18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-only 28c2ecf20Sopenharmony_ci/* 38c2ecf20Sopenharmony_ci * Netlink event notifications for SELinux. 48c2ecf20Sopenharmony_ci * 58c2ecf20Sopenharmony_ci * Author: James Morris <jmorris@redhat.com> 68c2ecf20Sopenharmony_ci * 78c2ecf20Sopenharmony_ci * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 88c2ecf20Sopenharmony_ci */ 98c2ecf20Sopenharmony_ci#include <linux/init.h> 108c2ecf20Sopenharmony_ci#include <linux/types.h> 118c2ecf20Sopenharmony_ci#include <linux/slab.h> 128c2ecf20Sopenharmony_ci#include <linux/stddef.h> 138c2ecf20Sopenharmony_ci#include <linux/kernel.h> 148c2ecf20Sopenharmony_ci#include <linux/export.h> 158c2ecf20Sopenharmony_ci#include <linux/skbuff.h> 168c2ecf20Sopenharmony_ci#include <linux/selinux_netlink.h> 178c2ecf20Sopenharmony_ci#include <net/net_namespace.h> 188c2ecf20Sopenharmony_ci#include <net/netlink.h> 198c2ecf20Sopenharmony_ci 208c2ecf20Sopenharmony_ci#include "security.h" 218c2ecf20Sopenharmony_ci 228c2ecf20Sopenharmony_cistatic struct sock *selnl; 238c2ecf20Sopenharmony_ci 248c2ecf20Sopenharmony_cistatic int selnl_msglen(int msgtype) 258c2ecf20Sopenharmony_ci{ 268c2ecf20Sopenharmony_ci int ret = 0; 278c2ecf20Sopenharmony_ci 288c2ecf20Sopenharmony_ci switch (msgtype) { 298c2ecf20Sopenharmony_ci case SELNL_MSG_SETENFORCE: 308c2ecf20Sopenharmony_ci ret = sizeof(struct selnl_msg_setenforce); 318c2ecf20Sopenharmony_ci break; 328c2ecf20Sopenharmony_ci 338c2ecf20Sopenharmony_ci case SELNL_MSG_POLICYLOAD: 348c2ecf20Sopenharmony_ci ret = sizeof(struct selnl_msg_policyload); 358c2ecf20Sopenharmony_ci break; 368c2ecf20Sopenharmony_ci 378c2ecf20Sopenharmony_ci default: 388c2ecf20Sopenharmony_ci BUG(); 398c2ecf20Sopenharmony_ci } 408c2ecf20Sopenharmony_ci return ret; 418c2ecf20Sopenharmony_ci} 428c2ecf20Sopenharmony_ci 438c2ecf20Sopenharmony_cistatic void selnl_add_payload(struct nlmsghdr *nlh, int len, int msgtype, void *data) 448c2ecf20Sopenharmony_ci{ 458c2ecf20Sopenharmony_ci switch (msgtype) { 468c2ecf20Sopenharmony_ci case SELNL_MSG_SETENFORCE: { 478c2ecf20Sopenharmony_ci struct selnl_msg_setenforce *msg = nlmsg_data(nlh); 488c2ecf20Sopenharmony_ci 498c2ecf20Sopenharmony_ci memset(msg, 0, len); 508c2ecf20Sopenharmony_ci msg->val = *((int *)data); 518c2ecf20Sopenharmony_ci break; 528c2ecf20Sopenharmony_ci } 538c2ecf20Sopenharmony_ci 548c2ecf20Sopenharmony_ci case SELNL_MSG_POLICYLOAD: { 558c2ecf20Sopenharmony_ci struct selnl_msg_policyload *msg = nlmsg_data(nlh); 568c2ecf20Sopenharmony_ci 578c2ecf20Sopenharmony_ci memset(msg, 0, len); 588c2ecf20Sopenharmony_ci msg->seqno = *((u32 *)data); 598c2ecf20Sopenharmony_ci break; 608c2ecf20Sopenharmony_ci } 618c2ecf20Sopenharmony_ci 628c2ecf20Sopenharmony_ci default: 638c2ecf20Sopenharmony_ci BUG(); 648c2ecf20Sopenharmony_ci } 658c2ecf20Sopenharmony_ci} 668c2ecf20Sopenharmony_ci 678c2ecf20Sopenharmony_cistatic void selnl_notify(int msgtype, void *data) 688c2ecf20Sopenharmony_ci{ 698c2ecf20Sopenharmony_ci int len; 708c2ecf20Sopenharmony_ci sk_buff_data_t tmp; 718c2ecf20Sopenharmony_ci struct sk_buff *skb; 728c2ecf20Sopenharmony_ci struct nlmsghdr *nlh; 738c2ecf20Sopenharmony_ci 748c2ecf20Sopenharmony_ci len = selnl_msglen(msgtype); 758c2ecf20Sopenharmony_ci 768c2ecf20Sopenharmony_ci skb = nlmsg_new(len, GFP_USER); 778c2ecf20Sopenharmony_ci if (!skb) 788c2ecf20Sopenharmony_ci goto oom; 798c2ecf20Sopenharmony_ci 808c2ecf20Sopenharmony_ci tmp = skb->tail; 818c2ecf20Sopenharmony_ci nlh = nlmsg_put(skb, 0, 0, msgtype, len, 0); 828c2ecf20Sopenharmony_ci if (!nlh) 838c2ecf20Sopenharmony_ci goto out_kfree_skb; 848c2ecf20Sopenharmony_ci selnl_add_payload(nlh, len, msgtype, data); 858c2ecf20Sopenharmony_ci nlh->nlmsg_len = skb->tail - tmp; 868c2ecf20Sopenharmony_ci NETLINK_CB(skb).dst_group = SELNLGRP_AVC; 878c2ecf20Sopenharmony_ci netlink_broadcast(selnl, skb, 0, SELNLGRP_AVC, GFP_USER); 888c2ecf20Sopenharmony_ciout: 898c2ecf20Sopenharmony_ci return; 908c2ecf20Sopenharmony_ci 918c2ecf20Sopenharmony_ciout_kfree_skb: 928c2ecf20Sopenharmony_ci kfree_skb(skb); 938c2ecf20Sopenharmony_cioom: 948c2ecf20Sopenharmony_ci pr_err("SELinux: OOM in %s\n", __func__); 958c2ecf20Sopenharmony_ci goto out; 968c2ecf20Sopenharmony_ci} 978c2ecf20Sopenharmony_ci 988c2ecf20Sopenharmony_civoid selnl_notify_setenforce(int val) 998c2ecf20Sopenharmony_ci{ 1008c2ecf20Sopenharmony_ci selnl_notify(SELNL_MSG_SETENFORCE, &val); 1018c2ecf20Sopenharmony_ci} 1028c2ecf20Sopenharmony_ci 1038c2ecf20Sopenharmony_civoid selnl_notify_policyload(u32 seqno) 1048c2ecf20Sopenharmony_ci{ 1058c2ecf20Sopenharmony_ci selnl_notify(SELNL_MSG_POLICYLOAD, &seqno); 1068c2ecf20Sopenharmony_ci} 1078c2ecf20Sopenharmony_ci 1088c2ecf20Sopenharmony_cistatic int __init selnl_init(void) 1098c2ecf20Sopenharmony_ci{ 1108c2ecf20Sopenharmony_ci struct netlink_kernel_cfg cfg = { 1118c2ecf20Sopenharmony_ci .groups = SELNLGRP_MAX, 1128c2ecf20Sopenharmony_ci .flags = NL_CFG_F_NONROOT_RECV, 1138c2ecf20Sopenharmony_ci }; 1148c2ecf20Sopenharmony_ci 1158c2ecf20Sopenharmony_ci selnl = netlink_kernel_create(&init_net, NETLINK_SELINUX, &cfg); 1168c2ecf20Sopenharmony_ci if (selnl == NULL) 1178c2ecf20Sopenharmony_ci panic("SELinux: Cannot create netlink socket."); 1188c2ecf20Sopenharmony_ci return 0; 1198c2ecf20Sopenharmony_ci} 1208c2ecf20Sopenharmony_ci 1218c2ecf20Sopenharmony_ci__initcall(selnl_init); 122