search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
NetLabel: SELinux cleanups
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / security / selinux / hooks.c
blob975c0dfb5a1120d7bdbb852cdacc8264bddd658d
1 /*
2 * NSA Security-Enhanced Linux (SELinux) security module
3 *
4 * This file contains the SELinux hook function implementations.
5 *
6 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil>
7 * Chris Vance, <cvance@nai.com>
8 * Wayne Salamon, <wsalamon@nai.com>
9 * James Morris <jmorris@redhat.com>
10 *
11 * Copyright (C) 2001,2002 Networks Associates Technology, Inc.
12 * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
13 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
14 * <dgoeddel@trustedcs.com>
15 * Copyright (C) 2006 Hewlett-Packard Development Company, L.P.
16 * Paul Moore, <paul.moore@hp.com>
17 *
18 * This program is free software; you can redistribute it and/or modify
19 * it under the terms of the GNU General Public License version 2,
20 * as published by the Free Software Foundation.
21 */
22
23 #include <linux/module.h>
24 #include <linux/init.h>
25 #include <linux/kernel.h>
26 #include <linux/ptrace.h>
27 #include <linux/errno.h>
28 #include <linux/sched.h>
29 #include <linux/security.h>
30 #include <linux/xattr.h>
31 #include <linux/capability.h>
32 #include <linux/unistd.h>
33 #include <linux/mm.h>
34 #include <linux/mman.h>
35 #include <linux/slab.h>
36 #include <linux/pagemap.h>
37 #include <linux/swap.h>
38 #include <linux/smp_lock.h>
39 #include <linux/spinlock.h>
40 #include <linux/syscalls.h>
41 #include <linux/file.h>
42 #include <linux/namei.h>
43 #include <linux/mount.h>
44 #include <linux/ext2_fs.h>
45 #include <linux/proc_fs.h>
46 #include <linux/kd.h>
47 #include <linux/netfilter_ipv4.h>
48 #include <linux/netfilter_ipv6.h>
49 #include <linux/tty.h>
50 #include <net/icmp.h>
51 #include <net/ip.h> /* for sysctl_local_port_range[] */
52 #include <net/tcp.h> /* struct or_callable used in sock_rcv_skb */
53 #include <asm/uaccess.h>
54 #include <asm/ioctls.h>
55 #include <linux/bitops.h>
56 #include <linux/interrupt.h>
57 #include <linux/netdevice.h> /* for network interface checks */
58 #include <linux/netlink.h>
59 #include <linux/tcp.h>
60 #include <linux/udp.h>
61 #include <linux/dccp.h>
62 #include <linux/quota.h>
63 #include <linux/un.h> /* for Unix socket types */
64 #include <net/af_unix.h> /* for Unix socket types */
65 #include <linux/parser.h>
66 #include <linux/nfs_mount.h>
67 #include <net/ipv6.h>
68 #include <linux/hugetlb.h>
69 #include <linux/personality.h>
70 #include <linux/sysctl.h>
71 #include <linux/audit.h>
72 #include <linux/string.h>
73 #include <linux/selinux.h>
74 #include <linux/mutex.h>
75
76 #include "avc.h"
77 #include "objsec.h"
78 #include "netif.h"
79 #include "xfrm.h"
80 #include "selinux_netlabel.h"
81
82 #define XATTR_SELINUX_SUFFIX "selinux"
83 #define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX
84
85 extern unsigned int policydb_loaded_version;
86 extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm);
87 extern int selinux_compat_net;
88
89 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
90 int selinux_enforcing = 0;
91
92 static int __init enforcing_setup(char *str)
93 {
94 selinux_enforcing = simple_strtol(str,NULL,0);
95 return 1;
96 }
97 __setup("enforcing=", enforcing_setup);
98 #endif
99
100 #ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
101 int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
102
103 static int __init selinux_enabled_setup(char *str)
104 {
105 selinux_enabled = simple_strtol(str, NULL, 0);
106 return 1;
107 }
108 __setup("selinux=", selinux_enabled_setup);
109 #else
110 int selinux_enabled = 1;
111 #endif
112
113 /* Original (dummy) security module. */
114 static struct security_operations *original_ops = NULL;
115
116 /* Minimal support for a secondary security module,
117 just to allow the use of the dummy or capability modules.
118 The owlsm module can alternatively be used as a secondary
119 module as long as CONFIG_OWLSM_FD is not enabled. */
120 static struct security_operations *secondary_ops = NULL;
121
122 /* Lists of inode and superblock security structures initialized
123 before the policy was loaded. */
124 static LIST_HEAD(superblock_security_head);
125 static DEFINE_SPINLOCK(sb_security_lock);
126
127 static kmem_cache_t *sel_inode_cache;
128
129 /* Return security context for a given sid or just the context
130 length if the buffer is null or length is 0 */
131 static int selinux_getsecurity(u32 sid, void *buffer, size_t size)
132 {
133 char *context;
134 unsigned len;
135 int rc;
136
137 rc = security_sid_to_context(sid, &context, &len);
138 if (rc)
139 return rc;
140
141 if (!buffer || !size)
142 goto getsecurity_exit;
143
144 if (size < len) {
145 len = -ERANGE;
146 goto getsecurity_exit;
147 }
148 memcpy(buffer, context, len);
149
150 getsecurity_exit:
151 kfree(context);
152 return len;
153 }
154
155 /* Allocate and free functions for each kind of security blob. */
156
157 static int task_alloc_security(struct task_struct *task)
158 {
159 struct task_security_struct *tsec;
160
161 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
162 if (!tsec)
163 return -ENOMEM;
164
165 tsec->task = task;
166 tsec->osid = tsec->sid = tsec->ptrace_sid = SECINITSID_UNLABELED;
167 task->security = tsec;
168
169 return 0;
170 }
171
172 static void task_free_security(struct task_struct *task)
173 {
174 struct task_security_struct *tsec = task->security;
175 task->security = NULL;
176 kfree(tsec);
177 }
178
179 static int inode_alloc_security(struct inode *inode)
180 {
181 struct task_security_struct *tsec = current->security;
182 struct inode_security_struct *isec;
183
184 isec = kmem_cache_alloc(sel_inode_cache, SLAB_KERNEL);
185 if (!isec)
186 return -ENOMEM;
187
188 memset(isec, 0, sizeof(*isec));
189 mutex_init(&isec->lock);
190 INIT_LIST_HEAD(&isec->list);
191 isec->inode = inode;
192 isec->sid = SECINITSID_UNLABELED;
193 isec->sclass = SECCLASS_FILE;
194 isec->task_sid = tsec->sid;
195 inode->i_security = isec;
196
197 return 0;
198 }
199
200 static void inode_free_security(struct inode *inode)
201 {
202 struct inode_security_struct *isec = inode->i_security;
203 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
204
205 spin_lock(&sbsec->isec_lock);
206 if (!list_empty(&isec->list))
207 list_del_init(&isec->list);
208 spin_unlock(&sbsec->isec_lock);
209
210 inode->i_security = NULL;
211 kmem_cache_free(sel_inode_cache, isec);
212 }
213
214 static int file_alloc_security(struct file *file)
215 {
216 struct task_security_struct *tsec = current->security;
217 struct file_security_struct *fsec;
218
219 fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
220 if (!fsec)
221 return -ENOMEM;
222
223 fsec->file = file;
224 fsec->sid = tsec->sid;
225 fsec->fown_sid = tsec->sid;
226 file->f_security = fsec;
227
228 return 0;
229 }
230
231 static void file_free_security(struct file *file)
232 {
233 struct file_security_struct *fsec = file->f_security;
234 file->f_security = NULL;
235 kfree(fsec);
236 }
237
238 static int superblock_alloc_security(struct super_block *sb)
239 {
240 struct superblock_security_struct *sbsec;
241
242 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
243 if (!sbsec)
244 return -ENOMEM;
245
246 mutex_init(&sbsec->lock);
247 INIT_LIST_HEAD(&sbsec->list);
248 INIT_LIST_HEAD(&sbsec->isec_head);
249 spin_lock_init(&sbsec->isec_lock);
250 sbsec->sb = sb;
251 sbsec->sid = SECINITSID_UNLABELED;
252 sbsec->def_sid = SECINITSID_FILE;
253 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
254 sb->s_security = sbsec;
255
256 return 0;
257 }
258
259 static void superblock_free_security(struct super_block *sb)
260 {
261 struct superblock_security_struct *sbsec = sb->s_security;
262
263 spin_lock(&sb_security_lock);
264 if (!list_empty(&sbsec->list))
265 list_del_init(&sbsec->list);
266 spin_unlock(&sb_security_lock);
267
268 sb->s_security = NULL;
269 kfree(sbsec);
270 }
271
272 static int sk_alloc_security(struct sock *sk, int family, gfp_t priority)
273 {
274 struct sk_security_struct *ssec;
275
276 ssec = kzalloc(sizeof(*ssec), priority);
277 if (!ssec)
278 return -ENOMEM;
279
280 ssec->sk = sk;
281 ssec->peer_sid = SECINITSID_UNLABELED;
282 ssec->sid = SECINITSID_UNLABELED;
283 sk->sk_security = ssec;
284
285 selinux_netlbl_sk_security_init(ssec, family);
286
287 return 0;
288 }
289
290 static void sk_free_security(struct sock *sk)
291 {
292 struct sk_security_struct *ssec = sk->sk_security;
293
294 sk->sk_security = NULL;
295 kfree(ssec);
296 }
297
298 /* The security server must be initialized before
299 any labeling or access decisions can be provided. */
300 extern int ss_initialized;
301
302 /* The file system's label must be initialized prior to use. */
303
304 static char *labeling_behaviors[6] = {
305 "uses xattr",
306 "uses transition SIDs",
307 "uses task SIDs",
308 "uses genfs_contexts",
309 "not configured for labeling",
310 "uses mountpoint labeling",
311 };
312
313 static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
314
315 static inline int inode_doinit(struct inode *inode)
316 {
317 return inode_doinit_with_dentry(inode, NULL);
318 }
319
320 enum {
321 Opt_context = 1,
322 Opt_fscontext = 2,
323 Opt_defcontext = 4,
324 Opt_rootcontext = 8,
325 };
326
327 static match_table_t tokens = {
328 {Opt_context, "context=%s"},
329 {Opt_fscontext, "fscontext=%s"},
330 {Opt_defcontext, "defcontext=%s"},
331 {Opt_rootcontext, "rootcontext=%s"},
332 };
333
334 #define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
335
336 static int may_context_mount_sb_relabel(u32 sid,
337 struct superblock_security_struct *sbsec,
338 struct task_security_struct *tsec)
339 {
340 int rc;
341
342 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
343 FILESYSTEM__RELABELFROM, NULL);
344 if (rc)
345 return rc;
346
347 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
348 FILESYSTEM__RELABELTO, NULL);
349 return rc;
350 }
351
352 static int may_context_mount_inode_relabel(u32 sid,
353 struct superblock_security_struct *sbsec,
354 struct task_security_struct *tsec)
355 {
356 int rc;
357 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
358 FILESYSTEM__RELABELFROM, NULL);
359 if (rc)
360 return rc;
361
362 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
363 FILESYSTEM__ASSOCIATE, NULL);
364 return rc;
365 }
366
367 static int try_context_mount(struct super_block *sb, void *data)
368 {
369 char *context = NULL, *defcontext = NULL;
370 char *fscontext = NULL, *rootcontext = NULL;
371 const char *name;
372 u32 sid;
373 int alloc = 0, rc = 0, seen = 0;
374 struct task_security_struct *tsec = current->security;
375 struct superblock_security_struct *sbsec = sb->s_security;
376
377 if (!data)
378 goto out;
379
380 name = sb->s_type->name;
381
382 if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA) {
383
384 /* NFS we understand. */
385 if (!strcmp(name, "nfs")) {
386 struct nfs_mount_data *d = data;
387
388 if (d->version < NFS_MOUNT_VERSION)
389 goto out;
390
391 if (d->context[0]) {
392 context = d->context;
393 seen |= Opt_context;
394 }
395 } else
396 goto out;
397
398 } else {
399 /* Standard string-based options. */
400 char *p, *options = data;
401
402 while ((p = strsep(&options, "|")) != NULL) {
403 int token;
404 substring_t args[MAX_OPT_ARGS];
405
406 if (!*p)
407 continue;
408
409 token = match_token(p, tokens, args);
410
411 switch (token) {
412 case Opt_context:
413 if (seen & (Opt_context|Opt_defcontext)) {
414 rc = -EINVAL;
415 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
416 goto out_free;
417 }
418 context = match_strdup(&args[0]);
419 if (!context) {
420 rc = -ENOMEM;
421 goto out_free;
422 }
423 if (!alloc)
424 alloc = 1;
425 seen |= Opt_context;
426 break;
427
428 case Opt_fscontext:
429 if (seen & Opt_fscontext) {
430 rc = -EINVAL;
431 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
432 goto out_free;
433 }
434 fscontext = match_strdup(&args[0]);
435 if (!fscontext) {
436 rc = -ENOMEM;
437 goto out_free;
438 }
439 if (!alloc)
440 alloc = 1;
441 seen |= Opt_fscontext;
442 break;
443
444 case Opt_rootcontext:
445 if (seen & Opt_rootcontext) {
446 rc = -EINVAL;
447 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
448 goto out_free;
449 }
450 rootcontext = match_strdup(&args[0]);
451 if (!rootcontext) {
452 rc = -ENOMEM;
453 goto out_free;
454 }
455 if (!alloc)
456 alloc = 1;
457 seen |= Opt_rootcontext;
458 break;
459
460 case Opt_defcontext:
461 if (sbsec->behavior != SECURITY_FS_USE_XATTR) {
462 rc = -EINVAL;
463 printk(KERN_WARNING "SELinux: "
464 "defcontext option is invalid "
465 "for this filesystem type\n");
466 goto out_free;
467 }
468 if (seen & (Opt_context|Opt_defcontext)) {
469 rc = -EINVAL;
470 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
471 goto out_free;
472 }
473 defcontext = match_strdup(&args[0]);
474 if (!defcontext) {
475 rc = -ENOMEM;
476 goto out_free;
477 }
478 if (!alloc)
479 alloc = 1;
480 seen |= Opt_defcontext;
481 break;
482
483 default:
484 rc = -EINVAL;
485 printk(KERN_WARNING "SELinux: unknown mount "
486 "option\n");
487 goto out_free;
488
489 }
490 }
491 }
492
493 if (!seen)
494 goto out;
495
496 /* sets the context of the superblock for the fs being mounted. */
497 if (fscontext) {
498 rc = security_context_to_sid(fscontext, strlen(fscontext), &sid);
499 if (rc) {
500 printk(KERN_WARNING "SELinux: security_context_to_sid"
501 "(%s) failed for (dev %s, type %s) errno=%d\n",
502 fscontext, sb->s_id, name, rc);
503 goto out_free;
504 }
505
506 rc = may_context_mount_sb_relabel(sid, sbsec, tsec);
507 if (rc)
508 goto out_free;
509
510 sbsec->sid = sid;
511 }
512
513 /*
514 * Switch to using mount point labeling behavior.
515 * sets the label used on all file below the mountpoint, and will set
516 * the superblock context if not already set.
517 */
518 if (context) {
519 rc = security_context_to_sid(context, strlen(context), &sid);
520 if (rc) {
521 printk(KERN_WARNING "SELinux: security_context_to_sid"
522 "(%s) failed for (dev %s, type %s) errno=%d\n",
523 context, sb->s_id, name, rc);
524 goto out_free;
525 }
526
527 if (!fscontext) {
528 rc = may_context_mount_sb_relabel(sid, sbsec, tsec);
529 if (rc)
530 goto out_free;
531 sbsec->sid = sid;
532 } else {
533 rc = may_context_mount_inode_relabel(sid, sbsec, tsec);
534 if (rc)
535 goto out_free;
536 }
537 sbsec->mntpoint_sid = sid;
538
539 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
540 }
541
542 if (rootcontext) {
543 struct inode *inode = sb->s_root->d_inode;
544 struct inode_security_struct *isec = inode->i_security;
545 rc = security_context_to_sid(rootcontext, strlen(rootcontext), &sid);
546 if (rc) {
547 printk(KERN_WARNING "SELinux: security_context_to_sid"
548 "(%s) failed for (dev %s, type %s) errno=%d\n",
549 rootcontext, sb->s_id, name, rc);
550 goto out_free;
551 }
552
553 rc = may_context_mount_inode_relabel(sid, sbsec, tsec);
554 if (rc)
555 goto out_free;
556
557 isec->sid = sid;
558 isec->initialized = 1;
559 }
560
561 if (defcontext) {
562 rc = security_context_to_sid(defcontext, strlen(defcontext), &sid);
563 if (rc) {
564 printk(KERN_WARNING "SELinux: security_context_to_sid"
565 "(%s) failed for (dev %s, type %s) errno=%d\n",
566 defcontext, sb->s_id, name, rc);
567 goto out_free;
568 }
569
570 if (sid == sbsec->def_sid)
571 goto out_free;
572
573 rc = may_context_mount_inode_relabel(sid, sbsec, tsec);
574 if (rc)
575 goto out_free;
576
577 sbsec->def_sid = sid;
578 }
579
580 out_free:
581 if (alloc) {
582 kfree(context);
583 kfree(defcontext);
584 kfree(fscontext);
585 kfree(rootcontext);
586 }
587 out:
588 return rc;
589 }
590
591 static int superblock_doinit(struct super_block *sb, void *data)
592 {
593 struct superblock_security_struct *sbsec = sb->s_security;
594 struct dentry *root = sb->s_root;
595 struct inode *inode = root->d_inode;
596 int rc = 0;
597
598 mutex_lock(&sbsec->lock);
599 if (sbsec->initialized)
600 goto out;
601
602 if (!ss_initialized) {
603 /* Defer initialization until selinux_complete_init,
604 after the initial policy is loaded and the security
605 server is ready to handle calls. */
606 spin_lock(&sb_security_lock);
607 if (list_empty(&sbsec->list))
608 list_add(&sbsec->list, &superblock_security_head);
609 spin_unlock(&sb_security_lock);
610 goto out;
611 }
612
613 /* Determine the labeling behavior to use for this filesystem type. */
614 rc = security_fs_use(sb->s_type->name, &sbsec->behavior, &sbsec->sid);
615 if (rc) {
616 printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
617 __FUNCTION__, sb->s_type->name, rc);
618 goto out;
619 }
620
621 rc = try_context_mount(sb, data);
622 if (rc)
623 goto out;
624
625 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
626 /* Make sure that the xattr handler exists and that no
627 error other than -ENODATA is returned by getxattr on
628 the root directory. -ENODATA is ok, as this may be
629 the first boot of the SELinux kernel before we have
630 assigned xattr values to the filesystem. */
631 if (!inode->i_op->getxattr) {
632 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
633 "xattr support\n", sb->s_id, sb->s_type->name);
634 rc = -EOPNOTSUPP;
635 goto out;
636 }
637 rc = inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
638 if (rc < 0 && rc != -ENODATA) {
639 if (rc == -EOPNOTSUPP)
640 printk(KERN_WARNING "SELinux: (dev %s, type "
641 "%s) has no security xattr handler\n",
642 sb->s_id, sb->s_type->name);
643 else
644 printk(KERN_WARNING "SELinux: (dev %s, type "
645 "%s) getxattr errno %d\n", sb->s_id,
646 sb->s_type->name, -rc);
647 goto out;
648 }
649 }
650
651 if (strcmp(sb->s_type->name, "proc") == 0)
652 sbsec->proc = 1;
653
654 sbsec->initialized = 1;
655
656 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) {
657 printk(KERN_INFO "SELinux: initialized (dev %s, type %s), unknown behavior\n",
658 sb->s_id, sb->s_type->name);
659 }
660 else {
661 printk(KERN_INFO "SELinux: initialized (dev %s, type %s), %s\n",
662 sb->s_id, sb->s_type->name,
663 labeling_behaviors[sbsec->behavior-1]);
664 }
665
666 /* Initialize the root inode. */
667 rc = inode_doinit_with_dentry(sb->s_root->d_inode, sb->s_root);
668
669 /* Initialize any other inodes associated with the superblock, e.g.
