!rootcontext_sid) 708 if (!rootcontext_sid)
709 rootcontext_sid = context_sid; 709 rootcontext_sid = context_sid;
710 710
711 sbsec->mntpoint_sid = context_sid; 711 sbsec->mntpoint_sid = context_sid;
712 sbsec->behavior = SECURITY_FS_USE_MNTPOINT; 712 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
713 } 713 }
714 714
715 if (rootcontext_sid) { 715 if (rootcontext_sid) {
716 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec, 716 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
717 cred); 717 cred);
718 if (rc) 718 if (rc)
719 goto out; 719 goto out;
720 720
721 root_isec->sid = rootcontext_sid; 721 root_isec->sid = rootcontext_sid;
722 root_isec->initialized = 1; 722 root_isec->initialized = 1;
723 } 723 }
724 724
725 if (defcontext_sid) { 725 if (defcontext_sid) {
726 if (sbsec->behavior != SECURITY_FS_USE_XATTR) { 726 if (sbsec->behavior != SECURITY_FS_USE_XATTR) {
727 rc = -EINVAL; 727 rc = -EINVAL;
728 printk(KERN_WARNING "SELinux: defcontext option is " 728 printk(KERN_WARNING "SELinux: defcontext option is "
729 "invalid for this filesystem type\n"); 729 "invalid for this filesystem type\n");
730 goto out; 730 goto out;
731 } 731 }
732 732
733 if (defcontext_sid != sbsec->def_sid) { 733 if (defcontext_sid != sbsec->def_sid) {
734 rc = may_context_mount_inode_relabel(defcontext_sid, 734 rc = may_context_mount_inode_relabel(defcontext_sid,
735 sbsec, cred); 735 sbsec, cred);
736 if (rc) 736 if (rc)
737 goto out; 737 goto out;
738 } 738 }
739 739
740 sbsec->def_sid = defcontext_sid; 740 sbsec->def_sid = defcontext_sid;
741 } 741 }
742 742
743 rc = sb_finish_set_opts(sb); 743 rc = sb_finish_set_opts(sb);
744 out: 744 out:
745 mutex_unlock(&sbsec->lock); 745 mutex_unlock(&sbsec->lock);
746 return rc; 746 return rc;
747 out_double_mount: 747 out_double_mount:
748 rc = -EINVAL; 748 rc = -EINVAL;
749 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different " 749 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
750 "security settings for (dev %s, type %s)\n", sb->s_id, name); 750 "security settings for (dev %s, type %s)\n", sb->s_id, name);
751 goto out; 751 goto out;
752 } 752 }
753 753
754 static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb, 754 static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
755 struct super_block *newsb) 755 struct super_block *newsb)
756 { 756 {
757 const struct superblock_security_struct *oldsbsec = oldsb->s_security; 757 const struct superblock_security_struct *oldsbsec = oldsb->s_security;
758 struct superblock_security_struct *newsbsec = newsb->s_security; 758 struct superblock_security_struct *newsbsec = newsb->s_security;
759 759
760 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT); 760 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
761 int set_context = (oldsbsec->flags & CONTEXT_MNT); 761 int set_context = (oldsbsec->flags & CONTEXT_MNT);
762 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT); 762 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
763 763
764 /* 764 /*
765 * if the parent was able to be mounted it clearly had no special lsm 765 * if the parent was able to be mounted it clearly had no special lsm
766 * mount options. thus we can safely deal with this superblock later 766 * mount options. thus we can safely deal with this superblock later
767 */ 767 */
768 if (!ss_initialized) 768 if (!ss_initialized)
769 return; 769 return;
770 770
771 /* how can we clone if the old one wasn't set up?? */ 771 /* how can we clone if the old one wasn't set up?? */
772 BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED)); 772 BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
773 773
774 /* if fs is reusing a sb, just let its options stand... */ 774 /* if fs is reusing a sb, just let its options stand... */
775 if (newsbsec->flags & SE_SBINITIALIZED) 775 if (newsbsec->flags & SE_SBINITIALIZED)
776 return; 776 return;
777 777
778 mutex_lock(&newsbsec->lock); 778 mutex_lock(&newsbsec->lock);
779 779
780 newsbsec->flags = oldsbsec->flags; 780 newsbsec->flags = oldsbsec->flags;
781 781
782 newsbsec->sid = oldsbsec->sid; 782 newsbsec->sid = oldsbsec->sid;
783 newsbsec->def_sid = oldsbsec->def_sid; 783 newsbsec->def_sid = oldsbsec->def_sid;
784 newsbsec->behavior = oldsbsec->behavior; 784 newsbsec->behavior = oldsbsec->behavior;
785 785
786 if (set_context) { 786 if (set_context) {
787 u32 sid = oldsbsec->mntpoint_sid; 787 u32 sid = oldsbsec->mntpoint_sid;
788 788
789 if (!set_fscontext) 789 if (!set_fscontext)
790 newsbsec->sid = sid; 790 newsbsec->sid = sid;
791 if (!set_rootcontext) { 791 if (!set_rootcontext) {
792 struct inode *newinode = newsb->s_root->d_inode; 792 struct inode *newinode = newsb->s_root->d_inode;
793 struct inode_security_struct *newisec = newinode->i_security; 793 struct inode_security_struct *newisec = newinode->i_security;
794 newisec->sid = sid; 794 newisec->sid = sid;
795 } 795 }
796 newsbsec->mntpoint_sid = sid; 796 newsbsec->mntpoint_sid = sid;
797 } 797 }
798 if (set_rootcontext) { 798 if (set_rootcontext) {
799 const struct inode *oldinode = oldsb->s_root->d_inode; 799 const struct inode *oldinode = oldsb->s_root->d_inode;
800 const struct inode_security_struct *oldisec = oldinode->i_security; 800 const struct inode_security_struct *oldisec = oldinode->i_security;
801 struct inode *newinode = newsb->s_root->d_inode; 801 struct inode *newinode = newsb->s_root->d_inode;
802 struct inode_security_struct *newisec = newinode->i_security; 802 struct inode_security_struct *newisec = newinode->i_security;
803 803
804 newisec->sid = oldisec->sid; 804 newisec->sid = oldisec->sid;
805 } 805 }
806 806
807 sb_finish_set_opts(newsb); 807 sb_finish_set_opts(newsb);
808 mutex_unlock(&newsbsec->lock); 808 mutex_unlock(&newsbsec->lock);
809 } 809 }
810 810
811 static int selinux_parse_opts_str(char *options, 811 static int selinux_parse_opts_str(char *options,
812 struct security_mnt_opts *opts) 812 struct security_mnt_opts *opts)
813 { 813 {
814 char *p; 814 char *p;
815 char *context = NULL, *defcontext = NULL; 815 char *context = NULL, *defcontext = NULL;
816 char *fscontext = NULL, *rootcontext = NULL; 816 char *fscontext = NULL, *rootcontext = NULL;
817 int rc, num_mnt_opts = 0; 817 int rc, num_mnt_opts = 0;
818 818
819 opts->num_mnt_opts = 0; 819 opts->num_mnt_opts = 0;
820 820
821 /* Standard string-based options. */ 821 /* Standard string-based options. */
822 while ((p = strsep(&options, "|")) != NULL) { 822 while ((p = strsep(&options, "|")) != NULL) {
823 int token; 823 int token;
824 substring_t args[MAX_OPT_ARGS]; 824 substring_t args[MAX_OPT_ARGS];
825 825
826 if (!*p) 826 if (!*p)
827 continue; 827 continue;
828 828
829 token = match_token(p, tokens, args); 829 token = match_token(p, tokens, args);
830 830
831 switch (token) { 831 switch (token) {
832 case Opt_context: 832 case Opt_context:
833 if (context || defcontext) { 833 if (context || defcontext) {
834 rc = -EINVAL; 834 rc = -EINVAL;
835 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG); 835 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
836 goto out_err; 836 goto out_err;
837 } 837 }
838 context = match_strdup(&args[0]); 838 context = match_strdup(&args[0]);
839 if (!context) { 839 if (!context) {
840 rc = -ENOMEM; 840 rc = -ENOMEM;
841 goto out_err; 841 goto out_err;
842 } 842 }
843 break; 843 break;
844 844
845 case Opt_fscontext: 845 case Opt_fscontext:
846 if (fscontext) { 846 if (fscontext) {
847 rc = -EINVAL; 847 rc = -EINVAL;
848 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG); 848 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
849 goto out_err; 849 goto out_err;
850 } 850 }
851 fscontext = match_strdup(&args[0]); 851 fscontext = match_strdup(&args[0]);
852 if (!fscontext) { 852 if (!fscontext) {
853 rc = -ENOMEM; 853 rc = -ENOMEM;
854 goto out_err; 854 goto out_err;
855 } 855 }
856 break; 856 break;
857 857
858 case Opt_rootcontext: 858 case Opt_rootcontext:
859 if (rootcontext) { 859 if (rootcontext) {
860 rc = -EINVAL; 860 rc = -EINVAL;
861 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG); 861 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
862 goto out_err; 862 goto out_err;
863 } 863 }
864 rootcontext = match_strdup(&args[0]); 864 rootcontext = match_strdup(&args[0]);
865 if (!rootcontext) { 865 if (!rootcontext) {
866 rc = -ENOMEM; 866 rc = -ENOMEM;
867 goto out_err; 867 goto out_err;
868 } 868 }
869 break; 869 break;
870 870
871 case Opt_defcontext: 871 case Opt_defcontext:
872 if (context || defcontext) { 872 if (context || defcontext) {
873 rc = -EINVAL; 873 rc = -EINVAL;
874 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG); 874 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
875 goto out_err; 875 goto out_err;
876 } 876 }
877 defcontext = match_strdup(&args[0]); 877 defcontext = match_strdup(&args[0]);
878 if (!defcontext) { 878 if (!defcontext) {
879 rc = -ENOMEM; 879 rc = -ENOMEM;
880 goto out_err; 880 goto out_err;
881 } 881 }
882 break; 882 break;
883 case Opt_labelsupport: 883 case Opt_labelsupport:
884 break; 884 break;
885 default: 885 default:
886 rc = -EINVAL; 886 rc = -EINVAL;
887 printk(KERN_WARNING "SELinux: unknown mount option\n"); 887 printk(KERN_WARNING "SELinux: unknown mount option\n");
888 goto out_err; 888 goto out_err;
889 889
890 } 890 }
891 } 891 }
892 892
893 rc = -ENOMEM; 893 rc = -ENOMEM;
894 opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_ATOMIC); 894 opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_ATOMIC);
895 if (!opts->mnt_opts) 895 if (!opts->mnt_opts)
896 goto out_err; 896 goto out_err;
897 897
898 opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), GFP_ATOMIC); 898 opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), GFP_ATOMIC);
899 if (!opts->mnt_opts_flags) { 899 if (!opts->mnt_opts_flags) {
900 kfree(opts->mnt_opts); 900 kfree(opts->mnt_opts);
901 goto out_err; 901 goto out_err;
902 } 902 }
903 903
904 if (fscontext) { 904 if (fscontext) {
905 opts->mnt_opts[num_mnt_opts] = fscontext; 905 opts->mnt_opts[num_mnt_opts] = fscontext;
906 opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT; 906 opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT;
907 } 907 }
908 if (context) { 908 if (context) {
909 opts->mnt_opts[num_mnt_opts] = context; 909 opts->mnt_opts[num_mnt_opts] = context;
910 opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT; 910 opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT;
911 } 911 }
912 if (rootcontext) { 912 if (rootcontext) {
913 opts->mnt_opts[num_mnt_opts] = rootcontext; 913 opts->mnt_opts[num_mnt_opts] = rootcontext;
914 opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT; 914 opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT;
915 } 915 }
916 if (defcontext) { 916 if (defcontext) {
917 opts->mnt_opts[num_mnt_opts] = defcontext; 917 opts->mnt_opts[num_mnt_opts] = defcontext;
918 opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT; 918 opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT;
919 } 919 }
920 920
921 opts->num_mnt_opts = num_mnt_opts; 921 opts->num_mnt_opts = num_mnt_opts;
922 return 0; 922 return 0;
923 923
924 out_err: 924 out_err:
925 kfree(context); 925 kfree(context);
926 kfree(defcontext); 926 kfree(defcontext);
927 kfree(fscontext); 927 kfree(fscontext);
928 kfree(rootcontext); 928 kfree(rootcontext);
929 return rc; 929 return rc;
930 } 930 }
931 /* 931 /*
932 * string mount options parsing and call set the sbsec 932 * string mount options parsing and call set the sbsec
933 */ 933 */
934 static int superblock_doinit(struct super_block *sb, void *data) 934 static int superblock_doinit(struct super_block *sb, void *data)
935 { 935 {
936 int rc = 0; 936 int rc = 0;
937 char *options = data; 937 char *options = data;
938 struct security_mnt_opts opts; 938 struct security_mnt_opts opts;
939 939
940 security_init_mnt_opts(&opts); 940 security_init_mnt_opts(&opts);
941 941
942 if (!data) 942 if (!data)
943 goto out; 943 goto out;
944 944
945 BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA); 945 BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);
946 946
947 rc = selinux_parse_opts_str(options, &opts); 947 rc = selinux_parse_opts_str(options, &opts);
948 if (rc) 948 if (rc)
949 goto out_err; 949 goto out_err;
950 950
951 out: 951 out:
952 rc = selinux_set_mnt_opts(sb, &opts); 952 rc = selinux_set_mnt_opts(sb, &opts);
953 953
954 out_err: 954 out_err:
955 security_free_mnt_opts(&opts); 955 security_free_mnt_opts(&opts);
956 return rc; 956 return rc;
957 } 957 }
958 958
959 static void selinux_write_opts(struct seq_file *m, 959 static void selinux_write_opts(struct seq_file *m,
960 struct security_mnt_opts *opts) 960 struct security_mnt_opts *opts)
961 { 961 {
962 int i; 962 int i;
963 char *prefix; 963 char *prefix;
964 964
965 for (i = 0; i < opts->num_mnt_opts; i++) { 965 for (i = 0; i < opts->num_mnt_opts; i++) {
966 char *has_comma; 966 char *has_comma;
967 967
968 if (opts->mnt_opts[i]) 968 if (opts->mnt_opts[i])
969 has_comma = strchr(opts->mnt_opts[i], ','); 969 has_comma = strchr(opts->mnt_opts[i], ',');
970 else 970 else
971 has_comma = NULL; 971 has_comma = NULL;
972 972
973 switch (opts->mnt_opts_flags[i]) { 973 switch (opts->mnt_opts_flags[i]) {
974 case CONTEXT_MNT: 974 case CONTEXT_MNT:
975 prefix = CONTEXT_STR; 975 prefix = CONTEXT_STR;
976 break; 976 break;
977 case FSCONTEXT_MNT: 977 case FSCONTEXT_MNT:
978 prefix = FSCONTEXT_STR; 978 prefix = FSCONTEXT_STR;
979 break; 979 break;
980 case ROOTCONTEXT_MNT: 980 case ROOTCONTEXT_MNT:
981 prefix = ROOTCONTEXT_STR; 981 prefix = ROOTCONTEXT_STR;
982 break; 982 break;
983 case DEFCONTEXT_MNT: 983 case DEFCONTEXT_MNT:
984 prefix = DEFCONTEXT_STR; 984 prefix = DEFCONTEXT_STR;
985 break; 985 break;
986 case SE_SBLABELSUPP: 986 case SE_SBLABELSUPP:
987 seq_putc(m, ','); 987 seq_putc(m, ',');
988 seq_puts(m, LABELSUPP_STR); 988 seq_puts(m, LABELSUPP_STR);
989 continue; 989 continue;
990 default: 990 default:
991 BUG(); 991 BUG();
992 return; 992 return;
993 }; 993 };
994 /* we need a comma before each option */ 994 /* we need a comma before each option */
995 seq_putc(m, ','); 995 seq_putc(m, ',');
996 seq_puts(m, prefix); 996 seq_puts(m, prefix);
997 if (has_comma) 997 if (has_comma)
998 seq_putc(m, '\"'); 998 seq_putc(m, '\"');
999 seq_puts(m, opts->mnt_opts[i]); 999 seq_puts(m, opts->mnt_opts[i]);
1000 if (has_comma) 1000 if (has_comma)
1001 seq_putc(m, '\"'); 1001 seq_putc(m, '\"');
1002 } 1002 }
1003 } 1003 }
1004 1004
1005 static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb) 1005 static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
1006 { 1006 {
1007 struct security_mnt_opts opts; 1007 struct security_mnt_opts opts;
1008 int rc; 1008 int rc;
1009 1009
1010 rc = selinux_get_mnt_opts(sb, &opts); 1010 rc = selinux_get_mnt_opts(sb, &opts);
1011 if (rc) { 1011 if (rc) {
1012 /* before policy load we may get EINVAL, don't show anything */ 1012 /* before policy load we may get EINVAL, don't show anything */
1013 if (rc == -EINVAL) 1013 if (rc == -EINVAL)
1014 rc = 0; 1014 rc = 0;
1015 return rc; 1015 return rc;
1016 } 1016 }
1017 1017
1018 selinux_write_opts(m, &opts); 1018 selinux_write_opts(m, &opts);
1019 1019
1020 security_free_mnt_opts(&opts); 1020 security_free_mnt_opts(&opts);
1021 1021
1022 return rc; 1022 return rc;
1023 } 1023 }
1024 1024
1025 static inline u16 inode_mode_to_security_class(umode_t mode) 1025 static inline u16 inode_mode_to_security_class(umode_t mode)
1026 { 1026 {
1027 switch (mode & S_IFMT) { 1027 switch (mode & S_IFMT) {
1028 case S_IFSOCK: 1028 case S_IFSOCK:
1029 return SECCLASS_SOCK_FILE; 1029 return SECCLASS_SOCK_FILE;
1030 case S_IFLNK: 1030 case S_IFLNK:
1031 return SECCLASS_LNK_FILE; 1031 return SECCLASS_LNK_FILE;
1032 case S_IFREG: 1032 case S_IFREG:
1033 return SECCLASS_FILE; 1033 return SECCLASS_FILE;
1034 case S_IFBLK: 1034 case S_IFBLK:
1035 return SECCLASS_BLK_FILE; 1035 return SECCLASS_BLK_FILE;
1036 case S_IFDIR: 1036 case S_IFDIR:
1037 return SECCLASS_DIR; 1037 return SECCLASS_DIR;
1038 case S_IFCHR: 1038 case S_IFCHR:
1039 return SECCLASS_CHR_FILE; 1039 return SECCLASS_CHR_FILE;
1040 case S_IFIFO: 1040 case S_IFIFO:
1041 return SECCLASS_FIFO_FILE; 1041 return SECCLASS_FIFO_FILE;
1042 1042
1043 } 1043 }
1044 1044
1045 return SECCLASS_FILE; 1045 return SECCLASS_FILE;
1046 } 1046 }
1047 1047
1048 static inline int default_protocol_stream(int protocol) 1048 static inline int default_protocol_stream(int protocol)
1049 { 1049 {
1050 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP); 1050 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
1051 } 1051 }
1052 1052
1053 static inline int default_protocol_dgram(int protocol) 1053 static inline int default_protocol_dgram(int protocol)
1054 { 1054 {
1055 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP); 1055 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
1056 } 1056 }
1057 1057
1058 static inline u16 socket_type_to_security_class(int family, int type, int protocol) 1058 static inline u16 socket_type_to_security_class(int family, int type, int protocol)
1059 { 1059 {
1060 switch (family) { 1060 switch (family) {
1061 case PF_UNIX: 1061 case PF_UNIX:
1062 switch (type) { 1062 switch (type) {
1063 case SOCK_STREAM: 1063 case SOCK_STREAM:
1064 case SOCK_SEQPACKET: 1064 case SOCK_SEQPACKET:
1065 return SECCLASS_UNIX_STREAM_SOCKET; 1065 return SECCLASS_UNIX_STREAM_SOCKET;
1066 case SOCK_DGRAM: 1066 case SOCK_DGRAM:
1067 return SECCLASS_UNIX_DGRAM_SOCKET; 1067 return SECCLASS_UNIX_DGRAM_SOCKET;
1068 } 1068 }
1069 break; 1069 break;
1070 case PF_INET: 1070 case PF_INET:
1071 case PF_INET6: 1071 case PF_INET6:
1072 switch (type) { 1072 switch (type) {
1073 case SOCK_STREAM: 1073 case SOCK_STREAM:
1074 if (default_protocol_stream(protocol)) 1074 if (default_protocol_stream(protocol))
1075 return SECCLASS_TCP_SOCKET; 1075 return SECCLASS_TCP_SOCKET;
1076 else 1076 else
1077 return SECCLASS_RAWIP_SOCKET; 1077 return SECCLASS_RAWIP_SOCKET;
1078 case SOCK_DGRAM: 1078 case SOCK_DGRAM:
1079 if (default_protocol_dgram(protocol)) 1079 if (default_protocol_dgram(protocol))
1080 return SECCLASS_UDP_SOCKET; 1080 return SECCLASS_UDP_SOCKET;
1081 else 1081 else
1082 return SECCLASS_RAWIP_SOCKET; 1082 return SECCLASS_RAWIP_SOCKET;
1083 case SOCK_DCCP: 1083 case SOCK_DCCP:
1084 return SECCLASS_DCCP_SOCKET; 1084 return SECCLASS_DCCP_SOCKET;
1085 default: 1085 default:
1086 return SECCLASS_RAWIP_SOCKET; 1086 return SECCLASS_RAWIP_SOCKET;
1087 } 1087 }
1088 break; 1088 break;
1089 case PF_NETLINK: 1089 case PF_NETLINK:
1090 switch (protocol) { 1090 switch (protocol) {
1091 case NETLINK_ROUTE: 1091 case NETLINK_ROUTE:
1092 return SECCLASS_NETLINK_ROUTE_SOCKET; 1092 return SECCLASS_NETLINK_ROUTE_SOCKET;
1093 case NETLINK_FIREWALL: 1093 case NETLINK_FIREWALL:
1094 return SECCLASS_NETLINK_FIREWALL_SOCKET; 1094 return SECCLASS_NETLINK_FIREWALL_SOCKET;
1095 case NETLINK_INET_DIAG: 1095 case NETLINK_INET_DIAG:
1096 return SECCLASS_NETLINK_TCPDIAG_SOCKET; 1096 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
1097 case NETLINK_NFLOG: 1097 case NETLINK_NFLOG:
1098 return SECCLASS_NETLINK_NFLOG_SOCKET; 1098 return SECCLASS_NETLINK_NFLOG_SOCKET;
1099 case NETLINK_XFRM: 1099 case NETLINK_XFRM:
1100 return SECCLASS_NETLINK_XFRM_SOCKET; 1100 return SECCLASS_NETLINK_XFRM_SOCKET;
1101 case NETLINK_SELINUX: 1101 case NETLINK_SELINUX:
1102 return SECCLASS_NETLINK_SELINUX_SOCKET; 1102 return SECCLASS_NETLINK_SELINUX_SOCKET;
1103 case NETLINK_AUDIT: 1103 case NETLINK_AUDIT:
1104 return SECCLASS_NETLINK_AUDIT_SOCKET; 1104 return SECCLASS_NETLINK_AUDIT_SOCKET;
1105 case NETLINK_IP6_FW: 1105 case NETLINK_IP6_FW:
1106 return SECCLASS_NETLINK_IP6FW_SOCKET; 1106 return SECCLASS_NETLINK_IP6FW_SOCKET;
1107 case NETLINK_DNRTMSG: 1107 case NETLINK_DNRTMSG:
1108 return SECCLASS_NETLINK_DNRT_SOCKET; 1108 return SECCLASS_NETLINK_DNRT_SOCKET;
1109 case NETLINK_KOBJECT_UEVENT: 1109 case NETLINK_KOBJECT_UEVENT:
1110 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET; 1110 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
1111 default: 1111 default:
1112 return SECCLASS_NETLINK_SOCKET; 1112 return SECCLASS_NETLINK_SOCKET;
1113 } 1113 }
1114 case PF_PACKET: 1114 case PF_PACKET:
1115 return SECCLASS_PACKET_SOCKET; 1115 return SECCLASS_PACKET_SOCKET;
1116 case PF_KEY: 1116 case PF_KEY:
1117 return SECCLASS_KEY_SOCKET; 1117 return SECCLASS_KEY_SOCKET;
1118 case PF_APPLETALK: 1118 case PF_APPLETALK:
1119 return SECCLASS_APPLETALK_SOCKET; 1119 return SECCLASS_APPLETALK_SOCKET;
1120 } 1120 }
1121 1121
1122 return SECCLASS_SOCKET; 1122 return SECCLASS_SOCKET;
1123 } 1123 }
1124 1124
1125 #ifdef CONFIG_PROC_FS 1125 #ifdef CONFIG_PROC_FS
1126 static int selinux_proc_get_sid(struct dentry *dentry, 1126 static int selinux_proc_get_sid(struct dentry *dentry,
1127 u16 tclass, 1127 u16 tclass,
1128 u32 *sid) 1128 u32 *sid)
1129 { 1129 {
1130 int rc; 1130 int rc;
1131 char *buffer, *path; 1131 char *buffer, *path;
1132 1132
1133 buffer = (char *)__get_free_page(GFP_KERNEL); 1133 buffer = (char *)__get_free_page(GFP_KERNEL);
1134 if (!buffer) 1134 if (!buffer)
1135 return -ENOMEM; 1135 return -ENOMEM;
1136 1136
1137 path = dentry_path_raw(dentry, buffer, PAGE_SIZE); 1137 path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
1138 if (IS_ERR(path)) 1138 if (IS_ERR(path))
1139 rc = PTR_ERR(path); 1139 rc = PTR_ERR(path);
1140 else { 1140 else {
1141 /* each process gets a /proc/PID/ entry. Strip off the 1141 /* each process gets a /proc/PID/ entry. Strip off the
1142 * PID part to get a valid selinux labeling. 1142 * PID part to get a valid selinux labeling.
1143 * e.g. /proc/1/net/rpc/nfs -> /net/rpc/nfs */ 1143 * e.g. /proc/1/net/rpc/nfs -> /net/rpc/nfs */
1144 while (path[1] >= '0' && path[1] <= '9') { 1144 while (path[1] >= '0' && path[1] <= '9') {
1145 path[1] = '/'; 1145 path[1] = '/';
1146 path++; 1146 path++;
1147 } 1147 }
1148 rc = security_genfs_sid("proc", path, tclass, sid); 1148 rc = security_genfs_sid("proc", path, tclass, sid);
1149 } 1149 }
1150 free_page((unsigned long)buffer); 1150 free_page((unsigned long)buffer);
1151 return rc; 1151 return rc;
1152 } 1152 }
1153 #else 1153 #else
1154 static int selinux_proc_get_sid(struct dentry *dentry, 1154 static int selinux_proc_get_sid(struct dentry *dentry,
1155 u16 tclass, 1155 u16 tclass,
1156 u32 *sid) 1156 u32 *sid)
1157 { 1157 {
1158 return -EINVAL; 1158 return -EINVAL;
1159 } 1159 }
1160 #endif 1160 #endif
1161 1161
1162 /* The inode's security attributes must be initialized before first use. */ 1162 /* The inode's security attributes must be initialized before first use. */
1163 static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry) 1163 static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1164 { 1164 {
1165 struct superblock_security_struct *sbsec = NULL; 1165 struct superblock_security_struct *sbsec = NULL;
1166 struct inode_security_struct *isec = inode->i_security; 1166 struct inode_security_struct *isec = inode->i_security;
1167 u32 sid; 1167 u32 sid;
1168 struct dentry *dentry; 1168 struct dentry *dentry;
1169 #define INITCONTEXTLEN 255 1169 #define INITCONTEXTLEN 255
1170 char *context = NULL; 1170 char *context = NULL;
1171 unsigned len = 0; 1171 unsigned len = 0;
1172 int rc = 0; 1172 int rc = 0;
1173 1173
1174 if (isec->initialized) 1174 if (isec->initialized)
1175 goto out; 1175 goto out;
1176 1176
1177 mutex_lock(&isec->lock); 1177 mutex_lock(&isec->lock);
1178 if (isec->initialized) 1178 if (isec->initialized)
1179 goto out_unlock; 1179 goto out_unlock;
1180 1180
1181 sbsec = inode->i_sb->s_security; 1181 sbsec = inode->i_sb->s_security;
1182 if (!(sbsec->flags & SE_SBINITIALIZED)) { 1182 if (!(sbsec->flags & SE_SBINITIALIZED)) {
1183 /* Defer initialization until selinux_complete_init, 1183 /* Defer initialization until selinux_complete_init,
1184 after the initial policy is loaded and the security 1184 after the initial policy is loaded and the security
1185 server is ready to handle calls. */ 1185 server is ready to handle calls. */
1186 spin_lock(&sbsec->isec_lock); 1186 spin_lock(&sbsec->isec_lock);
1187 if (list_empty(&isec->list)) 1187 if (list_empty(&isec->list))
1188 list_add(&isec->list, &sbsec->isec_head); 1188 list_add(&isec->list, &sbsec->isec_head);
1189 spin_unlock(&sbsec->isec_lock); 1189 spin_unlock(&sbsec->isec_lock);
1190 goto out_unlock; 1190 goto out_unlock;
1191 } 1191 }
1192 1192
1193 switch (sbsec->behavior) { 1193 switch (sbsec->behavior) {
1194 case SECURITY_FS_USE_XATTR: 1194 case SECURITY_FS_USE_XATTR:
1195 if (!inode->i_op->getxattr) { 1195 if (!inode->i_op->getxattr) {
1196 isec->sid = sbsec->def_sid; 1196 isec->sid = sbsec->def_sid;
1197 break; 1197 break;
1198 } 1198 }
1199 1199
1200 /* Need a dentry, since the xattr API requires one. 1200 /* Need a dentry, since the xattr API requires one.
1201 Life would be simpler if we could just pass the inode. */ 1201 Life would be simpler if we could just pass the inode. */
1202 if (opt_dentry) { 1202 if (opt_dentry) {
1203 /* Called from d_instantiate or d_splice_alias. */ 1203 /* Called from d_instantiate or d_splice_alias. */
1204 dentry = dget(opt_dentry); 1204 dentry = dget(opt_dentry);
1205 } else { 1205 } else {
1206 /* Called from selinux_complete_init, try to find a dentry. */ 1206 /* Called from selinux_complete_init, try to find a dentry. */
1207 dentry = d_find_alias(inode); 1207 dentry = d_find_alias(inode);
1208 } 1208 }
1209 if (!dentry) { 1209 if (!dentry) {
1210 /* 1210 /*
1211 * this is can be hit on boot when a file is accessed 1211 * this is can be hit on boot when a file is accessed
1212 * before the policy is loaded. When we load policy we 1212 * before the policy is loaded. When we load policy we
1213 * may find inodes that have no dentry on the 1213 * may find inodes that have no dentry on the
1214 * sbsec->isec_head list. No reason to complain as these 1214 * sbsec->isec_head list. No reason to complain as these
1215 * will get fixed up the next time we go through 1215 * will get fixed up the next time we go through
1216 * inode_doinit with a dentry, before these inodes could 1216 * inode_doinit with a dentry, before these inodes could
1217 * be used again by userspace. 1217 * be used again by userspace.
1218 */ 1218 */
1219 goto out_unlock; 1219 goto out_unlock;
1220 } 1220 }
1221 1221
1222 len = INITCONTEXTLEN; 1222 len = INITCONTEXTLEN;
1223 context = kmalloc(len+1, GFP_NOFS); 1223 context = kmalloc(len+1, GFP_NOFS);
1224 if (!context) { 1224 if (!context) {
1225 rc = -ENOMEM; 1225 rc = -ENOMEM;
1226 dput(dentry); 1226 dput(dentry);
1227 goto out_unlock; 1227 goto out_unlock;
1228 } 1228 }
1229 context[len] = '\0'; 1229 context[len] = '\0';
1230 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX, 1230 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1231 context, len); 1231 context, len);
1232 if (rc == -ERANGE) { 1232 if (rc == -ERANGE) {
1233 kfree(context); 1233 kfree(context);
1234 1234
1235 /* Need a larger buffer. Query for the right size. */ 1235 /* Need a larger buffer. Query for the right size. */
1236 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX, 1236 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1237 NULL, 0); 1237 NULL, 0);
1238 if (rc < 0) { 1238 if (rc < 0) {
1239 dput(dentry); 1239 dput(dentry);
1240 goto out_unlock; 1240 goto out_unlock;
1241 } 1241 }
1242 len = rc; 1242 len = rc;
1243 context = kmalloc(len+1, GFP_NOFS); 1243 context = kmalloc(len+1, GFP_NOFS);
1244 if (!context) { 1244 if (!context) {
1245 rc = -ENOMEM; 1245 rc = -ENOMEM;
1246 dput(dentry); 1246 dput(dentry);
1247 goto out_unlock; 1247 goto out_unlock;
1248 } 1248 }
1249 context[len] = '\0'; 1249 context[len] = '\0';
1250 rc = inode->i_op->getxattr(dentry, 1250 rc = inode->i_op->getxattr(dentry,
1251 XATTR_NAME_SELINUX, 1251 XATTR_NAME_SELINUX,
1252 context, len); 1252 context, len);
1253 } 1253 }
1254 dput(dentry); 1254 dput(dentry);
1255 if (rc < 0) { 1255 if (rc < 0) {
1256 if (rc != -ENODATA) { 1256 if (rc != -ENODATA) {
1257 printk(KERN_WARNING "SELinux: %s: getxattr returned " 1257 printk(KERN_WARNING "SELinux: %s: getxattr returned "
1258 "%d for dev=%s ino=%ld\n", __func__, 1258 "%d for dev=%s ino=%ld\n", __func__,
1259 -rc, inode->i_sb->s_id, inode->i_ino); 1259 -rc, inode->i_sb->s_id, inode->i_ino);
1260 kfree(context); 1260 kfree(context);
1261 goto out_unlock; 1261 goto out_unlock;
1262 } 1262 }
1263 /* Map ENODATA to the default file SID */ 1263 /* Map ENODATA to the default file SID */
1264 sid = sbsec->def_sid; 1264 sid = sbsec->def_sid;
1265 rc = 0; 1265 rc = 0;
1266 } else { 1266 } else {
1267 rc = security_context_to_sid_default(context, rc, &sid, 1267 rc = security_context_to_sid_default(context, rc, &sid,
1268 sbsec->def_sid, 1268 sbsec->def_sid,
1269 GFP_NOFS); 1269 GFP_NOFS);
1270 if (rc) { 1270 if (rc) {
1271 char *dev = inode->i_sb->s_id; 1271 char *dev = inode->i_sb->s_id;
1272 unsigned long ino = inode->i_ino; 1272 unsigned long ino = inode->i_ino;
1273 1273
1274 if (rc == -EINVAL) { 1274 if (rc == -EINVAL) {
1275 if (printk_ratelimit()) 1275 if (printk_ratelimit())
1276 printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid " 1276 printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid "
1277 "context=%s. This indicates you may need to relabel the inode or the " 1277 "context=%s. This indicates you may need to relabel the inode or the "
1278 "filesystem in question.\n", ino, dev, context); 1278 "filesystem in question.\n", ino, dev, context);
1279 } else { 1279 } else {
1280 printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) " 1280 printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
1281 "returned %d for dev=%s ino=%ld\n", 1281 "returned %d for dev=%s ino=%ld\n",
1282 __func__, context, -rc, dev, ino); 1282 __func__, context, -rc, dev, ino);
1283 } 1283 }
1284 kfree(context); 1284 kfree(context);
1285 /* Leave with the unlabeled SID */ 1285 /* Leave with the unlabeled SID */
1286 rc = 0; 1286 rc = 0;
1287 break; 1287 break;
1288 } 1288 }
1289 } 1289 }
1290 kfree(context); 1290 kfree(context);
1291 isec->sid = sid; 1291 isec->sid = sid;
1292 break; 1292 break;
1293 case SECURITY_FS_USE_TASK: 1293 case SECURITY_FS_USE_TASK:
1294 isec->sid = isec->task_sid; 1294 isec->sid = isec->task_sid;
1295 break; 1295 break;
1296 case SECURITY_FS_USE_TRANS: 1296 case SECURITY_FS_USE_TRANS:
1297 /* Default to the fs SID. */ 1297 /* Default to the fs SID. */
1298 isec->sid = sbsec->sid; 1298 isec->sid = sbsec->sid;
1299 1299
1300 /* Try to obtain a transition SID. */ 1300 /* Try to obtain a transition SID. */
1301 isec->sclass = inode_mode_to_security_class(inode->i_mode); 1301 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1302 rc = security_transition_sid(isec->task_sid, sbsec->sid, 1302 rc = security_transition_sid(isec->task_sid, sbsec->sid,
1303 isec->sclass, NULL, &sid); 1303 isec->sclass, NULL, &sid);
1304 if (rc) 1304 if (rc)
1305 goto out_unlock; 1305 goto out_unlock;
1306 isec->sid = sid; 1306 isec->sid = sid;
1307 break; 1307 break;
1308 case SECURITY_FS_USE_MNTPOINT: 1308 case SECURITY_FS_USE_MNTPOINT:
1309 isec->sid = sbsec->mntpoint_sid; 1309 isec->sid = sbsec->mntpoint_sid;
1310 break; 1310 break;
1311 default: 1311 default:
1312 /* Default to the fs superblock SID. */ 1312 /* Default to the fs superblock SID. */
1313 isec->sid = sbsec->sid; 1313 isec->sid = sbsec->sid;
1314 1314
1315 if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) { 1315 if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {
1316 if (opt_dentry) { 1316 if (opt_dentry) {
1317 isec->sclass = inode_mode_to_security_class(inode->i_mode); 1317 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1318 rc = selinux_proc_get_sid(opt_dentry, 1318 rc = selinux_proc_get_sid(opt_dentry,
1319 isec->sclass, 1319 isec->sclass,
1320 &sid); 1320 &sid);
1321 if (rc) 1321 if (rc)
1322 goto out_unlock; 1322 goto out_unlock;
1323 isec->sid = sid; 1323 isec->sid = sid;
1324 } 1324 }
1325 } 1325 }
1326 break; 1326 break;
1327 } 1327 }
1328 1328
1329 isec->initialized = 1; 1329 isec->initialized = 1;
1330 1330
1331 out_unlock: 1331 out_unlock:
1332 mutex_unlock(&isec->lock); 1332 mutex_unlock(&isec->lock);
1333 out: 1333 out:
1334 if (isec->sclass == SECCLASS_FILE) 1334 if (isec->sclass == SECCLASS_FILE)
1335 isec->sclass = inode_mode_to_security_class(inode->i_mode); 1335 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1336 return rc; 1336 return rc;
1337 } 1337 }
1338 1338
1339 /* Convert a Linux signal to an access vector. */ 1339 /* Convert a Linux signal to an access vector. */
1340 static inline u32 signal_to_av(int sig) 1340 static inline u32 signal_to_av(int sig)
1341 { 1341 {
1342 u32 perm = 0; 1342 u32 perm = 0;
1343 1343
1344 switch (sig) { 1344 switch (sig) {
1345 case SIGCHLD: 1345 case SIGCHLD:
1346 /* Commonly granted from child to parent. */ 1346 /* Commonly granted from child to parent. */
1347 perm = PROCESS__SIGCHLD; 1347 perm = PROCESS__SIGCHLD;
1348 break; 1348 break;
1349 case SIGKILL: 1349 case SIGKILL:
1350 /* Cannot be caught or ignored */ 1350 /* Cannot be caught or ignored */
1351 perm = PROCESS__SIGKILL; 1351 perm = PROCESS__SIGKILL;
1352 break; 1352 break;
1353 case SIGSTOP: 1353 case SIGSTOP:
1354 /* Cannot be caught or ignored */ 1354 /* Cannot be caught or ignored */
1355 perm = PROCESS__SIGSTOP; 1355 perm = PROCESS__SIGSTOP;
1356 break; 1356 break;
1357 default: 1357 default:
1358 /* All other signals. */ 1358 /* All other signals. */
1359 perm = PROCESS__SIGNAL; 1359 perm = PROCESS__SIGNAL;
1360 break; 1360 break;
1361 } 1361 }
1362 1362
1363 return perm; 1363 return perm;
1364 } 1364 }
1365 1365
1366 /* 1366 /*
1367 * Check permission between a pair of credentials 1367 * Check permission between a pair of credentials
1368 * fork check, ptrace check, etc. 1368 * fork check, ptrace check, etc.
1369 */ 1369 */
1370 static int cred_has_perm(const struct cred *actor, 1370 static int cred_has_perm(const struct cred *actor,
1371 const struct cred *target, 1371 const struct cred *target,
1372 u32 perms) 1372 u32 perms)
1373 { 1373 {
1374 u32 asid = cred_sid(actor), tsid = cred_sid(target); 1374 u32 asid = cred_sid(actor), tsid = cred_sid(target);
1375 1375
1376 return avc_has_perm(asid, tsid, SECCLASS_PROCESS, perms, NULL); 1376 return avc_has_perm(asid, tsid, SECCLASS_PROCESS, perms, NULL);
1377 } 1377 }
1378 1378
1379 /* 1379 /*
1380 * Check permission between a pair of tasks, e.g. signal checks, 1380 * Check permission between a pair of tasks, e.g. signal checks,
1381 * fork check, ptrace check, etc. 1381 * fork check, ptrace check, etc.
1382 * tsk1 is the actor and tsk2 is the target 1382 * tsk1 is the actor and tsk2 is the target
1383 * - this uses the default subjective creds of tsk1 1383 * - this uses the default subjective creds of tsk1
1384 */ 1384 */
1385 static int task_has_perm(const struct task_struct *tsk1, 1385 static int task_has_perm(const struct task_struct *tsk1,
1386 const struct task_struct *tsk2, 1386 const struct task_struct *tsk2,
1387 u32 perms) 1387 u32 perms)
1388 { 1388 {
1389 const struct task_security_struct *__tsec1, *__tsec2; 1389 const struct task_security_struct *__tsec1, *__tsec2;
1390 u32 sid1, sid2; 1390 u32 sid1, sid2;
1391 1391
1392 rcu_read_lock(); 1392 rcu_read_lock();
1393 __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid; 1393 __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid;
1394 __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid; 1394 __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid;
1395 rcu_read_unlock(); 1395 rcu_read_unlock();
1396 return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL); 1396 return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL);
1397 } 1397 }
1398 1398
1399 /* 1399 /*
1400 * Check permission between current and another task, e.g. signal checks, 1400 * Check permission between current and another task, e.g. signal checks,
1401 * fork check, ptrace check, etc. 1401 * fork check, ptrace check, etc.
1402 * current is the actor and tsk2 is the target 1402 * current is the actor and tsk2 is the target
1403 * - this uses current's subjective creds 1403 * - this uses current's subjective creds
1404 */ 1404 */
1405 static int current_has_perm(const struct task_struct *tsk, 1405 static int current_has_perm(const struct task_struct *tsk,
1406 u32 perms) 1406 u32 perms)
1407 { 1407 {
1408 u32 sid, tsid; 1408 u32 sid, tsid;
1409 1409
1410 sid = current_sid(); 1410 sid = current_sid();
1411 tsid = task_sid(tsk); 1411 tsid = task_sid(tsk);
1412 return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL); 1412 return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL);
1413 } 1413 }
1414 1414
1415 #if CAP_LAST_CAP > 63 1415 #if CAP_LAST_CAP > 63
1416 #error Fix SELinux to handle capabilities > 63. 1416 #error Fix SELinux to handle capabilities > 63.
1417 #endif 1417 #endif
1418 1418
1419 /* Check whether a task is allowed to use a capability. */ 1419 /* Check whether a task is allowed to use a capability. */
1420 static int task_has_capability(struct task_struct *tsk, 1420 static int task_has_capability(struct task_struct *tsk,
1421 const struct cred *cred, 1421 const struct cred *cred,
1422 int cap, int audit) 1422 int cap, int audit)
1423 { 1423 {
1424 struct common_audit_data ad; 1424 struct common_audit_data ad;
1425 struct av_decision avd; 1425 struct av_decision avd;
1426 u16 sclass; 1426 u16 sclass;
1427 u32 sid = cred_sid(cred); 1427 u32 sid = cred_sid(cred);
1428 u32 av = CAP_TO_MASK(cap); 1428 u32 av = CAP_TO_MASK(cap);
1429 int rc; 1429 int rc;
1430 1430
1431 COMMON_AUDIT_DATA_INIT(&ad, CAP); 1431 COMMON_AUDIT_DATA_INIT(&ad, CAP);
1432 ad.tsk = tsk; 1432 ad.tsk = tsk;
1433 ad.u.cap = cap; 1433 ad.u.cap = cap;
1434 1434
1435 switch (CAP_TO_INDEX(cap)) { 1435 switch (CAP_TO_INDEX(cap)) {
1436 case 0: 1436 case 0:
1437 sclass = SECCLASS_CAPABILITY; 1437 sclass = SECCLASS_CAPABILITY;
1438 break; 1438 break;
1439 case 1: 1439 case 1:
1440 sclass = SECCLASS_CAPABILITY2; 1440 sclass = SECCLASS_CAPABILITY2;
1441 break; 1441 break;
1442 default: 1442 default:
1443 printk(KERN_ERR 1443 printk(KERN_ERR
1444 "SELinux: out of range capability %d\n", cap); 1444 "SELinux: out of range capability %d\n", cap);
1445 BUG(); 1445 BUG();
1446 return -EINVAL; 1446 return -EINVAL;
1447 } 1447 }
1448 1448
1449 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd); 1449 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
1450 if (audit == SECURITY_CAP_AUDIT) { 1450 if (audit == SECURITY_CAP_AUDIT) {
1451 int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad, 0); 1451 int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad, 0);
1452 if (rc2) 1452 if (rc2)
1453 return rc2; 1453 return rc2;
1454 } 1454 }
1455 return rc; 1455 return rc;
1456 } 1456 }
1457 1457
1458 /* Check whether a task is allowed to use a system operation. */ 1458 /* Check whether a task is allowed to use a system operation. */
1459 static int task_has_system(struct task_struct *tsk, 1459 static int task_has_system(struct task_struct *tsk,
1460 u32 perms) 1460 u32 perms)
1461 { 1461 {
1462 u32 sid = task_sid(tsk); 1462 u32 sid = task_sid(tsk);
1463 1463
1464 return avc_has_perm(sid, SECINITSID_KERNEL, 1464 return avc_has_perm(sid, SECINITSID_KERNEL,
1465 SECCLASS_SYSTEM, perms, NULL); 1465 SECCLASS_SYSTEM, perms, NULL);
1466 } 1466 }
1467 1467
1468 /* Check whether a task has a particular permission to an inode. 1468 /* Check whether a task has a particular permission to an inode.
1469 The 'adp' parameter is optional and allows other audit 1469 The 'adp' parameter is optional and allows other audit
1470 data to be passed (e.g. the dentry). */ 1470 data to be passed (e.g. the dentry). */
1471 static int inode_has_perm(const struct cred *cred, 1471 static int inode_has_perm(const struct cred *cred,
1472 struct inode *inode, 1472 struct inode *inode,
1473 u32 perms, 1473 u32 perms,
1474 struct common_audit_data *adp, 1474 struct common_audit_data *adp,
1475 unsigned flags) 1475 unsigned flags)
1476 { 1476 {
1477 struct inode_security_struct *isec; 1477 struct inode_security_struct *isec;
1478 struct common_audit_data ad; 1478 struct common_audit_data ad;
1479 u32 sid; 1479 u32 sid;
1480 1480
1481 validate_creds(cred); 1481 validate_creds(cred);
1482 1482
1483 if (unlikely(IS_PRIVATE(inode))) 1483 if (unlikely(IS_PRIVATE(inode)))
1484 return 0; 1484 return 0;
1485 1485
1486 sid = cred_sid(cred); 1486 sid = cred_sid(cred);
1487 isec = inode->i_security; 1487 isec = inode->i_security;
1488 1488
1489 if (!adp) { 1489 if (!adp) {
1490 adp = &ad; 1490 adp = &ad;
1491 COMMON_AUDIT_DATA_INIT(&ad, FS); 1491 COMMON_AUDIT_DATA_INIT(&ad, INODE);
1492 ad.u.fs.inode = inode; 1492 ad.u.inode = inode;
1493 } 1493 }
1494 1494
1495 return avc_has_perm_flags(sid, isec->sid, isec->sclass, perms, adp, flags); 1495 return avc_has_perm_flags(sid, isec->sid, isec->sclass, perms, adp, flags);
1496 } 1496 }
1497 1497
1498 /* Same as inode_has_perm, but pass explicit audit data containing 1498 /* Same as inode_has_perm, but pass explicit audit data containing
1499 the dentry to help the auditing code to more easily generate the 1499 the dentry to help the auditing code to more easily generate the
1500 pathname if needed. */ 1500 pathname if needed. */
1501 static inline int dentry_has_perm(const struct cred *cred, 1501 static inline int dentry_has_perm(const struct cred *cred,
1502 struct vfsmount *mnt, 1502 struct vfsmount *mnt,
1503 struct dentry *dentry, 1503 struct dentry *dentry,
1504 u32 av) 1504 u32 av)
1505 { 1505 {
1506 struct inode *inode = dentry->d_inode; 1506 struct inode *inode = dentry->d_inode;
1507 struct common_audit_data ad; 1507 struct common_audit_data ad;
1508 1508
1509 COMMON_AUDIT_DATA_INIT(&ad, FS); 1509 COMMON_AUDIT_DATA_INIT(&ad, PATH);
1510 ad.u.fs.path.mnt = mnt; 1510 ad.u.path.mnt = mnt;
1511 ad.u.fs.path.dentry = dentry; 1511 ad.u.path.dentry = dentry;
1512 return inode_has_perm(cred, inode, av, &ad, 0); 1512 return inode_has_perm(cred, inode, av, &ad, 0);
1513 } 1513 }
1514 1514
1515 /* Check whether a task can use an open file descriptor to 1515 /* Check whether a task can use an open file descriptor to
1516 access an inode in a given way. Check access to the 1516 access an inode in a given way. Check access to the
1517 descriptor itself, and then use dentry_has_perm to 1517 descriptor itself, and then use dentry_has_perm to
1518 check a particular permission to the file. 1518 check a particular permission to the file.
1519 Access to the descriptor is implicitly granted if it 1519 Access to the descriptor is implicitly granted if it
1520 has the same SID as the process. If av is zero, then 1520 has the same SID as the process. If av is zero, then
1521 access to the file is not checked, e.g. for cases 1521 access to the file is not checked, e.g. for cases
1522 where only the descriptor is affected like seek. */ 1522 where only the descriptor is affected like seek. */
1523 static int file_has_perm(const struct cred *cred, 1523 static int file_has_perm(const struct cred *cred,
1524 struct file *file, 1524 struct file *file,
1525 u32 av) 1525 u32 av)
1526 { 1526 {
1527 struct file_security_struct *fsec = file->f_security; 1527 struct file_security_struct *fsec = file->f_security;
1528 struct inode *inode = file->f_path.dentry->d_inode; 1528 struct inode *inode = file->f_path.dentry->d_inode;
1529 struct common_audit_data ad; 1529 struct common_audit_data ad;
1530 u32 sid = cred_sid(cred); 1530 u32 sid = cred_sid(cred);
1531 int rc; 1531 int rc;
1532 1532
1533 COMMON_AUDIT_DATA_INIT(&ad, FS); 1533 COMMON_AUDIT_DATA_INIT(&ad, PATH);
1534 ad.u.fs.path = file->f_path; 1534 ad.u.path = file->f_path;
1535 1535
1536 if (sid != fsec->sid) { 1536 if (sid != fsec->sid) {
1537 rc = avc_has_perm(sid, fsec->sid, 1537 rc = avc_has_perm(sid, fsec->sid,
1538 SECCLASS_FD, 1538 SECCLASS_FD,
1539 FD__USE, 1539 FD__USE,
1540 &ad); 1540 &ad);
1541 if (rc) 1541 if (rc)
1542 goto out; 1542 goto out;
1543 } 1543 }
1544 1544
1545 /* av is zero if only checking access to the descriptor. */ 1545 /* av is zero if only checking access to the descriptor. */
1546 rc = 0; 1546 rc = 0;
1547 if (av) 1547 if (av)
1548 rc = inode_has_perm(cred, inode, av, &ad, 0); 1548 rc = inode_has_perm(cred, inode, av, &ad, 0);
1549 1549
1550 out: 1550 out:
1551 return rc; 1551 return rc;
1552 } 1552 }
1553 1553
1554 /* Check whether a task can create a file. */ 1554 /* Check whether a task can create a file. */
1555 static int may_create(struct inode *dir, 1555 static int may_create(struct inode *dir,
1556 struct dentry *dentry, 1556 struct dentry *dentry,
1557 u16 tclass) 1557 u16 tclass)
1558 { 1558 {
1559 const struct task_security_struct *tsec = current_security(); 1559 const struct task_security_struct *tsec = current_security();
1560 struct inode_security_struct *dsec; 1560 struct inode_security_struct *dsec;
1561 struct superblock_security_struct *sbsec; 1561 struct superblock_security_struct *sbsec;
1562 u32 sid, newsid; 1562 u32 sid, newsid;
1563 struct common_audit_data ad; 1563 struct common_audit_data ad;
1564 int rc; 1564 int rc;
1565 1565
1566 dsec = dir->i_security; 1566 dsec = dir->i_security;
1567 sbsec = dir->i_sb->s_security; 1567 sbsec = dir->i_sb->s_security;
1568 1568
1569 sid = tsec->sid; 1569 sid = tsec->sid;
1570 newsid = tsec->create_sid; 1570 newsid = tsec->create_sid;
1571 1571
1572 COMMON_AUDIT_DATA_INIT(&ad, FS); 1572 COMMON_AUDIT_DATA_INIT(&ad, PATH);
1573 ad.u.fs.path.dentry = dentry; 1573 ad.u.path.dentry = dentry;
1574 1574
1575 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, 1575 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,
1576 DIR__ADD_NAME | DIR__SEARCH, 1576 DIR__ADD_NAME | DIR__SEARCH,
1577 &ad); 1577 &ad);
1578 if (rc) 1578 if (rc)
1579 return rc; 1579 return rc;
1580 1580
1581 if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) { 1581 if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
1582 rc = security_transition_sid(sid, dsec->sid, tclass, NULL, &newsid); 1582 rc = security_transition_sid(sid, dsec->sid, tclass, NULL, &newsid);
1583 if (rc) 1583 if (rc)
1584 return rc; 1584 return rc;
1585 } 1585 }
1586 1586
1587 rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad); 1587 rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad);
1588 if (rc) 1588 if (rc)
1589 return rc; 1589 return rc;
1590 1590
1591 return avc_has_perm(newsid, sbsec->sid, 1591 return avc_has_perm(newsid, sbsec->sid,
1592 SECCLASS_FILESYSTEM, 1592 SECCLASS_FILESYSTEM,
1593 FILESYSTEM__ASSOCIATE, &ad); 1593 FILESYSTEM__ASSOCIATE, &ad);
1594 } 1594 }
1595 1595
1596 /* Check whether a task can create a key. */ 1596 /* Check whether a task can create a key. */
1597 static int may_create_key(u32 ksid, 1597 static int may_create_key(u32 ksid,
1598 struct task_struct *ctx) 1598 struct task_struct *ctx)
1599 { 1599 {
1600 u32 sid = task_sid(ctx); 1600 u32 sid = task_sid(ctx);
1601 1601
1602 return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL); 1602 return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1603 } 1603 }
1604 1604
1605 #define MAY_LINK 0 1605 #define MAY_LINK 0
1606 #define MAY_UNLINK 1 1606 #define MAY_UNLINK 1
1607 #define MAY_RMDIR 2 1607 #define MAY_RMDIR 2
1608 1608
1609 /* Check whether a task can link, unlink, or rmdir a file/directory. */ 1609 /* Check whether a task can link, unlink, or rmdir a file/directory. */
1610 static int may_link(struct inode *dir, 1610 static int may_link(struct inode *dir,
1611 struct dentry *dentry, 1611 struct dentry *dentry,
1612 int kind) 1612 int kind)
1613 1613
1614 { 1614 {
1615 struct inode_security_struct *dsec, *isec; 1615 struct inode_security_struct *dsec, *isec;
1616 struct common_audit_data ad; 1616 struct common_audit_data ad;
1617 u32 sid = current_sid(); 1617 u32 sid = current_sid();
1618 u32 av; 1618 u32 av;
1619 int rc; 1619 int rc;
1620 1620
1621 dsec = dir->i_security; 1621 dsec = dir->i_security;
1622 isec = dentry->d_inode->i_security; 1622 isec = dentry->d_inode->i_security;
1623 1623
1624 COMMON_AUDIT_DATA_INIT(&ad, FS); 1624 COMMON_AUDIT_DATA_INIT(&ad, PATH);
1625 ad.u.fs.path.dentry = dentry; 1625 ad.u.path.dentry = dentry;
1626 1626
1627 av = DIR__SEARCH; 1627 av = DIR__SEARCH;
1628 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME); 1628 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1629 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad); 1629 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad);
1630 if (rc) 1630 if (rc)
1631 return rc; 1631 return rc;
1632 1632
1633 switch (kind) { 1633 switch (kind) {
1634 case MAY_LINK: 1634 case MAY_LINK:
1635 av = FILE__LINK; 1635 av = FILE__LINK;
1636 break; 1636 break;
1637 case MAY_UNLINK: 1637 case MAY_UNLINK:
1638 av = FILE__UNLINK; 1638 av = FILE__UNLINK;
1639 break; 1639 break;
1640 case MAY_RMDIR: 1640 case MAY_RMDIR:
1641 av = DIR__RMDIR; 1641 av = DIR__RMDIR;
1642 break; 1642 break;
1643 default: 1643 default:
1644 printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n", 1644 printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
1645 __func__, kind); 1645 __func__, kind);
1646 return 0; 1646 return 0;
1647 } 1647 }
1648 1648
1649 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad); 1649 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad);
1650 return rc; 1650 return rc;
1651 } 1651 }
1652 1652
1653 static inline int may_rename(struct inode *old_dir, 1653 static inline int may_rename(struct inode *old_dir,
1654 struct dentry *old_dentry, 1654 struct dentry *old_dentry,
1655 struct inode *new_dir, 1655 struct inode *new_dir,
1656 struct dentry *new_dentry) 1656 struct dentry *new_dentry)
1657 { 1657 {
1658 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec; 1658 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1659 struct common_audit_data ad; 1659 struct common_audit_data ad;
1660 u32 sid = current_sid(); 1660 u32 sid = current_sid();
1661 u32 av; 1661 u32 av;
1662 int old_is_dir, new_is_dir; 1662 int old_is_dir, new_is_dir;
1663 int rc; 1663 int rc;
1664 1664
1665 old_dsec = old_dir->i_security; 1665 old_dsec = old_dir->i_security;
1666 old_isec = old_dentry->d_inode->i_security; 1666 old_isec = old_dentry->d_inode->i_security;
1667 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode); 1667 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
1668 new_dsec = new_dir->i_security; 1668 new_dsec = new_dir->i_security;
1669 1669
1670 COMMON_AUDIT_DATA_INIT(&ad, FS); 1670 COMMON_AUDIT_DATA_INIT(&ad, PATH);
1671 1671
1672 ad.u.fs.path.dentry = old_dentry; 1672 ad.u.path.dentry = old_dentry;
1673 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR, 1673 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,
1674 DIR__REMOVE_NAME | DIR__SEARCH, &ad); 1674 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1675 if (rc) 1675 if (rc)
1676 return rc; 1676 return rc;
1677 rc = avc_has_perm(sid, old_isec->sid, 1677 rc = avc_has_perm(sid, old_isec->sid,
1678 old_isec->sclass, FILE__RENAME, &ad); 1678 old_isec->sclass, FILE__RENAME, &ad);
1679 if (rc) 1679 if (rc)
1680 return rc; 1680 return rc;
1681 if (old_is_dir && new_dir != old_dir) { 1681 if (old_is_dir && new_dir != old_dir) {
1682 rc = avc_has_perm(sid, old_isec->sid, 1682 rc = avc_has_perm(sid, old_isec->sid,
1683 old_isec->sclass, DIR__REPARENT, &ad); 1683 old_isec->sclass, DIR__REPARENT, &ad);
1684 if (rc) 1684 if (rc)
1685 return rc; 1685 return rc;
1686 } 1686 }
1687 1687
1688 ad.u.fs.path.dentry = new_dentry; 1688 ad.u.path.dentry = new_dentry;
1689 av = DIR__ADD_NAME | DIR__SEARCH; 1689 av = DIR__ADD_NAME | DIR__SEARCH;
1690 if (new_dentry->d_inode) 1690 if (new_dentry->d_inode)
1691 av |= DIR__REMOVE_NAME; 1691 av |= DIR__REMOVE_NAME;
1692 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad); 1692 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1693 if (rc) 1693 if (rc)
1694 return rc; 1694 return rc;
1695 if (new_dentry->d_inode) { 1695 if (new_dentry->d_inode) {
1696 new_isec = new_dentry->d_inode->i_security; 1696 new_isec = new_dentry->d_inode->i_security;
1697 new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode); 1697 new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
1698 rc = avc_has_perm(sid, new_isec->sid, 1698 rc = avc_has_perm(sid, new_isec->sid,
1699 new_isec->sclass, 1699 new_isec->sclass,
1700 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad); 1700 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1701 if (rc) 1701 if (rc)
1702 return rc; 1702 return rc;
1703 } 1703 }
1704 1704
1705 return 0; 1705 return 0;
1706 } 1706 }
1707 1707
1708 /* Check whether a task can perform a filesystem operation. */ 1708 /* Check whether a task can perform a filesystem operation. */
1709 static int superblock_has_perm(const struct cred *cred, 1709 static int superblock_has_perm(const struct cred *cred,
1710 struct super_block *sb, 1710 struct super_block *sb,
1711 u32 perms, 1711 u32 perms,
1712 struct common_audit_data *ad) 1712 struct common_audit_data *ad)
1713 { 1713 {
1714 struct superblock_security_struct *sbsec; 1714 struct superblock_security_struct *sbsec;
1715 u32 sid = cred_sid(cred); 1715 u32 sid = cred_sid(cred);
1716 1716
1717 sbsec = sb->s_security; 1717 sbsec = sb->s_security;
1718 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad); 1718 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
1719 } 1719 }
1720 1720
1721 /* Convert a Linux mode and permission mask to an access vector. */ 1721 /* Convert a Linux mode and permission mask to an access vector. */
1722 static inline u32 file_mask_to_av(int mode, int mask) 1722 static inline u32 file_mask_to_av(int mode, int mask)
1723 { 1723 {
1724 u32 av = 0; 1724 u32 av = 0;
1725 1725
1726 if ((mode & S_IFMT) != S_IFDIR) { 1726 if ((mode & S_IFMT) != S_IFDIR) {
1727 if (mask & MAY_EXEC) 1727 if (mask & MAY_EXEC)
1728 av |= FILE__EXECUTE; 1728 av |= FILE__EXECUTE;
1729 if (mask & MAY_READ) 1729 if (mask & MAY_READ)
1730 av |= FILE__READ; 1730 av |= FILE__READ;
1731 1731
1732 if (mask & MAY_APPEND) 1732 if (mask & MAY_APPEND)
1733 av |= FILE__APPEND; 1733 av |= FILE__APPEND;
1734 else if (mask & MAY_WRITE) 1734 else if (mask & MAY_WRITE)
1735 av |= FILE__WRITE; 1735 av |= FILE__WRITE;
1736 1736
1737 } else { 1737 } else {
1738 if (mask & MAY_EXEC) 1738 if (mask & MAY_EXEC)
1739 av |= DIR__SEARCH; 1739 av |= DIR__SEARCH;
1740 if (mask & MAY_WRITE) 1740 if (mask & MAY_WRITE)
1741 av |= DIR__WRITE; 1741 av |= DIR__WRITE;
1742 if (mask & MAY_READ) 1742 if (mask & MAY_READ)
1743 av |= DIR__READ; 1743 av |= DIR__READ;
1744 } 1744 }
1745 1745
1746 return av; 1746 return av;
1747 } 1747 }
1748 1748
1749 /* Convert a Linux file to an access vector. */ 1749 /* Convert a Linux file to an access vector. */
1750 static inline u32 file_to_av(struct file *file) 1750 static inline u32 file_to_av(struct file *file)
1751 { 1751 {
1752 u32 av = 0; 1752 u32 av = 0;
1753 1753
1754 if (file->f_mode & FMODE_READ) 1754 if (file->f_mode & FMODE_READ)
1755 av |= FILE__READ; 1755 av |= FILE__READ;
1756 if (file->f_mode & FMODE_WRITE) { 1756 if (file->f_mode & FMODE_WRITE) {
1757 if (file->f_flags & O_APPEND) 1757 if (file->f_flags & O_APPEND)
1758 av |= FILE__APPEND; 1758 av |= FILE__APPEND;
1759 else 1759 else
1760 av |= FILE__WRITE; 1760 av |= FILE__WRITE;
1761 } 1761 }
1762 if (!av) { 1762 if (!av) {
1763 /* 1763 /*
1764 * Special file opened with flags 3 for ioctl-only use. 1764 * Special file opened with flags 3 for ioctl-only use.
1765 */ 1765 */
1766 av = FILE__IOCTL; 1766 av = FILE__IOCTL;
1767 } 1767 }
1768 1768
1769 return av; 1769 return av;
1770 } 1770 }
1771 1771
1772 /* 1772 /*
1773 * Convert a file to an access vector and include the correct open 1773 * Convert a file to an access vector and include the correct open
1774 * open permission. 1774 * open permission.
1775 */ 1775 */
1776 static inline u32 open_file_to_av(struct file *file) 1776 static inline u32 open_file_to_av(struct file *file)
1777 { 1777 {
1778 u32 av = file_to_av(file); 1778 u32 av = file_to_av(file);
1779 1779
1780 if (selinux_policycap_openperm) 1780 if (selinux_policycap_openperm)
1781 av |= FILE__OPEN; 1781 av |= FILE__OPEN;
1782 1782
1783 return av; 1783 return av;
1784 } 1784 }
1785 1785
1786 /* Hook functions begin here. */ 1786 /* Hook functions begin here. */
1787 1787
1788 static int selinux_ptrace_access_check(struct task_struct *child, 1788 static int selinux_ptrace_access_check(struct task_struct *child,
1789 unsigned int mode) 1789 unsigned int mode)
1790 { 1790 {
1791 int rc; 1791 int rc;
1792 1792
1793 rc = cap_ptrace_access_check(child, mode); 1793 rc = cap_ptrace_access_check(child, mode);
1794 if (rc) 1794 if (rc)
1795 return rc; 1795 return rc;
1796 1796
1797 if (mode == PTRACE_MODE_READ) { 1797 if (mode == PTRACE_MODE_READ) {
1798 u32 sid = current_sid(); 1798 u32 sid = current_sid();
1799 u32 csid = task_sid(child); 1799 u32 csid = task_sid(child);
1800 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL); 1800 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);
1801 } 1801 }
1802 1802
1803 return current_has_perm(child, PROCESS__PTRACE); 1803 return current_has_perm(child, PROCESS__PTRACE);
1804 } 1804 }
1805 1805
1806 static int selinux_ptrace_traceme(struct task_struct *parent) 1806 static int selinux_ptrace_traceme(struct task_struct *parent)
1807 { 1807 {
1808 int rc; 1808 int rc;
1809 1809
1810 rc = cap_ptrace_traceme(parent); 1810 rc = cap_ptrace_traceme(parent);
1811 if (rc) 1811 if (rc)
1812 return rc; 1812 return rc;
1813 1813
1814 return task_has_perm(parent, current, PROCESS__PTRACE); 1814 return task_has_perm(parent, current, PROCESS__PTRACE);
1815 } 1815 }
1816 1816
1817 static int selinux_capget(struct task_struct *target, kernel_cap_t *effective, 1817 static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
1818 kernel_cap_t *inheritable, kernel_cap_t *permitted) 1818 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1819 { 1819 {
1820 int error; 1820 int error;
1821 1821
1822 error = current_has_perm(target, PROCESS__GETCAP); 1822 error = current_has_perm(target, PROCESS__GETCAP);
1823 if (error) 1823 if (error)
1824 return error; 1824 return error;
1825 1825
1826 return cap_capget(target, effective, inheritable, permitted); 1826 return cap_capget(target, effective, inheritable, permitted);
1827 } 1827 }
1828 1828
1829 static int selinux_capset(struct cred *new, const struct cred *old, 1829 static int selinux_capset(struct cred *new, const struct cred *old,
1830 const kernel_cap_t *effective, 1830 const kernel_cap_t *effective,
1831 const kernel_cap_t *inheritable, 1831 const kernel_cap_t *inheritable,
1832 const kernel_cap_t *permitted) 1832 const kernel_cap_t *permitted)
1833 { 1833 {
1834 int error; 1834 int error;
1835 1835
1836 error = cap_capset(new, old, 1836 error = cap_capset(new, old,
1837 effective, inheritable, permitted); 1837 effective, inheritable, permitted);
1838 if (error) 1838 if (error)
1839 return error; 1839 return error;
1840 1840
1841 return cred_has_perm(old, new, PROCESS__SETCAP); 1841 return cred_has_perm(old, new, PROCESS__SETCAP);
1842 } 1842 }
1843 1843
1844 /* 1844 /*
1845 * (This comment used to live with the selinux_task_setuid hook, 1845 * (This comment used to live with the selinux_task_setuid hook,
1846 * which was removed). 1846 * which was removed).
