1// SPDX-License-Identifier: GPL-2.0-only 2/* Updated: Karl MacMillan <kmacmillan@tresys.com> 3 * 4 * Added conditional policy language extensions 5 * 6 * Updated: Hewlett-Packard <paul@paul-moore.com> 7 * 8 * Added support for the policy capability bitmap 9 * 10 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 11 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 12 * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 13 */ 14 15#include <linux/kernel.h> 16#include <linux/pagemap.h> 17#include <linux/slab.h> 18#include <linux/vmalloc.h> 19#include <linux/fs.h> 20#include <linux/fs_context.h> 21#include <linux/mount.h> 22#include <linux/mutex.h> 23#include <linux/namei.h> 24#include <linux/init.h> 25#include <linux/string.h> 26#include <linux/security.h> 27#include <linux/major.h> 28#include <linux/seq_file.h> 29#include <linux/percpu.h> 30#include <linux/audit.h> 31#include <linux/uaccess.h> 32#include <linux/kobject.h> 33#include <linux/ctype.h> 34 35/* selinuxfs pseudo filesystem for exporting the security policy API. 36 Based on the proc code and the fs/nfsd/nfsctl.c code. */ 37 38#include "flask.h" 39#include "avc.h" 40#include "avc_ss.h" 41#include "security.h" 42#include "objsec.h" 43#include "conditional.h" 44 45enum sel_inos { 46 SEL_ROOT_INO = 2, 47 SEL_LOAD, /* load policy */ 48 SEL_ENFORCE, /* get or set enforcing status */ 49 SEL_CONTEXT, /* validate context */ 50 SEL_ACCESS, /* compute access decision */ 51 SEL_CREATE, /* compute create labeling decision */ 52 SEL_RELABEL, /* compute relabeling decision */ 53 SEL_USER, /* compute reachable user contexts */ 54 SEL_POLICYVERS, /* return policy version for this kernel */ 55 SEL_COMMIT_BOOLS, /* commit new boolean values */ 56 SEL_MLS, /* return if MLS policy is enabled */ 57 SEL_DISABLE, /* disable SELinux until next reboot */ 58 SEL_MEMBER, /* compute polyinstantiation membership decision */ 59 SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */ 60 SEL_COMPAT_NET, /* whether to use old compat network packet controls */ 61 SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */ 62 SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */ 63 SEL_STATUS, /* export current status using mmap() */ 64 SEL_POLICY, /* allow userspace to read the in kernel policy */ 65 SEL_VALIDATE_TRANS, /* compute validatetrans decision */ 66 SEL_INO_NEXT, /* The next inode number to use */ 67}; 68 69struct selinux_fs_info { 70 struct dentry *bool_dir; 71 unsigned int bool_num; 72 char **bool_pending_names; 73 unsigned int *bool_pending_values; 74 struct dentry *class_dir; 75 unsigned long last_class_ino; 76 bool policy_opened; 77 struct dentry *policycap_dir; 78 unsigned long last_ino; 79 struct selinux_state *state; 80 struct super_block *sb; 81}; 82 83static int selinux_fs_info_create(struct super_block *sb) 84{ 85 struct selinux_fs_info *fsi; 86 87 fsi = kzalloc(sizeof(*fsi), GFP_KERNEL); 88 if (!fsi) 89 return -ENOMEM; 90 91 fsi->last_ino = SEL_INO_NEXT - 1; 92 fsi->state = &selinux_state; 93 fsi->sb = sb; 94 sb->s_fs_info = fsi; 95 return 0; 96} 97 98static void selinux_fs_info_free(struct super_block *sb) 99{ 100 struct selinux_fs_info *fsi = sb->s_fs_info; 101 int i; 102 103 if (fsi) { 104 for (i = 0; i < fsi->bool_num; i++) 105 kfree(fsi->bool_pending_names[i]); 106 kfree(fsi->bool_pending_names); 107 kfree(fsi->bool_pending_values); 108 } 109 kfree(sb->s_fs_info); 110 sb->s_fs_info = NULL; 111} 112 113#define SEL_INITCON_INO_OFFSET 0x01000000 114#define SEL_BOOL_INO_OFFSET 0x02000000 115#define SEL_CLASS_INO_OFFSET 0x04000000 116#define SEL_POLICYCAP_INO_OFFSET 0x08000000 117#define SEL_INO_MASK 0x00ffffff 118 119#define BOOL_DIR_NAME "booleans" 120#define CLASS_DIR_NAME "class" 121#define POLICYCAP_DIR_NAME "policy_capabilities" 122 123#define TMPBUFLEN 12 124static ssize_t sel_read_enforce(struct file *filp, char __user *buf, 125 size_t count, loff_t *ppos) 126{ 127 struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info; 128 char tmpbuf[TMPBUFLEN]; 129 ssize_t length; 130 131 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", 132 enforcing_enabled(fsi->state)); 133 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 134} 135 136#ifdef CONFIG_SECURITY_SELINUX_DEVELOP 137static ssize_t sel_write_enforce(struct file *file, const char __user *buf, 138 size_t count, loff_t *ppos) 139 140{ 141 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 142 struct selinux_state *state = fsi->state; 143 char *page = NULL; 144 ssize_t length; 145 int old_value, new_value; 146 147 if (count >= PAGE_SIZE) 148 return -ENOMEM; 149 150 /* No partial writes. */ 151 if (*ppos != 0) 152 return -EINVAL; 153 154 page = memdup_user_nul(buf, count); 155 if (IS_ERR(page)) 156 return PTR_ERR(page); 157 158 length = -EINVAL; 159 if (sscanf(page, "%d", &new_value) != 1) 160 goto out; 161 162 new_value = !!new_value; 163 164 old_value = enforcing_enabled(state); 165 if (new_value != old_value) { 166 length = avc_has_perm(&selinux_state, 167 current_sid(), SECINITSID_SECURITY, 168 SECCLASS_SECURITY, SECURITY__SETENFORCE, 169 NULL); 170 if (length) 171 goto out; 172 audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS, 173 "enforcing=%d old_enforcing=%d auid=%u ses=%u" 174 " enabled=1 old-enabled=1 lsm=selinux res=1", 175 new_value, old_value, 176 from_kuid(&init_user_ns, audit_get_loginuid(current)), 177 audit_get_sessionid(current)); 178 enforcing_set(state, new_value); 179 if (new_value) 180 avc_ss_reset(state->avc, 0); 181 selnl_notify_setenforce(new_value); 182 selinux_status_update_setenforce(state, new_value); 183 if (!new_value) 184 call_blocking_lsm_notifier(LSM_POLICY_CHANGE, NULL); 185 } 186 length = count; 187out: 188 kfree(page); 189 return length; 190} 191#else 192#define sel_write_enforce NULL 193#endif 194 195static const struct file_operations sel_enforce_ops = { 196 .read = sel_read_enforce, 197 .write = sel_write_enforce, 198 .llseek = generic_file_llseek, 199}; 200 201static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf, 202 size_t count, loff_t *ppos) 203{ 204 struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info; 205 struct selinux_state *state = fsi->state; 206 char tmpbuf[TMPBUFLEN]; 207 ssize_t length; 208 ino_t ino = file_inode(filp)->i_ino; 209 int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ? 210 security_get_reject_unknown(state) : 211 !security_get_allow_unknown(state); 212 213 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown); 214 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 215} 216 217static const struct file_operations sel_handle_unknown_ops = { 218 .read = sel_read_handle_unknown, 219 .llseek = generic_file_llseek, 220}; 221 222static int sel_open_handle_status(struct inode *inode, struct file *filp) 223{ 224 struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info; 225 struct page *status = selinux_kernel_status_page(fsi->state); 226 227 if (!status) 228 return -ENOMEM; 229 230 filp->private_data = status; 231 232 return 0; 233} 234 235static ssize_t sel_read_handle_status(struct file *filp, char __user *buf, 236 size_t count, loff_t *ppos) 237{ 238 struct page *status = filp->private_data; 239 240 BUG_ON(!status); 241 242 return simple_read_from_buffer(buf, count, ppos, 243 page_address(status), 244 sizeof(struct selinux_kernel_status)); 245} 246 247static int sel_mmap_handle_status(struct file *filp, 248 struct vm_area_struct *vma) 249{ 250 struct page *status = filp->private_data; 251 unsigned long size = vma->vm_end - vma->vm_start; 252 253 BUG_ON(!status); 254 255 /* only allows one page from the head */ 256 if (vma->vm_pgoff > 0 || size != PAGE_SIZE) 257 return -EIO; 258 /* disallow writable mapping */ 259 if (vma->vm_flags & VM_WRITE) 260 return -EPERM; 261 /* disallow mprotect() turns it into writable */ 262 vma->vm_flags &= ~VM_MAYWRITE; 263 264 return remap_pfn_range(vma, vma->vm_start, 265 page_to_pfn(status), 266 size, vma->vm_page_prot); 267} 268 269static const struct file_operations sel_handle_status_ops = { 270 .open = sel_open_handle_status, 271 .read = sel_read_handle_status, 272 .mmap = sel_mmap_handle_status, 273 .llseek = generic_file_llseek, 274}; 275 276#ifdef CONFIG_SECURITY_SELINUX_DISABLE 277static ssize_t sel_write_disable(struct file *file, const char __user *buf, 278 size_t count, loff_t *ppos) 279 280{ 281 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 282 char *page; 283 ssize_t length; 284 int new_value; 285 int enforcing; 286 287 /* NOTE: we are now officially considering runtime disable as 288 * deprecated, and using it will become increasingly painful 289 * (e.g. sleeping/blocking) as we progress through future 290 * kernel releases until eventually it is removed 291 */ 292 pr_err("SELinux: Runtime disable is deprecated, use selinux=0 on the kernel cmdline.\n"); 293 294 if (count >= PAGE_SIZE) 295 return -ENOMEM; 296 297 /* No partial writes. */ 298 if (*ppos != 0) 299 return -EINVAL; 300 301 page = memdup_user_nul(buf, count); 302 if (IS_ERR(page)) 303 return PTR_ERR(page); 304 305 length = -EINVAL; 306 if (sscanf(page, "%d", &new_value) != 1) 307 goto out; 308 309 if (new_value) { 310 enforcing = enforcing_enabled(fsi->state); 311 length = selinux_disable(fsi->state); 312 if (length) 313 goto out; 314 audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS, 315 "enforcing=%d old_enforcing=%d auid=%u ses=%u" 316 " enabled=0 old-enabled=1 lsm=selinux res=1", 317 enforcing, enforcing, 318 from_kuid(&init_user_ns, audit_get_loginuid(current)), 319 audit_get_sessionid(current)); 320 } 321 322 length = count; 323out: 324 kfree(page); 325 return length; 326} 327#else 328#define sel_write_disable NULL 329#endif 330 331static const struct file_operations sel_disable_ops = { 332 .write = sel_write_disable, 333 .llseek = generic_file_llseek, 334}; 335 336static ssize_t sel_read_policyvers(struct file *filp, char __user *buf, 337 size_t count, loff_t *ppos) 338{ 339 char tmpbuf[TMPBUFLEN]; 340 ssize_t length; 341 342 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX); 343 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 344} 345 346static const struct file_operations sel_policyvers_ops = { 347 .read = sel_read_policyvers, 348 .llseek = generic_file_llseek, 349}; 350 351/* declaration for sel_write_load */ 352static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_dir, 353 unsigned int *bool_num, char ***bool_pending_names, 354 unsigned int **bool_pending_values); 355static int sel_make_classes(struct selinux_policy *newpolicy, 356 struct dentry *class_dir, 357 unsigned long *last_class_ino); 358 359/* declaration for sel_make_class_dirs */ 360static struct dentry *sel_make_dir(struct dentry *dir, const char *name, 361 unsigned long *ino); 362 363/* declaration for sel_make_policy_nodes */ 364static struct dentry *sel_make_disconnected_dir(struct super_block *sb, 365 unsigned long *ino); 366 367/* declaration for sel_make_policy_nodes */ 368static void sel_remove_entries(struct dentry *de); 369 370static ssize_t sel_read_mls(struct file *filp, char __user *buf, 371 size_t count, loff_t *ppos) 372{ 373 struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info; 374 char tmpbuf[TMPBUFLEN]; 375 ssize_t length; 376 377 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", 378 security_mls_enabled(fsi->state)); 379 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 380} 381 382static const struct file_operations sel_mls_ops = { 383 .read = sel_read_mls, 384 .llseek = generic_file_llseek, 385}; 386 387struct policy_load_memory { 388 size_t len; 389 void *data; 390}; 391 392static int sel_open_policy(struct inode *inode, struct file *filp) 393{ 394 struct selinux_fs_info *fsi = inode->i_sb->s_fs_info; 395 struct selinux_state *state = fsi->state; 396 struct policy_load_memory *plm = NULL; 397 int rc; 398 399 BUG_ON(filp->private_data); 400 401 mutex_lock(&fsi->state->policy_mutex); 402 403 rc = avc_has_perm(&selinux_state, 404 current_sid(), SECINITSID_SECURITY, 405 SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL); 406 if (rc) 407 goto err; 408 409 rc = -EBUSY; 410 if (fsi->policy_opened) 411 goto err; 412 413 rc = -ENOMEM; 414 plm = kzalloc(sizeof(*plm), GFP_KERNEL); 415 if (!plm) 416 goto err; 417 418 rc = security_read_policy(state, &plm->data, &plm->len); 419 if (rc) 420 goto err; 421 422 if ((size_t)i_size_read(inode) != plm->len) { 423 inode_lock(inode); 424 i_size_write(inode, plm->len); 425 inode_unlock(inode); 426 } 427 428 fsi->policy_opened = 1; 429 430 filp->private_data = plm; 431 432 mutex_unlock(&fsi->state->policy_mutex); 433 434 return 0; 435err: 436 mutex_unlock(&fsi->state->policy_mutex); 437 438 if (plm) 439 vfree(plm->data); 440 kfree(plm); 441 return rc; 442} 443 444static int sel_release_policy(struct inode *inode, struct file *filp) 445{ 446 struct selinux_fs_info *fsi = inode->i_sb->s_fs_info; 447 struct policy_load_memory *plm = filp->private_data; 448 449 BUG_ON(!plm); 450 451 fsi->policy_opened = 0; 452 453 vfree(plm->data); 454 kfree(plm); 455 456 return 0; 457} 458 459static ssize_t sel_read_policy(struct file *filp, char __user *buf, 460 size_t count, loff_t *ppos) 461{ 462 struct policy_load_memory *plm = filp->private_data; 463 int ret; 464 465 ret = avc_has_perm(&selinux_state, 466 current_sid(), SECINITSID_SECURITY, 467 SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL); 468 if (ret) 469 return ret; 470 471 return simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); 472} 473 474static vm_fault_t sel_mmap_policy_fault(struct vm_fault *vmf) 475{ 476 struct policy_load_memory *plm = vmf->vma->vm_file->private_data; 477 unsigned long offset; 478 struct page *page; 479 480 if (vmf->flags & (FAULT_FLAG_MKWRITE | FAULT_FLAG_WRITE)) 481 return VM_FAULT_SIGBUS; 482 483 offset = vmf->pgoff << PAGE_SHIFT; 484 if (offset >= roundup(plm->len, PAGE_SIZE)) 485 return VM_FAULT_SIGBUS; 486 487 page = vmalloc_to_page(plm->data + offset); 488 get_page(page); 489 490 vmf->page = page; 491 492 return 0; 493} 494 495static const struct vm_operations_struct sel_mmap_policy_ops = { 496 .fault = sel_mmap_policy_fault, 497 .page_mkwrite = sel_mmap_policy_fault, 498}; 499 500static int sel_mmap_policy(struct file *filp, struct vm_area_struct *vma) 501{ 502 if (vma->vm_flags & VM_SHARED) { 503 /* do not allow mprotect to make mapping writable */ 504 vma->vm_flags &= ~VM_MAYWRITE; 505 506 if (vma->vm_flags & VM_WRITE) 507 return -EACCES; 508 } 509 510 vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP; 511 vma->vm_ops = &sel_mmap_policy_ops; 512 513 return 0; 514} 515 516static const struct file_operations sel_policy_ops = { 517 .open = sel_open_policy, 518 .read = sel_read_policy, 519 .mmap = sel_mmap_policy, 520 .release = sel_release_policy, 521 .llseek = generic_file_llseek, 522}; 523 524static void sel_remove_old_bool_data(unsigned int bool_num, char **bool_names, 525 unsigned int *bool_values) 526{ 527 u32 i; 528 529 /* bool_dir cleanup */ 530 for (i = 0; i < bool_num; i++) 531 kfree(bool_names[i]); 532 kfree(bool_names); 533 kfree(bool_values); 534} 535 536static int sel_make_policy_nodes(struct selinux_fs_info *fsi, 537 struct selinux_policy *newpolicy) 538{ 539 int ret = 0; 540 struct dentry *tmp_parent, *tmp_bool_dir, *tmp_class_dir, *old_dentry; 541 unsigned int tmp_bool_num, old_bool_num; 542 char **tmp_bool_names, **old_bool_names; 543 unsigned int *tmp_bool_values, *old_bool_values; 544 unsigned long tmp_ino = fsi->last_ino; /* Don't increment last_ino in this function */ 545 546 tmp_parent = sel_make_disconnected_dir(fsi->sb, &tmp_ino); 547 if (IS_ERR(tmp_parent)) 548 return PTR_ERR(tmp_parent); 549 550 tmp_ino = fsi->bool_dir->d_inode->i_ino - 1; /* sel_make_dir will increment and set */ 551 tmp_bool_dir = sel_make_dir(tmp_parent, BOOL_DIR_NAME, &tmp_ino); 552 if (IS_ERR(tmp_bool_dir)) { 553 ret = PTR_ERR(tmp_bool_dir); 554 goto out; 555 } 556 557 tmp_ino = fsi->class_dir->d_inode->i_ino - 1; /* sel_make_dir will increment and set */ 558 tmp_class_dir = sel_make_dir(tmp_parent, CLASS_DIR_NAME, &tmp_ino); 559 if (IS_ERR(tmp_class_dir)) { 560 ret = PTR_ERR(tmp_class_dir); 561 goto out; 562 } 563 564 ret = sel_make_bools(newpolicy, tmp_bool_dir, &tmp_bool_num, 565 &tmp_bool_names, &tmp_bool_values); 566 if (ret) { 567 pr_err("SELinux: failed to load policy booleans\n"); 568 goto out; 569 } 570 571 ret = sel_make_classes(newpolicy, tmp_class_dir, 572 &fsi->last_class_ino); 573 if (ret) { 574 pr_err("SELinux: failed to load policy classes\n"); 575 goto out; 576 } 577 578 /* booleans */ 579 old_dentry = fsi->bool_dir; 580 lock_rename(tmp_bool_dir, old_dentry); 581 d_exchange(tmp_bool_dir, fsi->bool_dir); 582 583 old_bool_num = fsi->bool_num; 584 old_bool_names = fsi->bool_pending_names; 585 old_bool_values = fsi->bool_pending_values; 586 587 fsi->bool_num = tmp_bool_num; 588 fsi->bool_pending_names = tmp_bool_names; 589 fsi->bool_pending_values = tmp_bool_values; 590 591 sel_remove_old_bool_data(old_bool_num, old_bool_names, old_bool_values); 592 593 fsi->bool_dir = tmp_bool_dir; 594 unlock_rename(tmp_bool_dir, old_dentry); 595 596 /* classes */ 597 old_dentry = fsi->class_dir; 598 lock_rename(tmp_class_dir, old_dentry); 599 d_exchange(tmp_class_dir, fsi->class_dir); 600 fsi->class_dir = tmp_class_dir; 601 unlock_rename(tmp_class_dir, old_dentry); 602 603out: 604 /* Since the other temporary dirs are children of tmp_parent 605 * this will handle all the cleanup in the case of a failure before 606 * the swapover 607 */ 608 sel_remove_entries(tmp_parent); 609 dput(tmp_parent); /* d_genocide() only handles the children */ 610 611 return ret; 612} 613 614static ssize_t sel_write_load(struct file *file, const char __user *buf, 615 size_t count, loff_t *ppos) 616 617{ 618 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 619 struct selinux_load_state load_state; 620 ssize_t length; 621 void *data = NULL; 622 623 mutex_lock(&fsi->state->policy_mutex); 624 625 length = avc_has_perm(&selinux_state, 626 current_sid(), SECINITSID_SECURITY, 627 SECCLASS_SECURITY, SECURITY__LOAD_POLICY, NULL); 628 if (length) 629 goto out; 630 631 /* No partial writes. */ 632 length = -EINVAL; 633 if (*ppos != 0) 634 goto out; 635 636 length = -ENOMEM; 637 data = vmalloc(count); 638 if (!data) 639 goto out; 640 641 length = -EFAULT; 642 if (copy_from_user(data, buf, count) != 0) 643 goto out; 644 645 length = security_load_policy(fsi->state, data, count, &load_state); 646 if (length) { 647 pr_warn_ratelimited("SELinux: failed to load policy\n"); 648 goto out; 649 } 650 651 length = sel_make_policy_nodes(fsi, load_state.policy); 652 if (length) { 653 selinux_policy_cancel(fsi->state, &load_state); 654 goto out; 655 } 656 657 selinux_policy_commit(fsi->state, &load_state); 658 659 length = count; 660 661 audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, 662 "auid=%u ses=%u lsm=selinux res=1", 663 from_kuid(&init_user_ns, audit_get_loginuid(current)), 664 audit_get_sessionid(current)); 665out: 666 mutex_unlock(&fsi->state->policy_mutex); 667 vfree(data); 668 return length; 669} 670 671static const struct file_operations sel_load_ops = { 672 .write = sel_write_load, 673 .llseek = generic_file_llseek, 674}; 675 676static ssize_t sel_write_context(struct file *file, char *buf, size_t size) 677{ 678 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 679 struct selinux_state *state = fsi->state; 680 char *canon = NULL; 681 u32 sid, len; 682 ssize_t length; 683 684 length = avc_has_perm(&selinux_state, 685 current_sid(), SECINITSID_SECURITY, 686 SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, NULL); 687 if (length) 688 goto out; 689 690 length = security_context_to_sid(state, buf, size, &sid, GFP_KERNEL); 691 if (length) 692 goto out; 693 694 length = security_sid_to_context(state, sid, &canon, &len); 695 if (length) 696 goto out; 697 698 length = -ERANGE; 699 if (len > SIMPLE_TRANSACTION_LIMIT) { 700 pr_err("SELinux: %s: context size (%u) exceeds " 701 "payload max\n", __func__, len); 702 goto out; 703 } 704 705 memcpy(buf, canon, len); 706 length = len; 707out: 708 kfree(canon); 709 return length; 710} 711 712static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf, 713 size_t count, loff_t *ppos) 714{ 715 struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info; 716 char tmpbuf[TMPBUFLEN]; 717 ssize_t length; 718 719 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", 720 checkreqprot_get(fsi->state)); 721 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 722} 723 724static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, 725 size_t count, loff_t *ppos) 726{ 727 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 728 char *page; 729 ssize_t length; 730 unsigned int new_value; 731 732 length = avc_has_perm(&selinux_state, 733 current_sid(), SECINITSID_SECURITY, 734 SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT, 735 NULL); 736 if (length) 737 return length; 738 739 if (count >= PAGE_SIZE) 740 return -ENOMEM; 741 742 /* No partial writes. */ 743 if (*ppos != 0) 744 return -EINVAL; 745 746 page = memdup_user_nul(buf, count); 747 if (IS_ERR(page)) 748 return PTR_ERR(page); 749 750 length = -EINVAL; 751 if (sscanf(page, "%u", &new_value) != 1) 752 goto out; 753 754 if (new_value) { 755 char comm[sizeof(current->comm)]; 756 757 memcpy(comm, current->comm, sizeof(comm)); 758 pr_warn_once("SELinux: %s (%d) set checkreqprot to 1. This is deprecated and will be rejected in a future kernel release.\n", 759 comm, current->pid); 760 } 761 762 checkreqprot_set(fsi->state, (new_value ? 1 : 0)); 763 length = count; 764out: 765 kfree(page); 766 return length; 767} 768static const struct file_operations sel_checkreqprot_ops = { 769 .read = sel_read_checkreqprot, 770 .write = sel_write_checkreqprot, 771 .llseek = generic_file_llseek, 772}; 773 774static ssize_t sel_write_validatetrans(struct file *file, 775 const char __user *buf, 776 size_t count, loff_t *ppos) 777{ 778 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 779 struct selinux_state *state = fsi->state; 780 char *oldcon = NULL, *newcon = NULL, *taskcon = NULL; 781 char *req = NULL; 782 u32 osid, nsid, tsid; 783 u16 tclass; 784 int rc; 785 786 rc = avc_has_perm(&selinux_state, 787 current_sid(), SECINITSID_SECURITY, 788 SECCLASS_SECURITY, SECURITY__VALIDATE_TRANS, NULL); 789 if (rc) 790 goto out; 791 792 rc = -ENOMEM; 793 if (count >= PAGE_SIZE) 794 goto out; 795 796 /* No partial writes. */ 797 rc = -EINVAL; 798 if (*ppos != 0) 799 goto out; 800 801 req = memdup_user_nul(buf, count); 802 if (IS_ERR(req)) { 803 rc = PTR_ERR(req); 804 req = NULL; 805 goto out; 806 } 807 808 rc = -ENOMEM; 809 oldcon = kzalloc(count + 1, GFP_KERNEL); 810 if (!oldcon) 811 goto out; 812 813 newcon = kzalloc(count + 1, GFP_KERNEL); 814 if (!newcon) 815 goto out; 816 817 taskcon = kzalloc(count + 1, GFP_KERNEL); 818 if (!taskcon) 