670 inodes created prior to initial policy load or inodes created
671 during get_sb by a pseudo filesystem that directly
672 populates itself. */
673 spin_lock(&sbsec->isec_lock);
674 next_inode:
675 if (!list_empty(&sbsec->isec_head)) {
676 struct inode_security_struct *isec =
677 list_entry(sbsec->isec_head.next,
678 struct inode_security_struct, list);
679 struct inode *inode = isec->inode;
680 spin_unlock(&sbsec->isec_lock);
681 inode = igrab(inode);
682 if (inode) {
683 if (!IS_PRIVATE (inode))
684 inode_doinit(inode);
685 iput(inode);
686 }
687 spin_lock(&sbsec->isec_lock);
688 list_del_init(&isec->list);
689 goto next_inode;
690 }
691 spin_unlock(&sbsec->isec_lock);
692 out:
693 mutex_unlock(&sbsec->lock);
694 return rc;
695 }
696
697 static inline u16 inode_mode_to_security_class(umode_t mode)
698 {
699 switch (mode & S_IFMT) {
700 case S_IFSOCK:
701 return SECCLASS_SOCK_FILE;
702 case S_IFLNK:
703 return SECCLASS_LNK_FILE;
704 case S_IFREG:
705 return SECCLASS_FILE;
706 case S_IFBLK:
707 return SECCLASS_BLK_FILE;
708 case S_IFDIR:
709 return SECCLASS_DIR;
710 case S_IFCHR:
711 return SECCLASS_CHR_FILE;
712 case S_IFIFO:
713 return SECCLASS_FIFO_FILE;
714
715 }
716
717 return SECCLASS_FILE;
718 }
719
720 static inline int default_protocol_stream(int protocol)
721 {
722 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
723 }
724
725 static inline int default_protocol_dgram(int protocol)
726 {
727 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
728 }
729
730 static inline u16 socket_type_to_security_class(int family, int type, int protocol)
731 {
732 switch (family) {
733 case PF_UNIX:
734 switch (type) {
735 case SOCK_STREAM:
736 case SOCK_SEQPACKET:
737 return SECCLASS_UNIX_STREAM_SOCKET;
738 case SOCK_DGRAM:
739 return SECCLASS_UNIX_DGRAM_SOCKET;
740 }
741 break;
742 case PF_INET:
743 case PF_INET6:
744 switch (type) {
745 case SOCK_STREAM:
746 if (default_protocol_stream(protocol))
747 return SECCLASS_TCP_SOCKET;
748 else
749 return SECCLASS_RAWIP_SOCKET;
750 case SOCK_DGRAM:
751 if (default_protocol_dgram(protocol))
752 return SECCLASS_UDP_SOCKET;
753 else
754 return SECCLASS_RAWIP_SOCKET;
755 case SOCK_DCCP:
756 return SECCLASS_DCCP_SOCKET;
757 default:
758 return SECCLASS_RAWIP_SOCKET;
759 }
760 break;
761 case PF_NETLINK:
762 switch (protocol) {
763 case NETLINK_ROUTE:
764 return SECCLASS_NETLINK_ROUTE_SOCKET;
765 case NETLINK_FIREWALL:
766 return SECCLASS_NETLINK_FIREWALL_SOCKET;
767 case NETLINK_INET_DIAG:
768 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
769 case NETLINK_NFLOG:
770 return SECCLASS_NETLINK_NFLOG_SOCKET;
771 case NETLINK_XFRM:
772 return SECCLASS_NETLINK_XFRM_SOCKET;
773 case NETLINK_SELINUX:
774 return SECCLASS_NETLINK_SELINUX_SOCKET;
775 case NETLINK_AUDIT:
776 return SECCLASS_NETLINK_AUDIT_SOCKET;
777 case NETLINK_IP6_FW:
778 return SECCLASS_NETLINK_IP6FW_SOCKET;
779 case NETLINK_DNRTMSG:
780 return SECCLASS_NETLINK_DNRT_SOCKET;
781 case NETLINK_KOBJECT_UEVENT:
782 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
783 default:
784 return SECCLASS_NETLINK_SOCKET;
785 }
786 case PF_PACKET:
787 return SECCLASS_PACKET_SOCKET;
788 case PF_KEY:
789 return SECCLASS_KEY_SOCKET;
790 case PF_APPLETALK:
791 return SECCLASS_APPLETALK_SOCKET;
792 }
793
794 return SECCLASS_SOCKET;
795 }
796
797 #ifdef CONFIG_PROC_FS
798 static int selinux_proc_get_sid(struct proc_dir_entry *de,
799 u16 tclass,
800 u32 *sid)
801 {
802 int buflen, rc;
803 char *buffer, *path, *end;
804
805 buffer = (char*)__get_free_page(GFP_KERNEL);
806 if (!buffer)
807 return -ENOMEM;
808
809 buflen = PAGE_SIZE;
810 end = buffer+buflen;
811 *--end = '\0';
812 buflen--;
813 path = end-1;
814 *path = '/';
815 while (de && de != de->parent) {
816 buflen -= de->namelen + 1;
817 if (buflen < 0)
818 break;
819 end -= de->namelen;
820 memcpy(end, de->name, de->namelen);
821 *--end = '/';
822 path = end;
823 de = de->parent;
824 }
825 rc = security_genfs_sid("proc", path, tclass, sid);
826 free_page((unsigned long)buffer);
827 return rc;
828 }
829 #else
830 static int selinux_proc_get_sid(struct proc_dir_entry *de,
831 u16 tclass,
832 u32 *sid)
833 {
834 return -EINVAL;
835 }
836 #endif
837
838 /* The inode's security attributes must be initialized before first use. */
839 static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
840 {
841 struct superblock_security_struct *sbsec = NULL;
842 struct inode_security_struct *isec = inode->i_security;
843 u32 sid;
844 struct dentry *dentry;
845 #define INITCONTEXTLEN 255
846 char *context = NULL;
847 unsigned len = 0;
848 int rc = 0;
849
850 if (isec->initialized)
851 goto out;
852
853 mutex_lock(&isec->lock);
854 if (isec->initialized)
855 goto out_unlock;
856
857 sbsec = inode->i_sb->s_security;
858 if (!sbsec->initialized) {
859 /* Defer initialization until selinux_complete_init,
860 after the initial policy is loaded and the security
861 server is ready to handle calls. */
862 spin_lock(&sbsec->isec_lock);
863 if (list_empty(&isec->list))
864 list_add(&isec->list, &sbsec->isec_head);
865 spin_unlock(&sbsec->isec_lock);
866 goto out_unlock;
867 }
868
869 switch (sbsec->behavior) {
870 case SECURITY_FS_USE_XATTR:
871 if (!inode->i_op->getxattr) {
872 isec->sid = sbsec->def_sid;
873 break;
874 }
875
876 /* Need a dentry, since the xattr API requires one.
877 Life would be simpler if we could just pass the inode. */
878 if (opt_dentry) {
879 /* Called from d_instantiate or d_splice_alias. */
880 dentry = dget(opt_dentry);
881 } else {
882 /* Called from selinux_complete_init, try to find a dentry. */
883 dentry = d_find_alias(inode);
884 }
885 if (!dentry) {
886 printk(KERN_WARNING "%s: no dentry for dev=%s "
887 "ino=%ld\n", __FUNCTION__, inode->i_sb->s_id,
888 inode->i_ino);
889 goto out_unlock;
890 }
891
892 len = INITCONTEXTLEN;
893 context = kmalloc(len, GFP_KERNEL);
894 if (!context) {
895 rc = -ENOMEM;
896 dput(dentry);
897 goto out_unlock;
898 }
899 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
900 context, len);
901 if (rc == -ERANGE) {
902 /* Need a larger buffer. Query for the right size. */
903 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
904 NULL, 0);
905 if (rc < 0) {
906 dput(dentry);
907 goto out_unlock;
908 }
909 kfree(context);
910 len = rc;
911 context = kmalloc(len, GFP_KERNEL);
912 if (!context) {
913 rc = -ENOMEM;
914 dput(dentry);
915 goto out_unlock;
916 }
917 rc = inode->i_op->getxattr(dentry,
918 XATTR_NAME_SELINUX,
919 context, len);
920 }
921 dput(dentry);
922 if (rc < 0) {
923 if (rc != -ENODATA) {
924 printk(KERN_WARNING "%s: getxattr returned "
925 "%d for dev=%s ino=%ld\n", __FUNCTION__,
926 -rc, inode->i_sb->s_id, inode->i_ino);
927 kfree(context);
928 goto out_unlock;
929 }
930 /* Map ENODATA to the default file SID */
931 sid = sbsec->def_sid;
932 rc = 0;
933 } else {
934 rc = security_context_to_sid_default(context, rc, &sid,
935 sbsec->def_sid);
936 if (rc) {
937 printk(KERN_WARNING "%s: context_to_sid(%s) "
938 "returned %d for dev=%s ino=%ld\n",
939 __FUNCTION__, context, -rc,
940 inode->i_sb->s_id, inode->i_ino);
941 kfree(context);
942 /* Leave with the unlabeled SID */
943 rc = 0;
944 break;
945 }
946 }
947 kfree(context);
948 isec->sid = sid;
949 break;
950 case SECURITY_FS_USE_TASK:
951 isec->sid = isec->task_sid;
952 break;
953 case SECURITY_FS_USE_TRANS:
954 /* Default to the fs SID. */
955 isec->sid = sbsec->sid;
956
957 /* Try to obtain a transition SID. */
958 isec->sclass = inode_mode_to_security_class(inode->i_mode);
959 rc = security_transition_sid(isec->task_sid,
960 sbsec->sid,
961 isec->sclass,
962 &sid);
963 if (rc)
964 goto out_unlock;
965 isec->sid = sid;
966 break;
967 case SECURITY_FS_USE_MNTPOINT:
968 isec->sid = sbsec->mntpoint_sid;
969 break;
970 default:
971 /* Default to the fs superblock SID. */
972 isec->sid = sbsec->sid;
973
974 if (sbsec->proc) {
975 struct proc_inode *proci = PROC_I(inode);
976 if (proci->pde) {
977 isec->sclass = inode_mode_to_security_class(inode->i_mode);
978 rc = selinux_proc_get_sid(proci->pde,
979 isec->sclass,
980 &sid);
981 if (rc)
982 goto out_unlock;
983 isec->sid = sid;
984 }
985 }
986 break;
987 }
988
989 isec->initialized = 1;
990
991 out_unlock:
992 mutex_unlock(&isec->lock);
993 out:
994 if (isec->sclass == SECCLASS_FILE)
995 isec->sclass = inode_mode_to_security_class(inode->i_mode);
996 return rc;
997 }
998
999 /* Convert a Linux signal to an access vector. */
1000 static inline u32 signal_to_av(int sig)
1001 {
1002 u32 perm = 0;
1003
1004 switch (sig) {
1005 case SIGCHLD:
1006 /* Commonly granted from child to parent. */
1007 perm = PROCESS__SIGCHLD;
1008 break;
1009 case SIGKILL:
1010 /* Cannot be caught or ignored */
1011 perm = PROCESS__SIGKILL;
1012 break;
1013 case SIGSTOP:
1014 /* Cannot be caught or ignored */
1015 perm = PROCESS__SIGSTOP;
1016 break;
1017 default:
1018 /* All other signals. */
1019 perm = PROCESS__SIGNAL;
1020 break;
1021 }
1022
1023 return perm;
1024 }
1025
1026 /* Check permission betweeen a pair of tasks, e.g. signal checks,
1027 fork check, ptrace check, etc. */
1028 static int task_has_perm(struct task_struct *tsk1,
1029 struct task_struct *tsk2,
1030 u32 perms)
1031 {
1032 struct task_security_struct *tsec1, *tsec2;
1033
1034 tsec1 = tsk1->security;
1035 tsec2 = tsk2->security;
1036 return avc_has_perm(tsec1->sid, tsec2->sid,
1037 SECCLASS_PROCESS, perms, NULL);
1038 }
1039
1040 /* Check whether a task is allowed to use a capability. */
1041 static int task_has_capability(struct task_struct *tsk,
1042 int cap)
1043 {
1044 struct task_security_struct *tsec;
1045 struct avc_audit_data ad;
1046
1047 tsec = tsk->security;
1048
1049 AVC_AUDIT_DATA_INIT(&ad,CAP);
1050 ad.tsk = tsk;
1051 ad.u.cap = cap;
1052
1053 return avc_has_perm(tsec->sid, tsec->sid,
1054 SECCLASS_CAPABILITY, CAP_TO_MASK(cap), &ad);
1055 }
1056
1057 /* Check whether a task is allowed to use a system operation. */
1058 static int task_has_system(struct task_struct *tsk,
1059 u32 perms)
1060 {
1061 struct task_security_struct *tsec;
1062
1063 tsec = tsk->security;
1064
1065 return avc_has_perm(tsec->sid, SECINITSID_KERNEL,
1066 SECCLASS_SYSTEM, perms, NULL);
1067 }
1068
1069 /* Check whether a task has a particular permission to an inode.
1070 The 'adp' parameter is optional and allows other audit
1071 data to be passed (e.g. the dentry). */
1072 static int inode_has_perm(struct task_struct *tsk,
1073 struct inode *inode,
1074 u32 perms,
1075 struct avc_audit_data *adp)
1076 {
1077 struct task_security_struct *tsec;
1078 struct inode_security_struct *isec;
1079 struct avc_audit_data ad;
1080
1081 tsec = tsk->security;
1082 isec = inode->i_security;
1083
1084 if (!adp) {
1085 adp = &ad;
1086 AVC_AUDIT_DATA_INIT(&ad, FS);
1087 ad.u.fs.inode = inode;
1088 }
1089
1090 return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, adp);
1091 }
1092
1093 /* Same as inode_has_perm, but pass explicit audit data containing
1094 the dentry to help the auditing code to more easily generate the
1095 pathname if needed. */
1096 static inline int dentry_has_perm(struct task_struct *tsk,
1097 struct vfsmount *mnt,
1098 struct dentry *dentry,
1099 u32 av)
1100 {
1101 struct inode *inode = dentry->d_inode;
1102 struct avc_audit_data ad;
1103 AVC_AUDIT_DATA_INIT(&ad,FS);
1104 ad.u.fs.mnt = mnt;
1105 ad.u.fs.dentry = dentry;
1106 return inode_has_perm(tsk, inode, av, &ad);
1107 }
1108
1109 /* Check whether a task can use an open file descriptor to
1110 access an inode in a given way. Check access to the
1111 descriptor itself, and then use dentry_has_perm to
1112 check a particular permission to the file.
1113 Access to the descriptor is implicitly granted if it
1114 has the same SID as the process. If av is zero, then
1115 access to the file is not checked, e.g. for cases
1116 where only the descriptor is affected like seek. */
1117 static int file_has_perm(struct task_struct *tsk,
1118 struct file *file,
1119 u32 av)
1120 {
1121 struct task_security_struct *tsec = tsk->security;
1122 struct file_security_struct *fsec = file->f_security;
1123 struct vfsmount *mnt = file->f_vfsmnt;
1124 struct dentry *dentry = file->f_dentry;
1125 struct inode *inode = dentry->d_inode;
1126 struct avc_audit_data ad;
1127 int rc;
1128
1129 AVC_AUDIT_DATA_INIT(&ad, FS);
1130 ad.u.fs.mnt = mnt;
1131 ad.u.fs.dentry = dentry;
1132
1133 if (tsec->sid != fsec->sid) {
1134 rc = avc_has_perm(tsec->sid, fsec->sid,
1135 SECCLASS_FD,
1136 FD__USE,
1137 &ad);
1138 if (rc)
1139 return rc;
1140 }
1141
1142 /* av is zero if only checking access to the descriptor. */
1143 if (av)
1144 return inode_has_perm(tsk, inode, av, &ad);
1145
1146 return 0;
1147 }
1148
1149 /* Check whether a task can create a file. */
1150 static int may_create(struct inode *dir,
1151 struct dentry *dentry,
1152 u16 tclass)
1153 {
1154 struct task_security_struct *tsec;
1155 struct inode_security_struct *dsec;
1156 struct superblock_security_struct *sbsec;
1157 u32 newsid;
1158 struct avc_audit_data ad;
1159 int rc;
1160
1161 tsec = current->security;
1162 dsec = dir->i_security;
1163 sbsec = dir->i_sb->s_security;
1164
1165 AVC_AUDIT_DATA_INIT(&ad, FS);
1166 ad.u.fs.dentry = dentry;
1167
1168 rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR,
1169 DIR__ADD_NAME | DIR__SEARCH,
1170 &ad);
1171 if (rc)
1172 return rc;
1173
1174 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
1175 newsid = tsec->create_sid;
1176 } else {
1177 rc = security_transition_sid(tsec->sid, dsec->sid, tclass,
1178 &newsid);
1179 if (rc)
1180 return rc;
1181 }
1182
1183 rc = avc_has_perm(tsec->sid, newsid, tclass, FILE__CREATE, &ad);
1184 if (rc)
1185 return rc;
1186
1187 return avc_has_perm(newsid, sbsec->sid,
1188 SECCLASS_FILESYSTEM,
1189 FILESYSTEM__ASSOCIATE, &ad);
1190 }
1191
1192 /* Check whether a task can create a key. */
1193 static int may_create_key(u32 ksid,
1194 struct task_struct *ctx)
1195 {
1196 struct task_security_struct *tsec;
1197
1198 tsec = ctx->security;
1199
1200 return avc_has_perm(tsec->sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1201 }
1202
1203 #define MAY_LINK 0
1204 #define MAY_UNLINK 1
1205 #define MAY_RMDIR 2
1206
1207 /* Check whether a task can link, unlink, or rmdir a file/directory. */
1208 static int may_link(struct inode *dir,
1209 struct dentry *dentry,
1210 int kind)
1211
1212 {
1213 struct task_security_struct *tsec;
1214 struct inode_security_struct *dsec, *isec;
1215 struct avc_audit_data ad;
1216 u32 av;
1217 int rc;
1218
1219 tsec = current->security;
1220 dsec = dir->i_security;
1221 isec = dentry->d_inode->i_security;
1222
1223 AVC_AUDIT_DATA_INIT(&ad, FS);
1224 ad.u.fs.dentry = dentry;
1225
1226 av = DIR__SEARCH;
1227 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1228 rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR, av, &ad);
1229 if (rc)
1230 return rc;
1231
1232 switch (kind) {
1233 case MAY_LINK:
1234 av = FILE__LINK;
1235 break;
1236 case MAY_UNLINK:
1237 av = FILE__UNLINK;
1238 break;
1239 case MAY_RMDIR:
1240 av = DIR__RMDIR;
1241 break;
1242 default:
1243 printk(KERN_WARNING "may_link: unrecognized kind %d\n", kind);
1244 return 0;
1245 }
1246
1247 rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass, av, &ad);
1248 return rc;
1249 }
1250
1251 static inline int may_rename(struct inode *old_dir,
1252 struct dentry *old_dentry,
1253 struct inode *new_dir,
1254 struct dentry *new_dentry)
1255 {
1256 struct task_security_struct *tsec;
1257 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1258 struct avc_audit_data ad;
1259 u32 av;
1260 int old_is_dir, new_is_dir;
1261 int rc;
1262
1263 tsec = current->security;
1264 old_dsec = old_dir->i_security;
1265 old_isec = old_dentry->d_inode->i_security;
1266 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
1267 new_dsec = new_dir->i_security;
1268
1269 AVC_AUDIT_DATA_INIT(&ad, FS);
1270
1271 ad.u.fs.dentry = old_dentry;
1272 rc = avc_has_perm(tsec->sid, old_dsec->sid, SECCLASS_DIR,
1273 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1274 if (rc)
1275 return rc;
1276 rc = avc_has_perm(tsec->sid, old_isec->sid,
1277 old_isec->sclass, FILE__RENAME, &ad);
1278 if (rc)
1279 return rc;
1280 if (old_is_dir && new_dir != old_dir) {
1281 rc = avc_has_perm(tsec->sid, old_isec->sid,
1282 old_isec->sclass, DIR__REPARENT, &ad);
1283 if (rc)
1284 return rc;
1285 }
1286
1287 ad.u.fs.dentry = new_dentry;
1288 av = DIR__ADD_NAME | DIR__SEARCH;
1289 if (new_dentry->d_inode)
1290 av |= DIR__REMOVE_NAME;
1291 rc = avc_has_perm(tsec->sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1292 if (rc)
1293 return rc;
1294 if (new_dentry->d_inode) {
1295 new_isec = new_dentry->d_inode->i_security;
1296 new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
1297 rc = avc_has_perm(tsec->sid, new_isec->sid,
1298 new_isec->sclass,
1299 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1300 if (rc)
1301 return rc;
1302 }
1303
1304 return 0;
1305 }
1306
1307 /* Check whether a task can perform a filesystem operation. */
1308 static int superblock_has_perm(struct task_struct *tsk,
1309 struct super_block *sb,
1310 u32 perms,
1311 struct avc_audit_data *ad)
1312 {
1313 struct task_security_struct *tsec;
1314 struct superblock_security_struct *sbsec;
1315
1316 tsec = tsk->security;
1317 sbsec = sb->s_security;
1318 return avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
1319 perms, ad);
1320 }
1321
1322 /* Convert a Linux mode and permission mask to an access vector. */
1323 static inline u32 file_mask_to_av(int mode, int mask)
1324 {
1325 u32 av = 0;
1326
1327 if ((mode & S_IFMT) != S_IFDIR) {
1328 if (mask & MAY_EXEC)
1329 av |= FILE__EXECUTE;
1330 if (mask & MAY_READ)
1331 av |= FILE__READ;
1332
1333 if (mask & MAY_APPEND)
1334 av |= FILE__APPEND;
1335 else if (mask & MAY_WRITE)
1336 av |= FILE__WRITE;
1337
1338 } else {
1339 if (mask & MAY_EXEC)
1340 av |= DIR__SEARCH;
1341 if (mask & MAY_WRITE)
1342 av |= DIR__WRITE;
1343 if (mask & MAY_READ)
1344 av |= DIR__READ;
1345 }
1346
1347 return av;
1348 }
1349
1350 /* Convert a Linux file to an access vector. */
1351 static inline u32 file_to_av(struct file *file)
1352 {
1353 u32 av = 0;
1354
1355 if (file->f_mode & FMODE_READ)
1356 av |= FILE__READ;
1357 if (file->f_mode & FMODE_WRITE) {
1358 if (file->f_flags & O_APPEND)
1359 av |= FILE__APPEND;
1360 else
1361 av |= FILE__WRITE;
1362 }
1363
1364 return av;
1365 }
1366
1367 /* Hook functions begin here. */
1368
1369 static int selinux_ptrace(struct task_struct *parent, struct task_struct *child)
1370 {
1371 struct task_security_struct *psec = parent->security;
1372 struct task_security_struct *csec = child->security;
1373 int rc;
1374
1375 rc = secondary_ops->ptrace(parent,child);
1376 if (rc)
1377 return rc;
1378
1379 rc = task_has_perm(parent, child, PROCESS__PTRACE);
1380 /* Save the SID of the tracing process for later use in apply_creds. */
1381 if (!(child->ptrace & PT_PTRACED) && !rc)
1382 csec->ptrace_sid = psec->sid;
1383 return rc;
1384 }
1385
1386 static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
1387 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1388 {
1389 int error;
1390
1391 error = task_has_perm(current, target, PROCESS__GETCAP);
1392 if (error)
1393 return error;
1394
1395 return secondary_ops->capget(target, effective, inheritable, permitted);
1396 }
1397
1398 static int selinux_capset_check(struct task_struct *target, kernel_cap_t *effective,
1399 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1400 {
1401 int error;
1402
1403 error = secondary_ops->capset_check(target, effective, inheritable, permitted);
1404 if (error)
1405 return error;
1406
1407 return task_has_perm(current, target, PROCESS__SETCAP);
1408 }
1409
1410 static void selinux_capset_set(struct task_struct *target, kernel_cap_t *effective,
1411 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1412 {
1413 secondary_ops->capset_set(target, effective, inheritable, permitted);
1414 }
1415
1416 static int selinux_capable(struct task_struct *tsk, int cap)
1417 {
1418 int rc;
1419
1420 rc = secondary_ops->capable(tsk, cap);
1421 if (rc)
1422 return rc;
1423
1424 return task_has_capability(tsk,cap);
1425 }
1426
1427 static int selinux_sysctl(ctl_table *table, int op)
1428 {
1429 int error = 0;
1430 u32 av;
1431 struct task_security_struct *tsec;
1432 u32 tsid;
1433 int rc;
1434
1435 rc = secondary_ops->sysctl(table, op);
1436 if (rc)
1437 return rc;
1438
1439 tsec = current->security;
1440
1441 rc = selinux_proc_get_sid(table->de, (op == 001) ?