1847 * 1847 *
1848 * Since setuid only affects the current process, and since the SELinux 1848 * Since setuid only affects the current process, and since the SELinux
1849 * controls are not based on the Linux identity attributes, SELinux does not 1849 * controls are not based on the Linux identity attributes, SELinux does not
1850 * need to control this operation. However, SELinux does control the use of 1850 * need to control this operation. However, SELinux does control the use of
1851 * the CAP_SETUID and CAP_SETGID capabilities using the capable hook. 1851 * the CAP_SETUID and CAP_SETGID capabilities using the capable hook.
1852 */ 1852 */
1853 1853
1854 static int selinux_capable(struct task_struct *tsk, const struct cred *cred, 1854 static int selinux_capable(struct task_struct *tsk, const struct cred *cred,
1855 int cap, int audit) 1855 int cap, int audit)
1856 { 1856 {
1857 int rc; 1857 int rc;
1858 1858
1859 rc = cap_capable(tsk, cred, cap, audit); 1859 rc = cap_capable(tsk, cred, cap, audit);
1860 if (rc) 1860 if (rc)
1861 return rc; 1861 return rc;
1862 1862
1863 return task_has_capability(tsk, cred, cap, audit); 1863 return task_has_capability(tsk, cred, cap, audit);
1864 } 1864 }
1865 1865
1866 static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb) 1866 static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
1867 { 1867 {
1868 const struct cred *cred = current_cred(); 1868 const struct cred *cred = current_cred();
1869 int rc = 0; 1869 int rc = 0;
1870 1870
1871 if (!sb) 1871 if (!sb)
1872 return 0; 1872 return 0;
1873 1873
1874 switch (cmds) { 1874 switch (cmds) {
1875 case Q_SYNC: 1875 case Q_SYNC:
1876 case Q_QUOTAON: 1876 case Q_QUOTAON:
1877 case Q_QUOTAOFF: 1877 case Q_QUOTAOFF:
1878 case Q_SETINFO: 1878 case Q_SETINFO:
1879 case Q_SETQUOTA: 1879 case Q_SETQUOTA:
1880 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL); 1880 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
1881 break; 1881 break;
1882 case Q_GETFMT: 1882 case Q_GETFMT:
1883 case Q_GETINFO: 1883 case Q_GETINFO:
1884 case Q_GETQUOTA: 1884 case Q_GETQUOTA:
1885 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL); 1885 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
1886 break; 1886 break;
1887 default: 1887 default:
1888 rc = 0; /* let the kernel handle invalid cmds */ 1888 rc = 0; /* let the kernel handle invalid cmds */
1889 break; 1889 break;
1890 } 1890 }
1891 return rc; 1891 return rc;
1892 } 1892 }
1893 1893
1894 static int selinux_quota_on(struct dentry *dentry) 1894 static int selinux_quota_on(struct dentry *dentry)
1895 { 1895 {
1896 const struct cred *cred = current_cred(); 1896 const struct cred *cred = current_cred();
1897 1897
1898 return dentry_has_perm(cred, NULL, dentry, FILE__QUOTAON); 1898 return dentry_has_perm(cred, NULL, dentry, FILE__QUOTAON);
1899 } 1899 }
1900 1900
1901 static int selinux_syslog(int type) 1901 static int selinux_syslog(int type)
1902 { 1902 {
1903 int rc; 1903 int rc;
1904 1904
1905 switch (type) { 1905 switch (type) {
1906 case SYSLOG_ACTION_READ_ALL: /* Read last kernel messages */ 1906 case SYSLOG_ACTION_READ_ALL: /* Read last kernel messages */
1907 case SYSLOG_ACTION_SIZE_BUFFER: /* Return size of the log buffer */ 1907 case SYSLOG_ACTION_SIZE_BUFFER: /* Return size of the log buffer */
1908 rc = task_has_system(current, SYSTEM__SYSLOG_READ); 1908 rc = task_has_system(current, SYSTEM__SYSLOG_READ);
1909 break; 1909 break;
1910 case SYSLOG_ACTION_CONSOLE_OFF: /* Disable logging to console */ 1910 case SYSLOG_ACTION_CONSOLE_OFF: /* Disable logging to console */
1911 case SYSLOG_ACTION_CONSOLE_ON: /* Enable logging to console */ 1911 case SYSLOG_ACTION_CONSOLE_ON: /* Enable logging to console */
1912 /* Set level of messages printed to console */ 1912 /* Set level of messages printed to console */
1913 case SYSLOG_ACTION_CONSOLE_LEVEL: 1913 case SYSLOG_ACTION_CONSOLE_LEVEL:
1914 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE); 1914 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
1915 break; 1915 break;
1916 case SYSLOG_ACTION_CLOSE: /* Close log */ 1916 case SYSLOG_ACTION_CLOSE: /* Close log */
1917 case SYSLOG_ACTION_OPEN: /* Open log */ 1917 case SYSLOG_ACTION_OPEN: /* Open log */
1918 case SYSLOG_ACTION_READ: /* Read from log */ 1918 case SYSLOG_ACTION_READ: /* Read from log */
1919 case SYSLOG_ACTION_READ_CLEAR: /* Read/clear last kernel messages */ 1919 case SYSLOG_ACTION_READ_CLEAR: /* Read/clear last kernel messages */
1920 case SYSLOG_ACTION_CLEAR: /* Clear ring buffer */ 1920 case SYSLOG_ACTION_CLEAR: /* Clear ring buffer */
1921 default: 1921 default:
1922 rc = task_has_system(current, SYSTEM__SYSLOG_MOD); 1922 rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
1923 break; 1923 break;
1924 } 1924 }
1925 return rc; 1925 return rc;
1926 } 1926 }
1927 1927
1928 /* 1928 /*
1929 * Check that a process has enough memory to allocate a new virtual 1929 * Check that a process has enough memory to allocate a new virtual
1930 * mapping. 0 means there is enough memory for the allocation to 1930 * mapping. 0 means there is enough memory for the allocation to
1931 * succeed and -ENOMEM implies there is not. 1931 * succeed and -ENOMEM implies there is not.
1932 * 1932 *
1933 * Do not audit the selinux permission check, as this is applied to all 1933 * Do not audit the selinux permission check, as this is applied to all
1934 * processes that allocate mappings. 1934 * processes that allocate mappings.
1935 */ 1935 */
1936 static int selinux_vm_enough_memory(struct mm_struct *mm, long pages) 1936 static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
1937 { 1937 {
1938 int rc, cap_sys_admin = 0; 1938 int rc, cap_sys_admin = 0;
1939 1939
1940 rc = selinux_capable(current, current_cred(), CAP_SYS_ADMIN, 1940 rc = selinux_capable(current, current_cred(), CAP_SYS_ADMIN,
1941 SECURITY_CAP_NOAUDIT); 1941 SECURITY_CAP_NOAUDIT);
1942 if (rc == 0) 1942 if (rc == 0)
1943 cap_sys_admin = 1; 1943 cap_sys_admin = 1;
1944 1944
1945 return __vm_enough_memory(mm, pages, cap_sys_admin); 1945 return __vm_enough_memory(mm, pages, cap_sys_admin);
1946 } 1946 }
1947 1947
1948 /* binprm security operations */ 1948 /* binprm security operations */
1949 1949
1950 static int selinux_bprm_set_creds(struct linux_binprm *bprm) 1950 static int selinux_bprm_set_creds(struct linux_binprm *bprm)
1951 { 1951 {
1952 const struct task_security_struct *old_tsec; 1952 const struct task_security_struct *old_tsec;
1953 struct task_security_struct *new_tsec; 1953 struct task_security_struct *new_tsec;
1954 struct inode_security_struct *isec; 1954 struct inode_security_struct *isec;
1955 struct common_audit_data ad; 1955 struct common_audit_data ad;
1956 struct inode *inode = bprm->file->f_path.dentry->d_inode; 1956 struct inode *inode = bprm->file->f_path.dentry->d_inode;
1957 int rc; 1957 int rc;
1958 1958
1959 rc = cap_bprm_set_creds(bprm); 1959 rc = cap_bprm_set_creds(bprm);
1960 if (rc) 1960 if (rc)
1961 return rc; 1961 return rc;
1962 1962
1963 /* SELinux context only depends on initial program or script and not 1963 /* SELinux context only depends on initial program or script and not
1964 * the script interpreter */ 1964 * the script interpreter */
1965 if (bprm->cred_prepared) 1965 if (bprm->cred_prepared)
1966 return 0; 1966 return 0;
1967 1967
1968 old_tsec = current_security(); 1968 old_tsec = current_security();
1969 new_tsec = bprm->cred->security; 1969 new_tsec = bprm->cred->security;
1970 isec = inode->i_security; 1970 isec = inode->i_security;
1971 1971
1972 /* Default to the current task SID. */ 1972 /* Default to the current task SID. */
1973 new_tsec->sid = old_tsec->sid; 1973 new_tsec->sid = old_tsec->sid;
1974 new_tsec->osid = old_tsec->sid; 1974 new_tsec->osid = old_tsec->sid;
1975 1975
1976 /* Reset fs, key, and sock SIDs on execve. */ 1976 /* Reset fs, key, and sock SIDs on execve. */
1977 new_tsec->create_sid = 0; 1977 new_tsec->create_sid = 0;
1978 new_tsec->keycreate_sid = 0; 1978 new_tsec->keycreate_sid = 0;
1979 new_tsec->sockcreate_sid = 0; 1979 new_tsec->sockcreate_sid = 0;
1980 1980
1981 if (old_tsec->exec_sid) { 1981 if (old_tsec->exec_sid) {
1982 new_tsec->sid = old_tsec->exec_sid; 1982 new_tsec->sid = old_tsec->exec_sid;
1983 /* Reset exec SID on execve. */ 1983 /* Reset exec SID on execve. */
1984 new_tsec->exec_sid = 0; 1984 new_tsec->exec_sid = 0;
1985 } else { 1985 } else {
1986 /* Check for a default transition on this program. */ 1986 /* Check for a default transition on this program. */
1987 rc = security_transition_sid(old_tsec->sid, isec->sid, 1987 rc = security_transition_sid(old_tsec->sid, isec->sid,
1988 SECCLASS_PROCESS, NULL, 1988 SECCLASS_PROCESS, NULL,
1989 &new_tsec->sid); 1989 &new_tsec->sid);
1990 if (rc) 1990 if (rc)
1991 return rc; 1991 return rc;
1992 } 1992 }
1993 1993
1994 COMMON_AUDIT_DATA_INIT(&ad, FS); 1994 COMMON_AUDIT_DATA_INIT(&ad, PATH);
1995 ad.u.fs.path = bprm->file->f_path; 1995 ad.u.path = bprm->file->f_path;
1996 1996
1997 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) 1997 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
1998 new_tsec->sid = old_tsec->sid; 1998 new_tsec->sid = old_tsec->sid;
1999 1999
2000 if (new_tsec->sid == old_tsec->sid) { 2000 if (new_tsec->sid == old_tsec->sid) {
2001 rc = avc_has_perm(old_tsec->sid, isec->sid, 2001 rc = avc_has_perm(old_tsec->sid, isec->sid,
2002 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad); 2002 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2003 if (rc) 2003 if (rc)
2004 return rc; 2004 return rc;
2005 } else { 2005 } else {
2006 /* Check permissions for the transition. */ 2006 /* Check permissions for the transition. */
2007 rc = avc_has_perm(old_tsec->sid, new_tsec->sid, 2007 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2008 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad); 2008 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2009 if (rc) 2009 if (rc)
2010 return rc; 2010 return rc;
2011 2011
2012 rc = avc_has_perm(new_tsec->sid, isec->sid, 2012 rc = avc_has_perm(new_tsec->sid, isec->sid,
2013 SECCLASS_FILE, FILE__ENTRYPOINT, &ad); 2013 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2014 if (rc) 2014 if (rc)
2015 return rc; 2015 return rc;
2016 2016
2017 /* Check for shared state */ 2017 /* Check for shared state */
2018 if (bprm->unsafe & LSM_UNSAFE_SHARE) { 2018 if (bprm->unsafe & LSM_UNSAFE_SHARE) {
2019 rc = avc_has_perm(old_tsec->sid, new_tsec->sid, 2019 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2020 SECCLASS_PROCESS, PROCESS__SHARE, 2020 SECCLASS_PROCESS, PROCESS__SHARE,
2021 NULL); 2021 NULL);
2022 if (rc) 2022 if (rc)
2023 return -EPERM; 2023 return -EPERM;
2024 } 2024 }
2025 2025
2026 /* Make sure that anyone attempting to ptrace over a task that 2026 /* Make sure that anyone attempting to ptrace over a task that
2027 * changes its SID has the appropriate permit */ 2027 * changes its SID has the appropriate permit */
2028 if (bprm->unsafe & 2028 if (bprm->unsafe &
2029 (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) { 2029 (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
2030 struct task_struct *tracer; 2030 struct task_struct *tracer;
2031 struct task_security_struct *sec; 2031 struct task_security_struct *sec;
2032 u32 ptsid = 0; 2032 u32 ptsid = 0;
2033 2033
2034 rcu_read_lock(); 2034 rcu_read_lock();
2035 tracer = tracehook_tracer_task(current); 2035 tracer = tracehook_tracer_task(current);
2036 if (likely(tracer != NULL)) { 2036 if (likely(tracer != NULL)) {
2037 sec = __task_cred(tracer)->security; 2037 sec = __task_cred(tracer)->security;
2038 ptsid = sec->sid; 2038 ptsid = sec->sid;
2039 } 2039 }
2040 rcu_read_unlock(); 2040 rcu_read_unlock();
2041 2041
2042 if (ptsid != 0) { 2042 if (ptsid != 0) {
2043 rc = avc_has_perm(ptsid, new_tsec->sid, 2043 rc = avc_has_perm(ptsid, new_tsec->sid,
2044 SECCLASS_PROCESS, 2044 SECCLASS_PROCESS,
2045 PROCESS__PTRACE, NULL); 2045 PROCESS__PTRACE, NULL);
2046 if (rc) 2046 if (rc)
2047 return -EPERM; 2047 return -EPERM;
2048 } 2048 }
2049 } 2049 }
2050 2050
2051 /* Clear any possibly unsafe personality bits on exec: */ 2051 /* Clear any possibly unsafe personality bits on exec: */
2052 bprm->per_clear |= PER_CLEAR_ON_SETID; 2052 bprm->per_clear |= PER_CLEAR_ON_SETID;
2053 } 2053 }
2054 2054
2055 return 0; 2055 return 0;
2056 } 2056 }
2057 2057
2058 static int selinux_bprm_secureexec(struct linux_binprm *bprm) 2058 static int selinux_bprm_secureexec(struct linux_binprm *bprm)
2059 { 2059 {
2060 const struct task_security_struct *tsec = current_security(); 2060 const struct task_security_struct *tsec = current_security();
2061 u32 sid, osid; 2061 u32 sid, osid;
2062 int atsecure = 0; 2062 int atsecure = 0;
2063 2063
2064 sid = tsec->sid; 2064 sid = tsec->sid;
2065 osid = tsec->osid; 2065 osid = tsec->osid;
2066 2066
2067 if (osid != sid) { 2067 if (osid != sid) {
2068 /* Enable secure mode for SIDs transitions unless 2068 /* Enable secure mode for SIDs transitions unless
2069 the noatsecure permission is granted between 2069 the noatsecure permission is granted between
2070 the two SIDs, i.e. ahp returns 0. */ 2070 the two SIDs, i.e. ahp returns 0. */
2071 atsecure = avc_has_perm(osid, sid, 2071 atsecure = avc_has_perm(osid, sid,
2072 SECCLASS_PROCESS, 2072 SECCLASS_PROCESS,
2073 PROCESS__NOATSECURE, NULL); 2073 PROCESS__NOATSECURE, NULL);
2074 } 2074 }
2075 2075
2076 return (atsecure || cap_bprm_secureexec(bprm)); 2076 return (atsecure || cap_bprm_secureexec(bprm));
2077 } 2077 }
2078 2078
2079 extern struct vfsmount *selinuxfs_mount; 2079 extern struct vfsmount *selinuxfs_mount;
2080 extern struct dentry *selinux_null; 2080 extern struct dentry *selinux_null;
2081 2081
2082 /* Derived from fs/exec.c:flush_old_files. */ 2082 /* Derived from fs/exec.c:flush_old_files. */
2083 static inline void flush_unauthorized_files(const struct cred *cred, 2083 static inline void flush_unauthorized_files(const struct cred *cred,
2084 struct files_struct *files) 2084 struct files_struct *files)
2085 { 2085 {
2086 struct common_audit_data ad; 2086 struct common_audit_data ad;
2087 struct file *file, *devnull = NULL; 2087 struct file *file, *devnull = NULL;
2088 struct tty_struct *tty; 2088 struct tty_struct *tty;
2089 struct fdtable *fdt; 2089 struct fdtable *fdt;
2090 long j = -1; 2090 long j = -1;
2091 int drop_tty = 0; 2091 int drop_tty = 0;
2092 2092
2093 tty = get_current_tty(); 2093 tty = get_current_tty();
2094 if (tty) { 2094 if (tty) {
2095 spin_lock(&tty_files_lock); 2095 spin_lock(&tty_files_lock);
2096 if (!list_empty(&tty->tty_files)) { 2096 if (!list_empty(&tty->tty_files)) {
2097 struct tty_file_private *file_priv; 2097 struct tty_file_private *file_priv;
2098 struct inode *inode; 2098 struct inode *inode;
2099 2099
2100 /* Revalidate access to controlling tty. 2100 /* Revalidate access to controlling tty.
2101 Use inode_has_perm on the tty inode directly rather 2101 Use inode_has_perm on the tty inode directly rather
2102 than using file_has_perm, as this particular open 2102 than using file_has_perm, as this particular open
2103 file may belong to another process and we are only 2103 file may belong to another process and we are only
2104 interested in the inode-based check here. */ 2104 interested in the inode-based check here. */
2105 file_priv = list_first_entry(&tty->tty_files, 2105 file_priv = list_first_entry(&tty->tty_files,
2106 struct tty_file_private, list); 2106 struct tty_file_private, list);
2107 file = file_priv->file; 2107 file = file_priv->file;
2108 inode = file->f_path.dentry->d_inode; 2108 inode = file->f_path.dentry->d_inode;
2109 if (inode_has_perm(cred, inode, 2109 if (inode_has_perm(cred, inode,
2110 FILE__READ | FILE__WRITE, NULL, 0)) { 2110 FILE__READ | FILE__WRITE, NULL, 0)) {
2111 drop_tty = 1; 2111 drop_tty = 1;
2112 } 2112 }
2113 } 2113 }
2114 spin_unlock(&tty_files_lock); 2114 spin_unlock(&tty_files_lock);
2115 tty_kref_put(tty); 2115 tty_kref_put(tty);
2116 } 2116 }
2117 /* Reset controlling tty. */ 2117 /* Reset controlling tty. */
2118 if (drop_tty) 2118 if (drop_tty)
2119 no_tty(); 2119 no_tty();
2120 2120
2121 /* Revalidate access to inherited open files. */ 2121 /* Revalidate access to inherited open files. */
2122 2122
2123 COMMON_AUDIT_DATA_INIT(&ad, FS); 2123 COMMON_AUDIT_DATA_INIT(&ad, INODE);
2124 2124
2125 spin_lock(&files->file_lock); 2125 spin_lock(&files->file_lock);
2126 for (;;) { 2126 for (;;) {
2127 unsigned long set, i; 2127 unsigned long set, i;
2128 int fd; 2128 int fd;
2129 2129
2130 j++; 2130 j++;
2131 i = j * __NFDBITS; 2131 i = j * __NFDBITS;
2132 fdt = files_fdtable(files); 2132 fdt = files_fdtable(files);
2133 if (i >= fdt->max_fds) 2133 if (i >= fdt->max_fds)
2134 break; 2134 break;
2135 set = fdt->open_fds->fds_bits[j]; 2135 set = fdt->open_fds->fds_bits[j];
2136 if (!set) 2136 if (!set)
2137 continue; 2137 continue;
2138 spin_unlock(&files->file_lock); 2138 spin_unlock(&files->file_lock);
2139 for ( ; set ; i++, set >>= 1) { 2139 for ( ; set ; i++, set >>= 1) {
2140 if (set & 1) { 2140 if (set & 1) {
2141 file = fget(i); 2141 file = fget(i);
2142 if (!file) 2142 if (!file)
2143 continue; 2143 continue;
2144 if (file_has_perm(cred, 2144 if (file_has_perm(cred,
2145 file, 2145 file,
2146 file_to_av(file))) { 2146 file_to_av(file))) {
2147 sys_close(i); 2147 sys_close(i);
2148 fd = get_unused_fd(); 2148 fd = get_unused_fd();
2149 if (fd != i) { 2149 if (fd != i) {
2150 if (fd >= 0) 2150 if (fd >= 0)
2151 put_unused_fd(fd); 2151 put_unused_fd(fd);
2152 fput(file); 2152 fput(file);
2153 continue; 2153 continue;
2154 } 2154 }
2155 if (devnull) { 2155 if (devnull) {
2156 get_file(devnull); 2156 get_file(devnull);
2157 } else { 2157 } else {
2158 devnull = dentry_open( 2158 devnull = dentry_open(
2159 dget(selinux_null), 2159 dget(selinux_null),
2160 mntget(selinuxfs_mount), 2160 mntget(selinuxfs_mount),
2161 O_RDWR, cred); 2161 O_RDWR, cred);
2162 if (IS_ERR(devnull)) { 2162 if (IS_ERR(devnull)) {
2163 devnull = NULL; 2163 devnull = NULL;
2164 put_unused_fd(fd); 2164 put_unused_fd(fd);
2165 fput(file); 2165 fput(file);
2166 continue; 2166 continue;
2167 } 2167 }
2168 } 2168 }
2169 fd_install(fd, devnull); 2169 fd_install(fd, devnull);
2170 } 2170 }
2171 fput(file); 2171 fput(file);
2172 } 2172 }
2173 } 2173 }
2174 spin_lock(&files->file_lock); 2174 spin_lock(&files->file_lock);
2175 2175
2176 } 2176 }
2177 spin_unlock(&files->file_lock); 2177 spin_unlock(&files->file_lock);
2178 } 2178 }
2179 2179
2180 /* 2180 /*
2181 * Prepare a process for imminent new credential changes due to exec 2181 * Prepare a process for imminent new credential changes due to exec
2182 */ 2182 */
2183 static void selinux_bprm_committing_creds(struct linux_binprm *bprm) 2183 static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2184 { 2184 {
2185 struct task_security_struct *new_tsec; 2185 struct task_security_struct *new_tsec;
2186 struct rlimit *rlim, *initrlim; 2186 struct rlimit *rlim, *initrlim;
2187 int rc, i; 2187 int rc, i;
2188 2188
2189 new_tsec = bprm->cred->security; 2189 new_tsec = bprm->cred->security;
2190 if (new_tsec->sid == new_tsec->osid) 2190 if (new_tsec->sid == new_tsec->osid)
2191 return; 2191 return;
2192 2192
2193 /* Close files for which the new task SID is not authorized. */ 2193 /* Close files for which the new task SID is not authorized. */
2194 flush_unauthorized_files(bprm->cred, current->files); 2194 flush_unauthorized_files(bprm->cred, current->files);
2195 2195
2196 /* Always clear parent death signal on SID transitions. */ 2196 /* Always clear parent death signal on SID transitions. */
2197 current->pdeath_signal = 0; 2197 current->pdeath_signal = 0;
2198 2198
2199 /* Check whether the new SID can inherit resource limits from the old 2199 /* Check whether the new SID can inherit resource limits from the old
2200 * SID. If not, reset all soft limits to the lower of the current 2200 * SID. If not, reset all soft limits to the lower of the current
2201 * task's hard limit and the init task's soft limit. 2201 * task's hard limit and the init task's soft limit.
2202 * 2202 *
2203 * Note that the setting of hard limits (even to lower them) can be 2203 * Note that the setting of hard limits (even to lower them) can be
2204 * controlled by the setrlimit check. The inclusion of the init task's 2204 * controlled by the setrlimit check. The inclusion of the init task's
2205 * soft limit into the computation is to avoid resetting soft limits 2205 * soft limit into the computation is to avoid resetting soft limits
2206 * higher than the default soft limit for cases where the default is 2206 * higher than the default soft limit for cases where the default is
2207 * lower than the hard limit, e.g. RLIMIT_CORE or RLIMIT_STACK. 2207 * lower than the hard limit, e.g. RLIMIT_CORE or RLIMIT_STACK.
2208 */ 2208 */
2209 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS, 2209 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2210 PROCESS__RLIMITINH, NULL); 2210 PROCESS__RLIMITINH, NULL);
2211 if (rc) { 2211 if (rc) {
2212 /* protect against do_prlimit() */ 2212 /* protect against do_prlimit() */
2213 task_lock(current); 2213 task_lock(current);
2214 for (i = 0; i < RLIM_NLIMITS; i++) { 2214 for (i = 0; i < RLIM_NLIMITS; i++) {
2215 rlim = current->signal->rlim + i; 2215 rlim = current->signal->rlim + i;
2216 initrlim = init_task.signal->rlim + i; 2216 initrlim = init_task.signal->rlim + i;
2217 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); 2217 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2218 } 2218 }
2219 task_unlock(current); 2219 task_unlock(current);
2220 update_rlimit_cpu(current, rlimit(RLIMIT_CPU)); 2220 update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
2221 } 2221 }
2222 } 2222 }
2223 2223
2224 /* 2224 /*
2225 * Clean up the process immediately after the installation of new credentials 2225 * Clean up the process immediately after the installation of new credentials
2226 * due to exec 2226 * due to exec
2227 */ 2227 */
2228 static void selinux_bprm_committed_creds(struct linux_binprm *bprm) 2228 static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2229 { 2229 {
2230 const struct task_security_struct *tsec = current_security(); 2230 const struct task_security_struct *tsec = current_security();
2231 struct itimerval itimer; 2231 struct itimerval itimer;
2232 u32 osid, sid; 2232 u32 osid, sid;
2233 int rc, i; 2233 int rc, i;
2234 2234
2235 osid = tsec->osid; 2235 osid = tsec->osid;
2236 sid = tsec->sid; 2236 sid = tsec->sid;
2237 2237
2238 if (sid == osid) 2238 if (sid == osid)
2239 return; 2239 return;
2240 2240
2241 /* Check whether the new SID can inherit signal state from the old SID. 2241 /* Check whether the new SID can inherit signal state from the old SID.
2242 * If not, clear itimers to avoid subsequent signal generation and 2242 * If not, clear itimers to avoid subsequent signal generation and
2243 * flush and unblock signals. 2243 * flush and unblock signals.
2244 * 2244 *
2245 * This must occur _after_ the task SID has been updated so that any 2245 * This must occur _after_ the task SID has been updated so that any
2246 * kill done after the flush will be checked against the new SID. 2246 * kill done after the flush will be checked against the new SID.
2247 */ 2247 */
2248 rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL); 2248 rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2249 if (rc) { 2249 if (rc) {
2250 memset(&itimer, 0, sizeof itimer); 2250 memset(&itimer, 0, sizeof itimer);
2251 for (i = 0; i < 3; i++) 2251 for (i = 0; i < 3; i++)
2252 do_setitimer(i, &itimer, NULL); 2252 do_setitimer(i, &itimer, NULL);
2253 spin_lock_irq(&current->sighand->siglock); 2253 spin_lock_irq(&current->sighand->siglock);
2254 if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) { 2254 if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) {
2255 __flush_signals(current); 2255 __flush_signals(current);
2256 flush_signal_handlers(current, 1); 2256 flush_signal_handlers(current, 1);
2257 sigemptyset(&current->blocked); 2257 sigemptyset(&current->blocked);
2258 } 2258 }
2259 spin_unlock_irq(&current->sighand->siglock); 2259 spin_unlock_irq(&current->sighand->siglock);
2260 } 2260 }
2261 2261
2262 /* Wake up the parent if it is waiting so that it can recheck 2262 /* Wake up the parent if it is waiting so that it can recheck
2263 * wait permission to the new task SID. */ 2263 * wait permission to the new task SID. */
2264 read_lock(&tasklist_lock); 2264 read_lock(&tasklist_lock);
2265 __wake_up_parent(current, current->real_parent); 2265 __wake_up_parent(current, current->real_parent);
2266 read_unlock(&tasklist_lock); 2266 read_unlock(&tasklist_lock);
2267 } 2267 }
2268 2268
2269 /* superblock security operations */ 2269 /* superblock security operations */
2270 2270
2271 static int selinux_sb_alloc_security(struct super_block *sb) 2271 static int selinux_sb_alloc_security(struct super_block *sb)
2272 { 2272 {
2273 return superblock_alloc_security(sb); 2273 return superblock_alloc_security(sb);
2274 } 2274 }
2275 2275
2276 static void selinux_sb_free_security(struct super_block *sb) 2276 static void selinux_sb_free_security(struct super_block *sb)
2277 { 2277 {
2278 superblock_free_security(sb); 2278 superblock_free_security(sb);
2279 } 2279 }
2280 2280
2281 static inline int match_prefix(char *prefix, int plen, char *option, int olen) 2281 static inline int match_prefix(char *prefix, int plen, char *option, int olen)
2282 { 2282 {
2283 if (plen > olen) 2283 if (plen > olen)
2284 return 0; 2284 return 0;
2285 2285
2286 return !memcmp(prefix, option, plen); 2286 return !memcmp(prefix, option, plen);
2287 } 2287 }
2288 2288
2289 static inline int selinux_option(char *option, int len) 2289 static inline int selinux_option(char *option, int len)
2290 { 2290 {
2291 return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) || 2291 return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) ||
2292 match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) || 2292 match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) ||
2293 match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) || 2293 match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) ||
2294 match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len) || 2294 match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len) ||
2295 match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len)); 2295 match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len));
2296 } 2296 }
2297 2297
2298 static inline void take_option(char **to, char *from, int *first, int len) 2298 static inline void take_option(char **to, char *from, int *first, int len)
2299 { 2299 {
2300 if (!*first) { 2300 if (!*first) {
2301 **to = ','; 2301 **to = ',';
2302 *to += 1; 2302 *to += 1;
2303 } else 2303 } else
2304 *first = 0; 2304 *first = 0;
2305 memcpy(*to, from, len); 2305 memcpy(*to, from, len);
2306 *to += len; 2306 *to += len;
2307 } 2307 }
2308 2308
2309 static inline void take_selinux_option(char **to, char *from, int *first, 2309 static inline void take_selinux_option(char **to, char *from, int *first,
2310 int len) 2310 int len)
2311 { 2311 {
2312 int current_size = 0; 2312 int current_size = 0;
2313 2313
2314 if (!*first) { 2314 if (!*first) {
2315 **to = '|'; 2315 **to = '|';
2316 *to += 1; 2316 *to += 1;
2317 } else 2317 } else
2318 *first = 0; 2318 *first = 0;
2319 2319
2320 while (current_size < len) { 2320 while (current_size < len) {
2321 if (*from != '"') { 2321 if (*from != '"') {
2322 **to = *from; 2322 **to = *from;
2323 *to += 1; 2323 *to += 1;
2324 } 2324 }
2325 from += 1; 2325 from += 1;
2326 current_size += 1; 2326 current_size += 1;
2327 } 2327 }
2328 } 2328 }
2329 2329
2330 static int selinux_sb_copy_data(char *orig, char *copy) 2330 static int selinux_sb_copy_data(char *orig, char *copy)
2331 { 2331 {
2332 int fnosec, fsec, rc = 0; 2332 int fnosec, fsec, rc = 0;
2333 char *in_save, *in_curr, *in_end; 2333 char *in_save, *in_curr, *in_end;
2334 char *sec_curr, *nosec_save, *nosec; 2334 char *sec_curr, *nosec_save, *nosec;
2335 int open_quote = 0; 2335 int open_quote = 0;
2336 2336
2337 in_curr = orig; 2337 in_curr = orig;
2338 sec_curr = copy; 2338 sec_curr = copy;
2339 2339
2340 nosec = (char *)get_zeroed_page(GFP_KERNEL); 2340 nosec = (char *)get_zeroed_page(GFP_KERNEL);
2341 if (!nosec) { 2341 if (!nosec) {
2342 rc = -ENOMEM; 2342 rc = -ENOMEM;
2343 goto out; 2343 goto out;
2344 } 2344 }
2345 2345
2346 nosec_save = nosec; 2346 nosec_save = nosec;
2347 fnosec = fsec = 1; 2347 fnosec = fsec = 1;
2348 in_save = in_end = orig; 2348 in_save = in_end = orig;
2349 2349
2350 do { 2350 do {
2351 if (*in_end == '"') 2351 if (*in_end == '"')
2352 open_quote = !open_quote; 2352 open_quote = !open_quote;
2353 if ((*in_end == ',' && open_quote == 0) || 2353 if ((*in_end == ',' && open_quote == 0) ||
2354 *in_end == '\0') { 2354 *in_end == '\0') {
2355 int len = in_end - in_curr; 2355 int len = in_end - in_curr;
2356 2356
2357 if (selinux_option(in_curr, len)) 2357 if (selinux_option(in_curr, len))
2358 take_selinux_option(&sec_curr, in_curr, &fsec, len); 2358 take_selinux_option(&sec_curr, in_curr, &fsec, len);
2359 else 2359 else
2360 take_option(&nosec, in_curr, &fnosec, len); 2360 take_option(&nosec, in_curr, &fnosec, len);
2361 2361
2362 in_curr = in_end + 1; 2362 in_curr = in_end + 1;
2363 } 2363 }
2364 } while (*in_end++); 2364 } while (*in_end++);
2365 2365
2366 strcpy(in_save, nosec_save); 2366 strcpy(in_save, nosec_save);
2367 free_page((unsigned long)nosec_save); 2367 free_page((unsigned long)nosec_save);
2368 out: 2368 out:
2369 return rc; 2369 return rc;
2370 } 2370 }
2371 2371
2372 static int selinux_sb_remount(struct super_block *sb, void *data) 2372 static int selinux_sb_remount(struct super_block *sb, void *data)
2373 { 2373 {
2374 int rc, i, *flags; 2374 int rc, i, *flags;
2375 struct security_mnt_opts opts; 2375 struct security_mnt_opts opts;
2376 char *secdata, **mount_options; 2376 char *secdata, **mount_options;
2377 struct superblock_security_struct *sbsec = sb->s_security; 2377 struct superblock_security_struct *sbsec = sb->s_security;
2378 2378
2379 if (!(sbsec->flags & SE_SBINITIALIZED)) 2379 if (!(sbsec->flags & SE_SBINITIALIZED))
2380 return 0; 2380 return 0;
2381 2381
2382 if (!data) 2382 if (!data)
2383 return 0; 2383 return 0;
2384 2384
2385 if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA) 2385 if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
2386 return 0; 2386 return 0;
2387 2387
2388 security_init_mnt_opts(&opts); 2388 security_init_mnt_opts(&opts);
2389 secdata = alloc_secdata(); 2389 secdata = alloc_secdata();
2390 if (!secdata) 2390 if (!secdata)
2391 return -ENOMEM; 2391 return -ENOMEM;
2392 rc = selinux_sb_copy_data(data, secdata); 2392 rc = selinux_sb_copy_data(data, secdata);
2393 if (rc) 2393 if (rc)
2394 goto out_free_secdata; 2394 goto out_free_secdata;
2395 2395
2396 rc = selinux_parse_opts_str(secdata, &opts); 2396 rc = selinux_parse_opts_str(secdata, &opts);
2397 if (rc) 2397 if (rc)
2398 goto out_free_secdata; 2398 goto out_free_secdata;
2399 2399
2400 mount_options = opts.mnt_opts; 2400 mount_options = opts.mnt_opts;
2401 flags = opts.mnt_opts_flags; 2401 flags = opts.mnt_opts_flags;
2402 2402
2403 for (i = 0; i < opts.num_mnt_opts; i++) { 2403 for (i = 0; i < opts.num_mnt_opts; i++) {
2404 u32 sid; 2404 u32 sid;
2405 size_t len; 2405 size_t len;
2406 2406
2407 if (flags[i] == SE_SBLABELSUPP) 2407 if (flags[i] == SE_SBLABELSUPP)
2408 continue; 2408 continue;
2409 len = strlen(mount_options[i]); 2409 len = strlen(mount_options[i]);
2410 rc = security_context_to_sid(mount_options[i], len, &sid); 2410 rc = security_context_to_sid(mount_options[i], len, &sid);
2411 if (rc) { 2411 if (rc) {
2412 printk(KERN_WARNING "SELinux: security_context_to_sid" 2412 printk(KERN_WARNING "SELinux: security_context_to_sid"
2413 "(%s) failed for (dev %s, type %s) errno=%d\n", 2413 "(%s) failed for (dev %s, type %s) errno=%d\n",
2414 mount_options[i], sb->s_id, sb->s_type->name, rc); 2414 mount_options[i], sb->s_id, sb->s_type->name, rc);
2415 goto out_free_opts; 2415 goto out_free_opts;
2416 } 2416 }
2417 rc = -EINVAL; 2417 rc = -EINVAL;
2418 switch (flags[i]) { 2418 switch (flags[i]) {
2419 case FSCONTEXT_MNT: 2419 case FSCONTEXT_MNT:
2420 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid)) 2420 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
2421 goto out_bad_option; 2421 goto out_bad_option;
2422 break; 2422 break;
2423 case CONTEXT_MNT: 2423 case CONTEXT_MNT:
2424 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid)) 2424 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))
2425 goto out_bad_option; 2425 goto out_bad_option;
2426 break; 2426 break;
2427 case ROOTCONTEXT_MNT: { 2427 case ROOTCONTEXT_MNT: {
2428 struct inode_security_struct *root_isec; 2428 struct inode_security_struct *root_isec;
2429 root_isec = sb->s_root->d_inode->i_security; 2429 root_isec = sb->s_root->d_inode->i_security;
2430 2430
2431 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid)) 2431 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))
2432 goto out_bad_option; 2432 goto out_bad_option;
2433 break; 2433 break;
2434 } 2434 }
2435 case DEFCONTEXT_MNT: 2435 case DEFCONTEXT_MNT:
2436 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid)) 2436 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))
2437 goto out_bad_option; 2437 goto out_bad_option;
2438 break; 2438 break;
2439 default: 2439 default:
2440 goto out_free_opts; 2440 goto out_free_opts;
2441 } 2441 }
2442 } 2442 }
2443 2443
2444 rc = 0; 2444 rc = 0;
2445 out_free_opts: 2445 out_free_opts:
2446 security_free_mnt_opts(&opts); 2446 security_free_mnt_opts(&opts);
2447 out_free_secdata: 2447 out_free_secdata:
2448 free_secdata(secdata); 2448 free_secdata(secdata);
2449 return rc; 2449 return rc;
2450 out_bad_option: 2450 out_bad_option:
2451 printk(KERN_WARNING "SELinux: unable to change security options " 2451 printk(KERN_WARNING "SELinux: unable to change security options "
2452 "during remount (dev %s, type=%s)\n", sb->s_id, 2452 "during remount (dev %s, type=%s)\n", sb->s_id,
2453 sb->s_type->name); 2453 sb->s_type->name);
2454 goto out_free_opts; 2454 goto out_free_opts;
2455 } 2455 }
2456 2456
2457 static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data) 2457 static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2458 { 2458 {
2459 const struct cred *cred = current_cred(); 2459 const struct cred *cred = current_cred();
2460 struct common_audit_data ad; 2460 struct common_audit_data ad;
2461 int rc; 2461 int rc;
2462 2462
2463 rc = superblock_doinit(sb, data); 2463 rc = superblock_doinit(sb, data);
2464 if (rc) 2464 if (rc)
2465 return rc; 2465 return rc;
2466 2466
2467 /* Allow all mounts performed by the kernel */ 2467 /* Allow all mounts performed by the kernel */
2468 if (flags & MS_KERNMOUNT) 2468 if (flags & MS_KERNMOUNT)
2469 return 0; 2469 return 0;
2470 2470
2471 COMMON_AUDIT_DATA_INIT(&ad, FS); 2471 COMMON_AUDIT_DATA_INIT(&ad, PATH);
2472 ad.u.fs.path.dentry = sb->s_root; 2472 ad.u.path.dentry = sb->s_root;
2473 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad); 2473 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2474 } 2474 }
2475 2475
2476 static int selinux_sb_statfs(struct dentry *dentry) 2476 static int selinux_sb_statfs(struct dentry *dentry)
2477 { 2477 {
2478 const struct cred *cred = current_cred(); 2478 const struct cred *cred = current_cred();
2479 struct common_audit_data ad; 2479 struct common_audit_data ad;
2480 2480
2481 COMMON_AUDIT_DATA_INIT(&ad, FS); 2481 COMMON_AUDIT_DATA_INIT(&ad, PATH);
2482 ad.u.fs.path.dentry = dentry->d_sb->s_root; 2482 ad.u.path.dentry = dentry->d_sb->s_root;
2483 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad); 2483 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2484 } 2484 }
2485 2485
2486 static int selinux_mount(char *dev_name, 2486 static int selinux_mount(char *dev_name,
2487 struct path *path, 2487 struct path *path,
2488 char *type, 2488 char *type,
2489 unsigned long flags, 2489 unsigned long flags,
2490 void *data) 2490 void *data)
2491 { 2491 {
2492 const struct cred *cred = current_cred(); 2492 const struct cred *cred = current_cred();
2493 2493
2494 if (flags & MS_REMOUNT) 2494 if (flags & MS_REMOUNT)
2495 return superblock_has_perm(cred, path->mnt->mnt_sb, 2495 return superblock_has_perm(cred, path->mnt->mnt_sb,
2496 FILESYSTEM__REMOUNT, NULL); 2496 FILESYSTEM__REMOUNT, NULL);
2497 else 2497 else
2498 return dentry_has_perm(cred, path->mnt, path->dentry, 2498 return dentry_has_perm(cred, path->mnt, path->dentry,
2499 FILE__MOUNTON); 2499 FILE__MOUNTON);
2500 } 2500 }
2501 2501
2502 static int selinux_umount(struct vfsmount *mnt, int flags) 2502 static int selinux_umount(struct vfsmount *mnt, int flags)
2503 { 2503 {
2504 const struct cred *cred = current_cred(); 2504 const struct cred *cred = current_cred();
2505 2505
2506 return superblock_has_perm(cred, mnt->mnt_sb, 2506 return superblock_has_perm(cred, mnt->mnt_sb,
2507 FILESYSTEM__UNMOUNT, NULL); 2507 FILESYSTEM__UNMOUNT, NULL);
2508 } 2508 }
2509 2509
2510 /* inode security operations */ 2510 /* inode security operations */
2511 2511
2512 static int selinux_inode_alloc_security(struct inode *inode) 2512 static int selinux_inode_alloc_security(struct inode *inode)
2513 { 2513 {
2514 return inode_alloc_security(inode); 2514 return inode_alloc_security(inode);
2515 } 2515 }
2516 2516
2517 static void selinux_inode_free_security(struct inode *inode) 2517 static void selinux_inode_free_security(struct inode *inode)
2518 { 2518 {
2519 inode_free_security(inode); 2519 inode_free_security(inode);
2520 } 2520 }
2521 2521
2522 static int selinux_inode_init_security(struct inode *inode, struct inode *dir, 2522 static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2523 const struct qstr *qstr, char **name, 2523 const struct qstr *qstr, char **name,
2524 void **value, size_t *len) 2524 void **value, size_t *len)
2525 { 2525 {
2526 const struct task_security_struct *tsec = current_security(); 2526 const struct task_security_struct *tsec = current_security();
2527 struct inode_security_struct *dsec; 2527 struct inode_security_struct *dsec;
2528 struct superblock_security_struct *sbsec; 2528 struct superblock_security_struct *sbsec;
2529 u32 sid, newsid, clen; 2529 u32 sid, newsid, clen;
2530 int rc; 2530 int rc;
2531 char *namep = NULL, *context; 2531 char *namep = NULL, *context;
2532 2532
2533 dsec = dir->i_security; 2533 dsec = dir->i_security;
2534 sbsec = dir->i_sb->s_security; 2534 sbsec = dir->i_sb->s_security;
2535 2535
2536 sid = tsec->sid; 2536 sid = tsec->sid;
2537 newsid = tsec->create_sid; 2537 newsid = tsec->create_sid;
2538 2538
2539 if ((sbsec->flags & SE_SBINITIALIZED) && 2539 if ((sbsec->flags & SE_SBINITIALIZED) &&
2540 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) 2540 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT))
2541 newsid = sbsec->mntpoint_sid; 2541 newsid = sbsec->mntpoint_sid;
2542 else if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) { 2542 else if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
2543 rc = security_transition_sid(sid, dsec->sid, 2543 rc = security_transition_sid(sid, dsec->sid,
2544 inode_mode_to_security_class(inode->i_mode), 2544 inode_mode_to_security_class(inode->i_mode),
2545 qstr, &newsid); 2545 qstr, &newsid);
2546 if (rc) { 2546 if (rc) {
2547 printk(KERN_WARNING "%s: " 2547 printk(KERN_WARNING "%s: "
2548 "security_transition_sid failed, rc=%d (dev=%s " 2548 "security_transition_sid failed, rc=%d (dev=%s "
2549 "ino=%ld)\n", 2549 "ino=%ld)\n",
2550 __func__, 2550 __func__,
2551 -rc, inode->i_sb->s_id, inode->i_ino); 2551 -rc, inode->i_sb->s_id, inode->i_ino);
2552 return rc; 2552 return rc;
2553 } 2553 }
2554 } 2554 }
2555 2555
2556 /* Possibly defer initialization to selinux_complete_init. */ 2556 /* Possibly defer initialization to selinux_complete_init. */
2557 if (sbsec->flags & SE_SBINITIALIZED) { 2557 if (sbsec->flags & SE_SBINITIALIZED) {
2558 struct inode_security_struct *isec = inode->i_security; 2558 struct inode_security_struct *isec = inode->i_security;
2559 isec->sclass = inode_mode_to_security_class(inode->i_mode); 2559 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2560 isec->sid = newsid; 2560 isec->sid = newsid;
2561 isec->initialized = 1; 2561 isec->initialized = 1;
2562 } 2562 }
2563 2563
2564 if (!ss_initialized || !(sbsec->flags & SE_SBLABELSUPP)) 2564 if (!ss_initialized || !(sbsec->flags & SE_SBLABELSUPP))
2565 return -EOPNOTSUPP; 2565 return -EOPNOTSUPP;
2566 2566
2567 if (name) { 2567 if (name) {
2568 namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS); 2568 namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS);
2569 if (!namep) 2569 if (!namep)
2570 return -ENOMEM; 2570 return -ENOMEM;
2571 *name = namep; 2571 *name = namep;
2572 } 2572 }
2573 2573
2574 if (value && len) { 2574 if (value && len) {
2575 rc = security_sid_to_context_force(newsid, &context, &clen); 2575 rc = security_sid_to_context_force(newsid, &context, &clen);
2576 if (rc) { 2576 if (rc) {
2577 kfree(namep); 2577 kfree(namep);
2578 return rc; 2578 return rc;
2579 } 2579 }
2580 *value = context; 2580 *value = context;
2581 *len = clen; 2581 *len = clen;
2582 } 2582 }
2583 2583
2584 return 0; 2584 return 0;
2585 } 2585 }
2586 2586
2587 static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask) 2587 static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask)
2588 { 2588 {
2589 return may_create(dir, dentry, SECCLASS_FILE); 2589 return may_create(dir, dentry, SECCLASS_FILE);
2590 } 2590 }
2591 2591
2592 static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry) 2592 static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2593 { 2593 {
2594 return may_link(dir, old_dentry, MAY_LINK); 2594 return may_link(dir, old_dentry, MAY_LINK);
2595 } 2595 }
2596 2596
2597 static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry) 2597 static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
2598 { 2598 {
2599 return may_link(dir, dentry, MAY_UNLINK); 2599 return may_link(dir, dentry, MAY_UNLINK);
2600 } 2600 }
2601 2601
2602 static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name) 2602 static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2603 { 2603 {
2604 return may_create(dir, dentry, SECCLASS_LNK_FILE); 2604 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2605 } 2605 }
2606 2606
2607 static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask) 2607 static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask)
2608 { 2608 {
2609 return may_create(dir, dentry, SECCLASS_DIR); 2609 return may_create(dir, dentry, SECCLASS_DIR);
2610 } 2610 }
2611 2611
2612 static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry) 2612 static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2613 { 2613 {
2614 return may_link(dir, dentry, MAY_RMDIR); 2614 return may_link(dir, dentry, MAY_RMDIR);
2615 } 2615 }
2616 2616
2617 static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) 2617 static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
2618 { 2618 {
2619 return may_create(dir, dentry, inode_mode_to_security_class(mode)); 2619 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2620 } 2620 }
2621 2621
2622 static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry, 2622 static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2623 struct inode *new_inode, struct dentry *new_dentry) 2623 struct inode *new_inode, struct dentry *new_dentry)
2624 { 2624 {
2625 return may_rename(old_inode, old_dentry, new_inode, new_dentry); 2625 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
2626 } 2626 }
2627 2627
2628 static int selinux_inode_readlink(struct dentry *dentry) 2628 static int selinux_inode_readlink(struct dentry *dentry)
2629 { 2629 {
2630 const struct cred *cred = current_cred(); 2630 const struct cred *cred = current_cred();
2631 2631
2632 return dentry_has_perm(cred, NULL, dentry, FILE__READ); 2632 return dentry_has_perm(cred, NULL, dentry, FILE__READ);
2633 } 2633 }
2634 2634
2635 static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata) 2635 static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
2636 { 2636 {
2637 const struct cred *cred = current_cred(); 2637 const struct cred *cred = current_cred();
2638 2638
2639 return dentry_has_perm(cred, NULL, dentry, FILE__READ); 2639 return dentry_has_perm(cred, NULL, dentry, FILE__READ);
2640 } 2640 }
2641 2641
2642 static int selinux_inode_permission(struct inode *inode, int mask, unsigned flags) 2642 static int selinux_inode_permission(struct inode *inode, int mask, unsigned flags)
2643 { 2643 {
2644 const struct cred *cred = current_cred(); 2644 const struct cred *cred = current_cred();
2645 struct common_audit_data ad; 2645 struct common_audit_data ad;
2646 u32 perms; 2646 u32 perms;
2647 bool from_access; 2647 bool from_access;
2648 2648
2649 from_access = mask & MAY_ACCESS; 2649 from_access = mask & MAY_ACCESS;
2650 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 2650 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
2651 2651
2652 /* No permission to check. Existence test. */ 2652 /* No permission to check. Existence test. */
2653 if (!mask) 2653 if (!mask)
2654 return 0; 2654 return 0;
2655 2655
2656 COMMON_AUDIT_DATA_INIT(&ad, FS); 2656 COMMON_AUDIT_DATA_INIT(&ad, INODE);
2657 ad.u.fs.inode = inode; 2657 ad.u.inode = inode;
2658 2658
2659 if (from_access) 2659 if (from_access)
2660 ad.selinux_audit_data.auditdeny |= FILE__AUDIT_ACCESS; 2660 ad.selinux_audit_data.auditdeny |= FILE__AUDIT_ACCESS;
2661 2661
2662 perms = file_mask_to_av(inode->i_mode, mask); 2662 perms = file_mask_to_av(inode->i_mode, mask);
2663 2663
2664 return inode_has_perm(cred, inode, perms, &ad, flags); 2664 return inode_has_perm(cred, inode, perms, &ad, flags);
2665 } 2665 }
2666 2666
2667 static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr) 2667 static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2668 { 2668 {
2669 const struct cred *cred = current_cred(); 2669 const struct cred *cred = current_cred();
2670 unsigned int ia_valid = iattr->ia_valid; 2670 unsigned int ia_valid = iattr->ia_valid;
2671 2671
2672 /* ATTR_FORCE is just used for ATTR_KILL_S[UG]ID. */ 2672 /* ATTR_FORCE is just used for ATTR_KILL_S[UG]ID. */
2673 if (ia_valid & ATTR_FORCE) { 2673 if (ia_valid & ATTR_FORCE) {
2674 ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_MODE | 2674 ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_MODE |
2675 ATTR_FORCE); 2675 ATTR_FORCE);
2676 if (!ia_valid) 2676 if (!ia_valid)
2677 return 0; 2677 return 0;
2678 } 2678 }
2679 2679
2680 if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | 2680 if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
2681 ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET)) 2681 ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
2682 return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR); 2682 return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR);
2683 2683
2684 return dentry_has_perm(cred, NULL, dentry, FILE__WRITE); 2684 return dentry_has_perm(cred, NULL, dentry, FILE__WRITE);
2685 } 2685 }
2686 2686
2687 static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) 2687 static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
2688 { 2688 {
2689 const struct cred *cred = current_cred(); 2689 const struct cred *cred = current_cred();
2690 2690
2691 return dentry_has_perm(cred, mnt, dentry, FILE__GETATTR); 2691 return dentry_has_perm(cred, mnt, dentry, FILE__GETATTR);
2692 } 2692 }
2693 2693
2694 static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name) 2694 static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
2695 { 2695 {
2696 const struct cred *cred = current_cred(); 2696 const struct cred *cred = current_cred();
2697 2697
2698 if (!strncmp(name, XATTR_SECURITY_PREFIX, 2698 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2699 sizeof XATTR_SECURITY_PREFIX - 1)) { 2699 sizeof XATTR_SECURITY_PREFIX - 1)) {
2700 if (!strcmp(name, XATTR_NAME_CAPS)) { 2700 if (!strcmp(name, XATTR_NAME_CAPS)) {
2701 if (!capable(CAP_SETFCAP)) 2701 if (!capable(CAP_SETFCAP))
2702 return -EPERM; 2702 return -EPERM;
2703 } else if (!capable(CAP_SYS_ADMIN)) { 2703 } else if (!capable(CAP_SYS_ADMIN)) {
2704 /* A different attribute in the security namespace. 2704 /* A different attribute in the security namespace.
2705 Restrict to administrator. */ 2705 Restrict to administrator. */
2706 return -EPERM; 2706 return -EPERM;
2707 } 2707 }
2708 } 2708 }
2709 2709
2710 /* Not an attribute we recognize, so just check the 2710 /* Not an attribute we recognize, so just check the
2711 ordinary setattr permission. */ 2711 ordinary setattr permission. */
2712 return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR); 2712 return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR);
2713 } 2713 }
2714 2714
2715 static int selinux_inode_setxattr(struct dentry *dentry, const char *name, 2715 static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2716 const void *value, size_t size, int flags) 2716 const void *value, size_t size, int flags)
2717 { 2717 {
2718 struct inode *inode = dentry->d_inode; 2718 struct inode *inode = dentry->d_inode;
2719 struct inode_security_struct *isec = inode->i_security; 2719 struct inode_security_struct *isec = inode->i_security;
2720 struct superblock_security_struct *sbsec; 2720 struct superblock_security_struct *sbsec;
2721 struct common_audit_data ad; 2721 struct common_audit_data ad;
2722 u32 newsid, sid = current_sid(); 2722 u32 newsid, sid = current_sid();
2723 int rc = 0; 2723 int rc = 0;
2724 2724
2725 if (strcmp(name, XATTR_NAME_SELINUX)) 2725 if (strcmp(name, XATTR_NAME_SELINUX))
2726 return selinux_inode_setotherxattr(dentry, name); 2726 return selinux_inode_setotherxattr(dentry, name);
2727 2727
2728 sbsec = inode->i_sb->s_security; 2728 sbsec = inode->i_sb->s_security;
2729 if (!(sbsec->flags & SE_SBLABELSUPP)) 2729 if (!(sbsec->flags & SE_SBLABELSUPP))
2730 return -EOPNOTSUPP; 2730 return -EOPNOTSUPP;
2731 2731
2732 if (!is_owner_or_cap(inode)) 2732 if (!is_owner_or_cap(inode))
2733 return -EPERM; 2733 return -EPERM;
2734 2734
2735 COMMON_AUDIT_DATA_INIT(&ad, FS); 2735 COMMON_AUDIT_DATA_INIT(&ad, PATH);
2736 ad.u.fs.path.dentry = dentry; 2736 ad.u.path.dentry = dentry;
2737 2737
2738 rc = avc_has_perm(sid, isec->sid, isec->sclass, 2738 rc = avc_has_perm(sid, isec->sid, isec->sclass,
2739 FILE__RELABELFROM, &ad); 2739 FILE__RELABELFROM, &ad);
2740 if (rc) 2740 if (rc)
2741 return rc; 2741 return rc;
2742 2742
2743 rc = security_context_to_sid(value, size, &newsid); 2743 rc = security_context_to_sid(value, size, &newsid);
2744 if (rc == -EINVAL) { 2744 if (rc == -EINVAL) {
2745 if (!capable(CAP_MAC_ADMIN)) 2745 if (!capable(CAP_MAC_ADMIN))
2746 return rc; 2746 return rc;
2747 rc = security_context_to_sid_force(value, size, &newsid); 2747 rc = security_context_to_sid_force(value, size, &newsid);
2748 } 2748 }
2749 if (rc) 2749 if (rc)
2750 return rc; 2750 return rc;
2751 2751
2752 rc = avc_has_perm(sid, newsid, isec->sclass, 2752 rc = avc_has_perm(sid, newsid, isec->sclass,
2753 FILE__RELABELTO, &ad); 2753 FILE__RELABELTO, &ad);
2754 if (rc) 2754 if (rc)
2755 return rc; 2755 return rc;
2756 2756
2757 rc = security_validate_transition(isec->sid, newsid, sid, 2757 rc = security_validate_transition(isec->sid, newsid, sid,
2758 isec->sclass); 2758 isec->sclass);
2759 if (rc) 2759 if (rc)
2760 return rc; 2760 return rc;
2761 2761
2762 return avc_has_perm(newsid, 2762 return avc_has_perm(newsid,
2763 sbsec->sid, 2763 sbsec->sid,
2764 SECCLASS_FILESYSTEM, 2764 SECCLASS_FILESYSTEM,
2765 FILESYSTEM__ASSOCIATE, 2765 FILESYSTEM__ASSOCIATE,
2766 &ad); 2766 &ad);
2767 } 2767 }
2768 2768
2769 static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name, 2769 static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
2770 const void *value, size_t size, 2770 const void *value, size_t size,
2771 int flags) 2771 int flags)
2772 { 2772 {
2773 struct inode *inode = dentry->d_inode; 2773 struct inode *inode = dentry->d_inode;
2774 struct inode_security_struct *isec = inode->i_security; 2774 struct inode_security_struct *isec = inode->i_security;
2775 u32 newsid; 2775 u32 newsid;
2776 int rc; 2776 int rc;
2777 2777
2778 if (strcmp(name, XATTR_NAME_SELINUX)) { 2778 if (strcmp(name, XATTR_NAME_SELINUX)) {
2779 /* Not an attribute we recognize, so nothing to do. */ 2779 /* Not an attribute we recognize, so nothing to do. */
2780 return; 2780 return;
2781 } 2781 }
2782 2782
2783 rc = security_context_to_sid_force(value, size, &newsid); 2783 rc = security_context_to_sid_force(value, size, &newsid);
2784 if (rc) { 2784 if (rc) {
2785 printk(KERN_ERR "SELinux: unable to map context to SID" 2785 printk(KERN_ERR "SELinux: unable to map context to SID"
2786 "for (%s, %lu), rc=%d\n", 2786 "for (%s, %lu), rc=%d\n",
2787 inode->i_sb->s_id, inode->i_ino, -rc); 2787 inode->i_sb->s_id, inode->i_ino, -rc);
2788 return; 2788 return;
2789 } 2789 }
2790 2790
2791 isec->sid = newsid; 2791 isec->sid = newsid;
2792 return; 2792 return;
2793 } 2793 }
2794 2794
2795 static int selinux_inode_getxattr(struct dentry *dentry, const char *name) 2795 static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
2796 { 2796 {
2797 const struct cred *cred = current_cred(); 2797 const struct cred *cred = current_cred();
2798 2798
2799 return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR); 2799 return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR);
2800 } 2800 }
2801 2801
2802 static int selinux_inode_listxattr(struct dentry *dentry) 2802 static int selinux_inode_listxattr(struct dentry *dentry)
2803 { 2803 {
2804 const struct cred *cred = current_cred(); 2804 const struct cred *cred = current_cred();
2805 2805
2806 return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR); 2806 return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR);
2807 } 2807 }
2808 2808
2809 static int selinux_inode_removexattr(struct dentry *dentry, const char *name) 2809 static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
2810 { 2810 {
2811 if (strcmp(name, XATTR_NAME_SELINUX)) 2811 if (strcmp(name, XATTR_NAME_SELINUX))
2812 return selinux_inode_setotherxattr(dentry, name); 2812 return selinux_inode_setotherxattr(dentry, name);
2813 2813
2814 /* No one is allowed to remove a SELinux security label. 2814 /* No one is allowed to remove a SELinux security label.
2815 You can change the label, but all data must be labeled. */ 2815 You can change the label, but all data must be labeled. */
2816 return -EACCES; 2816 return -EACCES;
2817 } 2817 }
2818 2818
2819 /* 2819 /*
2820 * Copy the inode security context value to the user. 2820 * Copy the inode security context value to the user.
2821 * 2821 *
2822 * Permission check is handled by selinux_inode_getxattr hook. 2822 * Permission check is handled by selinux_inode_getxattr hook.
2823 */ 2823 */
2824 static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc) 2824 static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
2825 { 2825 {
2826 u32 size; 2826 u32 size;
2827 int error; 2827 int error;
2828 char *context = NULL; 2828 char *context = NULL;
2829 struct inode_security_struct *isec = inode->i_security; 2829 struct inode_security_struct *isec = inode->i_security;
2830 2830
2831 if (strcmp(name, XATTR_SELINUX_SUFFIX)) 2831 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2832 return -EOPNOTSUPP; 2832 return -EOPNOTSUPP;
2833 2833
2834 /* 2834 /*
2835 * If the caller has CAP_MAC_ADMIN, then get the raw context 2835 * If the caller has CAP_MAC_ADMIN, then get the raw context
2836 * value even if it is not defined by current policy; otherwise, 2836 * value even if it is not defined by current policy; otherwise,
2837 * use the in-core value under current policy. 2837 * use the in-core value under current policy.
2838 * Use the non-auditing forms of the permission checks since 2838 * Use the non-auditing forms of the permission checks since
2839 * getxattr may be called by unprivileged processes commonly 2839 * getxattr may be called by unprivileged processes commonly
2840 * and lack of permission just means that we fall back to the 2840 * and lack of permission just means that we fall back to the
2841 * in-core context value, not a denial. 2841 * in-core context value, not a denial.
2842 */ 2842 */
2843 error = selinux_capable(current, current_cred(), CAP_MAC_ADMIN, 2843 error = selinux_capable(current, current_cred(), CAP_MAC_ADMIN,
2844 SECURITY_CAP_NOAUDIT); 2844 SECURITY_CAP_NOAUDIT);
2845 if (!error) 2845 if (!error)
2846 error = security_sid_to_context_force(isec->sid, &context, 2846 error = security_sid_to_context_force(isec->sid, &context,
2847 &size); 2847 &size);
2848 else 2848 else
2849 error = security_sid_to_context(isec->sid, &context, &size); 2849 error = security_sid_to_context(isec->sid, &context, &size);
2850 if (error) 2850 if (error)
2851 return error; 2851 return error;
2852 error = size; 2852 error = size;
2853 if (alloc) { 2853 if (alloc) {
2854 *buffer = context; 2854 *buffer = context;
2855 goto out_nofree; 2855 goto out_nofree;
2856 } 2856 }
2857 kfree(context); 2857 kfree(context);
2858 out_nofree: 2858 out_nofree:
2859 return error; 2859 return error;
2860 } 2860 }
2861 2861
2862 static int selinux_inode_setsecurity(struct inode *inode, const char *name, 2862 static int selinux_inode_setsecurity(struct inode *inode, const char *name,
2863 const void *value, size_t size, int flags) 2863 const void *value, size_t size, int flags)
2864 { 2864 {
2865 struct inode_security_struct *isec = inode->i_security; 2865 struct inode_security_struct *isec = inode->i_security;
2866 u32 newsid; 2866 u32 newsid;
2867 int rc; 2867 int rc;
2868 2868
2869 if (strcmp(name, XATTR_SELINUX_SUFFIX)) 2869 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2870 return -EOPNOTSUPP; 2870 return -EOPNOTSUPP;
2871 2871
2872 if (!value || !size) 2872 if (!value || !size)
2873 return -EACCES; 2873 return -EACCES;
2874 2874
2875 rc = security_context_to_sid((void *)value, size, &newsid); 2875 rc = security_context_to_sid((void *)value, size, &newsid);
2876 if (rc) 2876 if (rc)
2877 return rc; 2877 return rc;
2878 2878
2879 isec->sid = newsid; 2879 isec->sid = newsid;
2880 isec->initialized = 1; 2880 isec->initialized = 1;
2881 return 0; 2881 return 0;
2882 } 2882 }
2883 2883
2884 static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size) 2884 static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
2885 { 2885 {
2886 const int len = sizeof(XATTR_NAME_SELINUX); 2886 const int len = sizeof(XATTR_NAME_SELINUX);
2887 if (buffer && len <= buffer_size) 2887 if (buffer && len <= buffer_size)
2888 memcpy(buffer, XATTR_NAME_SELINUX, len); 2888 memcpy(buffer, XATTR_NAME_SELINUX, len);
2889 return len; 2889 return len;
2890 } 2890 }
2891 2891
2892 static void selinux_inode_getsecid(const struct inode *inode, u32 *secid) 2892 static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
2893 { 2893 {
2894 struct inode_security_struct *isec = inode->i_security; 2894 struct inode_security_struct *isec = inode->i_security;
2895 *secid = isec->sid; 2895 *secid = isec->sid;
2896 } 2896 }
2897 2897
2898 /* file security operations */ 2898 /* file security operations */
2899 2899
2900 static int selinux_revalidate_file_permission(struct file *file, int mask) 2900 static int selinux_revalidate_file_permission(struct file *file, int mask)
2901 { 2901 {
2902 const struct cred *cred = current_cred(); 2902 const struct cred *cred = current_cred();
2903 struct inode *inode = file->f_path.dentry->d_inode; 2903 struct inode *inode = file->f_path.dentry->d_inode;
2904 2904
2905 /* file_mask_to_av won't add FILE__WRITE if MAY_APPEND is set */ 2905 /* file_mask_to_av won't add FILE__WRITE if MAY_APPEND is set */
2906 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE)) 2906 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
2907 mask |= MAY_APPEND; 2907 mask |= MAY_APPEND;
2908 2908
2909 return file_has_perm(cred, file, 2909 return file_has_perm(cred, file,
2910 file_mask_to_av(inode->i_mode, mask)); 2910 file_mask_to_av(inode->i_mode, mask));
2911 } 2911 }
2912 2912
2913 static int selinux_file_permission(struct file *file, int mask) 2913 static int selinux_file_permission(struct file *file, int mask)
2914 { 2914 {
2915 struct inode *inode = file->f_path.dentry->d_inode; 2915 struct inode *inode = file->f_path.dentry->d_inode;
2916 struct file_security_struct *fsec = file->f_security; 2916 struct file_security_struct *fsec = file->f_security;
2917 struct inode_security_struct *isec = inode->i_security; 2917 struct inode_security_struct *isec = inode->i_security;
2918 u32 sid = current_sid(); 2918 u32 sid = current_sid();
2919 2919
2920 if (!mask) 2920 if (!mask)
2921 /* No permission to check. Existence test. */ 2921 /* No permission to check. Existence test. */
2922 return 0; 2922 return 0;
2923 2923
2924 if (sid == fsec->sid && fsec->isid == isec->sid && 2924 if (sid == fsec->sid && fsec->isid == isec->sid &&
2925 fsec->pseqno == avc_policy_seqno()) 2925 fsec->pseqno == avc_policy_seqno())
2926 /* No change since dentry_open check. */ 2926 /* No change since dentry_open check. */
2927 return 0; 2927 return 0;
2928 2928
2929 return selinux_revalidate_file_permission(file, mask); 2929 return selinux_revalidate_file_permission(file, mask);
2930 } 2930 }
2931 2931
2932 static int selinux_file_alloc_security(struct file *file) 2932 static int selinux_file_alloc_security(struct file *file)
2933 { 2933 {
2934 return file_alloc_security(file); 2934 return file_alloc_security(file);
2935 } 2935 }
2936 2936
2937 static void selinux_file_free_security(struct file *file) 2937 static void selinux_file_free_security(struct file *file)
2938 { 2938 {
2939 file_free_security(file); 2939 file_free_security(file);
2940 } 2940 }
2941 2941
2942 static int selinux_file_ioctl(struct file *file, unsigned int cmd, 2942 static int selinux_file_ioctl(struct file *file, unsigned int cmd,
2943 unsigned long arg) 2943 unsigned long arg)
2944 { 2944 {
2945 const struct cred *cred = current_cred(); 2945 const struct cred *cred = current_cred();
2946 int error = 0; 2946 int error = 0;
2947 2947
2948 switch (cmd) { 2948 switch (cmd) {
2949 case FIONREAD: 2949 case FIONREAD:
2950 /* fall through */ 2950 /* fall through */
2951 case FIBMAP: 2951 case FIBMAP:
2952 /* fall through */ 2952 /* fall through */
2953 case FIGETBSZ: 2953 case FIGETBSZ:
2954 /* fall through */ 2954 /* fall through */
2955 case EXT2_IOC_GETFLAGS: 2955 case EXT2_IOC_GETFLAGS:
2956 /* fall through */ 2956 /* fall through */
2957 case EXT2_IOC_GETVERSION: 2957 case EXT2_IOC_GETVERSION:
2958 error = file_has_perm(cred, file, FILE__GETATTR); 2958 error = file_has_perm(cred, file, FILE__GETATTR);
2959 break; 2959 break;
2960 2960
2961 case EXT2_IOC_SETFLAGS: 2961 case EXT2_IOC_SETFLAGS:
2962 /* fall through */ 2962 /* fall through */
2963 case EXT2_IOC_SETVERSION: 2963 case EXT2_IOC_SETVERSION:
2964 error = file_has_perm(cred, file, FILE__SETATTR); 2964 error = file_has_perm(cred, file, FILE__SETATTR);
2965 break; 2965 break;
2966 2966
2967 /* sys_ioctl() checks */ 2967 /* sys_ioctl() checks */
2968 case FIONBIO: 2968 case FIONBIO:
2969 /* fall through */ 2969 /* fall through */
2970 case FIOASYNC: 2970 case FIOASYNC:
2971 error = file_has_perm(cred, file, 0); 2971 error = file_has_perm(cred, file, 0);
2972 break; 2972 break;
2973 2973
2974 case KDSKBENT: 2974 case KDSKBENT:
2975 case KDSKBSENT: 2975 case KDSKBSENT:
2976 error = task_has_capability(current, cred, CAP_SYS_TTY_CONFIG, 2976 error = task_has_capability(current, cred, CAP_SYS_TTY_CONFIG,
2977 SECURITY_CAP_AUDIT); 2977 SECURITY_CAP_AUDIT);
2978 break; 2978 break;
2979 2979
2980 /* default case assumes that the command will go 2980 /* default case assumes that the command will go
2981 * to the file's ioctl() function. 2981 * to the file's ioctl() function.