819 goto out; 820 821 rc = -EINVAL; 822 if (sscanf(req, "%s %s %hu %s", oldcon, newcon, &tclass, taskcon) != 4) 823 goto out; 824 825 rc = security_context_str_to_sid(state, oldcon, &osid, GFP_KERNEL); 826 if (rc) 827 goto out; 828 829 rc = security_context_str_to_sid(state, newcon, &nsid, GFP_KERNEL); 830 if (rc) 831 goto out; 832 833 rc = security_context_str_to_sid(state, taskcon, &tsid, GFP_KERNEL); 834 if (rc) 835 goto out; 836 837 rc = security_validate_transition_user(state, osid, nsid, tsid, tclass); 838 if (!rc) 839 rc = count; 840out: 841 kfree(req); 842 kfree(oldcon); 843 kfree(newcon); 844 kfree(taskcon); 845 return rc; 846} 847 848static const struct file_operations sel_transition_ops = { 849 .write = sel_write_validatetrans, 850 .llseek = generic_file_llseek, 851}; 852 853/* 854 * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c 855 */ 856static ssize_t sel_write_access(struct file *file, char *buf, size_t size); 857static ssize_t sel_write_create(struct file *file, char *buf, size_t size); 858static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size); 859static ssize_t sel_write_user(struct file *file, char *buf, size_t size); 860static ssize_t sel_write_member(struct file *file, char *buf, size_t size); 861 862static ssize_t (*const write_op[])(struct file *, char *, size_t) = { 863 [SEL_ACCESS] = sel_write_access, 864 [SEL_CREATE] = sel_write_create, 865 [SEL_RELABEL] = sel_write_relabel, 866 [SEL_USER] = sel_write_user, 867 [SEL_MEMBER] = sel_write_member, 868 [SEL_CONTEXT] = sel_write_context, 869}; 870 871static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos) 872{ 873 ino_t ino = file_inode(file)->i_ino; 874 char *data; 875 ssize_t rv; 876 877 if (ino >= ARRAY_SIZE(write_op) || !write_op[ino]) 878 return -EINVAL; 879 880 data = simple_transaction_get(file, buf, size); 881 if (IS_ERR(data)) 882 return PTR_ERR(data); 883 884 rv = write_op[ino](file, data, size); 885 if (rv > 0) { 886 simple_transaction_set(file, rv); 887 rv = size; 888 } 889 return rv; 890} 891 892static const struct file_operations transaction_ops = { 893 .write = selinux_transaction_write, 894 .read = simple_transaction_read, 895 .release = simple_transaction_release, 896 .llseek = generic_file_llseek, 897}; 898 899/* 900 * payload - write methods 901 * If the method has a response, the response should be put in buf, 902 * and the length returned. Otherwise return 0 or and -error. 903 */ 904 905static ssize_t sel_write_access(struct file *file, char *buf, size_t size) 906{ 907 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 908 struct selinux_state *state = fsi->state; 909 char *scon = NULL, *tcon = NULL; 910 u32 ssid, tsid; 911 u16 tclass; 912 struct av_decision avd; 913 ssize_t length; 914 915 length = avc_has_perm(&selinux_state, 916 current_sid(), SECINITSID_SECURITY, 917 SECCLASS_SECURITY, SECURITY__COMPUTE_AV, NULL); 918 if (length) 919 goto out; 920 921 length = -ENOMEM; 922 scon = kzalloc(size + 1, GFP_KERNEL); 923 if (!scon) 924 goto out; 925 926 length = -ENOMEM; 927 tcon = kzalloc(size + 1, GFP_KERNEL); 928 if (!tcon) 929 goto out; 930 931 length = -EINVAL; 932 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 933 goto out; 934 935 length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL); 936 if (length) 937 goto out; 938 939 length = security_context_str_to_sid(state, tcon, &tsid, GFP_KERNEL); 940 if (length) 941 goto out; 942 943 security_compute_av_user(state, ssid, tsid, tclass, &avd); 944 945 length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT, 946 "%x %x %x %x %u %x", 947 avd.allowed, 0xffffffff, 948 avd.auditallow, avd.auditdeny, 949 avd.seqno, avd.flags); 950out: 951 kfree(tcon); 952 kfree(scon); 953 return length; 954} 955 956static ssize_t sel_write_create(struct file *file, char *buf, size_t size) 957{ 958 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 959 struct selinux_state *state = fsi->state; 960 char *scon = NULL, *tcon = NULL; 961 char *namebuf = NULL, *objname = NULL; 962 u32 ssid, tsid, newsid; 963 u16 tclass; 964 ssize_t length; 965 char *newcon = NULL; 966 u32 len; 967 int nargs; 968 969 length = avc_has_perm(&selinux_state, 970 current_sid(), SECINITSID_SECURITY, 971 SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, 972 NULL); 973 if (length) 974 goto out; 975 976 length = -ENOMEM; 977 scon = kzalloc(size + 1, GFP_KERNEL); 978 if (!scon) 979 goto out; 980 981 length = -ENOMEM; 982 tcon = kzalloc(size + 1, GFP_KERNEL); 983 if (!tcon) 984 goto out; 985 986 length = -ENOMEM; 987 namebuf = kzalloc(size + 1, GFP_KERNEL); 988 if (!namebuf) 989 goto out; 990 991 length = -EINVAL; 992 nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf); 993 if (nargs < 3 || nargs > 4) 994 goto out; 995 if (nargs == 4) { 996 /* 997 * If and when the name of new object to be queried contains 998 * either whitespace or multibyte characters, they shall be 999 * encoded based on the percentage-encoding rule. 1000 * If not encoded, the sscanf logic picks up only left-half 1001 * of the supplied name; splitted by a whitespace unexpectedly. 1002 */ 1003 char *r, *w; 1004 int c1, c2; 1005 1006 r = w = namebuf; 1007 do { 1008 c1 = *r++; 1009 if (c1 == '+') 1010 c1 = ' '; 1011 else if (c1 == '%') { 1012 c1 = hex_to_bin(*r++); 1013 if (c1 < 0) 1014 goto out; 1015 c2 = hex_to_bin(*r++); 1016 if (c2 < 0) 1017 goto out; 1018 c1 = (c1 << 4) | c2; 1019 } 1020 *w++ = c1; 1021 } while (c1 != '\0'); 1022 1023 objname = namebuf; 1024 } 1025 1026 length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL); 1027 if (length) 1028 goto out; 1029 1030 length = security_context_str_to_sid(state, tcon, &tsid, GFP_KERNEL); 1031 if (length) 1032 goto out; 1033 1034 length = security_transition_sid_user(state, ssid, tsid, tclass, 1035 objname, &newsid); 1036 if (length) 1037 goto out; 1038 1039 length = security_sid_to_context(state, newsid, &newcon, &len); 1040 if (length) 1041 goto out; 1042 1043 length = -ERANGE; 1044 if (len > SIMPLE_TRANSACTION_LIMIT) { 1045 pr_err("SELinux: %s: context size (%u) exceeds " 1046 "payload max\n", __func__, len); 1047 goto out; 1048 } 1049 1050 memcpy(buf, newcon, len); 1051 length = len; 1052out: 1053 kfree(newcon); 1054 kfree(namebuf); 1055 kfree(tcon); 1056 kfree(scon); 1057 return length; 1058} 1059 1060static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size) 1061{ 1062 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 1063 struct selinux_state *state = fsi->state; 1064 char *scon = NULL, *tcon = NULL; 1065 u32 ssid, tsid, newsid; 1066 u16 tclass; 1067 ssize_t length; 1068 char *newcon = NULL; 1069 u32 len; 1070 1071 length = avc_has_perm(&selinux_state, 1072 current_sid(), SECINITSID_SECURITY, 1073 SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, 1074 NULL); 1075 if (length) 1076 goto out; 1077 1078 length = -ENOMEM; 1079 scon = kzalloc(size + 1, GFP_KERNEL); 1080 if (!scon) 1081 goto out; 1082 1083 length = -ENOMEM; 1084 tcon = kzalloc(size + 1, GFP_KERNEL); 1085 if (!tcon) 1086 goto out; 1087 1088 length = -EINVAL; 1089 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 1090 goto out; 1091 1092 length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL); 1093 if (length) 1094 goto out; 1095 1096 length = security_context_str_to_sid(state, tcon, &tsid, GFP_KERNEL); 1097 if (length) 1098 goto out; 1099 1100 length = security_change_sid(state, ssid, tsid, tclass, &newsid); 1101 if (length) 1102 goto out; 1103 1104 length = security_sid_to_context(state, newsid, &newcon, &len); 1105 if (length) 1106 goto out; 1107 1108 length = -ERANGE; 1109 if (len > SIMPLE_TRANSACTION_LIMIT) 