1442 SECCLASS_DIR : SECCLASS_FILE, &tsid);
1443 if (rc) {
1444 /* Default to the well-defined sysctl SID. */
1445 tsid = SECINITSID_SYSCTL;
1446 }
1447
1448 /* The op values are "defined" in sysctl.c, thereby creating
1449 * a bad coupling between this module and sysctl.c */
1450 if(op == 001) {
1451 error = avc_has_perm(tsec->sid, tsid,
1452 SECCLASS_DIR, DIR__SEARCH, NULL);
1453 } else {
1454 av = 0;
1455 if (op & 004)
1456 av |= FILE__READ;
1457 if (op & 002)
1458 av |= FILE__WRITE;
1459 if (av)
1460 error = avc_has_perm(tsec->sid, tsid,
1461 SECCLASS_FILE, av, NULL);
1462 }
1463
1464 return error;
1465 }
1466
1467 static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
1468 {
1469 int rc = 0;
1470
1471 if (!sb)
1472 return 0;
1473
1474 switch (cmds) {
1475 case Q_SYNC:
1476 case Q_QUOTAON:
1477 case Q_QUOTAOFF:
1478 case Q_SETINFO:
1479 case Q_SETQUOTA:
1480 rc = superblock_has_perm(current,
1481 sb,
1482 FILESYSTEM__QUOTAMOD, NULL);
1483 break;
1484 case Q_GETFMT:
1485 case Q_GETINFO:
1486 case Q_GETQUOTA:
1487 rc = superblock_has_perm(current,
1488 sb,
1489 FILESYSTEM__QUOTAGET, NULL);
1490 break;
1491 default:
1492 rc = 0; /* let the kernel handle invalid cmds */
1493 break;
1494 }
1495 return rc;
1496 }
1497
1498 static int selinux_quota_on(struct dentry *dentry)
1499 {
1500 return dentry_has_perm(current, NULL, dentry, FILE__QUOTAON);
1501 }
1502
1503 static int selinux_syslog(int type)
1504 {
1505 int rc;
1506
1507 rc = secondary_ops->syslog(type);
1508 if (rc)
1509 return rc;
1510
1511 switch (type) {
1512 case 3: /* Read last kernel messages */
1513 case 10: /* Return size of the log buffer */
1514 rc = task_has_system(current, SYSTEM__SYSLOG_READ);
1515 break;
1516 case 6: /* Disable logging to console */
1517 case 7: /* Enable logging to console */
1518 case 8: /* Set level of messages printed to console */
1519 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
1520 break;
1521 case 0: /* Close log */
1522 case 1: /* Open log */
1523 case 2: /* Read from log */
1524 case 4: /* Read/clear last kernel messages */
1525 case 5: /* Clear ring buffer */
1526 default:
1527 rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
1528 break;
1529 }
1530 return rc;
1531 }
1532
1533 /*
1534 * Check that a process has enough memory to allocate a new virtual
1535 * mapping. 0 means there is enough memory for the allocation to
1536 * succeed and -ENOMEM implies there is not.
1537 *
1538 * Note that secondary_ops->capable and task_has_perm_noaudit return 0
1539 * if the capability is granted, but __vm_enough_memory requires 1 if
1540 * the capability is granted.
1541 *
1542 * Do not audit the selinux permission check, as this is applied to all
1543 * processes that allocate mappings.
1544 */
1545 static int selinux_vm_enough_memory(long pages)
1546 {
1547 int rc, cap_sys_admin = 0;
1548 struct task_security_struct *tsec = current->security;
1549
1550 rc = secondary_ops->capable(current, CAP_SYS_ADMIN);
1551 if (rc == 0)
1552 rc = avc_has_perm_noaudit(tsec->sid, tsec->sid,
1553 SECCLASS_CAPABILITY,
1554 CAP_TO_MASK(CAP_SYS_ADMIN),
1555 NULL);
1556
1557 if (rc == 0)
1558 cap_sys_admin = 1;
1559
1560 return __vm_enough_memory(pages, cap_sys_admin);
1561 }
1562
1563 /* binprm security operations */
1564
1565 static int selinux_bprm_alloc_security(struct linux_binprm *bprm)
1566 {
1567 struct bprm_security_struct *bsec;
1568
1569 bsec = kzalloc(sizeof(struct bprm_security_struct), GFP_KERNEL);
1570 if (!bsec)
1571 return -ENOMEM;
1572
1573 bsec->bprm = bprm;
1574 bsec->sid = SECINITSID_UNLABELED;
1575 bsec->set = 0;
1576
1577 bprm->security = bsec;
1578 return 0;
1579 }
1580
1581 static int selinux_bprm_set_security(struct linux_binprm *bprm)
1582 {
1583 struct task_security_struct *tsec;
1584 struct inode *inode = bprm->file->f_dentry->d_inode;
1585 struct inode_security_struct *isec;
1586 struct bprm_security_struct *bsec;
1587 u32 newsid;
1588 struct avc_audit_data ad;
1589 int rc;
1590
1591 rc = secondary_ops->bprm_set_security(bprm);
1592 if (rc)
1593 return rc;
1594
1595 bsec = bprm->security;
1596
1597 if (bsec->set)
1598 return 0;
1599
1600 tsec = current->security;
1601 isec = inode->i_security;
1602
1603 /* Default to the current task SID. */
1604 bsec->sid = tsec->sid;
1605
1606 /* Reset fs, key, and sock SIDs on execve. */
1607 tsec->create_sid = 0;
1608 tsec->keycreate_sid = 0;
1609 tsec->sockcreate_sid = 0;
1610
1611 if (tsec->exec_sid) {
1612 newsid = tsec->exec_sid;
1613 /* Reset exec SID on execve. */
1614 tsec->exec_sid = 0;
1615 } else {
1616 /* Check for a default transition on this program. */
1617 rc = security_transition_sid(tsec->sid, isec->sid,
1618 SECCLASS_PROCESS, &newsid);
1619 if (rc)
1620 return rc;
1621 }
1622
1623 AVC_AUDIT_DATA_INIT(&ad, FS);
1624 ad.u.fs.mnt = bprm->file->f_vfsmnt;
1625 ad.u.fs.dentry = bprm->file->f_dentry;
1626
1627 if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID)
1628 newsid = tsec->sid;
1629
1630 if (tsec->sid == newsid) {
1631 rc = avc_has_perm(tsec->sid, isec->sid,
1632 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
1633 if (rc)
1634 return rc;
1635 } else {
1636 /* Check permissions for the transition. */
1637 rc = avc_has_perm(tsec->sid, newsid,
1638 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
1639 if (rc)
1640 return rc;
1641
1642 rc = avc_has_perm(newsid, isec->sid,
1643 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
1644 if (rc)
1645 return rc;
1646
1647 /* Clear any possibly unsafe personality bits on exec: */
1648 current->personality &= ~PER_CLEAR_ON_SETID;
1649
1650 /* Set the security field to the new SID. */
1651 bsec->sid = newsid;
1652 }
1653
1654 bsec->set = 1;
1655 return 0;
1656 }
1657
1658 static int selinux_bprm_check_security (struct linux_binprm *bprm)
1659 {
1660 return secondary_ops->bprm_check_security(bprm);
1661 }
1662
1663
1664 static int selinux_bprm_secureexec (struct linux_binprm *bprm)
1665 {
1666 struct task_security_struct *tsec = current->security;
1667 int atsecure = 0;
1668
1669 if (tsec->osid != tsec->sid) {
1670 /* Enable secure mode for SIDs transitions unless
1671 the noatsecure permission is granted between
1672 the two SIDs, i.e. ahp returns 0. */
1673 atsecure = avc_has_perm(tsec->osid, tsec->sid,
1674 SECCLASS_PROCESS,
1675 PROCESS__NOATSECURE, NULL);
1676 }
1677
1678 return (atsecure || secondary_ops->bprm_secureexec(bprm));
1679 }
1680
1681 static void selinux_bprm_free_security(struct linux_binprm *bprm)
1682 {
1683 kfree(bprm->security);
1684 bprm->security = NULL;
1685 }
1686
1687 extern struct vfsmount *selinuxfs_mount;
1688 extern struct dentry *selinux_null;
1689
1690 /* Derived from fs/exec.c:flush_old_files. */
1691 static inline void flush_unauthorized_files(struct files_struct * files)
1692 {
1693 struct avc_audit_data ad;
1694 struct file *file, *devnull = NULL;
1695 struct tty_struct *tty;
1696 struct fdtable *fdt;
1697 long j = -1;
1698
1699 mutex_lock(&tty_mutex);
1700 tty = current->signal->tty;
1701 if (tty) {
1702 file_list_lock();
1703 file = list_entry(tty->tty_files.next, typeof(*file), f_u.fu_list);
1704 if (file) {
1705 /* Revalidate access to controlling tty.
1706 Use inode_has_perm on the tty inode directly rather
1707 than using file_has_perm, as this particular open
1708 file may belong to another process and we are only
1709 interested in the inode-based check here. */
1710 struct inode *inode = file->f_dentry->d_inode;
1711 if (inode_has_perm(current, inode,
1712 FILE__READ | FILE__WRITE, NULL)) {
1713 /* Reset controlling tty. */
1714 current->signal->tty = NULL;
1715 current->signal->tty_old_pgrp = 0;
1716 }
1717 }
1718 file_list_unlock();
1719 }
1720 mutex_unlock(&tty_mutex);
1721
1722 /* Revalidate access to inherited open files. */
1723
1724 AVC_AUDIT_DATA_INIT(&ad,FS);
1725
1726 spin_lock(&files->file_lock);
1727 for (;;) {
1728 unsigned long set, i;
1729 int fd;
1730
1731 j++;
1732 i = j * __NFDBITS;
1733 fdt = files_fdtable(files);
1734 if (i >= fdt->max_fds || i >= fdt->max_fdset)
1735 break;
1736 set = fdt->open_fds->fds_bits[j];
1737 if (!set)
1738 continue;
1739 spin_unlock(&files->file_lock);
1740 for ( ; set ; i++,set >>= 1) {
1741 if (set & 1) {
1742 file = fget(i);
1743 if (!file)
1744 continue;
1745 if (file_has_perm(current,
1746 file,
1747 file_to_av(file))) {
1748 sys_close(i);
1749 fd = get_unused_fd();
1750 if (fd != i) {
1751 if (fd >= 0)
1752 put_unused_fd(fd);
1753 fput(file);
1754 continue;
1755 }
1756 if (devnull) {
1757 get_file(devnull);
1758 } else {
1759 devnull = dentry_open(dget(selinux_null), mntget(selinuxfs_mount), O_RDWR);
1760 if (IS_ERR(devnull)) {
1761 devnull = NULL;
1762 put_unused_fd(fd);
1763 fput(file);
1764 continue;
1765 }
1766 }
1767 fd_install(fd, devnull);
1768 }
1769 fput(file);
1770 }
1771 }
1772 spin_lock(&files->file_lock);
1773
1774 }
1775 spin_unlock(&files->file_lock);
1776 }
1777
1778 static void selinux_bprm_apply_creds(struct linux_binprm *bprm, int unsafe)
1779 {
1780 struct task_security_struct *tsec;
1781 struct bprm_security_struct *bsec;
1782 u32 sid;
1783 int rc;
1784
1785 secondary_ops->bprm_apply_creds(bprm, unsafe);
1786
1787 tsec = current->security;
1788
1789 bsec = bprm->security;
1790 sid = bsec->sid;
1791
1792 tsec->osid = tsec->sid;
1793 bsec->unsafe = 0;
1794 if (tsec->sid != sid) {
1795 /* Check for shared state. If not ok, leave SID
1796 unchanged and kill. */
1797 if (unsafe & LSM_UNSAFE_SHARE) {
1798 rc = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
1799 PROCESS__SHARE, NULL);
1800 if (rc) {
1801 bsec->unsafe = 1;
1802 return;
1803 }
1804 }
1805
1806 /* Check for ptracing, and update the task SID if ok.
1807 Otherwise, leave SID unchanged and kill. */
1808 if (unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
1809 rc = avc_has_perm(tsec->ptrace_sid, sid,
1810 SECCLASS_PROCESS, PROCESS__PTRACE,
1811 NULL);
1812 if (rc) {
1813 bsec->unsafe = 1;
1814 return;
1815 }
1816 }
1817 tsec->sid = sid;
1818 }
1819 }
1820
1821 /*
1822 * called after apply_creds without the task lock held
1823 */
1824 static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm)
1825 {
1826 struct task_security_struct *tsec;
1827 struct rlimit *rlim, *initrlim;
1828 struct itimerval itimer;
1829 struct bprm_security_struct *bsec;
1830 int rc, i;
1831
1832 tsec = current->security;
1833 bsec = bprm->security;
1834
1835 if (bsec->unsafe) {
1836 force_sig_specific(SIGKILL, current);
1837 return;
1838 }
1839 if (tsec->osid == tsec->sid)
1840 return;
1841
1842 /* Close files for which the new task SID is not authorized. */
1843 flush_unauthorized_files(current->files);
1844
1845 /* Check whether the new SID can inherit signal state
1846 from the old SID. If not, clear itimers to avoid
1847 subsequent signal generation and flush and unblock
1848 signals. This must occur _after_ the task SID has
1849 been updated so that any kill done after the flush
1850 will be checked against the new SID. */
1851 rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS,
1852 PROCESS__SIGINH, NULL);
1853 if (rc) {
1854 memset(&itimer, 0, sizeof itimer);
1855 for (i = 0; i < 3; i++)
1856 do_setitimer(i, &itimer, NULL);
1857 flush_signals(current);
1858 spin_lock_irq(&current->sighand->siglock);
1859 flush_signal_handlers(current, 1);
1860 sigemptyset(&current->blocked);
1861 recalc_sigpending();
1862 spin_unlock_irq(&current->sighand->siglock);
1863 }
1864
1865 /* Check whether the new SID can inherit resource limits
1866 from the old SID. If not, reset all soft limits to
1867 the lower of the current task's hard limit and the init
1868 task's soft limit. Note that the setting of hard limits
1869 (even to lower them) can be controlled by the setrlimit
1870 check. The inclusion of the init task's soft limit into
1871 the computation is to avoid resetting soft limits higher
1872 than the default soft limit for cases where the default
1873 is lower than the hard limit, e.g. RLIMIT_CORE or
1874 RLIMIT_STACK.*/
1875 rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS,
1876 PROCESS__RLIMITINH, NULL);
1877 if (rc) {
1878 for (i = 0; i < RLIM_NLIMITS; i++) {
1879 rlim = current->signal->rlim + i;
1880 initrlim = init_task.signal->rlim+i;
1881 rlim->rlim_cur = min(rlim->rlim_max,initrlim->rlim_cur);
1882 }
1883 if (current->signal->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) {
1884 /*
1885 * This will cause RLIMIT_CPU calculations
1886 * to be refigured.