2982 */ 2982 */
2983 default: 2983 default:
2984 error = file_has_perm(cred, file, FILE__IOCTL); 2984 error = file_has_perm(cred, file, FILE__IOCTL);
2985 } 2985 }
2986 return error; 2986 return error;
2987 } 2987 }
2988 2988
2989 static int default_noexec; 2989 static int default_noexec;
2990 2990
2991 static int file_map_prot_check(struct file *file, unsigned long prot, int shared) 2991 static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
2992 { 2992 {
2993 const struct cred *cred = current_cred(); 2993 const struct cred *cred = current_cred();
2994 int rc = 0; 2994 int rc = 0;
2995 2995
2996 if (default_noexec && 2996 if (default_noexec &&
2997 (prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) { 2997 (prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
2998 /* 2998 /*
2999 * We are making executable an anonymous mapping or a 2999 * We are making executable an anonymous mapping or a
3000 * private file mapping that will also be writable. 3000 * private file mapping that will also be writable.
3001 * This has an additional check. 3001 * This has an additional check.
3002 */ 3002 */
3003 rc = cred_has_perm(cred, cred, PROCESS__EXECMEM); 3003 rc = cred_has_perm(cred, cred, PROCESS__EXECMEM);
3004 if (rc) 3004 if (rc)
3005 goto error; 3005 goto error;
3006 } 3006 }
3007 3007
3008 if (file) { 3008 if (file) {
3009 /* read access is always possible with a mapping */ 3009 /* read access is always possible with a mapping */
3010 u32 av = FILE__READ; 3010 u32 av = FILE__READ;
3011 3011
3012 /* write access only matters if the mapping is shared */ 3012 /* write access only matters if the mapping is shared */
3013 if (shared && (prot & PROT_WRITE)) 3013 if (shared && (prot & PROT_WRITE))
3014 av |= FILE__WRITE; 3014 av |= FILE__WRITE;
3015 3015
3016 if (prot & PROT_EXEC) 3016 if (prot & PROT_EXEC)
3017 av |= FILE__EXECUTE; 3017 av |= FILE__EXECUTE;
3018 3018
3019 return file_has_perm(cred, file, av); 3019 return file_has_perm(cred, file, av);
3020 } 3020 }
3021 3021
3022 error: 3022 error:
3023 return rc; 3023 return rc;
3024 } 3024 }
3025 3025
3026 static int selinux_file_mmap(struct file *file, unsigned long reqprot, 3026 static int selinux_file_mmap(struct file *file, unsigned long reqprot,
3027 unsigned long prot, unsigned long flags, 3027 unsigned long prot, unsigned long flags,
3028 unsigned long addr, unsigned long addr_only) 3028 unsigned long addr, unsigned long addr_only)
3029 { 3029 {
3030 int rc = 0; 3030 int rc = 0;
3031 u32 sid = current_sid(); 3031 u32 sid = current_sid();
3032 3032
3033 /* 3033 /*
3034 * notice that we are intentionally putting the SELinux check before 3034 * notice that we are intentionally putting the SELinux check before
3035 * the secondary cap_file_mmap check. This is such a likely attempt 3035 * the secondary cap_file_mmap check. This is such a likely attempt
3036 * at bad behaviour/exploit that we always want to get the AVC, even 3036 * at bad behaviour/exploit that we always want to get the AVC, even
3037 * if DAC would have also denied the operation. 3037 * if DAC would have also denied the operation.
3038 */ 3038 */
3039 if (addr < CONFIG_LSM_MMAP_MIN_ADDR) { 3039 if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
3040 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT, 3040 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
3041 MEMPROTECT__MMAP_ZERO, NULL); 3041 MEMPROTECT__MMAP_ZERO, NULL);
3042 if (rc) 3042 if (rc)
3043 return rc; 3043 return rc;
3044 } 3044 }
3045 3045
3046 /* do DAC check on address space usage */ 3046 /* do DAC check on address space usage */
3047 rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only); 3047 rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
3048 if (rc || addr_only) 3048 if (rc || addr_only)
3049 return rc; 3049 return rc;
3050 3050
3051 if (selinux_checkreqprot) 3051 if (selinux_checkreqprot)
3052 prot = reqprot; 3052 prot = reqprot;
3053 3053
3054 return file_map_prot_check(file, prot, 3054 return file_map_prot_check(file, prot,
3055 (flags & MAP_TYPE) == MAP_SHARED); 3055 (flags & MAP_TYPE) == MAP_SHARED);
3056 } 3056 }
3057 3057
3058 static int selinux_file_mprotect(struct vm_area_struct *vma, 3058 static int selinux_file_mprotect(struct vm_area_struct *vma,
3059 unsigned long reqprot, 3059 unsigned long reqprot,
3060 unsigned long prot) 3060 unsigned long prot)
3061 { 3061 {
3062 const struct cred *cred = current_cred(); 3062 const struct cred *cred = current_cred();
3063 3063
3064 if (selinux_checkreqprot) 3064 if (selinux_checkreqprot)
3065 prot = reqprot; 3065 prot = reqprot;
3066 3066
3067 if (default_noexec && 3067 if (default_noexec &&
3068 (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) { 3068 (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
3069 int rc = 0; 3069 int rc = 0;
3070 if (vma->vm_start >= vma->vm_mm->start_brk && 3070 if (vma->vm_start >= vma->vm_mm->start_brk &&
3071 vma->vm_end <= vma->vm_mm->brk) { 3071 vma->vm_end <= vma->vm_mm->brk) {
3072 rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP); 3072 rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP);
3073 } else if (!vma->vm_file && 3073 } else if (!vma->vm_file &&
3074 vma->vm_start <= vma->vm_mm->start_stack && 3074 vma->vm_start <= vma->vm_mm->start_stack &&
3075 vma->vm_end >= vma->vm_mm->start_stack) { 3075 vma->vm_end >= vma->vm_mm->start_stack) {
3076 rc = current_has_perm(current, PROCESS__EXECSTACK); 3076 rc = current_has_perm(current, PROCESS__EXECSTACK);
3077 } else if (vma->vm_file && vma->anon_vma) { 3077 } else if (vma->vm_file && vma->anon_vma) {
3078 /* 3078 /*
3079 * We are making executable a file mapping that has 3079 * We are making executable a file mapping that has
3080 * had some COW done. Since pages might have been 3080 * had some COW done. Since pages might have been
3081 * written, check ability to execute the possibly 3081 * written, check ability to execute the possibly
3082 * modified content. This typically should only 3082 * modified content. This typically should only
3083 * occur for text relocations. 3083 * occur for text relocations.
3084 */ 3084 */
3085 rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD); 3085 rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);
3086 } 3086 }
3087 if (rc) 3087 if (rc)
3088 return rc; 3088 return rc;
3089 } 3089 }
3090 3090
3091 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED); 3091 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
3092 } 3092 }
3093 3093
3094 static int selinux_file_lock(struct file *file, unsigned int cmd) 3094 static int selinux_file_lock(struct file *file, unsigned int cmd)
3095 { 3095 {
3096 const struct cred *cred = current_cred(); 3096 const struct cred *cred = current_cred();
3097 3097
3098 return file_has_perm(cred, file, FILE__LOCK); 3098 return file_has_perm(cred, file, FILE__LOCK);
3099 } 3099 }
3100 3100
3101 static int selinux_file_fcntl(struct file *file, unsigned int cmd, 3101 static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3102 unsigned long arg) 3102 unsigned long arg)
3103 { 3103 {
3104 const struct cred *cred = current_cred(); 3104 const struct cred *cred = current_cred();
3105 int err = 0; 3105 int err = 0;
3106 3106
3107 switch (cmd) { 3107 switch (cmd) {
3108 case F_SETFL: 3108 case F_SETFL:
3109 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) { 3109 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
3110 err = -EINVAL; 3110 err = -EINVAL;
3111 break; 3111 break;
3112 } 3112 }
3113 3113
3114 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) { 3114 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3115 err = file_has_perm(cred, file, FILE__WRITE); 3115 err = file_has_perm(cred, file, FILE__WRITE);
3116 break; 3116 break;
3117 } 3117 }
3118 /* fall through */ 3118 /* fall through */
3119 case F_SETOWN: 3119 case F_SETOWN:
3120 case F_SETSIG: 3120 case F_SETSIG:
3121 case F_GETFL: 3121 case F_GETFL:
3122 case F_GETOWN: 3122 case F_GETOWN:
3123 case F_GETSIG: 3123 case F_GETSIG:
3124 /* Just check FD__USE permission */ 3124 /* Just check FD__USE permission */
3125 err = file_has_perm(cred, file, 0); 3125 err = file_has_perm(cred, file, 0);
3126 break; 3126 break;
3127 case F_GETLK: 3127 case F_GETLK:
3128 case F_SETLK: 3128 case F_SETLK:
3129 case F_SETLKW: 3129 case F_SETLKW:
3130 #if BITS_PER_LONG == 32 3130 #if BITS_PER_LONG == 32
3131 case F_GETLK64: 3131 case F_GETLK64:
3132 case F_SETLK64: 3132 case F_SETLK64:
3133 case F_SETLKW64: 3133 case F_SETLKW64:
3134 #endif 3134 #endif
3135 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) { 3135 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
3136 err = -EINVAL; 3136 err = -EINVAL;
3137 break; 3137 break;
3138 } 3138 }
3139 err = file_has_perm(cred, file, FILE__LOCK); 3139 err = file_has_perm(cred, file, FILE__LOCK);
3140 break; 3140 break;
3141 } 3141 }
3142 3142
3143 return err; 3143 return err;
3144 } 3144 }
3145 3145
3146 static int selinux_file_set_fowner(struct file *file) 3146 static int selinux_file_set_fowner(struct file *file)
3147 { 3147 {
3148 struct file_security_struct *fsec; 3148 struct file_security_struct *fsec;
3149 3149
3150 fsec = file->f_security; 3150 fsec = file->f_security;
3151 fsec->fown_sid = current_sid(); 3151 fsec->fown_sid = current_sid();
3152 3152
3153 return 0; 3153 return 0;
3154 } 3154 }
3155 3155
3156 static int selinux_file_send_sigiotask(struct task_struct *tsk, 3156 static int selinux_file_send_sigiotask(struct task_struct *tsk,
3157 struct fown_struct *fown, int signum) 3157 struct fown_struct *fown, int signum)
3158 { 3158 {
3159 struct file *file; 3159 struct file *file;
3160 u32 sid = task_sid(tsk); 3160 u32 sid = task_sid(tsk);
3161 u32 perm; 3161 u32 perm;
3162 struct file_security_struct *fsec; 3162 struct file_security_struct *fsec;
3163 3163
3164 /* struct fown_struct is never outside the context of a struct file */ 3164 /* struct fown_struct is never outside the context of a struct file */
3165 file = container_of(fown, struct file, f_owner); 3165 file = container_of(fown, struct file, f_owner);
3166 3166
3167 fsec = file->f_security; 3167 fsec = file->f_security;
3168 3168
3169 if (!signum) 3169 if (!signum)
3170 perm = signal_to_av(SIGIO); /* as per send_sigio_to_task */ 3170 perm = signal_to_av(SIGIO); /* as per send_sigio_to_task */
3171 else 3171 else
3172 perm = signal_to_av(signum); 3172 perm = signal_to_av(signum);
3173 3173
3174 return avc_has_perm(fsec->fown_sid, sid, 3174 return avc_has_perm(fsec->fown_sid, sid,
3175 SECCLASS_PROCESS, perm, NULL); 3175 SECCLASS_PROCESS, perm, NULL);
3176 } 3176 }
3177 3177
3178 static int selinux_file_receive(struct file *file) 3178 static int selinux_file_receive(struct file *file)
3179 { 3179 {
3180 const struct cred *cred = current_cred(); 3180 const struct cred *cred = current_cred();
3181 3181
3182 return file_has_perm(cred, file, file_to_av(file)); 3182 return file_has_perm(cred, file, file_to_av(file));
3183 } 3183 }
3184 3184
3185 static int selinux_dentry_open(struct file *file, const struct cred *cred) 3185 static int selinux_dentry_open(struct file *file, const struct cred *cred)
3186 { 3186 {
3187 struct file_security_struct *fsec; 3187 struct file_security_struct *fsec;
3188 struct inode *inode; 3188 struct inode *inode;
3189 struct inode_security_struct *isec; 3189 struct inode_security_struct *isec;
3190 3190
3191 inode = file->f_path.dentry->d_inode; 3191 inode = file->f_path.dentry->d_inode;
3192 fsec = file->f_security; 3192 fsec = file->f_security;
3193 isec = inode->i_security; 3193 isec = inode->i_security;
3194 /* 3194 /*
3195 * Save inode label and policy sequence number 3195 * Save inode label and policy sequence number
3196 * at open-time so that selinux_file_permission 3196 * at open-time so that selinux_file_permission
3197 * can determine whether revalidation is necessary. 3197 * can determine whether revalidation is necessary.
3198 * Task label is already saved in the file security 3198 * Task label is already saved in the file security
3199 * struct as its SID. 3199 * struct as its SID.
3200 */ 3200 */
3201 fsec->isid = isec->sid; 3201 fsec->isid = isec->sid;
3202 fsec->pseqno = avc_policy_seqno(); 3202 fsec->pseqno = avc_policy_seqno();
3203 /* 3203 /*
3204 * Since the inode label or policy seqno may have changed 3204 * Since the inode label or policy seqno may have changed
3205 * between the selinux_inode_permission check and the saving 3205 * between the selinux_inode_permission check and the saving
3206 * of state above, recheck that access is still permitted. 3206 * of state above, recheck that access is still permitted.
3207 * Otherwise, access might never be revalidated against the 3207 * Otherwise, access might never be revalidated against the
3208 * new inode label or new policy. 3208 * new inode label or new policy.
3209 * This check is not redundant - do not remove. 3209 * This check is not redundant - do not remove.
3210 */ 3210 */
3211 return inode_has_perm(cred, inode, open_file_to_av(file), NULL, 0); 3211 return inode_has_perm(cred, inode, open_file_to_av(file), NULL, 0);
3212 } 3212 }
3213 3213
3214 /* task security operations */ 3214 /* task security operations */
3215 3215
3216 static int selinux_task_create(unsigned long clone_flags) 3216 static int selinux_task_create(unsigned long clone_flags)
3217 { 3217 {
3218 return current_has_perm(current, PROCESS__FORK); 3218 return current_has_perm(current, PROCESS__FORK);
3219 } 3219 }
3220 3220
3221 /* 3221 /*
3222 * allocate the SELinux part of blank credentials 3222 * allocate the SELinux part of blank credentials
3223 */ 3223 */
3224 static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp) 3224 static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp)
3225 { 3225 {
3226 struct task_security_struct *tsec; 3226 struct task_security_struct *tsec;
3227 3227
3228 tsec = kzalloc(sizeof(struct task_security_struct), gfp); 3228 tsec = kzalloc(sizeof(struct task_security_struct), gfp);
3229 if (!tsec) 3229 if (!tsec)
3230 return -ENOMEM; 3230 return -ENOMEM;
3231 3231
3232 cred->security = tsec; 3232 cred->security = tsec;
3233 return 0; 3233 return 0;
3234 } 3234 }
3235 3235
3236 /* 3236 /*
3237 * detach and free the LSM part of a set of credentials 3237 * detach and free the LSM part of a set of credentials
3238 */ 3238 */
3239 static void selinux_cred_free(struct cred *cred) 3239 static void selinux_cred_free(struct cred *cred)
3240 { 3240 {
3241 struct task_security_struct *tsec = cred->security; 3241 struct task_security_struct *tsec = cred->security;
3242 3242
3243 /* 3243 /*
3244 * cred->security == NULL if security_cred_alloc_blank() or 3244 * cred->security == NULL if security_cred_alloc_blank() or
3245 * security_prepare_creds() returned an error. 3245 * security_prepare_creds() returned an error.
3246 */ 3246 */
3247 BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE); 3247 BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE);
3248 cred->security = (void *) 0x7UL; 3248 cred->security = (void *) 0x7UL;
3249 kfree(tsec); 3249 kfree(tsec);
3250 } 3250 }
3251 3251
3252 /* 3252 /*
3253 * prepare a new set of credentials for modification 3253 * prepare a new set of credentials for modification
3254 */ 3254 */
3255 static int selinux_cred_prepare(struct cred *new, const struct cred *old, 3255 static int selinux_cred_prepare(struct cred *new, const struct cred *old,
3256 gfp_t gfp) 3256 gfp_t gfp)
3257 { 3257 {
3258 const struct task_security_struct *old_tsec; 3258 const struct task_security_struct *old_tsec;
3259 struct task_security_struct *tsec; 3259 struct task_security_struct *tsec;
3260 3260
3261 old_tsec = old->security; 3261 old_tsec = old->security;
3262 3262
3263 tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp); 3263 tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp);
3264 if (!tsec) 3264 if (!tsec)
3265 return -ENOMEM; 3265 return -ENOMEM;
3266 3266
3267 new->security = tsec; 3267 new->security = tsec;
3268 return 0; 3268 return 0;
3269 } 3269 }
3270 3270
3271 /* 3271 /*
3272 * transfer the SELinux data to a blank set of creds 3272 * transfer the SELinux data to a blank set of creds
3273 */ 3273 */
3274 static void selinux_cred_transfer(struct cred *new, const struct cred *old) 3274 static void selinux_cred_transfer(struct cred *new, const struct cred *old)
3275 { 3275 {
3276 const struct task_security_struct *old_tsec = old->security; 3276 const struct task_security_struct *old_tsec = old->security;
3277 struct task_security_struct *tsec = new->security; 3277 struct task_security_struct *tsec = new->security;
3278 3278
3279 *tsec = *old_tsec; 3279 *tsec = *old_tsec;
3280 } 3280 }
3281 3281
3282 /* 3282 /*
3283 * set the security data for a kernel service 3283 * set the security data for a kernel service
3284 * - all the creation contexts are set to unlabelled 3284 * - all the creation contexts are set to unlabelled
3285 */ 3285 */
3286 static int selinux_kernel_act_as(struct cred *new, u32 secid) 3286 static int selinux_kernel_act_as(struct cred *new, u32 secid)
3287 { 3287 {
3288 struct task_security_struct *tsec = new->security; 3288 struct task_security_struct *tsec = new->security;
3289 u32 sid = current_sid(); 3289 u32 sid = current_sid();
3290 int ret; 3290 int ret;
3291 3291
3292 ret = avc_has_perm(sid, secid, 3292 ret = avc_has_perm(sid, secid,
3293 SECCLASS_KERNEL_SERVICE, 3293 SECCLASS_KERNEL_SERVICE,
3294 KERNEL_SERVICE__USE_AS_OVERRIDE, 3294 KERNEL_SERVICE__USE_AS_OVERRIDE,
3295 NULL); 3295 NULL);
3296 if (ret == 0) { 3296 if (ret == 0) {
3297 tsec->sid = secid; 3297 tsec->sid = secid;
3298 tsec->create_sid = 0; 3298 tsec->create_sid = 0;
3299 tsec->keycreate_sid = 0; 3299 tsec->keycreate_sid = 0;
3300 tsec->sockcreate_sid = 0; 3300 tsec->sockcreate_sid = 0;
3301 } 3301 }
3302 return ret; 3302 return ret;
3303 } 3303 }
3304 3304
3305 /* 3305 /*
3306 * set the file creation context in a security record to the same as the 3306 * set the file creation context in a security record to the same as the
3307 * objective context of the specified inode 3307 * objective context of the specified inode
3308 */ 3308 */
3309 static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode) 3309 static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
3310 { 3310 {
3311 struct inode_security_struct *isec = inode->i_security; 3311 struct inode_security_struct *isec = inode->i_security;
3312 struct task_security_struct *tsec = new->security; 3312 struct task_security_struct *tsec = new->security;
3313 u32 sid = current_sid(); 3313 u32 sid = current_sid();
3314 int ret; 3314 int ret;
3315 3315
3316 ret = avc_has_perm(sid, isec->sid, 3316 ret = avc_has_perm(sid, isec->sid,
3317 SECCLASS_KERNEL_SERVICE, 3317 SECCLASS_KERNEL_SERVICE,
3318 KERNEL_SERVICE__CREATE_FILES_AS, 3318 KERNEL_SERVICE__CREATE_FILES_AS,
3319 NULL); 3319 NULL);
3320 3320
3321 if (ret == 0) 3321 if (ret == 0)
3322 tsec->create_sid = isec->sid; 3322 tsec->create_sid = isec->sid;
3323 return ret; 3323 return ret;
3324 } 3324 }
3325 3325
3326 static int selinux_kernel_module_request(char *kmod_name) 3326 static int selinux_kernel_module_request(char *kmod_name)
3327 { 3327 {
3328 u32 sid; 3328 u32 sid;
3329 struct common_audit_data ad; 3329 struct common_audit_data ad;
3330 3330
3331 sid = task_sid(current); 3331 sid = task_sid(current);
3332 3332
3333 COMMON_AUDIT_DATA_INIT(&ad, KMOD); 3333 COMMON_AUDIT_DATA_INIT(&ad, KMOD);
3334 ad.u.kmod_name = kmod_name; 3334 ad.u.kmod_name = kmod_name;
3335 3335
3336 return avc_has_perm(sid, SECINITSID_KERNEL, SECCLASS_SYSTEM, 3336 return avc_has_perm(sid, SECINITSID_KERNEL, SECCLASS_SYSTEM,
3337 SYSTEM__MODULE_REQUEST, &ad); 3337 SYSTEM__MODULE_REQUEST, &ad);
3338 } 3338 }
3339 3339
3340 static int selinux_task_setpgid(struct task_struct *p, pid_t pgid) 3340 static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
3341 { 3341 {
3342 return current_has_perm(p, PROCESS__SETPGID); 3342 return current_has_perm(p, PROCESS__SETPGID);
3343 } 3343 }
3344 3344
3345 static int selinux_task_getpgid(struct task_struct *p) 3345 static int selinux_task_getpgid(struct task_struct *p)
3346 { 3346 {
3347 return current_has_perm(p, PROCESS__GETPGID); 3347 return current_has_perm(p, PROCESS__GETPGID);
3348 } 3348 }
3349 3349
3350 static int selinux_task_getsid(struct task_struct *p) 3350 static int selinux_task_getsid(struct task_struct *p)
3351 { 3351 {
3352 return current_has_perm(p, PROCESS__GETSESSION); 3352 return current_has_perm(p, PROCESS__GETSESSION);
3353 } 3353 }
3354 3354
3355 static void selinux_task_getsecid(struct task_struct *p, u32 *secid) 3355 static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
3356 { 3356 {
3357 *secid = task_sid(p); 3357 *secid = task_sid(p);
3358 } 3358 }
3359 3359
3360 static int selinux_task_setnice(struct task_struct *p, int nice) 3360 static int selinux_task_setnice(struct task_struct *p, int nice)
3361 { 3361 {
3362 int rc; 3362 int rc;
3363 3363
3364 rc = cap_task_setnice(p, nice); 3364 rc = cap_task_setnice(p, nice);
3365 if (rc) 3365 if (rc)
3366 return rc; 3366 return rc;
3367 3367
3368 return current_has_perm(p, PROCESS__SETSCHED); 3368 return current_has_perm(p, PROCESS__SETSCHED);
3369 } 3369 }
3370 3370
3371 static int selinux_task_setioprio(struct task_struct *p, int ioprio) 3371 static int selinux_task_setioprio(struct task_struct *p, int ioprio)
3372 { 3372 {
3373 int rc; 3373 int rc;
3374 3374
3375 rc = cap_task_setioprio(p, ioprio); 3375 rc = cap_task_setioprio(p, ioprio);
3376 if (rc) 3376 if (rc)
3377 return rc; 3377 return rc;
3378 3378
3379 return current_has_perm(p, PROCESS__SETSCHED); 3379 return current_has_perm(p, PROCESS__SETSCHED);
3380 } 3380 }
3381 3381
3382 static int selinux_task_getioprio(struct task_struct *p) 3382 static int selinux_task_getioprio(struct task_struct *p)
3383 { 3383 {
3384 return current_has_perm(p, PROCESS__GETSCHED); 3384 return current_has_perm(p, PROCESS__GETSCHED);
3385 } 3385 }
3386 3386
3387 static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource, 3387 static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
3388 struct rlimit *new_rlim) 3388 struct rlimit *new_rlim)
3389 { 3389 {
3390 struct rlimit *old_rlim = p->signal->rlim + resource; 3390 struct rlimit *old_rlim = p->signal->rlim + resource;
3391 3391
3392 /* Control the ability to change the hard limit (whether 3392 /* Control the ability to change the hard limit (whether
3393 lowering or raising it), so that the hard limit can 3393 lowering or raising it), so that the hard limit can
3394 later be used as a safe reset point for the soft limit 3394 later be used as a safe reset point for the soft limit
3395 upon context transitions. See selinux_bprm_committing_creds. */ 3395 upon context transitions. See selinux_bprm_committing_creds. */
3396 if (old_rlim->rlim_max != new_rlim->rlim_max) 3396 if (old_rlim->rlim_max != new_rlim->rlim_max)
3397 return current_has_perm(p, PROCESS__SETRLIMIT); 3397 return current_has_perm(p, PROCESS__SETRLIMIT);
3398 3398
3399 return 0; 3399 return 0;
3400 } 3400 }
3401 3401
3402 static int selinux_task_setscheduler(struct task_struct *p) 3402 static int selinux_task_setscheduler(struct task_struct *p)
3403 { 3403 {
3404 int rc; 3404 int rc;
3405 3405
3406 rc = cap_task_setscheduler(p); 3406 rc = cap_task_setscheduler(p);
3407 if (rc) 3407 if (rc)
3408 return rc; 3408 return rc;
3409 3409
3410 return current_has_perm(p, PROCESS__SETSCHED); 3410 return current_has_perm(p, PROCESS__SETSCHED);
3411 } 3411 }
3412 3412
3413 static int selinux_task_getscheduler(struct task_struct *p) 3413 static int selinux_task_getscheduler(struct task_struct *p)
3414 { 3414 {
3415 return current_has_perm(p, PROCESS__GETSCHED); 3415 return current_has_perm(p, PROCESS__GETSCHED);
3416 } 3416 }
3417 3417
3418 static int selinux_task_movememory(struct task_struct *p) 3418 static int selinux_task_movememory(struct task_struct *p)
3419 { 3419 {
3420 return current_has_perm(p, PROCESS__SETSCHED); 3420 return current_has_perm(p, PROCESS__SETSCHED);
3421 } 3421 }
3422 3422
3423 static int selinux_task_kill(struct task_struct *p, struct siginfo *info, 3423 static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
3424 int sig, u32 secid) 3424 int sig, u32 secid)
3425 { 3425 {
3426 u32 perm; 3426 u32 perm;
3427 int rc; 3427 int rc;
3428 3428
3429 if (!sig) 3429 if (!sig)
3430 perm = PROCESS__SIGNULL; /* null signal; existence test */ 3430 perm = PROCESS__SIGNULL; /* null signal; existence test */
3431 else 3431 else
3432 perm = signal_to_av(sig); 3432 perm = signal_to_av(sig);
3433 if (secid) 3433 if (secid)
3434 rc = avc_has_perm(secid, task_sid(p), 3434 rc = avc_has_perm(secid, task_sid(p),
3435 SECCLASS_PROCESS, perm, NULL); 3435 SECCLASS_PROCESS, perm, NULL);
3436 else 3436 else
3437 rc = current_has_perm(p, perm); 3437 rc = current_has_perm(p, perm);
3438 return rc; 3438 return rc;
3439 } 3439 }
3440 3440
3441 static int selinux_task_wait(struct task_struct *p) 3441 static int selinux_task_wait(struct task_struct *p)
3442 { 3442 {
3443 return task_has_perm(p, current, PROCESS__SIGCHLD); 3443 return task_has_perm(p, current, PROCESS__SIGCHLD);
3444 } 3444 }
3445 3445
3446 static void selinux_task_to_inode(struct task_struct *p, 3446 static void selinux_task_to_inode(struct task_struct *p,
3447 struct inode *inode) 3447 struct inode *inode)
3448 { 3448 {
3449 struct inode_security_struct *isec = inode->i_security; 3449 struct inode_security_struct *isec = inode->i_security;
3450 u32 sid = task_sid(p); 3450 u32 sid = task_sid(p);
3451 3451
3452 isec->sid = sid; 3452 isec->sid = sid;
3453 isec->initialized = 1; 3453 isec->initialized = 1;
3454 } 3454 }
3455 3455
3456 /* Returns error only if unable to parse addresses */ 3456 /* Returns error only if unable to parse addresses */
3457 static int selinux_parse_skb_ipv4(struct sk_buff *skb, 3457 static int selinux_parse_skb_ipv4(struct sk_buff *skb,
3458 struct common_audit_data *ad, u8 *proto) 3458 struct common_audit_data *ad, u8 *proto)
3459 { 3459 {
3460 int offset, ihlen, ret = -EINVAL; 3460 int offset, ihlen, ret = -EINVAL;
3461 struct iphdr _iph, *ih; 3461 struct iphdr _iph, *ih;
3462 3462
3463 offset = skb_network_offset(skb); 3463 offset = skb_network_offset(skb);
3464 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph); 3464 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
3465 if (ih == NULL) 3465 if (ih == NULL)
3466 goto out; 3466 goto out;
3467 3467
3468 ihlen = ih->ihl * 4; 3468 ihlen = ih->ihl * 4;
3469 if (ihlen < sizeof(_iph)) 3469 if (ihlen < sizeof(_iph))
3470 goto out; 3470 goto out;
3471 3471
3472 ad->u.net.v4info.saddr = ih->saddr; 3472 ad->u.net.v4info.saddr = ih->saddr;
3473 ad->u.net.v4info.daddr = ih->daddr; 3473 ad->u.net.v4info.daddr = ih->daddr;
3474 ret = 0; 3474 ret = 0;
3475 3475
3476 if (proto) 3476 if (proto)
3477 *proto = ih->protocol; 3477 *proto = ih->protocol;
3478 3478
3479 switch (ih->protocol) { 3479 switch (ih->protocol) {
3480 case IPPROTO_TCP: { 3480 case IPPROTO_TCP: {
3481 struct tcphdr _tcph, *th; 3481 struct tcphdr _tcph, *th;
3482 3482
3483 if (ntohs(ih->frag_off) & IP_OFFSET) 3483 if (ntohs(ih->frag_off) & IP_OFFSET)
3484 break; 3484 break;
3485 3485
3486 offset += ihlen; 3486 offset += ihlen;
3487 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); 3487 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3488 if (th == NULL) 3488 if (th == NULL)
3489 break; 3489 break;
3490 3490
3491 ad->u.net.sport = th->source; 3491 ad->u.net.sport = th->source;
3492 ad->u.net.dport = th->dest; 3492 ad->u.net.dport = th->dest;
3493 break; 3493 break;
3494 } 3494 }
3495 3495
3496 case IPPROTO_UDP: { 3496 case IPPROTO_UDP: {
3497 struct udphdr _udph, *uh; 3497 struct udphdr _udph, *uh;
3498 3498
3499 if (ntohs(ih->frag_off) & IP_OFFSET) 3499 if (ntohs(ih->frag_off) & IP_OFFSET)
3500 break; 3500 break;
3501 3501
3502 offset += ihlen; 3502 offset += ihlen;
3503 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); 3503 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3504 if (uh == NULL) 3504 if (uh == NULL)
3505 break; 3505 break;
3506 3506
3507 ad->u.net.sport = uh->source; 3507 ad->u.net.sport = uh->source;
3508 ad->u.net.dport = uh->dest; 3508 ad->u.net.dport = uh->dest;
3509 break; 3509 break;
3510 } 3510 }
3511 3511
3512 case IPPROTO_DCCP: { 3512 case IPPROTO_DCCP: {
3513 struct dccp_hdr _dccph, *dh; 3513 struct dccp_hdr _dccph, *dh;
3514 3514
3515 if (ntohs(ih->frag_off) & IP_OFFSET) 3515 if (ntohs(ih->frag_off) & IP_OFFSET)
3516 break; 3516 break;
3517 3517
3518 offset += ihlen; 3518 offset += ihlen;
3519 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); 3519 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3520 if (dh == NULL) 3520 if (dh == NULL)
3521 break; 3521 break;
3522 3522
3523 ad->u.net.sport = dh->dccph_sport; 3523 ad->u.net.sport = dh->dccph_sport;
3524 ad->u.net.dport = dh->dccph_dport; 3524 ad->u.net.dport = dh->dccph_dport;
3525 break; 3525 break;
3526 } 3526 }
3527 3527
3528 default: 3528 default:
3529 break; 3529 break;
3530 } 3530 }
3531 out: 3531 out:
3532 return ret; 3532 return ret;
3533 } 3533 }
3534 3534
3535 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 3535 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3536 3536
3537 /* Returns error only if unable to parse addresses */ 3537 /* Returns error only if unable to parse addresses */
3538 static int selinux_parse_skb_ipv6(struct sk_buff *skb, 3538 static int selinux_parse_skb_ipv6(struct sk_buff *skb,
3539 struct common_audit_data *ad, u8 *proto) 3539 struct common_audit_data *ad, u8 *proto)
3540 { 3540 {
3541 u8 nexthdr; 3541 u8 nexthdr;
3542 int ret = -EINVAL, offset; 3542 int ret = -EINVAL, offset;
3543 struct ipv6hdr _ipv6h, *ip6; 3543 struct ipv6hdr _ipv6h, *ip6;
3544 3544
3545 offset = skb_network_offset(skb); 3545 offset = skb_network_offset(skb);
3546 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); 3546 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3547 if (ip6 == NULL) 3547 if (ip6 == NULL)
3548 goto out; 3548 goto out;
3549 3549
3550 ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr); 3550 ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr);
3551 ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr); 3551 ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr);
3552 ret = 0; 3552 ret = 0;
3553 3553
3554 nexthdr = ip6->nexthdr; 3554 nexthdr = ip6->nexthdr;
3555 offset += sizeof(_ipv6h); 3555 offset += sizeof(_ipv6h);
3556 offset = ipv6_skip_exthdr(skb, offset, &nexthdr); 3556 offset = ipv6_skip_exthdr(skb, offset, &nexthdr);
3557 if (offset < 0) 3557 if (offset < 0)
3558 goto out; 3558 goto out;
3559 3559
3560 if (proto) 3560 if (proto)
3561 *proto = nexthdr; 3561 *proto = nexthdr;
3562 3562
3563 switch (nexthdr) { 3563 switch (nexthdr) {
3564 case IPPROTO_TCP: { 3564 case IPPROTO_TCP: {
3565 struct tcphdr _tcph, *th; 3565 struct tcphdr _tcph, *th;
3566 3566
3567 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); 3567 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3568 if (th == NULL) 3568 if (th == NULL)
3569 break; 3569 break;
3570 3570
3571 ad->u.net.sport = th->source; 3571 ad->u.net.sport = th->source;
3572 ad->u.net.dport = th->dest; 3572 ad->u.net.dport = th->dest;
3573 break; 3573 break;
3574 } 3574 }
3575 3575
3576 case IPPROTO_UDP: { 3576 case IPPROTO_UDP: {
3577 struct udphdr _udph, *uh; 3577 struct udphdr _udph, *uh;
3578 3578
3579 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); 3579 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3580 if (uh == NULL) 3580 if (uh == NULL)
3581 break; 3581 break;
3582 3582
3583 ad->u.net.sport = uh->source; 3583 ad->u.net.sport = uh->source;
3584 ad->u.net.dport = uh->dest; 3584 ad->u.net.dport = uh->dest;
3585 break; 3585 break;
3586 } 3586 }
3587 3587
3588 case IPPROTO_DCCP: { 3588 case IPPROTO_DCCP: {
3589 struct dccp_hdr _dccph, *dh; 3589 struct dccp_hdr _dccph, *dh;
3590 3590
3591 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph); 3591 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3592 if (dh == NULL) 3592 if (dh == NULL)
3593 break; 3593 break;
3594 3594
3595 ad->u.net.sport = dh->dccph_sport; 3595 ad->u.net.sport = dh->dccph_sport;
3596 ad->u.net.dport = dh->dccph_dport; 3596 ad->u.net.dport = dh->dccph_dport;
3597 break; 3597 break;
3598 } 3598 }
3599 3599
3600 /* includes fragments */ 3600 /* includes fragments */
3601 default: 3601 default:
3602 break; 3602 break;
3603 } 3603 }
3604 out: 3604 out:
3605 return ret; 3605 return ret;
3606 } 3606 }
3607 3607
3608 #endif /* IPV6 */ 3608 #endif /* IPV6 */
3609 3609
3610 static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad, 3610 static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
3611 char **_addrp, int src, u8 *proto) 3611 char **_addrp, int src, u8 *proto)
3612 { 3612 {
3613 char *addrp; 3613 char *addrp;
3614 int ret; 3614 int ret;
3615 3615
3616 switch (ad->u.net.family) { 3616 switch (ad->u.net.family) {
3617 case PF_INET: 3617 case PF_INET:
3618 ret = selinux_parse_skb_ipv4(skb, ad, proto); 3618 ret = selinux_parse_skb_ipv4(skb, ad, proto);
3619 if (ret) 3619 if (ret)
3620 goto parse_error; 3620 goto parse_error;
3621 addrp = (char *)(src ? &ad->u.net.v4info.saddr : 3621 addrp = (char *)(src ? &ad->u.net.v4info.saddr :
3622 &ad->u.net.v4info.daddr); 3622 &ad->u.net.v4info.daddr);
3623 goto okay; 3623 goto okay;
3624 3624
3625 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 3625 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3626 case PF_INET6: 3626 case PF_INET6:
3627 ret = selinux_parse_skb_ipv6(skb, ad, proto); 3627 ret = selinux_parse_skb_ipv6(skb, ad, proto);
3628 if (ret) 3628 if (ret)
3629 goto parse_error; 3629 goto parse_error;
3630 addrp = (char *)(src ? &ad->u.net.v6info.saddr : 3630 addrp = (char *)(src ? &ad->u.net.v6info.saddr :
3631 &ad->u.net.v6info.daddr); 3631 &ad->u.net.v6info.daddr);
3632 goto okay; 3632 goto okay;
3633 #endif /* IPV6 */ 3633 #endif /* IPV6 */
3634 default: 3634 default:
3635 addrp = NULL; 3635 addrp = NULL;
3636 goto okay; 3636 goto okay;
3637 } 3637 }
3638 3638
3639 parse_error: 3639 parse_error:
3640 printk(KERN_WARNING 3640 printk(KERN_WARNING
3641 "SELinux: failure in selinux_parse_skb()," 3641 "SELinux: failure in selinux_parse_skb(),"
3642 " unable to parse packet\n"); 3642 " unable to parse packet\n");
3643 return ret; 3643 return ret;
3644 3644
3645 okay: 3645 okay:
3646 if (_addrp) 3646 if (_addrp)
3647 *_addrp = addrp; 3647 *_addrp = addrp;
3648 return 0; 3648 return 0;
3649 } 3649 }
3650 3650
3651 /** 3651 /**
3652 * selinux_skb_peerlbl_sid - Determine the peer label of a packet 3652 * selinux_skb_peerlbl_sid - Determine the peer label of a packet
3653 * @skb: the packet 3653 * @skb: the packet
3654 * @family: protocol family 3654 * @family: protocol family
3655 * @sid: the packet's peer label SID 3655 * @sid: the packet's peer label SID
3656 * 3656 *
3657 * Description: 3657 * Description:
3658 * Check the various different forms of network peer labeling and determine 3658 * Check the various different forms of network peer labeling and determine
3659 * the peer label/SID for the packet; most of the magic actually occurs in 3659 * the peer label/SID for the packet; most of the magic actually occurs in
3660 * the security server function security_net_peersid_cmp(). The function 3660 * the security server function security_net_peersid_cmp(). The function
3661 * returns zero if the value in @sid is valid (although it may be SECSID_NULL) 3661 * returns zero if the value in @sid is valid (although it may be SECSID_NULL)
3662 * or -EACCES if @sid is invalid due to inconsistencies with the different 3662 * or -EACCES if @sid is invalid due to inconsistencies with the different
3663 * peer labels. 3663 * peer labels.
3664 * 3664 *
3665 */ 3665 */
3666 static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid) 3666 static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
3667 { 3667 {
3668 int err; 3668 int err;
3669 u32 xfrm_sid; 3669 u32 xfrm_sid;
3670 u32 nlbl_sid; 3670 u32 nlbl_sid;
3671 u32 nlbl_type; 3671 u32 nlbl_type;
3672 3672
3673 selinux_skb_xfrm_sid(skb, &xfrm_sid); 3673 selinux_skb_xfrm_sid(skb, &xfrm_sid);
3674 selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid); 3674 selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
3675 3675
3676 err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid); 3676 err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
3677 if (unlikely(err)) { 3677 if (unlikely(err)) {
3678 printk(KERN_WARNING 3678 printk(KERN_WARNING
3679 "SELinux: failure in selinux_skb_peerlbl_sid()," 3679 "SELinux: failure in selinux_skb_peerlbl_sid(),"
3680 " unable to determine packet's peer label\n"); 3680 " unable to determine packet's peer label\n");
3681 return -EACCES; 3681 return -EACCES;
3682 } 3682 }
3683 3683
3684 return 0; 3684 return 0;
3685 } 3685 }
3686 3686
3687 /* socket security operations */ 3687 /* socket security operations */
3688 3688
3689 static int socket_sockcreate_sid(const struct task_security_struct *tsec, 3689 static int socket_sockcreate_sid(const struct task_security_struct *tsec,
3690 u16 secclass, u32 *socksid) 3690 u16 secclass, u32 *socksid)
3691 { 3691 {
3692 if (tsec->sockcreate_sid > SECSID_NULL) { 3692 if (tsec->sockcreate_sid > SECSID_NULL) {
3693 *socksid = tsec->sockcreate_sid; 3693 *socksid = tsec->sockcreate_sid;
3694 return 0; 3694 return 0;
3695 } 3695 }
3696 3696
3697 return security_transition_sid(tsec->sid, tsec->sid, secclass, NULL, 3697 return security_transition_sid(tsec->sid, tsec->sid, secclass, NULL,
3698 socksid); 3698 socksid);
3699 } 3699 }
3700 3700
3701 static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms) 3701 static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms)
3702 { 3702 {
3703 struct sk_security_struct *sksec = sk->sk_security; 3703 struct sk_security_struct *sksec = sk->sk_security;
3704 struct common_audit_data ad; 3704 struct common_audit_data ad;
3705 u32 tsid = task_sid(task); 3705 u32 tsid = task_sid(task);
3706 3706
3707 if (sksec->sid == SECINITSID_KERNEL) 3707 if (sksec->sid == SECINITSID_KERNEL)
3708 return 0; 3708 return 0;
3709 3709
3710 COMMON_AUDIT_DATA_INIT(&ad, NET); 3710 COMMON_AUDIT_DATA_INIT(&ad, NET);
3711 ad.u.net.sk = sk; 3711 ad.u.net.sk = sk;
3712 3712
3713 return avc_has_perm(tsid, sksec->sid, sksec->sclass, perms, &ad); 3713 return avc_has_perm(tsid, sksec->sid, sksec->sclass, perms, &ad);
3714 } 3714 }
3715 3715
3716 static int selinux_socket_create(int family, int type, 3716 static int selinux_socket_create(int family, int type,
3717 int protocol, int kern) 3717 int protocol, int kern)
3718 { 3718 {
3719 const struct task_security_struct *tsec = current_security(); 3719 const struct task_security_struct *tsec = current_security();
3720 u32 newsid; 3720 u32 newsid;
3721 u16 secclass; 3721 u16 secclass;
3722 int rc; 3722 int rc;
3723 3723
3724 if (kern) 3724 if (kern)
3725 return 0; 3725 return 0;
3726 3726
3727 secclass = socket_type_to_security_class(family, type, protocol); 3727 secclass = socket_type_to_security_class(family, type, protocol);
3728 rc = socket_sockcreate_sid(tsec, secclass, &newsid); 3728 rc = socket_sockcreate_sid(tsec, secclass, &newsid);
3729 if (rc) 3729 if (rc)
3730 return rc; 3730 return rc;
3731 3731
3732 return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL); 3732 return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
3733 } 3733 }
3734 3734
3735 static int selinux_socket_post_create(struct socket *sock, int family, 3735 static int selinux_socket_post_create(struct socket *sock, int family,
3736 int type, int protocol, int kern) 3736 int type, int protocol, int kern)
3737 { 3737 {
3738 const struct task_security_struct *tsec = current_security(); 3738 const struct task_security_struct *tsec = current_security();
3739 struct inode_security_struct *isec = SOCK_INODE(sock)->i_security; 3739 struct inode_security_struct *isec = SOCK_INODE(sock)->i_security;
3740 struct sk_security_struct *sksec; 3740 struct sk_security_struct *sksec;
3741 int err = 0; 3741 int err = 0;
3742 3742
3743 isec->sclass = socket_type_to_security_class(family, type, protocol); 3743 isec->sclass = socket_type_to_security_class(family, type, protocol);
3744 3744
3745 if (kern) 3745 if (kern)
3746 isec->sid = SECINITSID_KERNEL; 3746 isec->sid = SECINITSID_KERNEL;
3747 else { 3747 else {
3748 err = socket_sockcreate_sid(tsec, isec->sclass, &(isec->sid)); 3748 err = socket_sockcreate_sid(tsec, isec->sclass, &(isec->sid));
3749 if (err) 3749 if (err)
3750 return err; 3750 return err;
3751 } 3751 }
3752 3752
3753 isec->initialized = 1; 3753 isec->initialized = 1;
3754 3754
3755 if (sock->sk) { 3755 if (sock->sk) {
3756 sksec = sock->sk->sk_security; 3756 sksec = sock->sk->sk_security;
3757 sksec->sid = isec->sid; 3757 sksec->sid = isec->sid;
3758 sksec->sclass = isec->sclass; 3758 sksec->sclass = isec->sclass;
3759 err = selinux_netlbl_socket_post_create(sock->sk, family); 3759 err = selinux_netlbl_socket_post_create(sock->sk, family);
3760 } 3760 }
3761 3761
3762 return err; 3762 return err;
3763 } 3763 }
3764 3764
3765 /* Range of port numbers used to automatically bind. 3765 /* Range of port numbers used to automatically bind.
3766 Need to determine whether we should perform a name_bind 3766 Need to determine whether we should perform a name_bind
3767 permission check between the socket and the port number. */ 3767 permission check between the socket and the port number. */
3768 3768
3769 static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen) 3769 static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
3770 { 3770 {
3771 struct sock *sk = sock->sk; 3771 struct sock *sk = sock->sk;
3772 u16 family; 3772 u16 family;
3773 int err; 3773 int err;
3774 3774
3775 err = sock_has_perm(current, sk, SOCKET__BIND); 3775 err = sock_has_perm(current, sk, SOCKET__BIND);
3776 if (err) 3776 if (err)
3777 goto out; 3777 goto out;
3778 3778
3779 /* 3779 /*
3780 * If PF_INET or PF_INET6, check name_bind permission for the port. 3780 * If PF_INET or PF_INET6, check name_bind permission for the port.
3781 * Multiple address binding for SCTP is not supported yet: we just 3781 * Multiple address binding for SCTP is not supported yet: we just
3782 * check the first address now. 3782 * check the first address now.
3783 */ 3783 */
3784 family = sk->sk_family; 3784 family = sk->sk_family;
3785 if (family == PF_INET || family == PF_INET6) { 3785 if (family == PF_INET || family == PF_INET6) {
3786 char *addrp; 3786 char *addrp;
3787 struct sk_security_struct *sksec = sk->sk_security; 3787 struct sk_security_struct *sksec = sk->sk_security;
3788 struct common_audit_data ad; 3788 struct common_audit_data ad;
3789 struct sockaddr_in *addr4 = NULL; 3789 struct sockaddr_in *addr4 = NULL;
3790 struct sockaddr_in6 *addr6 = NULL; 3790 struct sockaddr_in6 *addr6 = NULL;
3791 unsigned short snum; 3791 unsigned short snum;
3792 u32 sid, node_perm; 3792 u32 sid, node_perm;
3793 3793
3794 if (family == PF_INET) { 3794 if (family == PF_INET) {
3795 addr4 = (struct sockaddr_in *)address; 3795 addr4 = (struct sockaddr_in *)address;
3796 snum = ntohs(addr4->sin_port); 3796 snum = ntohs(addr4->sin_port);
3797 addrp = (char *)&addr4->sin_addr.s_addr; 3797 addrp = (char *)&addr4->sin_addr.s_addr;
3798 } else { 3798 } else {
3799 addr6 = (struct sockaddr_in6 *)address; 3799 addr6 = (struct sockaddr_in6 *)address;
3800 snum = ntohs(addr6->sin6_port); 3800 snum = ntohs(addr6->sin6_port);
3801 addrp = (char *)&addr6->sin6_addr.s6_addr; 3801 addrp = (char *)&addr6->sin6_addr.s6_addr;
3802 } 3802 }
3803 3803
3804 if (snum) { 3804 if (snum) {
3805 int low, high; 3805 int low, high;
3806 3806
3807 inet_get_local_port_range(&low, &high); 3807 inet_get_local_port_range(&low, &high);
3808 3808
3809 if (snum < max(PROT_SOCK, low) || snum > high) { 3809 if (snum < max(PROT_SOCK, low) || snum > high) {
3810 err = sel_netport_sid(sk->sk_protocol, 3810 err = sel_netport_sid(sk->sk_protocol,
3811 snum, &sid); 3811 snum, &sid);
3812 if (err) 3812 if (err)
3813 goto out; 3813 goto out;
3814 COMMON_AUDIT_DATA_INIT(&ad, NET); 3814 COMMON_AUDIT_DATA_INIT(&ad, NET);
3815 ad.u.net.sport = htons(snum); 3815 ad.u.net.sport = htons(snum);
3816 ad.u.net.family = family; 3816 ad.u.net.family = family;
3817 err = avc_has_perm(sksec->sid, sid, 3817 err = avc_has_perm(sksec->sid, sid,
3818 sksec->sclass, 3818 sksec->sclass,
3819 SOCKET__NAME_BIND, &ad); 3819 SOCKET__NAME_BIND, &ad);
3820 if (err) 3820 if (err)
3821 goto out; 3821 goto out;
3822 } 3822 }
3823 } 3823 }
3824 3824
3825 switch (sksec->sclass) { 3825 switch (sksec->sclass) {
3826 case SECCLASS_TCP_SOCKET: 3826 case SECCLASS_TCP_SOCKET:
3827 node_perm = TCP_SOCKET__NODE_BIND; 3827 node_perm = TCP_SOCKET__NODE_BIND;
3828 break; 3828 break;
3829 3829
3830 case SECCLASS_UDP_SOCKET: 3830 case SECCLASS_UDP_SOCKET:
3831 node_perm = UDP_SOCKET__NODE_BIND; 3831 node_perm = UDP_SOCKET__NODE_BIND;
3832 break; 3832 break;
3833 3833
3834 case SECCLASS_DCCP_SOCKET: 3834 case SECCLASS_DCCP_SOCKET:
3835 node_perm = DCCP_SOCKET__NODE_BIND; 3835 node_perm = DCCP_SOCKET__NODE_BIND;
3836 break; 3836 break;
3837 3837
3838 default: 3838 default:
3839 node_perm = RAWIP_SOCKET__NODE_BIND; 3839 node_perm = RAWIP_SOCKET__NODE_BIND;
3840 break; 3840 break;
3841 } 3841 }
3842 3842
3843 err = sel_netnode_sid(addrp, family, &sid); 3843 err = sel_netnode_sid(addrp, family, &sid);
3844 if (err) 3844 if (err)
3845 goto out; 3845 goto out;
3846 3846
3847 COMMON_AUDIT_DATA_INIT(&ad, NET); 3847 COMMON_AUDIT_DATA_INIT(&ad, NET);
3848 ad.u.net.sport = htons(snum); 3848 ad.u.net.sport = htons(snum);
3849 ad.u.net.family = family; 3849 ad.u.net.family = family;
3850 3850
3851 if (family == PF_INET) 3851 if (family == PF_INET)
3852 ad.u.net.v4info.saddr = addr4->sin_addr.s_addr; 3852 ad.u.net.v4info.saddr = addr4->sin_addr.s_addr;
3853 else 3853 else
3854 ipv6_addr_copy(&ad.u.net.v6info.saddr, &addr6->sin6_addr); 3854 ipv6_addr_copy(&ad.u.net.v6info.saddr, &addr6->sin6_addr);
3855 3855
3856 err = avc_has_perm(sksec->sid, sid, 3856 err = avc_has_perm(sksec->sid, sid,
3857 sksec->sclass, node_perm, &ad); 3857 sksec->sclass, node_perm, &ad);
3858 if (err) 3858 if (err)
3859 goto out; 3859 goto out;
3860 } 3860 }
3861 out: 3861 out:
3862 return err; 3862 return err;
3863 } 3863 }
3864 3864
3865 static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen) 3865 static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
3866 { 3866 {
3867 struct sock *sk = sock->sk; 3867 struct sock *sk = sock->sk;
3868 struct sk_security_struct *sksec = sk->sk_security; 3868 struct sk_security_struct *sksec = sk->sk_security;
3869 int err; 3869 int err;
3870 3870
3871 err = sock_has_perm(current, sk, SOCKET__CONNECT); 3871 err = sock_has_perm(current, sk, SOCKET__CONNECT);
3872 if (err) 3872 if (err)
3873 return err; 3873 return err;
3874 3874
3875 /* 3875 /*
3876 * If a TCP or DCCP socket, check name_connect permission for the port. 3876 * If a TCP or DCCP socket, check name_connect permission for the port.
3877 */ 3877 */
3878 if (sksec->sclass == SECCLASS_TCP_SOCKET || 3878 if (sksec->sclass == SECCLASS_TCP_SOCKET ||
3879 sksec->sclass == SECCLASS_DCCP_SOCKET) { 3879 sksec->sclass == SECCLASS_DCCP_SOCKET) {
3880 struct common_audit_data ad; 3880 struct common_audit_data ad;
3881 struct sockaddr_in *addr4 = NULL; 3881 struct sockaddr_in *addr4 = NULL;
3882 struct sockaddr_in6 *addr6 = NULL; 3882 struct sockaddr_in6 *addr6 = NULL;
3883 unsigned short snum; 3883 unsigned short snum;
3884 u32 sid, perm; 3884 u32 sid, perm;
3885 3885
3886 if (sk->sk_family == PF_INET) { 3886 if (sk->sk_family == PF_INET) {
3887 addr4 = (struct sockaddr_in *)address; 3887 addr4 = (struct sockaddr_in *)address;
3888 if (addrlen < sizeof(struct sockaddr_in)) 3888 if (addrlen < sizeof(struct sockaddr_in))
3889 return -EINVAL; 3889 return -EINVAL;
3890 snum = ntohs(addr4->sin_port); 3890 snum = ntohs(addr4->sin_port);
3891 } else { 3891 } else {
3892 addr6 = (struct sockaddr_in6 *)address; 3892 addr6 = (struct sockaddr_in6 *)address;
3893 if (addrlen < SIN6_LEN_RFC2133) 3893 if (addrlen < SIN6_LEN_RFC2133)
3894 return -EINVAL; 3894 return -EINVAL;
3895 snum = ntohs(addr6->sin6_port); 3895 snum = ntohs(addr6->sin6_port);
3896 } 3896 }
3897 3897
3898 err = sel_netport_sid(sk->sk_protocol, snum, &sid); 3898 err = sel_netport_sid(sk->sk_protocol, snum, &sid);
3899 if (err) 3899 if (err)
3900 goto out; 3900 goto out;
3901 3901
3902 perm = (sksec->sclass == SECCLASS_TCP_SOCKET) ? 3902 perm = (sksec->sclass == SECCLASS_TCP_SOCKET) ?