1110 goto out; 1111 1112 memcpy(buf, newcon, len); 1113 length = len; 1114out: 1115 kfree(newcon); 1116 kfree(tcon); 1117 kfree(scon); 1118 return length; 1119} 1120 1121static ssize_t sel_write_user(struct file *file, char *buf, size_t size) 1122{ 1123 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 1124 struct selinux_state *state = fsi->state; 1125 char *con = NULL, *user = NULL, *ptr; 1126 u32 sid, *sids = NULL; 1127 ssize_t length; 1128 char *newcon; 1129 int i, rc; 1130 u32 len, nsids; 1131 1132 length = avc_has_perm(&selinux_state, 1133 current_sid(), SECINITSID_SECURITY, 1134 SECCLASS_SECURITY, SECURITY__COMPUTE_USER, 1135 NULL); 1136 if (length) 1137 goto out; 1138 1139 length = -ENOMEM; 1140 con = kzalloc(size + 1, GFP_KERNEL); 1141 if (!con) 1142 goto out; 1143 1144 length = -ENOMEM; 1145 user = kzalloc(size + 1, GFP_KERNEL); 1146 if (!user) 1147 goto out; 1148 1149 length = -EINVAL; 1150 if (sscanf(buf, "%s %s", con, user) != 2) 1151 goto out; 1152 1153 length = security_context_str_to_sid(state, con, &sid, GFP_KERNEL); 1154 if (length) 1155 goto out; 1156 1157 length = security_get_user_sids(state, sid, user, &sids, &nsids); 1158 if (length) 1159 goto out; 1160 1161 length = sprintf(buf, "%u", nsids) + 1; 1162 ptr = buf + length; 1163 for (i = 0; i < nsids; i++) { 1164 rc = security_sid_to_context(state, sids[i], &newcon, &len); 1165 if (rc) { 1166 length = rc; 1167 goto out; 1168 } 1169 if ((length + len) >= SIMPLE_TRANSACTION_LIMIT) { 1170 kfree(newcon); 1171 length = -ERANGE; 1172 goto out; 1173 } 1174 memcpy(ptr, newcon, len); 1175 kfree(newcon); 1176 ptr += len; 1177 length += len; 1178 } 1179out: 1180 kfree(sids); 1181 kfree(user); 1182 kfree(con); 1183 return length; 1184} 1185 1186static ssize_t sel_write_member(struct file *file, char *buf, size_t size) 1187{ 1188 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 1189 struct selinux_state *state = fsi->state; 1190 char *scon = NULL, *tcon = NULL; 1191 u32 ssid, tsid, newsid; 1192 u16 tclass; 1193 ssize_t length; 1194 char *newcon = NULL; 1195 u32 len; 1196 1197 length = avc_has_perm(&selinux_state, 1198 current_sid(), SECINITSID_SECURITY, 1199 SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, 1200 NULL); 1201 if (length) 1202 goto out; 1203 1204 length = -ENOMEM; 1205 scon = kzalloc(size + 1, GFP_KERNEL); 1206 if (!scon) 1207 goto out; 1208 1209 length = -ENOMEM; 1210 tcon = kzalloc(size + 1, GFP_KERNEL); 1211 if (!tcon) 1212 goto out; 1213 1214 length = -EINVAL; 1215 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 1216 goto out; 1217 1218 length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL); 1219 if (length) 1220 goto out; 1221 1222 length = security_context_str_to_sid(state, tcon, &tsid, GFP_KERNEL); 1223 if (length) 1224 goto out; 1225 1226 length = security_member_sid(state, ssid, tsid, tclass, &newsid); 1227 if (length) 1228 goto out; 1229 1230 length = security_sid_to_context(state, newsid, &newcon, &len); 1231 if (length) 1232 goto out; 1233 1234 length = -ERANGE; 1235 if (len > SIMPLE_TRANSACTION_LIMIT) { 1236 pr_err("SELinux: %s: context size (%u) exceeds " 1237 "payload max\n", __func__, len); 1238 goto out; 1239 } 1240 1241 memcpy(buf, newcon, len); 1242 length = len; 1243out: 1244 kfree(newcon); 1245 kfree(tcon); 1246 kfree(scon); 1247 return length; 1248} 1249 1250static struct inode *sel_make_inode(struct super_block *sb, int mode) 1251{ 1252 struct inode *ret = new_inode(sb); 1253 1254 if (ret) { 1255 ret->i_mode = mode; 1256 ret->i_atime = ret->i_mtime = ret->i_ctime = current_time(ret); 1257 } 1258 return ret; 1259} 1260 1261static ssize_t sel_read_bool(struct file *filep, char __user *buf, 1262 size_t count, loff_t *ppos) 1263{ 1264 struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info; 1265 char *page = NULL; 1266 ssize_t length; 1267 ssize_t ret; 1268 int cur_enforcing; 1269 unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; 1270 const char *name = filep->f_path.dentry->d_name.name; 1271 1272 mutex_lock(&fsi->state->policy_mutex); 1273 1274 ret = -EINVAL; 1275 if (index >= fsi->bool_num || strcmp(name, 1276 fsi->bool_pending_names[index])) 1277 goto out_unlock; 1278 1279 ret = -ENOMEM; 1280 page = (char *)get_zeroed_page(GFP_KERNEL); 1281 if (!page) 1282 goto out_unlock; 1283 1284 cur_enforcing = security_get_bool_value(fsi->state, index); 1285 if (cur_enforcing < 0) { 1286 ret = cur_enforcing; 1287 goto out_unlock; 1288 } 1289 length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing, 1290 fsi->bool_pending_values[index]); 1291 mutex_unlock(&fsi->state->policy_mutex); 1292 ret = simple_read_from_buffer(buf, count, ppos, page, length); 1293out_free: 1294 free_page((unsigned long)page); 1295 return ret; 1296 1297out_unlock: 1298 mutex_unlock(&fsi->state->policy_mutex); 1299 goto out_free; 1300} 1301 1302static ssize_t sel_write_bool(struct file *filep, const char __user *buf, 1303 size_t count, loff_t *ppos) 1304{ 1305 struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info; 1306 char *page = NULL; 1307 ssize_t length; 1308 int new_value; 1309 unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; 1310 const char *name = filep->f_path.dentry->d_name.name; 1311 1312 if (count >= PAGE_SIZE) 1313 return -ENOMEM; 1314 1315 /* No partial writes. */ 1316 if (*ppos != 0) 1317 return -EINVAL; 1318 1319 page = memdup_user_nul(buf, count); 1320 if (IS_ERR(page)) 1321 return PTR_ERR(page); 1322 1323 mutex_lock(&fsi->state->policy_mutex); 1324 1325 length = avc_has_perm(&selinux_state, 1326 current_sid(), SECINITSID_SECURITY, 1327 SECCLASS_SECURITY, SECURITY__SETBOOL, 1328 NULL); 1329 if (length) 1330 goto out; 1331 1332 length = -EINVAL; 1333 if (index >= fsi->bool_num || strcmp(name, 1334 fsi->bool_pending_names[index])) 1335 goto out; 1336 1337 length = -EINVAL; 1338 if (sscanf(page, "%d", &new_value) != 1) 1339 goto out; 1340 1341 if (new_value) 1342 new_value = 1; 1343 1344 fsi->bool_pending_values[index] = new_value; 1345 length = count; 1346 1347out: 1348 mutex_unlock(&fsi->state->policy_mutex); 1349 kfree(page); 1350 return length; 1351} 1352 1353static const struct file_operations sel_bool_ops = { 1354 .read = sel_read_bool, 1355 .write = sel_write_bool, 1356 .llseek = generic_file_llseek, 1357}; 1358 1359static ssize_t sel_commit_bools_write(struct file *filep, 1360 const char __user *buf, 1361 size_t count, loff_t *ppos) 1362{ 1363 struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info; 1364 char *page = NULL; 1365 ssize_t length; 1366 int new_value; 1367 1368 if (count >= PAGE_SIZE) 1369 return -ENOMEM; 1370 1371 /* No partial writes. */ 1372 if (*ppos != 0) 1373 return -EINVAL; 1374 1375 page = memdup_user_nul(buf, count); 1376 if (IS_ERR(page)) 1377 return PTR_ERR(page); 1378 1379 mutex_lock(&fsi->state->policy_mutex); 1380 1381 length = avc_has_perm(&selinux_state, 1382 current_sid(), SECINITSID_SECURITY, 1383 SECCLASS_SECURITY, SECURITY__SETBOOL, 1384 NULL); 1385 if (length) 1386 goto out; 1387 1388 length = -EINVAL; 1389 if (sscanf(page, "%d", &new_value) != 1) 1390 goto out; 1391 1392 length = 0; 1393 if (new_value && fsi->bool_pending_values) 1394 length = security_set_bools(fsi->state, fsi->bool_num, 1395 fsi->bool_pending_values); 1396 1397 if (!length) 1398 length = count; 1399 1400out: 1401 mutex_unlock(&fsi->state->policy_mutex); 1402 kfree(page); 1403 return length; 1404} 1405 1406static const struct file_operations sel_commit_bools_ops = { 1407 .write = sel_commit_bools_write, 1408 .llseek = generic_file_llseek, 1409}; 1410 1411static void sel_remove_entries(struct dentry *de) 1412{ 1413 d_genocide(de); 