1887 */
1888 current->it_prof_expires = jiffies_to_cputime(1);
1889 }
1890 }
1891
1892 /* Wake up the parent if it is waiting so that it can
1893 recheck wait permission to the new task SID. */
1894 wake_up_interruptible(&current->parent->signal->wait_chldexit);
1895 }
1896
1897 /* superblock security operations */
1898
1899 static int selinux_sb_alloc_security(struct super_block *sb)
1900 {
1901 return superblock_alloc_security(sb);
1902 }
1903
1904 static void selinux_sb_free_security(struct super_block *sb)
1905 {
1906 superblock_free_security(sb);
1907 }
1908
1909 static inline int match_prefix(char *prefix, int plen, char *option, int olen)
1910 {
1911 if (plen > olen)
1912 return 0;
1913
1914 return !memcmp(prefix, option, plen);
1915 }
1916
1917 static inline int selinux_option(char *option, int len)
1918 {
1919 return (match_prefix("context=", sizeof("context=")-1, option, len) ||
1920 match_prefix("fscontext=", sizeof("fscontext=")-1, option, len) ||
1921 match_prefix("defcontext=", sizeof("defcontext=")-1, option, len) ||
1922 match_prefix("rootcontext=", sizeof("rootcontext=")-1, option, len));
1923 }
1924
1925 static inline void take_option(char **to, char *from, int *first, int len)
1926 {
1927 if (!*first) {
1928 **to = ',';
1929 *to += 1;
1930 } else
1931 *first = 0;
1932 memcpy(*to, from, len);
1933 *to += len;
1934 }
1935
1936 static inline void take_selinux_option(char **to, char *from, int *first,
1937 int len)
1938 {
1939 int current_size = 0;
1940
1941 if (!*first) {
1942 **to = '|';
1943 *to += 1;
1944 }
1945 else
1946 *first = 0;
1947
1948 while (current_size < len) {
1949 if (*from != '"') {
1950 **to = *from;
1951 *to += 1;
1952 }
1953 from += 1;
1954 current_size += 1;
1955 }
1956 }
1957
1958 static int selinux_sb_copy_data(struct file_system_type *type, void *orig, void *copy)
1959 {
1960 int fnosec, fsec, rc = 0;
1961 char *in_save, *in_curr, *in_end;
1962 char *sec_curr, *nosec_save, *nosec;
1963 int open_quote = 0;
1964
1965 in_curr = orig;
1966 sec_curr = copy;
1967
1968 /* Binary mount data: just copy */
1969 if (type->fs_flags & FS_BINARY_MOUNTDATA) {
1970 copy_page(sec_curr, in_curr);
1971 goto out;
1972 }
1973
1974 nosec = (char *)get_zeroed_page(GFP_KERNEL);
1975 if (!nosec) {
1976 rc = -ENOMEM;
1977 goto out;
1978 }
1979
1980 nosec_save = nosec;
1981 fnosec = fsec = 1;
1982 in_save = in_end = orig;
1983
1984 do {
1985 if (*in_end == '"')
1986 open_quote = !open_quote;
1987 if ((*in_end == ',' && open_quote == 0) ||
1988 *in_end == '\0') {
1989 int len = in_end - in_curr;
1990
1991 if (selinux_option(in_curr, len))
1992 take_selinux_option(&sec_curr, in_curr, &fsec, len);
1993 else
1994 take_option(&nosec, in_curr, &fnosec, len);
1995
1996 in_curr = in_end + 1;
1997 }
1998 } while (*in_end++);
1999
2000 strcpy(in_save, nosec_save);
2001 free_page((unsigned long)nosec_save);
2002 out:
2003 return rc;
2004 }
2005
2006 static int selinux_sb_kern_mount(struct super_block *sb, void *data)
2007 {
2008 struct avc_audit_data ad;
2009 int rc;
2010
2011 rc = superblock_doinit(sb, data);
2012 if (rc)
2013 return rc;
2014
2015 AVC_AUDIT_DATA_INIT(&ad,FS);
2016 ad.u.fs.dentry = sb->s_root;
2017 return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad);
2018 }
2019
2020 static int selinux_sb_statfs(struct dentry *dentry)
2021 {
2022 struct avc_audit_data ad;
2023
2024 AVC_AUDIT_DATA_INIT(&ad,FS);
2025 ad.u.fs.dentry = dentry->d_sb->s_root;
2026 return superblock_has_perm(current, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2027 }
2028
2029 static int selinux_mount(char * dev_name,
2030 struct nameidata *nd,
2031 char * type,
2032 unsigned long flags,
2033 void * data)
2034 {
2035 int rc;
2036
2037 rc = secondary_ops->sb_mount(dev_name, nd, type, flags, data);
2038 if (rc)
2039 return rc;
2040
2041 if (flags & MS_REMOUNT)
2042 return superblock_has_perm(current, nd->mnt->mnt_sb,
2043 FILESYSTEM__REMOUNT, NULL);
2044 else
2045 return dentry_has_perm(current, nd->mnt, nd->dentry,
2046 FILE__MOUNTON);
2047 }
2048
2049 static int selinux_umount(struct vfsmount *mnt, int flags)
2050 {
2051 int rc;
2052
2053 rc = secondary_ops->sb_umount(mnt, flags);
2054 if (rc)
2055 return rc;
2056
2057 return superblock_has_perm(current,mnt->mnt_sb,
2058 FILESYSTEM__UNMOUNT,NULL);
2059 }
2060
2061 /* inode security operations */
2062
2063 static int selinux_inode_alloc_security(struct inode *inode)
2064 {
2065 return inode_alloc_security(inode);
2066 }
2067
2068 static void selinux_inode_free_security(struct inode *inode)
2069 {
2070 inode_free_security(inode);
2071 }
2072
2073 static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2074 char **name, void **value,
2075 size_t *len)
2076 {
2077 struct task_security_struct *tsec;
2078 struct inode_security_struct *dsec;
2079 struct superblock_security_struct *sbsec;
2080 u32 newsid, clen;
2081 int rc;
2082 char *namep = NULL, *context;
2083
2084 tsec = current->security;
2085 dsec = dir->i_security;
2086 sbsec = dir->i_sb->s_security;
2087
2088 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
2089 newsid = tsec->create_sid;
2090 } else {
2091 rc = security_transition_sid(tsec->sid, dsec->sid,
2092 inode_mode_to_security_class(inode->i_mode),
2093 &newsid);
2094 if (rc) {
2095 printk(KERN_WARNING "%s: "
2096 "security_transition_sid failed, rc=%d (dev=%s "
2097 "ino=%ld)\n",
2098 __FUNCTION__,
2099 -rc, inode->i_sb->s_id, inode->i_ino);
2100 return rc;
2101 }
2102 }
2103
2104 /* Possibly defer initialization to selinux_complete_init. */
2105 if (sbsec->initialized) {
2106 struct inode_security_struct *isec = inode->i_security;
2107 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2108 isec->sid = newsid;
2109 isec->initialized = 1;
2110 }
2111
2112 if (!ss_initialized || sbsec->behavior == SECURITY_FS_USE_MNTPOINT)
2113 return -EOPNOTSUPP;
2114
2115 if (name) {
2116 namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_KERNEL);
2117 if (!namep)
2118 return -ENOMEM;
2119 *name = namep;
2120 }
2121
2122 if (value && len) {
2123 rc = security_sid_to_context(newsid, &context, &clen);
2124 if (rc) {
2125 kfree(namep);
2126 return rc;
2127 }
2128 *value = context;
2129 *len = clen;
2130 }
2131
2132 return 0;
2133 }
2134
2135 static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask)
2136 {
2137 return may_create(dir, dentry, SECCLASS_FILE);
2138 }
2139
2140 static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2141 {
2142 int rc;
2143
2144 rc = secondary_ops->inode_link(old_dentry,dir,new_dentry);
2145 if (rc)
2146 return rc;
2147 return may_link(dir, old_dentry, MAY_LINK);
2148 }
2149
2150 static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
2151 {
2152 int rc;
2153
2154 rc = secondary_ops->inode_unlink(dir, dentry);
2155 if (rc)
2156 return rc;
2157 return may_link(dir, dentry, MAY_UNLINK);
2158 }
2159
2160 static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2161 {
2162 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2163 }
2164
2165 static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask)
2166 {
2167 return may_create(dir, dentry, SECCLASS_DIR);
2168 }
2169
2170 static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2171 {
2172 return may_link(dir, dentry, MAY_RMDIR);
2173 }
2174
2175 static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
2176 {
2177 int rc;
2178
2179 rc = secondary_ops->inode_mknod(dir, dentry, mode, dev);
2180 if (rc)
2181 return rc;
2182
2183 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2184 }
2185
2186 static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2187 struct inode *new_inode, struct dentry *new_dentry)
2188 {
2189 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
2190 }
2191
2192 static int selinux_inode_readlink(struct dentry *dentry)
2193 {
2194 return dentry_has_perm(current, NULL, dentry, FILE__READ);
2195 }
2196
2197 static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
2198 {
2199 int rc;
2200
2201 rc = secondary_ops->inode_follow_link(dentry,nameidata);
2202 if (rc)
2203 return rc;
2204 return dentry_has_perm(current, NULL, dentry, FILE__READ);
2205 }
2206
2207 static int selinux_inode_permission(struct inode *inode, int mask,
2208 struct nameidata *nd)
2209 {
2210 int rc;
2211
2212 rc = secondary_ops->inode_permission(inode, mask, nd);
2213 if (rc)
2214 return rc;
2215
2216 if (!mask) {
2217 /* No permission to check. Existence test. */
2218 return 0;
2219 }
2220
2221 return inode_has_perm(current, inode,
2222 file_mask_to_av(inode->i_mode, mask), NULL);
2223 }
2224
2225 static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2226 {
2227 int rc;
2228
2229 rc = secondary_ops->inode_setattr(dentry, iattr);
2230 if (rc)
2231 return rc;
2232
2233 if (iattr->ia_valid & ATTR_FORCE)
2234 return 0;
2235
2236 if (iattr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
2237 ATTR_ATIME_SET | ATTR_MTIME_SET))
2238 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
2239
2240 return dentry_has_perm(current, NULL, dentry, FILE__WRITE);
2241 }
2242
2243 static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
2244 {
2245 return dentry_has_perm(current, mnt, dentry, FILE__GETATTR);
2246 }
2247
2248 static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags)
2249 {
2250 struct task_security_struct *tsec = current->security;
2251 struct inode *inode = dentry->d_inode;
2252 struct inode_security_struct *isec = inode->i_security;
2253 struct superblock_security_struct *sbsec;
2254 struct avc_audit_data ad;
2255 u32 newsid;
2256 int rc = 0;
2257
2258 if (strcmp(name, XATTR_NAME_SELINUX)) {
2259 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2260 sizeof XATTR_SECURITY_PREFIX - 1) &&
2261 !capable(CAP_SYS_ADMIN)) {
2262 /* A different attribute in the security namespace.
2263 Restrict to administrator. */
2264 return -EPERM;
2265 }
2266
2267 /* Not an attribute we recognize, so just check the
2268 ordinary setattr permission. */
2269 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
2270 }
2271
2272 sbsec = inode->i_sb->s_security;
2273 if (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)
2274 return -EOPNOTSUPP;
2275
2276 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))
2277 return -EPERM;
2278
2279 AVC_AUDIT_DATA_INIT(&ad,FS);
2280 ad.u.fs.dentry = dentry;
2281
2282 rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
2283 FILE__RELABELFROM, &ad);
2284 if (rc)
2285 return rc;
2286
2287 rc = security_context_to_sid(value, size, &newsid);
2288 if (rc)
2289 return rc;
2290
2291 rc = avc_has_perm(tsec->sid, newsid, isec->sclass,
2292 FILE__RELABELTO, &ad);
2293 if (rc)
2294 return rc;
2295
2296 rc = security_validate_transition(isec->sid, newsid, tsec->sid,
2297 isec->sclass);
2298 if (rc)
2299 return rc;
2300
2301 return avc_has_perm(newsid,
2302 sbsec->sid,
2303 SECCLASS_FILESYSTEM,
2304 FILESYSTEM__ASSOCIATE,
2305 &ad);
2306 }
2307
2308 static void selinux_inode_post_setxattr(struct dentry *dentry, char *name,
2309 void *value, size_t size, int flags)
2310 {
2311 struct inode *inode = dentry->d_inode;
2312 struct inode_security_struct *isec = inode->i_security;
2313 u32 newsid;
2314 int rc;
2315
2316 if (strcmp(name, XATTR_NAME_SELINUX)) {
2317 /* Not an attribute we recognize, so nothing to do. */
2318 return;
2319 }
2320
2321 rc = security_context_to_sid(value, size, &newsid);
2322 if (rc) {
2323 printk(KERN_WARNING "%s: unable to obtain SID for context "
2324 "%s, rc=%d\n", __FUNCTION__, (char*)value, -rc);
2325 return;
2326 }
2327
2328 isec->sid = newsid;
2329 return;
2330 }
2331
2332 static int selinux_inode_getxattr (struct dentry *dentry, char *name)
2333 {
2334 return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
2335 }
2336
2337 static int selinux_inode_listxattr (struct dentry *dentry)
2338 {
2339 return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
2340 }
2341
2342 static int selinux_inode_removexattr (struct dentry *dentry, char *name)
2343 {
2344 if (strcmp(name, XATTR_NAME_SELINUX)) {
2345 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2346 sizeof XATTR_SECURITY_PREFIX - 1) &&
2347 !capable(CAP_SYS_ADMIN)) {
2348 /* A different attribute in the security namespace.
2349 Restrict to administrator. */
2350 return -EPERM;
2351 }
2352
2353 /* Not an attribute we recognize, so just check the
2354 ordinary setattr permission. Might want a separate
2355 permission for removexattr. */
2356 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
2357 }
2358
2359 /* No one is allowed to remove a SELinux security label.
2360 You can change the label, but all data must be labeled. */
2361 return -EACCES;
2362 }
2363
2364 static const char *selinux_inode_xattr_getsuffix(void)
2365 {
2366 return XATTR_SELINUX_SUFFIX;
2367 }
2368
2369 /*
2370 * Copy the in-core inode security context value to the user. If the
2371 * getxattr() prior to this succeeded, check to see if we need to
2372 * canonicalize the value to be finally returned to the user.
2373 *
2374 * Permission check is handled by selinux_inode_getxattr hook.
2375 */
2376 static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err)
2377 {
2378 struct inode_security_struct *isec = inode->i_security;
2379
2380 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2381 return -EOPNOTSUPP;
2382
2383 return selinux_getsecurity(isec->sid, buffer, size);
2384 }
2385
2386 static int selinux_inode_setsecurity(struct inode *inode, const char *name,
2387 const void *value, size_t size, int flags)
2388 {
2389 struct inode_security_struct *isec = inode->i_security;
2390 u32 newsid;
2391 int rc;
2392
2393 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2394 return -EOPNOTSUPP;
2395
2396 if (!value || !size)
2397 return -EACCES;
2398
2399 rc = security_context_to_sid((void*)value, size, &newsid);
2400 if (rc)
2401 return rc;
2402
2403 isec->sid = newsid;
2404 return 0;
2405 }
2406
2407 static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
2408 {
2409 const int len = sizeof(XATTR_NAME_SELINUX);
2410 if (buffer && len <= buffer_size)
2411 memcpy(buffer, XATTR_NAME_SELINUX, len);
2412 return len;
2413 }
2414
2415 /* file security operations */
2416
2417 static int selinux_file_permission(struct file *file, int mask)
2418 {
2419 int rc;
2420 struct inode *inode = file->f_dentry->d_inode;
2421
2422 if (!mask) {
2423 /* No permission to check. Existence test. */
2424 return 0;
2425 }
2426
2427 /* file_mask_to_av won't add FILE__WRITE if MAY_APPEND is set */
2428 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
2429 mask |= MAY_APPEND;
2430
2431 rc = file_has_perm(current, file,
2432 file_mask_to_av(inode->i_mode, mask));
2433 if (rc)
2434 return rc;
2435
2436 return selinux_netlbl_inode_permission(inode, mask);
2437 }
2438
2439 static int selinux_file_alloc_security(struct file *file)
2440 {
2441 return file_alloc_security(file);
2442 }
2443
2444 static void selinux_file_free_security(struct file *file)
2445 {
2446 file_free_security(file);
2447 }
2448
2449 static int selinux_file_ioctl(struct file *file, unsigned int cmd,
2450 unsigned long arg)
2451 {
2452 int error = 0;
2453
2454 switch (cmd) {
2455 case FIONREAD:
2456 /* fall through */
2457 case FIBMAP:
2458 /* fall through */
2459 case FIGETBSZ:
2460 /* fall through */
2461 case EXT2_IOC_GETFLAGS:
2462 /* fall through */
2463 case EXT2_IOC_GETVERSION:
2464 error = file_has_perm(current, file, FILE__GETATTR);
2465 break;
2466
2467 case EXT2_IOC_SETFLAGS:
2468 /* fall through */
2469 case EXT2_IOC_SETVERSION:
2470 error = file_has_perm(current, file, FILE__SETATTR);
2471 break;
2472
2473 /* sys_ioctl() checks */
2474 case FIONBIO:
2475 /* fall through */
2476 case FIOASYNC:
2477 error = file_has_perm(current, file, 0);
2478 break;
2479
2480 case KDSKBENT:
2481 case KDSKBSENT:
2482 error = task_has_capability(current,CAP_SYS_TTY_CONFIG);
2483 break;
2484
2485 /* default case assumes that the command will go
2486 * to the file's ioctl() function.
2487 */
2488 default:
2489 error = file_has_perm(current, file, FILE__IOCTL);
2490
2491 }
2492 return error;
2493 }
2494
2495 static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
2496 {
2497 #ifndef CONFIG_PPC32
2498 if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
2499 /*
2500 * We are making executable an anonymous mapping or a
2501 * private file mapping that will also be writable.
2502 * This has an additional check.
2503 */
2504 int rc = task_has_perm(current, current, PROCESS__EXECMEM);
2505 if (rc)
2506 return rc;
2507 }
2508 #endif
2509
2510 if (file) {
2511 /* read access is always possible with a mapping */
2512 u32 av = FILE__READ;
2513
2514 /* write access only matters if the mapping is shared */
2515 if (shared && (prot & PROT_WRITE))
2516 av |= FILE__WRITE;
2517
2518 if (prot & PROT_EXEC)
2519 av |= FILE__EXECUTE;
2520
2521 return file_has_perm(current, file, av);
2522 }
2523 return 0;
2524 }
2525
2526 static int selinux_file_mmap(struct file *file, unsigned long reqprot,
2527 unsigned long prot, unsigned long flags)
2528 {
2529 int rc;
2530
2531 rc = secondary_ops->file_mmap(file, reqprot, prot, flags);
2532 if (rc)
2533 return rc;
2534
2535 if (selinux_checkreqprot)
2536 prot = reqprot;
2537
2538 return file_map_prot_check(file, prot,
2539 (flags & MAP_TYPE) == MAP_SHARED);
2540 }
2541
2542 static int selinux_file_mprotect(struct vm_area_struct *vma,
2543 unsigned long reqprot,
2544 unsigned long prot)
2545 {
2546 int rc;
2547
2548 rc = secondary_ops->file_mprotect(vma, reqprot, prot);
2549 if (rc)
2550 return rc;
2551
2552 if (selinux_checkreqprot)
2553 prot = reqprot;
2554
2555 #ifndef CONFIG_PPC32
2556 if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
2557 rc = 0;
2558 if (vma->vm_start >= vma->vm_mm->start_brk &&
2559 vma->vm_end <= vma->vm_mm->brk) {
2560 rc = task_has_perm(current, current,
2561 PROCESS__EXECHEAP);
2562 } else if (!vma->vm_file &&
2563 vma->vm_start <= vma->vm_mm->start_stack &&
2564 vma->vm_end >= vma->vm_mm->start_stack) {
2565 rc = task_has_perm(current, current, PROCESS__EXECSTACK);
2566 } else if (vma->vm_file && vma->anon_vma) {
2567 /*
2568 * We are making executable a file mapping that has
2569 * had some COW done. Since pages might have been
2570 * written, check ability to execute the possibly
2571 * modified content. This typically should only
2572 * occur for text relocations.