3903 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT; 3903 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
3904 3904
3905 COMMON_AUDIT_DATA_INIT(&ad, NET); 3905 COMMON_AUDIT_DATA_INIT(&ad, NET);
3906 ad.u.net.dport = htons(snum); 3906 ad.u.net.dport = htons(snum);
3907 ad.u.net.family = sk->sk_family; 3907 ad.u.net.family = sk->sk_family;
3908 err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad); 3908 err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad);
3909 if (err) 3909 if (err)
3910 goto out; 3910 goto out;
3911 } 3911 }
3912 3912
3913 err = selinux_netlbl_socket_connect(sk, address); 3913 err = selinux_netlbl_socket_connect(sk, address);
3914 3914
3915 out: 3915 out:
3916 return err; 3916 return err;
3917 } 3917 }
3918 3918
3919 static int selinux_socket_listen(struct socket *sock, int backlog) 3919 static int selinux_socket_listen(struct socket *sock, int backlog)
3920 { 3920 {
3921 return sock_has_perm(current, sock->sk, SOCKET__LISTEN); 3921 return sock_has_perm(current, sock->sk, SOCKET__LISTEN);
3922 } 3922 }
3923 3923
3924 static int selinux_socket_accept(struct socket *sock, struct socket *newsock) 3924 static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
3925 { 3925 {
3926 int err; 3926 int err;
3927 struct inode_security_struct *isec; 3927 struct inode_security_struct *isec;
3928 struct inode_security_struct *newisec; 3928 struct inode_security_struct *newisec;
3929 3929
3930 err = sock_has_perm(current, sock->sk, SOCKET__ACCEPT); 3930 err = sock_has_perm(current, sock->sk, SOCKET__ACCEPT);
3931 if (err) 3931 if (err)
3932 return err; 3932 return err;
3933 3933
3934 newisec = SOCK_INODE(newsock)->i_security; 3934 newisec = SOCK_INODE(newsock)->i_security;
3935 3935
3936 isec = SOCK_INODE(sock)->i_security; 3936 isec = SOCK_INODE(sock)->i_security;
3937 newisec->sclass = isec->sclass; 3937 newisec->sclass = isec->sclass;
3938 newisec->sid = isec->sid; 3938 newisec->sid = isec->sid;
3939 newisec->initialized = 1; 3939 newisec->initialized = 1;
3940 3940
3941 return 0; 3941 return 0;
3942 } 3942 }
3943 3943
3944 static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg, 3944 static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3945 int size) 3945 int size)
3946 { 3946 {
3947 return sock_has_perm(current, sock->sk, SOCKET__WRITE); 3947 return sock_has_perm(current, sock->sk, SOCKET__WRITE);
3948 } 3948 }
3949 3949
3950 static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg, 3950 static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
3951 int size, int flags) 3951 int size, int flags)
3952 { 3952 {
3953 return sock_has_perm(current, sock->sk, SOCKET__READ); 3953 return sock_has_perm(current, sock->sk, SOCKET__READ);
3954 } 3954 }
3955 3955
3956 static int selinux_socket_getsockname(struct socket *sock) 3956 static int selinux_socket_getsockname(struct socket *sock)
3957 { 3957 {
3958 return sock_has_perm(current, sock->sk, SOCKET__GETATTR); 3958 return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
3959 } 3959 }
3960 3960
3961 static int selinux_socket_getpeername(struct socket *sock) 3961 static int selinux_socket_getpeername(struct socket *sock)
3962 { 3962 {
3963 return sock_has_perm(current, sock->sk, SOCKET__GETATTR); 3963 return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
3964 } 3964 }
3965 3965
3966 static int selinux_socket_setsockopt(struct socket *sock, int level, int optname) 3966 static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
3967 { 3967 {
3968 int err; 3968 int err;
3969 3969
3970 err = sock_has_perm(current, sock->sk, SOCKET__SETOPT); 3970 err = sock_has_perm(current, sock->sk, SOCKET__SETOPT);
3971 if (err) 3971 if (err)
3972 return err; 3972 return err;
3973 3973
3974 return selinux_netlbl_socket_setsockopt(sock, level, optname); 3974 return selinux_netlbl_socket_setsockopt(sock, level, optname);
3975 } 3975 }
3976 3976
3977 static int selinux_socket_getsockopt(struct socket *sock, int level, 3977 static int selinux_socket_getsockopt(struct socket *sock, int level,
3978 int optname) 3978 int optname)
3979 { 3979 {
3980 return sock_has_perm(current, sock->sk, SOCKET__GETOPT); 3980 return sock_has_perm(current, sock->sk, SOCKET__GETOPT);
3981 } 3981 }
3982 3982
3983 static int selinux_socket_shutdown(struct socket *sock, int how) 3983 static int selinux_socket_shutdown(struct socket *sock, int how)
3984 { 3984 {
3985 return sock_has_perm(current, sock->sk, SOCKET__SHUTDOWN); 3985 return sock_has_perm(current, sock->sk, SOCKET__SHUTDOWN);
3986 } 3986 }
3987 3987
3988 static int selinux_socket_unix_stream_connect(struct sock *sock, 3988 static int selinux_socket_unix_stream_connect(struct sock *sock,
3989 struct sock *other, 3989 struct sock *other,
3990 struct sock *newsk) 3990 struct sock *newsk)
3991 { 3991 {
3992 struct sk_security_struct *sksec_sock = sock->sk_security; 3992 struct sk_security_struct *sksec_sock = sock->sk_security;
3993 struct sk_security_struct *sksec_other = other->sk_security; 3993 struct sk_security_struct *sksec_other = other->sk_security;
3994 struct sk_security_struct *sksec_new = newsk->sk_security; 3994 struct sk_security_struct *sksec_new = newsk->sk_security;
3995 struct common_audit_data ad; 3995 struct common_audit_data ad;
3996 int err; 3996 int err;
3997 3997
3998 COMMON_AUDIT_DATA_INIT(&ad, NET); 3998 COMMON_AUDIT_DATA_INIT(&ad, NET);
3999 ad.u.net.sk = other; 3999 ad.u.net.sk = other;
4000 4000
4001 err = avc_has_perm(sksec_sock->sid, sksec_other->sid, 4001 err = avc_has_perm(sksec_sock->sid, sksec_other->sid,
4002 sksec_other->sclass, 4002 sksec_other->sclass,
4003 UNIX_STREAM_SOCKET__CONNECTTO, &ad); 4003 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
4004 if (err) 4004 if (err)
4005 return err; 4005 return err;
4006 4006
4007 /* server child socket */ 4007 /* server child socket */
4008 sksec_new->peer_sid = sksec_sock->sid; 4008 sksec_new->peer_sid = sksec_sock->sid;
4009 err = security_sid_mls_copy(sksec_other->sid, sksec_sock->sid, 4009 err = security_sid_mls_copy(sksec_other->sid, sksec_sock->sid,
4010 &sksec_new->sid); 4010 &sksec_new->sid);
4011 if (err) 4011 if (err)
4012 return err; 4012 return err;
4013 4013
4014 /* connecting socket */ 4014 /* connecting socket */
4015 sksec_sock->peer_sid = sksec_new->sid; 4015 sksec_sock->peer_sid = sksec_new->sid;
4016 4016
4017 return 0; 4017 return 0;
4018 } 4018 }
4019 4019
4020 static int selinux_socket_unix_may_send(struct socket *sock, 4020 static int selinux_socket_unix_may_send(struct socket *sock,
4021 struct socket *other) 4021 struct socket *other)
4022 { 4022 {
4023 struct sk_security_struct *ssec = sock->sk->sk_security; 4023 struct sk_security_struct *ssec = sock->sk->sk_security;
4024 struct sk_security_struct *osec = other->sk->sk_security; 4024 struct sk_security_struct *osec = other->sk->sk_security;
4025 struct common_audit_data ad; 4025 struct common_audit_data ad;
4026 4026
4027 COMMON_AUDIT_DATA_INIT(&ad, NET); 4027 COMMON_AUDIT_DATA_INIT(&ad, NET);
4028 ad.u.net.sk = other->sk; 4028 ad.u.net.sk = other->sk;
4029 4029
4030 return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO, 4030 return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,
4031 &ad); 4031 &ad);
4032 } 4032 }
4033 4033
4034 static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family, 4034 static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family,
4035 u32 peer_sid, 4035 u32 peer_sid,
4036 struct common_audit_data *ad) 4036 struct common_audit_data *ad)
4037 { 4037 {
4038 int err; 4038 int err;
4039 u32 if_sid; 4039 u32 if_sid;
4040 u32 node_sid; 4040 u32 node_sid;
4041 4041
4042 err = sel_netif_sid(ifindex, &if_sid); 4042 err = sel_netif_sid(ifindex, &if_sid);
4043 if (err) 4043 if (err)
4044 return err; 4044 return err;
4045 err = avc_has_perm(peer_sid, if_sid, 4045 err = avc_has_perm(peer_sid, if_sid,
4046 SECCLASS_NETIF, NETIF__INGRESS, ad); 4046 SECCLASS_NETIF, NETIF__INGRESS, ad);
4047 if (err) 4047 if (err)
4048 return err; 4048 return err;
4049 4049
4050 err = sel_netnode_sid(addrp, family, &node_sid); 4050 err = sel_netnode_sid(addrp, family, &node_sid);
4051 if (err) 4051 if (err)
4052 return err; 4052 return err;
4053 return avc_has_perm(peer_sid, node_sid, 4053 return avc_has_perm(peer_sid, node_sid,
4054 SECCLASS_NODE, NODE__RECVFROM, ad); 4054 SECCLASS_NODE, NODE__RECVFROM, ad);
4055 } 4055 }
4056 4056
4057 static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb, 4057 static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4058 u16 family) 4058 u16 family)
4059 { 4059 {
4060 int err = 0; 4060 int err = 0;
4061 struct sk_security_struct *sksec = sk->sk_security; 4061 struct sk_security_struct *sksec = sk->sk_security;
4062 u32 sk_sid = sksec->sid; 4062 u32 sk_sid = sksec->sid;
4063 struct common_audit_data ad; 4063 struct common_audit_data ad;
4064 char *addrp; 4064 char *addrp;
4065 4065
4066 COMMON_AUDIT_DATA_INIT(&ad, NET); 4066 COMMON_AUDIT_DATA_INIT(&ad, NET);
4067 ad.u.net.netif = skb->skb_iif; 4067 ad.u.net.netif = skb->skb_iif;
4068 ad.u.net.family = family; 4068 ad.u.net.family = family;
4069 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL); 4069 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4070 if (err) 4070 if (err)
4071 return err; 4071 return err;
4072 4072
4073 if (selinux_secmark_enabled()) { 4073 if (selinux_secmark_enabled()) {
4074 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET, 4074 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4075 PACKET__RECV, &ad); 4075 PACKET__RECV, &ad);
4076 if (err) 4076 if (err)
4077 return err; 4077 return err;
4078 } 4078 }
4079 4079
4080 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad); 4080 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
4081 if (err) 4081 if (err)
4082 return err; 4082 return err;
4083 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad); 4083 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
4084 4084
4085 return err; 4085 return err;
4086 } 4086 }
4087 4087
4088 static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 4088 static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4089 { 4089 {
4090 int err; 4090 int err;
4091 struct sk_security_struct *sksec = sk->sk_security; 4091 struct sk_security_struct *sksec = sk->sk_security;
4092 u16 family = sk->sk_family; 4092 u16 family = sk->sk_family;
4093 u32 sk_sid = sksec->sid; 4093 u32 sk_sid = sksec->sid;
4094 struct common_audit_data ad; 4094 struct common_audit_data ad;
4095 char *addrp; 4095 char *addrp;
4096 u8 secmark_active; 4096 u8 secmark_active;
4097 u8 peerlbl_active; 4097 u8 peerlbl_active;
4098 4098
4099 if (family != PF_INET && family != PF_INET6) 4099 if (family != PF_INET && family != PF_INET6)
4100 return 0; 4100 return 0;
4101 4101
4102 /* Handle mapped IPv4 packets arriving via IPv6 sockets */ 4102 /* Handle mapped IPv4 packets arriving via IPv6 sockets */
4103 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) 4103 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4104 family = PF_INET; 4104 family = PF_INET;
4105 4105
4106 /* If any sort of compatibility mode is enabled then handoff processing 4106 /* If any sort of compatibility mode is enabled then handoff processing
4107 * to the selinux_sock_rcv_skb_compat() function to deal with the 4107 * to the selinux_sock_rcv_skb_compat() function to deal with the
4108 * special handling. We do this in an attempt to keep this function 4108 * special handling. We do this in an attempt to keep this function
4109 * as fast and as clean as possible. */ 4109 * as fast and as clean as possible. */
4110 if (!selinux_policycap_netpeer) 4110 if (!selinux_policycap_netpeer)
4111 return selinux_sock_rcv_skb_compat(sk, skb, family); 4111 return selinux_sock_rcv_skb_compat(sk, skb, family);
4112 4112
4113 secmark_active = selinux_secmark_enabled(); 4113 secmark_active = selinux_secmark_enabled();
4114 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled(); 4114 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
4115 if (!secmark_active && !peerlbl_active) 4115 if (!secmark_active && !peerlbl_active)
4116 return 0; 4116 return 0;
4117 4117
4118 COMMON_AUDIT_DATA_INIT(&ad, NET); 4118 COMMON_AUDIT_DATA_INIT(&ad, NET);
4119 ad.u.net.netif = skb->skb_iif; 4119 ad.u.net.netif = skb->skb_iif;
4120 ad.u.net.family = family; 4120 ad.u.net.family = family;
4121 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL); 4121 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4122 if (err) 4122 if (err)
4123 return err; 4123 return err;
4124 4124
4125 if (peerlbl_active) { 4125 if (peerlbl_active) {
4126 u32 peer_sid; 4126 u32 peer_sid;
4127 4127
4128 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid); 4128 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
4129 if (err) 4129 if (err)
4130 return err; 4130 return err;
4131 err = selinux_inet_sys_rcv_skb(skb->skb_iif, addrp, family, 4131 err = selinux_inet_sys_rcv_skb(skb->skb_iif, addrp, family,
4132 peer_sid, &ad); 4132 peer_sid, &ad);
4133 if (err) { 4133 if (err) {
4134 selinux_netlbl_err(skb, err, 0); 4134 selinux_netlbl_err(skb, err, 0);
4135 return err; 4135 return err;
4136 } 4136 }
4137 err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER, 4137 err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
4138 PEER__RECV, &ad); 4138 PEER__RECV, &ad);
4139 if (err) 4139 if (err)
4140 selinux_netlbl_err(skb, err, 0); 4140 selinux_netlbl_err(skb, err, 0);
4141 } 4141 }
4142 4142
4143 if (secmark_active) { 4143 if (secmark_active) {
4144 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET, 4144 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4145 PACKET__RECV, &ad); 4145 PACKET__RECV, &ad);
4146 if (err) 4146 if (err)
4147 return err; 4147 return err;
4148 } 4148 }
4149 4149
4150 return err; 4150 return err;
4151 } 4151 }
4152 4152
4153 static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval, 4153 static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
4154 int __user *optlen, unsigned len) 4154 int __user *optlen, unsigned len)
4155 { 4155 {
4156 int err = 0; 4156 int err = 0;
4157 char *scontext; 4157 char *scontext;
4158 u32 scontext_len; 4158 u32 scontext_len;
4159 struct sk_security_struct *sksec = sock->sk->sk_security; 4159 struct sk_security_struct *sksec = sock->sk->sk_security;
4160 u32 peer_sid = SECSID_NULL; 4160 u32 peer_sid = SECSID_NULL;
4161 4161
4162 if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET || 4162 if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
4163 sksec->sclass == SECCLASS_TCP_SOCKET) 4163 sksec->sclass == SECCLASS_TCP_SOCKET)
4164 peer_sid = sksec->peer_sid; 4164 peer_sid = sksec->peer_sid;
4165 if (peer_sid == SECSID_NULL) 4165 if (peer_sid == SECSID_NULL)
4166 return -ENOPROTOOPT; 4166 return -ENOPROTOOPT;
4167 4167
4168 err = security_sid_to_context(peer_sid, &scontext, &scontext_len); 4168 err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
4169 if (err) 4169 if (err)
4170 return err; 4170 return err;
4171 4171
4172 if (scontext_len > len) { 4172 if (scontext_len > len) {
4173 err = -ERANGE; 4173 err = -ERANGE;
4174 goto out_len; 4174 goto out_len;
4175 } 4175 }
4176 4176
4177 if (copy_to_user(optval, scontext, scontext_len)) 4177 if (copy_to_user(optval, scontext, scontext_len))
4178 err = -EFAULT; 4178 err = -EFAULT;
4179 4179
4180 out_len: 4180 out_len:
4181 if (put_user(scontext_len, optlen)) 4181 if (put_user(scontext_len, optlen))
4182 err = -EFAULT; 4182 err = -EFAULT;
4183 kfree(scontext); 4183 kfree(scontext);
4184 return err; 4184 return err;
4185 } 4185 }
4186 4186
4187 static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) 4187 static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
4188 { 4188 {
4189 u32 peer_secid = SECSID_NULL; 4189 u32 peer_secid = SECSID_NULL;
4190 u16 family; 4190 u16 family;
4191 4191
4192 if (skb && skb->protocol == htons(ETH_P_IP)) 4192 if (skb && skb->protocol == htons(ETH_P_IP))
4193 family = PF_INET; 4193 family = PF_INET;
4194 else if (skb && skb->protocol == htons(ETH_P_IPV6)) 4194 else if (skb && skb->protocol == htons(ETH_P_IPV6))
4195 family = PF_INET6; 4195 family = PF_INET6;
4196 else if (sock) 4196 else if (sock)
4197 family = sock->sk->sk_family; 4197 family = sock->sk->sk_family;
4198 else 4198 else
4199 goto out; 4199 goto out;
4200 4200
4201 if (sock && family == PF_UNIX) 4201 if (sock && family == PF_UNIX)
4202 selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid); 4202 selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
4203 else if (skb) 4203 else if (skb)
4204 selinux_skb_peerlbl_sid(skb, family, &peer_secid); 4204 selinux_skb_peerlbl_sid(skb, family, &peer_secid);
4205 4205
4206 out: 4206 out:
4207 *secid = peer_secid; 4207 *secid = peer_secid;
4208 if (peer_secid == SECSID_NULL) 4208 if (peer_secid == SECSID_NULL)
4209 return -EINVAL; 4209 return -EINVAL;
4210 return 0; 4210 return 0;
4211 } 4211 }
4212 4212
4213 static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority) 4213 static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
4214 { 4214 {
4215 struct sk_security_struct *sksec; 4215 struct sk_security_struct *sksec;
4216 4216
4217 sksec = kzalloc(sizeof(*sksec), priority); 4217 sksec = kzalloc(sizeof(*sksec), priority);
4218 if (!sksec) 4218 if (!sksec)
4219 return -ENOMEM; 4219 return -ENOMEM;
4220 4220
4221 sksec->peer_sid = SECINITSID_UNLABELED; 4221 sksec->peer_sid = SECINITSID_UNLABELED;
4222 sksec->sid = SECINITSID_UNLABELED; 4222 sksec->sid = SECINITSID_UNLABELED;
4223 selinux_netlbl_sk_security_reset(sksec); 4223 selinux_netlbl_sk_security_reset(sksec);
4224 sk->sk_security = sksec; 4224 sk->sk_security = sksec;
4225 4225
4226 return 0; 4226 return 0;
4227 } 4227 }
4228 4228
4229 static void selinux_sk_free_security(struct sock *sk) 4229 static void selinux_sk_free_security(struct sock *sk)
4230 { 4230 {
4231 struct sk_security_struct *sksec = sk->sk_security; 4231 struct sk_security_struct *sksec = sk->sk_security;
4232 4232
4233 sk->sk_security = NULL; 4233 sk->sk_security = NULL;
4234 selinux_netlbl_sk_security_free(sksec); 4234 selinux_netlbl_sk_security_free(sksec);
4235 kfree(sksec); 4235 kfree(sksec);
4236 } 4236 }
4237 4237
4238 static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk) 4238 static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
4239 { 4239 {
4240 struct sk_security_struct *sksec = sk->sk_security; 4240 struct sk_security_struct *sksec = sk->sk_security;
4241 struct sk_security_struct *newsksec = newsk->sk_security; 4241 struct sk_security_struct *newsksec = newsk->sk_security;
4242 4242
4243 newsksec->sid = sksec->sid; 4243 newsksec->sid = sksec->sid;
4244 newsksec->peer_sid = sksec->peer_sid; 4244 newsksec->peer_sid = sksec->peer_sid;
4245 newsksec->sclass = sksec->sclass; 4245 newsksec->sclass = sksec->sclass;
4246 4246
4247 selinux_netlbl_sk_security_reset(newsksec); 4247 selinux_netlbl_sk_security_reset(newsksec);
4248 } 4248 }
4249 4249
4250 static void selinux_sk_getsecid(struct sock *sk, u32 *secid) 4250 static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
4251 { 4251 {
4252 if (!sk) 4252 if (!sk)
4253 *secid = SECINITSID_ANY_SOCKET; 4253 *secid = SECINITSID_ANY_SOCKET;
4254 else { 4254 else {
4255 struct sk_security_struct *sksec = sk->sk_security; 4255 struct sk_security_struct *sksec = sk->sk_security;
4256 4256
4257 *secid = sksec->sid; 4257 *secid = sksec->sid;
4258 } 4258 }
4259 } 4259 }
4260 4260
4261 static void selinux_sock_graft(struct sock *sk, struct socket *parent) 4261 static void selinux_sock_graft(struct sock *sk, struct socket *parent)
4262 { 4262 {
4263 struct inode_security_struct *isec = SOCK_INODE(parent)->i_security; 4263 struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
4264 struct sk_security_struct *sksec = sk->sk_security; 4264 struct sk_security_struct *sksec = sk->sk_security;
4265 4265
4266 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 || 4266 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
4267 sk->sk_family == PF_UNIX) 4267 sk->sk_family == PF_UNIX)
4268 isec->sid = sksec->sid; 4268 isec->sid = sksec->sid;
4269 sksec->sclass = isec->sclass; 4269 sksec->sclass = isec->sclass;
4270 } 4270 }
4271 4271
4272 static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb, 4272 static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4273 struct request_sock *req) 4273 struct request_sock *req)
4274 { 4274 {
4275 struct sk_security_struct *sksec = sk->sk_security; 4275 struct sk_security_struct *sksec = sk->sk_security;
4276 int err; 4276 int err;
4277 u16 family = sk->sk_family; 4277 u16 family = sk->sk_family;
4278 u32 newsid; 4278 u32 newsid;
4279 u32 peersid; 4279 u32 peersid;
4280 4280
4281 /* handle mapped IPv4 packets arriving via IPv6 sockets */ 4281 /* handle mapped IPv4 packets arriving via IPv6 sockets */
4282 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) 4282 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4283 family = PF_INET; 4283 family = PF_INET;
4284 4284
4285 err = selinux_skb_peerlbl_sid(skb, family, &peersid); 4285 err = selinux_skb_peerlbl_sid(skb, family, &peersid);
4286 if (err) 4286 if (err)
4287 return err; 4287 return err;
4288 if (peersid == SECSID_NULL) { 4288 if (peersid == SECSID_NULL) {
4289 req->secid = sksec->sid; 4289 req->secid = sksec->sid;
4290 req->peer_secid = SECSID_NULL; 4290 req->peer_secid = SECSID_NULL;
4291 } else { 4291 } else {
4292 err = security_sid_mls_copy(sksec->sid, peersid, &newsid); 4292 err = security_sid_mls_copy(sksec->sid, peersid, &newsid);
4293 if (err) 4293 if (err)
4294 return err; 4294 return err;
4295 req->secid = newsid; 4295 req->secid = newsid;
4296 req->peer_secid = peersid; 4296 req->peer_secid = peersid;
4297 } 4297 }
4298 4298
4299 return selinux_netlbl_inet_conn_request(req, family); 4299 return selinux_netlbl_inet_conn_request(req, family);
4300 } 4300 }
4301 4301
4302 static void selinux_inet_csk_clone(struct sock *newsk, 4302 static void selinux_inet_csk_clone(struct sock *newsk,
4303 const struct request_sock *req) 4303 const struct request_sock *req)
4304 { 4304 {
4305 struct sk_security_struct *newsksec = newsk->sk_security; 4305 struct sk_security_struct *newsksec = newsk->sk_security;
4306 4306
4307 newsksec->sid = req->secid; 4307 newsksec->sid = req->secid;
4308 newsksec->peer_sid = req->peer_secid; 4308 newsksec->peer_sid = req->peer_secid;
4309 /* NOTE: Ideally, we should also get the isec->sid for the 4309 /* NOTE: Ideally, we should also get the isec->sid for the
4310 new socket in sync, but we don't have the isec available yet. 4310 new socket in sync, but we don't have the isec available yet.
4311 So we will wait until sock_graft to do it, by which 4311 So we will wait until sock_graft to do it, by which
4312 time it will have been created and available. */ 4312 time it will have been created and available. */
4313 4313
4314 /* We don't need to take any sort of lock here as we are the only 4314 /* We don't need to take any sort of lock here as we are the only
4315 * thread with access to newsksec */ 4315 * thread with access to newsksec */
4316 selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family); 4316 selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family);
4317 } 4317 }
4318 4318
4319 static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb) 4319 static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
4320 { 4320 {
4321 u16 family = sk->sk_family; 4321 u16 family = sk->sk_family;
4322 struct sk_security_struct *sksec = sk->sk_security; 4322 struct sk_security_struct *sksec = sk->sk_security;
4323 4323
4324 /* handle mapped IPv4 packets arriving via IPv6 sockets */ 4324 /* handle mapped IPv4 packets arriving via IPv6 sockets */
4325 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) 4325 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4326 family = PF_INET; 4326 family = PF_INET;
4327 4327
4328 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid); 4328 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
4329 } 4329 }
4330 4330
4331 static int selinux_secmark_relabel_packet(u32 sid) 4331 static int selinux_secmark_relabel_packet(u32 sid)
4332 { 4332 {
4333 const struct task_security_struct *__tsec; 4333 const struct task_security_struct *__tsec;
4334 u32 tsid; 4334 u32 tsid;
4335 4335
4336 __tsec = current_security(); 4336 __tsec = current_security();
4337 tsid = __tsec->sid; 4337 tsid = __tsec->sid;
4338 4338
4339 return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, NULL); 4339 return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, NULL);
4340 } 4340 }
4341 4341
4342 static void selinux_secmark_refcount_inc(void) 4342 static void selinux_secmark_refcount_inc(void)
4343 { 4343 {
4344 atomic_inc(&selinux_secmark_refcount); 4344 atomic_inc(&selinux_secmark_refcount);
4345 } 4345 }
4346 4346
4347 static void selinux_secmark_refcount_dec(void) 4347 static void selinux_secmark_refcount_dec(void)
4348 { 4348 {
4349 atomic_dec(&selinux_secmark_refcount); 4349 atomic_dec(&selinux_secmark_refcount);
4350 } 4350 }
4351 4351
4352 static void selinux_req_classify_flow(const struct request_sock *req, 4352 static void selinux_req_classify_flow(const struct request_sock *req,
4353 struct flowi *fl) 4353 struct flowi *fl)
4354 { 4354 {
4355 fl->secid = req->secid; 4355 fl->secid = req->secid;
4356 } 4356 }
4357 4357
4358 static int selinux_tun_dev_create(void) 4358 static int selinux_tun_dev_create(void)
4359 { 4359 {
4360 u32 sid = current_sid(); 4360 u32 sid = current_sid();
4361 4361
4362 /* we aren't taking into account the "sockcreate" SID since the socket 4362 /* we aren't taking into account the "sockcreate" SID since the socket
4363 * that is being created here is not a socket in the traditional sense, 4363 * that is being created here is not a socket in the traditional sense,
4364 * instead it is a private sock, accessible only to the kernel, and 4364 * instead it is a private sock, accessible only to the kernel, and
4365 * representing a wide range of network traffic spanning multiple 4365 * representing a wide range of network traffic spanning multiple
4366 * connections unlike traditional sockets - check the TUN driver to 4366 * connections unlike traditional sockets - check the TUN driver to
4367 * get a better understanding of why this socket is special */ 4367 * get a better understanding of why this socket is special */
4368 4368
4369 return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE, 4369 return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
4370 NULL); 4370 NULL);
4371 } 4371 }
4372 4372
4373 static void selinux_tun_dev_post_create(struct sock *sk) 4373 static void selinux_tun_dev_post_create(struct sock *sk)
4374 { 4374 {
4375 struct sk_security_struct *sksec = sk->sk_security; 4375 struct sk_security_struct *sksec = sk->sk_security;
4376 4376
4377 /* we don't currently perform any NetLabel based labeling here and it 4377 /* we don't currently perform any NetLabel based labeling here and it
4378 * isn't clear that we would want to do so anyway; while we could apply 4378 * isn't clear that we would want to do so anyway; while we could apply
4379 * labeling without the support of the TUN user the resulting labeled 4379 * labeling without the support of the TUN user the resulting labeled
4380 * traffic from the other end of the connection would almost certainly 4380 * traffic from the other end of the connection would almost certainly
4381 * cause confusion to the TUN user that had no idea network labeling 4381 * cause confusion to the TUN user that had no idea network labeling
4382 * protocols were being used */ 4382 * protocols were being used */
4383 4383
4384 /* see the comments in selinux_tun_dev_create() about why we don't use 4384 /* see the comments in selinux_tun_dev_create() about why we don't use
4385 * the sockcreate SID here */ 4385 * the sockcreate SID here */
4386 4386
4387 sksec->sid = current_sid(); 4387 sksec->sid = current_sid();
4388 sksec->sclass = SECCLASS_TUN_SOCKET; 4388 sksec->sclass = SECCLASS_TUN_SOCKET;
4389 } 4389 }
4390 4390
4391 static int selinux_tun_dev_attach(struct sock *sk) 4391 static int selinux_tun_dev_attach(struct sock *sk)
4392 { 4392 {
4393 struct sk_security_struct *sksec = sk->sk_security; 4393 struct sk_security_struct *sksec = sk->sk_security;
4394 u32 sid = current_sid(); 4394 u32 sid = current_sid();
4395 int err; 4395 int err;
4396 4396
4397 err = avc_has_perm(sid, sksec->sid, SECCLASS_TUN_SOCKET, 4397 err = avc_has_perm(sid, sksec->sid, SECCLASS_TUN_SOCKET,
4398 TUN_SOCKET__RELABELFROM, NULL); 4398 TUN_SOCKET__RELABELFROM, NULL);
4399 if (err) 4399 if (err)
4400 return err; 4400 return err;
4401 err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, 4401 err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET,
4402 TUN_SOCKET__RELABELTO, NULL); 4402 TUN_SOCKET__RELABELTO, NULL);
4403 if (err) 4403 if (err)
4404 return err; 4404 return err;
4405 4405
4406 sksec->sid = sid; 4406 sksec->sid = sid;
4407 4407
4408 return 0; 4408 return 0;
4409 } 4409 }
4410 4410
4411 static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) 4411 static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
4412 { 4412 {
4413 int err = 0; 4413 int err = 0;
4414 u32 perm; 4414 u32 perm;
4415 struct nlmsghdr *nlh; 4415 struct nlmsghdr *nlh;
4416 struct sk_security_struct *sksec = sk->sk_security; 4416 struct sk_security_struct *sksec = sk->sk_security;
4417 4417
4418 if (skb->len < NLMSG_SPACE(0)) { 4418 if (skb->len < NLMSG_SPACE(0)) {
4419 err = -EINVAL; 4419 err = -EINVAL;
4420 goto out; 4420 goto out;
4421 } 4421 }
4422 nlh = nlmsg_hdr(skb); 4422 nlh = nlmsg_hdr(skb);
4423 4423
4424 err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm); 4424 err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm);
4425 if (err) { 4425 if (err) {
4426 if (err == -EINVAL) { 4426 if (err == -EINVAL) {
4427 audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR, 4427 audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR,
4428 "SELinux: unrecognized netlink message" 4428 "SELinux: unrecognized netlink message"
4429 " type=%hu for sclass=%hu\n", 4429 " type=%hu for sclass=%hu\n",
4430 nlh->nlmsg_type, sksec->sclass); 4430 nlh->nlmsg_type, sksec->sclass);
4431 if (!selinux_enforcing || security_get_allow_unknown()) 4431 if (!selinux_enforcing || security_get_allow_unknown())
4432 err = 0; 4432 err = 0;
4433 } 4433 }
4434 4434
4435 /* Ignore */ 4435 /* Ignore */
4436 if (err == -ENOENT) 4436 if (err == -ENOENT)
4437 err = 0; 4437 err = 0;
4438 goto out; 4438 goto out;
4439 } 4439 }
4440 4440
4441 err = sock_has_perm(current, sk, perm); 4441 err = sock_has_perm(current, sk, perm);
4442 out: 4442 out:
4443 return err; 4443 return err;
4444 } 4444 }
4445 4445
4446 #ifdef CONFIG_NETFILTER 4446 #ifdef CONFIG_NETFILTER
4447 4447
4448 static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex, 4448 static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex,
4449 u16 family) 4449 u16 family)
4450 { 4450 {
4451 int err; 4451 int err;
4452 char *addrp; 4452 char *addrp;
4453 u32 peer_sid; 4453 u32 peer_sid;
4454 struct common_audit_data ad; 4454 struct common_audit_data ad;
4455 u8 secmark_active; 4455 u8 secmark_active;
4456 u8 netlbl_active; 4456 u8 netlbl_active;
4457 u8 peerlbl_active; 4457 u8 peerlbl_active;
4458 4458
4459 if (!selinux_policycap_netpeer) 4459 if (!selinux_policycap_netpeer)
4460 return NF_ACCEPT; 4460 return NF_ACCEPT;
4461 4461
4462 secmark_active = selinux_secmark_enabled(); 4462 secmark_active = selinux_secmark_enabled();
4463 netlbl_active = netlbl_enabled(); 4463 netlbl_active = netlbl_enabled();
4464 peerlbl_active = netlbl_active || selinux_xfrm_enabled(); 4464 peerlbl_active = netlbl_active || selinux_xfrm_enabled();
4465 if (!secmark_active && !peerlbl_active) 4465 if (!secmark_active && !peerlbl_active)
4466 return NF_ACCEPT; 4466 return NF_ACCEPT;
4467 4467
4468 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0) 4468 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
4469 return NF_DROP; 4469 return NF_DROP;
4470 4470
4471 COMMON_AUDIT_DATA_INIT(&ad, NET); 4471 COMMON_AUDIT_DATA_INIT(&ad, NET);
4472 ad.u.net.netif = ifindex; 4472 ad.u.net.netif = ifindex;
4473 ad.u.net.family = family; 4473 ad.u.net.family = family;
4474 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0) 4474 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
4475 return NF_DROP; 4475 return NF_DROP;
4476 4476
4477 if (peerlbl_active) { 4477 if (peerlbl_active) {
4478 err = selinux_inet_sys_rcv_skb(ifindex, addrp, family, 4478 err = selinux_inet_sys_rcv_skb(ifindex, addrp, family,
4479 peer_sid, &ad); 4479 peer_sid, &ad);
4480 if (err) { 4480 if (err) {
4481 selinux_netlbl_err(skb, err, 1); 4481 selinux_netlbl_err(skb, err, 1);
4482 return NF_DROP; 4482 return NF_DROP;
4483 } 4483 }
4484 } 4484 }
4485 4485
4486 if (secmark_active) 4486 if (secmark_active)
4487 if (avc_has_perm(peer_sid, skb->secmark, 4487 if (avc_has_perm(peer_sid, skb->secmark,
4488 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad)) 4488 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
4489 return NF_DROP; 4489 return NF_DROP;
4490 4490
4491 if (netlbl_active) 4491 if (netlbl_active)
4492 /* we do this in the FORWARD path and not the POST_ROUTING 4492 /* we do this in the FORWARD path and not the POST_ROUTING
4493 * path because we want to make sure we apply the necessary 4493 * path because we want to make sure we apply the necessary
4494 * labeling before IPsec is applied so we can leverage AH 4494 * labeling before IPsec is applied so we can leverage AH
4495 * protection */ 4495 * protection */
4496 if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0) 4496 if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)
4497 return NF_DROP; 4497 return NF_DROP;
4498 4498
4499 return NF_ACCEPT; 4499 return NF_ACCEPT;
4500 } 4500 }
4501 4501
4502 static unsigned int selinux_ipv4_forward(unsigned int hooknum, 4502 static unsigned int selinux_ipv4_forward(unsigned int hooknum,
4503 struct sk_buff *skb, 4503 struct sk_buff *skb,
4504 const struct net_device *in, 4504 const struct net_device *in,
4505 const struct net_device *out, 4505 const struct net_device *out,
4506 int (*okfn)(struct sk_buff *)) 4506 int (*okfn)(struct sk_buff *))
4507 { 4507 {
4508 return selinux_ip_forward(skb, in->ifindex, PF_INET); 4508 return selinux_ip_forward(skb, in->ifindex, PF_INET);
4509 } 4509 }
4510 4510
4511 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 4511 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4512 static unsigned int selinux_ipv6_forward(unsigned int hooknum, 4512 static unsigned int selinux_ipv6_forward(unsigned int hooknum,
4513 struct sk_buff *skb, 4513 struct sk_buff *skb,
4514 const struct net_device *in, 4514 const struct net_device *in,
4515 const struct net_device *out, 4515 const struct net_device *out,
4516 int (*okfn)(struct sk_buff *)) 4516 int (*okfn)(struct sk_buff *))
4517 { 4517 {
4518 return selinux_ip_forward(skb, in->ifindex, PF_INET6); 4518 return selinux_ip_forward(skb, in->ifindex, PF_INET6);
4519 } 4519 }
4520 #endif /* IPV6 */ 4520 #endif /* IPV6 */
4521 4521
4522 static unsigned int selinux_ip_output(struct sk_buff *skb, 4522 static unsigned int selinux_ip_output(struct sk_buff *skb,
4523 u16 family) 4523 u16 family)
4524 { 4524 {
4525 u32 sid; 4525 u32 sid;
4526 4526
4527 if (!netlbl_enabled()) 4527 if (!netlbl_enabled())
4528 return NF_ACCEPT; 4528 return NF_ACCEPT;
4529 4529
4530 /* we do this in the LOCAL_OUT path and not the POST_ROUTING path 4530 /* we do this in the LOCAL_OUT path and not the POST_ROUTING path
4531 * because we want to make sure we apply the necessary labeling 4531 * because we want to make sure we apply the necessary labeling
4532 * before IPsec is applied so we can leverage AH protection */ 4532 * before IPsec is applied so we can leverage AH protection */
4533 if (skb->sk) { 4533 if (skb->sk) {
4534 struct sk_security_struct *sksec = skb->sk->sk_security; 4534 struct sk_security_struct *sksec = skb->sk->sk_security;
4535 sid = sksec->sid; 4535 sid = sksec->sid;
4536 } else 4536 } else
4537 sid = SECINITSID_KERNEL; 4537 sid = SECINITSID_KERNEL;
4538 if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0) 4538 if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0)
4539 return NF_DROP; 4539 return NF_DROP;
4540 4540
4541 return NF_ACCEPT; 4541 return NF_ACCEPT;
4542 } 4542 }
4543 4543
4544 static unsigned int selinux_ipv4_output(unsigned int hooknum, 4544 static unsigned int selinux_ipv4_output(unsigned int hooknum,
4545 struct sk_buff *skb, 4545 struct sk_buff *skb,
4546 const struct net_device *in, 4546 const struct net_device *in,
4547 const struct net_device *out, 4547 const struct net_device *out,
4548 int (*okfn)(struct sk_buff *)) 4548 int (*okfn)(struct sk_buff *))
4549 { 4549 {
4550 return selinux_ip_output(skb, PF_INET); 4550 return selinux_ip_output(skb, PF_INET);
4551 } 4551 }
4552 4552
4553 static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb, 4553 static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
4554 int ifindex, 4554 int ifindex,
4555 u16 family) 4555 u16 family)
4556 { 4556 {
4557 struct sock *sk = skb->sk; 4557 struct sock *sk = skb->sk;
4558 struct sk_security_struct *sksec; 4558 struct sk_security_struct *sksec;
4559 struct common_audit_data ad; 4559 struct common_audit_data ad;
4560 char *addrp; 4560 char *addrp;
4561 u8 proto; 4561 u8 proto;
4562 4562
4563 if (sk == NULL) 4563 if (sk == NULL)
4564 return NF_ACCEPT; 4564 return NF_ACCEPT;
4565 sksec = sk->sk_security; 4565 sksec = sk->sk_security;
4566 4566
4567 COMMON_AUDIT_DATA_INIT(&ad, NET); 4567 COMMON_AUDIT_DATA_INIT(&ad, NET);
4568 ad.u.net.netif = ifindex; 4568 ad.u.net.netif = ifindex;
4569 ad.u.net.family = family; 4569 ad.u.net.family = family;
4570 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto)) 4570 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
4571 return NF_DROP; 4571 return NF_DROP;
4572 4572
4573 if (selinux_secmark_enabled()) 4573 if (selinux_secmark_enabled())
4574 if (avc_has_perm(sksec->sid, skb->secmark, 4574 if (avc_has_perm(sksec->sid, skb->secmark,
4575 SECCLASS_PACKET, PACKET__SEND, &ad)) 4575 SECCLASS_PACKET, PACKET__SEND, &ad))
4576 return NF_DROP_ERR(-ECONNREFUSED); 4576 return NF_DROP_ERR(-ECONNREFUSED);
4577 4577
4578 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto)) 4578 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
4579 return NF_DROP_ERR(-ECONNREFUSED); 4579 return NF_DROP_ERR(-ECONNREFUSED);
4580 4580
4581 return NF_ACCEPT; 4581 return NF_ACCEPT;
4582 } 4582 }
4583 4583
4584 static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex, 4584 static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4585 u16 family) 4585 u16 family)
4586 { 4586 {
4587 u32 secmark_perm; 4587 u32 secmark_perm;
4588 u32 peer_sid; 4588 u32 peer_sid;
4589 struct sock *sk; 4589 struct sock *sk;
4590 struct common_audit_data ad; 4590 struct common_audit_data ad;
4591 char *addrp; 4591 char *addrp;
4592 u8 secmark_active; 4592 u8 secmark_active;
4593 u8 peerlbl_active; 4593 u8 peerlbl_active;
4594 4594
4595 /* If any sort of compatibility mode is enabled then handoff processing 4595 /* If any sort of compatibility mode is enabled then handoff processing
4596 * to the selinux_ip_postroute_compat() function to deal with the 4596 * to the selinux_ip_postroute_compat() function to deal with the
4597 * special handling. We do this in an attempt to keep this function 4597 * special handling. We do this in an attempt to keep this function
4598 * as fast and as clean as possible. */ 4598 * as fast and as clean as possible. */
4599 if (!selinux_policycap_netpeer) 4599 if (!selinux_policycap_netpeer)
4600 return selinux_ip_postroute_compat(skb, ifindex, family); 4600 return selinux_ip_postroute_compat(skb, ifindex, family);
4601 #ifdef CONFIG_XFRM 4601 #ifdef CONFIG_XFRM
4602 /* If skb->dst->xfrm is non-NULL then the packet is undergoing an IPsec 4602 /* If skb->dst->xfrm is non-NULL then the packet is undergoing an IPsec
4603 * packet transformation so allow the packet to pass without any checks 4603 * packet transformation so allow the packet to pass without any checks
4604 * since we'll have another chance to perform access control checks 4604 * since we'll have another chance to perform access control checks
4605 * when the packet is on it's final way out. 4605 * when the packet is on it's final way out.
4606 * NOTE: there appear to be some IPv6 multicast cases where skb->dst 4606 * NOTE: there appear to be some IPv6 multicast cases where skb->dst
4607 * is NULL, in this case go ahead and apply access control. */ 4607 * is NULL, in this case go ahead and apply access control. */
4608 if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL) 4608 if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL)
4609 return NF_ACCEPT; 4609 return NF_ACCEPT;
4610 #endif 4610 #endif
4611 secmark_active = selinux_secmark_enabled(); 4611 secmark_active = selinux_secmark_enabled();
4612 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled(); 4612 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
4613 if (!secmark_active && !peerlbl_active) 4613 if (!secmark_active && !peerlbl_active)
4614 return NF_ACCEPT; 4614 return NF_ACCEPT;
4615 4615
4616 /* if the packet is being forwarded then get the peer label from the 4616 /* if the packet is being forwarded then get the peer label from the
4617 * packet itself; otherwise check to see if it is from a local 4617 * packet itself; otherwise check to see if it is from a local
4618 * application or the kernel, if from an application get the peer label 4618 * application or the kernel, if from an application get the peer label
4619 * from the sending socket, otherwise use the kernel's sid */ 4619 * from the sending socket, otherwise use the kernel's sid */
4620 sk = skb->sk; 4620 sk = skb->sk;
4621 if (sk == NULL) { 4621 if (sk == NULL) {
4622 if (skb->skb_iif) { 4622 if (skb->skb_iif) {
4623 secmark_perm = PACKET__FORWARD_OUT; 4623 secmark_perm = PACKET__FORWARD_OUT;
4624 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid)) 4624 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
4625 return NF_DROP; 4625 return NF_DROP;
4626 } else { 4626 } else {
4627 secmark_perm = PACKET__SEND; 4627 secmark_perm = PACKET__SEND;
4628 peer_sid = SECINITSID_KERNEL; 4628 peer_sid = SECINITSID_KERNEL;
4629 } 4629 }
4630 } else { 4630 } else {
4631 struct sk_security_struct *sksec = sk->sk_security; 4631 struct sk_security_struct *sksec = sk->sk_security;
4632 peer_sid = sksec->sid; 4632 peer_sid = sksec->sid;
4633 secmark_perm = PACKET__SEND; 4633 secmark_perm = PACKET__SEND;
4634 } 4634 }
4635 4635
4636 COMMON_AUDIT_DATA_INIT(&ad, NET); 4636 COMMON_AUDIT_DATA_INIT(&ad, NET);
4637 ad.u.net.netif = ifindex; 4637 ad.u.net.netif = ifindex;
4638 ad.u.net.family = family; 4638 ad.u.net.family = family;
4639 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL)) 4639 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
4640 return NF_DROP; 4640 return NF_DROP;
4641 4641
4642 if (secmark_active) 4642 if (secmark_active)
4643 if (avc_has_perm(peer_sid, skb->secmark, 4643 if (avc_has_perm(peer_sid, skb->secmark,
4644 SECCLASS_PACKET, secmark_perm, &ad)) 4644 SECCLASS_PACKET, secmark_perm, &ad))
4645 return NF_DROP_ERR(-ECONNREFUSED); 4645 return NF_DROP_ERR(-ECONNREFUSED);
4646 4646
4647 if (peerlbl_active) { 4647 if (peerlbl_active) {
4648 u32 if_sid; 4648 u32 if_sid;
4649 u32 node_sid; 4649 u32 node_sid;
4650 4650
4651 if (sel_netif_sid(ifindex, &if_sid)) 4651 if (sel_netif_sid(ifindex, &if_sid))
4652 return NF_DROP; 4652 return NF_DROP;
4653 if (avc_has_perm(peer_sid, if_sid, 4653 if (avc_has_perm(peer_sid, if_sid,
4654 SECCLASS_NETIF, NETIF__EGRESS, &ad)) 4654 SECCLASS_NETIF, NETIF__EGRESS, &ad))
4655 return NF_DROP_ERR(-ECONNREFUSED); 4655 return NF_DROP_ERR(-ECONNREFUSED);
4656 4656
4657 if (sel_netnode_sid(addrp, family, &node_sid)) 4657 if (sel_netnode_sid(addrp, family, &node_sid))
4658 return NF_DROP; 4658 return NF_DROP;
4659 if (avc_has_perm(peer_sid, node_sid, 4659 if (avc_has_perm(peer_sid, node_sid,
4660 SECCLASS_NODE, NODE__SENDTO, &ad)) 4660 SECCLASS_NODE, NODE__SENDTO, &ad))
4661 return NF_DROP_ERR(-ECONNREFUSED); 4661 return NF_DROP_ERR(-ECONNREFUSED);
4662 } 4662 }
4663 4663
4664 return NF_ACCEPT; 4664 return NF_ACCEPT;
4665 } 4665 }
4666 4666
4667 static unsigned int selinux_ipv4_postroute(unsigned int hooknum, 4667 static unsigned int selinux_ipv4_postroute(unsigned int hooknum,
4668 struct sk_buff *skb, 4668 struct sk_buff *skb,
4669 const struct net_device *in, 4669 const struct net_device *in,
4670 const struct net_device *out, 4670 const struct net_device *out,
4671 int (*okfn)(struct sk_buff *)) 4671 int (*okfn)(struct sk_buff *))
4672 { 4672 {
4673 return selinux_ip_postroute(skb, out->ifindex, PF_INET); 4673 return selinux_ip_postroute(skb, out->ifindex, PF_INET);
4674 } 4674 }
4675 4675
4676 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 4676 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4677 static unsigned int selinux_ipv6_postroute(unsigned int hooknum, 4677 static unsigned int selinux_ipv6_postroute(unsigned int hooknum,
4678 struct sk_buff *skb, 4678 struct sk_buff *skb,
4679 const struct net_device *in, 4679 const struct net_device *in,
4680 const struct net_device *out, 4680 const struct net_device *out,
4681 int (*okfn)(struct sk_buff *)) 4681 int (*okfn)(struct sk_buff *))
4682 { 4682 {
4683 return selinux_ip_postroute(skb, out->ifindex, PF_INET6); 4683 return selinux_ip_postroute(skb, out->ifindex, PF_INET6);
4684 } 4684 }
4685 #endif /* IPV6 */ 4685 #endif /* IPV6 */
4686 4686
4687 #endif /* CONFIG_NETFILTER */ 4687 #endif /* CONFIG_NETFILTER */
4688 4688
4689 static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb) 4689 static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
4690 { 4690 {
4691 int err; 4691 int err;
4692 4692
4693 err = cap_netlink_send(sk, skb); 4693 err = cap_netlink_send(sk, skb);
4694 if (err) 4694 if (err)
4695 return err; 4695 return err;
4696 4696
4697 return selinux_nlmsg_perm(sk, skb); 4697 return selinux_nlmsg_perm(sk, skb);
4698 } 4698 }
4699 4699
4700 static int selinux_netlink_recv(struct sk_buff *skb, int capability) 4700 static int selinux_netlink_recv(struct sk_buff *skb, int capability)
4701 { 4701 {
4702 int err; 4702 int err;
4703 struct common_audit_data ad; 4703 struct common_audit_data ad;
4704 4704
4705 err = cap_netlink_recv(skb, capability); 4705 err = cap_netlink_recv(skb, capability);
4706 if (err) 4706 if (err)
4707 return err; 4707 return err;
4708 4708
4709 COMMON_AUDIT_DATA_INIT(&ad, CAP); 4709 COMMON_AUDIT_DATA_INIT(&ad, CAP);
4710 ad.u.cap = capability; 4710 ad.u.cap = capability;
4711 4711
4712 return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid, 4712 return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid,
4713 SECCLASS_CAPABILITY, CAP_TO_MASK(capability), &ad); 4713 SECCLASS_CAPABILITY, CAP_TO_MASK(capability), &ad);
4714 } 4714 }
4715 4715
4716 static int ipc_alloc_security(struct task_struct *task, 4716 static int ipc_alloc_security(struct task_struct *task,
4717 struct kern_ipc_perm *perm, 4717 struct kern_ipc_perm *perm,
4718 u16 sclass) 4718 u16 sclass)
4719 { 4719 {
4720 struct ipc_security_struct *isec; 4720 struct ipc_security_struct *isec;
4721 u32 sid; 4721 u32 sid;
4722 4722
4723 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL); 4723 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
4724 if (!isec) 4724 if (!isec)
4725 return -ENOMEM; 4725 return -ENOMEM;
4726 4726
4727 sid = task_sid(task); 4727 sid = task_sid(task);
4728 isec->sclass = sclass; 4728 isec->sclass = sclass;
4729 isec->sid = sid; 4729 isec->sid = sid;
4730 perm->security = isec; 4730 perm->security = isec;
4731 4731
4732 return 0; 4732 return 0;
4733 } 4733 }
4734 4734
4735 static void ipc_free_security(struct kern_ipc_perm *perm) 4735 static void ipc_free_security(struct kern_ipc_perm *perm)
4736 { 4736 {
4737 struct ipc_security_struct *isec = perm->security; 4737 struct ipc_security_struct *isec = perm->security;
4738 perm->security = NULL; 4738 perm->security = NULL;
4739 kfree(isec); 4739 kfree(isec);
4740 } 4740 }
4741 4741
4742 static int msg_msg_alloc_security(struct msg_msg *msg) 4742 static int msg_msg_alloc_security(struct msg_msg *msg)
4743 { 4743 {
4744 struct msg_security_struct *msec; 4744 struct msg_security_struct *msec;
4745 4745
4746 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL); 4746 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
4747 if (!msec) 4747 if (!msec)
4748 return -ENOMEM; 4748 return -ENOMEM;
4749 4749
4750 msec->sid = SECINITSID_UNLABELED; 4750 msec->sid = SECINITSID_UNLABELED;
4751 msg->security = msec; 4751 msg->security = msec;
4752 4752
4753 return 0; 4753 return 0;
4754 } 4754 }
4755 4755
4756 static void msg_msg_free_security(struct msg_msg *msg) 4756 static void msg_msg_free_security(struct msg_msg *msg)
4757 { 4757 {
4758 struct msg_security_struct *msec = msg->security; 4758 struct msg_security_struct *msec = msg->security;
4759 4759
4760 msg->security = NULL; 4760 msg->security = NULL;
4761 kfree(msec); 4761 kfree(msec);
4762 } 4762 }
4763 4763
4764 static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, 4764 static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
4765 u32 perms) 4765 u32 perms)
4766 { 4766 {
4767 struct ipc_security_struct *isec; 4767 struct ipc_security_struct *isec;
4768 struct common_audit_data ad; 4768 struct common_audit_data ad;
4769 u32 sid = current_sid(); 4769 u32 sid = current_sid();
4770 4770
4771 isec = ipc_perms->security; 4771 isec = ipc_perms->security;
4772 4772
4773 COMMON_AUDIT_DATA_INIT(&ad, IPC); 4773 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4774 ad.u.ipc_id = ipc_perms->key; 4774 ad.u.ipc_id = ipc_perms->key;
4775 4775
4776 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); 4776 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
4777 } 4777 }
4778 4778
4779 static int selinux_msg_msg_alloc_security(struct msg_msg *msg) 4779 static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
4780 { 4780 {
4781 return msg_msg_alloc_security(msg); 4781 return msg_msg_alloc_security(msg);
4782 } 4782 }
4783 4783
4784 static void selinux_msg_msg_free_security(struct msg_msg *msg) 4784 static void selinux_msg_msg_free_security(struct msg_msg *msg)
4785 { 4785 {
4786 msg_msg_free_security(msg); 4786 msg_msg_free_security(msg);
4787 } 4787 }
4788 4788
4789 /* message queue security operations */ 4789 /* message queue security operations */
4790 static int selinux_msg_queue_alloc_security(struct msg_queue *msq) 4790 static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
4791 { 4791 {
4792 struct ipc_security_struct *isec; 4792 struct ipc_security_struct *isec;
4793 struct common_audit_data ad; 4793 struct common_audit_data ad;
4794 u32 sid = current_sid(); 4794 u32 sid = current_sid();
4795 int rc; 4795 int rc;
4796 4796
4797 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ); 4797 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
4798 if (rc) 4798 if (rc)
4799 return rc; 4799 return rc;
4800 4800
4801 isec = msq->q_perm.security; 4801 isec = msq->q_perm.security;
4802 4802
4803 COMMON_AUDIT_DATA_INIT(&ad, IPC); 4803 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4804 ad.u.ipc_id = msq->q_perm.key; 4804 ad.u.ipc_id = msq->q_perm.key;
4805 4805
4806 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, 4806 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4807 MSGQ__CREATE, &ad); 4807 MSGQ__CREATE, &ad);
4808 if (rc) { 4808 if (rc) {
4809 ipc_free_security(&msq->q_perm); 4809 ipc_free_security(&msq->q_perm);
4810 return rc; 4810 return rc;
4811 } 4811 }
4812 return 0; 4812 return 0;
4813 } 4813 }
4814 4814
4815 static void selinux_msg_queue_free_security(struct msg_queue *msq) 4815 static void selinux_msg_queue_free_security(struct msg_queue *msq)
4816 { 4816 {
4817 ipc_free_security(&msq->q_perm); 4817 ipc_free_security(&msq->q_perm);
4818 } 4818 }
4819 4819
4820 static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg) 4820 static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
4821 { 4821 {
4822 struct ipc_security_struct *isec; 4822 struct ipc_security_struct *isec;
4823 struct common_audit_data ad; 4823 struct common_audit_data ad;
4824 u32 sid = current_sid(); 4824 u32 sid = current_sid();
4825 4825
4826 isec = msq->q_perm.security; 4826 isec = msq->q_perm.security;
4827 4827
4828 COMMON_AUDIT_DATA_INIT(&ad, IPC); 4828 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4829 ad.u.ipc_id = msq->q_perm.key; 4829 ad.u.ipc_id = msq->q_perm.key;
4830 4830
4831 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, 4831 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4832 MSGQ__ASSOCIATE, &ad); 4832 MSGQ__ASSOCIATE, &ad);
4833 } 4833 }
4834 4834
4835 static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd) 4835 static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
4836 { 4836 {
4837 int err; 4837 int err;
4838 int perms; 4838 int perms;
4839 4839
4840 switch (cmd) { 4840 switch (cmd) {
4841 case IPC_INFO: 4841 case IPC_INFO:
4842 case MSG_INFO: 4842 case MSG_INFO:
4843 /* No specific object, just general system-wide information. */ 4843 /* No specific object, just general system-wide information. */
4844 return task_has_system(current, SYSTEM__IPC_INFO); 4844 return task_has_system(current, SYSTEM__IPC_INFO);
4845 case IPC_STAT: 4845 case IPC_STAT:
4846 case MSG_STAT: 4846 case MSG_STAT:
4847 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE; 4847 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
4848 break; 4848 break;
4849 case IPC_SET: 4849 case IPC_SET:
4850 perms = MSGQ__SETATTR; 4850 perms = MSGQ__SETATTR;
4851 break; 4851 break;
4852 case IPC_RMID: 4852 case IPC_RMID:
4853 perms = MSGQ__DESTROY; 4853 perms = MSGQ__DESTROY;
4854 break; 4854 break;
4855 default: 4855 default:
4856 return 0; 4856 return 0;
4857 } 4857 }
4858 4858
4859 err = ipc_has_perm(&msq->q_perm, perms); 4859 err = ipc_has_perm(&msq->q_perm, perms);
4860 return err; 4860 return err;
4861 } 4861 }
4862 4862
4863 static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg) 4863 static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
4864 { 4864 {
4865 struct ipc_security_struct *isec; 4865 struct ipc_security_struct *isec;
4866 struct msg_security_struct *msec; 4866 struct msg_security_struct *msec;
4867 struct common_audit_data ad; 4867 struct common_audit_data ad;
4868 u32 sid = current_sid(); 4868 u32 sid = current_sid();
4869 int rc; 4869 int rc;
4870 4870
4871 isec = msq->q_perm.security; 4871 isec = msq->q_perm.security;
4872 msec = msg->security; 4872 msec = msg->security;
4873 4873
4874 /* 4874 /*
4875 * First time through, need to assign label to the message 4875 * First time through, need to assign label to the message
4876 */ 4876 */
4877 if (msec->sid == SECINITSID_UNLABELED) { 4877 if (msec->sid == SECINITSID_UNLABELED) {
4878 /* 4878 /*
4879 * Compute new sid based on current process and 4879 * Compute new sid based on current process and
4880 * message queue this message will be stored in 4880 * message queue this message will be stored in
4881 */ 4881 */
4882 rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG, 4882 rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG,
4883 NULL, &msec->sid); 4883 NULL, &msec->sid);
4884 if (rc) 4884 if (rc)
4885 return rc; 4885 return rc;
4886 } 4886 }
4887 4887
4888 COMMON_AUDIT_DATA_INIT(&ad, IPC); 4888 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4889 ad.u.ipc_id = msq->q_perm.key; 4889 ad.u.ipc_id = msq->q_perm.key;
4890 4890
4891 /* Can this process write to the queue? */ 4891 /* Can this process write to the queue? */
4892 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, 4892 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4893 MSGQ__WRITE, &ad); 4893 MSGQ__WRITE, &ad);
4894 if (!rc) 4894 if (!rc)
4895 /* Can this process send the message */ 4895 /* Can this process send the message */
4896 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG, 4896 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG,
4897 MSG__SEND, &ad); 4897 MSG__SEND, &ad);
4898 if (!rc) 4898 if (!rc)
4899 /* Can the message be put in the queue? */ 4899 /* Can the message be put in the queue? */
4900 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ, 4900 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ,
4901 MSGQ__ENQUEUE, &ad); 4901 MSGQ__ENQUEUE, &ad);
4902 4902
4903 return rc; 4903 return rc;
4904 } 4904 }
4905 4905
4906 static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, 4906 static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
4907 struct task_struct *target, 4907 struct task_struct *target,
4908 long type, int mode) 4908 long type, int mode)
4909 { 4909 {
4910 struct ipc_security_struct *isec; 4910 struct ipc_security_struct *isec;
4911 struct msg_security_struct *msec; 4911 struct msg_security_struct *msec;
4912 struct common_audit_data ad; 4912 struct common_audit_data ad;
4913 u32 sid = task_sid(target); 4913 u32 sid = task_sid(target);
4914 int rc; 4914 int rc;
4915 4915
4916 isec = msq->q_perm.security; 4916 isec = msq->q_perm.security;
4917 msec = msg->security; 4917 msec = msg->security;
4918 4918
4919 COMMON_AUDIT_DATA_INIT(&ad, IPC); 4919 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4920 ad.u.ipc_id = msq->q_perm.key; 4920 ad.u.ipc_id = msq->q_perm.key;
4921 4921
4922 rc = avc_has_perm(sid, isec->sid, 4922 rc = avc_has_perm(sid, isec->sid,
4923 SECCLASS_MSGQ, MSGQ__READ, &ad); 4923 SECCLASS_MSGQ, MSGQ__READ, &ad);
4924 if (!rc) 4924 if (!rc)
4925 rc = avc_has_perm(sid, msec->sid, 4925 rc = avc_has_perm(sid, msec->sid,
4926 SECCLASS_MSG, MSG__RECEIVE, &ad); 4926 SECCLASS_MSG, MSG__RECEIVE, &ad);
4927 return rc; 4927 return rc;
4928 } 4928 }
4929 4929
4930 /* Shared Memory security operations */ 4930 /* Shared Memory security operations */
4931 static int selinux_shm_alloc_security(struct shmid_kernel *shp) 4931 static int selinux_shm_alloc_security(struct shmid_kernel *shp)
4932 { 4932 {
4933 struct ipc_security_struct *isec; 4933 struct ipc_security_struct *isec;
4934 struct common_audit_data ad; 4934 struct common_audit_data ad;
4935 u32 sid = current_sid(); 4935 u32 sid = current_sid();
4936 int rc; 4936 int rc;
4937 4937
4938 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM); 4938 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
4939 if (rc) 4939 if (rc)
4940 return rc; 4940 return rc;
4941 4941
4942 isec = shp->shm_perm.security; 4942 isec = shp->shm_perm.security;
4943 4943
4944 COMMON_AUDIT_DATA_INIT(&ad, IPC); 4944 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4945 ad.u.ipc_id = shp->shm_perm.key; 4945 ad.u.ipc_id = shp->shm_perm.key;
4946 4946
4947 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM, 4947 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,
4948 SHM__CREATE, &ad); 4948 SHM__CREATE, &ad);
4949 if (rc) { 4949 if (rc) {
4950 ipc_free_security(&shp->shm_perm); 4950 ipc_free_security(&shp->shm_perm);
4951 return rc; 4951 return rc;
4952 } 4952 }
4953 return 0; 4953 return 0;
4954 } 4954 }
4955 4955
4956 static void selinux_shm_free_security(struct shmid_kernel *shp) 4956 static void selinux_shm_free_security(struct shmid_kernel *shp)
4957 { 4957 {
4958 ipc_free_security(&shp->shm_perm); 4958 ipc_free_security(&shp->shm_perm);
4959 } 4959 }
4960 4960
4961 static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg) 4961 static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
4962 { 4962 {
4963 struct ipc_security_struct *isec; 4963 struct ipc_security_struct *isec;
4964 struct common_audit_data ad; 4964 struct common_audit_data ad;
4965 u32 sid = current_sid(); 4965 u32 sid = current_sid();
4966 4966
4967 isec = shp->shm_perm.security; 4967 isec = shp->shm_perm.security;
4968 4968
4969 COMMON_AUDIT_DATA_INIT(&ad, IPC); 4969 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4970 ad.u.ipc_id = shp->shm_perm.key; 4970 ad.u.ipc_id = shp->shm_perm.key;
4971 4971
4972 return avc_has_perm(sid, isec->sid, SECCLASS_SHM, 4972 return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
4973 SHM__ASSOCIATE, &ad); 4973 SHM__ASSOCIATE, &ad);
4974 } 4974 }
4975 4975
4976 /* Note, at this point, shp is locked down */ 4976 /* Note, at this point, shp is locked down */
4977 static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd) 4977 static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
4978 { 4978 {
4979 int perms; 4979 int perms;
4980 int err; 4980 int err;
4981 4981
4982 switch (cmd) { 4982 switch (cmd) {
4983 case IPC_INFO: 4983 case IPC_INFO:
4984 case SHM_INFO: 4984 case SHM_INFO:
4985 /* No specific object, just general system-wide information. */ 4985 /* No specific object, just general system-wide information. */
4986 return task_has_system(current, SYSTEM__IPC_INFO); 4986 return task_has_system(current, SYSTEM__IPC_INFO);
4987 case IPC_STAT: 4987 case IPC_STAT:
4988 case SHM_STAT: 4988 case SHM_STAT:
4989 perms = SHM__GETATTR | SHM__ASSOCIATE; 4989 perms = SHM__GETATTR | SHM__ASSOCIATE;
4990 break; 4990 break;
4991 case IPC_SET: 4991 case IPC_SET:
4992 perms = SHM__SETATTR; 4992 perms = SHM__SETATTR;
4993 break; 4993 break;
4994 case SHM_LOCK: 4994 case SHM_LOCK:
4995 case SHM_UNLOCK: 4995 case SHM_UNLOCK:
4996 perms = SHM__LOCK; 4996 perms = SHM__LOCK;
4997 break; 4997 break;
4998 case IPC_RMID: 4998 case IPC_RMID:
4999 perms = SHM__DESTROY; 4999 perms = SHM__DESTROY;
5000 break; 5000 break;
5001 default: 5001 default:
5002 return 0; 5002 return 0;
5003 } 5003 }
5004 5004
5005 err = ipc_has_perm(&shp->shm_perm, perms); 5005 err = ipc_has_perm(&shp->shm_perm, perms);
5006 return err; 5006 return err;
5007 } 5007 }
5008 5008
5009 static int selinux_shm_shmat(struct shmid_kernel *shp, 5009 static int selinux_shm_shmat(struct shmid_kernel *shp,
5010 char __user *shmaddr, int shmflg) 5010 char __user *shmaddr, int shmflg)
5011 { 5011 {
5012 u32 perms; 5012 u32 perms;
5013 5013
5014 if (shmflg & SHM_RDONLY) 5014 if (shmflg & SHM_RDONLY)
5015 perms = SHM__READ; 5015 perms = SHM__READ;
5016 else 5016 else
5017 perms = SHM__READ | SHM__WRITE; 5017 perms = SHM__READ | SHM__WRITE;
5018 5018
5019 return ipc_has_perm(&shp->shm_perm, perms); 5019 return ipc_has_perm(&shp->shm_perm, perms);
5020 } 5020 }
5021 5021
5022 /* Semaphore security operations */ 5022 /* Semaphore security operations */
5023 static int selinux_sem_alloc_security(struct sem_array *sma) 5023 static int selinux_sem_alloc_security(struct sem_array *sma)
5024 { 5024 {
5025 struct ipc_security_struct *isec; 5025 struct ipc_security_struct *isec;
5026 struct common_audit_data ad; 5026 struct common_audit_data ad;
5027 u32 sid = current_sid(); 5027 u32 sid = current_sid();
5028 int rc; 5028 int rc;
5029 5029
5030 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM); 5030 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
5031 if (rc) 5031 if (rc)
5032 return rc; 5032 return rc;
5033 5033
5034 isec = sma->sem_perm.security; 5034 isec = sma->sem_perm.security;
5035 5035
5036 COMMON_AUDIT_DATA_INIT(&ad, IPC); 5036 COMMON_AUDIT_DATA_INIT(&ad, IPC);
5037 ad.u.ipc_id = sma->sem_perm.key; 5037 ad.u.ipc_id = sma->sem_perm.key;
5038 5038
5039 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM, 5039 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5040 SEM__CREATE, &ad); 5040 SEM__CREATE, &ad);
5041 if (rc) { 5041 if (rc) {
5042 ipc_free_security(&sma->sem_perm); 5042 ipc_free_security(&sma->sem_perm);
5043 return rc; 5043 return rc;
5044 } 5044 }
5045 return 0; 5045 return 0;
5046 } 5046 }
5047 5047
5048 static void selinux_sem_free_security(struct sem_array *sma) 5048 static void selinux_sem_free_security(struct sem_array *sma)
5049 { 5049 {
5050 ipc_free_security(&sma->sem_perm); 5050 ipc_free_security(&sma->sem_perm);
5051 } 5051 }
5052 5052
5053 static int selinux_sem_associate(struct sem_array *sma, int semflg) 5053 static int selinux_sem_associate(struct sem_array *sma, int semflg)
5054 { 5054 {
5055 struct ipc_security_struct *isec; 5055 struct ipc_security_struct *isec;
5056 struct common_audit_data ad; 5056 struct common_audit_data ad;
5057 u32 sid = current_sid(); 5057 u32 sid = current_sid();
5058 5058
5059 isec = sma->sem_perm.security; 5059 isec = sma->sem_perm.security;
5060 5060
5061 COMMON_AUDIT_DATA_INIT(&ad, IPC); 5061 COMMON_AUDIT_DATA_INIT(&ad, IPC);
5062 ad.u.ipc_id = sma->sem_perm.key; 5062 ad.u.ipc_id = sma->sem_perm.key;
5063 5063
5064 return avc_has_perm(sid, isec->sid, SECCLASS_SEM, 5064 return avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5065 SEM__ASSOCIATE, &ad); 5065 SEM__ASSOCIATE, &ad);
5066 } 5066 }
5067 5067
5068 /* Note, at this point, sma is locked down */ 5068 /* Note, at this point, sma is locked down */
5069 static int selinux_sem_semctl(struct sem_array *sma, int cmd) 5069 static int selinux_sem_semctl(struct sem_array *sma, int cmd)
5070 { 5070 {
5071 int err; 5071 int err;
5072 u32 perms; 5072 u32 perms;
5073 5073
5074 switch (cmd) { 5074 switch (cmd) {
5075 case IPC_INFO: 5075 case IPC_INFO:
5076 case SEM_INFO: 5076 case SEM_INFO:
5077 /* No specific object, just general system-wide information. */ 5077 /* No specific object, just general system-wide information. */
5078 return task_has_system(current, SYSTEM__IPC_INFO); 5078 return task_has_system(current, SYSTEM__IPC_INFO);
5079 case GETPID: 5079 case GETPID:
5080 case GETNCNT: 5080 case GETNCNT:
5081 case GETZCNT: 5081 case GETZCNT:
5082 perms = SEM__GETATTR; 5082 perms = SEM__GETATTR;
5083 break; 5083 break;
5084 case GETVAL: 5084 case GETVAL:
5085 case GETALL: 5085 case GETALL:
5086 perms = SEM__READ; 5086 perms = SEM__READ;
5087 break; 5087 break;
5088 case SETVAL: 5088 case SETVAL:
5089 case SETALL: 5089 case SETALL:
5090 perms = SEM__WRITE; 5090 perms = SEM__WRITE;
5091 break; 5091 break;
5092 case IPC_RMID: 5092 case IPC_RMID:
5093 perms = SEM__DESTROY; 5093 perms = SEM__DESTROY;
5094 break; 5094 break;
5095 case IPC_SET: 5095 case IPC_SET:
5096 perms = SEM__SETATTR; 5096 perms = SEM__SETATTR;
5097 break; 5097 break;
5098 case IPC_STAT: 5098 case IPC_STAT:
5099 case SEM_STAT: 5099 case SEM_STAT:
5100 perms = SEM__GETATTR | SEM__ASSOCIATE; 5100 perms = SEM__GETATTR | SEM__ASSOCIATE;
5101 break; 5101 break;
5102 default: 5102 default:
5103 return 0; 5103 return 0;
5104 } 5104 }
5105 5105
5106 err = ipc_has_perm(&sma->sem_perm, perms); 5106 err = ipc_has_perm(&sma->sem_perm, perms);
5107 return err; 5107 return err;
5108 } 5108 }
5109 5109
5110 static int selinux_sem_semop(struct sem_array *sma, 5110 static int selinux_sem_semop(struct sem_array *sma,
5111 struct sembuf *sops, unsigned nsops, int alter) 5111 struct sembuf *sops, unsigned nsops, int alter)
5112 { 5112 {
5113 u32 perms; 5113 u32 perms;
5114 5114
5115 if (alter) 5115 if (alter)
5116 perms = SEM__READ | SEM__WRITE; 5116 perms = SEM__READ | SEM__WRITE;
5117 else 5117 else
5118 perms = SEM__READ; 5118 perms = SEM__READ;
5119 5119
5120 return ipc_has_perm(&sma->sem_perm, perms); 5120 return ipc_has_perm(&sma->sem_perm, perms);
5121 } 5121 }
5122 5122
5123 static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag) 5123 static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
5124 { 5124 {
5125 u32 av = 0; 5125 u32 av = 0;
5126 5126
5127 av = 0; 5127 av = 0;
5128 if (flag & S_IRUGO) 5128 if (flag & S_IRUGO)
5129 av |= IPC__UNIX_READ; 5129 av |= IPC__UNIX_READ;
5130 if (flag & S_IWUGO) 5130 if (flag & S_IWUGO)
5131 av |= IPC__UNIX_WRITE; 5131 av |= IPC__UNIX_WRITE;
5132 5132
5133 if (av == 0) 5133 if (av == 0)
5134 return 0; 5134 return 0;
5135 5135
5136 return ipc_has_perm(ipcp, av); 5136 return ipc_has_perm(ipcp, av);
5137 } 5137 }
5138 5138
5139 static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) 5139 static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
5140 { 5140 {
5141 struct ipc_security_struct *isec = ipcp->security; 5141 struct ipc_security_struct *isec = ipcp->security;
5142 *secid = isec->sid; 5142 *secid = isec->sid;
5143 } 5143 }
5144 5144
5145 static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode) 5145 static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
5146 { 5146 {
5147 if (inode) 5147 if (inode)
5148 inode_doinit_with_dentry(inode, dentry); 5148 inode_doinit_with_dentry(inode, dentry);
5149 } 5149 }
5150 5150
5151 static int selinux_getprocattr(struct task_struct *p, 5151 static int selinux_getprocattr(struct task_struct *p,
5152 char *name, char **value) 5152 char *name, char **value)
5153 { 5153 {
5154 const struct task_security_struct *__tsec; 5154 const struct task_security_struct *__tsec;
5155 u32 sid; 5155 u32 sid;
5156 int error; 5156 int error;
5157 unsigned len; 5157 unsigned len;
5158 5158
5159 if (current != p) { 5159 if (current != p) {
5160 error = current_has_perm(p, PROCESS__GETATTR); 5160 error = current_has_perm(p, PROCESS__GETATTR);
5161 if (error) 5161 if (error)
5162 return error; 5162 return error;
5163 } 5163 }
5164 5164
5165 rcu_read_lock(); 5165 rcu_read_lock();
5166 __tsec = __task_cred(p)->security; 5166 __tsec = __task_cred(p)->security;
5167 5167
5168 if (!strcmp(name, "current")) 5168 if (!strcmp(name, "current"))
5169 sid = __tsec->sid; 5169 sid = __tsec->sid;
5170 else if (!strcmp(name, "prev")) 5170 else if (!strcmp(name, "prev"))
5171 sid = __tsec->osid; 5171 sid = __tsec->osid;
5172 else if (!strcmp(name, "exec")) 5172 else if (!strcmp(name, "exec"))
5173 sid = __tsec->exec_sid; 5173 sid = __tsec->exec_sid;
5174 else if (!strcmp(name, "fscreate")) 5174 else if (!strcmp(name, "fscreate"))
5175 sid = __tsec->create_sid; 5175 sid = __tsec->create_sid;
5176 else if (!strcmp(name, "keycreate")) 5176 else if (!strcmp(name, "keycreate"))
5177 sid = __tsec->keycreate_sid; 5177 sid = __tsec->keycreate_sid;
5178 else if (!strcmp(name, "sockcreate")) 5178 else if (!strcmp(name, "sockcreate"))
5179 sid = __tsec->sockcreate_sid; 5179 sid = __tsec->sockcreate_sid;
5180 else 5180 else
5181 goto invalid; 5181 goto invalid;
5182 rcu_read_unlock(); 5182 rcu_read_unlock();
5183 5183
5184 if (!sid) 5184 if (!sid)
5185 return 0; 5185 return 0;
5186 5186
5187 error = security_sid_to_context(sid, value, &len); 5187 error = security_sid_to_context(sid, value, &len);
5188 if (error) 5188 if (error)
5189 return error; 5189 return error;
5190 return len; 5190 return len;
5191 5191
5192 invalid: 5192 invalid:
5193 rcu_read_unlock(); 5193 rcu_read_unlock();
5194 return -EINVAL; 5194 return -EINVAL;
5195 } 5195 }
5196 5196
5197 static int selinux_setprocattr(struct task_struct *p, 5197 static int selinux_setprocattr(struct task_struct *p,
5198 char *name, void *value, size_t size) 5198 char *name, void *value, size_t size)
5199 { 5199 {
5200 struct task_security_struct *tsec; 5200 struct task_security_struct *tsec;
5201 struct task_struct *tracer; 5201 struct task_struct *tracer;
5202 struct cred *new; 5202 struct cred *new;
5203 u32 sid = 0, ptsid; 5203 u32 sid = 0, ptsid;
5204 int error; 5204 int error;
5205 char *str = value; 5205 char *str = value;
5206 5206
5207 if (current != p) { 5207 if (current != p) {
5208 /* SELinux only allows a process to change its own 5208 /* SELinux only allows a process to change its own
5209 security attributes. */ 5209 security attributes. */
5210 return -EACCES; 5210 return -EACCES;
5211 } 5211 }
5212 5212
5213 /* 5213 /*
5214 * Basic control over ability to set these attributes at all. 5214 * Basic control over ability to set these attributes at all.
5215 * current == p, but we'll pass them separately in case the 5215 * current == p, but we'll pass them separately in case the
5216 * above restriction is ever removed. 5216 * above restriction is ever removed.