1414 shrink_dcache_parent(de); 1415} 1416 1417static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_dir, 1418 unsigned int *bool_num, char ***bool_pending_names, 1419 unsigned int **bool_pending_values) 1420{ 1421 int ret; 1422 ssize_t len; 1423 struct dentry *dentry = NULL; 1424 struct inode *inode = NULL; 1425 struct inode_security_struct *isec; 1426 char **names = NULL, *page; 1427 u32 i, num; 1428 int *values = NULL; 1429 u32 sid; 1430 1431 ret = -ENOMEM; 1432 page = (char *)get_zeroed_page(GFP_KERNEL); 1433 if (!page) 1434 goto out; 1435 1436 ret = security_get_bools(newpolicy, &num, &names, &values); 1437 if (ret) 1438 goto out; 1439 1440 for (i = 0; i < num; i++) { 1441 ret = -ENOMEM; 1442 dentry = d_alloc_name(bool_dir, names[i]); 1443 if (!dentry) 1444 goto out; 1445 1446 ret = -ENOMEM; 1447 inode = sel_make_inode(bool_dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR); 1448 if (!inode) { 1449 dput(dentry); 1450 goto out; 1451 } 1452 1453 ret = -ENAMETOOLONG; 1454 len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]); 1455 if (len >= PAGE_SIZE) { 1456 dput(dentry); 1457 iput(inode); 1458 goto out; 1459 } 1460 1461 isec = selinux_inode(inode); 1462 ret = selinux_policy_genfs_sid(newpolicy, "selinuxfs", page, 1463 SECCLASS_FILE, &sid); 1464 if (ret) { 1465 pr_warn_ratelimited("SELinux: no sid found, defaulting to security isid for %s\n", 1466 page); 1467 sid = SECINITSID_SECURITY; 1468 } 1469 1470 isec->sid = sid; 1471 isec->initialized = LABEL_INITIALIZED; 1472 inode->i_fop = &sel_bool_ops; 1473 inode->i_ino = i|SEL_BOOL_INO_OFFSET; 1474 d_add(dentry, inode); 1475 } 1476 *bool_num = num; 1477 *bool_pending_names = names; 1478 *bool_pending_values = values; 1479 1480 free_page((unsigned long)page); 1481 return 0; 1482out: 1483 free_page((unsigned long)page); 1484 1485 if (names) { 1486 for (i = 0; i < num; i++) 1487 kfree(names[i]); 1488 kfree(names); 1489 } 1490 kfree(values); 1491 sel_remove_entries(bool_dir); 1492 1493 return ret; 1494} 1495 1496static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf, 1497 size_t count, loff_t *ppos) 1498{ 1499 struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info; 1500 struct selinux_state *state = fsi->state; 1501 char tmpbuf[TMPBUFLEN]; 1502 ssize_t length; 1503 1504 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", 1505 avc_get_cache_threshold(state->avc)); 1506 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 1507} 1508 1509static ssize_t sel_write_avc_cache_threshold(struct file *file, 1510 const char __user *buf, 1511 size_t count, loff_t *ppos) 1512 1513{ 1514 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 1515 struct selinux_state *state = fsi->state; 1516 char *page; 1517 ssize_t ret; 1518 unsigned int new_value; 1519 1520 ret = avc_has_perm(&selinux_state, 1521 current_sid(), SECINITSID_SECURITY, 1522 SECCLASS_SECURITY, SECURITY__SETSECPARAM, 1523 NULL); 1524 if (ret) 1525 return ret; 1526 1527 if (count >= PAGE_SIZE) 1528 return -ENOMEM; 1529 1530 /* No partial writes. */ 1531 if (*ppos != 0) 1532 return -EINVAL; 1533 1534 page = memdup_user_nul(buf, count); 1535 if (IS_ERR(page)) 1536 return PTR_ERR(page); 1537 1538 ret = -EINVAL; 1539 if (sscanf(page, "%u", &new_value) != 1) 1540 goto out; 1541 1542 avc_set_cache_threshold(state->avc, new_value); 1543 1544 ret = count; 1545out: 1546 kfree(page); 1547 return ret; 1548} 1549 1550static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf, 1551 size_t count, loff_t *ppos) 1552{ 1553 struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info; 1554 struct selinux_state *state = fsi->state; 1555 char *page; 1556 ssize_t length; 1557 1558 page = (char *)__get_free_page(GFP_KERNEL); 1559 if (!page) 1560 return -ENOMEM; 1561 1562 length = avc_get_hash_stats(state->avc, page); 1563 if (length >= 0) 1564 length = simple_read_from_buffer(buf, count, ppos, page, length); 1565 free_page((unsigned long)page); 1566 1567 return length; 1568} 1569 1570static ssize_t sel_read_sidtab_hash_stats(struct file *filp, char __user *buf, 1571 size_t count, loff_t *ppos) 1572{ 1573 struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info; 1574 struct selinux_state *state = fsi->state; 1575 char *page; 1576 ssize_t length; 1577 1578 page = (char *)__get_free_page(GFP_KERNEL); 1579 if (!page) 1580 return -ENOMEM; 1581 1582 length = security_sidtab_hash_stats(state, page); 1583 if (length >= 0) 1584 length = simple_read_from_buffer(buf, count, ppos, page, 1585 length); 1586 free_page((unsigned long)page); 1587 1588 return length; 1589} 1590 1591static const struct file_operations sel_sidtab_hash_stats_ops = { 1592 .read = sel_read_sidtab_hash_stats, 1593 .llseek = generic_file_llseek, 1594}; 1595 1596static const struct file_operations sel_avc_cache_threshold_ops = { 1597 .read = sel_read_avc_cache_threshold, 1598 .write = sel_write_avc_cache_threshold, 1599 .llseek = generic_file_llseek, 1600}; 1601 1602static const struct file_operations sel_avc_hash_stats_ops = { 1603 .read = sel_read_avc_hash_stats, 1604 .llseek = generic_file_llseek, 1605}; 1606 1607#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 1608static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx) 1609{ 1610 int cpu; 1611 1612 for (cpu = *idx; cpu < nr_cpu_ids; ++cpu) { 1613 if (!cpu_possible(cpu)) 1614 continue; 1615 *idx = cpu + 1; 1616 return &per_cpu(avc_cache_stats, cpu); 1617 } 1618 (*idx)++; 1619 return NULL; 1620} 1621 1622static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos) 1623{ 1624 loff_t n = *pos - 1; 1625 1626 if (*pos == 0) 1627 return SEQ_START_TOKEN; 1628 1629 return sel_avc_get_stat_idx(&n); 1630} 1631 1632static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos) 1633{ 1634 return sel_avc_get_stat_idx(pos); 1635} 1636 1637static int sel_avc_stats_seq_show(struct seq_file *seq, void *v) 1638{ 1639 struct avc_cache_stats *st = v; 1640 1641 if (v == SEQ_START_TOKEN) { 1642 seq_puts(seq, 1643 "lookups hits misses allocations reclaims frees\n"); 1644 } else { 1645 unsigned int lookups = st->lookups; 1646 unsigned int misses = st->misses; 1647 unsigned int hits = lookups - misses; 1648 seq_printf(seq, "%u %u %u %u %u %u\n", lookups, 1649 hits, misses, st->allocations, 1650 st->reclaims, st->frees); 1651 } 1652 return 0; 1653} 1654 1655static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v) 1656{ } 1657 1658static const struct seq_operations sel_avc_cache_stats_seq_ops = { 1659 .start = sel_avc_stats_seq_start, 1660 .next = sel_avc_stats_seq_next, 1661 .show = sel_avc_stats_seq_show, 1662 .stop = sel_avc_stats_seq_stop, 1663}; 1664 1665static int sel_open_avc_cache_stats(struct inode *inode, struct file *file) 1666{ 1667 return seq_open(file, &sel_avc_cache_stats_seq_ops); 1668} 1669 1670static const struct file_operations sel_avc_cache_stats_ops = { 1671 .open = sel_open_avc_cache_stats, 1672 .read = seq_read, 1673 .llseek = seq_lseek, 1674 .release = seq_release, 1675}; 1676#endif 1677 1678static int sel_make_avc_files(struct dentry *dir) 1679{ 1680 struct super_block *sb = dir->d_sb; 1681 struct selinux_fs_info *fsi = sb->s_fs_info; 1682 int i; 1683 static const struct tree_descr files[] = { 1684 { "cache_threshold", 1685 &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR }, 1686 { "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO }, 1687#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 1688 { "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO }, 1689#endif 1690 }; 1691 1692 for (i = 0; i < ARRAY_SIZE(files); i++) { 1693 struct inode *inode; 1694 struct dentry *dentry; 1695 1696 dentry = d_alloc_name(dir, files[i].name); 1697 if (!dentry) 1698 return -ENOMEM; 1699 1700 inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode); 1701 if (!inode) { 1702 dput(dentry); 1703 return -ENOMEM; 1704 } 1705 1706 inode->i_fop = files[i].ops; 1707 inode->i_ino = ++fsi->last_ino; 1708 d_add(dentry, inode); 1709 } 1710 1711 return 0; 1712} 1713 1714static int sel_make_ss_files(struct dentry *dir) 1715{ 1716 struct super_block *sb = dir->d_sb; 1717 struct selinux_fs_info *fsi = sb->s_fs_info; 1718 int i; 1719 static struct tree_descr files[] = { 1720 { "sidtab_hash_stats", &sel_sidtab_hash_stats_ops, S_IRUGO }, 1721 }; 1722 1723 for (i = 0; i < ARRAY_SIZE(files); i++) { 1724 struct inode *inode; 1725 struct dentry *dentry; 1726 1727 dentry = d_alloc_name(dir, files[i].name); 1728 if (!dentry) 1729 return -ENOMEM; 1730 1731 inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode); 1732 if (!inode) { 1733 dput(dentry); 1734 return -ENOMEM; 1735 } 1736 1737 inode->i_fop = files[i].ops; 1738 inode->i_ino = ++fsi->last_ino; 1739 d_add(dentry, inode); 1740 } 1741 1742 return 0; 1743} 1744 1745static ssize_t sel_read_initcon(struct file *file, char __user *buf, 1746 size_t count, loff_t *ppos) 1747{ 1748 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 1749 char *con; 1750 u32 sid, len; 1751 ssize_t ret; 1752 1753 sid = file_inode(file)->i_ino&SEL_INO_MASK; 1754 ret = security_sid_to_context(fsi->state, sid, &con, &len); 1755 if (ret) 1756 return ret; 1757 1758 ret = simple_read_from_buffer(buf, count, ppos, con, len); 1759 kfree(con); 1760 return ret; 1761} 1762 1763static const struct file_operations sel_initcon_ops = { 1764 .read = sel_read_initcon, 1765 .llseek = generic_file_llseek, 1766}; 1767 1768static int sel_make_initcon_files(struct dentry *dir) 1769{ 1770 int i; 1771 1772 for (i = 1; i <= SECINITSID_NUM; i++) { 1773 struct inode *inode; 1774 struct dentry *dentry; 1775 const char *s = security_get_initial_sid_context(i); 1776 1777 if (!s) 1778 continue; 1779 dentry = d_alloc_name(dir, s); 1780 if (!dentry) 1781 return -ENOMEM; 1782 1783 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1784 if (!inode) { 1785 dput(dentry); 1786 return -ENOMEM; 1787 } 1788 1789 inode->i_fop = &sel_initcon_ops; 1790 inode->i_ino = i|SEL_INITCON_INO_OFFSET; 1791 d_add(dentry, inode); 1792 } 1793 1794 return 0; 1795} 1796 1797static inline unsigned long sel_class_to_ino(u16 class) 1798{ 1799 return (class * (SEL_VEC_MAX + 1)) | SEL_CLASS_INO_OFFSET; 1800} 1801 1802static inline u16 sel_ino_to_class(unsigned long ino) 1803{ 1804 return (ino & SEL_INO_MASK) / (SEL_VEC_MAX + 1); 1805} 1806 1807static inline unsigned long sel_perm_to_ino(u16 class, u32 perm) 1808{ 1809 return (class * (SEL_VEC_MAX + 1) + perm) | SEL_CLASS_INO_OFFSET; 1810} 1811 1812static inline u32 sel_ino_to_perm(unsigned long ino) 1813{ 1814 return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1); 1815} 1816 1817static ssize_t sel_read_class(struct file *file, char __user *buf, 1818 size_t count, loff_t *ppos) 1819{ 1820 unsigned long ino = file_inode(file)->i_ino; 1821 char res[TMPBUFLEN]; 1822 ssize_t len = scnprintf(res, sizeof(res), "%d", sel_ino_to_class(ino)); 1823 return simple_read_from_buffer(buf, count, ppos, res, len); 1824} 1825 1826static const struct file_operations sel_class_ops = { 1827 .read = sel_read_class, 1828 .llseek = generic_file_llseek, 1829}; 1830 1831static ssize_t sel_read_perm(struct file *file, char __user *buf, 1832 size_t count, loff_t *ppos) 1833{ 1834 unsigned long ino = file_inode(file)->i_ino; 1835 char res[TMPBUFLEN]; 1836 ssize_t len = scnprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino)); 1837 return simple_read_from_buffer(buf, count, ppos, res, len); 1838} 1839 1840static const struct file_operations sel_perm_ops = { 1841 .read = sel_read_perm, 1842 .llseek = generic_file_llseek, 1843}; 1844 1845static ssize_t sel_read_policycap(struct file *file, char __user *buf, 1846 size_t count, loff_t *ppos) 1847{ 1848 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 1849 int value; 1850 char tmpbuf[TMPBUFLEN]; 1851 ssize_t length; 1852 unsigned long i_ino = file_inode(file)->i_ino; 1853 1854 value = security_policycap_supported(fsi->state, i_ino & SEL_INO_MASK); 1855 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value); 1856 1857 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 1858} 1859 1860static const struct file_operations sel_policycap_ops = { 1861 .read = sel_read_policycap, 1862 .llseek = generic_file_llseek, 1863}; 1864 1865static int sel_make_perm_files(struct selinux_policy *newpolicy, 1866 char *objclass, int classvalue, 1867 struct dentry *dir) 1868{ 1869 int i, rc, nperms; 1870 char **perms; 1871 1872 rc = security_get_permissions(newpolicy, objclass, &perms, &nperms); 1873 if (rc) 1874 return rc; 1875 1876 for (i = 0; i < nperms; i++) { 1877 struct inode *inode; 1878 struct dentry *dentry; 1879 1880 rc = -ENOMEM; 1881 dentry = d_alloc_name(dir, perms[i]); 1882 if (!dentry) 1883 goto out; 1884 1885 rc = -ENOMEM; 1886 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1887 if (!inode) { 1888 dput(dentry); 1889 goto out; 1890 } 1891 1892 inode->i_fop = &sel_perm_ops; 1893 /* i+1 since perm values are 1-indexed */ 1894 inode->i_ino = sel_perm_to_ino(classvalue, i + 1); 1895 d_add(dentry, inode); 1896 } 1897 rc = 0; 1898out: 1899 for (i = 0; i < nperms; i++) 1900 kfree(perms[i]); 1901 kfree(perms); 1902 return rc; 1903} 1904 1905static int sel_make_class_dir_entries(struct selinux_policy *newpolicy, 1906 char *classname, int index, 1907 struct dentry *dir) 1908{ 1909 struct super_block *sb = dir->d_sb; 1910 struct selinux_fs_info *fsi = sb->s_fs_info; 1911 struct dentry *dentry = NULL; 1912 struct inode *inode = NULL; 1913 int rc; 1914 1915 dentry = d_alloc_name(dir, "index"); 1916 if (!dentry) 1917 return -ENOMEM; 1918 1919 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1920 if (!inode) { 1921 dput(dentry); 1922 return -ENOMEM; 1923 } 1924 1925 inode->i_fop = &sel_class_ops; 1926 inode->i_ino = sel_class_to_ino(index); 1927 d_add(dentry, inode); 1928 1929 dentry = sel_make_dir(dir, "perms", &fsi->last_class_ino); 1930 if (IS_ERR(dentry)) 1931 return PTR_ERR(dentry); 1932 1933 rc = sel_make_perm_files(newpolicy, classname, index, dentry); 1934 1935 return rc; 1936} 1937 1938static int sel_make_classes(struct selinux_policy *newpolicy, 1939 struct dentry *class_dir, 1940 unsigned long *last_class_ino) 1941{ 1942 1943 int rc, nclasses, i; 1944 char **classes; 1945 1946 rc = security_get_classes(newpolicy, &classes, &nclasses); 1947 if (rc) 1948 return rc; 1949 1950 /* +2 since classes are 1-indexed */ 1951 *last_class_ino = sel_class_to_ino(nclasses + 2); 1952 1953 for (i = 0; i < nclasses; i++) { 1954 struct dentry *class_name_dir; 1955 1956 class_name_dir = sel_make_dir(class_dir, classes[i], 1957 last_class_ino); 1958 if (IS_ERR(class_name_dir)) { 1959 rc = PTR_ERR(class_name_dir); 1960 goto out; 1961 } 1962 1963 /* i+1 since class values are 1-indexed */ 1964 rc = sel_make_class_dir_entries(newpolicy, classes[i], i + 1, 1965 class_name_dir); 1966 if (rc) 1967 goto out; 1968 } 1969 rc = 0; 1970out: 1971 for (i = 0; i < nclasses; i++) 1972 kfree(classes[i]); 1973 kfree(classes); 1974 return rc; 1975} 1976 1977static int sel_make_policycap(struct selinux_fs_info *fsi) 1978{ 1979 unsigned int iter; 1980 struct dentry *dentry = NULL; 1981 struct inode *inode = NULL; 1982 1983 for (iter = 0; iter <= POLICYDB_CAPABILITY_MAX; iter++) { 1984 if (iter < ARRAY_SIZE(selinux_policycap_names)) 1985 dentry = d_alloc_name(fsi->policycap_dir, 1986 