2573 */
2574 rc = file_has_perm(current, vma->vm_file,
2575 FILE__EXECMOD);
2576 }
2577 if (rc)
2578 return rc;
2579 }
2580 #endif
2581
2582 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
2583 }
2584
2585 static int selinux_file_lock(struct file *file, unsigned int cmd)
2586 {
2587 return file_has_perm(current, file, FILE__LOCK);
2588 }
2589
2590 static int selinux_file_fcntl(struct file *file, unsigned int cmd,
2591 unsigned long arg)
2592 {
2593 int err = 0;
2594
2595 switch (cmd) {
2596 case F_SETFL:
2597 if (!file->f_dentry || !file->f_dentry->d_inode) {
2598 err = -EINVAL;
2599 break;
2600 }
2601
2602 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
2603 err = file_has_perm(current, file,FILE__WRITE);
2604 break;
2605 }
2606 /* fall through */
2607 case F_SETOWN:
2608 case F_SETSIG:
2609 case F_GETFL:
2610 case F_GETOWN:
2611 case F_GETSIG:
2612 /* Just check FD__USE permission */
2613 err = file_has_perm(current, file, 0);
2614 break;
2615 case F_GETLK:
2616 case F_SETLK:
2617 case F_SETLKW:
2618 #if BITS_PER_LONG == 32
2619 case F_GETLK64:
2620 case F_SETLK64:
2621 case F_SETLKW64:
2622 #endif
2623 if (!file->f_dentry || !file->f_dentry->d_inode) {
2624 err = -EINVAL;
2625 break;
2626 }
2627 err = file_has_perm(current, file, FILE__LOCK);
2628 break;
2629 }
2630
2631 return err;
2632 }
2633
2634 static int selinux_file_set_fowner(struct file *file)
2635 {
2636 struct task_security_struct *tsec;
2637 struct file_security_struct *fsec;
2638
2639 tsec = current->security;
2640 fsec = file->f_security;
2641 fsec->fown_sid = tsec->sid;
2642
2643 return 0;
2644 }
2645
2646 static int selinux_file_send_sigiotask(struct task_struct *tsk,
2647 struct fown_struct *fown, int signum)
2648 {
2649 struct file *file;
2650 u32 perm;
2651 struct task_security_struct *tsec;
2652 struct file_security_struct *fsec;
2653
2654 /* struct fown_struct is never outside the context of a struct file */
2655 file = (struct file *)((long)fown - offsetof(struct file,f_owner));
2656
2657 tsec = tsk->security;
2658 fsec = file->f_security;
2659
2660 if (!signum)
2661 perm = signal_to_av(SIGIO); /* as per send_sigio_to_task */
2662 else
2663 perm = signal_to_av(signum);
2664
2665 return avc_has_perm(fsec->fown_sid, tsec->sid,
2666 SECCLASS_PROCESS, perm, NULL);
2667 }
2668
2669 static int selinux_file_receive(struct file *file)
2670 {
2671 return file_has_perm(current, file, file_to_av(file));
2672 }
2673
2674 /* task security operations */
2675
2676 static int selinux_task_create(unsigned long clone_flags)
2677 {
2678 int rc;
2679
2680 rc = secondary_ops->task_create(clone_flags);
2681 if (rc)
2682 return rc;
2683
2684 return task_has_perm(current, current, PROCESS__FORK);
2685 }
2686
2687 static int selinux_task_alloc_security(struct task_struct *tsk)
2688 {
2689 struct task_security_struct *tsec1, *tsec2;
2690 int rc;
2691
2692 tsec1 = current->security;
2693
2694 rc = task_alloc_security(tsk);
2695 if (rc)
2696 return rc;
2697 tsec2 = tsk->security;
2698
2699 tsec2->osid = tsec1->osid;
2700 tsec2->sid = tsec1->sid;
2701
2702 /* Retain the exec, fs, key, and sock SIDs across fork */
2703 tsec2->exec_sid = tsec1->exec_sid;
2704 tsec2->create_sid = tsec1->create_sid;
2705 tsec2->keycreate_sid = tsec1->keycreate_sid;
2706 tsec2->sockcreate_sid = tsec1->sockcreate_sid;
2707
2708 /* Retain ptracer SID across fork, if any.
2709 This will be reset by the ptrace hook upon any
2710 subsequent ptrace_attach operations. */
2711 tsec2->ptrace_sid = tsec1->ptrace_sid;
2712
2713 return 0;
2714 }
2715
2716 static void selinux_task_free_security(struct task_struct *tsk)
2717 {
2718 task_free_security(tsk);
2719 }
2720
2721 static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
2722 {
2723 /* Since setuid only affects the current process, and
2724 since the SELinux controls are not based on the Linux
2725 identity attributes, SELinux does not need to control
2726 this operation. However, SELinux does control the use
2727 of the CAP_SETUID and CAP_SETGID capabilities using the
2728 capable hook. */
2729 return 0;
2730 }
2731
2732 static int selinux_task_post_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
2733 {
2734 return secondary_ops->task_post_setuid(id0,id1,id2,flags);
2735 }
2736
2737 static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags)
2738 {
2739 /* See the comment for setuid above. */
2740 return 0;
2741 }
2742
2743 static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
2744 {
2745 return task_has_perm(current, p, PROCESS__SETPGID);
2746 }
2747
2748 static int selinux_task_getpgid(struct task_struct *p)
2749 {
2750 return task_has_perm(current, p, PROCESS__GETPGID);
2751 }
2752
2753 static int selinux_task_getsid(struct task_struct *p)
2754 {
2755 return task_has_perm(current, p, PROCESS__GETSESSION);
2756 }
2757
2758 static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
2759 {
2760 selinux_get_task_sid(p, secid);
2761 }
2762
2763 static int selinux_task_setgroups(struct group_info *group_info)
2764 {
2765 /* See the comment for setuid above. */
2766 return 0;
2767 }
2768
2769 static int selinux_task_setnice(struct task_struct *p, int nice)
2770 {
2771 int rc;
2772
2773 rc = secondary_ops->task_setnice(p, nice);
2774 if (rc)
2775 return rc;
2776
2777 return task_has_perm(current,p, PROCESS__SETSCHED);
2778 }
2779
2780 static int selinux_task_setioprio(struct task_struct *p, int ioprio)
2781 {
2782 return task_has_perm(current, p, PROCESS__SETSCHED);
2783 }
2784
2785 static int selinux_task_getioprio(struct task_struct *p)
2786 {
2787 return task_has_perm(current, p, PROCESS__GETSCHED);
2788 }
2789
2790 static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim)
2791 {
2792 struct rlimit *old_rlim = current->signal->rlim + resource;
2793 int rc;
2794
2795 rc = secondary_ops->task_setrlimit(resource, new_rlim);
2796 if (rc)
2797 return rc;
2798
2799 /* Control the ability to change the hard limit (whether
2800 lowering or raising it), so that the hard limit can
2801 later be used as a safe reset point for the soft limit
2802 upon context transitions. See selinux_bprm_apply_creds. */
2803 if (old_rlim->rlim_max != new_rlim->rlim_max)
2804 return task_has_perm(current, current, PROCESS__SETRLIMIT);
2805
2806 return 0;
2807 }
2808
2809 static int selinux_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp)
2810 {
2811 return task_has_perm(current, p, PROCESS__SETSCHED);
2812 }
2813
2814 static int selinux_task_getscheduler(struct task_struct *p)
2815 {
2816 return task_has_perm(current, p, PROCESS__GETSCHED);
2817 }
2818
2819 static int selinux_task_movememory(struct task_struct *p)
2820 {
2821 return task_has_perm(current, p, PROCESS__SETSCHED);
2822 }
2823
2824 static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
2825 int sig, u32 secid)
2826 {
2827 u32 perm;
2828 int rc;
2829 struct task_security_struct *tsec;
2830
2831 rc = secondary_ops->task_kill(p, info, sig, secid);
2832 if (rc)
2833 return rc;
2834
2835 if (info != SEND_SIG_NOINFO && (is_si_special(info) || SI_FROMKERNEL(info)))
2836 return 0;
2837
2838 if (!sig)
2839 perm = PROCESS__SIGNULL; /* null signal; existence test */
2840 else
2841 perm = signal_to_av(sig);
2842 tsec = p->security;
2843 if (secid)
2844 rc = avc_has_perm(secid, tsec->sid, SECCLASS_PROCESS, perm, NULL);
2845 else
2846 rc = task_has_perm(current, p, perm);
2847 return rc;
2848 }
2849
2850 static int selinux_task_prctl(int option,
2851 unsigned long arg2,
2852 unsigned long arg3,
2853 unsigned long arg4,
2854 unsigned long arg5)
2855 {
2856 /* The current prctl operations do not appear to require
2857 any SELinux controls since they merely observe or modify
2858 the state of the current process. */
2859 return 0;
2860 }
2861
2862 static int selinux_task_wait(struct task_struct *p)
2863 {
2864 u32 perm;
2865
2866 perm = signal_to_av(p->exit_signal);
2867
2868 return task_has_perm(p, current, perm);
2869 }
2870
2871 static void selinux_task_reparent_to_init(struct task_struct *p)
2872 {
2873 struct task_security_struct *tsec;
2874
2875 secondary_ops->task_reparent_to_init(p);
2876
2877 tsec = p->security;
2878 tsec->osid = tsec->sid;
2879 tsec->sid = SECINITSID_KERNEL;
2880 return;
2881 }
2882
2883 static void selinux_task_to_inode(struct task_struct *p,
2884 struct inode *inode)
2885 {
2886 struct task_security_struct *tsec = p->security;
2887 struct inode_security_struct *isec = inode->i_security;
2888
2889 isec->sid = tsec->sid;
2890 isec->initialized = 1;
2891 return;
2892 }
2893
2894 /* Returns error only if unable to parse addresses */
2895 static int selinux_parse_skb_ipv4(struct sk_buff *skb,
2896 struct avc_audit_data *ad, u8 *proto)
2897 {
2898 int offset, ihlen, ret = -EINVAL;
2899 struct iphdr _iph, *ih;
2900
2901 offset = skb->nh.raw - skb->data;
2902 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
2903 if (ih == NULL)
2904 goto out;
2905
2906 ihlen = ih->ihl * 4;
2907 if (ihlen < sizeof(_iph))
2908 goto out;
2909
2910 ad->u.net.v4info.saddr = ih->saddr;
2911 ad->u.net.v4info.daddr = ih->daddr;
2912 ret = 0;
2913
2914 if (proto)
2915 *proto = ih->protocol;
2916
2917 switch (ih->protocol) {
2918 case IPPROTO_TCP: {
2919 struct tcphdr _tcph, *th;
2920
2921 if (ntohs(ih->frag_off) & IP_OFFSET)
2922 break;
2923
2924 offset += ihlen;
2925 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
2926 if (th == NULL)
2927 break;
2928
2929 ad->u.net.sport = th->source;
2930 ad->u.net.dport = th->dest;
2931 break;
2932 }
2933
2934 case IPPROTO_UDP: {
2935 struct udphdr _udph, *uh;
2936
2937 if (ntohs(ih->frag_off) & IP_OFFSET)
2938 break;
2939
2940 offset += ihlen;
2941 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
2942 if (uh == NULL)
2943 break;
2944
2945 ad->u.net.sport = uh->source;
2946 ad->u.net.dport = uh->dest;
2947 break;
2948 }
2949
2950 case IPPROTO_DCCP: {
2951 struct dccp_hdr _dccph, *dh;
2952
2953 if (ntohs(ih->frag_off) & IP_OFFSET)
2954 break;
2955
2956 offset += ihlen;
2957 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
2958 if (dh == NULL)
2959 break;
2960
2961 ad->u.net.sport = dh->dccph_sport;
2962 ad->u.net.dport = dh->dccph_dport;
2963 break;
2964 }
2965
2966 default:
2967 break;
2968 }
2969 out:
2970 return ret;
2971 }
2972
2973 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
2974
2975 /* Returns error only if unable to parse addresses */
2976 static int selinux_parse_skb_ipv6(struct sk_buff *skb,
2977 struct avc_audit_data *ad, u8 *proto)
2978 {
2979 u8 nexthdr;
2980 int ret = -EINVAL, offset;
2981 struct ipv6hdr _ipv6h, *ip6;
2982
2983 offset = skb->nh.raw - skb->data;
2984 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
2985 if (ip6 == NULL)
2986 goto out;
2987
2988 ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr);
2989 ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr);
2990 ret = 0;
2991
2992 nexthdr = ip6->nexthdr;
2993 offset += sizeof(_ipv6h);
2994 offset = ipv6_skip_exthdr(skb, offset, &nexthdr);
2995 if (offset < 0)
2996 goto out;
2997
2998 if (proto)
2999 *proto = nexthdr;
3000
3001 switch (nexthdr) {
3002 case IPPROTO_TCP: {
3003 struct tcphdr _tcph, *th;
3004
3005 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3006 if (th == NULL)
3007 break;
3008
3009 ad->u.net.sport = th->source;
3010 ad->u.net.dport = th->dest;
3011 break;
3012 }
3013
3014 case IPPROTO_UDP: {
3015 struct udphdr _udph, *uh;
3016
3017 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3018 if (uh == NULL)
3019 break;
3020
3021 ad->u.net.sport = uh->source;
3022 ad->u.net.dport = uh->dest;
3023 break;
3024 }
3025
3026 case IPPROTO_DCCP: {
3027 struct dccp_hdr _dccph, *dh;
3028
3029 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3030 if (dh == NULL)
3031 break;
3032
3033 ad->u.net.sport = dh->dccph_sport;
3034 ad->u.net.dport = dh->dccph_dport;
3035 break;
3036 }
3037
3038 /* includes fragments */
3039 default:
3040 break;
3041 }
3042 out:
3043 return ret;
3044 }
3045
3046 #endif /* IPV6 */
3047
3048 static int selinux_parse_skb(struct sk_buff *skb, struct avc_audit_data *ad,
3049 char **addrp, int *len, int src, u8 *proto)
3050 {
3051 int ret = 0;
3052
3053 switch (ad->u.net.family) {
3054 case PF_INET:
3055 ret = selinux_parse_skb_ipv4(skb, ad, proto);
3056 if (ret || !addrp)
3057 break;
3058 *len = 4;
3059 *addrp = (char *)(src ? &ad->u.net.v4info.saddr :
3060 &ad->u.net.v4info.daddr);
3061 break;
3062
3063 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3064 case PF_INET6:
3065 ret = selinux_parse_skb_ipv6(skb, ad, proto);
3066 if (ret || !addrp)
3067 break;
3068 *len = 16;
3069 *addrp = (char *)(src ? &ad->u.net.v6info.saddr :
3070 &ad->u.net.v6info.daddr);
3071 break;
3072 #endif /* IPV6 */
3073 default:
3074 break;
3075 }
3076
3077 return ret;
3078 }
3079
3080 /* socket security operations */
3081 static int socket_has_perm(struct task_struct *task, struct socket *sock,
3082 u32 perms)
3083 {
3084 struct inode_security_struct *isec;
3085 struct task_security_struct *tsec;
3086 struct avc_audit_data ad;
3087 int err = 0;
3088
3089 tsec = task->security;
3090 isec = SOCK_INODE(sock)->i_security;
3091
3092 if (isec->sid == SECINITSID_KERNEL)
3093 goto out;
3094
3095 AVC_AUDIT_DATA_INIT(&ad,NET);
3096 ad.u.net.sk = sock->sk;
3097 err = avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad);
3098
3099 out:
3100 return err;
3101 }
3102
3103 static int selinux_socket_create(int family, int type,
3104 int protocol, int kern)
3105 {
3106 int err = 0;
3107 struct task_security_struct *tsec;
3108 u32 newsid;
3109
3110 if (kern)
3111 goto out;
3112
3113 tsec = current->security;
3114 newsid = tsec->sockcreate_sid ? : tsec->sid;
3115 err = avc_has_perm(tsec->sid, newsid,
3116 socket_type_to_security_class(family, type,
3117 protocol), SOCKET__CREATE, NULL);
3118
3119 out:
3120 return err;
3121 }
3122
3123 static int selinux_socket_post_create(struct socket *sock, int family,
3124 int type, int protocol, int kern)
3125 {
3126 int err = 0;
3127 struct inode_security_struct *isec;
3128 struct task_security_struct *tsec;
3129 struct sk_security_struct *sksec;
3130 u32 newsid;
3131
3132 isec = SOCK_INODE(sock)->i_security;
3133
3134 tsec = current->security;
3135 newsid = tsec->sockcreate_sid ? : tsec->sid;
3136 isec->sclass = socket_type_to_security_class(family, type, protocol);
3137 isec->sid = kern ? SECINITSID_KERNEL : newsid;
3138 isec->initialized = 1;
3139
3140 if (sock->sk) {
3141 sksec = sock->sk->sk_security;
3142 sksec->sid = isec->sid;
3143 err = selinux_netlbl_socket_post_create(sock);
3144 }
3145
3146 return err;
3147 }
3148
3149 /* Range of port numbers used to automatically bind.
3150 Need to determine whether we should perform a name_bind
3151 permission check between the socket and the port number. */
3152 #define ip_local_port_range_0 sysctl_local_port_range[0]
3153 #define ip_local_port_range_1 sysctl_local_port_range[1]
3154
3155 static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
3156 {
3157 u16 family;
3158 int err;
3159
3160 err = socket_has_perm(current, sock, SOCKET__BIND);
3161 if (err)
3162 goto out;
3163
3164 /*
3165 * If PF_INET or PF_INET6, check name_bind permission for the port.
3166 * Multiple address binding for SCTP is not supported yet: we just
3167 * check the first address now.
3168 */
3169 family = sock->sk->sk_family;
3170 if (family == PF_INET || family == PF_INET6) {
3171 char *addrp;
3172 struct inode_security_struct *isec;
3173 struct task_security_struct *tsec;
3174 struct avc_audit_data ad;
3175 struct sockaddr_in *addr4 = NULL;
3176 struct sockaddr_in6 *addr6 = NULL;
3177 unsigned short snum;
3178 struct sock *sk = sock->sk;
3179 u32 sid, node_perm, addrlen;
3180
3181 tsec = current->security;
3182 isec = SOCK_INODE(sock)->i_security;
3183
3184 if (family == PF_INET) {
3185 addr4 = (struct sockaddr_in *)address;
3186 snum = ntohs(addr4->sin_port);
3187 addrlen = sizeof(addr4->sin_addr.s_addr);
3188 addrp = (char *)&addr4->sin_addr.s_addr;
3189 } else {
3190 addr6 = (struct sockaddr_in6 *)address;
3191 snum = ntohs(addr6->sin6_port);
3192 addrlen = sizeof(addr6->sin6_addr.s6_addr);
3193 addrp = (char *)&addr6->sin6_addr.s6_addr;
3194 }
3195
3196 if (snum&&(snum < max(PROT_SOCK,ip_local_port_range_0) ||
3197 snum > ip_local_port_range_1)) {
3198 err = security_port_sid(sk->sk_family, sk->sk_type,
3199 sk->sk_protocol, snum, &sid);
3200 if (err)
3201 goto out;
3202 AVC_AUDIT_DATA_INIT(&ad,NET);
3203 ad.u.net.sport = htons(snum);
3204 ad.u.net.family = family;
3205 err = avc_has_perm(isec->sid, sid,
3206 isec->sclass,
3207 SOCKET__NAME_BIND, &ad);
3208 if (err)
3209 goto out;
3210 }
3211
3212 switch(isec->sclass) {
3213 case SECCLASS_TCP_SOCKET:
3214 node_perm = TCP_SOCKET__NODE_BIND;
3215 break;
3216
3217 case SECCLASS_UDP_SOCKET:
3218 node_perm = UDP_SOCKET__NODE_BIND;
3219 break;
3220
3221 case SECCLASS_DCCP_SOCKET:
3222 node_perm = DCCP_SOCKET__NODE_BIND;
3223 break;
3224
3225 default:
3226 node_perm = RAWIP_SOCKET__NODE_BIND;
3227 break;
3228 }
3229
3230 err = security_node_sid(family, addrp, addrlen, &sid);
3231 if (err)
3232 goto out;
3233
3234 AVC_AUDIT_DATA_INIT(&ad,NET);
3235 ad.u.net.sport = htons(snum);
3236 ad.u.net.family = family;
3237
3238 if (family == PF_INET)
3239 ad.u.net.v4info.saddr = addr4->sin_addr.s_addr;
3240 else
3241 ipv6_addr_copy(&ad.u.net.v6info.saddr, &addr6->sin6_addr);
3242
3243 err = avc_has_perm(isec->sid, sid,
3244 isec->sclass, node_perm, &ad);
3245 if (err)
3246 goto out;
3247 }
3248 out:
3249 return err;
3250 }
3251
3252 static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
3253 {
3254 struct inode_security_struct *isec;
3255 int err;
3256
3257 err = socket_has_perm(current, sock, SOCKET__CONNECT);
3258 if (err)
3259 return err;
3260
3261 /*
3262 * If a TCP or DCCP socket, check name_connect permission for the port.