5217 */ 5217 */
5218 if (!strcmp(name, "exec")) 5218 if (!strcmp(name, "exec"))
5219 error = current_has_perm(p, PROCESS__SETEXEC); 5219 error = current_has_perm(p, PROCESS__SETEXEC);
5220 else if (!strcmp(name, "fscreate")) 5220 else if (!strcmp(name, "fscreate"))
5221 error = current_has_perm(p, PROCESS__SETFSCREATE); 5221 error = current_has_perm(p, PROCESS__SETFSCREATE);
5222 else if (!strcmp(name, "keycreate")) 5222 else if (!strcmp(name, "keycreate"))
5223 error = current_has_perm(p, PROCESS__SETKEYCREATE); 5223 error = current_has_perm(p, PROCESS__SETKEYCREATE);
5224 else if (!strcmp(name, "sockcreate")) 5224 else if (!strcmp(name, "sockcreate"))
5225 error = current_has_perm(p, PROCESS__SETSOCKCREATE); 5225 error = current_has_perm(p, PROCESS__SETSOCKCREATE);
5226 else if (!strcmp(name, "current")) 5226 else if (!strcmp(name, "current"))
5227 error = current_has_perm(p, PROCESS__SETCURRENT); 5227 error = current_has_perm(p, PROCESS__SETCURRENT);
5228 else 5228 else
5229 error = -EINVAL; 5229 error = -EINVAL;
5230 if (error) 5230 if (error)
5231 return error; 5231 return error;
5232 5232
5233 /* Obtain a SID for the context, if one was specified. */ 5233 /* Obtain a SID for the context, if one was specified. */
5234 if (size && str[1] && str[1] != '\n') { 5234 if (size && str[1] && str[1] != '\n') {
5235 if (str[size-1] == '\n') { 5235 if (str[size-1] == '\n') {
5236 str[size-1] = 0; 5236 str[size-1] = 0;
5237 size--; 5237 size--;
5238 } 5238 }
5239 error = security_context_to_sid(value, size, &sid); 5239 error = security_context_to_sid(value, size, &sid);
5240 if (error == -EINVAL && !strcmp(name, "fscreate")) { 5240 if (error == -EINVAL && !strcmp(name, "fscreate")) {
5241 if (!capable(CAP_MAC_ADMIN)) 5241 if (!capable(CAP_MAC_ADMIN))
5242 return error; 5242 return error;
5243 error = security_context_to_sid_force(value, size, 5243 error = security_context_to_sid_force(value, size,
5244 &sid); 5244 &sid);
5245 } 5245 }
5246 if (error) 5246 if (error)
5247 return error; 5247 return error;
5248 } 5248 }
5249 5249
5250 new = prepare_creds(); 5250 new = prepare_creds();
5251 if (!new) 5251 if (!new)
5252 return -ENOMEM; 5252 return -ENOMEM;
5253 5253
5254 /* Permission checking based on the specified context is 5254 /* Permission checking based on the specified context is
5255 performed during the actual operation (execve, 5255 performed during the actual operation (execve,
5256 open/mkdir/...), when we know the full context of the 5256 open/mkdir/...), when we know the full context of the
5257 operation. See selinux_bprm_set_creds for the execve 5257 operation. See selinux_bprm_set_creds for the execve
5258 checks and may_create for the file creation checks. The 5258 checks and may_create for the file creation checks. The
5259 operation will then fail if the context is not permitted. */ 5259 operation will then fail if the context is not permitted. */
5260 tsec = new->security; 5260 tsec = new->security;
5261 if (!strcmp(name, "exec")) { 5261 if (!strcmp(name, "exec")) {
5262 tsec->exec_sid = sid; 5262 tsec->exec_sid = sid;
5263 } else if (!strcmp(name, "fscreate")) { 5263 } else if (!strcmp(name, "fscreate")) {
5264 tsec->create_sid = sid; 5264 tsec->create_sid = sid;
5265 } else if (!strcmp(name, "keycreate")) { 5265 } else if (!strcmp(name, "keycreate")) {
5266 error = may_create_key(sid, p); 5266 error = may_create_key(sid, p);
5267 if (error) 5267 if (error)
5268 goto abort_change; 5268 goto abort_change;
5269 tsec->keycreate_sid = sid; 5269 tsec->keycreate_sid = sid;
5270 } else if (!strcmp(name, "sockcreate")) { 5270 } else if (!strcmp(name, "sockcreate")) {
5271 tsec->sockcreate_sid = sid; 5271 tsec->sockcreate_sid = sid;
5272 } else if (!strcmp(name, "current")) { 5272 } else if (!strcmp(name, "current")) {
5273 error = -EINVAL; 5273 error = -EINVAL;
5274 if (sid == 0) 5274 if (sid == 0)
5275 goto abort_change; 5275 goto abort_change;
5276 5276
5277 /* Only allow single threaded processes to change context */ 5277 /* Only allow single threaded processes to change context */
5278 error = -EPERM; 5278 error = -EPERM;
5279 if (!current_is_single_threaded()) { 5279 if (!current_is_single_threaded()) {
5280 error = security_bounded_transition(tsec->sid, sid); 5280 error = security_bounded_transition(tsec->sid, sid);
5281 if (error) 5281 if (error)
5282 goto abort_change; 5282 goto abort_change;
5283 } 5283 }
5284 5284
5285 /* Check permissions for the transition. */ 5285 /* Check permissions for the transition. */
5286 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS, 5286 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
5287 PROCESS__DYNTRANSITION, NULL); 5287 PROCESS__DYNTRANSITION, NULL);
5288 if (error) 5288 if (error)
5289 goto abort_change; 5289 goto abort_change;
5290 5290
5291 /* Check for ptracing, and update the task SID if ok. 5291 /* Check for ptracing, and update the task SID if ok.
5292 Otherwise, leave SID unchanged and fail. */ 5292 Otherwise, leave SID unchanged and fail. */
5293 ptsid = 0; 5293 ptsid = 0;
5294 task_lock(p); 5294 task_lock(p);
5295 tracer = tracehook_tracer_task(p); 5295 tracer = tracehook_tracer_task(p);
5296 if (tracer) 5296 if (tracer)
5297 ptsid = task_sid(tracer); 5297 ptsid = task_sid(tracer);
5298 task_unlock(p); 5298 task_unlock(p);
5299 5299
5300 if (tracer) { 5300 if (tracer) {
5301 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS, 5301 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
5302 PROCESS__PTRACE, NULL); 5302 PROCESS__PTRACE, NULL);
5303 if (error) 5303 if (error)
5304 goto abort_change; 5304 goto abort_change;
5305 } 5305 }
5306 5306
5307 tsec->sid = sid; 5307 tsec->sid = sid;
5308 } else { 5308 } else {
5309 error = -EINVAL; 5309 error = -EINVAL;
5310 goto abort_change; 5310 goto abort_change;
5311 } 5311 }
5312 5312
5313 commit_creds(new); 5313 commit_creds(new);
5314 return size; 5314 return size;
5315 5315
5316 abort_change: 5316 abort_change:
5317 abort_creds(new); 5317 abort_creds(new);
5318 return error; 5318 return error;
5319 } 5319 }
5320 5320
5321 static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 5321 static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
5322 { 5322 {
5323 return security_sid_to_context(secid, secdata, seclen); 5323 return security_sid_to_context(secid, secdata, seclen);
5324 } 5324 }
5325 5325
5326 static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 5326 static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
5327 { 5327 {
5328 return security_context_to_sid(secdata, seclen, secid); 5328 return security_context_to_sid(secdata, seclen, secid);
5329 } 5329 }
5330 5330
5331 static void selinux_release_secctx(char *secdata, u32 seclen) 5331 static void selinux_release_secctx(char *secdata, u32 seclen)
5332 { 5332 {
5333 kfree(secdata); 5333 kfree(secdata);
5334 } 5334 }
5335 5335
5336 /* 5336 /*
5337 * called with inode->i_mutex locked 5337 * called with inode->i_mutex locked
5338 */ 5338 */
5339 static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 5339 static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
5340 { 5340 {
5341 return selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX, ctx, ctxlen, 0); 5341 return selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX, ctx, ctxlen, 0);
5342 } 5342 }
5343 5343
5344 /* 5344 /*
5345 * called with inode->i_mutex locked 5345 * called with inode->i_mutex locked
5346 */ 5346 */
5347 static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 5347 static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
5348 { 5348 {
5349 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0); 5349 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0);
5350 } 5350 }
5351 5351
5352 static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 5352 static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
5353 { 5353 {
5354 int len = 0; 5354 int len = 0;
5355 len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX, 5355 len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX,
5356 ctx, true); 5356 ctx, true);
5357 if (len < 0) 5357 if (len < 0)
5358 return len; 5358 return len;
5359 *ctxlen = len; 5359 *ctxlen = len;
5360 return 0; 5360 return 0;
5361 } 5361 }
5362 #ifdef CONFIG_KEYS 5362 #ifdef CONFIG_KEYS
5363 5363
5364 static int selinux_key_alloc(struct key *k, const struct cred *cred, 5364 static int selinux_key_alloc(struct key *k, const struct cred *cred,
5365 unsigned long flags) 5365 unsigned long flags)
5366 { 5366 {
5367 const struct task_security_struct *tsec; 5367 const struct task_security_struct *tsec;
5368 struct key_security_struct *ksec; 5368 struct key_security_struct *ksec;
5369 5369
5370 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL); 5370 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
5371 if (!ksec) 5371 if (!ksec)
5372 return -ENOMEM; 5372 return -ENOMEM;
5373 5373
5374 tsec = cred->security; 5374 tsec = cred->security;
5375 if (tsec->keycreate_sid) 5375 if (tsec->keycreate_sid)
5376 ksec->sid = tsec->keycreate_sid; 5376 ksec->sid = tsec->keycreate_sid;
5377 else 5377 else
5378 ksec->sid = tsec->sid; 5378 ksec->sid = tsec->sid;
5379 5379
5380 k->security = ksec; 5380 k->security = ksec;
5381 return 0; 5381 return 0;
5382 } 5382 }
5383 5383
5384 static void selinux_key_free(struct key *k) 5384 static void selinux_key_free(struct key *k)
5385 { 5385 {
5386 struct key_security_struct *ksec = k->security; 5386 struct key_security_struct *ksec = k->security;
5387 5387
5388 k->security = NULL; 5388 k->security = NULL;
5389 kfree(ksec); 5389 kfree(ksec);
5390 } 5390 }
5391 5391
5392 static int selinux_key_permission(key_ref_t key_ref, 5392 static int selinux_key_permission(key_ref_t key_ref,
5393 const struct cred *cred, 5393 const struct cred *cred,
5394 key_perm_t perm) 5394 key_perm_t perm)
5395 { 5395 {
5396 struct key *key; 5396 struct key *key;
5397 struct key_security_struct *ksec; 5397 struct key_security_struct *ksec;
5398 u32 sid; 5398 u32 sid;
5399 5399
5400 /* if no specific permissions are requested, we skip the 5400 /* if no specific permissions are requested, we skip the
5401 permission check. No serious, additional covert channels 5401 permission check. No serious, additional covert channels
5402 appear to be created. */ 5402 appear to be created. */
5403 if (perm == 0) 5403 if (perm == 0)
5404 return 0; 5404 return 0;
5405 5405
5406 sid = cred_sid(cred); 5406 sid = cred_sid(cred);
5407 5407
5408 key = key_ref_to_ptr(key_ref); 5408 key = key_ref_to_ptr(key_ref);
5409 ksec = key->security; 5409 ksec = key->security;
5410 5410
5411 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL); 5411 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL);
5412 } 5412 }
5413 5413
5414 static int selinux_key_getsecurity(struct key *key, char **_buffer) 5414 static int selinux_key_getsecurity(struct key *key, char **_buffer)
5415 { 5415 {
5416 struct key_security_struct *ksec = key->security; 5416 struct key_security_struct *ksec = key->security;
5417 char *context = NULL; 5417 char *context = NULL;
5418 unsigned len; 5418 unsigned len;
5419 int rc; 5419 int rc;
5420 5420
5421 rc = security_sid_to_context(ksec->sid, &context, &len); 5421 rc = security_sid_to_context(ksec->sid, &context, &len);
5422 if (!rc) 5422 if (!rc)
5423 rc = len; 5423 rc = len;
5424 *_buffer = context; 5424 *_buffer = context;
5425 return rc; 5425 return rc;
5426 } 5426 }
5427 5427
5428 #endif 5428 #endif
5429 5429
5430 static struct security_operations selinux_ops = { 5430 static struct security_operations selinux_ops = {
5431 .name = "selinux", 5431 .name = "selinux",
5432 5432
5433 .ptrace_access_check = selinux_ptrace_access_check, 5433 .ptrace_access_check = selinux_ptrace_access_check,
5434 .ptrace_traceme = selinux_ptrace_traceme, 5434 .ptrace_traceme = selinux_ptrace_traceme,
5435 .capget = selinux_capget, 5435 .capget = selinux_capget,
5436 .capset = selinux_capset, 5436 .capset = selinux_capset,
5437 .capable = selinux_capable, 5437 .capable = selinux_capable,
5438 .quotactl = selinux_quotactl, 5438 .quotactl = selinux_quotactl,
5439 .quota_on = selinux_quota_on, 5439 .quota_on = selinux_quota_on,
5440 .syslog = selinux_syslog, 5440 .syslog = selinux_syslog,
5441 .vm_enough_memory = selinux_vm_enough_memory, 5441 .vm_enough_memory = selinux_vm_enough_memory,
5442 5442
5443 .netlink_send = selinux_netlink_send, 5443 .netlink_send = selinux_netlink_send,
5444 .netlink_recv = selinux_netlink_recv, 5444 .netlink_recv = selinux_netlink_recv,
5445 5445
5446 .bprm_set_creds = selinux_bprm_set_creds, 5446 .bprm_set_creds = selinux_bprm_set_creds,
5447 .bprm_committing_creds = selinux_bprm_committing_creds, 5447 .bprm_committing_creds = selinux_bprm_committing_creds,
5448 .bprm_committed_creds = selinux_bprm_committed_creds, 5448 .bprm_committed_creds = selinux_bprm_committed_creds,
5449 .bprm_secureexec = selinux_bprm_secureexec, 5449 .bprm_secureexec = selinux_bprm_secureexec,
5450 5450
5451 .sb_alloc_security = selinux_sb_alloc_security, 5451 .sb_alloc_security = selinux_sb_alloc_security,
5452 .sb_free_security = selinux_sb_free_security, 5452 .sb_free_security = selinux_sb_free_security,
5453 .sb_copy_data = selinux_sb_copy_data, 5453 .sb_copy_data = selinux_sb_copy_data,
5454 .sb_remount = selinux_sb_remount, 5454 .sb_remount = selinux_sb_remount,
5455 .sb_kern_mount = selinux_sb_kern_mount, 5455 .sb_kern_mount = selinux_sb_kern_mount,
5456 .sb_show_options = selinux_sb_show_options, 5456 .sb_show_options = selinux_sb_show_options,
5457 .sb_statfs = selinux_sb_statfs, 5457 .sb_statfs = selinux_sb_statfs,
5458 .sb_mount = selinux_mount, 5458 .sb_mount = selinux_mount,
5459 .sb_umount = selinux_umount, 5459 .sb_umount = selinux_umount,
5460 .sb_set_mnt_opts = selinux_set_mnt_opts, 5460 .sb_set_mnt_opts = selinux_set_mnt_opts,
5461 .sb_clone_mnt_opts = selinux_sb_clone_mnt_opts, 5461 .sb_clone_mnt_opts = selinux_sb_clone_mnt_opts,
5462 .sb_parse_opts_str = selinux_parse_opts_str, 5462 .sb_parse_opts_str = selinux_parse_opts_str,
5463 5463
5464 5464
5465 .inode_alloc_security = selinux_inode_alloc_security, 5465 .inode_alloc_security = selinux_inode_alloc_security,
5466 .inode_free_security = selinux_inode_free_security, 5466 .inode_free_security = selinux_inode_free_security,
5467 .inode_init_security = selinux_inode_init_security, 5467 .inode_init_security = selinux_inode_init_security,
5468 .inode_create = selinux_inode_create, 5468 .inode_create = selinux_inode_create,
5469 .inode_link = selinux_inode_link, 5469 .inode_link = selinux_inode_link,
5470 .inode_unlink = selinux_inode_unlink, 5470 .inode_unlink = selinux_inode_unlink,
5471 .inode_symlink = selinux_inode_symlink, 5471 .inode_symlink = selinux_inode_symlink,
5472 .inode_mkdir = selinux_inode_mkdir, 5472 .inode_mkdir = selinux_inode_mkdir,
5473 .inode_rmdir = selinux_inode_rmdir, 5473 .inode_rmdir = selinux_inode_rmdir,
5474 .inode_mknod = selinux_inode_mknod, 5474 .inode_mknod = selinux_inode_mknod,
5475 .inode_rename = selinux_inode_rename, 5475 .inode_rename = selinux_inode_rename,
5476 .inode_readlink = selinux_inode_readlink, 5476 .inode_readlink = selinux_inode_readlink,
5477 .inode_follow_link = selinux_inode_follow_link, 5477 .inode_follow_link = selinux_inode_follow_link,
5478 .inode_permission = selinux_inode_permission, 5478 .inode_permission = selinux_inode_permission,
5479 .inode_setattr = selinux_inode_setattr, 5479 .inode_setattr = selinux_inode_setattr,
5480 .inode_getattr = selinux_inode_getattr, 5480 .inode_getattr = selinux_inode_getattr,
5481 .inode_setxattr = selinux_inode_setxattr, 5481 .inode_setxattr = selinux_inode_setxattr,
5482 .inode_post_setxattr = selinux_inode_post_setxattr, 5482 .inode_post_setxattr = selinux_inode_post_setxattr,
5483 .inode_getxattr = selinux_inode_getxattr, 5483 .inode_getxattr = selinux_inode_getxattr,
5484 .inode_listxattr = selinux_inode_listxattr, 5484 .inode_listxattr = selinux_inode_listxattr,
5485 .inode_removexattr = selinux_inode_removexattr, 5485 .inode_removexattr = selinux_inode_removexattr,
5486 .inode_getsecurity = selinux_inode_getsecurity, 5486 .inode_getsecurity = selinux_inode_getsecurity,
5487 .inode_setsecurity = selinux_inode_setsecurity, 5487 .inode_setsecurity = selinux_inode_setsecurity,
5488 .inode_listsecurity = selinux_inode_listsecurity, 5488 .inode_listsecurity = selinux_inode_listsecurity,
5489 .inode_getsecid = selinux_inode_getsecid, 5489 .inode_getsecid = selinux_inode_getsecid,
5490 5490
5491 .file_permission = selinux_file_permission, 5491 .file_permission = selinux_file_permission,
5492 .file_alloc_security = selinux_file_alloc_security, 5492 .file_alloc_security = selinux_file_alloc_security,
5493 .file_free_security = selinux_file_free_security, 5493 .file_free_security = selinux_file_free_security,
5494 .file_ioctl = selinux_file_ioctl, 5494 .file_ioctl = selinux_file_ioctl,
5495 .file_mmap = selinux_file_mmap, 5495 .file_mmap = selinux_file_mmap,
5496 .file_mprotect = selinux_file_mprotect, 5496 .file_mprotect = selinux_file_mprotect,
5497 .file_lock = selinux_file_lock, 5497 .file_lock = selinux_file_lock,
5498 .file_fcntl = selinux_file_fcntl, 5498 .file_fcntl = selinux_file_fcntl,
5499 .file_set_fowner = selinux_file_set_fowner, 5499 .file_set_fowner = selinux_file_set_fowner,
5500 .file_send_sigiotask = selinux_file_send_sigiotask, 5500 .file_send_sigiotask = selinux_file_send_sigiotask,
5501 .file_receive = selinux_file_receive, 5501 .file_receive = selinux_file_receive,
5502 5502
5503 .dentry_open = selinux_dentry_open, 5503 .dentry_open = selinux_dentry_open,
5504 5504
5505 .task_create = selinux_task_create, 5505 .task_create = selinux_task_create,
5506 .cred_alloc_blank = selinux_cred_alloc_blank, 5506 .cred_alloc_blank = selinux_cred_alloc_blank,
5507 .cred_free = selinux_cred_free, 5507 .cred_free = selinux_cred_free,
5508 .cred_prepare = selinux_cred_prepare, 5508 .cred_prepare = selinux_cred_prepare,
5509 .cred_transfer = selinux_cred_transfer, 5509 .cred_transfer = selinux_cred_transfer,
5510 .kernel_act_as = selinux_kernel_act_as, 5510 .kernel_act_as = selinux_kernel_act_as,
5511 .kernel_create_files_as = selinux_kernel_create_files_as, 5511 .kernel_create_files_as = selinux_kernel_create_files_as,
5512 .kernel_module_request = selinux_kernel_module_request, 5512 .kernel_module_request = selinux_kernel_module_request,
5513 .task_setpgid = selinux_task_setpgid, 5513 .task_setpgid = selinux_task_setpgid,
5514 .task_getpgid = selinux_task_getpgid, 5514 .task_getpgid = selinux_task_getpgid,
5515 .task_getsid = selinux_task_getsid, 5515 .task_getsid = selinux_task_getsid,
5516 .task_getsecid = selinux_task_getsecid, 5516 .task_getsecid = selinux_task_getsecid,
5517 .task_setnice = selinux_task_setnice, 5517 .task_setnice = selinux_task_setnice,
5518 .task_setioprio = selinux_task_setioprio, 5518 .task_setioprio = selinux_task_setioprio,
5519 .task_getioprio = selinux_task_getioprio, 5519 .task_getioprio = selinux_task_getioprio,
5520 .task_setrlimit = selinux_task_setrlimit, 5520 .task_setrlimit = selinux_task_setrlimit,
5521 .task_setscheduler = selinux_task_setscheduler, 5521 .task_setscheduler = selinux_task_setscheduler,
5522 .task_getscheduler = selinux_task_getscheduler, 5522 .task_getscheduler = selinux_task_getscheduler,
5523 .task_movememory = selinux_task_movememory, 5523 .task_movememory = selinux_task_movememory,
5524 .task_kill = selinux_task_kill, 5524 .task_kill = selinux_task_kill,
5525 .task_wait = selinux_task_wait, 5525 .task_wait = selinux_task_wait,
5526 .task_to_inode = selinux_task_to_inode, 5526 .task_to_inode = selinux_task_to_inode,
5527 5527
5528 .ipc_permission = selinux_ipc_permission, 5528 .ipc_permission = selinux_ipc_permission,
5529 .ipc_getsecid = selinux_ipc_getsecid, 5529 .ipc_getsecid = selinux_ipc_getsecid,
5530 5530
5531 .msg_msg_alloc_security = selinux_msg_msg_alloc_security, 5531 .msg_msg_alloc_security = selinux_msg_msg_alloc_security,
5532 .msg_msg_free_security = selinux_msg_msg_free_security, 5532 .msg_msg_free_security = selinux_msg_msg_free_security,
5533 5533
5534 .msg_queue_alloc_security = selinux_msg_queue_alloc_security, 5534 .msg_queue_alloc_security = selinux_msg_queue_alloc_security,
5535 .msg_queue_free_security = selinux_msg_queue_free_security, 5535 .msg_queue_free_security = selinux_msg_queue_free_security,
5536 .msg_queue_associate = selinux_msg_queue_associate, 5536 .msg_queue_associate = selinux_msg_queue_associate,
5537 .msg_queue_msgctl = selinux_msg_queue_msgctl, 5537 .msg_queue_msgctl = selinux_msg_queue_msgctl,
5538 .msg_queue_msgsnd = selinux_msg_queue_msgsnd, 5538 .msg_queue_msgsnd = selinux_msg_queue_msgsnd,
5539 .msg_queue_msgrcv = selinux_msg_queue_msgrcv, 5539 .msg_queue_msgrcv = selinux_msg_queue_msgrcv,
5540 5540
5541 .shm_alloc_security = selinux_shm_alloc_security, 5541 .shm_alloc_security = selinux_shm_alloc_security,
5542 .shm_free_security = selinux_shm_free_security, 5542 .shm_free_security = selinux_shm_free_security,
5543 .shm_associate = selinux_shm_associate, 5543 .shm_associate = selinux_shm_associate,
5544 .shm_shmctl = selinux_shm_shmctl, 5544 .shm_shmctl = selinux_shm_shmctl,
5545 .shm_shmat = selinux_shm_shmat, 5545 .shm_shmat = selinux_shm_shmat,
5546 5546
5547 .sem_alloc_security = selinux_sem_alloc_security, 5547 .sem_alloc_security = selinux_sem_alloc_security,
5548 .sem_free_security = selinux_sem_free_security, 5548 .sem_free_security = selinux_sem_free_security,
5549 .sem_associate = selinux_sem_associate, 5549 .sem_associate = selinux_sem_associate,
5550 .sem_semctl = selinux_sem_semctl, 5550 .sem_semctl = selinux_sem_semctl,
5551 .sem_semop = selinux_sem_semop, 5551 .sem_semop = selinux_sem_semop,
5552 5552
5553 .d_instantiate = selinux_d_instantiate, 5553 .d_instantiate = selinux_d_instantiate,
5554 5554
5555 .getprocattr = selinux_getprocattr, 5555 .getprocattr = selinux_getprocattr,
5556 .setprocattr = selinux_setprocattr, 5556 .setprocattr = selinux_setprocattr,
5557 5557
5558 .secid_to_secctx = selinux_secid_to_secctx, 5558 .secid_to_secctx = selinux_secid_to_secctx,
5559 .secctx_to_secid = selinux_secctx_to_secid, 5559 .secctx_to_secid = selinux_secctx_to_secid,
5560 .release_secctx = selinux_release_secctx, 5560 .release_secctx = selinux_release_secctx,
5561 .inode_notifysecctx = selinux_inode_notifysecctx, 5561 .inode_notifysecctx = selinux_inode_notifysecctx,
5562 .inode_setsecctx = selinux_inode_setsecctx, 5562 .inode_setsecctx = selinux_inode_setsecctx,
5563 .inode_getsecctx = selinux_inode_getsecctx, 5563 .inode_getsecctx = selinux_inode_getsecctx,
5564 5564
5565 .unix_stream_connect = selinux_socket_unix_stream_connect, 5565 .unix_stream_connect = selinux_socket_unix_stream_connect,
5566 .unix_may_send = selinux_socket_unix_may_send, 5566 .unix_may_send = selinux_socket_unix_may_send,
5567 5567
5568 .socket_create = selinux_socket_create, 5568 .socket_create = selinux_socket_create,
5569 .socket_post_create = selinux_socket_post_create, 5569 .socket_post_create = selinux_socket_post_create,
5570 .socket_bind = selinux_socket_bind, 5570 .socket_bind = selinux_socket_bind,
5571 .socket_connect = selinux_socket_connect, 5571 .socket_connect = selinux_socket_connect,
5572 .socket_listen = selinux_socket_listen, 5572 .socket_listen = selinux_socket_listen,
5573 .socket_accept = selinux_socket_accept, 5573 .socket_accept = selinux_socket_accept,
5574 .socket_sendmsg = selinux_socket_sendmsg, 5574 .socket_sendmsg = selinux_socket_sendmsg,
5575 .socket_recvmsg = selinux_socket_recvmsg, 5575 .socket_recvmsg = selinux_socket_recvmsg,
5576 .socket_getsockname = selinux_socket_getsockname, 5576 .socket_getsockname = selinux_socket_getsockname,
5577 .socket_getpeername = selinux_socket_getpeername, 5577 .socket_getpeername = selinux_socket_getpeername,
5578 .socket_getsockopt = selinux_socket_getsockopt, 5578 .socket_getsockopt = selinux_socket_getsockopt,
5579 .socket_setsockopt = selinux_socket_setsockopt, 5579 .socket_setsockopt = selinux_socket_setsockopt,
5580 .socket_shutdown = selinux_socket_shutdown, 5580 .socket_shutdown = selinux_socket_shutdown,
5581 .socket_sock_rcv_skb = selinux_socket_sock_rcv_skb, 5581 .socket_sock_rcv_skb = selinux_socket_sock_rcv_skb,
5582 .socket_getpeersec_stream = selinux_socket_getpeersec_stream, 5582 .socket_getpeersec_stream = selinux_socket_getpeersec_stream,
5583 .socket_getpeersec_dgram = selinux_socket_getpeersec_dgram, 5583 .socket_getpeersec_dgram = selinux_socket_getpeersec_dgram,
5584 .sk_alloc_security = selinux_sk_alloc_security, 5584 .sk_alloc_security = selinux_sk_alloc_security,
5585 .sk_free_security = selinux_sk_free_security, 5585 .sk_free_security = selinux_sk_free_security,
5586 .sk_clone_security = selinux_sk_clone_security, 5586 .sk_clone_security = selinux_sk_clone_security,
5587 .sk_getsecid = selinux_sk_getsecid, 5587 .sk_getsecid = selinux_sk_getsecid,
5588 .sock_graft = selinux_sock_graft, 5588 .sock_graft = selinux_sock_graft,
5589 .inet_conn_request = selinux_inet_conn_request, 5589 .inet_conn_request = selinux_inet_conn_request,
5590 .inet_csk_clone = selinux_inet_csk_clone, 5590 .inet_csk_clone = selinux_inet_csk_clone,
5591 .inet_conn_established = selinux_inet_conn_established, 5591 .inet_conn_established = selinux_inet_conn_established,
5592 .secmark_relabel_packet = selinux_secmark_relabel_packet, 5592 .secmark_relabel_packet = selinux_secmark_relabel_packet,
5593 .secmark_refcount_inc = selinux_secmark_refcount_inc, 5593 .secmark_refcount_inc = selinux_secmark_refcount_inc,
5594 .secmark_refcount_dec = selinux_secmark_refcount_dec, 5594 .secmark_refcount_dec = selinux_secmark_refcount_dec,
5595 .req_classify_flow = selinux_req_classify_flow, 5595 .req_classify_flow = selinux_req_classify_flow,
5596 .tun_dev_create = selinux_tun_dev_create, 5596 .tun_dev_create = selinux_tun_dev_create,
5597 .tun_dev_post_create = selinux_tun_dev_post_create, 5597 .tun_dev_post_create = selinux_tun_dev_post_create,
5598 .tun_dev_attach = selinux_tun_dev_attach, 5598 .tun_dev_attach = selinux_tun_dev_attach,
5599 5599
5600 #ifdef CONFIG_SECURITY_NETWORK_XFRM 5600 #ifdef CONFIG_SECURITY_NETWORK_XFRM
5601 .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc, 5601 .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc,
5602 .xfrm_policy_clone_security = selinux_xfrm_policy_clone, 5602 .xfrm_policy_clone_security = selinux_xfrm_policy_clone,
5603 .xfrm_policy_free_security = selinux_xfrm_policy_free, 5603 .xfrm_policy_free_security = selinux_xfrm_policy_free,
5604 .xfrm_policy_delete_security = selinux_xfrm_policy_delete, 5604 .xfrm_policy_delete_security = selinux_xfrm_policy_delete,
5605 .xfrm_state_alloc_security = selinux_xfrm_state_alloc, 5605 .xfrm_state_alloc_security = selinux_xfrm_state_alloc,
5606 .xfrm_state_free_security = selinux_xfrm_state_free, 5606 .xfrm_state_free_security = selinux_xfrm_state_free,
5607 .xfrm_state_delete_security = selinux_xfrm_state_delete, 5607 .xfrm_state_delete_security = selinux_xfrm_state_delete,
5608 .xfrm_policy_lookup = selinux_xfrm_policy_lookup, 5608 .xfrm_policy_lookup = selinux_xfrm_policy_lookup,
5609 .xfrm_state_pol_flow_match = selinux_xfrm_state_pol_flow_match, 5609 .xfrm_state_pol_flow_match = selinux_xfrm_state_pol_flow_match,
5610 .xfrm_decode_session = selinux_xfrm_decode_session, 5610 .xfrm_decode_session = selinux_xfrm_decode_session,
5611 #endif 5611 #endif
5612 5612
5613 #ifdef CONFIG_KEYS 5613 #ifdef CONFIG_KEYS
5614 .key_alloc = selinux_key_alloc, 5614 .key_alloc = selinux_key_alloc,
5615 .key_free = selinux_key_free, 5615 .key_free = selinux_key_free,
5616 .key_permission = selinux_key_permission, 5616 .key_permission = selinux_key_permission,
5617 .key_getsecurity = selinux_key_getsecurity, 5617 .key_getsecurity = selinux_key_getsecurity,
5618 #endif 5618 #endif
5619 5619
5620 #ifdef CONFIG_AUDIT 5620 #ifdef CONFIG_AUDIT
5621 .audit_rule_init = selinux_audit_rule_init, 5621 .audit_rule_init = selinux_audit_rule_init,
5622 .audit_rule_known = selinux_audit_rule_known, 5622 .audit_rule_known = selinux_audit_rule_known,
5623 .audit_rule_match = selinux_audit_rule_match, 5623 .audit_rule_match = selinux_audit_rule_match,
5624 .audit_rule_free = selinux_audit_rule_free, 5624 .audit_rule_free = selinux_audit_rule_free,
5625 #endif 5625 #endif
5626 }; 5626 };
5627 5627
5628 static __init int selinux_init(void) 5628 static __init int selinux_init(void)
5629 { 5629 {
5630 if (!security_module_enable(&selinux_ops)) { 5630 if (!security_module_enable(&selinux_ops)) {
5631 selinux_enabled = 0; 5631 selinux_enabled = 0;
5632 return 0; 5632 return 0;
5633 } 5633 }
5634 5634
5635 if (!selinux_enabled) { 5635 if (!selinux_enabled) {
5636 printk(KERN_INFO "SELinux: Disabled at boot.\n"); 5636 printk(KERN_INFO "SELinux: Disabled at boot.\n");
5637 return 0; 5637 return 0;
5638 } 5638 }
5639 5639
5640 printk(KERN_INFO "SELinux: Initializing.\n"); 5640 printk(KERN_INFO "SELinux: Initializing.\n");
5641 5641
5642 /* Set the security state for the initial task. */ 5642 /* Set the security state for the initial task. */
5643 cred_init_security(); 5643 cred_init_security();
5644 5644
5645 default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC); 5645 default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
5646 5646
5647 sel_inode_cache = kmem_cache_create("selinux_inode_security", 5647 sel_inode_cache = kmem_cache_create("selinux_inode_security",
5648 sizeof(struct inode_security_struct), 5648 sizeof(struct inode_security_struct),
5649 0, SLAB_PANIC, NULL); 5649 0, SLAB_PANIC, NULL);
5650 avc_init(); 5650 avc_init();
5651 5651
5652 if (register_security(&selinux_ops)) 5652 if (register_security(&selinux_ops))
5653 panic("SELinux: Unable to register with kernel.\n"); 5653 panic("SELinux: Unable to register with kernel.\n");
5654 5654
5655 if (selinux_enforcing) 5655 if (selinux_enforcing)
5656 printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n"); 5656 printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
5657 else 5657 else
5658 printk(KERN_DEBUG "SELinux: Starting in permissive mode\n"); 5658 printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
5659 5659
5660 return 0; 5660 return 0;
5661 } 5661 }
5662 5662
5663 static void delayed_superblock_init(struct super_block *sb, void *unused) 5663 static void delayed_superblock_init(struct super_block *sb, void *unused)
5664 { 5664 {
5665 superblock_doinit(sb, NULL); 5665 superblock_doinit(sb, NULL);
5666 } 5666 }
5667 5667
5668 void selinux_complete_init(void) 5668 void selinux_complete_init(void)
5669 { 5669 {
5670 printk(KERN_DEBUG "SELinux: Completing initialization.\n"); 5670 printk(KERN_DEBUG "SELinux: Completing initialization.\n");
5671 5671
5672 /* Set up any superblocks initialized prior to the policy load. */ 5672 /* Set up any superblocks initialized prior to the policy load. */
5673 printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n"); 5673 printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");
5674 iterate_supers(delayed_superblock_init, NULL); 5674 iterate_supers(delayed_superblock_init, NULL);
5675 } 5675 }
5676 5676
5677 /* SELinux requires early initialization in order to label 5677 /* SELinux requires early initialization in order to label
5678 all processes and objects when they are created. */ 5678 all processes and objects when they are created. */
5679 security_initcall(selinux_init); 5679 security_initcall(selinux_init);
5680 5680
5681 #if defined(CONFIG_NETFILTER) 5681 #if defined(CONFIG_NETFILTER)
5682 5682
5683 static struct nf_hook_ops selinux_ipv4_ops[] = { 5683 static struct nf_hook_ops selinux_ipv4_ops[] = {
5684 { 5684 {
5685 .hook = selinux_ipv4_postroute, 5685 .hook = selinux_ipv4_postroute,
5686 .owner = THIS_MODULE, 5686 .owner = THIS_MODULE,
5687 .pf = PF_INET, 5687 .pf = PF_INET,
5688 .hooknum = NF_INET_POST_ROUTING, 5688 .hooknum = NF_INET_POST_ROUTING,
5689 .priority = NF_IP_PRI_SELINUX_LAST, 5689 .priority = NF_IP_PRI_SELINUX_LAST,
5690 }, 5690 },
5691 { 5691 {
5692 .hook = selinux_ipv4_forward, 5692 .hook = selinux_ipv4_forward,
5693 .owner = THIS_MODULE, 5693 .owner = THIS_MODULE,
5694 .pf = PF_INET, 5694 .pf = PF_INET,
5695 .hooknum = NF_INET_FORWARD, 5695 .hooknum = NF_INET_FORWARD,
5696 .priority = NF_IP_PRI_SELINUX_FIRST, 5696 .priority = NF_IP_PRI_SELINUX_FIRST,
5697 }, 5697 },
5698 { 5698 {
5699 .hook = selinux_ipv4_output, 5699 .hook = selinux_ipv4_output,
5700 .owner = THIS_MODULE, 5700 .owner = THIS_MODULE,
5701 .pf = PF_INET, 5701 .pf = PF_INET,
5702 .hooknum = NF_INET_LOCAL_OUT, 5702 .hooknum = NF_INET_LOCAL_OUT,
5703 .priority = NF_IP_PRI_SELINUX_FIRST, 5703 .priority = NF_IP_PRI_SELINUX_FIRST,
5704 } 5704 }
5705 }; 5705 };
5706 5706
5707 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 5707 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5708 5708
5709 static struct nf_hook_ops selinux_ipv6_ops[] = { 5709 static struct nf_hook_ops selinux_ipv6_ops[] = {
5710 { 5710 {
5711 .hook = selinux_ipv6_postroute, 5711 .hook = selinux_ipv6_postroute,
5712 .owner = THIS_MODULE, 5712 .owner = THIS_MODULE,
5713 .pf = PF_INET6, 5713 .pf = PF_INET6,
5714 .hooknum = NF_INET_POST_ROUTING, 5714 .hooknum = NF_INET_POST_ROUTING,
5715 .priority = NF_IP6_PRI_SELINUX_LAST, 5715 .priority = NF_IP6_PRI_SELINUX_LAST,
5716 }, 5716 },
5717 { 5717 {
5718 .hook = selinux_ipv6_forward, 5718 .hook = selinux_ipv6_forward,
5719 .owner = THIS_MODULE, 5719 .owner = THIS_MODULE,
5720 .pf = PF_INET6, 5720 .pf = PF_INET6,
5721 .hooknum = NF_INET_FORWARD, 5721 .hooknum = NF_INET_FORWARD,
5722 .priority = NF_IP6_PRI_SELINUX_FIRST, 5722 .priority = NF_IP6_PRI_SELINUX_FIRST,
5723 } 5723 }
5724 }; 5724 };
5725 5725
5726 #endif /* IPV6 */ 5726 #endif /* IPV6 */
5727 5727
5728 static int __init selinux_nf_ip_init(void) 5728 static int __init selinux_nf_ip_init(void)
5729 { 5729 {
5730 int err = 0; 5730 int err = 0;
5731 5731
5732 if (!selinux_enabled) 5732 if (!selinux_enabled)
5733 goto out; 5733 goto out;
5734 5734
5735 printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n"); 5735 printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
5736 5736
5737 err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops)); 5737 err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
5738 if (err) 5738 if (err)
5739 panic("SELinux: nf_register_hooks for IPv4: error %d\n", err); 5739 panic("SELinux: nf_register_hooks for IPv4: error %d\n", err);
5740 5740
5741 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 5741 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5742 err = nf_register_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops)); 5742 err = nf_register_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
5743 if (err) 5743 if (err)
5744 panic("SELinux: nf_register_hooks for IPv6: error %d\n", err); 5744 panic("SELinux: nf_register_hooks for IPv6: error %d\n", err);
5745 #endif /* IPV6 */ 5745 #endif /* IPV6 */
5746 5746
5747 out: 5747 out:
5748 return err; 5748 return err;
5749 } 5749 }
5750 5750
5751 __initcall(selinux_nf_ip_init); 5751 __initcall(selinux_nf_ip_init);
5752 5752
5753 #ifdef CONFIG_SECURITY_SELINUX_DISABLE 5753 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
5754 static void selinux_nf_ip_exit(void) 5754 static void selinux_nf_ip_exit(void)
5755 { 5755 {
5756 printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n"); 5756 printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
5757 5757
5758 nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops)); 5758 nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
5759 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 5759 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5760 nf_unregister_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops)); 5760 nf_unregister_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
5761 #endif /* IPV6 */ 5761 #endif /* IPV6 */
5762 } 5762 }
5763 #endif 5763 #endif
5764 5764
5765 #else /* CONFIG_NETFILTER */ 5765 #else /* CONFIG_NETFILTER */
5766 5766
5767 #ifdef CONFIG_SECURITY_SELINUX_DISABLE 5767 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
5768 #define selinux_nf_ip_exit() 5768 #define selinux_nf_ip_exit()
5769 #endif 5769 #endif
5770 5770
5771 #endif /* CONFIG_NETFILTER */ 5771 #endif /* CONFIG_NETFILTER */
5772 5772
5773 #ifdef CONFIG_SECURITY_SELINUX_DISABLE 5773 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
5774 static int selinux_disabled; 5774 static int selinux_disabled;
5775 5775
5776 int selinux_disable(void) 5776 int selinux_disable(void)
5777 { 5777 {
5778 extern void exit_sel_fs(void); 5778 extern void exit_sel_fs(void);
5779 5779
5780 if (ss_initialized) { 5780 if (ss_initialized) {
5781 /* Not permitted after initial policy load. */ 5781 /* Not permitted after initial policy load. */
5782 return -EINVAL; 5782 return -EINVAL;
5783 } 5783 }
5784 5784
5785 if (selinux_disabled) { 5785 if (selinux_disabled) {
5786 /* Only do this once. */ 5786 /* Only do this once. */
5787 return -EINVAL; 5787 return -EINVAL;
5788 } 5788 }
5789 5789
5790 printk(KERN_INFO "SELinux: Disabled at runtime.\n"); 5790 printk(KERN_INFO "SELinux: Disabled at runtime.\n");
5791 5791
5792 selinux_disabled = 1; 5792 selinux_disabled = 1;
5793 selinux_enabled = 0; 5793 selinux_enabled = 0;
5794 5794
5795 reset_security_ops(); 5795 reset_security_ops();
5796 5796
5797 /* Try to destroy the avc node cache */ 5797 /* Try to destroy the avc node cache */
5798 avc_disable(); 5798 avc_disable();
5799 5799
5800 /* Unregister netfilter hooks. */ 5800 /* Unregister netfilter hooks. */
5801 selinux_nf_ip_exit(); 5801 selinux_nf_ip_exit();
5802 5802
5803 /* Unregister selinuxfs. */ 5803 /* Unregister selinuxfs. */
5804 exit_sel_fs(); 5804 exit_sel_fs();
5805 5805
5806 return 0; 5806 return 0;
5807 } 5807 }
5808 #endif 5808 #endif
5809 5809
security/smack/smack.h
Diff comments   View file @ f48b739
1 /* 1 /*
2 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 2 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
3 * 3 *
4 * This program is free software; you can redistribute it and/or modify 4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by 5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation, version 2. 6 * the Free Software Foundation, version 2.
7 * 7 *
8 * Author: 8 * Author:
9 * Casey Schaufler <casey@schaufler-ca.com> 9 * Casey Schaufler <casey@schaufler-ca.com>
10 * 10 *
11 */ 11 */
12 12
13 #ifndef _SECURITY_SMACK_H 13 #ifndef _SECURITY_SMACK_H
14 #define _SECURITY_SMACK_H 14 #define _SECURITY_SMACK_H
15 15
16 #include <linux/capability.h> 16 #include <linux/capability.h>
17 #include <linux/spinlock.h> 17 #include <linux/spinlock.h>
18 #include <linux/security.h> 18 #include <linux/security.h>
19 #include <linux/in.h> 19 #include <linux/in.h>
20 #include <net/netlabel.h> 20 #include <net/netlabel.h>
21 #include <linux/list.h> 21 #include <linux/list.h>
22 #include <linux/rculist.h> 22 #include <linux/rculist.h>
23 #include <linux/lsm_audit.h> 23 #include <linux/lsm_audit.h>
24 24
25 /* 25 /*
26 * Why 23? CIPSO is constrained to 30, so a 32 byte buffer is 26 * Why 23? CIPSO is constrained to 30, so a 32 byte buffer is
27 * bigger than can be used, and 24 is the next lower multiple 27 * bigger than can be used, and 24 is the next lower multiple
28 * of 8, and there are too many issues if there isn't space set 28 * of 8, and there are too many issues if there isn't space set
29 * aside for the terminating null byte. 29 * aside for the terminating null byte.
30 */ 30 */
31 #define SMK_MAXLEN 23 31 #define SMK_MAXLEN 23
32 #define SMK_LABELLEN (SMK_MAXLEN+1) 32 #define SMK_LABELLEN (SMK_MAXLEN+1)
33 33
34 struct superblock_smack { 34 struct superblock_smack {
35 char *smk_root; 35 char *smk_root;
36 char *smk_floor; 36 char *smk_floor;
37 char *smk_hat; 37 char *smk_hat;
38 char *smk_default; 38 char *smk_default;
39 int smk_initialized; 39 int smk_initialized;
40 spinlock_t smk_sblock; /* for initialization */ 40 spinlock_t smk_sblock; /* for initialization */
41 }; 41 };
42 42
43 struct socket_smack { 43 struct socket_smack {
44 char *smk_out; /* outbound label */ 44 char *smk_out; /* outbound label */
45 char *smk_in; /* inbound label */ 45 char *smk_in; /* inbound label */
46 char smk_packet[SMK_LABELLEN]; /* TCP peer label */ 46 char smk_packet[SMK_LABELLEN]; /* TCP peer label */
47 }; 47 };
48 48
49 /* 49 /*
50 * Inode smack data 50 * Inode smack data
51 */ 51 */
52 struct inode_smack { 52 struct inode_smack {
53 char *smk_inode; /* label of the fso */ 53 char *smk_inode; /* label of the fso */
54 char *smk_task; /* label of the task */ 54 char *smk_task; /* label of the task */
55 char *smk_mmap; /* label of the mmap domain */ 55 char *smk_mmap; /* label of the mmap domain */
56 struct mutex smk_lock; /* initialization lock */ 56 struct mutex smk_lock; /* initialization lock */
57 int smk_flags; /* smack inode flags */ 57 int smk_flags; /* smack inode flags */
58 }; 58 };
59 59
60 struct task_smack { 60 struct task_smack {
61 char *smk_task; /* label for access control */ 61 char *smk_task; /* label for access control */
62 char *smk_forked; /* label when forked */ 62 char *smk_forked; /* label when forked */
63 struct list_head smk_rules; /* per task access rules */ 63 struct list_head smk_rules; /* per task access rules */
64 struct mutex smk_rules_lock; /* lock for the rules */ 64 struct mutex smk_rules_lock; /* lock for the rules */
65 }; 65 };
66 66
67 #define SMK_INODE_INSTANT 0x01 /* inode is instantiated */ 67 #define SMK_INODE_INSTANT 0x01 /* inode is instantiated */
68 #define SMK_INODE_TRANSMUTE 0x02 /* directory is transmuting */ 68 #define SMK_INODE_TRANSMUTE 0x02 /* directory is transmuting */
69 69
70 /* 70 /*
71 * A label access rule. 71 * A label access rule.
72 */ 72 */
73 struct smack_rule { 73 struct smack_rule {
74 struct list_head list; 74 struct list_head list;
75 char *smk_subject; 75 char *smk_subject;
76 char *smk_object; 76 char *smk_object;
77 int smk_access; 77 int smk_access;
78 }; 78 };
79 79
80 /* 80 /*
81 * An entry in the table mapping smack values to 81 * An entry in the table mapping smack values to
82 * CIPSO level/category-set values. 82 * CIPSO level/category-set values.
83 */ 83 */
84 struct smack_cipso { 84 struct smack_cipso {
85 int smk_level; 85 int smk_level;
86 char smk_catset[SMK_LABELLEN]; 86 char smk_catset[SMK_LABELLEN];
87 }; 87 };
88 88
89 /* 89 /*
90 * An entry in the table identifying hosts. 90 * An entry in the table identifying hosts.
91 */ 91 */
92 struct smk_netlbladdr { 92 struct smk_netlbladdr {
93 struct list_head list; 93 struct list_head list;
94 struct sockaddr_in smk_host; /* network address */ 94 struct sockaddr_in smk_host; /* network address */
95 struct in_addr smk_mask; /* network mask */ 95 struct in_addr smk_mask; /* network mask */
96 char *smk_label; /* label */ 96 char *smk_label; /* label */
97 }; 97 };
98 98
99 /* 99 /*
100 * This is the repository for labels seen so that it is 100 * This is the repository for labels seen so that it is
101 * not necessary to keep allocating tiny chuncks of memory 101 * not necessary to keep allocating tiny chuncks of memory
102 * and so that they can be shared. 102 * and so that they can be shared.
103 * 103 *
104 * Labels are never modified in place. Anytime a label 104 * Labels are never modified in place. Anytime a label
105 * is imported (e.g. xattrset on a file) the list is checked 105 * is imported (e.g. xattrset on a file) the list is checked
106 * for it and it is added if it doesn't exist. The address 106 * for it and it is added if it doesn't exist. The address
107 * is passed out in either case. Entries are added, but 107 * is passed out in either case. Entries are added, but
108 * never deleted. 108 * never deleted.
109 * 109 *
110 * Since labels are hanging around anyway it doesn't 110 * Since labels are hanging around anyway it doesn't
111 * hurt to maintain a secid for those awkward situations 111 * hurt to maintain a secid for those awkward situations
112 * where kernel components that ought to use LSM independent 112 * where kernel components that ought to use LSM independent
113 * interfaces don't. The secid should go away when all of 113 * interfaces don't. The secid should go away when all of
114 * these components have been repaired. 114 * these components have been repaired.
115 * 115 *
116 * If there is a cipso value associated with the label it 116 * If there is a cipso value associated with the label it
117 * gets stored here, too. This will most likely be rare as 117 * gets stored here, too. This will most likely be rare as
118 * the cipso direct mapping in used internally. 118 * the cipso direct mapping in used internally.
119 */ 119 */
120 struct smack_known { 120 struct smack_known {
121 struct list_head list; 121 struct list_head list;
122 char smk_known[SMK_LABELLEN]; 122 char smk_known[SMK_LABELLEN];
123 u32 smk_secid; 123 u32 smk_secid;
124 struct smack_cipso *smk_cipso; 124 struct smack_cipso *smk_cipso;
125 spinlock_t smk_cipsolock; /* for changing cipso map */ 125 spinlock_t smk_cipsolock; /* for changing cipso map */
126 }; 126 };
127 127
128 /* 128 /*
129 * Mount options 129 * Mount options
130 */ 130 */
131 #define SMK_FSDEFAULT "smackfsdef=" 131 #define SMK_FSDEFAULT "smackfsdef="
132 #define SMK_FSFLOOR "smackfsfloor=" 132 #define SMK_FSFLOOR "smackfsfloor="
133 #define SMK_FSHAT "smackfshat=" 133 #define SMK_FSHAT "smackfshat="
134 #define SMK_FSROOT "smackfsroot=" 134 #define SMK_FSROOT "smackfsroot="
135 135
136 #define SMACK_CIPSO_OPTION "-CIPSO" 136 #define SMACK_CIPSO_OPTION "-CIPSO"
137 137
138 /* 138 /*
139 * How communications on this socket are treated. 139 * How communications on this socket are treated.
140 * Usually it's determined by the underlying netlabel code 140 * Usually it's determined by the underlying netlabel code
141 * but there are certain cases, including single label hosts 141 * but there are certain cases, including single label hosts
142 * and potentially single label interfaces for which the 142 * and potentially single label interfaces for which the
143 * treatment can not be known in advance. 143 * treatment can not be known in advance.
144 * 144 *
145 * The possibility of additional labeling schemes being 145 * The possibility of additional labeling schemes being
146 * introduced in the future exists as well. 146 * introduced in the future exists as well.
147 */ 147 */
148 #define SMACK_UNLABELED_SOCKET 0 148 #define SMACK_UNLABELED_SOCKET 0
149 #define SMACK_CIPSO_SOCKET 1 149 #define SMACK_CIPSO_SOCKET 1
150 150
151 /* 151 /*
152 * smackfs magic number 152 * smackfs magic number
153 * smackfs macic number 153 * smackfs macic number
154 */ 154 */
155 #define SMACK_MAGIC 0x43415d53 /* "SMAC" */ 155 #define SMACK_MAGIC 0x43415d53 /* "SMAC" */
156 156
157 /* 157 /*
158 * CIPSO defaults. 158 * CIPSO defaults.
159 */ 159 */
160 #define SMACK_CIPSO_DOI_DEFAULT 3 /* Historical */ 160 #define SMACK_CIPSO_DOI_DEFAULT 3 /* Historical */
161 #define SMACK_CIPSO_DOI_INVALID -1 /* Not a DOI */ 161 #define SMACK_CIPSO_DOI_INVALID -1 /* Not a DOI */
162 #define SMACK_CIPSO_DIRECT_DEFAULT 250 /* Arbitrary */ 162 #define SMACK_CIPSO_DIRECT_DEFAULT 250 /* Arbitrary */
163 #define SMACK_CIPSO_MAXCATVAL 63 /* Bigger gets harder */ 163 #define SMACK_CIPSO_MAXCATVAL 63 /* Bigger gets harder */
164 #define SMACK_CIPSO_MAXLEVEL 255 /* CIPSO 2.2 standard */ 164 #define SMACK_CIPSO_MAXLEVEL 255 /* CIPSO 2.2 standard */
165 #define SMACK_CIPSO_MAXCATNUM 239 /* CIPSO 2.2 standard */ 165 #define SMACK_CIPSO_MAXCATNUM 239 /* CIPSO 2.2 standard */
166 166
167 /* 167 /*
168 * Flag for transmute access 168 * Flag for transmute access
169 */ 169 */
170 #define MAY_TRANSMUTE 64 170 #define MAY_TRANSMUTE 64
171 /* 171 /*
172 * Just to make the common cases easier to deal with 172 * Just to make the common cases easier to deal with
173 */ 173 */
174 #define MAY_ANYREAD (MAY_READ | MAY_EXEC) 174 #define MAY_ANYREAD (MAY_READ | MAY_EXEC)
175 #define MAY_READWRITE (MAY_READ | MAY_WRITE) 175 #define MAY_READWRITE (MAY_READ | MAY_WRITE)
176 #define MAY_NOT 0 176 #define MAY_NOT 0
177 177
178 /* 178 /*
179 * Number of access types used by Smack (rwxa) 179 * Number of access types used by Smack (rwxa)
180 */ 180 */
181 #define SMK_NUM_ACCESS_TYPE 4 181 #define SMK_NUM_ACCESS_TYPE 4
182 182
183 /* 183 /*
184 * Smack audit data; is empty if CONFIG_AUDIT not set 184 * Smack audit data; is empty if CONFIG_AUDIT not set
185 * to save some stack 185 * to save some stack
186 */ 186 */
187 struct smk_audit_info { 187 struct smk_audit_info {
188 #ifdef CONFIG_AUDIT 188 #ifdef CONFIG_AUDIT
189 struct common_audit_data a; 189 struct common_audit_data a;
190 #endif 190 #endif
191 }; 191 };
192 /* 192 /*
193 * These functions are in smack_lsm.c 193 * These functions are in smack_lsm.c
194 */ 194 */
195 struct inode_smack *new_inode_smack(char *); 195 struct inode_smack *new_inode_smack(char *);
196 196
197 /* 197 /*
198 * These functions are in smack_access.c 198 * These functions are in smack_access.c
199 */ 199 */
200 int smk_access_entry(char *, char *, struct list_head *); 200 int smk_access_entry(char *, char *, struct list_head *);
201 int smk_access(char *, char *, int, struct smk_audit_info *); 201 int smk_access(char *, char *, int, struct smk_audit_info *);
202 int smk_curacc(char *, u32, struct smk_audit_info *); 202 int smk_curacc(char *, u32, struct smk_audit_info *);
203 int smack_to_cipso(const char *, struct smack_cipso *); 203 int smack_to_cipso(const char *, struct smack_cipso *);
204 void smack_from_cipso(u32, char *, char *); 204 void smack_from_cipso(u32, char *, char *);
205 char *smack_from_secid(const u32); 205 char *smack_from_secid(const u32);
206 char *smk_import(const char *, int); 206 char *smk_import(const char *, int);
207 struct smack_known *smk_import_entry(const char *, int); 207 struct smack_known *smk_import_entry(const char *, int);
208 u32 smack_to_secid(const char *); 208 u32 smack_to_secid(const char *);
209 209
210 /* 210 /*
211 * Shared data. 211 * Shared data.
212 */ 212 */
213 extern int smack_cipso_direct; 213 extern int smack_cipso_direct;
214 extern char *smack_net_ambient; 214 extern char *smack_net_ambient;
215 extern char *smack_onlycap; 215 extern char *smack_onlycap;
216 extern const char *smack_cipso_option; 216 extern const char *smack_cipso_option;
217 217
218 extern struct smack_known smack_known_floor; 218 extern struct smack_known smack_known_floor;
219 extern struct smack_known smack_known_hat; 219 extern struct smack_known smack_known_hat;
220 extern struct smack_known smack_known_huh; 220 extern struct smack_known smack_known_huh;
221 extern struct smack_known smack_known_invalid; 221 extern struct smack_known smack_known_invalid;
222 extern struct smack_known smack_known_star; 222 extern struct smack_known smack_known_star;
223 extern struct smack_known smack_known_web; 223 extern struct smack_known smack_known_web;
224 224
225 extern struct list_head smack_known_list; 225 extern struct list_head smack_known_list;
226 extern struct list_head smack_rule_list; 226 extern struct list_head smack_rule_list;
227 extern struct list_head smk_netlbladdr_list; 227 extern struct list_head smk_netlbladdr_list;
228 228
229 extern struct security_operations smack_ops; 229 extern struct security_operations smack_ops;
230 230
231 /* 231 /*
232 * Stricly for CIPSO level manipulation. 232 * Stricly for CIPSO level manipulation.
233 * Set the category bit number in a smack label sized buffer. 233 * Set the category bit number in a smack label sized buffer.
234 */ 234 */
235 static inline void smack_catset_bit(int cat, char *catsetp) 235 static inline void smack_catset_bit(int cat, char *catsetp)
236 { 236 {
237 if (cat > SMK_LABELLEN * 8) 237 if (cat > SMK_LABELLEN * 8)
238 return; 238 return;
239 239
240 catsetp[(cat - 1) / 8] |= 0x80 >> ((cat - 1) % 8); 240 catsetp[(cat - 1) / 8] |= 0x80 >> ((cat - 1) % 8);
241 } 241 }
242 242
243 /* 243 /*
244 * Is the directory transmuting? 244 * Is the directory transmuting?
245 */ 245 */
246 static inline int smk_inode_transmutable(const struct inode *isp) 246 static inline int smk_inode_transmutable(const struct inode *isp)
247 { 247 {
248 struct inode_smack *sip = isp->i_security; 248 struct inode_smack *sip = isp->i_security;
249 return (sip->smk_flags & SMK_INODE_TRANSMUTE) != 0; 249 return (sip->smk_flags & SMK_INODE_TRANSMUTE) != 0;
250 } 250 }
251 251
252 /* 252 /*
253 * Present a pointer to the smack label in an inode blob. 253 * Present a pointer to the smack label in an inode blob.
254 */ 254 */
255 static inline char *smk_of_inode(const struct inode *isp) 255 static inline char *smk_of_inode(const struct inode *isp)
256 { 256 {
257 struct inode_smack *sip = isp->i_security; 257 struct inode_smack *sip = isp->i_security;
258 return sip->smk_inode; 258 return sip->smk_inode;
259 } 259 }
260 260
261 /* 261 /*
262 * Present a pointer to the smack label in an task blob. 262 * Present a pointer to the smack label in an task blob.
263 */ 263 */
264 static inline char *smk_of_task(const struct task_smack *tsp) 264 static inline char *smk_of_task(const struct task_smack *tsp)
265 { 265 {
266 return tsp->smk_task; 266 return tsp->smk_task;
267 } 267 }
268 268
269 /* 269 /*
270 * Present a pointer to the forked smack label in an task blob. 270 * Present a pointer to the forked smack label in an task blob.
271 */ 271 */
272 static inline char *smk_of_forked(const struct task_smack *tsp) 272 static inline char *smk_of_forked(const struct task_smack *tsp)
273 { 273 {
274 return tsp->smk_forked; 274 return tsp->smk_forked;
275 } 275 }
276 276
277 /* 277 /*
278 * Present a pointer to the smack label in the current task blob. 278 * Present a pointer to the smack label in the current task blob.
279 */ 279 */
280 static inline char *smk_of_current(void) 280 static inline char *smk_of_current(void)
281 { 281 {
282 return smk_of_task(current_security()); 282 return smk_of_task(current_security());
283 } 283 }
284 284
285 /* 285 /*
286 * logging functions 286 * logging functions
287 */ 287 */
288 #define SMACK_AUDIT_DENIED 0x1 288 #define SMACK_AUDIT_DENIED 0x1
289 #define SMACK_AUDIT_ACCEPT 0x2 289 #define SMACK_AUDIT_ACCEPT 0x2
290 extern int log_policy; 290 extern int log_policy;
291 291
292 void smack_log(char *subject_label, char *object_label, 292 void smack_log(char *subject_label, char *object_label,
293 int request, 293 int request,
294 int result, struct smk_audit_info *auditdata); 294 int result, struct smk_audit_info *auditdata);
295 295
296 #ifdef CONFIG_AUDIT 296 #ifdef CONFIG_AUDIT
297 297
298 /* 298 /*
299 * some inline functions to set up audit data 299 * some inline functions to set up audit data
300 * they do nothing if CONFIG_AUDIT is not set 300 * they do nothing if CONFIG_AUDIT is not set
301 * 301 *
302 */ 302 */
303 static inline void smk_ad_init(struct smk_audit_info *a, const char *func, 303 static inline void smk_ad_init(struct smk_audit_info *a, const char *func,
304 char type) 304 char type)
305 { 305 {
306 memset(a, 0, sizeof(*a)); 306 memset(a, 0, sizeof(*a));
307 a->a.type = type; 307 a->a.type = type;
308 a->a.smack_audit_data.function = func; 308 a->a.smack_audit_data.function = func;
309 } 309 }
310 310
311 static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a, 311 static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a,
312 struct task_struct *t) 312 struct task_struct *t)
313 { 313 {
314 a->a.u.tsk = t; 314 a->a.u.tsk = t;
315 } 315 }
316 static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a, 316 static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a,
317 struct dentry *d) 317 struct dentry *d)
318 { 318 {
319 a->a.u.fs.path.dentry = d; 319 a->a.u.path.dentry = d;
320 } 320 }
321 static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a, 321 static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a,
322 struct vfsmount *m) 322 struct vfsmount *m)
323 { 323 {
324 a->a.u.fs.path.mnt = m; 324 a->a.u.path.mnt = m;
325 } 325 }
326 static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a, 326 static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a,
327 struct inode *i) 327 struct inode *i)
328 { 328 {
329 a->a.u.fs.inode = i; 329 a->a.u.inode = i;
330 } 330 }
331 static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a, 331 static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a,
332 struct path p) 332 struct path p)
333 { 333 {
334 a->a.u.fs.path = p; 334 a->a.u.path = p;
335 } 335 }
336 static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a, 336 static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a,
337 struct sock *sk) 337 struct sock *sk)
338 { 338 {
339 a->a.u.net.sk = sk; 339 a->a.u.net.sk = sk;
340 } 340 }
341 341
342 #else /* no AUDIT */ 342 #else /* no AUDIT */
343 343
344 static inline void smk_ad_init(struct smk_audit_info *a, const char *func, 344 static inline void smk_ad_init(struct smk_audit_info *a, const char *func,
345 char type) 345 char type)
346 { 346 {
347 } 347 }
348 static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a, 348 static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a,
349 struct task_struct *t) 349 struct task_struct *t)
350 { 350 {
351 } 351 }
352 static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a, 352 static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a,
353 struct dentry *d) 353 struct dentry *d)
354 { 354 {
355 } 355 }
356 static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a, 356 static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a,
357 struct vfsmount *m) 357 struct vfsmount *m)
358 { 358 {
359 } 359 }
360 static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a, 360 static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a,
361 struct inode *i) 361 struct inode *i)
362 { 362 {
363 } 363 }
364 static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a, 364 static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a,
365 struct path p) 365 struct path p)
366 { 366 {
367 } 367 }
368 static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a, 368 static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a,
369 struct sock *sk) 369 struct sock *sk)
370 { 370 {
371 } 371 }
372 #endif 372 #endif
373 373
374 #endif /* _SECURITY_SMACK_H */ 374 #endif /* _SECURITY_SMACK_H */
375 375
security/smack/smack_lsm.c
Diff comments   View file @ f48b739
1 /* 1 /*
2 * Simplified MAC Kernel (smack) security module 2 * Simplified MAC Kernel (smack) security module
3 * 3 *
4 * This file contains the smack hook function implementations. 4 * This file contains the smack hook function implementations.
5 * 5 *
6 * Authors: 6 * Authors:
7 * Casey Schaufler <casey@schaufler-ca.com> 7 * Casey Schaufler <casey@schaufler-ca.com>
8 * Jarkko Sakkinen <ext-jarkko.2.sakkinen@nokia.com> 8 * Jarkko Sakkinen <ext-jarkko.2.sakkinen@nokia.com>
9 * 9 *
10 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> 10 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
11 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. 11 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
12 * Paul Moore <paul.moore@hp.com> 12 * Paul Moore <paul.moore@hp.com>
13 * Copyright (C) 2010 Nokia Corporation 13 * Copyright (C) 2010 Nokia Corporation
14 * 14 *
15 * This program is free software; you can redistribute it and/or modify 15 * This program is free software; you can redistribute it and/or modify
16 * it under the terms of the GNU General Public License version 2, 16 * it under the terms of the GNU General Public License version 2,
17 * as published by the Free Software Foundation. 17 * as published by the Free Software Foundation.
18 */ 18 */
19 19
20 #include <linux/xattr.h> 20 #include <linux/xattr.h>
21 #include <linux/pagemap.h> 21 #include <linux/pagemap.h>
22 #include <linux/mount.h> 22 #include <linux/mount.h>
23 #include <linux/stat.h> 23 #include <linux/stat.h>
24 #include <linux/kd.h> 24 #include <linux/kd.h>
25 #include <asm/ioctls.h> 25 #include <asm/ioctls.h>
26 #include <linux/ip.h> 26 #include <linux/ip.h>
27 #include <linux/tcp.h> 27 #include <linux/tcp.h>
28 #include <linux/udp.h> 28 #include <linux/udp.h>
29 #include <linux/slab.h> 29 #include <linux/slab.h>
30 #include <linux/mutex.h> 30 #include <linux/mutex.h>
31 #include <linux/pipe_fs_i.h> 31 #include <linux/pipe_fs_i.h>
32 #include <net/netlabel.h> 32 #include <net/netlabel.h>
33 #include <net/cipso_ipv4.h> 33 #include <net/cipso_ipv4.h>
34 #include <linux/audit.h> 34 #include <linux/audit.h>
35 #include <linux/magic.h> 35 #include <linux/magic.h>
36 #include <linux/dcache.h> 36 #include <linux/dcache.h>
37 #include "smack.h" 37 #include "smack.h"
38 38
39 #define task_security(task) (task_cred_xxx((task), security)) 39 #define task_security(task) (task_cred_xxx((task), security))
40 40
41 #define TRANS_TRUE "TRUE" 41 #define TRANS_TRUE "TRUE"
42 #define TRANS_TRUE_SIZE 4 42 #define TRANS_TRUE_SIZE 4
43 43
44 /** 44 /**
45 * smk_fetch - Fetch the smack label from a file. 45 * smk_fetch - Fetch the smack label from a file.
46 * @ip: a pointer to the inode 46 * @ip: a pointer to the inode
47 * @dp: a pointer to the dentry 47 * @dp: a pointer to the dentry
48 * 48 *
49 * Returns a pointer to the master list entry for the Smack label 49 * Returns a pointer to the master list entry for the Smack label
50 * or NULL if there was no label to fetch. 50 * or NULL if there was no label to fetch.