selinux_policycap_names[iter]); 1987 else 1988 dentry = d_alloc_name(fsi->policycap_dir, "unknown"); 1989 1990 if (dentry == NULL) 1991 return -ENOMEM; 1992 1993 inode = sel_make_inode(fsi->sb, S_IFREG | 0444); 1994 if (inode == NULL) { 1995 dput(dentry); 1996 return -ENOMEM; 1997 } 1998 1999 inode->i_fop = &sel_policycap_ops; 2000 inode->i_ino = iter | SEL_POLICYCAP_INO_OFFSET; 2001 d_add(dentry, inode); 2002 } 2003 2004 return 0; 2005} 2006 2007static struct dentry *sel_make_dir(struct dentry *dir, const char *name, 2008 unsigned long *ino) 2009{ 2010 struct dentry *dentry = d_alloc_name(dir, name); 2011 struct inode *inode; 2012 2013 if (!dentry) 2014 return ERR_PTR(-ENOMEM); 2015 2016 inode = sel_make_inode(dir->d_sb, S_IFDIR | S_IRUGO | S_IXUGO); 2017 if (!inode) { 2018 dput(dentry); 2019 return ERR_PTR(-ENOMEM); 2020 } 2021 2022 inode->i_op = &simple_dir_inode_operations; 2023 inode->i_fop = &simple_dir_operations; 2024 inode->i_ino = ++(*ino); 2025 /* directory inodes start off with i_nlink == 2 (for "." entry) */ 2026 inc_nlink(inode); 2027 d_add(dentry, inode); 2028 /* bump link count on parent directory, too */ 2029 inc_nlink(d_inode(dir)); 2030 2031 return dentry; 2032} 2033 2034static struct dentry *sel_make_disconnected_dir(struct super_block *sb, 2035 unsigned long *ino) 2036{ 2037 struct inode *inode = sel_make_inode(sb, S_IFDIR | S_IRUGO | S_IXUGO); 2038 2039 if (!inode) 2040 return ERR_PTR(-ENOMEM); 2041 2042 inode->i_op = &simple_dir_inode_operations; 2043 inode->i_fop = &simple_dir_operations; 2044 inode->i_ino = ++(*ino); 2045 /* directory inodes start off with i_nlink == 2 (for "." entry) */ 2046 inc_nlink(inode); 2047 return d_obtain_alias(inode); 2048} 2049 2050#define NULL_FILE_NAME "null" 2051 2052static int sel_fill_super(struct super_block *sb, struct fs_context *fc) 2053{ 2054 struct selinux_fs_info *fsi; 2055 int ret; 2056 struct dentry *dentry; 2057 struct inode *inode; 2058 struct inode_security_struct *isec; 2059 2060 static const struct tree_descr selinux_files[] = { 2061 [SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR}, 2062 [SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR}, 2063 [SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO}, 2064 [SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO}, 2065 [SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO}, 2066 [SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO}, 2067 [SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO}, 2068 [SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO}, 2069 [SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR}, 2070 [SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO}, 2071 [SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR}, 2072 [SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO}, 2073 [SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR}, 2074 [SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO}, 2075 [SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO}, 2076 [SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO}, 2077 [SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO}, 2078 [SEL_VALIDATE_TRANS] = {"validatetrans", &sel_transition_ops, 2079 S_IWUGO}, 2080 /* last one */ {""} 2081 }; 2082 2083 ret = selinux_fs_info_create(sb); 2084 if (ret) 2085 goto err; 2086 2087 ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files); 2088 if (ret) 2089 goto err; 2090 2091 fsi = sb->s_fs_info; 2092 fsi->bool_dir = sel_make_dir(sb->s_root, BOOL_DIR_NAME, &fsi->last_ino); 2093 if (IS_ERR(fsi->bool_dir)) { 2094 ret = PTR_ERR(fsi->bool_dir); 2095 fsi->bool_dir = NULL; 2096 goto err; 2097 } 2098 2099 ret = -ENOMEM; 2100 dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME); 2101 if (!dentry) 2102 goto err; 2103 2104 ret = -ENOMEM; 2105 inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO); 2106 if (!inode) { 2107 dput(dentry); 2108 goto err; 2109 } 2110 2111 inode->i_ino = ++fsi->last_ino; 2112 isec = selinux_inode(inode); 2113 isec->sid = SECINITSID_DEVNULL; 2114 isec->sclass = SECCLASS_CHR_FILE; 2115 isec->initialized = LABEL_INITIALIZED; 2116 2117 init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3)); 2118 d_add(dentry, inode); 2119 2120 dentry = sel_make_dir(sb->s_root, "avc", &fsi->last_ino); 2121 if (IS_ERR(dentry)) { 2122 ret = PTR_ERR(dentry); 2123 goto err; 2124 } 2125 2126 ret = sel_make_avc_files(dentry); 2127 if (ret) 2128 goto err; 2129 2130 dentry = sel_make_dir(sb->s_root, "ss", &fsi->last_ino); 2131 if (IS_ERR(dentry)) { 2132 ret = PTR_ERR(dentry); 2133 goto err; 2134 } 2135 2136 ret = sel_make_ss_files(dentry); 2137 if (ret) 2138 goto err; 2139 2140 dentry = sel_make_dir(sb->s_root, "initial_contexts", &fsi->last_ino); 2141 if (IS_ERR(dentry)) { 2142 ret = PTR_ERR(dentry); 2143 goto err; 2144 } 2145 2146 ret = sel_make_initcon_files(dentry); 2147 if (ret) 2148 goto err; 2149 2150 fsi->class_dir = sel_make_dir(sb->s_root, CLASS_DIR_NAME, &fsi->last_ino); 2151 if (IS_ERR(fsi->class_dir)) { 2152 ret = PTR_ERR(fsi->class_dir); 2153 fsi->class_dir = NULL; 2154 goto err; 2155 } 2156 2157 fsi->policycap_dir = sel_make_dir(sb->s_root, POLICYCAP_DIR_NAME, 2158 &fsi->last_ino); 2159 if (IS_ERR(fsi->policycap_dir)) { 2160 ret = PTR_ERR(fsi->policycap_dir); 2161 fsi->policycap_dir = NULL; 2162 goto err; 2163 } 2164 2165 ret = sel_make_policycap(fsi); 2166 if (ret) { 2167 pr_err("SELinux: failed to load policy capabilities\n"); 2168 goto err; 2169 } 2170 2171 return 0; 2172err: 2173 pr_err("SELinux: %s: failed while creating inodes\n", 2174 __func__); 2175 2176 selinux_fs_info_free(sb); 2177 2178 return ret; 2179} 2180 2181static int sel_get_tree(struct fs_context *fc) 2182{ 2183 return get_tree_single(fc, sel_fill_super); 2184} 2185 2186static const struct fs_context_operations sel_context_ops = { 2187 .get_tree = sel_get_tree, 2188}; 2189 2190static int sel_init_fs_context(struct fs_context *fc) 2191{ 2192 fc->ops = &sel_context_ops; 2193 return 0; 2194} 2195 2196static void sel_kill_sb(struct super_block *sb) 2197{ 2198 selinux_fs_info_free(sb); 2199 kill_litter_super(sb); 2200} 2201 2202static struct file_system_type sel_fs_type = { 2203 .name = "selinuxfs", 2204 .init_fs_context = sel_init_fs_context, 2205 .kill_sb = sel_kill_sb, 2206}; 2207 2208struct vfsmount *selinuxfs_mount; 2209struct path selinux_null; 2210 2211static int __init init_sel_fs(void) 2212{ 2213 struct qstr null_name = QSTR_INIT(NULL_FILE_NAME, 2214 sizeof(NULL_FILE_NAME)-1); 2215 int err; 2216 2217 if (!selinux_enabled_boot) 2218 return 0; 2219 2220 err = sysfs_create_mount_point(fs_kobj, "selinux"); 2221 if (err) 2222 return err; 2223 2224 err = register_filesystem(&sel_fs_type); 2225 if (err) { 2226 sysfs_remove_mount_point(fs_kobj, "selinux"); 2227 return err; 2228 } 2229 2230 selinux_null.mnt = kern_mount(&sel_fs_type); 2231 if (IS_ERR(selinux_null.mnt)) { 2232 pr_err("selinuxfs: could not mount!\n"); 2233 err = PTR_ERR(selinux_null.mnt); 2234 selinux_null.mnt = NULL; 2235 return err; 2236 } 2237 2238 selinux_null.dentry = d_hash_and_lookup(selinux_null.mnt->mnt_root, 2239 &null_name); 2240 if (IS_ERR(selinux_null.dentry)) { 2241 pr_err("selinuxfs: could not lookup null!\n"); 2242 err = PTR_ERR(selinux_null.dentry); 2243 selinux_null.dentry = NULL; 2244 return err; 2245 } 2246 2247 return err; 2248} 2249 2250__initcall(init_sel_fs); 2251 2252#ifdef CONFIG_SECURITY_SELINUX_DISABLE 2253void exit_sel_fs(void) 2254{ 2255 sysfs_remove_mount_point(fs_kobj, "selinux"); 2256 dput(selinux_null.dentry); 2257 kern_unmount(selinuxfs_mount); 2258 unregister_filesystem(&sel_fs_type); 2259} 2260#endif 2261