3263 */
3264 isec = SOCK_INODE(sock)->i_security;
3265 if (isec->sclass == SECCLASS_TCP_SOCKET ||
3266 isec->sclass == SECCLASS_DCCP_SOCKET) {
3267 struct sock *sk = sock->sk;
3268 struct avc_audit_data ad;
3269 struct sockaddr_in *addr4 = NULL;
3270 struct sockaddr_in6 *addr6 = NULL;
3271 unsigned short snum;
3272 u32 sid, perm;
3273
3274 if (sk->sk_family == PF_INET) {
3275 addr4 = (struct sockaddr_in *)address;
3276 if (addrlen < sizeof(struct sockaddr_in))
3277 return -EINVAL;
3278 snum = ntohs(addr4->sin_port);
3279 } else {
3280 addr6 = (struct sockaddr_in6 *)address;
3281 if (addrlen < SIN6_LEN_RFC2133)
3282 return -EINVAL;
3283 snum = ntohs(addr6->sin6_port);
3284 }
3285
3286 err = security_port_sid(sk->sk_family, sk->sk_type,
3287 sk->sk_protocol, snum, &sid);
3288 if (err)
3289 goto out;
3290
3291 perm = (isec->sclass == SECCLASS_TCP_SOCKET) ?
3292 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
3293
3294 AVC_AUDIT_DATA_INIT(&ad,NET);
3295 ad.u.net.dport = htons(snum);
3296 ad.u.net.family = sk->sk_family;
3297 err = avc_has_perm(isec->sid, sid, isec->sclass, perm, &ad);
3298 if (err)
3299 goto out;
3300 }
3301
3302 out:
3303 return err;
3304 }
3305
3306 static int selinux_socket_listen(struct socket *sock, int backlog)
3307 {
3308 return socket_has_perm(current, sock, SOCKET__LISTEN);
3309 }
3310
3311 static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
3312 {
3313 int err;
3314 struct inode_security_struct *isec;
3315 struct inode_security_struct *newisec;
3316
3317 err = socket_has_perm(current, sock, SOCKET__ACCEPT);
3318 if (err)
3319 return err;
3320
3321 newisec = SOCK_INODE(newsock)->i_security;
3322
3323 isec = SOCK_INODE(sock)->i_security;
3324 newisec->sclass = isec->sclass;
3325 newisec->sid = isec->sid;
3326 newisec->initialized = 1;
3327
3328 return 0;
3329 }
3330
3331 static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3332 int size)
3333 {
3334 int rc;
3335
3336 rc = socket_has_perm(current, sock, SOCKET__WRITE);
3337 if (rc)
3338 return rc;
3339
3340 return selinux_netlbl_inode_permission(SOCK_INODE(sock), MAY_WRITE);
3341 }
3342
3343 static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
3344 int size, int flags)
3345 {
3346 return socket_has_perm(current, sock, SOCKET__READ);
3347 }
3348
3349 static int selinux_socket_getsockname(struct socket *sock)
3350 {
3351 return socket_has_perm(current, sock, SOCKET__GETATTR);
3352 }
3353
3354 static int selinux_socket_getpeername(struct socket *sock)
3355 {
3356 return socket_has_perm(current, sock, SOCKET__GETATTR);
3357 }
3358
3359 static int selinux_socket_setsockopt(struct socket *sock,int level,int optname)
3360 {
3361 int err;
3362
3363 err = socket_has_perm(current, sock, SOCKET__SETOPT);
3364 if (err)
3365 return err;
3366
3367 return selinux_netlbl_socket_setsockopt(sock, level, optname);
3368 }
3369
3370 static int selinux_socket_getsockopt(struct socket *sock, int level,
3371 int optname)
3372 {
3373 return socket_has_perm(current, sock, SOCKET__GETOPT);
3374 }
3375
3376 static int selinux_socket_shutdown(struct socket *sock, int how)
3377 {
3378 return socket_has_perm(current, sock, SOCKET__SHUTDOWN);
3379 }
3380
3381 static int selinux_socket_unix_stream_connect(struct socket *sock,
3382 struct socket *other,
3383 struct sock *newsk)
3384 {
3385 struct sk_security_struct *ssec;
3386 struct inode_security_struct *isec;
3387 struct inode_security_struct *other_isec;
3388 struct avc_audit_data ad;
3389 int err;
3390
3391 err = secondary_ops->unix_stream_connect(sock, other, newsk);
3392 if (err)
3393 return err;
3394
3395 isec = SOCK_INODE(sock)->i_security;
3396 other_isec = SOCK_INODE(other)->i_security;
3397
3398 AVC_AUDIT_DATA_INIT(&ad,NET);
3399 ad.u.net.sk = other->sk;
3400
3401 err = avc_has_perm(isec->sid, other_isec->sid,
3402 isec->sclass,
3403 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
3404 if (err)
3405 return err;
3406
3407 /* connecting socket */
3408 ssec = sock->sk->sk_security;
3409 ssec->peer_sid = other_isec->sid;
3410
3411 /* server child socket */
3412 ssec = newsk->sk_security;
3413 ssec->peer_sid = isec->sid;
3414 err = security_sid_mls_copy(other_isec->sid, ssec->peer_sid, &ssec->sid);
3415
3416 return err;
3417 }
3418
3419 static int selinux_socket_unix_may_send(struct socket *sock,
3420 struct socket *other)
3421 {
3422 struct inode_security_struct *isec;
3423 struct inode_security_struct *other_isec;
3424 struct avc_audit_data ad;
3425 int err;
3426
3427 isec = SOCK_INODE(sock)->i_security;
3428 other_isec = SOCK_INODE(other)->i_security;
3429
3430 AVC_AUDIT_DATA_INIT(&ad,NET);
3431 ad.u.net.sk = other->sk;
3432
3433 err = avc_has_perm(isec->sid, other_isec->sid,
3434 isec->sclass, SOCKET__SENDTO, &ad);
3435 if (err)
3436 return err;
3437
3438 return 0;
3439 }
3440
3441 static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
3442 struct avc_audit_data *ad, u16 family, char *addrp, int len)
3443 {
3444 int err = 0;
3445 u32 netif_perm, node_perm, node_sid, if_sid, recv_perm = 0;
3446 struct socket *sock;
3447 u16 sock_class = 0;
3448 u32 sock_sid = 0;
3449
3450 read_lock_bh(&sk->sk_callback_lock);
3451 sock = sk->sk_socket;
3452 if (sock) {
3453 struct inode *inode;
3454 inode = SOCK_INODE(sock);
3455 if (inode) {
3456 struct inode_security_struct *isec;
3457 isec = inode->i_security;
3458 sock_sid = isec->sid;
3459 sock_class = isec->sclass;
3460 }
3461 }
3462 read_unlock_bh(&sk->sk_callback_lock);
3463 if (!sock_sid)
3464 goto out;
3465
3466 if (!skb->dev)
3467 goto out;
3468
3469 err = sel_netif_sids(skb->dev, &if_sid, NULL);
3470 if (err)
3471 goto out;
3472
3473 switch (sock_class) {
3474 case SECCLASS_UDP_SOCKET:
3475 netif_perm = NETIF__UDP_RECV;
3476 node_perm = NODE__UDP_RECV;
3477 recv_perm = UDP_SOCKET__RECV_MSG;
3478 break;
3479
3480 case SECCLASS_TCP_SOCKET:
3481 netif_perm = NETIF__TCP_RECV;
3482 node_perm = NODE__TCP_RECV;
3483 recv_perm = TCP_SOCKET__RECV_MSG;
3484 break;
3485
3486 case SECCLASS_DCCP_SOCKET:
3487 netif_perm = NETIF__DCCP_RECV;
3488 node_perm = NODE__DCCP_RECV;
3489 recv_perm = DCCP_SOCKET__RECV_MSG;
3490 break;
3491
3492 default:
3493 netif_perm = NETIF__RAWIP_RECV;
3494 node_perm = NODE__RAWIP_RECV;
3495 break;
3496 }
3497
3498 err = avc_has_perm(sock_sid, if_sid, SECCLASS_NETIF, netif_perm, ad);
3499 if (err)
3500 goto out;
3501
3502 err = security_node_sid(family, addrp, len, &node_sid);
3503 if (err)
3504 goto out;
3505
3506 err = avc_has_perm(sock_sid, node_sid, SECCLASS_NODE, node_perm, ad);
3507 if (err)
3508 goto out;
3509
3510 if (recv_perm) {
3511 u32 port_sid;
3512
3513 err = security_port_sid(sk->sk_family, sk->sk_type,
3514 sk->sk_protocol, ntohs(ad->u.net.sport),
3515 &port_sid);
3516 if (err)
3517 goto out;
3518
3519 err = avc_has_perm(sock_sid, port_sid,
3520 sock_class, recv_perm, ad);
3521 }
3522
3523 out:
3524 return err;
3525 }
3526
3527 static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3528 {
3529 u16 family;
3530 char *addrp;
3531 int len, err = 0;
3532 struct avc_audit_data ad;
3533 struct sk_security_struct *sksec = sk->sk_security;
3534
3535 family = sk->sk_family;
3536 if (family != PF_INET && family != PF_INET6)
3537 goto out;
3538
3539 /* Handle mapped IPv4 packets arriving via IPv6 sockets */
3540 if (family == PF_INET6 && skb->protocol == ntohs(ETH_P_IP))
3541 family = PF_INET;
3542
3543 AVC_AUDIT_DATA_INIT(&ad, NET);
3544 ad.u.net.netif = skb->dev ? skb->dev->name : "[unknown]";
3545 ad.u.net.family = family;
3546
3547 err = selinux_parse_skb(skb, &ad, &addrp, &len, 1, NULL);
3548 if (err)
3549 goto out;
3550
3551 if (selinux_compat_net)
3552 err = selinux_sock_rcv_skb_compat(sk, skb, &ad, family,
3553 addrp, len);
3554 else
3555 err = avc_has_perm(sksec->sid, skb->secmark, SECCLASS_PACKET,
3556 PACKET__RECV, &ad);
3557 if (err)
3558 goto out;
3559
3560 err = selinux_netlbl_sock_rcv_skb(sksec, skb, &ad);
3561 if (err)
3562 goto out;
3563
3564 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
3565 out:
3566 return err;
3567 }
3568
3569 static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
3570 int __user *optlen, unsigned len)
3571 {
3572 int err = 0;
3573 char *scontext;
3574 u32 scontext_len;
3575 struct sk_security_struct *ssec;
3576 struct inode_security_struct *isec;
3577 u32 peer_sid = 0;
3578
3579 isec = SOCK_INODE(sock)->i_security;
3580
3581 /* if UNIX_STREAM check peer_sid, if TCP check dst for labelled sa */
3582 if (isec->sclass == SECCLASS_UNIX_STREAM_SOCKET) {
3583 ssec = sock->sk->sk_security;
3584 peer_sid = ssec->peer_sid;
3585 }
3586 else if (isec->sclass == SECCLASS_TCP_SOCKET) {
3587 peer_sid = selinux_netlbl_socket_getpeersec_stream(sock);
3588 if (peer_sid == SECSID_NULL) {
3589 ssec = sock->sk->sk_security;
3590 peer_sid = ssec->peer_sid;
3591 }
3592 if (peer_sid == SECSID_NULL) {
3593 err = -ENOPROTOOPT;
3594 goto out;
3595 }
3596 }
3597 else {
3598 err = -ENOPROTOOPT;
3599 goto out;
3600 }
3601
3602 err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
3603
3604 if (err)
3605 goto out;
3606
3607 if (scontext_len > len) {
3608 err = -ERANGE;
3609 goto out_len;
3610 }
3611
3612 if (copy_to_user(optval, scontext, scontext_len))
3613 err = -EFAULT;
3614
3615 out_len:
3616 if (put_user(scontext_len, optlen))
3617 err = -EFAULT;
3618
3619 kfree(scontext);
3620 out:
3621 return err;
3622 }
3623
3624 static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
3625 {
3626 u32 peer_secid = SECSID_NULL;
3627 int err = 0;
3628
3629 if (sock && (sock->sk->sk_family == PF_UNIX))
3630 selinux_get_inode_sid(SOCK_INODE(sock), &peer_secid);
3631 else if (skb) {
3632 peer_secid = selinux_netlbl_socket_getpeersec_dgram(skb);
3633 if (peer_secid == SECSID_NULL)
3634 peer_secid = selinux_socket_getpeer_dgram(skb);
3635 }
3636
3637 if (peer_secid == SECSID_NULL)
3638 err = -EINVAL;
3639 *secid = peer_secid;
3640
3641 return err;
3642 }
3643
3644 static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
3645 {
3646 return sk_alloc_security(sk, family, priority);
3647 }
3648
3649 static void selinux_sk_free_security(struct sock *sk)
3650 {
3651 sk_free_security(sk);
3652 }
3653
3654 static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
3655 {
3656 struct sk_security_struct *ssec = sk->sk_security;
3657 struct sk_security_struct *newssec = newsk->sk_security;
3658
3659 newssec->sid = ssec->sid;
3660 newssec->peer_sid = ssec->peer_sid;
3661
3662 selinux_netlbl_sk_security_clone(ssec, newssec);
3663 }
3664
3665 static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
3666 {
3667 if (!sk)
3668 *secid = SECINITSID_ANY_SOCKET;
3669 else {
3670 struct sk_security_struct *sksec = sk->sk_security;
3671
3672 *secid = sksec->sid;
3673 }
3674 }
3675
3676 static void selinux_sock_graft(struct sock* sk, struct socket *parent)
3677 {
3678 struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
3679 struct sk_security_struct *sksec = sk->sk_security;
3680
3681 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
3682 sk->sk_family == PF_UNIX)
3683 isec->sid = sksec->sid;
3684
3685 selinux_netlbl_sock_graft(sk, parent);
3686 }
3687
3688 static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
3689 struct request_sock *req)
3690 {
3691 struct sk_security_struct *sksec = sk->sk_security;
3692 int err;
3693 u32 newsid;
3694 u32 peersid;
3695
3696 newsid = selinux_netlbl_inet_conn_request(skb, sksec->sid);
3697 if (newsid != SECSID_NULL) {
3698 req->secid = newsid;
3699 return 0;
3700 }
3701
3702 selinux_skb_xfrm_sid(skb, &peersid);
3703
3704 if (peersid == SECSID_NULL) {
3705 req->secid = sksec->sid;
3706 req->peer_secid = 0;
3707 return 0;
3708 }
3709
3710 err = security_sid_mls_copy(sksec->sid, peersid, &newsid);
3711 if (err)
3712 return err;
3713
3714 req->secid = newsid;
3715 req->peer_secid = peersid;
3716 return 0;
3717 }
3718
3719 static void selinux_inet_csk_clone(struct sock *newsk,
3720 const struct request_sock *req)
3721 {
3722 struct sk_security_struct *newsksec = newsk->sk_security;
3723
3724 newsksec->sid = req->secid;
3725 newsksec->peer_sid = req->peer_secid;
3726 /* NOTE: Ideally, we should also get the isec->sid for the
3727 new socket in sync, but we don't have the isec available yet.