51 */ 51 */
52 static char *smk_fetch(const char *name, struct inode *ip, struct dentry *dp) 52 static char *smk_fetch(const char *name, struct inode *ip, struct dentry *dp)
53 { 53 {
54 int rc; 54 int rc;
55 char in[SMK_LABELLEN]; 55 char in[SMK_LABELLEN];
56 56
57 if (ip->i_op->getxattr == NULL) 57 if (ip->i_op->getxattr == NULL)
58 return NULL; 58 return NULL;
59 59
60 rc = ip->i_op->getxattr(dp, name, in, SMK_LABELLEN); 60 rc = ip->i_op->getxattr(dp, name, in, SMK_LABELLEN);
61 if (rc < 0) 61 if (rc < 0)
62 return NULL; 62 return NULL;
63 63
64 return smk_import(in, rc); 64 return smk_import(in, rc);
65 } 65 }
66 66
67 /** 67 /**
68 * new_inode_smack - allocate an inode security blob 68 * new_inode_smack - allocate an inode security blob
69 * @smack: a pointer to the Smack label to use in the blob 69 * @smack: a pointer to the Smack label to use in the blob
70 * 70 *
71 * Returns the new blob or NULL if there's no memory available 71 * Returns the new blob or NULL if there's no memory available
72 */ 72 */
73 struct inode_smack *new_inode_smack(char *smack) 73 struct inode_smack *new_inode_smack(char *smack)
74 { 74 {
75 struct inode_smack *isp; 75 struct inode_smack *isp;
76 76
77 isp = kzalloc(sizeof(struct inode_smack), GFP_KERNEL); 77 isp = kzalloc(sizeof(struct inode_smack), GFP_KERNEL);
78 if (isp == NULL) 78 if (isp == NULL)
79 return NULL; 79 return NULL;
80 80
81 isp->smk_inode = smack; 81 isp->smk_inode = smack;
82 isp->smk_flags = 0; 82 isp->smk_flags = 0;
83 mutex_init(&isp->smk_lock); 83 mutex_init(&isp->smk_lock);
84 84
85 return isp; 85 return isp;
86 } 86 }
87 87
88 /** 88 /**
89 * new_task_smack - allocate a task security blob 89 * new_task_smack - allocate a task security blob
90 * @smack: a pointer to the Smack label to use in the blob 90 * @smack: a pointer to the Smack label to use in the blob
91 * 91 *
92 * Returns the new blob or NULL if there's no memory available 92 * Returns the new blob or NULL if there's no memory available
93 */ 93 */
94 static struct task_smack *new_task_smack(char *task, char *forked, gfp_t gfp) 94 static struct task_smack *new_task_smack(char *task, char *forked, gfp_t gfp)
95 { 95 {
96 struct task_smack *tsp; 96 struct task_smack *tsp;
97 97
98 tsp = kzalloc(sizeof(struct task_smack), gfp); 98 tsp = kzalloc(sizeof(struct task_smack), gfp);
99 if (tsp == NULL) 99 if (tsp == NULL)
100 return NULL; 100 return NULL;
101 101
102 tsp->smk_task = task; 102 tsp->smk_task = task;
103 tsp->smk_forked = forked; 103 tsp->smk_forked = forked;
104 INIT_LIST_HEAD(&tsp->smk_rules); 104 INIT_LIST_HEAD(&tsp->smk_rules);
105 mutex_init(&tsp->smk_rules_lock); 105 mutex_init(&tsp->smk_rules_lock);
106 106
107 return tsp; 107 return tsp;
108 } 108 }
109 109
110 /** 110 /**
111 * smk_copy_rules - copy a rule set 111 * smk_copy_rules - copy a rule set
112 * @nhead - new rules header pointer 112 * @nhead - new rules header pointer
113 * @ohead - old rules header pointer 113 * @ohead - old rules header pointer
114 * 114 *
115 * Returns 0 on success, -ENOMEM on error 115 * Returns 0 on success, -ENOMEM on error
116 */ 116 */
117 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead, 117 static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
118 gfp_t gfp) 118 gfp_t gfp)
119 { 119 {
120 struct smack_rule *nrp; 120 struct smack_rule *nrp;
121 struct smack_rule *orp; 121 struct smack_rule *orp;
122 int rc = 0; 122 int rc = 0;
123 123
124 INIT_LIST_HEAD(nhead); 124 INIT_LIST_HEAD(nhead);
125 125
126 list_for_each_entry_rcu(orp, ohead, list) { 126 list_for_each_entry_rcu(orp, ohead, list) {
127 nrp = kzalloc(sizeof(struct smack_rule), gfp); 127 nrp = kzalloc(sizeof(struct smack_rule), gfp);
128 if (nrp == NULL) { 128 if (nrp == NULL) {
129 rc = -ENOMEM; 129 rc = -ENOMEM;
130 break; 130 break;
131 } 131 }
132 *nrp = *orp; 132 *nrp = *orp;
133 list_add_rcu(&nrp->list, nhead); 133 list_add_rcu(&nrp->list, nhead);
134 } 134 }
135 return rc; 135 return rc;
136 } 136 }
137 137
138 /* 138 /*
139 * LSM hooks. 139 * LSM hooks.
140 * We he, that is fun! 140 * We he, that is fun!
141 */ 141 */
142 142
143 /** 143 /**
144 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH 144 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
145 * @ctp: child task pointer 145 * @ctp: child task pointer
146 * @mode: ptrace attachment mode 146 * @mode: ptrace attachment mode
147 * 147 *
148 * Returns 0 if access is OK, an error code otherwise 148 * Returns 0 if access is OK, an error code otherwise
149 * 149 *
150 * Do the capability checks, and require read and write. 150 * Do the capability checks, and require read and write.
151 */ 151 */
152 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode) 152 static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
153 { 153 {
154 int rc; 154 int rc;
155 struct smk_audit_info ad; 155 struct smk_audit_info ad;
156 char *tsp; 156 char *tsp;
157 157
158 rc = cap_ptrace_access_check(ctp, mode); 158 rc = cap_ptrace_access_check(ctp, mode);
159 if (rc != 0) 159 if (rc != 0)
160 return rc; 160 return rc;
161 161
162 tsp = smk_of_task(task_security(ctp)); 162 tsp = smk_of_task(task_security(ctp));
163 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 163 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
164 smk_ad_setfield_u_tsk(&ad, ctp); 164 smk_ad_setfield_u_tsk(&ad, ctp);
165 165
166 rc = smk_curacc(tsp, MAY_READWRITE, &ad); 166 rc = smk_curacc(tsp, MAY_READWRITE, &ad);
167 return rc; 167 return rc;
168 } 168 }
169 169
170 /** 170 /**
171 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME 171 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
172 * @ptp: parent task pointer 172 * @ptp: parent task pointer
173 * 173 *
174 * Returns 0 if access is OK, an error code otherwise 174 * Returns 0 if access is OK, an error code otherwise
175 * 175 *
176 * Do the capability checks, and require read and write. 176 * Do the capability checks, and require read and write.
177 */ 177 */
178 static int smack_ptrace_traceme(struct task_struct *ptp) 178 static int smack_ptrace_traceme(struct task_struct *ptp)
179 { 179 {
180 int rc; 180 int rc;
181 struct smk_audit_info ad; 181 struct smk_audit_info ad;
182 char *tsp; 182 char *tsp;
183 183
184 rc = cap_ptrace_traceme(ptp); 184 rc = cap_ptrace_traceme(ptp);
185 if (rc != 0) 185 if (rc != 0)
186 return rc; 186 return rc;
187 187
188 tsp = smk_of_task(task_security(ptp)); 188 tsp = smk_of_task(task_security(ptp));
189 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 189 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
190 smk_ad_setfield_u_tsk(&ad, ptp); 190 smk_ad_setfield_u_tsk(&ad, ptp);
191 191
192 rc = smk_curacc(tsp, MAY_READWRITE, &ad); 192 rc = smk_curacc(tsp, MAY_READWRITE, &ad);
193 return rc; 193 return rc;
194 } 194 }
195 195
196 /** 196 /**
197 * smack_syslog - Smack approval on syslog 197 * smack_syslog - Smack approval on syslog
198 * @type: message type 198 * @type: message type
199 * 199 *
200 * Require that the task has the floor label 200 * Require that the task has the floor label
201 * 201 *
202 * Returns 0 on success, error code otherwise. 202 * Returns 0 on success, error code otherwise.
203 */ 203 */
204 static int smack_syslog(int typefrom_file) 204 static int smack_syslog(int typefrom_file)
205 { 205 {
206 int rc = 0; 206 int rc = 0;
207 char *sp = smk_of_current(); 207 char *sp = smk_of_current();
208 208
209 if (capable(CAP_MAC_OVERRIDE)) 209 if (capable(CAP_MAC_OVERRIDE))
210 return 0; 210 return 0;
211 211
212 if (sp != smack_known_floor.smk_known) 212 if (sp != smack_known_floor.smk_known)
213 rc = -EACCES; 213 rc = -EACCES;
214 214
215 return rc; 215 return rc;
216 } 216 }
217 217
218 218
219 /* 219 /*
220 * Superblock Hooks. 220 * Superblock Hooks.
221 */ 221 */
222 222
223 /** 223 /**
224 * smack_sb_alloc_security - allocate a superblock blob 224 * smack_sb_alloc_security - allocate a superblock blob
225 * @sb: the superblock getting the blob 225 * @sb: the superblock getting the blob
226 * 226 *
227 * Returns 0 on success or -ENOMEM on error. 227 * Returns 0 on success or -ENOMEM on error.
228 */ 228 */
229 static int smack_sb_alloc_security(struct super_block *sb) 229 static int smack_sb_alloc_security(struct super_block *sb)
230 { 230 {
231 struct superblock_smack *sbsp; 231 struct superblock_smack *sbsp;
232 232
233 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL); 233 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
234 234
235 if (sbsp == NULL) 235 if (sbsp == NULL)
236 return -ENOMEM; 236 return -ENOMEM;
237 237
238 sbsp->smk_root = smack_known_floor.smk_known; 238 sbsp->smk_root = smack_known_floor.smk_known;
239 sbsp->smk_default = smack_known_floor.smk_known; 239 sbsp->smk_default = smack_known_floor.smk_known;
240 sbsp->smk_floor = smack_known_floor.smk_known; 240 sbsp->smk_floor = smack_known_floor.smk_known;
241 sbsp->smk_hat = smack_known_hat.smk_known; 241 sbsp->smk_hat = smack_known_hat.smk_known;
242 sbsp->smk_initialized = 0; 242 sbsp->smk_initialized = 0;
243 spin_lock_init(&sbsp->smk_sblock); 243 spin_lock_init(&sbsp->smk_sblock);
244 244
245 sb->s_security = sbsp; 245 sb->s_security = sbsp;
246 246
247 return 0; 247 return 0;
248 } 248 }
249 249
250 /** 250 /**
251 * smack_sb_free_security - free a superblock blob 251 * smack_sb_free_security - free a superblock blob
252 * @sb: the superblock getting the blob 252 * @sb: the superblock getting the blob
253 * 253 *
254 */ 254 */
255 static void smack_sb_free_security(struct super_block *sb) 255 static void smack_sb_free_security(struct super_block *sb)
256 { 256 {
257 kfree(sb->s_security); 257 kfree(sb->s_security);
258 sb->s_security = NULL; 258 sb->s_security = NULL;
259 } 259 }
260 260
261 /** 261 /**
262 * smack_sb_copy_data - copy mount options data for processing 262 * smack_sb_copy_data - copy mount options data for processing
263 * @orig: where to start 263 * @orig: where to start
264 * @smackopts: mount options string 264 * @smackopts: mount options string
265 * 265 *
266 * Returns 0 on success or -ENOMEM on error. 266 * Returns 0 on success or -ENOMEM on error.
267 * 267 *
268 * Copy the Smack specific mount options out of the mount 268 * Copy the Smack specific mount options out of the mount
269 * options list. 269 * options list.
270 */ 270 */
271 static int smack_sb_copy_data(char *orig, char *smackopts) 271 static int smack_sb_copy_data(char *orig, char *smackopts)
272 { 272 {
273 char *cp, *commap, *otheropts, *dp; 273 char *cp, *commap, *otheropts, *dp;
274 274
275 otheropts = (char *)get_zeroed_page(GFP_KERNEL); 275 otheropts = (char *)get_zeroed_page(GFP_KERNEL);
276 if (otheropts == NULL) 276 if (otheropts == NULL)
277 return -ENOMEM; 277 return -ENOMEM;
278 278
279 for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) { 279 for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {
280 if (strstr(cp, SMK_FSDEFAULT) == cp) 280 if (strstr(cp, SMK_FSDEFAULT) == cp)
281 dp = smackopts; 281 dp = smackopts;
282 else if (strstr(cp, SMK_FSFLOOR) == cp) 282 else if (strstr(cp, SMK_FSFLOOR) == cp)
283 dp = smackopts; 283 dp = smackopts;
284 else if (strstr(cp, SMK_FSHAT) == cp) 284 else if (strstr(cp, SMK_FSHAT) == cp)
285 dp = smackopts; 285 dp = smackopts;
286 else if (strstr(cp, SMK_FSROOT) == cp) 286 else if (strstr(cp, SMK_FSROOT) == cp)
287 dp = smackopts; 287 dp = smackopts;
288 else 288 else
289 dp = otheropts; 289 dp = otheropts;
290 290
291 commap = strchr(cp, ','); 291 commap = strchr(cp, ',');
292 if (commap != NULL) 292 if (commap != NULL)
293 *commap = '\0'; 293 *commap = '\0';
294 294
295 if (*dp != '\0') 295 if (*dp != '\0')
296 strcat(dp, ","); 296 strcat(dp, ",");
297 strcat(dp, cp); 297 strcat(dp, cp);
298 } 298 }
299 299
300 strcpy(orig, otheropts); 300 strcpy(orig, otheropts);
301 free_page((unsigned long)otheropts); 301 free_page((unsigned long)otheropts);
302 302
303 return 0; 303 return 0;
304 } 304 }
305 305
306 /** 306 /**
307 * smack_sb_kern_mount - Smack specific mount processing 307 * smack_sb_kern_mount - Smack specific mount processing
308 * @sb: the file system superblock 308 * @sb: the file system superblock
309 * @flags: the mount flags 309 * @flags: the mount flags
310 * @data: the smack mount options 310 * @data: the smack mount options
311 * 311 *
312 * Returns 0 on success, an error code on failure 312 * Returns 0 on success, an error code on failure
313 */ 313 */
314 static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data) 314 static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
315 { 315 {
316 struct dentry *root = sb->s_root; 316 struct dentry *root = sb->s_root;
317 struct inode *inode = root->d_inode; 317 struct inode *inode = root->d_inode;
318 struct superblock_smack *sp = sb->s_security; 318 struct superblock_smack *sp = sb->s_security;
319 struct inode_smack *isp; 319 struct inode_smack *isp;
320 char *op; 320 char *op;
321 char *commap; 321 char *commap;
322 char *nsp; 322 char *nsp;
323 323
324 spin_lock(&sp->smk_sblock); 324 spin_lock(&sp->smk_sblock);
325 if (sp->smk_initialized != 0) { 325 if (sp->smk_initialized != 0) {
326 spin_unlock(&sp->smk_sblock); 326 spin_unlock(&sp->smk_sblock);
327 return 0; 327 return 0;
328 } 328 }
329 sp->smk_initialized = 1; 329 sp->smk_initialized = 1;
330 spin_unlock(&sp->smk_sblock); 330 spin_unlock(&sp->smk_sblock);
331 331
332 for (op = data; op != NULL; op = commap) { 332 for (op = data; op != NULL; op = commap) {
333 commap = strchr(op, ','); 333 commap = strchr(op, ',');
334 if (commap != NULL) 334 if (commap != NULL)
335 *commap++ = '\0'; 335 *commap++ = '\0';
336 336
337 if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) { 337 if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) {
338 op += strlen(SMK_FSHAT); 338 op += strlen(SMK_FSHAT);
339 nsp = smk_import(op, 0); 339 nsp = smk_import(op, 0);
340 if (nsp != NULL) 340 if (nsp != NULL)
341 sp->smk_hat = nsp; 341 sp->smk_hat = nsp;
342 } else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) { 342 } else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) {
343 op += strlen(SMK_FSFLOOR); 343 op += strlen(SMK_FSFLOOR);
344 nsp = smk_import(op, 0); 344 nsp = smk_import(op, 0);
345 if (nsp != NULL) 345 if (nsp != NULL)
346 sp->smk_floor = nsp; 346 sp->smk_floor = nsp;
347 } else if (strncmp(op, SMK_FSDEFAULT, 347 } else if (strncmp(op, SMK_FSDEFAULT,
348 strlen(SMK_FSDEFAULT)) == 0) { 348 strlen(SMK_FSDEFAULT)) == 0) {
349 op += strlen(SMK_FSDEFAULT); 349 op += strlen(SMK_FSDEFAULT);
350 nsp = smk_import(op, 0); 350 nsp = smk_import(op, 0);
351 if (nsp != NULL) 351 if (nsp != NULL)
352 sp->smk_default = nsp; 352 sp->smk_default = nsp;
353 } else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) { 353 } else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) {
354 op += strlen(SMK_FSROOT); 354 op += strlen(SMK_FSROOT);
355 nsp = smk_import(op, 0); 355 nsp = smk_import(op, 0);
356 if (nsp != NULL) 356 if (nsp != NULL)
357 sp->smk_root = nsp; 357 sp->smk_root = nsp;
358 } 358 }
359 } 359 }
360 360
361 /* 361 /*
362 * Initialize the root inode. 362 * Initialize the root inode.
363 */ 363 */
364 isp = inode->i_security; 364 isp = inode->i_security;
365 if (isp == NULL) 365 if (isp == NULL)
366 inode->i_security = new_inode_smack(sp->smk_root); 366 inode->i_security = new_inode_smack(sp->smk_root);
367 else 367 else
368 isp->smk_inode = sp->smk_root; 368 isp->smk_inode = sp->smk_root;
369 369
370 return 0; 370 return 0;
371 } 371 }
372 372
373 /** 373 /**
374 * smack_sb_statfs - Smack check on statfs 374 * smack_sb_statfs - Smack check on statfs
375 * @dentry: identifies the file system in question 375 * @dentry: identifies the file system in question
376 * 376 *
377 * Returns 0 if current can read the floor of the filesystem, 377 * Returns 0 if current can read the floor of the filesystem,
378 * and error code otherwise 378 * and error code otherwise
379 */ 379 */
380 static int smack_sb_statfs(struct dentry *dentry) 380 static int smack_sb_statfs(struct dentry *dentry)
381 { 381 {
382 struct superblock_smack *sbp = dentry->d_sb->s_security; 382 struct superblock_smack *sbp = dentry->d_sb->s_security;
383 int rc; 383 int rc;
384 struct smk_audit_info ad; 384 struct smk_audit_info ad;
385 385
386 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 386 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
387 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 387 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
388 388
389 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); 389 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
390 return rc; 390 return rc;
391 } 391 }
392 392
393 /** 393 /**
394 * smack_sb_mount - Smack check for mounting 394 * smack_sb_mount - Smack check for mounting
395 * @dev_name: unused 395 * @dev_name: unused
396 * @path: mount point 396 * @path: mount point
397 * @type: unused 397 * @type: unused
398 * @flags: unused 398 * @flags: unused
399 * @data: unused 399 * @data: unused
400 * 400 *
401 * Returns 0 if current can write the floor of the filesystem 401 * Returns 0 if current can write the floor of the filesystem
402 * being mounted on, an error code otherwise. 402 * being mounted on, an error code otherwise.
403 */ 403 */
404 static int smack_sb_mount(char *dev_name, struct path *path, 404 static int smack_sb_mount(char *dev_name, struct path *path,
405 char *type, unsigned long flags, void *data) 405 char *type, unsigned long flags, void *data)
406 { 406 {
407 struct superblock_smack *sbp = path->mnt->mnt_sb->s_security; 407 struct superblock_smack *sbp = path->mnt->mnt_sb->s_security;
408 struct smk_audit_info ad; 408 struct smk_audit_info ad;
409 409
410 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 410 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
411 smk_ad_setfield_u_fs_path(&ad, *path); 411 smk_ad_setfield_u_fs_path(&ad, *path);
412 412
413 return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad); 413 return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad);
414 } 414 }
415 415
416 /** 416 /**
417 * smack_sb_umount - Smack check for unmounting 417 * smack_sb_umount - Smack check for unmounting
418 * @mnt: file system to unmount 418 * @mnt: file system to unmount
419 * @flags: unused 419 * @flags: unused
420 * 420 *
421 * Returns 0 if current can write the floor of the filesystem 421 * Returns 0 if current can write the floor of the filesystem
422 * being unmounted, an error code otherwise. 422 * being unmounted, an error code otherwise.
423 */ 423 */
424 static int smack_sb_umount(struct vfsmount *mnt, int flags) 424 static int smack_sb_umount(struct vfsmount *mnt, int flags)
425 { 425 {
426 struct superblock_smack *sbp; 426 struct superblock_smack *sbp;
427 struct smk_audit_info ad; 427 struct smk_audit_info ad;
428 428
429 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 429 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
430 smk_ad_setfield_u_fs_path_dentry(&ad, mnt->mnt_root); 430 smk_ad_setfield_u_fs_path_dentry(&ad, mnt->mnt_root);
431 smk_ad_setfield_u_fs_path_mnt(&ad, mnt); 431 smk_ad_setfield_u_fs_path_mnt(&ad, mnt);
432 432
433 sbp = mnt->mnt_sb->s_security; 433 sbp = mnt->mnt_sb->s_security;
434 return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad); 434 return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad);
435 } 435 }
436 436
437 /* 437 /*
438 * BPRM hooks 438 * BPRM hooks
439 */ 439 */
440 440
441 static int smack_bprm_set_creds(struct linux_binprm *bprm) 441 static int smack_bprm_set_creds(struct linux_binprm *bprm)
442 { 442 {
443 struct task_smack *tsp = bprm->cred->security; 443 struct task_smack *tsp = bprm->cred->security;
444 struct inode_smack *isp; 444 struct inode_smack *isp;
445 struct dentry *dp; 445 struct dentry *dp;
446 int rc; 446 int rc;
447 447
448 rc = cap_bprm_set_creds(bprm); 448 rc = cap_bprm_set_creds(bprm);
449 if (rc != 0) 449 if (rc != 0)
450 return rc; 450 return rc;
451 451
452 if (bprm->cred_prepared) 452 if (bprm->cred_prepared)
453 return 0; 453 return 0;
454 454
455 if (bprm->file == NULL || bprm->file->f_dentry == NULL) 455 if (bprm->file == NULL || bprm->file->f_dentry == NULL)
456 return 0; 456 return 0;
457 457
458 dp = bprm->file->f_dentry; 458 dp = bprm->file->f_dentry;
459 459
460 if (dp->d_inode == NULL) 460 if (dp->d_inode == NULL)
461 return 0; 461 return 0;
462 462
463 isp = dp->d_inode->i_security; 463 isp = dp->d_inode->i_security;
464 464
465 if (isp->smk_task != NULL) 465 if (isp->smk_task != NULL)
466 tsp->smk_task = isp->smk_task; 466 tsp->smk_task = isp->smk_task;
467 467
468 return 0; 468 return 0;
469 } 469 }
470 470
471 /* 471 /*
472 * Inode hooks 472 * Inode hooks
473 */ 473 */
474 474
475 /** 475 /**
476 * smack_inode_alloc_security - allocate an inode blob 476 * smack_inode_alloc_security - allocate an inode blob
477 * @inode: the inode in need of a blob 477 * @inode: the inode in need of a blob
478 * 478 *
479 * Returns 0 if it gets a blob, -ENOMEM otherwise 479 * Returns 0 if it gets a blob, -ENOMEM otherwise
480 */ 480 */
481 static int smack_inode_alloc_security(struct inode *inode) 481 static int smack_inode_alloc_security(struct inode *inode)
482 { 482 {
483 inode->i_security = new_inode_smack(smk_of_current()); 483 inode->i_security = new_inode_smack(smk_of_current());
484 if (inode->i_security == NULL) 484 if (inode->i_security == NULL)
485 return -ENOMEM; 485 return -ENOMEM;
486 return 0; 486 return 0;
487 } 487 }
488 488
489 /** 489 /**
490 * smack_inode_free_security - free an inode blob 490 * smack_inode_free_security - free an inode blob
491 * @inode: the inode with a blob 491 * @inode: the inode with a blob
492 * 492 *
493 * Clears the blob pointer in inode 493 * Clears the blob pointer in inode
494 */ 494 */
495 static void smack_inode_free_security(struct inode *inode) 495 static void smack_inode_free_security(struct inode *inode)
496 { 496 {
497 kfree(inode->i_security); 497 kfree(inode->i_security);
498 inode->i_security = NULL; 498 inode->i_security = NULL;
499 } 499 }
500 500
501 /** 501 /**
502 * smack_inode_init_security - copy out the smack from an inode 502 * smack_inode_init_security - copy out the smack from an inode
503 * @inode: the inode 503 * @inode: the inode
504 * @dir: unused 504 * @dir: unused
505 * @qstr: unused 505 * @qstr: unused
506 * @name: where to put the attribute name 506 * @name: where to put the attribute name
507 * @value: where to put the attribute value 507 * @value: where to put the attribute value
508 * @len: where to put the length of the attribute 508 * @len: where to put the length of the attribute
509 * 509 *
510 * Returns 0 if it all works out, -ENOMEM if there's no memory 510 * Returns 0 if it all works out, -ENOMEM if there's no memory
511 */ 511 */
512 static int smack_inode_init_security(struct inode *inode, struct inode *dir, 512 static int smack_inode_init_security(struct inode *inode, struct inode *dir,
513 const struct qstr *qstr, char **name, 513 const struct qstr *qstr, char **name,
514 void **value, size_t *len) 514 void **value, size_t *len)
515 { 515 {
516 char *isp = smk_of_inode(inode); 516 char *isp = smk_of_inode(inode);
517 char *dsp = smk_of_inode(dir); 517 char *dsp = smk_of_inode(dir);
518 int may; 518 int may;
519 519
520 if (name) { 520 if (name) {
521 *name = kstrdup(XATTR_SMACK_SUFFIX, GFP_KERNEL); 521 *name = kstrdup(XATTR_SMACK_SUFFIX, GFP_KERNEL);
522 if (*name == NULL) 522 if (*name == NULL)
523 return -ENOMEM; 523 return -ENOMEM;
524 } 524 }
525 525
526 if (value) { 526 if (value) {
527 rcu_read_lock(); 527 rcu_read_lock();
528 may = smk_access_entry(smk_of_current(), dsp, &smack_rule_list); 528 may = smk_access_entry(smk_of_current(), dsp, &smack_rule_list);
529 rcu_read_unlock(); 529 rcu_read_unlock();
530 530
531 /* 531 /*
532 * If the access rule allows transmutation and 532 * If the access rule allows transmutation and
533 * the directory requests transmutation then 533 * the directory requests transmutation then
534 * by all means transmute. 534 * by all means transmute.
535 */ 535 */
536 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) && 536 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
537 smk_inode_transmutable(dir)) 537 smk_inode_transmutable(dir))
538 isp = dsp; 538 isp = dsp;
539 539
540 *value = kstrdup(isp, GFP_KERNEL); 540 *value = kstrdup(isp, GFP_KERNEL);
541 if (*value == NULL) 541 if (*value == NULL)
542 return -ENOMEM; 542 return -ENOMEM;
543 } 543 }
544 544
545 if (len) 545 if (len)
546 *len = strlen(isp) + 1; 546 *len = strlen(isp) + 1;
547 547
548 return 0; 548 return 0;
549 } 549 }
550 550
551 /** 551 /**
552 * smack_inode_link - Smack check on link 552 * smack_inode_link - Smack check on link
553 * @old_dentry: the existing object 553 * @old_dentry: the existing object
554 * @dir: unused 554 * @dir: unused
555 * @new_dentry: the new object 555 * @new_dentry: the new object
556 * 556 *
557 * Returns 0 if access is permitted, an error code otherwise 557 * Returns 0 if access is permitted, an error code otherwise
558 */ 558 */
559 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, 559 static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
560 struct dentry *new_dentry) 560 struct dentry *new_dentry)
561 { 561 {
562 char *isp; 562 char *isp;
563 struct smk_audit_info ad; 563 struct smk_audit_info ad;
564 int rc; 564 int rc;
565 565
566 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 566 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
567 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 567 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
568 568
569 isp = smk_of_inode(old_dentry->d_inode); 569 isp = smk_of_inode(old_dentry->d_inode);
570 rc = smk_curacc(isp, MAY_WRITE, &ad); 570 rc = smk_curacc(isp, MAY_WRITE, &ad);
571 571
572 if (rc == 0 && new_dentry->d_inode != NULL) { 572 if (rc == 0 && new_dentry->d_inode != NULL) {
573 isp = smk_of_inode(new_dentry->d_inode); 573 isp = smk_of_inode(new_dentry->d_inode);
574 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 574 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
575 rc = smk_curacc(isp, MAY_WRITE, &ad); 575 rc = smk_curacc(isp, MAY_WRITE, &ad);
576 } 576 }
577 577
578 return rc; 578 return rc;
579 } 579 }
580 580
581 /** 581 /**
582 * smack_inode_unlink - Smack check on inode deletion 582 * smack_inode_unlink - Smack check on inode deletion
583 * @dir: containing directory object 583 * @dir: containing directory object
584 * @dentry: file to unlink 584 * @dentry: file to unlink
585 * 585 *
586 * Returns 0 if current can write the containing directory 586 * Returns 0 if current can write the containing directory
587 * and the object, error code otherwise 587 * and the object, error code otherwise
588 */ 588 */
589 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) 589 static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
590 { 590 {
591 struct inode *ip = dentry->d_inode; 591 struct inode *ip = dentry->d_inode;
592 struct smk_audit_info ad; 592 struct smk_audit_info ad;
593 int rc; 593 int rc;
594 594
595 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 595 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
596 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 596 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
597 597
598 /* 598 /*
599 * You need write access to the thing you're unlinking 599 * You need write access to the thing you're unlinking
600 */ 600 */
601 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); 601 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
602 if (rc == 0) { 602 if (rc == 0) {
603 /* 603 /*
604 * You also need write access to the containing directory 604 * You also need write access to the containing directory
605 */ 605 */
606 smk_ad_setfield_u_fs_path_dentry(&ad, NULL); 606 smk_ad_setfield_u_fs_path_dentry(&ad, NULL);
607 smk_ad_setfield_u_fs_inode(&ad, dir); 607 smk_ad_setfield_u_fs_inode(&ad, dir);
608 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 608 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
609 } 609 }
610 return rc; 610 return rc;
611 } 611 }
612 612
613 /** 613 /**
614 * smack_inode_rmdir - Smack check on directory deletion 614 * smack_inode_rmdir - Smack check on directory deletion
615 * @dir: containing directory object 615 * @dir: containing directory object
616 * @dentry: directory to unlink 616 * @dentry: directory to unlink
617 * 617 *
618 * Returns 0 if current can write the containing directory 618 * Returns 0 if current can write the containing directory
619 * and the directory, error code otherwise 619 * and the directory, error code otherwise
620 */ 620 */
621 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) 621 static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
622 { 622 {
623 struct smk_audit_info ad; 623 struct smk_audit_info ad;
624 int rc; 624 int rc;
625 625
626 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 626 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
627 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 627 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
628 628
629 /* 629 /*
630 * You need write access to the thing you're removing 630 * You need write access to the thing you're removing
631 */ 631 */
632 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); 632 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
633 if (rc == 0) { 633 if (rc == 0) {
634 /* 634 /*
635 * You also need write access to the containing directory 635 * You also need write access to the containing directory
636 */ 636 */
637 smk_ad_setfield_u_fs_path_dentry(&ad, NULL); 637 smk_ad_setfield_u_fs_path_dentry(&ad, NULL);
638 smk_ad_setfield_u_fs_inode(&ad, dir); 638 smk_ad_setfield_u_fs_inode(&ad, dir);
639 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); 639 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
640 } 640 }
641 641
642 return rc; 642 return rc;
643 } 643 }
644 644
645 /** 645 /**
646 * smack_inode_rename - Smack check on rename 646 * smack_inode_rename - Smack check on rename
647 * @old_inode: the old directory 647 * @old_inode: the old directory
648 * @old_dentry: unused 648 * @old_dentry: unused
649 * @new_inode: the new directory 649 * @new_inode: the new directory
650 * @new_dentry: unused 650 * @new_dentry: unused
651 * 651 *
652 * Read and write access is required on both the old and 652 * Read and write access is required on both the old and
653 * new directories. 653 * new directories.
654 * 654 *
655 * Returns 0 if access is permitted, an error code otherwise 655 * Returns 0 if access is permitted, an error code otherwise
656 */ 656 */
657 static int smack_inode_rename(struct inode *old_inode, 657 static int smack_inode_rename(struct inode *old_inode,
658 struct dentry *old_dentry, 658 struct dentry *old_dentry,
659 struct inode *new_inode, 659 struct inode *new_inode,
660 struct dentry *new_dentry) 660 struct dentry *new_dentry)
661 { 661 {
662 int rc; 662 int rc;
663 char *isp; 663 char *isp;
664 struct smk_audit_info ad; 664 struct smk_audit_info ad;
665 665
666 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 666 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
667 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); 667 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
668 668
669 isp = smk_of_inode(old_dentry->d_inode); 669 isp = smk_of_inode(old_dentry->d_inode);
670 rc = smk_curacc(isp, MAY_READWRITE, &ad); 670 rc = smk_curacc(isp, MAY_READWRITE, &ad);
671 671
672 if (rc == 0 && new_dentry->d_inode != NULL) { 672 if (rc == 0 && new_dentry->d_inode != NULL) {
673 isp = smk_of_inode(new_dentry->d_inode); 673 isp = smk_of_inode(new_dentry->d_inode);
674 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); 674 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
675 rc = smk_curacc(isp, MAY_READWRITE, &ad); 675 rc = smk_curacc(isp, MAY_READWRITE, &ad);
676 } 676 }
677 return rc; 677 return rc;
678 } 678 }
679 679
680 /** 680 /**
681 * smack_inode_permission - Smack version of permission() 681 * smack_inode_permission - Smack version of permission()
682 * @inode: the inode in question 682 * @inode: the inode in question
683 * @mask: the access requested 683 * @mask: the access requested
684 * 684 *
685 * This is the important Smack hook. 685 * This is the important Smack hook.
686 * 686 *
687 * Returns 0 if access is permitted, -EACCES otherwise 687 * Returns 0 if access is permitted, -EACCES otherwise
688 */ 688 */
689 static int smack_inode_permission(struct inode *inode, int mask, unsigned flags) 689 static int smack_inode_permission(struct inode *inode, int mask, unsigned flags)
690 { 690 {
691 struct smk_audit_info ad; 691 struct smk_audit_info ad;
692 692
693 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND); 693 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
694 /* 694 /*
695 * No permission to check. Existence test. Yup, it's there. 695 * No permission to check. Existence test. Yup, it's there.
696 */ 696 */
697 if (mask == 0) 697 if (mask == 0)
698 return 0; 698 return 0;
699 699
700 /* May be droppable after audit */ 700 /* May be droppable after audit */
701 if (flags & IPERM_FLAG_RCU) 701 if (flags & IPERM_FLAG_RCU)
702 return -ECHILD; 702 return -ECHILD;
703 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 703 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
704 smk_ad_setfield_u_fs_inode(&ad, inode); 704 smk_ad_setfield_u_fs_inode(&ad, inode);
705 return smk_curacc(smk_of_inode(inode), mask, &ad); 705 return smk_curacc(smk_of_inode(inode), mask, &ad);
706 } 706 }
707 707
708 /** 708 /**
709 * smack_inode_setattr - Smack check for setting attributes 709 * smack_inode_setattr - Smack check for setting attributes
710 * @dentry: the object 710 * @dentry: the object
711 * @iattr: for the force flag 711 * @iattr: for the force flag
712 * 712 *
713 * Returns 0 if access is permitted, an error code otherwise 713 * Returns 0 if access is permitted, an error code otherwise
714 */ 714 */
715 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) 715 static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
716 { 716 {
717 struct smk_audit_info ad; 717 struct smk_audit_info ad;
718 /* 718 /*
719 * Need to allow for clearing the setuid bit. 719 * Need to allow for clearing the setuid bit.
720 */ 720 */
721 if (iattr->ia_valid & ATTR_FORCE) 721 if (iattr->ia_valid & ATTR_FORCE)
722 return 0; 722 return 0;
723 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 723 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
724 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 724 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
725 725
726 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); 726 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
727 } 727 }
728 728
729 /** 729 /**
730 * smack_inode_getattr - Smack check for getting attributes 730 * smack_inode_getattr - Smack check for getting attributes
731 * @mnt: unused 731 * @mnt: unused
732 * @dentry: the object 732 * @dentry: the object
733 * 733 *
734 * Returns 0 if access is permitted, an error code otherwise 734 * Returns 0 if access is permitted, an error code otherwise
735 */ 735 */
736 static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) 736 static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
737 { 737 {
738 struct smk_audit_info ad; 738 struct smk_audit_info ad;
739 739
740 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 740 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
741 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 741 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
742 smk_ad_setfield_u_fs_path_mnt(&ad, mnt); 742 smk_ad_setfield_u_fs_path_mnt(&ad, mnt);
743 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); 743 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
744 } 744 }
745 745
746 /** 746 /**
747 * smack_inode_setxattr - Smack check for setting xattrs 747 * smack_inode_setxattr - Smack check for setting xattrs
748 * @dentry: the object 748 * @dentry: the object
749 * @name: name of the attribute 749 * @name: name of the attribute
750 * @value: unused 750 * @value: unused
751 * @size: unused 751 * @size: unused
752 * @flags: unused 752 * @flags: unused
753 * 753 *
754 * This protects the Smack attribute explicitly. 754 * This protects the Smack attribute explicitly.
755 * 755 *
756 * Returns 0 if access is permitted, an error code otherwise 756 * Returns 0 if access is permitted, an error code otherwise
757 */ 757 */
758 static int smack_inode_setxattr(struct dentry *dentry, const char *name, 758 static int smack_inode_setxattr(struct dentry *dentry, const char *name,
759 const void *value, size_t size, int flags) 759 const void *value, size_t size, int flags)
760 { 760 {
761 struct smk_audit_info ad; 761 struct smk_audit_info ad;
762 int rc = 0; 762 int rc = 0;
763 763
764 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 764 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
765 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 765 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
766 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || 766 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
767 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 767 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
768 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 768 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
769 if (!capable(CAP_MAC_ADMIN)) 769 if (!capable(CAP_MAC_ADMIN))
770 rc = -EPERM; 770 rc = -EPERM;
771 /* 771 /*
772 * check label validity here so import wont fail on 772 * check label validity here so import wont fail on
773 * post_setxattr 773 * post_setxattr
774 */ 774 */
775 if (size == 0 || size >= SMK_LABELLEN || 775 if (size == 0 || size >= SMK_LABELLEN ||
776 smk_import(value, size) == NULL) 776 smk_import(value, size) == NULL)
777 rc = -EINVAL; 777 rc = -EINVAL;
778 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { 778 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
779 if (!capable(CAP_MAC_ADMIN)) 779 if (!capable(CAP_MAC_ADMIN))
780 rc = -EPERM; 780 rc = -EPERM;
781 if (size != TRANS_TRUE_SIZE || 781 if (size != TRANS_TRUE_SIZE ||
782 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0) 782 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
783 rc = -EINVAL; 783 rc = -EINVAL;
784 } else 784 } else
785 rc = cap_inode_setxattr(dentry, name, value, size, flags); 785 rc = cap_inode_setxattr(dentry, name, value, size, flags);
786 786
787 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 787 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
788 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 788 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
789 789
790 if (rc == 0) 790 if (rc == 0)
791 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); 791 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
792 792
793 return rc; 793 return rc;
794 } 794 }
795 795
796 /** 796 /**
797 * smack_inode_post_setxattr - Apply the Smack update approved above 797 * smack_inode_post_setxattr - Apply the Smack update approved above
798 * @dentry: object 798 * @dentry: object
799 * @name: attribute name 799 * @name: attribute name
800 * @value: attribute value 800 * @value: attribute value
801 * @size: attribute size 801 * @size: attribute size
802 * @flags: unused 802 * @flags: unused
803 * 803 *
804 * Set the pointer in the inode blob to the entry found 804 * Set the pointer in the inode blob to the entry found
805 * in the master label list. 805 * in the master label list.
806 */ 806 */
807 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, 807 static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
808 const void *value, size_t size, int flags) 808 const void *value, size_t size, int flags)
809 { 809 {
810 char *nsp; 810 char *nsp;
811 struct inode_smack *isp = dentry->d_inode->i_security; 811 struct inode_smack *isp = dentry->d_inode->i_security;
812 812
813 if (strcmp(name, XATTR_NAME_SMACK) == 0) { 813 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
814 nsp = smk_import(value, size); 814 nsp = smk_import(value, size);
815 if (nsp != NULL) 815 if (nsp != NULL)
816 isp->smk_inode = nsp; 816 isp->smk_inode = nsp;
817 else 817 else
818 isp->smk_inode = smack_known_invalid.smk_known; 818 isp->smk_inode = smack_known_invalid.smk_known;
819 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) { 819 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
820 nsp = smk_import(value, size); 820 nsp = smk_import(value, size);
821 if (nsp != NULL) 821 if (nsp != NULL)
822 isp->smk_task = nsp; 822 isp->smk_task = nsp;
823 else 823 else
824 isp->smk_task = smack_known_invalid.smk_known; 824 isp->smk_task = smack_known_invalid.smk_known;
825 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) { 825 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
826 nsp = smk_import(value, size); 826 nsp = smk_import(value, size);
827 if (nsp != NULL) 827 if (nsp != NULL)
828 isp->smk_mmap = nsp; 828 isp->smk_mmap = nsp;
829 else 829 else
830 isp->smk_mmap = smack_known_invalid.smk_known; 830 isp->smk_mmap = smack_known_invalid.smk_known;
831 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) 831 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
832 isp->smk_flags |= SMK_INODE_TRANSMUTE; 832 isp->smk_flags |= SMK_INODE_TRANSMUTE;
833 833
834 return; 834 return;
835 } 835 }
836 836
837 /* 837 /*
838 * smack_inode_getxattr - Smack check on getxattr 838 * smack_inode_getxattr - Smack check on getxattr
839 * @dentry: the object 839 * @dentry: the object
840 * @name: unused 840 * @name: unused
841 * 841 *
842 * Returns 0 if access is permitted, an error code otherwise 842 * Returns 0 if access is permitted, an error code otherwise
843 */ 843 */
844 static int smack_inode_getxattr(struct dentry *dentry, const char *name) 844 static int smack_inode_getxattr(struct dentry *dentry, const char *name)
845 { 845 {
846 struct smk_audit_info ad; 846 struct smk_audit_info ad;
847 847
848 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 848 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
849 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 849 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
850 850
851 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); 851 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad);
852 } 852 }
853 853
854 /* 854 /*
855 * smack_inode_removexattr - Smack check on removexattr 855 * smack_inode_removexattr - Smack check on removexattr
856 * @dentry: the object 856 * @dentry: the object
857 * @name: name of the attribute 857 * @name: name of the attribute
858 * 858 *
859 * Removing the Smack attribute requires CAP_MAC_ADMIN 859 * Removing the Smack attribute requires CAP_MAC_ADMIN
860 * 860 *
861 * Returns 0 if access is permitted, an error code otherwise 861 * Returns 0 if access is permitted, an error code otherwise
862 */ 862 */
863 static int smack_inode_removexattr(struct dentry *dentry, const char *name) 863 static int smack_inode_removexattr(struct dentry *dentry, const char *name)
864 { 864 {
865 struct inode_smack *isp; 865 struct inode_smack *isp;
866 struct smk_audit_info ad; 866 struct smk_audit_info ad;
867 int rc = 0; 867 int rc = 0;
868 868
869 if (strcmp(name, XATTR_NAME_SMACK) == 0 || 869 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
870 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 || 870 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
871 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 || 871 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
872 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 || 872 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
873 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 || 873 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
874 strcmp(name, XATTR_NAME_SMACKMMAP)) { 874 strcmp(name, XATTR_NAME_SMACKMMAP)) {
875 if (!capable(CAP_MAC_ADMIN)) 875 if (!capable(CAP_MAC_ADMIN))
876 rc = -EPERM; 876 rc = -EPERM;
877 } else 877 } else
878 rc = cap_inode_removexattr(dentry, name); 878 rc = cap_inode_removexattr(dentry, name);
879 879
880 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 880 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
881 smk_ad_setfield_u_fs_path_dentry(&ad, dentry); 881 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
882 if (rc == 0) 882 if (rc == 0)
883 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); 883 rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad);
884 884
885 if (rc == 0) { 885 if (rc == 0) {
886 isp = dentry->d_inode->i_security; 886 isp = dentry->d_inode->i_security;
887 isp->smk_task = NULL; 887 isp->smk_task = NULL;
888 isp->smk_mmap = NULL; 888 isp->smk_mmap = NULL;
889 } 889 }
890 890
891 return rc; 891 return rc;
892 } 892 }
893 893
894 /** 894 /**
895 * smack_inode_getsecurity - get smack xattrs 895 * smack_inode_getsecurity - get smack xattrs
896 * @inode: the object 896 * @inode: the object
897 * @name: attribute name 897 * @name: attribute name
898 * @buffer: where to put the result 898 * @buffer: where to put the result
899 * @alloc: unused 899 * @alloc: unused
900 * 900 *
901 * Returns the size of the attribute or an error code 901 * Returns the size of the attribute or an error code
902 */ 902 */
903 static int smack_inode_getsecurity(const struct inode *inode, 903 static int smack_inode_getsecurity(const struct inode *inode,
904 const char *name, void **buffer, 904 const char *name, void **buffer,
905 bool alloc) 905 bool alloc)
906 { 906 {
907 struct socket_smack *ssp; 907 struct socket_smack *ssp;
908 struct socket *sock; 908 struct socket *sock;
909 struct super_block *sbp; 909 struct super_block *sbp;
910 struct inode *ip = (struct inode *)inode; 910 struct inode *ip = (struct inode *)inode;
911 char *isp; 911 char *isp;
912 int ilen; 912 int ilen;
913 int rc = 0; 913 int rc = 0;
914 914
915 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 915 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
916 isp = smk_of_inode(inode); 916 isp = smk_of_inode(inode);
917 ilen = strlen(isp) + 1; 917 ilen = strlen(isp) + 1;
918 *buffer = isp; 918 *buffer = isp;
919 return ilen; 919 return ilen;
920 } 920 }
921 921
922 /* 922 /*
923 * The rest of the Smack xattrs are only on sockets. 923 * The rest of the Smack xattrs are only on sockets.
924 */ 924 */
925 sbp = ip->i_sb; 925 sbp = ip->i_sb;
926 if (sbp->s_magic != SOCKFS_MAGIC) 926 if (sbp->s_magic != SOCKFS_MAGIC)
927 return -EOPNOTSUPP; 927 return -EOPNOTSUPP;
928 928
929 sock = SOCKET_I(ip); 929 sock = SOCKET_I(ip);
930 if (sock == NULL || sock->sk == NULL) 930 if (sock == NULL || sock->sk == NULL)
931 return -EOPNOTSUPP; 931 return -EOPNOTSUPP;
932 932
933 ssp = sock->sk->sk_security; 933 ssp = sock->sk->sk_security;
934 934
935 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 935 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
936 isp = ssp->smk_in; 936 isp = ssp->smk_in;
937 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) 937 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
938 isp = ssp->smk_out; 938 isp = ssp->smk_out;
939 else 939 else
940 return -EOPNOTSUPP; 940 return -EOPNOTSUPP;
941 941
942 ilen = strlen(isp) + 1; 942 ilen = strlen(isp) + 1;
943 if (rc == 0) { 943 if (rc == 0) {
944 *buffer = isp; 944 *buffer = isp;
945 rc = ilen; 945 rc = ilen;
946 } 946 }
947 947
948 return rc; 948 return rc;
949 } 949 }
950 950
951 951
952 /** 952 /**
953 * smack_inode_listsecurity - list the Smack attributes 953 * smack_inode_listsecurity - list the Smack attributes
954 * @inode: the object 954 * @inode: the object
955 * @buffer: where they go 955 * @buffer: where they go
956 * @buffer_size: size of buffer 956 * @buffer_size: size of buffer
957 * 957 *
958 * Returns 0 on success, -EINVAL otherwise 958 * Returns 0 on success, -EINVAL otherwise
959 */ 959 */
960 static int smack_inode_listsecurity(struct inode *inode, char *buffer, 960 static int smack_inode_listsecurity(struct inode *inode, char *buffer,
961 size_t buffer_size) 961 size_t buffer_size)
962 { 962 {
963 int len = strlen(XATTR_NAME_SMACK); 963 int len = strlen(XATTR_NAME_SMACK);
964 964
965 if (buffer != NULL && len <= buffer_size) { 965 if (buffer != NULL && len <= buffer_size) {
966 memcpy(buffer, XATTR_NAME_SMACK, len); 966 memcpy(buffer, XATTR_NAME_SMACK, len);
967 return len; 967 return len;
968 } 968 }
969 return -EINVAL; 969 return -EINVAL;
970 } 970 }
971 971
972 /** 972 /**
973 * smack_inode_getsecid - Extract inode's security id 973 * smack_inode_getsecid - Extract inode's security id
974 * @inode: inode to extract the info from 974 * @inode: inode to extract the info from
975 * @secid: where result will be saved 975 * @secid: where result will be saved
976 */ 976 */
977 static void smack_inode_getsecid(const struct inode *inode, u32 *secid) 977 static void smack_inode_getsecid(const struct inode *inode, u32 *secid)
978 { 978 {
979 struct inode_smack *isp = inode->i_security; 979 struct inode_smack *isp = inode->i_security;
980 980
981 *secid = smack_to_secid(isp->smk_inode); 981 *secid = smack_to_secid(isp->smk_inode);
982 } 982 }
983 983
984 /* 984 /*
985 * File Hooks 985 * File Hooks
986 */ 986 */
987 987
988 /** 988 /**
989 * smack_file_permission - Smack check on file operations 989 * smack_file_permission - Smack check on file operations
990 * @file: unused 990 * @file: unused
991 * @mask: unused 991 * @mask: unused
992 * 992 *
993 * Returns 0 993 * Returns 0
994 * 994 *
995 * Should access checks be done on each read or write? 995 * Should access checks be done on each read or write?
996 * UNICOS and SELinux say yes. 996 * UNICOS and SELinux say yes.
997 * Trusted Solaris, Trusted Irix, and just about everyone else says no. 997 * Trusted Solaris, Trusted Irix, and just about everyone else says no.
998 * 998 *
999 * I'll say no for now. Smack does not do the frequent 999 * I'll say no for now. Smack does not do the frequent
1000 * label changing that SELinux does. 1000 * label changing that SELinux does.
1001 */ 1001 */
1002 static int smack_file_permission(struct file *file, int mask) 1002 static int smack_file_permission(struct file *file, int mask)
1003 { 1003 {
1004 return 0; 1004 return 0;
1005 } 1005 }
1006 1006
1007 /** 1007 /**
1008 * smack_file_alloc_security - assign a file security blob 1008 * smack_file_alloc_security - assign a file security blob
1009 * @file: the object 1009 * @file: the object
1010 * 1010 *
1011 * The security blob for a file is a pointer to the master 1011 * The security blob for a file is a pointer to the master
1012 * label list, so no allocation is done. 1012 * label list, so no allocation is done.
1013 * 1013 *
1014 * Returns 0 1014 * Returns 0
1015 */ 1015 */
1016 static int smack_file_alloc_security(struct file *file) 1016 static int smack_file_alloc_security(struct file *file)
1017 { 1017 {
1018 file->f_security = smk_of_current(); 1018 file->f_security = smk_of_current();
1019 return 0; 1019 return 0;
1020 } 1020 }
1021 1021
1022 /** 1022 /**
1023 * smack_file_free_security - clear a file security blob 1023 * smack_file_free_security - clear a file security blob
1024 * @file: the object 1024 * @file: the object
1025 * 1025 *
1026 * The security blob for a file is a pointer to the master 1026 * The security blob for a file is a pointer to the master
1027 * label list, so no memory is freed. 1027 * label list, so no memory is freed.
1028 */ 1028 */
1029 static void smack_file_free_security(struct file *file) 1029 static void smack_file_free_security(struct file *file)
1030 { 1030 {
1031 file->f_security = NULL; 1031 file->f_security = NULL;
1032 } 1032 }
1033 1033
1034 /** 1034 /**
1035 * smack_file_ioctl - Smack check on ioctls 1035 * smack_file_ioctl - Smack check on ioctls
1036 * @file: the object 1036 * @file: the object
1037 * @cmd: what to do 1037 * @cmd: what to do
1038 * @arg: unused 1038 * @arg: unused
1039 * 1039 *
1040 * Relies heavily on the correct use of the ioctl command conventions. 1040 * Relies heavily on the correct use of the ioctl command conventions.
1041 * 1041 *
1042 * Returns 0 if allowed, error code otherwise 1042 * Returns 0 if allowed, error code otherwise
1043 */ 1043 */
1044 static int smack_file_ioctl(struct file *file, unsigned int cmd, 1044 static int smack_file_ioctl(struct file *file, unsigned int cmd,
1045 unsigned long arg) 1045 unsigned long arg)
1046 { 1046 {
1047 int rc = 0; 1047 int rc = 0;
1048 struct smk_audit_info ad; 1048 struct smk_audit_info ad;
1049 1049
1050 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 1050 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1051 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1051 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1052 1052
1053 if (_IOC_DIR(cmd) & _IOC_WRITE) 1053 if (_IOC_DIR(cmd) & _IOC_WRITE)
1054 rc = smk_curacc(file->f_security, MAY_WRITE, &ad); 1054 rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
1055 1055
1056 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) 1056 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ))
1057 rc = smk_curacc(file->f_security, MAY_READ, &ad); 1057 rc = smk_curacc(file->f_security, MAY_READ, &ad);
1058 1058
1059 return rc; 1059 return rc;
1060 } 1060 }
1061 1061
1062 /** 1062 /**
1063 * smack_file_lock - Smack check on file locking 1063 * smack_file_lock - Smack check on file locking
1064 * @file: the object 1064 * @file: the object
1065 * @cmd: unused 1065 * @cmd: unused
1066 * 1066 *
1067 * Returns 0 if current has write access, error code otherwise 1067 * Returns 0 if current has write access, error code otherwise
1068 */ 1068 */
1069 static int smack_file_lock(struct file *file, unsigned int cmd) 1069 static int smack_file_lock(struct file *file, unsigned int cmd)
1070 { 1070 {
1071 struct smk_audit_info ad; 1071 struct smk_audit_info ad;
1072 1072
1073 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 1073 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1074 smk_ad_setfield_u_fs_path_dentry(&ad, file->f_path.dentry); 1074 smk_ad_setfield_u_fs_path_dentry(&ad, file->f_path.dentry);
1075 return smk_curacc(file->f_security, MAY_WRITE, &ad); 1075 return smk_curacc(file->f_security, MAY_WRITE, &ad);
1076 } 1076 }
1077 1077
1078 /** 1078 /**
1079 * smack_file_fcntl - Smack check on fcntl 1079 * smack_file_fcntl - Smack check on fcntl
1080 * @file: the object 1080 * @file: the object
1081 * @cmd: what action to check 1081 * @cmd: what action to check
1082 * @arg: unused 1082 * @arg: unused
1083 * 1083 *
1084 * Returns 0 if current has access, error code otherwise 1084 * Returns 0 if current has access, error code otherwise
1085 */ 1085 */
1086 static int smack_file_fcntl(struct file *file, unsigned int cmd, 1086 static int smack_file_fcntl(struct file *file, unsigned int cmd,
1087 unsigned long arg) 1087 unsigned long arg)
1088 { 1088 {
1089 struct smk_audit_info ad; 1089 struct smk_audit_info ad;
1090 int rc; 1090 int rc;
1091 1091
1092 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); 1092 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1093 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1093 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1094 1094
1095 switch (cmd) { 1095 switch (cmd) {
1096 case F_DUPFD: 1096 case F_DUPFD:
1097 case F_GETFD: 1097 case F_GETFD:
1098 case F_GETFL: 1098 case F_GETFL:
1099 case F_GETLK: 1099 case F_GETLK:
1100 case F_GETOWN: 1100 case F_GETOWN:
1101 case F_GETSIG: 1101 case F_GETSIG:
1102 rc = smk_curacc(file->f_security, MAY_READ, &ad); 1102 rc = smk_curacc(file->f_security, MAY_READ, &ad);
1103 break; 1103 break;
1104 case F_SETFD: 1104 case F_SETFD:
1105 case F_SETFL: 1105 case F_SETFL:
1106 case F_SETLK: 1106 case F_SETLK:
1107 case F_SETLKW: 1107 case F_SETLKW:
1108 case F_SETOWN: 1108 case F_SETOWN:
1109 case F_SETSIG: 1109 case F_SETSIG:
1110 rc = smk_curacc(file->f_security, MAY_WRITE, &ad); 1110 rc = smk_curacc(file->f_security, MAY_WRITE, &ad);
1111 break; 1111 break;
1112 default: 1112 default:
1113 rc = smk_curacc(file->f_security, MAY_READWRITE, &ad); 1113 rc = smk_curacc(file->f_security, MAY_READWRITE, &ad);
1114 } 1114 }
1115 1115
1116 return rc; 1116 return rc;
1117 } 1117 }
1118 1118
1119 /** 1119 /**
1120 * smack_file_mmap : 1120 * smack_file_mmap :
1121 * Check permissions for a mmap operation. The @file may be NULL, e.g. 1121 * Check permissions for a mmap operation. The @file may be NULL, e.g.
1122 * if mapping anonymous memory. 1122 * if mapping anonymous memory.
1123 * @file contains the file structure for file to map (may be NULL). 1123 * @file contains the file structure for file to map (may be NULL).
1124 * @reqprot contains the protection requested by the application. 1124 * @reqprot contains the protection requested by the application.
1125 * @prot contains the protection that will be applied by the kernel. 1125 * @prot contains the protection that will be applied by the kernel.
1126 * @flags contains the operational flags. 1126 * @flags contains the operational flags.
1127 * Return 0 if permission is granted. 1127 * Return 0 if permission is granted.
1128 */ 1128 */
1129 static int smack_file_mmap(struct file *file, 1129 static int smack_file_mmap(struct file *file,
1130 unsigned long reqprot, unsigned long prot, 1130 unsigned long reqprot, unsigned long prot,
1131 unsigned long flags, unsigned long addr, 1131 unsigned long flags, unsigned long addr,
1132 unsigned long addr_only) 1132 unsigned long addr_only)
1133 { 1133 {
1134 struct smack_rule *srp; 1134 struct smack_rule *srp;
1135 struct task_smack *tsp; 1135 struct task_smack *tsp;
1136 char *sp; 1136 char *sp;
1137 char *msmack; 1137 char *msmack;
1138 char *osmack; 1138 char *osmack;
1139 struct inode_smack *isp; 1139 struct inode_smack *isp;
1140 struct dentry *dp; 1140 struct dentry *dp;
1141 int may; 1141 int may;
1142 int mmay; 1142 int mmay;
1143 int tmay; 1143 int tmay;
1144 int rc; 1144 int rc;
1145 1145
1146 /* do DAC check on address space usage */ 1146 /* do DAC check on address space usage */
1147 rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only); 1147 rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
1148 if (rc || addr_only) 1148 if (rc || addr_only)
1149 return rc; 1149 return rc;
1150 1150
1151 if (file == NULL || file->f_dentry == NULL) 1151 if (file == NULL || file->f_dentry == NULL)
1152 return 0; 1152 return 0;
1153 1153
1154 dp = file->f_dentry; 1154 dp = file->f_dentry;
1155 1155
1156 if (dp->d_inode == NULL) 1156 if (dp->d_inode == NULL)
1157 return 0; 1157 return 0;
1158 1158
1159 isp = dp->d_inode->i_security; 1159 isp = dp->d_inode->i_security;
1160 if (isp->smk_mmap == NULL) 1160 if (isp->smk_mmap == NULL)
1161 return 0; 1161 return 0;
1162 msmack = isp->smk_mmap; 1162 msmack = isp->smk_mmap;
1163 1163
1164 tsp = current_security(); 1164 tsp = current_security();
1165 sp = smk_of_current(); 1165 sp = smk_of_current();
1166 rc = 0; 1166 rc = 0;
1167 1167
1168 rcu_read_lock(); 1168 rcu_read_lock();
1169 /* 1169 /*
1170 * For each Smack rule associated with the subject 1170 * For each Smack rule associated with the subject
1171 * label verify that the SMACK64MMAP also has access 1171 * label verify that the SMACK64MMAP also has access
1172 * to that rule's object label. 1172 * to that rule's object label.
1173 * 1173 *
1174 * Because neither of the labels comes 1174 * Because neither of the labels comes
1175 * from the networking code it is sufficient 1175 * from the networking code it is sufficient
1176 * to compare pointers. 1176 * to compare pointers.
1177 */ 1177 */
1178 list_for_each_entry_rcu(srp, &smack_rule_list, list) { 1178 list_for_each_entry_rcu(srp, &smack_rule_list, list) {
1179 if (srp->smk_subject != sp) 1179 if (srp->smk_subject != sp)
1180 continue; 1180 continue;
1181 1181
1182 osmack = srp->smk_object; 1182 osmack = srp->smk_object;
1183 /* 1183 /*
1184 * Matching labels always allows access. 1184 * Matching labels always allows access.
1185 */ 1185 */
1186 if (msmack == osmack) 1186 if (msmack == osmack)
1187 continue; 1187 continue;
1188 /* 1188 /*
1189 * If there is a matching local rule take 1189 * If there is a matching local rule take
1190 * that into account as well. 1190 * that into account as well.
1191 */ 1191 */
1192 may = smk_access_entry(srp->smk_subject, osmack, 1192 may = smk_access_entry(srp->smk_subject, osmack,
1193 &tsp->smk_rules); 1193 &tsp->smk_rules);
1194 if (may == -ENOENT) 1194 if (may == -ENOENT)
1195 may = srp->smk_access; 1195 may = srp->smk_access;
1196 else 1196 else
1197 may &= srp->smk_access; 1197 may &= srp->smk_access;
1198 /* 1198 /*
1199 * If may is zero the SMACK64MMAP subject can't 1199 * If may is zero the SMACK64MMAP subject can't
1200 * possibly have less access. 1200 * possibly have less access.
1201 */ 1201 */
1202 if (may == 0) 1202 if (may == 0)
1203 continue; 1203 continue;
1204 1204
1205 /* 1205 /*
1206 * Fetch the global list entry. 1206 * Fetch the global list entry.
1207 * If there isn't one a SMACK64MMAP subject 1207 * If there isn't one a SMACK64MMAP subject
1208 * can't have as much access as current. 1208 * can't have as much access as current.
1209 */ 1209 */
1210 mmay = smk_access_entry(msmack, osmack, &smack_rule_list); 1210 mmay = smk_access_entry(msmack, osmack, &smack_rule_list);
1211 if (mmay == -ENOENT) { 1211 if (mmay == -ENOENT) {
1212 rc = -EACCES; 1212 rc = -EACCES;
1213 break; 1213 break;
1214 } 1214 }
1215 /* 1215 /*
1216 * If there is a local entry it modifies the 1216 * If there is a local entry it modifies the
1217 * potential access, too. 1217 * potential access, too.
1218 */ 1218 */
1219 tmay = smk_access_entry(msmack, osmack, &tsp->smk_rules); 1219 tmay = smk_access_entry(msmack, osmack, &tsp->smk_rules);
1220 if (tmay != -ENOENT) 1220 if (tmay != -ENOENT)
1221 mmay &= tmay; 1221 mmay &= tmay;
1222 1222
1223 /* 1223 /*
1224 * If there is any access available to current that is 1224 * If there is any access available to current that is
1225 * not available to a SMACK64MMAP subject 1225 * not available to a SMACK64MMAP subject
1226 * deny access. 1226 * deny access.
1227 */ 1227 */
1228 if ((may | mmay) != mmay) { 1228 if ((may | mmay) != mmay) {
1229 rc = -EACCES; 1229 rc = -EACCES;
1230 break; 1230 break;
1231 } 1231 }
1232 } 1232 }
1233 1233
1234 rcu_read_unlock(); 1234 rcu_read_unlock();
1235 1235
1236 return rc; 1236 return rc;
1237 } 1237 }
1238 1238
1239 /** 1239 /**
1240 * smack_file_set_fowner - set the file security blob value 1240 * smack_file_set_fowner - set the file security blob value
1241 * @file: object in question 1241 * @file: object in question
1242 * 1242 *
1243 * Returns 0 1243 * Returns 0
1244 * Further research may be required on this one. 1244 * Further research may be required on this one.
1245 */ 1245 */
1246 static int smack_file_set_fowner(struct file *file) 1246 static int smack_file_set_fowner(struct file *file)
1247 { 1247 {
1248 file->f_security = smk_of_current(); 1248 file->f_security = smk_of_current();
1249 return 0; 1249 return 0;
1250 } 1250 }
1251 1251
1252 /** 1252 /**
1253 * smack_file_send_sigiotask - Smack on sigio 1253 * smack_file_send_sigiotask - Smack on sigio
1254 * @tsk: The target task 1254 * @tsk: The target task
1255 * @fown: the object the signal come from 1255 * @fown: the object the signal come from
1256 * @signum: unused 1256 * @signum: unused
1257 * 1257 *
1258 * Allow a privileged task to get signals even if it shouldn't 1258 * Allow a privileged task to get signals even if it shouldn't
1259 * 1259 *
1260 * Returns 0 if a subject with the object's smack could 1260 * Returns 0 if a subject with the object's smack could
1261 * write to the task, an error code otherwise. 1261 * write to the task, an error code otherwise.
1262 */ 1262 */
1263 static int smack_file_send_sigiotask(struct task_struct *tsk, 1263 static int smack_file_send_sigiotask(struct task_struct *tsk,
1264 struct fown_struct *fown, int signum) 1264 struct fown_struct *fown, int signum)
1265 { 1265 {
1266 struct file *file; 1266 struct file *file;
1267 int rc; 1267 int rc;
1268 char *tsp = smk_of_task(tsk->cred->security); 1268 char *tsp = smk_of_task(tsk->cred->security);
1269 struct smk_audit_info ad; 1269 struct smk_audit_info ad;
1270 1270
1271 /* 1271 /*
1272 * struct fown_struct is never outside the context of a struct file 1272 * struct fown_struct is never outside the context of a struct file
1273 */ 1273 */
1274 file = container_of(fown, struct file, f_owner); 1274 file = container_of(fown, struct file, f_owner);
1275 1275
1276 /* we don't log here as rc can be overriden */ 1276 /* we don't log here as rc can be overriden */
1277 rc = smk_access(file->f_security, tsp, MAY_WRITE, NULL); 1277 rc = smk_access(file->f_security, tsp, MAY_WRITE, NULL);
1278 if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE)) 1278 if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
1279 rc = 0; 1279 rc = 0;
1280 1280
1281 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1281 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1282 smk_ad_setfield_u_tsk(&ad, tsk); 1282 smk_ad_setfield_u_tsk(&ad, tsk);
1283 smack_log(file->f_security, tsp, MAY_WRITE, rc, &ad); 1283 smack_log(file->f_security, tsp, MAY_WRITE, rc, &ad);
1284 return rc; 1284 return rc;
1285 } 1285 }
1286 1286
1287 /** 1287 /**
1288 * smack_file_receive - Smack file receive check 1288 * smack_file_receive - Smack file receive check
1289 * @file: the object 1289 * @file: the object
1290 * 1290 *
1291 * Returns 0 if current has access, error code otherwise 1291 * Returns 0 if current has access, error code otherwise
1292 */ 1292 */
1293 static int smack_file_receive(struct file *file) 1293 static int smack_file_receive(struct file *file)
1294 { 1294 {
1295 int may = 0; 1295 int may = 0;
1296 struct smk_audit_info ad; 1296 struct smk_audit_info ad;
1297 1297
1298 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1298 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1299 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1299 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1300 /* 1300 /*
1301 * This code relies on bitmasks. 1301 * This code relies on bitmasks.
1302 */ 1302 */
1303 if (file->f_mode & FMODE_READ) 1303 if (file->f_mode & FMODE_READ)
1304 may = MAY_READ; 1304 may = MAY_READ;
1305 if (file->f_mode & FMODE_WRITE) 1305 if (file->f_mode & FMODE_WRITE)
1306 may |= MAY_WRITE; 1306 may |= MAY_WRITE;
1307 1307
1308 return smk_curacc(file->f_security, may, &ad); 1308 return smk_curacc(file->f_security, may, &ad);
1309 } 1309 }
1310 1310
1311 /* 1311 /*
1312 * Task hooks 1312 * Task hooks
1313 */ 1313 */
1314 1314
1315 /** 1315 /**
1316 * smack_cred_alloc_blank - "allocate" blank task-level security credentials 1316 * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1317 * @new: the new credentials 1317 * @new: the new credentials
1318 * @gfp: the atomicity of any memory allocations 1318 * @gfp: the atomicity of any memory allocations
1319 * 1319 *
1320 * Prepare a blank set of credentials for modification. This must allocate all 1320 * Prepare a blank set of credentials for modification. This must allocate all
1321 * the memory the LSM module might require such that cred_transfer() can 1321 * the memory the LSM module might require such that cred_transfer() can
1322 * complete without error. 1322 * complete without error.
1323 */ 1323 */
1324 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) 1324 static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1325 { 1325 {
1326 struct task_smack *tsp; 1326 struct task_smack *tsp;
1327 1327
1328 tsp = new_task_smack(NULL, NULL, gfp); 1328 tsp = new_task_smack(NULL, NULL, gfp);
1329 if (tsp == NULL) 1329 if (tsp == NULL)
1330 return -ENOMEM; 1330 return -ENOMEM;
1331 1331
1332 cred->security = tsp; 1332 cred->security = tsp;
1333 1333
1334 return 0; 1334 return 0;
1335 } 1335 }
1336 1336
1337 1337
1338 /** 1338 /**
1339 * smack_cred_free - "free" task-level security credentials 1339 * smack_cred_free - "free" task-level security credentials
1340 * @cred: the credentials in question 1340 * @cred: the credentials in question
1341 * 1341 *
1342 */ 1342 */
1343 static void smack_cred_free(struct cred *cred) 1343 static void smack_cred_free(struct cred *cred)
1344 { 1344 {
1345 struct task_smack *tsp = cred->security; 1345 struct task_smack *tsp = cred->security;
1346 struct smack_rule *rp; 1346 struct smack_rule *rp;
1347 struct list_head *l; 1347 struct list_head *l;
1348 struct list_head *n; 1348 struct list_head *n;
1349 1349
1350 if (tsp == NULL) 1350 if (tsp == NULL)
1351 return; 1351 return;
1352 cred->security = NULL; 1352 cred->security = NULL;
1353 1353
1354 list_for_each_safe(l, n, &tsp->smk_rules) { 1354 list_for_each_safe(l, n, &tsp->smk_rules) {
1355 rp = list_entry(l, struct smack_rule, list); 1355 rp = list_entry(l, struct smack_rule, list);
1356 list_del(&rp->list); 1356 list_del(&rp->list);
1357 kfree(rp); 1357 kfree(rp);
1358 } 1358 }
1359 kfree(tsp); 1359 kfree(tsp);
1360 } 1360 }
1361 1361
1362 /** 1362 /**
1363 * smack_cred_prepare - prepare new set of credentials for modification 1363 * smack_cred_prepare - prepare new set of credentials for modification
1364 * @new: the new credentials 1364 * @new: the new credentials
1365 * @old: the original credentials 1365 * @old: the original credentials
1366 * @gfp: the atomicity of any memory allocations 1366 * @gfp: the atomicity of any memory allocations
1367 * 1367 *
1368 * Prepare a new set of credentials for modification. 1368 * Prepare a new set of credentials for modification.
1369 */ 1369 */
1370 static int smack_cred_prepare(struct cred *new, const struct cred *old, 1370 static int smack_cred_prepare(struct cred *new, const struct cred *old,
1371 gfp_t gfp) 1371 gfp_t gfp)
1372 { 1372 {
1373 struct task_smack *old_tsp = old->security; 1373 struct task_smack *old_tsp = old->security;
1374 struct task_smack *new_tsp; 1374 struct task_smack *new_tsp;
1375 int rc; 1375 int rc;
1376 1376
1377 new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp); 1377 new_tsp = new_task_smack(old_tsp->smk_task, old_tsp->smk_task, gfp);
1378 if (new_tsp == NULL) 1378 if (new_tsp == NULL)
1379 return -ENOMEM; 1379 return -ENOMEM;
1380 1380
1381 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); 1381 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
1382 if (rc != 0) 1382 if (rc != 0)
1383 return rc; 1383 return rc;
1384 1384
1385 new->security = new_tsp; 1385 new->security = new_tsp;
1386 return 0; 1386 return 0;
1387 } 1387 }
1388 1388
1389 /** 1389 /**
1390 * smack_cred_transfer - Transfer the old credentials to the new credentials 1390 * smack_cred_transfer - Transfer the old credentials to the new credentials
1391 * @new: the new credentials 1391 * @new: the new credentials
1392 * @old: the original credentials 1392 * @old: the original credentials
1393 * 1393 *
1394 * Fill in a set of blank credentials from another set of credentials. 1394 * Fill in a set of blank credentials from another set of credentials.
1395 */ 1395 */
1396 static void smack_cred_transfer(struct cred *new, const struct cred *old) 1396 static void smack_cred_transfer(struct cred *new, const struct cred *old)
1397 { 1397 {
1398 struct task_smack *old_tsp = old->security; 1398 struct task_smack *old_tsp = old->security;
1399 struct task_smack *new_tsp = new->security; 1399 struct task_smack *new_tsp = new->security;
1400 1400
1401 new_tsp->smk_task = old_tsp->smk_task; 1401 new_tsp->smk_task = old_tsp->smk_task;
1402 new_tsp->smk_forked = old_tsp->smk_task; 1402 new_tsp->smk_forked = old_tsp->smk_task;
1403 mutex_init(&new_tsp->smk_rules_lock); 1403 mutex_init(&new_tsp->smk_rules_lock);
1404 INIT_LIST_HEAD(&new_tsp->smk_rules); 1404 INIT_LIST_HEAD(&new_tsp->smk_rules);
1405 1405
1406 1406
1407 /* cbs copy rule list */ 1407 /* cbs copy rule list */
1408 } 1408 }
1409 1409
1410 /** 1410 /**
1411 * smack_kernel_act_as - Set the subjective context in a set of credentials 1411 * smack_kernel_act_as - Set the subjective context in a set of credentials
1412 * @new: points to the set of credentials to be modified. 1412 * @new: points to the set of credentials to be modified.
1413 * @secid: specifies the security ID to be set 1413 * @secid: specifies the security ID to be set
1414 * 1414 *
1415 * Set the security data for a kernel service. 1415 * Set the security data for a kernel service.
1416 */ 1416 */
1417 static int smack_kernel_act_as(struct cred *new, u32 secid) 1417 static int smack_kernel_act_as(struct cred *new, u32 secid)
1418 { 1418 {
1419 struct task_smack *new_tsp = new->security; 1419 struct task_smack *new_tsp = new->security;
1420 char *smack = smack_from_secid(secid); 1420 char *smack = smack_from_secid(secid);
1421 1421
1422 if (smack == NULL) 1422 if (smack == NULL)
1423 return -EINVAL; 1423 return -EINVAL;
1424 1424
1425 new_tsp->smk_task = smack; 1425 new_tsp->smk_task = smack;
1426 return 0; 1426 return 0;
1427 } 1427 }
1428 1428
1429 /** 1429 /**
1430 * smack_kernel_create_files_as - Set the file creation label in a set of creds 1430 * smack_kernel_create_files_as - Set the file creation label in a set of creds
1431 * @new: points to the set of credentials to be modified 1431 * @new: points to the set of credentials to be modified
1432 * @inode: points to the inode to use as a reference 1432 * @inode: points to the inode to use as a reference
1433 * 1433 *
1434 * Set the file creation context in a set of credentials to the same 1434 * Set the file creation context in a set of credentials to the same
1435 * as the objective context of the specified inode 1435 * as the objective context of the specified inode
1436 */ 1436 */
1437 static int smack_kernel_create_files_as(struct cred *new, 1437 static int smack_kernel_create_files_as(struct cred *new,
1438 struct inode *inode) 1438 struct inode *inode)
1439 { 1439 {
1440 struct inode_smack *isp = inode->i_security; 1440 struct inode_smack *isp = inode->i_security;
1441 struct task_smack *tsp = new->security; 1441 struct task_smack *tsp = new->security;
1442 1442
1443 tsp->smk_forked = isp->smk_inode; 1443 tsp->smk_forked = isp->smk_inode;
1444 tsp->smk_task = isp->smk_inode; 1444 tsp->smk_task = isp->smk_inode;
1445 return 0; 1445 return 0;
1446 } 1446 }
1447 1447
1448 /** 1448 /**
1449 * smk_curacc_on_task - helper to log task related access 1449 * smk_curacc_on_task - helper to log task related access
1450 * @p: the task object 1450 * @p: the task object
1451 * @access : the access requested 1451 * @access : the access requested
1452 * 1452 *
1453 * Return 0 if access is permitted 1453 * Return 0 if access is permitted
1454 */ 1454 */
1455 static int smk_curacc_on_task(struct task_struct *p, int access) 1455 static int smk_curacc_on_task(struct task_struct *p, int access)
1456 { 1456 {
1457 struct smk_audit_info ad; 1457 struct smk_audit_info ad;
1458 1458
1459 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1459 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1460 smk_ad_setfield_u_tsk(&ad, p); 1460 smk_ad_setfield_u_tsk(&ad, p);
1461 return smk_curacc(smk_of_task(task_security(p)), access, &ad); 1461 return smk_curacc(smk_of_task(task_security(p)), access, &ad);
1462 } 1462 }
1463 1463
1464 /** 1464 /**
1465 * smack_task_setpgid - Smack check on setting pgid 1465 * smack_task_setpgid - Smack check on setting pgid
1466 * @p: the task object 1466 * @p: the task object
1467 * @pgid: unused 1467 * @pgid: unused
1468 * 1468 *
1469 * Return 0 if write access is permitted 1469 * Return 0 if write access is permitted
1470 */ 1470 */
1471 static int smack_task_setpgid(struct task_struct *p, pid_t pgid) 1471 static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
1472 { 1472 {
1473 return smk_curacc_on_task(p, MAY_WRITE); 1473 return smk_curacc_on_task(p, MAY_WRITE);
1474 } 1474 }
1475 1475
1476 /** 1476 /**
1477 * smack_task_getpgid - Smack access check for getpgid 1477 * smack_task_getpgid - Smack access check for getpgid
1478 * @p: the object task 1478 * @p: the object task
1479 * 1479 *
1480 * Returns 0 if current can read the object task, error code otherwise 1480 * Returns 0 if current can read the object task, error code otherwise
1481 */ 1481 */
1482 static int smack_task_getpgid(struct task_struct *p) 1482 static int smack_task_getpgid(struct task_struct *p)
1483 { 1483 {
1484 return smk_curacc_on_task(p, MAY_READ); 1484 return smk_curacc_on_task(p, MAY_READ);
1485 } 1485 }
1486 1486
1487 /** 1487 /**
1488 * smack_task_getsid - Smack access check for getsid 1488 * smack_task_getsid - Smack access check for getsid
1489 * @p: the object task 1489 * @p: the object task
1490 * 1490 *
1491 * Returns 0 if current can read the object task, error code otherwise 1491 * Returns 0 if current can read the object task, error code otherwise
1492 */ 1492 */
1493 static int smack_task_getsid(struct task_struct *p) 1493 static int smack_task_getsid(struct task_struct *p)
1494 { 1494 {
1495 return smk_curacc_on_task(p, MAY_READ); 1495 return smk_curacc_on_task(p, MAY_READ);
1496 } 1496 }
1497 1497
1498 /** 1498 /**
1499 * smack_task_getsecid - get the secid of the task 1499 * smack_task_getsecid - get the secid of the task
1500 * @p: the object task 1500 * @p: the object task
1501 * @secid: where to put the result 1501 * @secid: where to put the result
1502 * 1502 *
1503 * Sets the secid to contain a u32 version of the smack label. 1503 * Sets the secid to contain a u32 version of the smack label.
1504 */ 1504 */
1505 static void smack_task_getsecid(struct task_struct *p, u32 *secid) 1505 static void smack_task_getsecid(struct task_struct *p, u32 *secid)
1506 { 1506 {
1507 *secid = smack_to_secid(smk_of_task(task_security(p))); 1507 *secid = smack_to_secid(smk_of_task(task_security(p)));
1508 } 1508 }
1509 1509
1510 /** 1510 /**
1511 * smack_task_setnice - Smack check on setting nice 1511 * smack_task_setnice - Smack check on setting nice
1512 * @p: the task object 1512 * @p: the task object
1513 * @nice: unused 1513 * @nice: unused
1514 * 1514 *
1515 * Return 0 if write access is permitted 1515 * Return 0 if write access is permitted
1516 */ 1516 */
1517 static int smack_task_setnice(struct task_struct *p, int nice) 1517 static int smack_task_setnice(struct task_struct *p, int nice)
1518 { 1518 {
1519 int rc; 1519 int rc;
1520 1520
1521 rc = cap_task_setnice(p, nice); 1521 rc = cap_task_setnice(p, nice);
1522 if (rc == 0) 1522 if (rc == 0)
1523 rc = smk_curacc_on_task(p, MAY_WRITE); 1523 rc = smk_curacc_on_task(p, MAY_WRITE);
1524 return rc; 1524 return rc;
1525 } 1525 }
1526 1526
1527 /** 1527 /**
1528 * smack_task_setioprio - Smack check on setting ioprio 1528 * smack_task_setioprio - Smack check on setting ioprio
1529 * @p: the task object 1529 * @p: the task object
1530 * @ioprio: unused 1530 * @ioprio: unused
1531 * 1531 *
1532 * Return 0 if write access is permitted 1532 * Return 0 if write access is permitted
1533 */ 1533 */
1534 static int smack_task_setioprio(struct task_struct *p, int ioprio) 1534 static int smack_task_setioprio(struct task_struct *p, int ioprio)
1535 { 1535 {
1536 int rc; 1536 int rc;
1537 1537
1538 rc = cap_task_setioprio(p, ioprio); 1538 rc = cap_task_setioprio(p, ioprio);
1539 if (rc == 0) 1539 if (rc == 0)
1540 rc = smk_curacc_on_task(p, MAY_WRITE); 1540 rc = smk_curacc_on_task(p, MAY_WRITE);
1541 return rc; 1541 return rc;
1542 } 1542 }
1543 1543
1544 /** 1544 /**
1545 * smack_task_getioprio - Smack check on reading ioprio 1545 * smack_task_getioprio - Smack check on reading ioprio
1546 * @p: the task object 1546 * @p: the task object
1547 * 1547 *
1548 * Return 0 if read access is permitted 1548 * Return 0 if read access is permitted
1549 */ 1549 */
1550 static int smack_task_getioprio(struct task_struct *p) 1550 static int smack_task_getioprio(struct task_struct *p)
1551 { 1551 {
1552 return smk_curacc_on_task(p, MAY_READ); 1552 return smk_curacc_on_task(p, MAY_READ);
1553 } 1553 }
1554 1554
1555 /** 1555 /**
1556 * smack_task_setscheduler - Smack check on setting scheduler 1556 * smack_task_setscheduler - Smack check on setting scheduler
1557 * @p: the task object 1557 * @p: the task object
1558 * @policy: unused 1558 * @policy: unused
1559 * @lp: unused 1559 * @lp: unused
1560 * 1560 *
1561 * Return 0 if read access is permitted 1561 * Return 0 if read access is permitted
1562 */ 1562 */
1563 static int smack_task_setscheduler(struct task_struct *p) 1563 static int smack_task_setscheduler(struct task_struct *p)
1564 { 1564 {
1565 int rc; 1565 int rc;
1566 1566
1567 rc = cap_task_setscheduler(p); 1567 rc = cap_task_setscheduler(p);
1568 if (rc == 0) 1568 if (rc == 0)
1569 rc = smk_curacc_on_task(p, MAY_WRITE); 1569 rc = smk_curacc_on_task(p, MAY_WRITE);
1570 return rc; 1570 return rc;
1571 } 1571 }
1572 1572
1573 /** 1573 /**
1574 * smack_task_getscheduler - Smack check on reading scheduler 1574 * smack_task_getscheduler - Smack check on reading scheduler
1575 * @p: the task object 1575 * @p: the task object
1576 * 1576 *
1577 * Return 0 if read access is permitted 1577 * Return 0 if read access is permitted
1578 */ 1578 */
1579 static int smack_task_getscheduler(struct task_struct *p) 1579 static int smack_task_getscheduler(struct task_struct *p)
1580 { 1580 {
1581 return smk_curacc_on_task(p, MAY_READ); 1581 return smk_curacc_on_task(p, MAY_READ);
1582 } 1582 }
1583 1583
1584 /** 1584 /**
1585 * smack_task_movememory - Smack check on moving memory 1585 * smack_task_movememory - Smack check on moving memory
1586 * @p: the task object 1586 * @p: the task object
1587 * 1587 *
1588 * Return 0 if write access is permitted 1588 * Return 0 if write access is permitted
1589 */ 1589 */
1590 static int smack_task_movememory(struct task_struct *p) 1590 static int smack_task_movememory(struct task_struct *p)
1591 { 1591 {
1592 return smk_curacc_on_task(p, MAY_WRITE); 1592 return smk_curacc_on_task(p, MAY_WRITE);
1593 } 1593 }
1594 1594
1595 /** 1595 /**
1596 * smack_task_kill - Smack check on signal delivery 1596 * smack_task_kill - Smack check on signal delivery
1597 * @p: the task object 1597 * @p: the task object
1598 * @info: unused 1598 * @info: unused
1599 * @sig: unused 1599 * @sig: unused
1600 * @secid: identifies the smack to use in lieu of current's 1600 * @secid: identifies the smack to use in lieu of current's
1601 * 1601 *
1602 * Return 0 if write access is permitted 1602 * Return 0 if write access is permitted
1603 * 1603 *
1604 * The secid behavior is an artifact of an SELinux hack 1604 * The secid behavior is an artifact of an SELinux hack
1605 * in the USB code. Someday it may go away. 1605 * in the USB code. Someday it may go away.
1606 */ 1606 */
1607 static int smack_task_kill(struct task_struct *p, struct siginfo *info, 1607 static int smack_task_kill(struct task_struct *p, struct siginfo *info,
1608 int sig, u32 secid) 1608 int sig, u32 secid)
1609 { 1609 {
1610 struct smk_audit_info ad; 1610 struct smk_audit_info ad;
1611 1611
1612 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1612 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1613 smk_ad_setfield_u_tsk(&ad, p); 1613 smk_ad_setfield_u_tsk(&ad, p);
1614 /* 1614 /*
1615 * Sending a signal requires that the sender 1615 * Sending a signal requires that the sender
1616 * can write the receiver. 1616 * can write the receiver.
1617 */ 1617 */
1618 if (secid == 0) 1618 if (secid == 0)
1619 return smk_curacc(smk_of_task(task_security(p)), MAY_WRITE, 1619 return smk_curacc(smk_of_task(task_security(p)), MAY_WRITE,
1620 &ad); 1620 &ad);
1621 /* 1621 /*
1622 * If the secid isn't 0 we're dealing with some USB IO 1622 * If the secid isn't 0 we're dealing with some USB IO
1623 * specific behavior. This is not clean. For one thing 1623 * specific behavior. This is not clean. For one thing
1624 * we can't take privilege into account. 1624 * we can't take privilege into account.
1625 */ 1625 */
1626 return smk_access(smack_from_secid(secid), 1626 return smk_access(smack_from_secid(secid),
1627 smk_of_task(task_security(p)), MAY_WRITE, &ad); 1627 smk_of_task(task_security(p)), MAY_WRITE, &ad);
1628 } 1628 }
1629 1629
1630 /** 1630 /**
1631 * smack_task_wait - Smack access check for waiting 1631 * smack_task_wait - Smack access check for waiting
1632 * @p: task to wait for 1632 * @p: task to wait for
1633 * 1633 *
1634 * Returns 0 if current can wait for p, error code otherwise 1634 * Returns 0 if current can wait for p, error code otherwise
1635 */ 1635 */
1636 static int smack_task_wait(struct task_struct *p) 1636 static int smack_task_wait(struct task_struct *p)
1637 { 1637 {
1638 struct smk_audit_info ad; 1638 struct smk_audit_info ad;
1639 char *sp = smk_of_current(); 1639 char *sp = smk_of_current();
1640 char *tsp = smk_of_forked(task_security(p)); 1640 char *tsp = smk_of_forked(task_security(p));
1641 int rc; 1641 int rc;
1642 1642
1643 /* we don't log here, we can be overriden */ 1643 /* we don't log here, we can be overriden */
1644 rc = smk_access(tsp, sp, MAY_WRITE, NULL); 1644 rc = smk_access(tsp, sp, MAY_WRITE, NULL);
1645 if (rc == 0) 1645 if (rc == 0)
1646 goto out_log; 1646 goto out_log;
1647 1647
1648 /* 1648 /*
1649 * Allow the operation to succeed if either task 1649 * Allow the operation to succeed if either task
1650 * has privilege to perform operations that might 1650 * has privilege to perform operations that might
1651 * account for the smack labels having gotten to 1651 * account for the smack labels having gotten to
1652 * be different in the first place. 1652 * be different in the first place.
1653 * 1653 *
1654 * This breaks the strict subject/object access 1654 * This breaks the strict subject/object access
1655 * control ideal, taking the object's privilege 1655 * control ideal, taking the object's privilege
1656 * state into account in the decision as well as 1656 * state into account in the decision as well as
1657 * the smack value. 1657 * the smack value.
1658 */ 1658 */
1659 if (capable(CAP_MAC_OVERRIDE) || has_capability(p, CAP_MAC_OVERRIDE)) 1659 if (capable(CAP_MAC_OVERRIDE) || has_capability(p, CAP_MAC_OVERRIDE))
1660 rc = 0; 1660 rc = 0;
1661 /* we log only if we didn't get overriden */ 1661 /* we log only if we didn't get overriden */
1662 out_log: 1662 out_log:
1663 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 1663 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1664 smk_ad_setfield_u_tsk(&ad, p); 1664 smk_ad_setfield_u_tsk(&ad, p);
1665 smack_log(tsp, sp, MAY_WRITE, rc, &ad); 1665 smack_log(tsp, sp, MAY_WRITE, rc, &ad);
1666 return rc; 1666 return rc;
1667 } 1667 }
1668 1668
1669 /** 1669 /**
1670 * smack_task_to_inode - copy task smack into the inode blob 1670 * smack_task_to_inode - copy task smack into the inode blob
1671 * @p: task to copy from 1671 * @p: task to copy from
1672 * @inode: inode to copy to 1672 * @inode: inode to copy to
1673 * 1673 *
1674 * Sets the smack pointer in the inode security blob 1674 * Sets the smack pointer in the inode security blob
1675 */ 1675 */
1676 static void smack_task_to_inode(struct task_struct *p, struct inode *inode) 1676 static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
1677 { 1677 {
1678 struct inode_smack *isp = inode->i_security; 1678 struct inode_smack *isp = inode->i_security;
1679 isp->smk_inode = smk_of_task(task_security(p)); 1679 isp->smk_inode = smk_of_task(task_security(p));
1680 } 1680 }
1681 1681
1682 /* 1682 /*
1683 * Socket hooks. 1683 * Socket hooks.
1684 */ 1684 */
1685 1685
1686 /** 1686 /**
1687 * smack_sk_alloc_security - Allocate a socket blob 1687 * smack_sk_alloc_security - Allocate a socket blob
1688 * @sk: the socket 1688 * @sk: the socket
1689 * @family: unused 1689 * @family: unused
1690 * @gfp_flags: memory allocation flags 1690 * @gfp_flags: memory allocation flags
1691 * 1691 *
1692 * Assign Smack pointers to current 1692 * Assign Smack pointers to current
1693 * 1693 *
1694 * Returns 0 on success, -ENOMEM is there's no memory 1694 * Returns 0 on success, -ENOMEM is there's no memory
1695 */ 1695 */
1696 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) 1696 static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
1697 { 1697 {
1698 char *csp = smk_of_current(); 1698 char *csp = smk_of_current();
1699 struct socket_smack *ssp; 1699 struct socket_smack *ssp;
1700 1700
1701 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags); 1701 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
1702 if (ssp == NULL) 1702 if (ssp == NULL)
1703 return -ENOMEM; 1703 return -ENOMEM;
1704 1704
1705 ssp->smk_in = csp; 1705 ssp->smk_in = csp;
1706 ssp->smk_out = csp; 1706 ssp->smk_out = csp;
1707 ssp->smk_packet[0] = '\0'; 1707 ssp->smk_packet[0] = '\0';
1708 1708
1709 sk->sk_security = ssp; 1709 sk->sk_security = ssp;
1710 1710
1711 return 0; 1711 return 0;
1712 } 1712 }
1713 1713
1714 /** 1714 /**
1715 * smack_sk_free_security - Free a socket blob 1715 * smack_sk_free_security - Free a socket blob
1716 * @sk: the socket 1716 * @sk: the socket
1717 * 1717 *
1718 * Clears the blob pointer 1718 * Clears the blob pointer
1719 */ 1719 */
1720 static void smack_sk_free_security(struct sock *sk) 1720 static void smack_sk_free_security(struct sock *sk)
1721 { 1721 {
1722 kfree(sk->sk_security); 1722 kfree(sk->sk_security);
1723 } 1723 }
1724 1724
1725 /** 1725 /**
1726 * smack_host_label - check host based restrictions 1726 * smack_host_label - check host based restrictions
1727 * @sip: the object end 1727 * @sip: the object end
1728 * 1728 *
1729 * looks for host based access restrictions 1729 * looks for host based access restrictions
1730 * 1730 *
1731 * This version will only be appropriate for really small sets of single label 1731 * This version will only be appropriate for really small sets of single label
1732 * hosts. The caller is responsible for ensuring that the RCU read lock is 1732 * hosts. The caller is responsible for ensuring that the RCU read lock is
1733 * taken before calling this function. 1733 * taken before calling this function.
1734 * 1734 *
1735 * Returns the label of the far end or NULL if it's not special. 1735 * Returns the label of the far end or NULL if it's not special.
1736 */ 1736 */
1737 static char *smack_host_label(struct sockaddr_in *sip) 1737 static char *smack_host_label(struct sockaddr_in *sip)
1738 { 1738 {
1739 struct smk_netlbladdr *snp; 1739 struct smk_netlbladdr *snp;
1740 struct in_addr *siap = &sip->sin_addr; 1740 struct in_addr *siap = &sip->sin_addr;
1741 1741
1742 if (siap->s_addr == 0) 1742 if (siap->s_addr == 0)
1743 return NULL; 1743 return NULL;
1744 1744
1745 list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list) 1745 list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list)
1746 /* 1746 /*
1747 * we break after finding the first match because 1747 * we break after finding the first match because
1748 * the list is sorted from longest to shortest mask 1748 * the list is sorted from longest to shortest mask
1749 * so we have found the most specific match 1749 * so we have found the most specific match
1750 */ 1750 */
1751 if ((&snp->smk_host.sin_addr)->s_addr == 1751 if ((&snp->smk_host.sin_addr)->s_addr ==
1752 (siap->s_addr & (&snp->smk_mask)->s_addr)) { 1752 (siap->s_addr & (&snp->smk_mask)->s_addr)) {
1753 /* we have found the special CIPSO option */ 1753 /* we have found the special CIPSO option */
1754 if (snp->smk_label == smack_cipso_option) 1754 if (snp->smk_label == smack_cipso_option)
1755 return NULL; 1755 return NULL;
1756 return snp->smk_label; 1756 return snp->smk_label;
1757 } 1757 }
1758 1758
1759 return NULL; 1759 return NULL;
1760 } 1760 }
1761 1761
1762 /** 1762 /**
1763 * smack_set_catset - convert a capset to netlabel mls categories 1763 * smack_set_catset - convert a capset to netlabel mls categories
1764 * @catset: the Smack categories 1764 * @catset: the Smack categories
1765 * @sap: where to put the netlabel categories 1765 * @sap: where to put the netlabel categories
1766 * 1766 *
1767 * Allocates and fills attr.mls.cat 1767 * Allocates and fills attr.mls.cat
1768 */ 1768 */
1769 static void smack_set_catset(char *catset, struct netlbl_lsm_secattr *sap) 1769 static void smack_set_catset(char *catset, struct netlbl_lsm_secattr *sap)
1770 { 1770 {
1771 unsigned char *cp; 1771 unsigned char *cp;
1772 unsigned char m; 1772 unsigned char m;
1773 int cat; 1773 int cat;
1774 int rc; 1774 int rc;
1775 int byte; 1775 int byte;
1776 1776
1777 if (!catset) 1777 if (!catset)
1778 return; 1778 return;
1779 1779
1780 sap->flags |= NETLBL_SECATTR_MLS_CAT; 1780 sap->flags |= NETLBL_SECATTR_MLS_CAT;
1781 sap->attr.mls.cat = netlbl_secattr_catmap_alloc(GFP_ATOMIC); 1781 sap->attr.mls.cat = netlbl_secattr_catmap_alloc(GFP_ATOMIC);
1782 sap->attr.mls.cat->startbit = 0; 1782 sap->attr.mls.cat->startbit = 0;
1783 1783
1784 for (cat = 1, cp = catset, byte = 0; byte < SMK_LABELLEN; cp++, byte++) 1784 for (cat = 1, cp = catset, byte = 0; byte < SMK_LABELLEN; cp++, byte++)
1785 for (m = 0x80; m != 0; m >>= 1, cat++) { 1785 for (m = 0x80; m != 0; m >>= 1, cat++) {
1786 if ((m & *cp) == 0) 1786 if ((m & *cp) == 0)
1787 continue; 1787 continue;
1788 rc = netlbl_secattr_catmap_setbit(sap->attr.mls.cat, 1788 rc = netlbl_secattr_catmap_setbit(sap->attr.mls.cat,
1789 cat, GFP_ATOMIC); 1789 cat, GFP_ATOMIC);
1790 } 1790 }
1791 } 1791 }
1792 1792
1793 /** 1793 /**
1794 * smack_to_secattr - fill a secattr from a smack value 1794 * smack_to_secattr - fill a secattr from a smack value
1795 * @smack: the smack value 1795 * @smack: the smack value
1796 * @nlsp: where the result goes 1796 * @nlsp: where the result goes
1797 * 1797 *
1798 * Casey says that CIPSO is good enough for now. 1798 * Casey says that CIPSO is good enough for now.
1799 * It can be used to effect. 1799 * It can be used to effect.
1800 * It can also be abused to effect when necessary. 1800 * It can also be abused to effect when necessary.
1801 * Appologies to the TSIG group in general and GW in particular. 1801 * Appologies to the TSIG group in general and GW in particular.
1802 */ 1802 */
1803 static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp) 1803 static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp)
1804 { 1804 {
1805 struct smack_cipso cipso; 1805 struct smack_cipso cipso;
1806 int rc; 1806 int rc;
1807 1807
1808 nlsp->domain = smack; 1808 nlsp->domain = smack;
1809 nlsp->flags = NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL; 1809 nlsp->flags = NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL;
1810 1810
1811 rc = smack_to_cipso(smack, &cipso); 1811 rc = smack_to_cipso(smack, &cipso);
1812 if (rc == 0) { 1812 if (rc == 0) {
1813 nlsp->attr.mls.lvl = cipso.smk_level; 1813 nlsp->attr.mls.lvl = cipso.smk_level;
1814 smack_set_catset(cipso.smk_catset, nlsp); 1814 smack_set_catset(cipso.smk_catset, nlsp);
1815 } else { 1815 } else {
1816 nlsp->attr.mls.lvl = smack_cipso_direct; 1816 nlsp->attr.mls.lvl = smack_cipso_direct;
1817 smack_set_catset(smack, nlsp); 1817 smack_set_catset(smack, nlsp);
1818 } 1818 }
1819 } 1819 }
1820 1820
1821 /** 1821 /**
1822 * smack_netlabel - Set the secattr on a socket 1822 * smack_netlabel - Set the secattr on a socket
1823 * @sk: the socket 1823 * @sk: the socket
1824 * @labeled: socket label scheme 1824 * @labeled: socket label scheme
1825 * 1825 *
1826 * Convert the outbound smack value (smk_out) to a 1826 * Convert the outbound smack value (smk_out) to a
1827 * secattr and attach it to the socket. 1827 * secattr and attach it to the socket.
1828 * 1828 *
1829 * Returns 0 on success or an error code 1829 * Returns 0 on success or an error code
1830 */ 1830 */
1831 static int smack_netlabel(struct sock *sk, int labeled) 1831 static int smack_netlabel(struct sock *sk, int labeled)
1832 { 1832 {
1833 struct socket_smack *ssp = sk->sk_security; 1833 struct socket_smack *ssp = sk->sk_security;
1834 struct netlbl_lsm_secattr secattr; 1834 struct netlbl_lsm_secattr secattr;
1835 int rc = 0; 1835 int rc = 0;
1836 1836
1837 /* 1837 /*
1838 * Usually the netlabel code will handle changing the 1838 * Usually the netlabel code will handle changing the
1839 * packet labeling based on the label. 1839 * packet labeling based on the label.
1840 * The case of a single label host is different, because 1840 * The case of a single label host is different, because
1841 * a single label host should never get a labeled packet 1841 * a single label host should never get a labeled packet
1842 * even though the label is usually associated with a packet 1842 * even though the label is usually associated with a packet
1843 * label. 1843 * label.
1844 */ 1844 */
1845 local_bh_disable(); 1845 local_bh_disable();
1846 bh_lock_sock_nested(sk); 1846 bh_lock_sock_nested(sk);
1847 1847
1848 if (ssp->smk_out == smack_net_ambient || 1848 if (ssp->smk_out == smack_net_ambient ||
1849 labeled == SMACK_UNLABELED_SOCKET) 1849 labeled == SMACK_UNLABELED_SOCKET)
1850 netlbl_sock_delattr(sk); 1850 netlbl_sock_delattr(sk);
1851 else { 1851 else {
1852 netlbl_secattr_init(&secattr); 1852 netlbl_secattr_init(&secattr);
1853 smack_to_secattr(ssp->smk_out, &secattr); 1853 smack_to_secattr(ssp->smk_out, &secattr);
1854 rc = netlbl_sock_setattr(sk, sk->sk_family, &secattr); 1854 rc = netlbl_sock_setattr(sk, sk->sk_family, &secattr);
1855 netlbl_secattr_destroy(&secattr); 1855 netlbl_secattr_destroy(&secattr);
1856 } 1856 }
1857 1857
1858 bh_unlock_sock(sk); 1858 bh_unlock_sock(sk);
1859 local_bh_enable(); 1859 local_bh_enable();
1860 1860
1861 return rc; 1861 return rc;
1862 } 1862 }
1863 1863
1864 /** 1864 /**
1865 * smack_netlbel_send - Set the secattr on a socket and perform access checks 1865 * smack_netlbel_send - Set the secattr on a socket and perform access checks
1866 * @sk: the socket 1866 * @sk: the socket
1867 * @sap: the destination address 1867 * @sap: the destination address
1868 * 1868 *
1869 * Set the correct secattr for the given socket based on the destination 1869 * Set the correct secattr for the given socket based on the destination
1870 * address and perform any outbound access checks needed. 1870 * address and perform any outbound access checks needed.
1871 * 1871 *
1872 * Returns 0 on success or an error code. 1872 * Returns 0 on success or an error code.
1873 * 1873 *
1874 */ 1874 */
1875 static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap) 1875 static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
1876 { 1876 {
1877 int rc; 1877 int rc;
1878 int sk_lbl; 1878 int sk_lbl;
1879 char *hostsp; 1879 char *hostsp;
1880 struct socket_smack *ssp = sk->sk_security; 1880 struct socket_smack *ssp = sk->sk_security;
1881 struct smk_audit_info ad; 1881 struct smk_audit_info ad;
1882 1882
1883 rcu_read_lock(); 1883 rcu_read_lock();
1884 hostsp = smack_host_label(sap); 1884 hostsp = smack_host_label(sap);
1885 if (hostsp != NULL) { 1885 if (hostsp != NULL) {
1886 sk_lbl = SMACK_UNLABELED_SOCKET; 1886 sk_lbl = SMACK_UNLABELED_SOCKET;
1887 #ifdef CONFIG_AUDIT 1887 #ifdef CONFIG_AUDIT
1888 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); 1888 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
1889 ad.a.u.net.family = sap->sin_family; 1889 ad.a.u.net.family = sap->sin_family;
1890 ad.a.u.net.dport = sap->sin_port; 1890 ad.a.u.net.dport = sap->sin_port;
1891 ad.a.u.net.v4info.daddr = sap->sin_addr.s_addr; 1891 ad.a.u.net.v4info.daddr = sap->sin_addr.s_addr;
1892 #endif 1892 #endif
1893 rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE, &ad); 1893 rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE, &ad);
1894 } else { 1894 } else {
1895 sk_lbl = SMACK_CIPSO_SOCKET; 1895 sk_lbl = SMACK_CIPSO_SOCKET;
1896 rc = 0; 1896 rc = 0;
1897 } 1897 }
1898 rcu_read_unlock(); 1898 rcu_read_unlock();
1899 if (rc != 0) 1899 if (rc != 0)
1900 return rc; 1900 return rc;
1901 1901
1902 return smack_netlabel(sk, sk_lbl); 1902 return smack_netlabel(sk, sk_lbl);
1903 } 1903 }
1904 1904
1905 /** 1905 /**
1906 * smack_inode_setsecurity - set smack xattrs 1906 * smack_inode_setsecurity - set smack xattrs
1907 * @inode: the object 1907 * @inode: the object
1908 * @name: attribute name 1908 * @name: attribute name
1909 * @value: attribute value 1909 * @value: attribute value
1910 * @size: size of the attribute 1910 * @size: size of the attribute
1911 * @flags: unused 1911 * @flags: unused
1912 * 1912 *
1913 * Sets the named attribute in the appropriate blob 1913 * Sets the named attribute in the appropriate blob
1914 * 1914 *
1915 * Returns 0 on success, or an error code 1915 * Returns 0 on success, or an error code
1916 */ 1916 */
1917 static int smack_inode_setsecurity(struct inode *inode, const char *name, 1917 static int smack_inode_setsecurity(struct inode *inode, const char *name,
1918 const void *value, size_t size, int flags) 1918 const void *value, size_t size, int flags)
1919 { 1919 {
1920 char *sp; 1920 char *sp;
1921 struct inode_smack *nsp = inode->i_security; 1921 struct inode_smack *nsp = inode->i_security;
1922 struct socket_smack *ssp; 1922 struct socket_smack *ssp;
1923 struct socket *sock; 1923 struct socket *sock;
1924 int rc = 0; 1924 int rc = 0;
1925 1925
1926 if (value == NULL || size > SMK_LABELLEN || size == 0) 1926 if (value == NULL || size > SMK_LABELLEN || size == 0)
1927 return -EACCES; 1927 return -EACCES;
1928 1928
1929 sp = smk_import(value, size); 1929 sp = smk_import(value, size);
1930 if (sp == NULL) 1930 if (sp == NULL)
1931 return -EINVAL; 1931 return -EINVAL;
1932 1932
1933 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) { 1933 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
1934 nsp->smk_inode = sp; 1934 nsp->smk_inode = sp;
1935 nsp->smk_flags |= SMK_INODE_INSTANT; 1935 nsp->smk_flags |= SMK_INODE_INSTANT;
1936 return 0; 1936 return 0;
1937 } 1937 }
1938 /* 1938 /*
1939 * The rest of the Smack xattrs are only on sockets. 1939 * The rest of the Smack xattrs are only on sockets.
1940 */ 1940 */
1941 if (inode->i_sb->s_magic != SOCKFS_MAGIC) 1941 if (inode->i_sb->s_magic != SOCKFS_MAGIC)
1942 return -EOPNOTSUPP; 1942 return -EOPNOTSUPP;
1943 1943
1944 sock = SOCKET_I(inode); 1944 sock = SOCKET_I(inode);
1945 if (sock == NULL || sock->sk == NULL) 1945 if (sock == NULL || sock->sk == NULL)
1946 return -EOPNOTSUPP; 1946 return -EOPNOTSUPP;
1947 1947
1948 ssp = sock->sk->sk_security; 1948 ssp = sock->sk->sk_security;
1949 1949
1950 if (strcmp(name, XATTR_SMACK_IPIN) == 0) 1950 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1951 ssp->smk_in = sp; 1951 ssp->smk_in = sp;
1952 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) { 1952 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
1953 ssp->smk_out = sp; 1953 ssp->smk_out = sp;
1954 if (sock->sk->sk_family != PF_UNIX) { 1954 if (sock->sk->sk_family != PF_UNIX) {
1955 rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); 1955 rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
1956 if (rc != 0) 1956 if (rc != 0)
1957 printk(KERN_WARNING 1957 printk(KERN_WARNING
1958 "Smack: \"%s\" netlbl error %d.\n", 1958 "Smack: \"%s\" netlbl error %d.\n",
1959 __func__, -rc); 1959 __func__, -rc);
1960 } 1960 }
1961 } else 1961 } else
1962 return -EOPNOTSUPP; 1962 return -EOPNOTSUPP;
1963 1963
1964 return 0; 1964 return 0;
1965 } 1965 }
1966 1966
1967 /** 1967 /**
1968 * smack_socket_post_create - finish socket setup 1968 * smack_socket_post_create - finish socket setup
1969 * @sock: the socket 1969 * @sock: the socket
1970 * @family: protocol family 1970 * @family: protocol family
1971 * @type: unused 1971 * @type: unused
1972 * @protocol: unused 1972 * @protocol: unused
1973 * @kern: unused 1973 * @kern: unused
1974 * 1974 *
1975 * Sets the netlabel information on the socket 1975 * Sets the netlabel information on the socket
1976 * 1976 *
1977 * Returns 0 on success, and error code otherwise 1977 * Returns 0 on success, and error code otherwise
1978 */ 1978 */
1979 static int smack_socket_post_create(struct socket *sock, int family, 1979 static int smack_socket_post_create(struct socket *sock, int family,
1980 int type, int protocol, int kern) 1980 int type, int protocol, int kern)
1981 { 1981 {
1982 if (family != PF_INET || sock->sk == NULL) 1982 if (family != PF_INET || sock->sk == NULL)
1983 return 0; 1983 return 0;
1984 /* 1984 /*
1985 * Set the outbound netlbl. 1985 * Set the outbound netlbl.
1986 */ 1986 */
1987 return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); 1987 return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
1988 } 1988 }
1989 1989
1990 /** 1990 /**
1991 * smack_socket_connect - connect access check 1991 * smack_socket_connect - connect access check
1992 * @sock: the socket 1992 * @sock: the socket
1993 * @sap: the other end 1993 * @sap: the other end
1994 * @addrlen: size of sap 1994 * @addrlen: size of sap
1995 * 1995 *
1996 * Verifies that a connection may be possible 1996 * Verifies that a connection may be possible
1997 * 1997 *
1998 * Returns 0 on success, and error code otherwise 1998 * Returns 0 on success, and error code otherwise
1999 */ 1999 */
2000 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, 2000 static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2001 int addrlen) 2001 int addrlen)
2002 { 2002 {
2003 if (sock->sk == NULL || sock->sk->sk_family != PF_INET) 2003 if (sock->sk == NULL || sock->sk->sk_family != PF_INET)
2004 return 0; 2004 return 0;
2005 if (addrlen < sizeof(struct sockaddr_in)) 2005 if (addrlen < sizeof(struct sockaddr_in))
2006 return -EINVAL; 2006 return -EINVAL;
2007 2007
2008 return smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap); 2008 return smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
2009 } 2009 }
2010 2010
2011 /** 2011 /**
2012 * smack_flags_to_may - convert S_ to MAY_ values 2012 * smack_flags_to_may - convert S_ to MAY_ values
2013 * @flags: the S_ value 2013 * @flags: the S_ value
2014 * 2014 *
2015 * Returns the equivalent MAY_ value 2015 * Returns the equivalent MAY_ value
2016 */ 2016 */
2017 static int smack_flags_to_may(int flags) 2017 static int smack_flags_to_may(int flags)
2018 { 2018 {
2019 int may = 0; 2019 int may = 0;
2020 2020
2021 if (flags & S_IRUGO) 2021 if (flags & S_IRUGO)
2022 may |= MAY_READ; 2022 may |= MAY_READ;
2023 if (flags & S_IWUGO) 2023 if (flags & S_IWUGO)
2024 may |= MAY_WRITE; 2024 may |= MAY_WRITE;
2025 if (flags & S_IXUGO) 2025 if (flags & S_IXUGO)
2026 may |= MAY_EXEC; 2026 may |= MAY_EXEC;
2027 2027
2028 return may; 2028 return may;
2029 } 2029 }
2030 2030
2031 /** 2031 /**
2032 * smack_msg_msg_alloc_security - Set the security blob for msg_msg 2032 * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2033 * @msg: the object 2033 * @msg: the object
2034 * 2034 *
2035 * Returns 0 2035 * Returns 0
2036 */ 2036 */
2037 static int smack_msg_msg_alloc_security(struct msg_msg *msg) 2037 static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2038 { 2038 {
2039 msg->security = smk_of_current(); 2039 msg->security = smk_of_current();
2040 return 0; 2040 return 0;
2041 } 2041 }
2042 2042
2043 /** 2043 /**
2044 * smack_msg_msg_free_security - Clear the security blob for msg_msg 2044 * smack_msg_msg_free_security - Clear the security blob for msg_msg
2045 * @msg: the object 2045 * @msg: the object
2046 * 2046 *
2047 * Clears the blob pointer 2047 * Clears the blob pointer
2048 */ 2048 */
2049 static void smack_msg_msg_free_security(struct msg_msg *msg) 2049 static void smack_msg_msg_free_security(struct msg_msg *msg)
2050 { 2050 {
2051 msg->security = NULL; 2051 msg->security = NULL;
2052 } 2052 }
2053 2053
2054 /** 2054 /**
2055 * smack_of_shm - the smack pointer for the shm 2055 * smack_of_shm - the smack pointer for the shm
2056 * @shp: the object 2056 * @shp: the object
2057 * 2057 *
2058 * Returns a pointer to the smack value 2058 * Returns a pointer to the smack value
2059 */ 2059 */
2060 static char *smack_of_shm(struct shmid_kernel *shp) 2060 static char *smack_of_shm(struct shmid_kernel *shp)
2061 { 2061 {
2062 return (char *)shp->shm_perm.security; 2062 return (char *)shp->shm_perm.security;
2063 } 2063 }
2064 2064
2065 /** 2065 /**
2066 * smack_shm_alloc_security - Set the security blob for shm 2066 * smack_shm_alloc_security - Set the security blob for shm
2067 * @shp: the object 2067 * @shp: the object
2068 * 2068 *
2069 * Returns 0 2069 * Returns 0
2070 */ 2070 */
2071 static int smack_shm_alloc_security(struct shmid_kernel *shp) 2071 static int smack_shm_alloc_security(struct shmid_kernel *shp)
2072 { 2072 {
2073 struct kern_ipc_perm *isp = &shp->shm_perm; 2073 struct kern_ipc_perm *isp = &shp->shm_perm;
2074 2074
2075 isp->security = smk_of_current(); 2075 isp->security = smk_of_current();
2076 return 0; 2076 return 0;
2077 } 2077 }
2078 2078
2079 /** 2079 /**
2080 * smack_shm_free_security - Clear the security blob for shm 2080 * smack_shm_free_security - Clear the security blob for shm
2081 * @shp: the object 2081 * @shp: the object
2082 * 2082 *
2083 * Clears the blob pointer 2083 * Clears the blob pointer
2084 */ 2084 */
2085 static void smack_shm_free_security(struct shmid_kernel *shp) 2085 static void smack_shm_free_security(struct shmid_kernel *shp)
2086 { 2086 {
2087 struct kern_ipc_perm *isp = &shp->shm_perm; 2087 struct kern_ipc_perm *isp = &shp->shm_perm;
2088 2088
2089 isp->security = NULL; 2089 isp->security = NULL;
2090 } 2090 }
2091 2091
2092 /** 2092 /**
2093 * smk_curacc_shm : check if current has access on shm 2093 * smk_curacc_shm : check if current has access on shm
2094 * @shp : the object 2094 * @shp : the object
2095 * @access : access requested 2095 * @access : access requested
2096 * 2096 *
2097 * Returns 0 if current has the requested access, error code otherwise 2097 * Returns 0 if current has the requested access, error code otherwise
2098 */ 2098 */
2099 static int smk_curacc_shm(struct shmid_kernel *shp, int access) 2099 static int smk_curacc_shm(struct shmid_kernel *shp, int access)
2100 { 2100 {
2101 char *ssp = smack_of_shm(shp); 2101 char *ssp = smack_of_shm(shp);
2102 struct smk_audit_info ad; 2102 struct smk_audit_info ad;
2103 2103
2104 #ifdef CONFIG_AUDIT 2104 #ifdef CONFIG_AUDIT
2105 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2105 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2106 ad.a.u.ipc_id = shp->shm_perm.id; 2106 ad.a.u.ipc_id = shp->shm_perm.id;
2107 #endif 2107 #endif
2108 return smk_curacc(ssp, access, &ad); 2108 return smk_curacc(ssp, access, &ad);
2109 } 2109 }
2110 2110
2111 /** 2111 /**
2112 * smack_shm_associate - Smack access check for shm 2112 * smack_shm_associate - Smack access check for shm
2113 * @shp: the object 2113 * @shp: the object
2114 * @shmflg: access requested 2114 * @shmflg: access requested
2115 * 2115 *
2116 * Returns 0 if current has the requested access, error code otherwise 2116 * Returns 0 if current has the requested access, error code otherwise
2117 */ 2117 */
2118 static int smack_shm_associate(struct shmid_kernel *shp, int shmflg) 2118 static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
2119 { 2119 {
2120 int may; 2120 int may;
2121 2121
2122 may = smack_flags_to_may(shmflg); 2122 may = smack_flags_to_may(shmflg);
2123 return smk_curacc_shm(shp, may); 2123 return smk_curacc_shm(shp, may);
2124 } 2124 }
2125 2125
2126 /** 2126 /**
2127 * smack_shm_shmctl - Smack access check for shm 2127 * smack_shm_shmctl - Smack access check for shm
2128 * @shp: the object 2128 * @shp: the object
2129 * @cmd: what it wants to do 2129 * @cmd: what it wants to do
2130 * 2130 *
2131 * Returns 0 if current has the requested access, error code otherwise 2131 * Returns 0 if current has the requested access, error code otherwise
2132 */ 2132 */
2133 static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd) 2133 static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
2134 { 2134 {
2135 int may; 2135 int may;
2136 2136
2137 switch (cmd) { 2137 switch (cmd) {
2138 case IPC_STAT: 2138 case IPC_STAT:
2139 case SHM_STAT: 2139 case SHM_STAT:
2140 may = MAY_READ; 2140 may = MAY_READ;
2141 break; 2141 break;
2142 case IPC_SET: 2142 case IPC_SET:
2143 case SHM_LOCK: 2143 case SHM_LOCK:
2144 case SHM_UNLOCK: 2144 case SHM_UNLOCK:
2145 case IPC_RMID: 2145 case IPC_RMID:
2146 may = MAY_READWRITE; 2146 may = MAY_READWRITE;
2147 break; 2147 break;
2148 case IPC_INFO: 2148 case IPC_INFO:
2149 case SHM_INFO: 2149 case SHM_INFO:
2150 /* 2150 /*
2151 * System level information. 2151 * System level information.
2152 */ 2152 */
2153 return 0; 2153 return 0;
2154 default: 2154 default:
2155 return -EINVAL; 2155 return -EINVAL;
2156 } 2156 }
2157 return smk_curacc_shm(shp, may); 2157 return smk_curacc_shm(shp, may);
2158 } 2158 }
2159 2159
2160 /** 2160 /**
2161 * smack_shm_shmat - Smack access for shmat 2161 * smack_shm_shmat - Smack access for shmat
2162 * @shp: the object 2162 * @shp: the object
2163 * @shmaddr: unused 2163 * @shmaddr: unused
2164 * @shmflg: access requested 2164 * @shmflg: access requested
2165 * 2165 *
2166 * Returns 0 if current has the requested access, error code otherwise 2166 * Returns 0 if current has the requested access, error code otherwise
2167 */ 2167 */
2168 static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, 2168 static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
2169 int shmflg) 2169 int shmflg)
2170 { 2170 {
2171 int may; 2171 int may;
2172 2172
2173 may = smack_flags_to_may(shmflg); 2173 may = smack_flags_to_may(shmflg);
2174 return smk_curacc_shm(shp, may); 2174 return smk_curacc_shm(shp, may);
2175 } 2175 }
2176 2176
2177 /** 2177 /**
2178 * smack_of_sem - the smack pointer for the sem 2178 * smack_of_sem - the smack pointer for the sem
2179 * @sma: the object 2179 * @sma: the object
2180 * 2180 *
2181 * Returns a pointer to the smack value 2181 * Returns a pointer to the smack value
2182 */ 2182 */
2183 static char *smack_of_sem(struct sem_array *sma) 2183 static char *smack_of_sem(struct sem_array *sma)
2184 { 2184 {
2185 return (char *)sma->sem_perm.security; 2185 return (char *)sma->sem_perm.security;
2186 } 2186 }
2187 2187
2188 /** 2188 /**
2189 * smack_sem_alloc_security - Set the security blob for sem 2189 * smack_sem_alloc_security - Set the security blob for sem
2190 * @sma: the object 2190 * @sma: the object
2191 * 2191 *
2192 * Returns 0 2192 * Returns 0
2193 */ 2193 */
2194 static int smack_sem_alloc_security(struct sem_array *sma) 2194 static int smack_sem_alloc_security(struct sem_array *sma)
2195 { 2195 {
2196 struct kern_ipc_perm *isp = &sma->sem_perm; 2196 struct kern_ipc_perm *isp = &sma->sem_perm;
2197 2197
2198 isp->security = smk_of_current(); 2198 isp->security = smk_of_current();
2199 return 0; 2199 return 0;
2200 } 2200 }
2201 2201
2202 /** 2202 /**
2203 * smack_sem_free_security - Clear the security blob for sem 2203 * smack_sem_free_security - Clear the security blob for sem
2204 * @sma: the object 2204 * @sma: the object
2205 * 2205 *
2206 * Clears the blob pointer 2206 * Clears the blob pointer
2207 */ 2207 */
2208 static void smack_sem_free_security(struct sem_array *sma) 2208 static void smack_sem_free_security(struct sem_array *sma)
2209 { 2209 {
2210 struct kern_ipc_perm *isp = &sma->sem_perm; 2210 struct kern_ipc_perm *isp = &sma->sem_perm;
2211 2211
2212 isp->security = NULL; 2212 isp->security = NULL;
2213 } 2213 }
2214 2214
2215 /** 2215 /**
2216 * smk_curacc_sem : check if current has access on sem 2216 * smk_curacc_sem : check if current has access on sem
2217 * @sma : the object 2217 * @sma : the object
2218 * @access : access requested 2218 * @access : access requested
2219 * 2219 *
2220 * Returns 0 if current has the requested access, error code otherwise 2220 * Returns 0 if current has the requested access, error code otherwise
2221 */ 2221 */
2222 static int smk_curacc_sem(struct sem_array *sma, int access) 2222 static int smk_curacc_sem(struct sem_array *sma, int access)
2223 { 2223 {
2224 char *ssp = smack_of_sem(sma); 2224 char *ssp = smack_of_sem(sma);
2225 struct smk_audit_info ad; 2225 struct smk_audit_info ad;
2226 2226
2227 #ifdef CONFIG_AUDIT 2227 #ifdef CONFIG_AUDIT
2228 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2228 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2229 ad.a.u.ipc_id = sma->sem_perm.id; 2229 ad.a.u.ipc_id = sma->sem_perm.id;
2230 #endif 2230 #endif
2231 return smk_curacc(ssp, access, &ad); 2231 return smk_curacc(ssp, access, &ad);
2232 } 2232 }
2233 2233
2234 /** 2234 /**
2235 * smack_sem_associate - Smack access check for sem 2235 * smack_sem_associate - Smack access check for sem
2236 * @sma: the object 2236 * @sma: the object
2237 * @semflg: access requested 2237 * @semflg: access requested
2238 * 2238 *
2239 * Returns 0 if current has the requested access, error code otherwise 2239 * Returns 0 if current has the requested access, error code otherwise
2240 */ 2240 */
2241 static int smack_sem_associate(struct sem_array *sma, int semflg) 2241 static int smack_sem_associate(struct sem_array *sma, int semflg)
2242 { 2242 {
2243 int may; 2243 int may;
2244 2244
2245 may = smack_flags_to_may(semflg); 2245 may = smack_flags_to_may(semflg);
2246 return smk_curacc_sem(sma, may); 2246 return smk_curacc_sem(sma, may);
2247 } 2247 }
2248 2248
2249 /** 2249 /**
2250 * smack_sem_shmctl - Smack access check for sem 2250 * smack_sem_shmctl - Smack access check for sem
2251 * @sma: the object 2251 * @sma: the object
2252 * @cmd: what it wants to do 2252 * @cmd: what it wants to do
2253 * 2253 *
2254 * Returns 0 if current has the requested access, error code otherwise 2254 * Returns 0 if current has the requested access, error code otherwise
2255 */ 2255 */
2256 static int smack_sem_semctl(struct sem_array *sma, int cmd) 2256 static int smack_sem_semctl(struct sem_array *sma, int cmd)
2257 { 2257 {
2258 int may; 2258 int may;
2259 2259
2260 switch (cmd) { 2260 switch (cmd) {
2261 case GETPID: 2261 case GETPID:
2262 case GETNCNT: 2262 case GETNCNT:
2263 case GETZCNT: 2263 case GETZCNT:
2264 case GETVAL: 2264 case GETVAL:
2265 case GETALL: 2265 case GETALL:
2266 case IPC_STAT: 2266 case IPC_STAT:
2267 case SEM_STAT: 2267 case SEM_STAT:
2268 may = MAY_READ; 2268 may = MAY_READ;
2269 break; 2269 break;
2270 case SETVAL: 2270 case SETVAL:
2271 case SETALL: 2271 case SETALL:
2272 case IPC_RMID: 2272 case IPC_RMID:
2273 case IPC_SET: 2273 case IPC_SET:
2274 may = MAY_READWRITE; 2274 may = MAY_READWRITE;
2275 break; 2275 break;
2276 case IPC_INFO: 2276 case IPC_INFO:
2277 case SEM_INFO: 2277 case SEM_INFO:
2278 /* 2278 /*
2279 * System level information 2279 * System level information
2280 */ 2280 */
2281 return 0; 2281 return 0;
2282 default: 2282 default:
2283 return -EINVAL; 2283 return -EINVAL;
2284 } 2284 }
2285 2285
2286 return smk_curacc_sem(sma, may); 2286 return smk_curacc_sem(sma, may);
2287 } 2287 }
2288 2288
2289 /** 2289 /**
2290 * smack_sem_semop - Smack checks of semaphore operations 2290 * smack_sem_semop - Smack checks of semaphore operations
2291 * @sma: the object 2291 * @sma: the object
2292 * @sops: unused 2292 * @sops: unused
2293 * @nsops: unused 2293 * @nsops: unused
2294 * @alter: unused 2294 * @alter: unused
2295 * 2295 *
2296 * Treated as read and write in all cases. 2296 * Treated as read and write in all cases.
2297 * 2297 *
2298 * Returns 0 if access is allowed, error code otherwise 2298 * Returns 0 if access is allowed, error code otherwise
2299 */ 2299 */
2300 static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops, 2300 static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops,
2301 unsigned nsops, int alter) 2301 unsigned nsops, int alter)
2302 { 2302 {
2303 return smk_curacc_sem(sma, MAY_READWRITE); 2303 return smk_curacc_sem(sma, MAY_READWRITE);
2304 } 2304 }
2305 2305
2306 /** 2306 /**
2307 * smack_msg_alloc_security - Set the security blob for msg 2307 * smack_msg_alloc_security - Set the security blob for msg
2308 * @msq: the object 2308 * @msq: the object
2309 * 2309 *
2310 * Returns 0 2310 * Returns 0
2311 */ 2311 */
2312 static int smack_msg_queue_alloc_security(struct msg_queue *msq) 2312 static int smack_msg_queue_alloc_security(struct msg_queue *msq)
2313 { 2313 {
2314 struct kern_ipc_perm *kisp = &msq->q_perm; 2314 struct kern_ipc_perm *kisp = &msq->q_perm;
2315 2315
2316 kisp->security = smk_of_current(); 2316 kisp->security = smk_of_current();
2317 return 0; 2317 return 0;
2318 } 2318 }
2319 2319
2320 /** 2320 /**
2321 * smack_msg_free_security - Clear the security blob for msg 2321 * smack_msg_free_security - Clear the security blob for msg
2322 * @msq: the object 2322 * @msq: the object
2323 * 2323 *
2324 * Clears the blob pointer 2324 * Clears the blob pointer
2325 */ 2325 */
2326 static void smack_msg_queue_free_security(struct msg_queue *msq) 2326 static void smack_msg_queue_free_security(struct msg_queue *msq)
2327 { 2327 {
2328 struct kern_ipc_perm *kisp = &msq->q_perm; 2328 struct kern_ipc_perm *kisp = &msq->q_perm;
2329 2329
2330 kisp->security = NULL; 2330 kisp->security = NULL;
2331 } 2331 }
2332 2332
2333 /** 2333 /**
2334 * smack_of_msq - the smack pointer for the msq 2334 * smack_of_msq - the smack pointer for the msq
2335 * @msq: the object 2335 * @msq: the object
2336 * 2336 *
2337 * Returns a pointer to the smack value 2337 * Returns a pointer to the smack value
2338 */ 2338 */
2339 static char *smack_of_msq(struct msg_queue *msq) 2339 static char *smack_of_msq(struct msg_queue *msq)
2340 { 2340 {
2341 return (char *)msq->q_perm.security; 2341 return (char *)msq->q_perm.security;
2342 } 2342 }
2343 2343
2344 /** 2344 /**
2345 * smk_curacc_msq : helper to check if current has access on msq 2345 * smk_curacc_msq : helper to check if current has access on msq
2346 * @msq : the msq 2346 * @msq : the msq
2347 * @access : access requested 2347 * @access : access requested
2348 * 2348 *
2349 * return 0 if current has access, error otherwise 2349 * return 0 if current has access, error otherwise
2350 */ 2350 */
2351 static int smk_curacc_msq(struct msg_queue *msq, int access) 2351 static int smk_curacc_msq(struct msg_queue *msq, int access)
2352 { 2352 {
2353 char *msp = smack_of_msq(msq); 2353 char *msp = smack_of_msq(msq);
2354 struct smk_audit_info ad; 2354 struct smk_audit_info ad;
2355 2355
2356 #ifdef CONFIG_AUDIT 2356 #ifdef CONFIG_AUDIT
2357 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2357 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2358 ad.a.u.ipc_id = msq->q_perm.id; 2358 ad.a.u.ipc_id = msq->q_perm.id;
2359 #endif 2359 #endif
2360 return smk_curacc(msp, access, &ad); 2360 return smk_curacc(msp, access, &ad);
2361 } 2361 }
2362 2362
2363 /** 2363 /**
2364 * smack_msg_queue_associate - Smack access check for msg_queue 2364 * smack_msg_queue_associate - Smack access check for msg_queue
2365 * @msq: the object 2365 * @msq: the object
2366 * @msqflg: access requested 2366 * @msqflg: access requested
2367 * 2367 *
2368 * Returns 0 if current has the requested access, error code otherwise 2368 * Returns 0 if current has the requested access, error code otherwise
2369 */ 2369 */
2370 static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg) 2370 static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
2371 { 2371 {
2372 int may; 2372 int may;
2373 2373
2374 may = smack_flags_to_may(msqflg); 2374 may = smack_flags_to_may(msqflg);
2375 return smk_curacc_msq(msq, may); 2375 return smk_curacc_msq(msq, may);
2376 } 2376 }
2377 2377
2378 /** 2378 /**
2379 * smack_msg_queue_msgctl - Smack access check for msg_queue 2379 * smack_msg_queue_msgctl - Smack access check for msg_queue
2380 * @msq: the object 2380 * @msq: the object
2381 * @cmd: what it wants to do 2381 * @cmd: what it wants to do
2382 * 2382 *
2383 * Returns 0 if current has the requested access, error code otherwise 2383 * Returns 0 if current has the requested access, error code otherwise
2384 */ 2384 */
2385 static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd) 2385 static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
2386 { 2386 {
2387 int may; 2387 int may;
2388 2388
2389 switch (cmd) { 2389 switch (cmd) {
2390 case IPC_STAT: 2390 case IPC_STAT:
2391 case MSG_STAT: 2391 case MSG_STAT:
2392 may = MAY_READ; 2392 may = MAY_READ;
2393 break; 2393 break;
2394 case IPC_SET: 2394 case IPC_SET:
2395 case IPC_RMID: 2395 case IPC_RMID:
2396 may = MAY_READWRITE; 2396 may = MAY_READWRITE;
2397 break; 2397 break;
2398 case IPC_INFO: 2398 case IPC_INFO:
2399 case MSG_INFO: 2399 case MSG_INFO:
2400 /* 2400 /*
2401 * System level information 2401 * System level information
2402 */ 2402 */
2403 return 0; 2403 return 0;
2404 default: 2404 default:
2405 return -EINVAL; 2405 return -EINVAL;
2406 } 2406 }
2407 2407
2408 return smk_curacc_msq(msq, may); 2408 return smk_curacc_msq(msq, may);
2409 } 2409 }
2410 2410
2411 /** 2411 /**
2412 * smack_msg_queue_msgsnd - Smack access check for msg_queue 2412 * smack_msg_queue_msgsnd - Smack access check for msg_queue
2413 * @msq: the object 2413 * @msq: the object
2414 * @msg: unused 2414 * @msg: unused
2415 * @msqflg: access requested 2415 * @msqflg: access requested
2416 * 2416 *
2417 * Returns 0 if current has the requested access, error code otherwise 2417 * Returns 0 if current has the requested access, error code otherwise
2418 */ 2418 */
2419 static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, 2419 static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
2420 int msqflg) 2420 int msqflg)
2421 { 2421 {
2422 int may; 2422 int may;
2423 2423
2424 may = smack_flags_to_may(msqflg); 2424 may = smack_flags_to_may(msqflg);
2425 return smk_curacc_msq(msq, may); 2425 return smk_curacc_msq(msq, may);
2426 } 2426 }
2427 2427
2428 /** 2428 /**
2429 * smack_msg_queue_msgsnd - Smack access check for msg_queue 2429 * smack_msg_queue_msgsnd - Smack access check for msg_queue
2430 * @msq: the object 2430 * @msq: the object
2431 * @msg: unused 2431 * @msg: unused
2432 * @target: unused 2432 * @target: unused
2433 * @type: unused 2433 * @type: unused
2434 * @mode: unused 2434 * @mode: unused
2435 * 2435 *
2436 * Returns 0 if current has read and write access, error code otherwise 2436 * Returns 0 if current has read and write access, error code otherwise
2437 */ 2437 */
2438 static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, 2438 static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
2439 struct task_struct *target, long type, int mode) 2439 struct task_struct *target, long type, int mode)
2440 { 2440 {
2441 return smk_curacc_msq(msq, MAY_READWRITE); 2441 return smk_curacc_msq(msq, MAY_READWRITE);
2442 } 2442 }
2443 2443
2444 /** 2444 /**
2445 * smack_ipc_permission - Smack access for ipc_permission() 2445 * smack_ipc_permission - Smack access for ipc_permission()
2446 * @ipp: the object permissions 2446 * @ipp: the object permissions
2447 * @flag: access requested 2447 * @flag: access requested
2448 * 2448 *
2449 * Returns 0 if current has read and write access, error code otherwise 2449 * Returns 0 if current has read and write access, error code otherwise
2450 */ 2450 */
2451 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) 2451 static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
2452 { 2452 {
2453 char *isp = ipp->security; 2453 char *isp = ipp->security;
2454 int may = smack_flags_to_may(flag); 2454 int may = smack_flags_to_may(flag);
2455 struct smk_audit_info ad; 2455 struct smk_audit_info ad;
2456 2456
2457 #ifdef CONFIG_AUDIT 2457 #ifdef CONFIG_AUDIT
2458 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 2458 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2459 ad.a.u.ipc_id = ipp->id; 2459 ad.a.u.ipc_id = ipp->id;
2460 #endif 2460 #endif
2461 return smk_curacc(isp, may, &ad); 2461 return smk_curacc(isp, may, &ad);
2462 } 2462 }
2463 2463
2464 /** 2464 /**
2465 * smack_ipc_getsecid - Extract smack security id 2465 * smack_ipc_getsecid - Extract smack security id
2466 * @ipp: the object permissions 2466 * @ipp: the object permissions
2467 * @secid: where result will be saved 2467 * @secid: where result will be saved
2468 */ 2468 */
2469 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 2469 static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
2470 { 2470 {
2471 char *smack = ipp->security; 2471 char *smack = ipp->security;
2472 2472
2473 *secid = smack_to_secid(smack); 2473 *secid = smack_to_secid(smack);
2474 } 2474 }
2475 2475
2476 /** 2476 /**
2477 * smack_d_instantiate - Make sure the blob is correct on an inode 2477 * smack_d_instantiate - Make sure the blob is correct on an inode
2478 * @opt_dentry: dentry where inode will be attached 2478 * @opt_dentry: dentry where inode will be attached
2479 * @inode: the object 2479 * @inode: the object
2480 * 2480 *
2481 * Set the inode's security blob if it hasn't been done already. 2481 * Set the inode's security blob if it hasn't been done already.
2482 */ 2482 */
2483 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) 2483 static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
2484 { 2484 {
2485 struct super_block *sbp; 2485 struct super_block *sbp;
2486 struct superblock_smack *sbsp; 2486 struct superblock_smack *sbsp;
2487 struct inode_smack *isp; 2487 struct inode_smack *isp;
2488 char *csp = smk_of_current(); 2488 char *csp = smk_of_current();
2489 char *fetched; 2489 char *fetched;
2490 char *final; 2490 char *final;
2491 char trattr[TRANS_TRUE_SIZE]; 2491 char trattr[TRANS_TRUE_SIZE];
2492 int transflag = 0; 2492 int transflag = 0;
2493 struct dentry *dp; 2493 struct dentry *dp;
2494 2494
2495 if (inode == NULL) 2495 if (inode == NULL)
2496 return; 2496 return;
2497 2497
2498 isp = inode->i_security; 2498 isp = inode->i_security;
2499 2499
2500 mutex_lock(&isp->smk_lock); 2500 mutex_lock(&isp->smk_lock);
2501 /* 2501 /*
2502 * If the inode is already instantiated 2502 * If the inode is already instantiated
2503 * take the quick way out 2503 * take the quick way out
2504 */ 2504 */
2505 if (isp->smk_flags & SMK_INODE_INSTANT) 2505 if (isp->smk_flags & SMK_INODE_INSTANT)
2506 goto unlockandout; 2506 goto unlockandout;
2507 2507
2508 sbp = inode->i_sb; 2508 sbp = inode->i_sb;
2509 sbsp = sbp->s_security; 2509 sbsp = sbp->s_security;
2510 /* 2510 /*
2511 * We're going to use the superblock default label 2511 * We're going to use the superblock default label
2512 * if there's no label on the file. 2512 * if there's no label on the file.
2513 */ 2513 */
2514 final = sbsp->smk_default; 2514 final = sbsp->smk_default;
2515 2515
2516 /* 2516 /*
2517 * If this is the root inode the superblock 2517 * If this is the root inode the superblock
2518 * may be in the process of initialization. 2518 * may be in the process of initialization.
2519 * If that is the case use the root value out 2519 * If that is the case use the root value out
2520 * of the superblock. 2520 * of the superblock.
2521 */ 2521 */
2522 if (opt_dentry->d_parent == opt_dentry) { 2522 if (opt_dentry->d_parent == opt_dentry) {
2523 isp->smk_inode = sbsp->smk_root; 2523 isp->smk_inode = sbsp->smk_root;
2524 isp->smk_flags |= SMK_INODE_INSTANT; 2524 isp->smk_flags |= SMK_INODE_INSTANT;
2525 goto unlockandout; 2525 goto unlockandout;
2526 } 2526 }
2527 2527
2528 /* 2528 /*
2529 * This is pretty hackish. 2529 * This is pretty hackish.