3728 So we will wait until sock_graft to do it, by which
3729 time it will have been created and available. */
3730
3731 /* We don't need to take any sort of lock here as we are the only
3732 * thread with access to newsksec */
3733 selinux_netlbl_sk_security_reset(newsksec, req->rsk_ops->family);
3734 }
3735
3736 static void selinux_inet_conn_established(struct sock *sk,
3737 struct sk_buff *skb)
3738 {
3739 struct sk_security_struct *sksec = sk->sk_security;
3740
3741 selinux_skb_xfrm_sid(skb, &sksec->peer_sid);
3742 }
3743
3744 static void selinux_req_classify_flow(const struct request_sock *req,
3745 struct flowi *fl)
3746 {
3747 fl->secid = req->secid;
3748 }
3749
3750 static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
3751 {
3752 int err = 0;
3753 u32 perm;
3754 struct nlmsghdr *nlh;
3755 struct socket *sock = sk->sk_socket;
3756 struct inode_security_struct *isec = SOCK_INODE(sock)->i_security;
3757
3758 if (skb->len < NLMSG_SPACE(0)) {
3759 err = -EINVAL;
3760 goto out;
3761 }
3762 nlh = (struct nlmsghdr *)skb->data;
3763
3764 err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);
3765 if (err) {
3766 if (err == -EINVAL) {
3767 audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR,
3768 "SELinux: unrecognized netlink message"
3769 " type=%hu for sclass=%hu\n",
3770 nlh->nlmsg_type, isec->sclass);
3771 if (!selinux_enforcing)
3772 err = 0;
3773 }
3774
3775 /* Ignore */
3776 if (err == -ENOENT)
3777 err = 0;
3778 goto out;
3779 }
3780
3781 err = socket_has_perm(current, sock, perm);
3782 out:
3783 return err;
3784 }
3785
3786 #ifdef CONFIG_NETFILTER
3787
3788 static int selinux_ip_postroute_last_compat(struct sock *sk, struct net_device *dev,
3789 struct avc_audit_data *ad,
3790 u16 family, char *addrp, int len)
3791 {
3792 int err = 0;
3793 u32 netif_perm, node_perm, node_sid, if_sid, send_perm = 0;
3794 struct socket *sock;
3795 struct inode *inode;
3796 struct inode_security_struct *isec;
3797
3798 sock = sk->sk_socket;
3799 if (!sock)
3800 goto out;
3801
3802 inode = SOCK_INODE(sock);
3803 if (!inode)
3804 goto out;
3805
3806 isec = inode->i_security;
3807
3808 err = sel_netif_sids(dev, &if_sid, NULL);
3809 if (err)
3810 goto out;
3811
3812 switch (isec->sclass) {
3813 case SECCLASS_UDP_SOCKET:
3814 netif_perm = NETIF__UDP_SEND;
3815 node_perm = NODE__UDP_SEND;
3816 send_perm = UDP_SOCKET__SEND_MSG;
3817 break;
3818
3819 case SECCLASS_TCP_SOCKET:
3820 netif_perm = NETIF__TCP_SEND;
3821 node_perm = NODE__TCP_SEND;
3822 send_perm = TCP_SOCKET__SEND_MSG;
3823 break;
3824
3825 case SECCLASS_DCCP_SOCKET:
3826 netif_perm = NETIF__DCCP_SEND;
3827 node_perm = NODE__DCCP_SEND;
3828 send_perm = DCCP_SOCKET__SEND_MSG;
3829 break;
3830
3831 default:
3832 netif_perm = NETIF__RAWIP_SEND;
3833 node_perm = NODE__RAWIP_SEND;
3834 break;
3835 }
3836
3837 err = avc_has_perm(isec->sid, if_sid, SECCLASS_NETIF, netif_perm, ad);
3838 if (err)
3839 goto out;
3840
3841 err = security_node_sid(family, addrp, len, &node_sid);
3842 if (err)
3843 goto out;
3844
3845 err = avc_has_perm(isec->sid, node_sid, SECCLASS_NODE, node_perm, ad);
3846 if (err)
3847 goto out;
3848
3849 if (send_perm) {
3850 u32 port_sid;
3851
3852 err = security_port_sid(sk->sk_family,
3853 sk->sk_type,
3854 sk->sk_protocol,
3855 ntohs(ad->u.net.dport),
3856 &port_sid);
3857 if (err)
3858 goto out;
3859
3860 err = avc_has_perm(isec->sid, port_sid, isec->sclass,
3861 send_perm, ad);
3862 }
3863 out:
3864 return err;
3865 }
3866
3867 static unsigned int selinux_ip_postroute_last(unsigned int hooknum,
3868 struct sk_buff **pskb,
3869 const struct net_device *in,
3870 const struct net_device *out,
3871 int (*okfn)(struct sk_buff *),
3872 u16 family)
3873 {
3874 char *addrp;
3875 int len, err = 0;
3876 struct sock *sk;
3877 struct sk_buff *skb = *pskb;
3878 struct avc_audit_data ad;
3879 struct net_device *dev = (struct net_device *)out;
3880 struct sk_security_struct *sksec;
3881 u8 proto;
3882
3883 sk = skb->sk;
3884 if (!sk)
3885 goto out;
3886
3887 sksec = sk->sk_security;
3888
3889 AVC_AUDIT_DATA_INIT(&ad, NET);
3890 ad.u.net.netif = dev->name;
3891 ad.u.net.family = family;
3892
3893 err = selinux_parse_skb(skb, &ad, &addrp, &len, 0, &proto);
3894 if (err)
3895 goto out;
3896
3897 if (selinux_compat_net)
3898 err = selinux_ip_postroute_last_compat(sk, dev, &ad,
3899 family, addrp, len);
3900 else
3901 err = avc_has_perm(sksec->sid, skb->secmark, SECCLASS_PACKET,
3902 PACKET__SEND, &ad);
3903
3904 if (err)
3905 goto out;
3906
3907 err = selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto);
3908 out:
3909 return err ? NF_DROP : NF_ACCEPT;
3910 }
3911
3912 static unsigned int selinux_ipv4_postroute_last(unsigned int hooknum,
3913 struct sk_buff **pskb,
3914 const struct net_device *in,
3915 const struct net_device *out,
3916 int (*okfn)(struct sk_buff *))
3917 {
3918 return selinux_ip_postroute_last(hooknum, pskb, in, out, okfn, PF_INET);
3919 }
3920
3921 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3922
3923 static unsigned int selinux_ipv6_postroute_last(unsigned int hooknum,
3924 struct sk_buff **pskb,
3925 const struct net_device *in,
3926 const struct net_device *out,
3927 int (*okfn)(struct sk_buff *))
3928 {
3929 return selinux_ip_postroute_last(hooknum, pskb, in, out, okfn, PF_INET6);
3930 }
3931
3932 #endif /* IPV6 */
3933
3934 #endif /* CONFIG_NETFILTER */
3935
3936 static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
3937 {
3938 int err;
3939
3940 err = secondary_ops->netlink_send(sk, skb);
3941 if (err)
3942 return err;
3943
3944 if (policydb_loaded_version >= POLICYDB_VERSION_NLCLASS)
3945 err = selinux_nlmsg_perm(sk, skb);
3946
3947 return err;
3948 }
3949
3950 static int selinux_netlink_recv(struct sk_buff *skb, int capability)
3951 {
3952 int err;
3953 struct avc_audit_data ad;
3954
3955 err = secondary_ops->netlink_recv(skb, capability);
3956 if (err)
3957 return err;
3958
3959 AVC_AUDIT_DATA_INIT(&ad, CAP);
3960 ad.u.cap = capability;
3961
3962 return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid,
3963 SECCLASS_CAPABILITY, CAP_TO_MASK(capability), &ad);
3964 }
3965
3966 static int ipc_alloc_security(struct task_struct *task,
3967 struct kern_ipc_perm *perm,
3968 u16 sclass)
3969 {
3970 struct task_security_struct *tsec = task->security;
3971 struct ipc_security_struct *isec;
3972
3973 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
3974 if (!isec)
3975 return -ENOMEM;
3976
3977 isec->sclass = sclass;
3978 isec->ipc_perm = perm;
3979 isec->sid = tsec->sid;
3980 perm->security = isec;
3981
3982 return 0;
3983 }
3984
3985 static void ipc_free_security(struct kern_ipc_perm *perm)
3986 {
3987 struct ipc_security_struct *isec = perm->security;
3988 perm->security = NULL;
3989 kfree(isec);
3990 }
3991
3992 static int msg_msg_alloc_security(struct msg_msg *msg)
3993 {
3994 struct msg_security_struct *msec;
3995
3996 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
3997 if (!msec)
3998 return -ENOMEM;
3999
4000 msec->msg = msg;
4001 msec->sid = SECINITSID_UNLABELED;
4002 msg->security = msec;
4003
4004 return 0;
4005 }
4006
4007 static void msg_msg_free_security(struct msg_msg *msg)
4008 {
4009 struct msg_security_struct *msec = msg->security;
4010
4011 msg->security = NULL;
4012 kfree(msec);
4013 }
4014
4015 static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
4016 u32 perms)
4017 {
4018 struct task_security_struct *tsec;
4019 struct ipc_security_struct *isec;
4020 struct avc_audit_data ad;
4021
4022 tsec = current->security;
4023 isec = ipc_perms->security;
4024
4025 AVC_AUDIT_DATA_INIT(&ad, IPC);
4026 ad.u.ipc_id = ipc_perms->key;
4027
4028 return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad);
4029 }
4030
4031 static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
4032 {
4033 return msg_msg_alloc_security(msg);
4034 }
4035
4036 static void selinux_msg_msg_free_security(struct msg_msg *msg)
4037 {
4038 msg_msg_free_security(msg);
4039 }
4040
4041 /* message queue security operations */
4042 static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
4043 {
4044 struct task_security_struct *tsec;
4045 struct ipc_security_struct *isec;
4046 struct avc_audit_data ad;
4047 int rc;
4048
4049 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
4050 if (rc)
4051 return rc;
4052
4053 tsec = current->security;
4054 isec = msq->q_perm.security;
4055
4056 AVC_AUDIT_DATA_INIT(&ad, IPC);
4057 ad.u.ipc_id = msq->q_perm.key;
4058
4059 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
4060 MSGQ__CREATE, &ad);
4061 if (rc) {
4062 ipc_free_security(&msq->q_perm);
4063 return rc;
4064 }
4065 return 0;
4066 }
4067
4068 static void selinux_msg_queue_free_security(struct msg_queue *msq)
4069 {
4070 ipc_free_security(&msq->q_perm);
4071 }
4072
4073 static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
4074 {
4075 struct task_security_struct *tsec;
4076 struct ipc_security_struct *isec;
4077 struct avc_audit_data ad;
4078
4079 tsec = current->security;
4080 isec = msq->q_perm.security;
4081
4082 AVC_AUDIT_DATA_INIT(&ad, IPC);
4083 ad.u.ipc_id = msq->q_perm.key;
4084
4085 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
4086 MSGQ__ASSOCIATE, &ad);
4087 }
4088
4089 static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
4090 {
4091 int err;
4092 int perms;
4093
4094 switch(cmd) {
4095 case IPC_INFO:
4096 case MSG_INFO:
4097 /* No specific object, just general system-wide information. */
4098 return task_has_system(current, SYSTEM__IPC_INFO);
4099 case IPC_STAT:
4100 case MSG_STAT:
4101 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
4102 break;
4103 case IPC_SET:
4104 perms = MSGQ__SETATTR;
4105 break;
4106 case IPC_RMID:
4107 perms = MSGQ__DESTROY;
4108 break;
4109 default:
4110 return 0;
4111 }
4112
4113 err = ipc_has_perm(&msq->q_perm, perms);
4114 return err;
4115 }
4116
4117 static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
4118 {
4119 struct task_security_struct *tsec;
4120 struct ipc_security_struct *isec;
4121 struct msg_security_struct *msec;
4122 struct avc_audit_data ad;
4123 int rc;
4124
4125 tsec = current->security;
4126 isec = msq->q_perm.security;
4127 msec = msg->security;
4128
4129 /*
4130 * First time through, need to assign label to the message
4131 */
4132 if (msec->sid == SECINITSID_UNLABELED) {
4133 /*
4134 * Compute new sid based on current process and
4135 * message queue this message will be stored in
4136 */
4137 rc = security_transition_sid(tsec->sid,
4138 isec->sid,
4139 SECCLASS_MSG,
4140 &msec->sid);
4141 if (rc)
4142 return rc;
4143 }
4144
4145 AVC_AUDIT_DATA_INIT(&ad, IPC);
4146 ad.u.ipc_id = msq->q_perm.key;
4147
4148 /* Can this process write to the queue? */
4149 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
4150 MSGQ__WRITE, &ad);
4151 if (!rc)
4152 /* Can this process send the message */
4153 rc = avc_has_perm(tsec->sid, msec->sid,
4154 SECCLASS_MSG, MSG__SEND, &ad);
4155 if (!rc)
4156 /* Can the message be put in the queue? */
4157 rc = avc_has_perm(msec->sid, isec->sid,
4158 SECCLASS_MSGQ, MSGQ__ENQUEUE, &ad);
4159
4160 return rc;
4161 }
4162
4163 static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
4164 struct task_struct *target,
4165 long type, int mode)
4166 {
4167 struct task_security_struct *tsec;
4168 struct ipc_security_struct *isec;
4169 struct msg_security_struct *msec;
4170 struct avc_audit_data ad;
4171 int rc;
4172
4173 tsec = target->security;
4174 isec = msq->q_perm.security;
4175 msec = msg->security;
4176
4177 AVC_AUDIT_DATA_INIT(&ad, IPC);
4178 ad.u.ipc_id = msq->q_perm.key;
4179
4180 rc = avc_has_perm(tsec->sid, isec->sid,
4181 SECCLASS_MSGQ, MSGQ__READ, &ad);
4182 if (!rc)
4183 rc = avc_has_perm(tsec->sid, msec->sid,
4184 SECCLASS_MSG, MSG__RECEIVE, &ad);
4185 return rc;
4186 }
4187
4188 /* Shared Memory security operations */
4189 static int selinux_shm_alloc_security(struct shmid_kernel *shp)
4190 {
4191 struct task_security_struct *tsec;
4192 struct ipc_security_struct *isec;
4193 struct avc_audit_data ad;
4194 int rc;
4195
4196 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
4197 if (rc)
4198 return rc;
4199
4200 tsec = current->security;
4201 isec = shp->shm_perm.security;
4202
4203 AVC_AUDIT_DATA_INIT(&ad, IPC);
4204 ad.u.ipc_id = shp->shm_perm.key;
4205
4206 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM,
4207 SHM__CREATE, &ad);
4208 if (rc) {
4209 ipc_free_security(&shp->shm_perm);
4210 return rc;
4211 }
4212 return 0;
4213 }
4214
4215 static void selinux_shm_free_security(struct shmid_kernel *shp)
4216 {
4217 ipc_free_security(&shp->shm_perm);
4218 }
4219
4220 static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
4221 {
4222 struct task_security_struct *tsec;
4223 struct ipc_security_struct *isec;
4224 struct avc_audit_data ad;
4225
4226 tsec = current->security;
4227 isec = shp->shm_perm.security;
4228
4229 AVC_AUDIT_DATA_INIT(&ad, IPC);
4230 ad.u.ipc_id = shp->shm_perm.key;
4231
4232 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM,
4233 SHM__ASSOCIATE, &ad);
4234 }
4235
4236 /* Note, at this point, shp is locked down */
4237 static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
4238 {
4239 int perms;
4240 int err;
4241
4242 switch(cmd) {
4243 case IPC_INFO:
4244 case SHM_INFO:
4245 /* No specific object, just general system-wide information. */
4246 return task_has_system(current, SYSTEM__IPC_INFO);
4247 case IPC_STAT:
4248 case SHM_STAT:
4249 perms = SHM__GETATTR | SHM__ASSOCIATE;
4250 break;
4251 case IPC_SET:
4252 perms = SHM__SETATTR;
4253 break;
4254 case SHM_LOCK:
4255 case SHM_UNLOCK:
4256 perms = SHM__LOCK;
4257 break;
4258 case IPC_RMID:
4259 perms = SHM__DESTROY;
4260 break;
4261 default:
4262 return 0;
4263 }
4264
4265 err = ipc_has_perm(&shp->shm_perm, perms);
4266 return err;
4267 }
4268
4269 static int selinux_shm_shmat(struct shmid_kernel *shp,
4270 char __user *shmaddr, int shmflg)
4271 {
4272 u32 perms;
4273 int rc;
4274
4275 rc = secondary_ops->shm_shmat(shp, shmaddr, shmflg);
4276 if (rc)
4277 return rc;
4278
4279 if (shmflg & SHM_RDONLY)
4280 perms = SHM__READ;
4281 else
4282 perms = SHM__READ | SHM__WRITE;
4283
4284 return ipc_has_perm(&shp->shm_perm, perms);
4285 }
4286
4287 /* Semaphore security operations */
4288 static int selinux_sem_alloc_security(struct sem_array *sma)
4289 {
4290 struct task_security_struct *tsec;
4291 struct ipc_security_struct *isec;
4292 struct avc_audit_data ad;
4293 int rc;
4294
4295 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
4296 if (rc)
4297 return rc;
4298
4299 tsec = current->security;
4300 isec = sma->sem_perm.security;
4301
4302 AVC_AUDIT_DATA_INIT(&ad, IPC);
4303 ad.u.ipc_id = sma->sem_perm.key;
4304
4305 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM,
4306 SEM__CREATE, &ad);
4307 if (rc) {
4308 ipc_free_security(&sma->sem_perm);
4309 return rc;
4310 }
4311 return 0;
4312 }
4313
4314 static void selinux_sem_free_security(struct sem_array *sma)
4315 {
4316 ipc_free_security(&sma->sem_perm);
4317 }
4318
4319 static int selinux_sem_associate(struct sem_array *sma, int semflg)
4320 {
4321 struct task_security_struct *tsec;
4322 struct ipc_security_struct *isec;
4323 struct avc_audit_data ad;
4324
4325 tsec = current->security;
4326 isec = sma->sem_perm.security;
4327
4328 AVC_AUDIT_DATA_INIT(&ad, IPC);
4329 ad.u.ipc_id = sma->sem_perm.key;
4330
4331 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM,
4332 SEM__ASSOCIATE, &ad);
4333 }
4334
4335 /* Note, at this point, sma is locked down */
4336 static int selinux_sem_semctl(struct sem_array *sma, int cmd)
4337 {
4338 int err;
4339 u32 perms;
4340
4341 switch(cmd) {
4342 case IPC_INFO:
4343 case SEM_INFO:
4344 /* No specific object, just general system-wide information. */
4345 return task_has_system(current, SYSTEM__IPC_INFO);
4346 case GETPID:
4347 case GETNCNT:
4348 case GETZCNT:
4349 perms = SEM__GETATTR;
4350 break;
4351 case GETVAL:
4352 case GETALL:
4353 perms = SEM__READ;
4354 break;
4355 case SETVAL:
4356 case SETALL:
4357 perms = SEM__WRITE;
4358 break;
4359 case IPC_RMID:
4360 perms = SEM__DESTROY;
4361 break;
4362 case IPC_SET:
4363 perms = SEM__SETATTR;
4364 break;
4365 case IPC_STAT:
4366 case SEM_STAT:
4367 perms = SEM__GETATTR | SEM__ASSOCIATE;
4368 break;
4369 default:
4370 return 0;
4371 }
4372
4373 err = ipc_has_perm(&sma->sem_perm, perms);
4374 return err;
4375 }
4376
4377 static int selinux_sem_semop(struct sem_array *sma,
4378 struct sembuf *sops, unsigned nsops, int alter)
4379 {
4380 u32 perms;
4381
4382 if (alter)
4383 perms = SEM__READ | SEM__WRITE;
4384 else
4385 perms = SEM__READ;
4386
4387 return ipc_has_perm(&sma->sem_perm, perms);
4388 }
4389
4390 static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
4391 {
4392 u32 av = 0;
4393
4394 av = 0;
4395 if (flag & S_IRUGO)
4396 av |= IPC__UNIX_READ;
4397 if (flag & S_IWUGO)
4398 av |= IPC__UNIX_WRITE;
4399
4400 if (av == 0)
4401 return 0;
4402
4403 return ipc_has_perm(ipcp, av);
4404 }
4405
4406 /* module stacking operations */
4407 static int selinux_register_security (const char *name, struct security_operations *ops)
4408 {
4409 if (secondary_ops != original_ops) {
4410 printk(KERN_INFO "%s: There is already a secondary security "
4411 "module registered.\n", __FUNCTION__);
4412 return -EINVAL;
4413 }
4414
4415 secondary_ops = ops;
4416
4417 printk(KERN_INFO "%s: Registering secondary module %s\n",
4418 __FUNCTION__,
4419 name);
4420
4421 return 0;
4422 }
4423
4424 static int selinux_unregister_security (const char *name, struct security_operations *ops)
4425 {
4426 if (ops != secondary_ops) {
4427 printk (KERN_INFO "%s: trying to unregister a security module "
4428 "that is not registered.\n", __FUNCTION__);
4429 return -EINVAL;
4430 }
4431
4432 secondary_ops = original_ops;
4433
4434 return 0;
4435 }
4436
4437 static void selinux_d_instantiate (struct dentry *dentry, struct inode *inode)
4438 {
4439 if (inode)
4440 inode_doinit_with_dentry(inode, dentry);
4441 }
4442
4443 static int selinux_getprocattr(struct task_struct *p,
4444 char *name, void *value, size_t size)
4445 {
4446 struct task_security_struct *tsec;
4447 u32 sid;
4448 int error;
4449
4450 if (current != p) {
4451 error = task_has_perm(current, p, PROCESS__GETATTR);
4452 if (error)
4453 return error;
4454 }
4455
4456 tsec = p->security;
4457
4458 if (!strcmp(name, "current"))
4459 sid = tsec->sid;
4460 else if (!strcmp(name, "prev"))
4461 sid = tsec->osid;
4462 else if (!strcmp(name, "exec"))
4463 sid = tsec->exec_sid;
4464 else if (!strcmp(name, "fscreate"))
4465 sid = tsec->create_sid;
4466 else if (!strcmp(name, "keycreate"))
4467 sid = tsec->keycreate_sid;
4468 else if (!strcmp(name, "sockcreate"))
4469 sid = tsec->sockcreate_sid;
4470 else
4471 return -EINVAL;
4472
4473 if (!sid)
4474 return 0;
4475
4476 return selinux_getsecurity(sid, value, size);
4477 }
4478
4479 static int selinux_setprocattr(struct task_struct *p,
4480 char *name, void *value, size_t size)
4481 {
4482 struct task_security_struct *tsec;
4483 u32 sid = 0;
4484 int error;
4485 char *str = value;
4486
4487 if (current != p) {
4488 /* SELinux only allows a process to change its own
4489 security attributes. */
4490 return -EACCES;
4491 }
4492
4493 /*
4494 * Basic control over ability to set these attributes at all.
4495 * current == p, but we'll pass them separately in case the
4496 * above restriction is ever removed.