2530 * Casey says that we shouldn't have to do 2530 * Casey says that we shouldn't have to do
2531 * file system specific code, but it does help 2531 * file system specific code, but it does help
2532 * with keeping it simple. 2532 * with keeping it simple.
2533 */ 2533 */
2534 switch (sbp->s_magic) { 2534 switch (sbp->s_magic) {
2535 case SMACK_MAGIC: 2535 case SMACK_MAGIC:
2536 /* 2536 /*
2537 * Casey says that it's a little embarassing 2537 * Casey says that it's a little embarassing
2538 * that the smack file system doesn't do 2538 * that the smack file system doesn't do
2539 * extended attributes. 2539 * extended attributes.
2540 */ 2540 */
2541 final = smack_known_star.smk_known; 2541 final = smack_known_star.smk_known;
2542 break; 2542 break;
2543 case PIPEFS_MAGIC: 2543 case PIPEFS_MAGIC:
2544 /* 2544 /*
2545 * Casey says pipes are easy (?) 2545 * Casey says pipes are easy (?)
2546 */ 2546 */
2547 final = smack_known_star.smk_known; 2547 final = smack_known_star.smk_known;
2548 break; 2548 break;
2549 case DEVPTS_SUPER_MAGIC: 2549 case DEVPTS_SUPER_MAGIC:
2550 /* 2550 /*
2551 * devpts seems content with the label of the task. 2551 * devpts seems content with the label of the task.
2552 * Programs that change smack have to treat the 2552 * Programs that change smack have to treat the
2553 * pty with respect. 2553 * pty with respect.
2554 */ 2554 */
2555 final = csp; 2555 final = csp;
2556 break; 2556 break;
2557 case SOCKFS_MAGIC: 2557 case SOCKFS_MAGIC:
2558 /* 2558 /*
2559 * Socket access is controlled by the socket 2559 * Socket access is controlled by the socket
2560 * structures associated with the task involved. 2560 * structures associated with the task involved.
2561 */ 2561 */
2562 final = smack_known_star.smk_known; 2562 final = smack_known_star.smk_known;
2563 break; 2563 break;
2564 case PROC_SUPER_MAGIC: 2564 case PROC_SUPER_MAGIC:
2565 /* 2565 /*
2566 * Casey says procfs appears not to care. 2566 * Casey says procfs appears not to care.
2567 * The superblock default suffices. 2567 * The superblock default suffices.
2568 */ 2568 */
2569 break; 2569 break;
2570 case TMPFS_MAGIC: 2570 case TMPFS_MAGIC:
2571 /* 2571 /*
2572 * Device labels should come from the filesystem, 2572 * Device labels should come from the filesystem,
2573 * but watch out, because they're volitile, 2573 * but watch out, because they're volitile,
2574 * getting recreated on every reboot. 2574 * getting recreated on every reboot.
2575 */ 2575 */
2576 final = smack_known_star.smk_known; 2576 final = smack_known_star.smk_known;
2577 /* 2577 /*
2578 * No break. 2578 * No break.
2579 * 2579 *
2580 * If a smack value has been set we want to use it, 2580 * If a smack value has been set we want to use it,
2581 * but since tmpfs isn't giving us the opportunity 2581 * but since tmpfs isn't giving us the opportunity
2582 * to set mount options simulate setting the 2582 * to set mount options simulate setting the
2583 * superblock default. 2583 * superblock default.
2584 */ 2584 */
2585 default: 2585 default:
2586 /* 2586 /*
2587 * This isn't an understood special case. 2587 * This isn't an understood special case.
2588 * Get the value from the xattr. 2588 * Get the value from the xattr.
2589 */ 2589 */
2590 2590
2591 /* 2591 /*
2592 * UNIX domain sockets use lower level socket data. 2592 * UNIX domain sockets use lower level socket data.
2593 */ 2593 */
2594 if (S_ISSOCK(inode->i_mode)) { 2594 if (S_ISSOCK(inode->i_mode)) {
2595 final = smack_known_star.smk_known; 2595 final = smack_known_star.smk_known;
2596 break; 2596 break;
2597 } 2597 }
2598 /* 2598 /*
2599 * No xattr support means, alas, no SMACK label. 2599 * No xattr support means, alas, no SMACK label.
2600 * Use the aforeapplied default. 2600 * Use the aforeapplied default.
2601 * It would be curious if the label of the task 2601 * It would be curious if the label of the task
2602 * does not match that assigned. 2602 * does not match that assigned.
2603 */ 2603 */
2604 if (inode->i_op->getxattr == NULL) 2604 if (inode->i_op->getxattr == NULL)
2605 break; 2605 break;
2606 /* 2606 /*
2607 * Get the dentry for xattr. 2607 * Get the dentry for xattr.
2608 */ 2608 */
2609 dp = dget(opt_dentry); 2609 dp = dget(opt_dentry);
2610 fetched = smk_fetch(XATTR_NAME_SMACK, inode, dp); 2610 fetched = smk_fetch(XATTR_NAME_SMACK, inode, dp);
2611 if (fetched != NULL) { 2611 if (fetched != NULL) {
2612 final = fetched; 2612 final = fetched;
2613 if (S_ISDIR(inode->i_mode)) { 2613 if (S_ISDIR(inode->i_mode)) {
2614 trattr[0] = '\0'; 2614 trattr[0] = '\0';
2615 inode->i_op->getxattr(dp, 2615 inode->i_op->getxattr(dp,
2616 XATTR_NAME_SMACKTRANSMUTE, 2616 XATTR_NAME_SMACKTRANSMUTE,
2617 trattr, TRANS_TRUE_SIZE); 2617 trattr, TRANS_TRUE_SIZE);
2618 if (strncmp(trattr, TRANS_TRUE, 2618 if (strncmp(trattr, TRANS_TRUE,
2619 TRANS_TRUE_SIZE) == 0) 2619 TRANS_TRUE_SIZE) == 0)
2620 transflag = SMK_INODE_TRANSMUTE; 2620 transflag = SMK_INODE_TRANSMUTE;
2621 } 2621 }
2622 } 2622 }
2623 isp->smk_task = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp); 2623 isp->smk_task = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
2624 isp->smk_mmap = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp); 2624 isp->smk_mmap = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
2625 2625
2626 dput(dp); 2626 dput(dp);
2627 break; 2627 break;
2628 } 2628 }
2629 2629
2630 if (final == NULL) 2630 if (final == NULL)
2631 isp->smk_inode = csp; 2631 isp->smk_inode = csp;
2632 else 2632 else
2633 isp->smk_inode = final; 2633 isp->smk_inode = final;
2634 2634
2635 isp->smk_flags |= (SMK_INODE_INSTANT | transflag); 2635 isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
2636 2636
2637 unlockandout: 2637 unlockandout:
2638 mutex_unlock(&isp->smk_lock); 2638 mutex_unlock(&isp->smk_lock);
2639 return; 2639 return;
2640 } 2640 }
2641 2641
2642 /** 2642 /**
2643 * smack_getprocattr - Smack process attribute access 2643 * smack_getprocattr - Smack process attribute access
2644 * @p: the object task 2644 * @p: the object task
2645 * @name: the name of the attribute in /proc/.../attr 2645 * @name: the name of the attribute in /proc/.../attr
2646 * @value: where to put the result 2646 * @value: where to put the result
2647 * 2647 *
2648 * Places a copy of the task Smack into value 2648 * Places a copy of the task Smack into value
2649 * 2649 *
2650 * Returns the length of the smack label or an error code 2650 * Returns the length of the smack label or an error code
2651 */ 2651 */
2652 static int smack_getprocattr(struct task_struct *p, char *name, char **value) 2652 static int smack_getprocattr(struct task_struct *p, char *name, char **value)
2653 { 2653 {
2654 char *cp; 2654 char *cp;
2655 int slen; 2655 int slen;
2656 2656
2657 if (strcmp(name, "current") != 0) 2657 if (strcmp(name, "current") != 0)
2658 return -EINVAL; 2658 return -EINVAL;
2659 2659
2660 cp = kstrdup(smk_of_task(task_security(p)), GFP_KERNEL); 2660 cp = kstrdup(smk_of_task(task_security(p)), GFP_KERNEL);
2661 if (cp == NULL) 2661 if (cp == NULL)
2662 return -ENOMEM; 2662 return -ENOMEM;
2663 2663
2664 slen = strlen(cp); 2664 slen = strlen(cp);
2665 *value = cp; 2665 *value = cp;
2666 return slen; 2666 return slen;
2667 } 2667 }
2668 2668
2669 /** 2669 /**
2670 * smack_setprocattr - Smack process attribute setting 2670 * smack_setprocattr - Smack process attribute setting
2671 * @p: the object task 2671 * @p: the object task
2672 * @name: the name of the attribute in /proc/.../attr 2672 * @name: the name of the attribute in /proc/.../attr
2673 * @value: the value to set 2673 * @value: the value to set
2674 * @size: the size of the value 2674 * @size: the size of the value
2675 * 2675 *
2676 * Sets the Smack value of the task. Only setting self 2676 * Sets the Smack value of the task. Only setting self
2677 * is permitted and only with privilege 2677 * is permitted and only with privilege
2678 * 2678 *
2679 * Returns the length of the smack label or an error code 2679 * Returns the length of the smack label or an error code
2680 */ 2680 */
2681 static int smack_setprocattr(struct task_struct *p, char *name, 2681 static int smack_setprocattr(struct task_struct *p, char *name,
2682 void *value, size_t size) 2682 void *value, size_t size)
2683 { 2683 {
2684 int rc; 2684 int rc;
2685 struct task_smack *tsp; 2685 struct task_smack *tsp;
2686 struct task_smack *oldtsp; 2686 struct task_smack *oldtsp;
2687 struct cred *new; 2687 struct cred *new;
2688 char *newsmack; 2688 char *newsmack;
2689 2689
2690 /* 2690 /*
2691 * Changing another process' Smack value is too dangerous 2691 * Changing another process' Smack value is too dangerous
2692 * and supports no sane use case. 2692 * and supports no sane use case.
2693 */ 2693 */
2694 if (p != current) 2694 if (p != current)
2695 return -EPERM; 2695 return -EPERM;
2696 2696
2697 if (!capable(CAP_MAC_ADMIN)) 2697 if (!capable(CAP_MAC_ADMIN))
2698 return -EPERM; 2698 return -EPERM;
2699 2699
2700 if (value == NULL || size == 0 || size >= SMK_LABELLEN) 2700 if (value == NULL || size == 0 || size >= SMK_LABELLEN)
2701 return -EINVAL; 2701 return -EINVAL;
2702 2702
2703 if (strcmp(name, "current") != 0) 2703 if (strcmp(name, "current") != 0)
2704 return -EINVAL; 2704 return -EINVAL;
2705 2705
2706 newsmack = smk_import(value, size); 2706 newsmack = smk_import(value, size);
2707 if (newsmack == NULL) 2707 if (newsmack == NULL)
2708 return -EINVAL; 2708 return -EINVAL;
2709 2709
2710 /* 2710 /*
2711 * No process is ever allowed the web ("@") label. 2711 * No process is ever allowed the web ("@") label.
2712 */ 2712 */
2713 if (newsmack == smack_known_web.smk_known) 2713 if (newsmack == smack_known_web.smk_known)
2714 return -EPERM; 2714 return -EPERM;
2715 2715
2716 oldtsp = p->cred->security; 2716 oldtsp = p->cred->security;
2717 new = prepare_creds(); 2717 new = prepare_creds();
2718 if (new == NULL) 2718 if (new == NULL)
2719 return -ENOMEM; 2719 return -ENOMEM;
2720 2720
2721 tsp = new_task_smack(newsmack, oldtsp->smk_forked, GFP_KERNEL); 2721 tsp = new_task_smack(newsmack, oldtsp->smk_forked, GFP_KERNEL);
2722 if (tsp == NULL) { 2722 if (tsp == NULL) {
2723 kfree(new); 2723 kfree(new);
2724 return -ENOMEM; 2724 return -ENOMEM;
2725 } 2725 }
2726 rc = smk_copy_rules(&tsp->smk_rules, &oldtsp->smk_rules, GFP_KERNEL); 2726 rc = smk_copy_rules(&tsp->smk_rules, &oldtsp->smk_rules, GFP_KERNEL);
2727 if (rc != 0) 2727 if (rc != 0)
2728 return rc; 2728 return rc;
2729 2729
2730 new->security = tsp; 2730 new->security = tsp;
2731 commit_creds(new); 2731 commit_creds(new);
2732 return size; 2732 return size;
2733 } 2733 }
2734 2734
2735 /** 2735 /**
2736 * smack_unix_stream_connect - Smack access on UDS 2736 * smack_unix_stream_connect - Smack access on UDS
2737 * @sock: one sock 2737 * @sock: one sock
2738 * @other: the other sock 2738 * @other: the other sock
2739 * @newsk: unused 2739 * @newsk: unused
2740 * 2740 *
2741 * Return 0 if a subject with the smack of sock could access 2741 * Return 0 if a subject with the smack of sock could access
2742 * an object with the smack of other, otherwise an error code 2742 * an object with the smack of other, otherwise an error code
2743 */ 2743 */
2744 static int smack_unix_stream_connect(struct sock *sock, 2744 static int smack_unix_stream_connect(struct sock *sock,
2745 struct sock *other, struct sock *newsk) 2745 struct sock *other, struct sock *newsk)
2746 { 2746 {
2747 struct socket_smack *ssp = sock->sk_security; 2747 struct socket_smack *ssp = sock->sk_security;
2748 struct socket_smack *osp = other->sk_security; 2748 struct socket_smack *osp = other->sk_security;
2749 struct smk_audit_info ad; 2749 struct smk_audit_info ad;
2750 int rc = 0; 2750 int rc = 0;
2751 2751
2752 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); 2752 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
2753 smk_ad_setfield_u_net_sk(&ad, other); 2753 smk_ad_setfield_u_net_sk(&ad, other);
2754 2754
2755 if (!capable(CAP_MAC_OVERRIDE)) 2755 if (!capable(CAP_MAC_OVERRIDE))
2756 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); 2756 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
2757 2757
2758 return rc; 2758 return rc;
2759 } 2759 }
2760 2760
2761 /** 2761 /**
2762 * smack_unix_may_send - Smack access on UDS 2762 * smack_unix_may_send - Smack access on UDS
2763 * @sock: one socket 2763 * @sock: one socket
2764 * @other: the other socket 2764 * @other: the other socket
2765 * 2765 *
2766 * Return 0 if a subject with the smack of sock could access 2766 * Return 0 if a subject with the smack of sock could access
2767 * an object with the smack of other, otherwise an error code 2767 * an object with the smack of other, otherwise an error code
2768 */ 2768 */
2769 static int smack_unix_may_send(struct socket *sock, struct socket *other) 2769 static int smack_unix_may_send(struct socket *sock, struct socket *other)
2770 { 2770 {
2771 struct socket_smack *ssp = sock->sk->sk_security; 2771 struct socket_smack *ssp = sock->sk->sk_security;
2772 struct socket_smack *osp = other->sk->sk_security; 2772 struct socket_smack *osp = other->sk->sk_security;
2773 struct smk_audit_info ad; 2773 struct smk_audit_info ad;
2774 int rc = 0; 2774 int rc = 0;
2775 2775
2776 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); 2776 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
2777 smk_ad_setfield_u_net_sk(&ad, other->sk); 2777 smk_ad_setfield_u_net_sk(&ad, other->sk);
2778 2778
2779 if (!capable(CAP_MAC_OVERRIDE)) 2779 if (!capable(CAP_MAC_OVERRIDE))
2780 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad); 2780 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
2781 2781
2782 return rc; 2782 return rc;
2783 } 2783 }
2784 2784
2785 /** 2785 /**
2786 * smack_socket_sendmsg - Smack check based on destination host 2786 * smack_socket_sendmsg - Smack check based on destination host
2787 * @sock: the socket 2787 * @sock: the socket
2788 * @msg: the message 2788 * @msg: the message
2789 * @size: the size of the message 2789 * @size: the size of the message
2790 * 2790 *
2791 * Return 0 if the current subject can write to the destination 2791 * Return 0 if the current subject can write to the destination
2792 * host. This is only a question if the destination is a single 2792 * host. This is only a question if the destination is a single
2793 * label host. 2793 * label host.
2794 */ 2794 */
2795 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, 2795 static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
2796 int size) 2796 int size)
2797 { 2797 {
2798 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; 2798 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
2799 2799
2800 /* 2800 /*
2801 * Perfectly reasonable for this to be NULL 2801 * Perfectly reasonable for this to be NULL
2802 */ 2802 */
2803 if (sip == NULL || sip->sin_family != AF_INET) 2803 if (sip == NULL || sip->sin_family != AF_INET)
2804 return 0; 2804 return 0;
2805 2805
2806 return smack_netlabel_send(sock->sk, sip); 2806 return smack_netlabel_send(sock->sk, sip);
2807 } 2807 }
2808 2808
2809 2809
2810 /** 2810 /**
2811 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack 2811 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
2812 * @sap: netlabel secattr 2812 * @sap: netlabel secattr
2813 * @sip: where to put the result 2813 * @sip: where to put the result
2814 * 2814 *
2815 * Copies a smack label into sip 2815 * Copies a smack label into sip
2816 */ 2816 */
2817 static void smack_from_secattr(struct netlbl_lsm_secattr *sap, char *sip) 2817 static void smack_from_secattr(struct netlbl_lsm_secattr *sap, char *sip)
2818 { 2818 {
2819 char smack[SMK_LABELLEN]; 2819 char smack[SMK_LABELLEN];
2820 char *sp; 2820 char *sp;
2821 int pcat; 2821 int pcat;
2822 2822
2823 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) { 2823 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
2824 /* 2824 /*
2825 * Looks like a CIPSO packet. 2825 * Looks like a CIPSO packet.
2826 * If there are flags but no level netlabel isn't 2826 * If there are flags but no level netlabel isn't
2827 * behaving the way we expect it to. 2827 * behaving the way we expect it to.
2828 * 2828 *
2829 * Get the categories, if any 2829 * Get the categories, if any
2830 * Without guidance regarding the smack value 2830 * Without guidance regarding the smack value
2831 * for the packet fall back on the network 2831 * for the packet fall back on the network
2832 * ambient value. 2832 * ambient value.
2833 */ 2833 */
2834 memset(smack, '\0', SMK_LABELLEN); 2834 memset(smack, '\0', SMK_LABELLEN);
2835 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) != 0) 2835 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) != 0)
2836 for (pcat = -1;;) { 2836 for (pcat = -1;;) {
2837 pcat = netlbl_secattr_catmap_walk( 2837 pcat = netlbl_secattr_catmap_walk(
2838 sap->attr.mls.cat, pcat + 1); 2838 sap->attr.mls.cat, pcat + 1);
2839 if (pcat < 0) 2839 if (pcat < 0)
2840 break; 2840 break;
2841 smack_catset_bit(pcat, smack); 2841 smack_catset_bit(pcat, smack);
2842 } 2842 }
2843 /* 2843 /*
2844 * If it is CIPSO using smack direct mapping 2844 * If it is CIPSO using smack direct mapping
2845 * we are already done. WeeHee. 2845 * we are already done. WeeHee.
2846 */ 2846 */
2847 if (sap->attr.mls.lvl == smack_cipso_direct) { 2847 if (sap->attr.mls.lvl == smack_cipso_direct) {
2848 memcpy(sip, smack, SMK_MAXLEN); 2848 memcpy(sip, smack, SMK_MAXLEN);
2849 return; 2849 return;
2850 } 2850 }
2851 /* 2851 /*
2852 * Look it up in the supplied table if it is not 2852 * Look it up in the supplied table if it is not
2853 * a direct mapping. 2853 * a direct mapping.
2854 */ 2854 */
2855 smack_from_cipso(sap->attr.mls.lvl, smack, sip); 2855 smack_from_cipso(sap->attr.mls.lvl, smack, sip);
2856 return; 2856 return;
2857 } 2857 }
2858 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) { 2858 if ((sap->flags & NETLBL_SECATTR_SECID) != 0) {
2859 /* 2859 /*
2860 * Looks like a fallback, which gives us a secid. 2860 * Looks like a fallback, which gives us a secid.
2861 */ 2861 */
2862 sp = smack_from_secid(sap->attr.secid); 2862 sp = smack_from_secid(sap->attr.secid);
2863 /* 2863 /*
2864 * This has got to be a bug because it is 2864 * This has got to be a bug because it is
2865 * impossible to specify a fallback without 2865 * impossible to specify a fallback without
2866 * specifying the label, which will ensure 2866 * specifying the label, which will ensure
2867 * it has a secid, and the only way to get a 2867 * it has a secid, and the only way to get a
2868 * secid is from a fallback. 2868 * secid is from a fallback.
2869 */ 2869 */
2870 BUG_ON(sp == NULL); 2870 BUG_ON(sp == NULL);
2871 strncpy(sip, sp, SMK_MAXLEN); 2871 strncpy(sip, sp, SMK_MAXLEN);
2872 return; 2872 return;
2873 } 2873 }
2874 /* 2874 /*
2875 * Without guidance regarding the smack value 2875 * Without guidance regarding the smack value
2876 * for the packet fall back on the network 2876 * for the packet fall back on the network
2877 * ambient value. 2877 * ambient value.
2878 */ 2878 */
2879 strncpy(sip, smack_net_ambient, SMK_MAXLEN); 2879 strncpy(sip, smack_net_ambient, SMK_MAXLEN);
2880 return; 2880 return;
2881 } 2881 }
2882 2882
2883 /** 2883 /**
2884 * smack_socket_sock_rcv_skb - Smack packet delivery access check 2884 * smack_socket_sock_rcv_skb - Smack packet delivery access check
2885 * @sk: socket 2885 * @sk: socket
2886 * @skb: packet 2886 * @skb: packet
2887 * 2887 *
2888 * Returns 0 if the packet should be delivered, an error code otherwise 2888 * Returns 0 if the packet should be delivered, an error code otherwise
2889 */ 2889 */
2890 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 2890 static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
2891 { 2891 {
2892 struct netlbl_lsm_secattr secattr; 2892 struct netlbl_lsm_secattr secattr;
2893 struct socket_smack *ssp = sk->sk_security; 2893 struct socket_smack *ssp = sk->sk_security;
2894 char smack[SMK_LABELLEN]; 2894 char smack[SMK_LABELLEN];
2895 char *csp; 2895 char *csp;
2896 int rc; 2896 int rc;
2897 struct smk_audit_info ad; 2897 struct smk_audit_info ad;
2898 if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6) 2898 if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)
2899 return 0; 2899 return 0;
2900 2900
2901 /* 2901 /*
2902 * Translate what netlabel gave us. 2902 * Translate what netlabel gave us.
2903 */ 2903 */
2904 netlbl_secattr_init(&secattr); 2904 netlbl_secattr_init(&secattr);
2905 2905
2906 rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr); 2906 rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr);
2907 if (rc == 0) { 2907 if (rc == 0) {
2908 smack_from_secattr(&secattr, smack); 2908 smack_from_secattr(&secattr, smack);
2909 csp = smack; 2909 csp = smack;
2910 } else 2910 } else
2911 csp = smack_net_ambient; 2911 csp = smack_net_ambient;
2912 2912
2913 netlbl_secattr_destroy(&secattr); 2913 netlbl_secattr_destroy(&secattr);
2914 2914
2915 #ifdef CONFIG_AUDIT 2915 #ifdef CONFIG_AUDIT
2916 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); 2916 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
2917 ad.a.u.net.family = sk->sk_family; 2917 ad.a.u.net.family = sk->sk_family;
2918 ad.a.u.net.netif = skb->skb_iif; 2918 ad.a.u.net.netif = skb->skb_iif;
2919 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 2919 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
2920 #endif 2920 #endif
2921 /* 2921 /*
2922 * Receiving a packet requires that the other end 2922 * Receiving a packet requires that the other end
2923 * be able to write here. Read access is not required. 2923 * be able to write here. Read access is not required.
2924 * This is the simplist possible security model 2924 * This is the simplist possible security model
2925 * for networking. 2925 * for networking.
2926 */ 2926 */
2927 rc = smk_access(csp, ssp->smk_in, MAY_WRITE, &ad); 2927 rc = smk_access(csp, ssp->smk_in, MAY_WRITE, &ad);
2928 if (rc != 0) 2928 if (rc != 0)
2929 netlbl_skbuff_err(skb, rc, 0); 2929 netlbl_skbuff_err(skb, rc, 0);
2930 return rc; 2930 return rc;
2931 } 2931 }
2932 2932
2933 /** 2933 /**
2934 * smack_socket_getpeersec_stream - pull in packet label 2934 * smack_socket_getpeersec_stream - pull in packet label
2935 * @sock: the socket 2935 * @sock: the socket
2936 * @optval: user's destination 2936 * @optval: user's destination
2937 * @optlen: size thereof 2937 * @optlen: size thereof
2938 * @len: max thereof 2938 * @len: max thereof
2939 * 2939 *
2940 * returns zero on success, an error code otherwise 2940 * returns zero on success, an error code otherwise
2941 */ 2941 */
2942 static int smack_socket_getpeersec_stream(struct socket *sock, 2942 static int smack_socket_getpeersec_stream(struct socket *sock,
2943 char __user *optval, 2943 char __user *optval,
2944 int __user *optlen, unsigned len) 2944 int __user *optlen, unsigned len)
2945 { 2945 {
2946 struct socket_smack *ssp; 2946 struct socket_smack *ssp;
2947 int slen; 2947 int slen;
2948 int rc = 0; 2948 int rc = 0;
2949 2949
2950 ssp = sock->sk->sk_security; 2950 ssp = sock->sk->sk_security;
2951 slen = strlen(ssp->smk_packet) + 1; 2951 slen = strlen(ssp->smk_packet) + 1;
2952 2952
2953 if (slen > len) 2953 if (slen > len)
2954 rc = -ERANGE; 2954 rc = -ERANGE;
2955 else if (copy_to_user(optval, ssp->smk_packet, slen) != 0) 2955 else if (copy_to_user(optval, ssp->smk_packet, slen) != 0)
2956 rc = -EFAULT; 2956 rc = -EFAULT;
2957 2957
2958 if (put_user(slen, optlen) != 0) 2958 if (put_user(slen, optlen) != 0)
2959 rc = -EFAULT; 2959 rc = -EFAULT;
2960 2960
2961 return rc; 2961 return rc;
2962 } 2962 }
2963 2963
2964 2964
2965 /** 2965 /**
2966 * smack_socket_getpeersec_dgram - pull in packet label 2966 * smack_socket_getpeersec_dgram - pull in packet label
2967 * @sock: the peer socket 2967 * @sock: the peer socket
2968 * @skb: packet data 2968 * @skb: packet data
2969 * @secid: pointer to where to put the secid of the packet 2969 * @secid: pointer to where to put the secid of the packet
2970 * 2970 *
2971 * Sets the netlabel socket state on sk from parent 2971 * Sets the netlabel socket state on sk from parent
2972 */ 2972 */
2973 static int smack_socket_getpeersec_dgram(struct socket *sock, 2973 static int smack_socket_getpeersec_dgram(struct socket *sock,
2974 struct sk_buff *skb, u32 *secid) 2974 struct sk_buff *skb, u32 *secid)
2975 2975
2976 { 2976 {
2977 struct netlbl_lsm_secattr secattr; 2977 struct netlbl_lsm_secattr secattr;
2978 struct socket_smack *sp; 2978 struct socket_smack *sp;
2979 char smack[SMK_LABELLEN]; 2979 char smack[SMK_LABELLEN];
2980 int family = PF_UNSPEC; 2980 int family = PF_UNSPEC;
2981 u32 s = 0; /* 0 is the invalid secid */ 2981 u32 s = 0; /* 0 is the invalid secid */
2982 int rc; 2982 int rc;
2983 2983
2984 if (skb != NULL) { 2984 if (skb != NULL) {
2985 if (skb->protocol == htons(ETH_P_IP)) 2985 if (skb->protocol == htons(ETH_P_IP))
2986 family = PF_INET; 2986 family = PF_INET;
2987 else if (skb->protocol == htons(ETH_P_IPV6)) 2987 else if (skb->protocol == htons(ETH_P_IPV6))
2988 family = PF_INET6; 2988 family = PF_INET6;
2989 } 2989 }
2990 if (family == PF_UNSPEC && sock != NULL) 2990 if (family == PF_UNSPEC && sock != NULL)
2991 family = sock->sk->sk_family; 2991 family = sock->sk->sk_family;
2992 2992
2993 if (family == PF_UNIX) { 2993 if (family == PF_UNIX) {
2994 sp = sock->sk->sk_security; 2994 sp = sock->sk->sk_security;
2995 s = smack_to_secid(sp->smk_out); 2995 s = smack_to_secid(sp->smk_out);
2996 } else if (family == PF_INET || family == PF_INET6) { 2996 } else if (family == PF_INET || family == PF_INET6) {
2997 /* 2997 /*
2998 * Translate what netlabel gave us. 2998 * Translate what netlabel gave us.
2999 */ 2999 */
3000 netlbl_secattr_init(&secattr); 3000 netlbl_secattr_init(&secattr);
3001 rc = netlbl_skbuff_getattr(skb, family, &secattr); 3001 rc = netlbl_skbuff_getattr(skb, family, &secattr);
3002 if (rc == 0) { 3002 if (rc == 0) {
3003 smack_from_secattr(&secattr, smack); 3003 smack_from_secattr(&secattr, smack);
3004 s = smack_to_secid(smack); 3004 s = smack_to_secid(smack);
3005 } 3005 }
3006 netlbl_secattr_destroy(&secattr); 3006 netlbl_secattr_destroy(&secattr);
3007 } 3007 }
3008 *secid = s; 3008 *secid = s;
3009 if (s == 0) 3009 if (s == 0)
3010 return -EINVAL; 3010 return -EINVAL;
3011 return 0; 3011 return 0;
3012 } 3012 }
3013 3013
3014 /** 3014 /**
3015 * smack_sock_graft - Initialize a newly created socket with an existing sock 3015 * smack_sock_graft - Initialize a newly created socket with an existing sock
3016 * @sk: child sock 3016 * @sk: child sock
3017 * @parent: parent socket 3017 * @parent: parent socket
3018 * 3018 *
3019 * Set the smk_{in,out} state of an existing sock based on the process that 3019 * Set the smk_{in,out} state of an existing sock based on the process that
3020 * is creating the new socket. 3020 * is creating the new socket.
3021 */ 3021 */
3022 static void smack_sock_graft(struct sock *sk, struct socket *parent) 3022 static void smack_sock_graft(struct sock *sk, struct socket *parent)
3023 { 3023 {
3024 struct socket_smack *ssp; 3024 struct socket_smack *ssp;
3025 3025
3026 if (sk == NULL || 3026 if (sk == NULL ||
3027 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)) 3027 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
3028 return; 3028 return;
3029 3029
3030 ssp = sk->sk_security; 3030 ssp = sk->sk_security;
3031 ssp->smk_in = ssp->smk_out = smk_of_current(); 3031 ssp->smk_in = ssp->smk_out = smk_of_current();
3032 /* cssp->smk_packet is already set in smack_inet_csk_clone() */ 3032 /* cssp->smk_packet is already set in smack_inet_csk_clone() */
3033 } 3033 }
3034 3034
3035 /** 3035 /**
3036 * smack_inet_conn_request - Smack access check on connect 3036 * smack_inet_conn_request - Smack access check on connect
3037 * @sk: socket involved 3037 * @sk: socket involved
3038 * @skb: packet 3038 * @skb: packet
3039 * @req: unused 3039 * @req: unused
3040 * 3040 *
3041 * Returns 0 if a task with the packet label could write to 3041 * Returns 0 if a task with the packet label could write to
3042 * the socket, otherwise an error code 3042 * the socket, otherwise an error code
3043 */ 3043 */
3044 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, 3044 static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
3045 struct request_sock *req) 3045 struct request_sock *req)
3046 { 3046 {
3047 u16 family = sk->sk_family; 3047 u16 family = sk->sk_family;
3048 struct socket_smack *ssp = sk->sk_security; 3048 struct socket_smack *ssp = sk->sk_security;
3049 struct netlbl_lsm_secattr secattr; 3049 struct netlbl_lsm_secattr secattr;
3050 struct sockaddr_in addr; 3050 struct sockaddr_in addr;
3051 struct iphdr *hdr; 3051 struct iphdr *hdr;
3052 char smack[SMK_LABELLEN]; 3052 char smack[SMK_LABELLEN];
3053 int rc; 3053 int rc;
3054 struct smk_audit_info ad; 3054 struct smk_audit_info ad;
3055 3055
3056 /* handle mapped IPv4 packets arriving via IPv6 sockets */ 3056 /* handle mapped IPv4 packets arriving via IPv6 sockets */
3057 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) 3057 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
3058 family = PF_INET; 3058 family = PF_INET;
3059 3059
3060 netlbl_secattr_init(&secattr); 3060 netlbl_secattr_init(&secattr);
3061 rc = netlbl_skbuff_getattr(skb, family, &secattr); 3061 rc = netlbl_skbuff_getattr(skb, family, &secattr);
3062 if (rc == 0) 3062 if (rc == 0)
3063 smack_from_secattr(&secattr, smack); 3063 smack_from_secattr(&secattr, smack);
3064 else 3064 else
3065 strncpy(smack, smack_known_huh.smk_known, SMK_MAXLEN); 3065 strncpy(smack, smack_known_huh.smk_known, SMK_MAXLEN);
3066 netlbl_secattr_destroy(&secattr); 3066 netlbl_secattr_destroy(&secattr);
3067 3067
3068 #ifdef CONFIG_AUDIT 3068 #ifdef CONFIG_AUDIT
3069 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); 3069 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
3070 ad.a.u.net.family = family; 3070 ad.a.u.net.family = family;
3071 ad.a.u.net.netif = skb->skb_iif; 3071 ad.a.u.net.netif = skb->skb_iif;
3072 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 3072 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3073 #endif 3073 #endif
3074 /* 3074 /*
3075 * Receiving a packet requires that the other end be able to write 3075 * Receiving a packet requires that the other end be able to write
3076 * here. Read access is not required. 3076 * here. Read access is not required.
3077 */ 3077 */
3078 rc = smk_access(smack, ssp->smk_in, MAY_WRITE, &ad); 3078 rc = smk_access(smack, ssp->smk_in, MAY_WRITE, &ad);
3079 if (rc != 0) 3079 if (rc != 0)
3080 return rc; 3080 return rc;
3081 3081
3082 /* 3082 /*
3083 * Save the peer's label in the request_sock so we can later setup 3083 * Save the peer's label in the request_sock so we can later setup
3084 * smk_packet in the child socket so that SO_PEERCRED can report it. 3084 * smk_packet in the child socket so that SO_PEERCRED can report it.
3085 */ 3085 */
3086 req->peer_secid = smack_to_secid(smack); 3086 req->peer_secid = smack_to_secid(smack);
3087 3087
3088 /* 3088 /*
3089 * We need to decide if we want to label the incoming connection here 3089 * We need to decide if we want to label the incoming connection here
3090 * if we do we only need to label the request_sock and the stack will 3090 * if we do we only need to label the request_sock and the stack will
3091 * propogate the wire-label to the sock when it is created. 3091 * propogate the wire-label to the sock when it is created.
3092 */ 3092 */
3093 hdr = ip_hdr(skb); 3093 hdr = ip_hdr(skb);
3094 addr.sin_addr.s_addr = hdr->saddr; 3094 addr.sin_addr.s_addr = hdr->saddr;
3095 rcu_read_lock(); 3095 rcu_read_lock();
3096 if (smack_host_label(&addr) == NULL) { 3096 if (smack_host_label(&addr) == NULL) {
3097 rcu_read_unlock(); 3097 rcu_read_unlock();
3098 netlbl_secattr_init(&secattr); 3098 netlbl_secattr_init(&secattr);
3099 smack_to_secattr(smack, &secattr); 3099 smack_to_secattr(smack, &secattr);
3100 rc = netlbl_req_setattr(req, &secattr); 3100 rc = netlbl_req_setattr(req, &secattr);
3101 netlbl_secattr_destroy(&secattr); 3101 netlbl_secattr_destroy(&secattr);
3102 } else { 3102 } else {
3103 rcu_read_unlock(); 3103 rcu_read_unlock();
3104 netlbl_req_delattr(req); 3104 netlbl_req_delattr(req);
3105 } 3105 }
3106 3106
3107 return rc; 3107 return rc;
3108 } 3108 }
3109 3109
3110 /** 3110 /**
3111 * smack_inet_csk_clone - Copy the connection information to the new socket 3111 * smack_inet_csk_clone - Copy the connection information to the new socket
3112 * @sk: the new socket 3112 * @sk: the new socket
3113 * @req: the connection's request_sock 3113 * @req: the connection's request_sock
3114 * 3114 *
3115 * Transfer the connection's peer label to the newly created socket. 3115 * Transfer the connection's peer label to the newly created socket.
3116 */ 3116 */
3117 static void smack_inet_csk_clone(struct sock *sk, 3117 static void smack_inet_csk_clone(struct sock *sk,
3118 const struct request_sock *req) 3118 const struct request_sock *req)
3119 { 3119 {
3120 struct socket_smack *ssp = sk->sk_security; 3120 struct socket_smack *ssp = sk->sk_security;
3121 char *smack; 3121 char *smack;
3122 3122
3123 if (req->peer_secid != 0) { 3123 if (req->peer_secid != 0) {
3124 smack = smack_from_secid(req->peer_secid); 3124 smack = smack_from_secid(req->peer_secid);
3125 strncpy(ssp->smk_packet, smack, SMK_MAXLEN); 3125 strncpy(ssp->smk_packet, smack, SMK_MAXLEN);
3126 } else 3126 } else
3127 ssp->smk_packet[0] = '\0'; 3127 ssp->smk_packet[0] = '\0';
3128 } 3128 }
3129 3129
3130 /* 3130 /*
3131 * Key management security hooks 3131 * Key management security hooks
3132 * 3132 *
3133 * Casey has not tested key support very heavily. 3133 * Casey has not tested key support very heavily.
3134 * The permission check is most likely too restrictive. 3134 * The permission check is most likely too restrictive.
3135 * If you care about keys please have a look. 3135 * If you care about keys please have a look.
3136 */ 3136 */
3137 #ifdef CONFIG_KEYS 3137 #ifdef CONFIG_KEYS
3138 3138
3139 /** 3139 /**
3140 * smack_key_alloc - Set the key security blob 3140 * smack_key_alloc - Set the key security blob
3141 * @key: object 3141 * @key: object
3142 * @cred: the credentials to use 3142 * @cred: the credentials to use
3143 * @flags: unused 3143 * @flags: unused
3144 * 3144 *
3145 * No allocation required 3145 * No allocation required
3146 * 3146 *
3147 * Returns 0 3147 * Returns 0
3148 */ 3148 */
3149 static int smack_key_alloc(struct key *key, const struct cred *cred, 3149 static int smack_key_alloc(struct key *key, const struct cred *cred,
3150 unsigned long flags) 3150 unsigned long flags)
3151 { 3151 {
3152 key->security = smk_of_task(cred->security); 3152 key->security = smk_of_task(cred->security);
3153 return 0; 3153 return 0;
3154 } 3154 }
3155 3155
3156 /** 3156 /**
3157 * smack_key_free - Clear the key security blob 3157 * smack_key_free - Clear the key security blob
3158 * @key: the object 3158 * @key: the object
3159 * 3159 *
3160 * Clear the blob pointer 3160 * Clear the blob pointer
3161 */ 3161 */
3162 static void smack_key_free(struct key *key) 3162 static void smack_key_free(struct key *key)
3163 { 3163 {
3164 key->security = NULL; 3164 key->security = NULL;
3165 } 3165 }
3166 3166
3167 /* 3167 /*
3168 * smack_key_permission - Smack access on a key 3168 * smack_key_permission - Smack access on a key
3169 * @key_ref: gets to the object 3169 * @key_ref: gets to the object
3170 * @cred: the credentials to use 3170 * @cred: the credentials to use
3171 * @perm: unused 3171 * @perm: unused
3172 * 3172 *
3173 * Return 0 if the task has read and write to the object, 3173 * Return 0 if the task has read and write to the object,
3174 * an error code otherwise 3174 * an error code otherwise
3175 */ 3175 */
3176 static int smack_key_permission(key_ref_t key_ref, 3176 static int smack_key_permission(key_ref_t key_ref,
3177 const struct cred *cred, key_perm_t perm) 3177 const struct cred *cred, key_perm_t perm)
3178 { 3178 {
3179 struct key *keyp; 3179 struct key *keyp;
3180 struct smk_audit_info ad; 3180 struct smk_audit_info ad;
3181 char *tsp = smk_of_task(cred->security); 3181 char *tsp = smk_of_task(cred->security);
3182 3182
3183 keyp = key_ref_to_ptr(key_ref); 3183 keyp = key_ref_to_ptr(key_ref);
3184 if (keyp == NULL) 3184 if (keyp == NULL)
3185 return -EINVAL; 3185 return -EINVAL;
3186 /* 3186 /*
3187 * If the key hasn't been initialized give it access so that 3187 * If the key hasn't been initialized give it access so that
3188 * it may do so. 3188 * it may do so.
3189 */ 3189 */
3190 if (keyp->security == NULL) 3190 if (keyp->security == NULL)
3191 return 0; 3191 return 0;
3192 /* 3192 /*
3193 * This should not occur 3193 * This should not occur
3194 */ 3194 */
3195 if (tsp == NULL) 3195 if (tsp == NULL)
3196 return -EACCES; 3196 return -EACCES;
3197 #ifdef CONFIG_AUDIT 3197 #ifdef CONFIG_AUDIT
3198 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); 3198 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
3199 ad.a.u.key_struct.key = keyp->serial; 3199 ad.a.u.key_struct.key = keyp->serial;
3200 ad.a.u.key_struct.key_desc = keyp->description; 3200 ad.a.u.key_struct.key_desc = keyp->description;
3201 #endif 3201 #endif
3202 return smk_access(tsp, keyp->security, 3202 return smk_access(tsp, keyp->security,
3203 MAY_READWRITE, &ad); 3203 MAY_READWRITE, &ad);
3204 } 3204 }
3205 #endif /* CONFIG_KEYS */ 3205 #endif /* CONFIG_KEYS */
3206 3206
3207 /* 3207 /*
3208 * Smack Audit hooks 3208 * Smack Audit hooks
3209 * 3209 *
3210 * Audit requires a unique representation of each Smack specific 3210 * Audit requires a unique representation of each Smack specific
3211 * rule. This unique representation is used to distinguish the 3211 * rule. This unique representation is used to distinguish the
3212 * object to be audited from remaining kernel objects and also 3212 * object to be audited from remaining kernel objects and also
3213 * works as a glue between the audit hooks. 3213 * works as a glue between the audit hooks.
3214 * 3214 *
3215 * Since repository entries are added but never deleted, we'll use 3215 * Since repository entries are added but never deleted, we'll use
3216 * the smack_known label address related to the given audit rule as 3216 * the smack_known label address related to the given audit rule as
3217 * the needed unique representation. This also better fits the smack 3217 * the needed unique representation. This also better fits the smack
3218 * model where nearly everything is a label. 3218 * model where nearly everything is a label.
3219 */ 3219 */
3220 #ifdef CONFIG_AUDIT 3220 #ifdef CONFIG_AUDIT
3221 3221
3222 /** 3222 /**
3223 * smack_audit_rule_init - Initialize a smack audit rule 3223 * smack_audit_rule_init - Initialize a smack audit rule
3224 * @field: audit rule fields given from user-space (audit.h) 3224 * @field: audit rule fields given from user-space (audit.h)
3225 * @op: required testing operator (=, !=, >, <, ...) 3225 * @op: required testing operator (=, !=, >, <, ...)
3226 * @rulestr: smack label to be audited 3226 * @rulestr: smack label to be audited
3227 * @vrule: pointer to save our own audit rule representation 3227 * @vrule: pointer to save our own audit rule representation
3228 * 3228 *
3229 * Prepare to audit cases where (@field @op @rulestr) is true. 3229 * Prepare to audit cases where (@field @op @rulestr) is true.
3230 * The label to be audited is created if necessay. 3230 * The label to be audited is created if necessay.
3231 */ 3231 */
3232 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) 3232 static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
3233 { 3233 {
3234 char **rule = (char **)vrule; 3234 char **rule = (char **)vrule;
3235 *rule = NULL; 3235 *rule = NULL;
3236 3236
3237 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 3237 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
3238 return -EINVAL; 3238 return -EINVAL;
3239 3239
3240 if (op != Audit_equal && op != Audit_not_equal) 3240 if (op != Audit_equal && op != Audit_not_equal)
3241 return -EINVAL; 3241 return -EINVAL;
3242 3242
3243 *rule = smk_import(rulestr, 0); 3243 *rule = smk_import(rulestr, 0);
3244 3244
3245 return 0; 3245 return 0;
3246 } 3246 }
3247 3247
3248 /** 3248 /**
3249 * smack_audit_rule_known - Distinguish Smack audit rules 3249 * smack_audit_rule_known - Distinguish Smack audit rules
3250 * @krule: rule of interest, in Audit kernel representation format 3250 * @krule: rule of interest, in Audit kernel representation format
3251 * 3251 *
3252 * This is used to filter Smack rules from remaining Audit ones. 3252 * This is used to filter Smack rules from remaining Audit ones.
3253 * If it's proved that this rule belongs to us, the 3253 * If it's proved that this rule belongs to us, the
3254 * audit_rule_match hook will be called to do the final judgement. 3254 * audit_rule_match hook will be called to do the final judgement.
3255 */ 3255 */
3256 static int smack_audit_rule_known(struct audit_krule *krule) 3256 static int smack_audit_rule_known(struct audit_krule *krule)
3257 { 3257 {
3258 struct audit_field *f; 3258 struct audit_field *f;
3259 int i; 3259 int i;
3260 3260
3261 for (i = 0; i < krule->field_count; i++) { 3261 for (i = 0; i < krule->field_count; i++) {
3262 f = &krule->fields[i]; 3262 f = &krule->fields[i];
3263 3263
3264 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER) 3264 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
3265 return 1; 3265 return 1;
3266 } 3266 }
3267 3267
3268 return 0; 3268 return 0;
3269 } 3269 }
3270 3270
3271 /** 3271 /**
3272 * smack_audit_rule_match - Audit given object ? 3272 * smack_audit_rule_match - Audit given object ?
3273 * @secid: security id for identifying the object to test 3273 * @secid: security id for identifying the object to test
3274 * @field: audit rule flags given from user-space 3274 * @field: audit rule flags given from user-space
3275 * @op: required testing operator 3275 * @op: required testing operator
3276 * @vrule: smack internal rule presentation 3276 * @vrule: smack internal rule presentation
3277 * @actx: audit context associated with the check 3277 * @actx: audit context associated with the check
3278 * 3278 *
3279 * The core Audit hook. It's used to take the decision of 3279 * The core Audit hook. It's used to take the decision of
3280 * whether to audit or not to audit a given object. 3280 * whether to audit or not to audit a given object.
3281 */ 3281 */
3282 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule, 3282 static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
3283 struct audit_context *actx) 3283 struct audit_context *actx)
3284 { 3284 {
3285 char *smack; 3285 char *smack;
3286 char *rule = vrule; 3286 char *rule = vrule;
3287 3287
3288 if (!rule) { 3288 if (!rule) {
3289 audit_log(actx, GFP_KERNEL, AUDIT_SELINUX_ERR, 3289 audit_log(actx, GFP_KERNEL, AUDIT_SELINUX_ERR,
3290 "Smack: missing rule\n"); 3290 "Smack: missing rule\n");
3291 return -ENOENT; 3291 return -ENOENT;
3292 } 3292 }
3293 3293
3294 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER) 3294 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
3295 return 0; 3295 return 0;
3296 3296
3297 smack = smack_from_secid(secid); 3297 smack = smack_from_secid(secid);
3298 3298
3299 /* 3299 /*
3300 * No need to do string comparisons. If a match occurs, 3300 * No need to do string comparisons. If a match occurs,
3301 * both pointers will point to the same smack_known 3301 * both pointers will point to the same smack_known
3302 * label. 3302 * label.
3303 */ 3303 */
3304 if (op == Audit_equal) 3304 if (op == Audit_equal)
3305 return (rule == smack); 3305 return (rule == smack);
3306 if (op == Audit_not_equal) 3306 if (op == Audit_not_equal)
3307 return (rule != smack); 3307 return (rule != smack);
3308 3308
3309 return 0; 3309 return 0;
3310 } 3310 }
3311 3311
3312 /** 3312 /**
3313 * smack_audit_rule_free - free smack rule representation 3313 * smack_audit_rule_free - free smack rule representation
3314 * @vrule: rule to be freed. 3314 * @vrule: rule to be freed.
3315 * 3315 *
3316 * No memory was allocated. 3316 * No memory was allocated.
3317 */ 3317 */
3318 static void smack_audit_rule_free(void *vrule) 3318 static void smack_audit_rule_free(void *vrule)
3319 { 3319 {
3320 /* No-op */ 3320 /* No-op */
3321 } 3321 }
3322 3322
3323 #endif /* CONFIG_AUDIT */ 3323 #endif /* CONFIG_AUDIT */
3324 3324
3325 /** 3325 /**
3326 * smack_secid_to_secctx - return the smack label for a secid 3326 * smack_secid_to_secctx - return the smack label for a secid
3327 * @secid: incoming integer 3327 * @secid: incoming integer
3328 * @secdata: destination 3328 * @secdata: destination
3329 * @seclen: how long it is 3329 * @seclen: how long it is
3330 * 3330 *
3331 * Exists for networking code. 3331 * Exists for networking code.
3332 */ 3332 */
3333 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 3333 static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
3334 { 3334 {
3335 char *sp = smack_from_secid(secid); 3335 char *sp = smack_from_secid(secid);
3336 3336
3337 if (secdata) 3337 if (secdata)
3338 *secdata = sp; 3338 *secdata = sp;
3339 *seclen = strlen(sp); 3339 *seclen = strlen(sp);
3340 return 0; 3340 return 0;
3341 } 3341 }
3342 3342
3343 /** 3343 /**
3344 * smack_secctx_to_secid - return the secid for a smack label 3344 * smack_secctx_to_secid - return the secid for a smack label
3345 * @secdata: smack label 3345 * @secdata: smack label
3346 * @seclen: how long result is 3346 * @seclen: how long result is
3347 * @secid: outgoing integer 3347 * @secid: outgoing integer
3348 * 3348 *
3349 * Exists for audit and networking code. 3349 * Exists for audit and networking code.
3350 */ 3350 */
3351 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 3351 static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
3352 { 3352 {
3353 *secid = smack_to_secid(secdata); 3353 *secid = smack_to_secid(secdata);
3354 return 0; 3354 return 0;
3355 } 3355 }
3356 3356
3357 /** 3357 /**
3358 * smack_release_secctx - don't do anything. 3358 * smack_release_secctx - don't do anything.
3359 * @secdata: unused 3359 * @secdata: unused
3360 * @seclen: unused 3360 * @seclen: unused
3361 * 3361 *
3362 * Exists to make sure nothing gets done, and properly 3362 * Exists to make sure nothing gets done, and properly
3363 */ 3363 */
3364 static void smack_release_secctx(char *secdata, u32 seclen) 3364 static void smack_release_secctx(char *secdata, u32 seclen)
3365 { 3365 {
3366 } 3366 }
3367 3367
3368 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 3368 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
3369 { 3369 {
3370 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0); 3370 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
3371 } 3371 }
3372 3372
3373 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 3373 static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
3374 { 3374 {
3375 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0); 3375 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
3376 } 3376 }
3377 3377
3378 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 3378 static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
3379 { 3379 {
3380 int len = 0; 3380 int len = 0;
3381 len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true); 3381 len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true);
3382 3382
3383 if (len < 0) 3383 if (len < 0)
3384 return len; 3384 return len;
3385 *ctxlen = len; 3385 *ctxlen = len;
3386 return 0; 3386 return 0;
3387 } 3387 }
3388 3388
3389 struct security_operations smack_ops = { 3389 struct security_operations smack_ops = {
3390 .name = "smack", 3390 .name = "smack",
3391 3391
3392 .ptrace_access_check = smack_ptrace_access_check, 3392 .ptrace_access_check = smack_ptrace_access_check,
3393 .ptrace_traceme = smack_ptrace_traceme, 3393 .ptrace_traceme = smack_ptrace_traceme,
3394 .syslog = smack_syslog, 3394 .syslog = smack_syslog,
3395 3395
3396 .sb_alloc_security = smack_sb_alloc_security, 3396 .sb_alloc_security = smack_sb_alloc_security,
3397 .sb_free_security = smack_sb_free_security, 3397 .sb_free_security = smack_sb_free_security,
3398 .sb_copy_data = smack_sb_copy_data, 3398 .sb_copy_data = smack_sb_copy_data,
3399 .sb_kern_mount = smack_sb_kern_mount, 3399 .sb_kern_mount = smack_sb_kern_mount,
3400 .sb_statfs = smack_sb_statfs, 3400 .sb_statfs = smack_sb_statfs,
3401 .sb_mount = smack_sb_mount, 3401 .sb_mount = smack_sb_mount,
3402 .sb_umount = smack_sb_umount, 3402 .sb_umount = smack_sb_umount,
3403 3403
3404 .bprm_set_creds = smack_bprm_set_creds, 3404 .bprm_set_creds = smack_bprm_set_creds,
3405 3405
3406 .inode_alloc_security = smack_inode_alloc_security, 3406 .inode_alloc_security = smack_inode_alloc_security,
3407 .inode_free_security = smack_inode_free_security, 3407 .inode_free_security = smack_inode_free_security,
3408 .inode_init_security = smack_inode_init_security, 3408 .inode_init_security = smack_inode_init_security,
3409 .inode_link = smack_inode_link, 3409 .inode_link = smack_inode_link,
3410 .inode_unlink = smack_inode_unlink, 3410 .inode_unlink = smack_inode_unlink,
3411 .inode_rmdir = smack_inode_rmdir, 3411 .inode_rmdir = smack_inode_rmdir,
3412 .inode_rename = smack_inode_rename, 3412 .inode_rename = smack_inode_rename,
3413 .inode_permission = smack_inode_permission, 3413 .inode_permission = smack_inode_permission,
3414 .inode_setattr = smack_inode_setattr, 3414 .inode_setattr = smack_inode_setattr,
3415 .inode_getattr = smack_inode_getattr, 3415 .inode_getattr = smack_inode_getattr,
3416 .inode_setxattr = smack_inode_setxattr, 3416 .inode_setxattr = smack_inode_setxattr,
3417 .inode_post_setxattr = smack_inode_post_setxattr, 3417 .inode_post_setxattr = smack_inode_post_setxattr,
3418 .inode_getxattr = smack_inode_getxattr, 3418 .inode_getxattr = smack_inode_getxattr,
3419 .inode_removexattr = smack_inode_removexattr, 3419 .inode_removexattr = smack_inode_removexattr,
3420 .inode_getsecurity = smack_inode_getsecurity, 3420 .inode_getsecurity = smack_inode_getsecurity,
3421 .inode_setsecurity = smack_inode_setsecurity, 3421 .inode_setsecurity = smack_inode_setsecurity,
3422 .inode_listsecurity = smack_inode_listsecurity, 3422 .inode_listsecurity = smack_inode_listsecurity,
3423 .inode_getsecid = smack_inode_getsecid, 3423 .inode_getsecid = smack_inode_getsecid,
3424 3424
3425 .file_permission = smack_file_permission, 3425 .file_permission = smack_file_permission,
3426 .file_alloc_security = smack_file_alloc_security, 3426 .file_alloc_security = smack_file_alloc_security,
3427 .file_free_security = smack_file_free_security, 3427 .file_free_security = smack_file_free_security,
3428 .file_ioctl = smack_file_ioctl, 3428 .file_ioctl = smack_file_ioctl,
3429 .file_lock = smack_file_lock, 3429 .file_lock = smack_file_lock,
3430 .file_fcntl = smack_file_fcntl, 3430 .file_fcntl = smack_file_fcntl,
3431 .file_mmap = smack_file_mmap, 3431 .file_mmap = smack_file_mmap,
3432 .file_set_fowner = smack_file_set_fowner, 3432 .file_set_fowner = smack_file_set_fowner,
3433 .file_send_sigiotask = smack_file_send_sigiotask, 3433 .file_send_sigiotask = smack_file_send_sigiotask,
3434 .file_receive = smack_file_receive, 3434 .file_receive = smack_file_receive,
3435 3435
3436 .cred_alloc_blank = smack_cred_alloc_blank, 3436 .cred_alloc_blank = smack_cred_alloc_blank,
3437 .cred_free = smack_cred_free, 3437 .cred_free = smack_cred_free,
3438 .cred_prepare = smack_cred_prepare, 3438 .cred_prepare = smack_cred_prepare,
3439 .cred_transfer = smack_cred_transfer, 3439 .cred_transfer = smack_cred_transfer,
3440 .kernel_act_as = smack_kernel_act_as, 3440 .kernel_act_as = smack_kernel_act_as,
3441 .kernel_create_files_as = smack_kernel_create_files_as, 3441 .kernel_create_files_as = smack_kernel_create_files_as,
3442 .task_setpgid = smack_task_setpgid, 3442 .task_setpgid = smack_task_setpgid,
3443 .task_getpgid = smack_task_getpgid, 3443 .task_getpgid = smack_task_getpgid,
3444 .task_getsid = smack_task_getsid, 3444 .task_getsid = smack_task_getsid,
3445 .task_getsecid = smack_task_getsecid, 3445 .task_getsecid = smack_task_getsecid,
3446 .task_setnice = smack_task_setnice, 3446 .task_setnice = smack_task_setnice,
3447 .task_setioprio = smack_task_setioprio, 3447 .task_setioprio = smack_task_setioprio,
3448 .task_getioprio = smack_task_getioprio, 3448 .task_getioprio = smack_task_getioprio,
3449 .task_setscheduler = smack_task_setscheduler, 3449 .task_setscheduler = smack_task_setscheduler,
3450 .task_getscheduler = smack_task_getscheduler, 3450 .task_getscheduler = smack_task_getscheduler,
3451 .task_movememory = smack_task_movememory, 3451 .task_movememory = smack_task_movememory,
3452 .task_kill = smack_task_kill, 3452 .task_kill = smack_task_kill,
3453 .task_wait = smack_task_wait, 3453 .task_wait = smack_task_wait,
3454 .task_to_inode = smack_task_to_inode, 3454 .task_to_inode = smack_task_to_inode,
3455 3455
3456 .ipc_permission = smack_ipc_permission, 3456 .ipc_permission = smack_ipc_permission,
3457 .ipc_getsecid = smack_ipc_getsecid, 3457 .ipc_getsecid = smack_ipc_getsecid,
3458 3458
3459 .msg_msg_alloc_security = smack_msg_msg_alloc_security, 3459 .msg_msg_alloc_security = smack_msg_msg_alloc_security,
3460 .msg_msg_free_security = smack_msg_msg_free_security, 3460 .msg_msg_free_security = smack_msg_msg_free_security,
3461 3461
3462 .msg_queue_alloc_security = smack_msg_queue_alloc_security, 3462 .msg_queue_alloc_security = smack_msg_queue_alloc_security,
3463 .msg_queue_free_security = smack_msg_queue_free_security, 3463 .msg_queue_free_security = smack_msg_queue_free_security,
3464 .msg_queue_associate = smack_msg_queue_associate, 3464 .msg_queue_associate = smack_msg_queue_associate,
3465 .msg_queue_msgctl = smack_msg_queue_msgctl, 3465 .msg_queue_msgctl = smack_msg_queue_msgctl,
3466 .msg_queue_msgsnd = smack_msg_queue_msgsnd, 3466 .msg_queue_msgsnd = smack_msg_queue_msgsnd,
3467 .msg_queue_msgrcv = smack_msg_queue_msgrcv, 3467 .msg_queue_msgrcv = smack_msg_queue_msgrcv,
3468 3468
3469 .shm_alloc_security = smack_shm_alloc_security, 3469 .shm_alloc_security = smack_shm_alloc_security,
3470 .shm_free_security = smack_shm_free_security, 3470 .shm_free_security = smack_shm_free_security,
3471 .shm_associate = smack_shm_associate, 3471 .shm_associate = smack_shm_associate,
3472 .shm_shmctl = smack_shm_shmctl, 3472 .shm_shmctl = smack_shm_shmctl,
3473 .shm_shmat = smack_shm_shmat, 3473 .shm_shmat = smack_shm_shmat,
3474 3474
3475 .sem_alloc_security = smack_sem_alloc_security, 3475 .sem_alloc_security = smack_sem_alloc_security,
3476 .sem_free_security = smack_sem_free_security, 3476 .sem_free_security = smack_sem_free_security,
3477 .sem_associate = smack_sem_associate, 3477 .sem_associate = smack_sem_associate,
3478 .sem_semctl = smack_sem_semctl, 3478 .sem_semctl = smack_sem_semctl,
3479 .sem_semop = smack_sem_semop, 3479 .sem_semop = smack_sem_semop,
3480 3480
3481 .d_instantiate = smack_d_instantiate, 3481 .d_instantiate = smack_d_instantiate,
3482 3482
3483 .getprocattr = smack_getprocattr, 3483 .getprocattr = smack_getprocattr,
3484 .setprocattr = smack_setprocattr, 3484 .setprocattr = smack_setprocattr,
3485 3485
3486 .unix_stream_connect = smack_unix_stream_connect, 3486 .unix_stream_connect = smack_unix_stream_connect,
3487 .unix_may_send = smack_unix_may_send, 3487 .unix_may_send = smack_unix_may_send,
3488 3488
3489 .socket_post_create = smack_socket_post_create, 3489 .socket_post_create = smack_socket_post_create,
3490 .socket_connect = smack_socket_connect, 3490 .socket_connect = smack_socket_connect,
3491 .socket_sendmsg = smack_socket_sendmsg, 3491 .socket_sendmsg = smack_socket_sendmsg,
3492 .socket_sock_rcv_skb = smack_socket_sock_rcv_skb, 3492 .socket_sock_rcv_skb = smack_socket_sock_rcv_skb,
3493 .socket_getpeersec_stream = smack_socket_getpeersec_stream, 3493 .socket_getpeersec_stream = smack_socket_getpeersec_stream,
3494 .socket_getpeersec_dgram = smack_socket_getpeersec_dgram, 3494 .socket_getpeersec_dgram = smack_socket_getpeersec_dgram,
3495 .sk_alloc_security = smack_sk_alloc_security, 3495 .sk_alloc_security = smack_sk_alloc_security,
3496 .sk_free_security = smack_sk_free_security, 3496 .sk_free_security = smack_sk_free_security,
3497 .sock_graft = smack_sock_graft, 3497 .sock_graft = smack_sock_graft,
3498 .inet_conn_request = smack_inet_conn_request, 3498 .inet_conn_request = smack_inet_conn_request,
3499 .inet_csk_clone = smack_inet_csk_clone, 3499 .inet_csk_clone = smack_inet_csk_clone,
3500 3500
3501 /* key management security hooks */ 3501 /* key management security hooks */
3502 #ifdef CONFIG_KEYS 3502 #ifdef CONFIG_KEYS
3503 .key_alloc = smack_key_alloc, 3503 .key_alloc = smack_key_alloc,
3504 .key_free = smack_key_free, 3504 .key_free = smack_key_free,
3505 .key_permission = smack_key_permission, 3505 .key_permission = smack_key_permission,
3506 #endif /* CONFIG_KEYS */ 3506 #endif /* CONFIG_KEYS */
3507 3507
3508 /* Audit hooks */ 3508 /* Audit hooks */
3509 #ifdef CONFIG_AUDIT 3509 #ifdef CONFIG_AUDIT
3510 .audit_rule_init = smack_audit_rule_init, 3510 .audit_rule_init = smack_audit_rule_init,
3511 .audit_rule_known = smack_audit_rule_known, 3511 .audit_rule_known = smack_audit_rule_known,
3512 .audit_rule_match = smack_audit_rule_match, 3512 .audit_rule_match = smack_audit_rule_match,
3513 .audit_rule_free = smack_audit_rule_free, 3513 .audit_rule_free = smack_audit_rule_free,
3514 #endif /* CONFIG_AUDIT */ 3514 #endif /* CONFIG_AUDIT */
3515 3515
3516 .secid_to_secctx = smack_secid_to_secctx, 3516 .secid_to_secctx = smack_secid_to_secctx,
3517 .secctx_to_secid = smack_secctx_to_secid, 3517 .secctx_to_secid = smack_secctx_to_secid,
3518 .release_secctx = smack_release_secctx, 3518 .release_secctx = smack_release_secctx,
3519 .inode_notifysecctx = smack_inode_notifysecctx, 3519 .inode_notifysecctx = smack_inode_notifysecctx,
3520 .inode_setsecctx = smack_inode_setsecctx, 3520 .inode_setsecctx = smack_inode_setsecctx,
3521 .inode_getsecctx = smack_inode_getsecctx, 3521 .inode_getsecctx = smack_inode_getsecctx,
3522 }; 3522 };
3523 3523
3524 3524
3525 static __init void init_smack_know_list(void) 3525 static __init void init_smack_know_list(void)
3526 { 3526 {
3527 list_add(&smack_known_huh.list, &smack_known_list); 3527 list_add(&smack_known_huh.list, &smack_known_list);
3528 list_add(&smack_known_hat.list, &smack_known_list); 3528 list_add(&smack_known_hat.list, &smack_known_list);
3529 list_add(&smack_known_star.list, &smack_known_list); 3529 list_add(&smack_known_star.list, &smack_known_list);
3530 list_add(&smack_known_floor.list, &smack_known_list); 3530 list_add(&smack_known_floor.list, &smack_known_list);
3531 list_add(&smack_known_invalid.list, &smack_known_list); 3531 list_add(&smack_known_invalid.list, &smack_known_list);
3532 list_add(&smack_known_web.list, &smack_known_list); 3532 list_add(&smack_known_web.list, &smack_known_list);
3533 } 3533 }
3534 3534
3535 /** 3535 /**
3536 * smack_init - initialize the smack system 3536 * smack_init - initialize the smack system
3537 * 3537 *
3538 * Returns 0 3538 * Returns 0
3539 */ 3539 */
3540 static __init int smack_init(void) 3540 static __init int smack_init(void)
3541 { 3541 {
3542 struct cred *cred; 3542 struct cred *cred;
3543 struct task_smack *tsp; 3543 struct task_smack *tsp;
3544 3544
3545 if (!security_module_enable(&smack_ops)) 3545 if (!security_module_enable(&smack_ops))
3546 return 0; 3546 return 0;
3547 3547
3548 tsp = new_task_smack(smack_known_floor.smk_known, 3548 tsp = new_task_smack(smack_known_floor.smk_known,
3549 smack_known_floor.smk_known, GFP_KERNEL); 3549 smack_known_floor.smk_known, GFP_KERNEL);
3550 if (tsp == NULL) 3550 if (tsp == NULL)
3551 return -ENOMEM; 3551 return -ENOMEM;
3552 3552
3553 printk(KERN_INFO "Smack: Initializing.\n"); 3553 printk(KERN_INFO "Smack: Initializing.\n");
3554 3554
3555 /* 3555 /*
3556 * Set the security state for the initial task. 3556 * Set the security state for the initial task.
3557 */ 3557 */
3558 cred = (struct cred *) current->cred; 3558 cred = (struct cred *) current->cred;
3559 cred->security = tsp; 3559 cred->security = tsp;
3560 3560
3561 /* initialize the smack_know_list */ 3561 /* initialize the smack_know_list */
3562 init_smack_know_list(); 3562 init_smack_know_list();
3563 /* 3563 /*
3564 * Initialize locks 3564 * Initialize locks
3565 */ 3565 */
3566 spin_lock_init(&smack_known_huh.smk_cipsolock); 3566 spin_lock_init(&smack_known_huh.smk_cipsolock);
3567 spin_lock_init(&smack_known_hat.smk_cipsolock); 3567 spin_lock_init(&smack_known_hat.smk_cipsolock);
3568 spin_lock_init(&smack_known_star.smk_cipsolock); 3568 spin_lock_init(&smack_known_star.smk_cipsolock);
3569 spin_lock_init(&smack_known_floor.smk_cipsolock); 3569 spin_lock_init(&smack_known_floor.smk_cipsolock);
3570 spin_lock_init(&smack_known_invalid.smk_cipsolock); 3570 spin_lock_init(&smack_known_invalid.smk_cipsolock);
3571 3571
3572 /* 3572 /*
3573 * Register with LSM 3573 * Register with LSM
3574 */ 3574 */
3575 if (register_security(&smack_ops)) 3575 if (register_security(&smack_ops))
3576 panic("smack: Unable to register with kernel.\n"); 3576 panic("smack: Unable to register with kernel.\n");
3577 3577
3578 return 0; 3578 return 0;
3579 } 3579 }
3580 3580
3581 /* 3581 /*
3582 * Smack requires early initialization in order to label 3582 * Smack requires early initialization in order to label
3583 * all processes and objects when they are created. 3583 * all processes and objects when they are created.
3584 */ 3584 */
3585 security_initcall(smack_init); 3585 security_initcall(smack_init);
3586 3586