4497 */
4498 if (!strcmp(name, "exec"))
4499 error = task_has_perm(current, p, PROCESS__SETEXEC);
4500 else if (!strcmp(name, "fscreate"))
4501 error = task_has_perm(current, p, PROCESS__SETFSCREATE);
4502 else if (!strcmp(name, "keycreate"))
4503 error = task_has_perm(current, p, PROCESS__SETKEYCREATE);
4504 else if (!strcmp(name, "sockcreate"))
4505 error = task_has_perm(current, p, PROCESS__SETSOCKCREATE);
4506 else if (!strcmp(name, "current"))
4507 error = task_has_perm(current, p, PROCESS__SETCURRENT);
4508 else
4509 error = -EINVAL;
4510 if (error)
4511 return error;
4512
4513 /* Obtain a SID for the context, if one was specified. */
4514 if (size && str[1] && str[1] != '\n') {
4515 if (str[size-1] == '\n') {
4516 str[size-1] = 0;
4517 size--;
4518 }
4519 error = security_context_to_sid(value, size, &sid);
4520 if (error)
4521 return error;
4522 }
4523
4524 /* Permission checking based on the specified context is
4525 performed during the actual operation (execve,
4526 open/mkdir/...), when we know the full context of the
4527 operation. See selinux_bprm_set_security for the execve
4528 checks and may_create for the file creation checks. The
4529 operation will then fail if the context is not permitted. */
4530 tsec = p->security;
4531 if (!strcmp(name, "exec"))
4532 tsec->exec_sid = sid;
4533 else if (!strcmp(name, "fscreate"))
4534 tsec->create_sid = sid;
4535 else if (!strcmp(name, "keycreate")) {
4536 error = may_create_key(sid, p);
4537 if (error)
4538 return error;
4539 tsec->keycreate_sid = sid;
4540 } else if (!strcmp(name, "sockcreate"))
4541 tsec->sockcreate_sid = sid;
4542 else if (!strcmp(name, "current")) {
4543 struct av_decision avd;
4544
4545 if (sid == 0)
4546 return -EINVAL;
4547
4548 /* Only allow single threaded processes to change context */
4549 if (atomic_read(&p->mm->mm_users) != 1) {
4550 struct task_struct *g, *t;
4551 struct mm_struct *mm = p->mm;
4552 read_lock(&tasklist_lock);
4553 do_each_thread(g, t)
4554 if (t->mm == mm && t != p) {
4555 read_unlock(&tasklist_lock);
4556 return -EPERM;
4557 }
4558 while_each_thread(g, t);
4559 read_unlock(&tasklist_lock);
4560 }
4561
4562 /* Check permissions for the transition. */
4563 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
4564 PROCESS__DYNTRANSITION, NULL);
4565 if (error)
4566 return error;
4567
4568 /* Check for ptracing, and update the task SID if ok.
4569 Otherwise, leave SID unchanged and fail. */
4570 task_lock(p);
4571 if (p->ptrace & PT_PTRACED) {
4572 error = avc_has_perm_noaudit(tsec->ptrace_sid, sid,
4573 SECCLASS_PROCESS,
4574 PROCESS__PTRACE, &avd);
4575 if (!error)
4576 tsec->sid = sid;
4577 task_unlock(p);
4578 avc_audit(tsec->ptrace_sid, sid, SECCLASS_PROCESS,
4579 PROCESS__PTRACE, &avd, error, NULL);
4580 if (error)
4581 return error;
4582 } else {
4583 tsec->sid = sid;
4584 task_unlock(p);
4585 }
4586 }
4587 else
4588 return -EINVAL;
4589
4590 return size;
4591 }
4592
4593 static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4594 {
4595 return security_sid_to_context(secid, secdata, seclen);
4596 }
4597
4598 static void selinux_release_secctx(char *secdata, u32 seclen)
4599 {
4600 if (secdata)
4601 kfree(secdata);
4602 }
4603
4604 #ifdef CONFIG_KEYS
4605
4606 static int selinux_key_alloc(struct key *k, struct task_struct *tsk,
4607 unsigned long flags)
4608 {
4609 struct task_security_struct *tsec = tsk->security;
4610 struct key_security_struct *ksec;
4611
4612 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
4613 if (!ksec)
4614 return -ENOMEM;
4615
4616 ksec->obj = k;
4617 if (tsec->keycreate_sid)
4618 ksec->sid = tsec->keycreate_sid;
4619 else
4620 ksec->sid = tsec->sid;
4621 k->security = ksec;
4622
4623 return 0;
4624 }
4625
4626 static void selinux_key_free(struct key *k)
4627 {
4628 struct key_security_struct *ksec = k->security;
4629
4630 k->security = NULL;
4631 kfree(ksec);
4632 }
4633
4634 static int selinux_key_permission(key_ref_t key_ref,
4635 struct task_struct *ctx,
4636 key_perm_t perm)
4637 {
4638 struct key *key;
4639 struct task_security_struct *tsec;
4640 struct key_security_struct *ksec;
4641
4642 key = key_ref_to_ptr(key_ref);
4643
4644 tsec = ctx->security;
4645 ksec = key->security;
4646
4647 /* if no specific permissions are requested, we skip the
4648 permission check. No serious, additional covert channels
4649 appear to be created. */
4650 if (perm == 0)
4651 return 0;
4652
4653 return avc_has_perm(tsec->sid, ksec->sid,
4654 SECCLASS_KEY, perm, NULL);
4655 }
4656
4657 #endif
4658
4659 static struct security_operations selinux_ops = {
4660 .ptrace = selinux_ptrace,
4661 .capget = selinux_capget,
4662 .capset_check = selinux_capset_check,
4663 .capset_set = selinux_capset_set,
4664 .sysctl = selinux_sysctl,
4665 .capable = selinux_capable,
4666 .quotactl = selinux_quotactl,
4667 .quota_on = selinux_quota_on,
4668 .syslog = selinux_syslog,
4669 .vm_enough_memory = selinux_vm_enough_memory,
4670
4671 .netlink_send = selinux_netlink_send,
4672 .netlink_recv = selinux_netlink_recv,
4673
4674 .bprm_alloc_security = selinux_bprm_alloc_security,
4675 .bprm_free_security = selinux_bprm_free_security,
4676 .bprm_apply_creds = selinux_bprm_apply_creds,
4677 .bprm_post_apply_creds = selinux_bprm_post_apply_creds,
4678 .bprm_set_security = selinux_bprm_set_security,
4679 .bprm_check_security = selinux_bprm_check_security,
4680 .bprm_secureexec = selinux_bprm_secureexec,
4681
4682 .sb_alloc_security = selinux_sb_alloc_security,
4683 .sb_free_security = selinux_sb_free_security,
4684 .sb_copy_data = selinux_sb_copy_data,
4685 .sb_kern_mount = selinux_sb_kern_mount,
4686 .sb_statfs = selinux_sb_statfs,
4687 .sb_mount = selinux_mount,
4688 .sb_umount = selinux_umount,
4689
4690 .inode_alloc_security = selinux_inode_alloc_security,
4691 .inode_free_security = selinux_inode_free_security,
4692 .inode_init_security = selinux_inode_init_security,
4693 .inode_create = selinux_inode_create,
4694 .inode_link = selinux_inode_link,
4695 .inode_unlink = selinux_inode_unlink,
4696 .inode_symlink = selinux_inode_symlink,
4697 .inode_mkdir = selinux_inode_mkdir,
4698 .inode_rmdir = selinux_inode_rmdir,
4699 .inode_mknod = selinux_inode_mknod,
4700 .inode_rename = selinux_inode_rename,
4701 .inode_readlink = selinux_inode_readlink,
4702 .inode_follow_link = selinux_inode_follow_link,
4703 .inode_permission = selinux_inode_permission,
4704 .inode_setattr = selinux_inode_setattr,
4705 .inode_getattr = selinux_inode_getattr,
4706 .inode_setxattr = selinux_inode_setxattr,
4707 .inode_post_setxattr = selinux_inode_post_setxattr,
4708 .inode_getxattr = selinux_inode_getxattr,
4709 .inode_listxattr = selinux_inode_listxattr,
4710 .inode_removexattr = selinux_inode_removexattr,
4711 .inode_xattr_getsuffix = selinux_inode_xattr_getsuffix,
4712 .inode_getsecurity = selinux_inode_getsecurity,
4713 .inode_setsecurity = selinux_inode_setsecurity,
4714 .inode_listsecurity = selinux_inode_listsecurity,
4715
4716 .file_permission = selinux_file_permission,
4717 .file_alloc_security = selinux_file_alloc_security,
4718 .file_free_security = selinux_file_free_security,
4719 .file_ioctl = selinux_file_ioctl,
4720 .file_mmap = selinux_file_mmap,
4721 .file_mprotect = selinux_file_mprotect,
4722 .file_lock = selinux_file_lock,
4723 .file_fcntl = selinux_file_fcntl,
4724 .file_set_fowner = selinux_file_set_fowner,
4725 .file_send_sigiotask = selinux_file_send_sigiotask,
4726 .file_receive = selinux_file_receive,
4727
4728 .task_create = selinux_task_create,
4729 .task_alloc_security = selinux_task_alloc_security,
4730 .task_free_security = selinux_task_free_security,
4731 .task_setuid = selinux_task_setuid,
4732 .task_post_setuid = selinux_task_post_setuid,
4733 .task_setgid = selinux_task_setgid,
4734 .task_setpgid = selinux_task_setpgid,
4735 .task_getpgid = selinux_task_getpgid,
4736 .task_getsid = selinux_task_getsid,
4737 .task_getsecid = selinux_task_getsecid,
4738 .task_setgroups = selinux_task_setgroups,
4739 .task_setnice = selinux_task_setnice,
4740 .task_setioprio = selinux_task_setioprio,
4741 .task_getioprio = selinux_task_getioprio,
4742 .task_setrlimit = selinux_task_setrlimit,
4743 .task_setscheduler = selinux_task_setscheduler,
4744 .task_getscheduler = selinux_task_getscheduler,
4745 .task_movememory = selinux_task_movememory,
4746 .task_kill = selinux_task_kill,
4747 .task_wait = selinux_task_wait,
4748 .task_prctl = selinux_task_prctl,
4749 .task_reparent_to_init = selinux_task_reparent_to_init,
4750 .task_to_inode = selinux_task_to_inode,
4751
4752 .ipc_permission = selinux_ipc_permission,
4753
4754 .msg_msg_alloc_security = selinux_msg_msg_alloc_security,
4755 .msg_msg_free_security = selinux_msg_msg_free_security,
4756
4757 .msg_queue_alloc_security = selinux_msg_queue_alloc_security,
4758 .msg_queue_free_security = selinux_msg_queue_free_security,
4759 .msg_queue_associate = selinux_msg_queue_associate,
4760 .msg_queue_msgctl = selinux_msg_queue_msgctl,
4761 .msg_queue_msgsnd = selinux_msg_queue_msgsnd,
4762 .msg_queue_msgrcv = selinux_msg_queue_msgrcv,
4763
4764 .shm_alloc_security = selinux_shm_alloc_security,
4765 .shm_free_security = selinux_shm_free_security,
4766 .shm_associate = selinux_shm_associate,
4767 .shm_shmctl = selinux_shm_shmctl,
4768 .shm_shmat = selinux_shm_shmat,
4769
4770 .sem_alloc_security = selinux_sem_alloc_security,
4771 .sem_free_security = selinux_sem_free_security,
4772 .sem_associate = selinux_sem_associate,
4773 .sem_semctl = selinux_sem_semctl,
4774 .sem_semop = selinux_sem_semop,
4775
4776 .register_security = selinux_register_security,
4777 .unregister_security = selinux_unregister_security,
4778
4779 .d_instantiate = selinux_d_instantiate,
4780
4781 .getprocattr = selinux_getprocattr,
4782 .setprocattr = selinux_setprocattr,
4783
4784 .secid_to_secctx = selinux_secid_to_secctx,
4785 .release_secctx = selinux_release_secctx,
4786
4787 .unix_stream_connect = selinux_socket_unix_stream_connect,
4788 .unix_may_send = selinux_socket_unix_may_send,
4789
4790 .socket_create = selinux_socket_create,
4791 .socket_post_create = selinux_socket_post_create,
4792 .socket_bind = selinux_socket_bind,
4793 .socket_connect = selinux_socket_connect,
4794 .socket_listen = selinux_socket_listen,
4795 .socket_accept = selinux_socket_accept,
4796 .socket_sendmsg = selinux_socket_sendmsg,
4797 .socket_recvmsg = selinux_socket_recvmsg,
4798 .socket_getsockname = selinux_socket_getsockname,
4799 .socket_getpeername = selinux_socket_getpeername,
4800 .socket_getsockopt = selinux_socket_getsockopt,
4801 .socket_setsockopt = selinux_socket_setsockopt,
4802 .socket_shutdown = selinux_socket_shutdown,
4803 .socket_sock_rcv_skb = selinux_socket_sock_rcv_skb,
4804 .socket_getpeersec_stream = selinux_socket_getpeersec_stream,
4805 .socket_getpeersec_dgram = selinux_socket_getpeersec_dgram,
4806 .sk_alloc_security = selinux_sk_alloc_security,
4807 .sk_free_security = selinux_sk_free_security,
4808 .sk_clone_security = selinux_sk_clone_security,
4809 .sk_getsecid = selinux_sk_getsecid,
4810 .sock_graft = selinux_sock_graft,
4811 .inet_conn_request = selinux_inet_conn_request,
4812 .inet_csk_clone = selinux_inet_csk_clone,
4813 .inet_conn_established = selinux_inet_conn_established,
4814 .req_classify_flow = selinux_req_classify_flow,
4815
4816 #ifdef CONFIG_SECURITY_NETWORK_XFRM
4817 .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc,
4818 .xfrm_policy_clone_security = selinux_xfrm_policy_clone,
4819 .xfrm_policy_free_security = selinux_xfrm_policy_free,
4820 .xfrm_policy_delete_security = selinux_xfrm_policy_delete,
4821 .xfrm_state_alloc_security = selinux_xfrm_state_alloc,
4822 .xfrm_state_free_security = selinux_xfrm_state_free,
4823 .xfrm_state_delete_security = selinux_xfrm_state_delete,
4824 .xfrm_policy_lookup = selinux_xfrm_policy_lookup,
4825 .xfrm_state_pol_flow_match = selinux_xfrm_state_pol_flow_match,
4826 .xfrm_decode_session = selinux_xfrm_decode_session,
4827 #endif
4828
4829 #ifdef CONFIG_KEYS
4830 .key_alloc = selinux_key_alloc,
4831 .key_free = selinux_key_free,
4832 .key_permission = selinux_key_permission,
4833 #endif
4834 };
4835
4836 static __init int selinux_init(void)
4837 {
4838 struct task_security_struct *tsec;
4839
4840 if (!selinux_enabled) {
4841 printk(KERN_INFO "SELinux: Disabled at boot.\n");
4842 return 0;
4843 }
4844
4845 printk(KERN_INFO "SELinux: Initializing.\n");
4846
4847 /* Set the security state for the initial task. */
4848 if (task_alloc_security(current))
4849 panic("SELinux: Failed to initialize initial task.\n");
4850 tsec = current->security;
4851 tsec->osid = tsec->sid = SECINITSID_KERNEL;
4852
4853 sel_inode_cache = kmem_cache_create("selinux_inode_security",
4854 sizeof(struct inode_security_struct),
4855 0, SLAB_PANIC, NULL, NULL);
4856 avc_init();
4857
4858 original_ops = secondary_ops = security_ops;
4859 if (!secondary_ops)
4860 panic ("SELinux: No initial security operations\n");
4861 if (register_security (&selinux_ops))
4862 panic("SELinux: Unable to register with kernel.\n");
4863
4864 if (selinux_enforcing) {
4865 printk(KERN_INFO "SELinux: Starting in enforcing mode\n");
4866 } else {
4867 printk(KERN_INFO "SELinux: Starting in permissive mode\n");
4868 }
4869
4870 #ifdef CONFIG_KEYS
4871 /* Add security information to initial keyrings */
4872 selinux_key_alloc(&root_user_keyring, current,
4873 KEY_ALLOC_NOT_IN_QUOTA);
4874 selinux_key_alloc(&root_session_keyring, current,
4875 KEY_ALLOC_NOT_IN_QUOTA);
4876 #endif
4877
4878 return 0;
4879 }
4880
4881 void selinux_complete_init(void)
4882 {
4883 printk(KERN_INFO "SELinux: Completing initialization.\n");
4884
4885 /* Set up any superblocks initialized prior to the policy load. */
4886 printk(KERN_INFO "SELinux: Setting up existing superblocks.\n");
4887 spin_lock(&sb_lock);
4888 spin_lock(&sb_security_lock);
4889 next_sb:
4890 if (!list_empty(&superblock_security_head)) {
4891 struct superblock_security_struct *sbsec =
4892 list_entry(superblock_security_head.next,
4893 struct superblock_security_struct,
4894 list);
4895 struct super_block *sb = sbsec->sb;
4896 sb->s_count++;
4897 spin_unlock(&sb_security_lock);
4898 spin_unlock(&sb_lock);
4899 down_read(&sb->s_umount);
4900 if (sb->s_root)
4901 superblock_doinit(sb, NULL);
4902 drop_super(sb);
4903 spin_lock(&sb_lock);
4904 spin_lock(&sb_security_lock);
4905 list_del_init(&sbsec->list);
4906 goto next_sb;
4907 }
4908 spin_unlock(&sb_security_lock);
4909 spin_unlock(&sb_lock);
4910 }
4911
4912 /* SELinux requires early initialization in order to label
4913 all processes and objects when they are created. */
4914 security_initcall(selinux_init);
4915
4916 #if defined(CONFIG_NETFILTER)
4917
4918 static struct nf_hook_ops selinux_ipv4_op = {
4919 .hook = selinux_ipv4_postroute_last,
4920 .owner = THIS_MODULE,
4921 .pf = PF_INET,
4922 .hooknum = NF_IP_POST_ROUTING,
4923 .priority = NF_IP_PRI_SELINUX_LAST,
4924 };
4925
4926 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4927
4928 static struct nf_hook_ops selinux_ipv6_op = {
4929 .hook = selinux_ipv6_postroute_last,
4930 .owner = THIS_MODULE,
4931 .pf = PF_INET6,
4932 .hooknum = NF_IP6_POST_ROUTING,
4933 .priority = NF_IP6_PRI_SELINUX_LAST,
4934 };
4935
4936 #endif /* IPV6 */
4937
4938 static int __init selinux_nf_ip_init(void)
4939 {
4940 int err = 0;
4941
4942 if (!selinux_enabled)
4943 goto out;
4944
4945 printk(KERN_INFO "SELinux: Registering netfilter hooks\n");
4946
4947 err = nf_register_hook(&selinux_ipv4_op);
4948 if (err)
4949 panic("SELinux: nf_register_hook for IPv4: error %d\n", err);
4950
4951 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4952
4953 err = nf_register_hook(&selinux_ipv6_op);
4954 if (err)
4955 panic("SELinux: nf_register_hook for IPv6: error %d\n", err);
4956
4957 #endif /* IPV6 */
4958
4959 out:
4960 return err;
4961 }
4962
4963 __initcall(selinux_nf_ip_init);
4964
4965 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
4966 static void selinux_nf_ip_exit(void)
4967 {
4968 printk(KERN_INFO "SELinux: Unregistering netfilter hooks\n");
4969
4970 nf_unregister_hook(&selinux_ipv4_op);
4971 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4972 nf_unregister_hook(&selinux_ipv6_op);
4973 #endif /* IPV6 */
4974 }
4975 #endif
4976
4977 #else /* CONFIG_NETFILTER */
4978
4979 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
4980 #define selinux_nf_ip_exit()
4981 #endif
4982
4983 #endif /* CONFIG_NETFILTER */
4984
4985 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
4986 int selinux_disable(void)
4987 {
4988 extern void exit_sel_fs(void);
4989 static int selinux_disabled = 0;
4990
4991 if (ss_initialized) {
4992 /* Not permitted after initial policy load. */
4993 return -EINVAL;
4994 }
4995
4996 if (selinux_disabled) {
4997 /* Only do this once. */
4998 return -EINVAL;
4999 }
5000
5001 printk(KERN_INFO "SELinux: Disabled at runtime.\n");
5002
5003 selinux_disabled = 1;
5004 selinux_enabled = 0;
5005
5006 /* Reset security_ops to the secondary module, dummy or capability. */
5007 security_ops = secondary_ops;
5008
5009 /* Unregister netfilter hooks. */
5010 selinux_nf_ip_exit();
5011
5012 /* Unregister selinuxfs. */
5013 exit_sel_fs();
5014
5015 return 0;
5016 }
5017 #endif
5018
5019
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree