selinuxfs.c (54948B)
1// SPDX-License-Identifier: GPL-2.0-only 2/* Updated: Karl MacMillan <kmacmillan@tresys.com> 3 * 4 * Added conditional policy language extensions 5 * 6 * Updated: Hewlett-Packard <paul@paul-moore.com> 7 * 8 * Added support for the policy capability bitmap 9 * 10 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 11 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 12 * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 13 */ 14 15#include <linux/kernel.h> 16#include <linux/pagemap.h> 17#include <linux/slab.h> 18#include <linux/vmalloc.h> 19#include <linux/fs.h> 20#include <linux/fs_context.h> 21#include <linux/mount.h> 22#include <linux/mutex.h> 23#include <linux/namei.h> 24#include <linux/init.h> 25#include <linux/string.h> 26#include <linux/security.h> 27#include <linux/major.h> 28#include <linux/seq_file.h> 29#include <linux/percpu.h> 30#include <linux/audit.h> 31#include <linux/uaccess.h> 32#include <linux/kobject.h> 33#include <linux/ctype.h> 34 35/* selinuxfs pseudo filesystem for exporting the security policy API. 36 Based on the proc code and the fs/nfsd/nfsctl.c code. */ 37 38#include "flask.h" 39#include "avc.h" 40#include "avc_ss.h" 41#include "security.h" 42#include "objsec.h" 43#include "conditional.h" 44#include "ima.h" 45 46enum sel_inos { 47 SEL_ROOT_INO = 2, 48 SEL_LOAD, /* load policy */ 49 SEL_ENFORCE, /* get or set enforcing status */ 50 SEL_CONTEXT, /* validate context */ 51 SEL_ACCESS, /* compute access decision */ 52 SEL_CREATE, /* compute create labeling decision */ 53 SEL_RELABEL, /* compute relabeling decision */ 54 SEL_USER, /* compute reachable user contexts */ 55 SEL_POLICYVERS, /* return policy version for this kernel */ 56 SEL_COMMIT_BOOLS, /* commit new boolean values */ 57 SEL_MLS, /* return if MLS policy is enabled */ 58 SEL_DISABLE, /* disable SELinux until next reboot */ 59 SEL_MEMBER, /* compute polyinstantiation membership decision */ 60 SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */ 61 SEL_COMPAT_NET, /* whether to use old compat network packet controls */ 62 SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */ 63 SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */ 64 SEL_STATUS, /* export current status using mmap() */ 65 SEL_POLICY, /* allow userspace to read the in kernel policy */ 66 SEL_VALIDATE_TRANS, /* compute validatetrans decision */ 67 SEL_INO_NEXT, /* The next inode number to use */ 68}; 69 70struct selinux_fs_info { 71 struct dentry *bool_dir; 72 unsigned int bool_num; 73 char **bool_pending_names; 74 unsigned int *bool_pending_values; 75 struct dentry *class_dir; 76 unsigned long last_class_ino; 77 bool policy_opened; 78 struct dentry *policycap_dir; 79 unsigned long last_ino; 80 struct selinux_state *state; 81 struct super_block *sb; 82}; 83 84static int selinux_fs_info_create(struct super_block *sb) 85{ 86 struct selinux_fs_info *fsi; 87 88 fsi = kzalloc(sizeof(*fsi), GFP_KERNEL); 89 if (!fsi) 90 return -ENOMEM; 91 92 fsi->last_ino = SEL_INO_NEXT - 1; 93 fsi->state = &selinux_state; 94 fsi->sb = sb; 95 sb->s_fs_info = fsi; 96 return 0; 97} 98 99static void selinux_fs_info_free(struct super_block *sb) 100{ 101 struct selinux_fs_info *fsi = sb->s_fs_info; 102 int i; 103 104 if (fsi) { 105 for (i = 0; i < fsi->bool_num; i++) 106 kfree(fsi->bool_pending_names[i]); 107 kfree(fsi->bool_pending_names); 108 kfree(fsi->bool_pending_values); 109 } 110 kfree(sb->s_fs_info); 111 sb->s_fs_info = NULL; 112} 113 114#define SEL_INITCON_INO_OFFSET 0x01000000 115#define SEL_BOOL_INO_OFFSET 0x02000000 116#define SEL_CLASS_INO_OFFSET 0x04000000 117#define SEL_POLICYCAP_INO_OFFSET 0x08000000 118#define SEL_INO_MASK 0x00ffffff 119 120#define BOOL_DIR_NAME "booleans" 121#define CLASS_DIR_NAME "class" 122#define POLICYCAP_DIR_NAME "policy_capabilities" 123 124#define TMPBUFLEN 12 125static ssize_t sel_read_enforce(struct file *filp, char __user *buf, 126 size_t count, loff_t *ppos) 127{ 128 struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info; 129 char tmpbuf[TMPBUFLEN]; 130 ssize_t length; 131 132 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", 133 enforcing_enabled(fsi->state)); 134 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 135} 136 137#ifdef CONFIG_SECURITY_SELINUX_DEVELOP 138static ssize_t sel_write_enforce(struct file *file, const char __user *buf, 139 size_t count, loff_t *ppos) 140 141{ 142 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 143 struct selinux_state *state = fsi->state; 144 char *page = NULL; 145 ssize_t length; 146 int old_value, new_value; 147 148 if (count >= PAGE_SIZE) 149 return -ENOMEM; 150 151 /* No partial writes. */ 152 if (*ppos != 0) 153 return -EINVAL; 154 155 page = memdup_user_nul(buf, count); 156 if (IS_ERR(page)) 157 return PTR_ERR(page); 158 159 length = -EINVAL; 160 if (sscanf(page, "%d", &new_value) != 1) 161 goto out; 162 163 new_value = !!new_value; 164 165 old_value = enforcing_enabled(state); 166 if (new_value != old_value) { 167 length = avc_has_perm(&selinux_state, 168 current_sid(), SECINITSID_SECURITY, 169 SECCLASS_SECURITY, SECURITY__SETENFORCE, 170 NULL); 171 if (length) 172 goto out; 173 audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS, 174 "enforcing=%d old_enforcing=%d auid=%u ses=%u" 175 " enabled=1 old-enabled=1 lsm=selinux res=1", 176 new_value, old_value, 177 from_kuid(&init_user_ns, audit_get_loginuid(current)), 178 audit_get_sessionid(current)); 179 enforcing_set(state, new_value); 180 if (new_value) 181 avc_ss_reset(state->avc, 0); 182 selnl_notify_setenforce(new_value); 183 selinux_status_update_setenforce(state, new_value); 184 if (!new_value) 185 call_blocking_lsm_notifier(LSM_POLICY_CHANGE, NULL); 186 187 selinux_ima_measure_state(state); 188 } 189 length = count; 190out: 191 kfree(page); 192 return length; 193} 194#else 195#define sel_write_enforce NULL 196#endif 197 198static const struct file_operations sel_enforce_ops = { 199 .read = sel_read_enforce, 200 .write = sel_write_enforce, 201 .llseek = generic_file_llseek, 202}; 203 204static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf, 205 size_t count, loff_t *ppos) 206{ 207 struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info; 208 struct selinux_state *state = fsi->state; 209 char tmpbuf[TMPBUFLEN]; 210 ssize_t length; 211 ino_t ino = file_inode(filp)->i_ino; 212 int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ? 213 security_get_reject_unknown(state) : 214 !security_get_allow_unknown(state); 215 216 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown); 217 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 218} 219 220static const struct file_operations sel_handle_unknown_ops = { 221 .read = sel_read_handle_unknown, 222 .llseek = generic_file_llseek, 223}; 224 225static int sel_open_handle_status(struct inode *inode, struct file *filp) 226{ 227 struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info; 228 struct page *status = selinux_kernel_status_page(fsi->state); 229 230 if (!status) 231 return -ENOMEM; 232 233 filp->private_data = status; 234 235 return 0; 236} 237 238static ssize_t sel_read_handle_status(struct file *filp, char __user *buf, 239 size_t count, loff_t *ppos) 240{ 241 struct page *status = filp->private_data; 242 243 BUG_ON(!status); 244 245 return simple_read_from_buffer(buf, count, ppos, 246 page_address(status), 247 sizeof(struct selinux_kernel_status)); 248} 249 250static int sel_mmap_handle_status(struct file *filp, 251 struct vm_area_struct *vma) 252{ 253 struct page *status = filp->private_data; 254 unsigned long size = vma->vm_end - vma->vm_start; 255 256 BUG_ON(!status); 257 258 /* only allows one page from the head */ 259 if (vma->vm_pgoff > 0 || size != PAGE_SIZE) 260 return -EIO; 261 /* disallow writable mapping */ 262 if (vma->vm_flags & VM_WRITE) 263 return -EPERM; 264 /* disallow mprotect() turns it into writable */ 265 vma->vm_flags &= ~VM_MAYWRITE; 266 267 return remap_pfn_range(vma, vma->vm_start, 268 page_to_pfn(status), 269 size, vma->vm_page_prot); 270} 271 272static const struct file_operations sel_handle_status_ops = { 273 .open = sel_open_handle_status, 274 .read = sel_read_handle_status, 275 .mmap = sel_mmap_handle_status, 276 .llseek = generic_file_llseek, 277}; 278 279#ifdef CONFIG_SECURITY_SELINUX_DISABLE 280static ssize_t sel_write_disable(struct file *file, const char __user *buf, 281 size_t count, loff_t *ppos) 282 283{ 284 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 285 char *page; 286 ssize_t length; 287 int new_value; 288 int enforcing; 289 290 /* NOTE: we are now officially considering runtime disable as 291 * deprecated, and using it will become increasingly painful 292 * (e.g. sleeping/blocking) as we progress through future 293 * kernel releases until eventually it is removed 294 */ 295 pr_err("SELinux: Runtime disable is deprecated, use selinux=0 on the kernel cmdline.\n"); 296 pr_err("SELinux: https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-runtime-disable\n"); 297 ssleep(5); 298 299 if (count >= PAGE_SIZE) 300 return -ENOMEM; 301 302 /* No partial writes. */ 303 if (*ppos != 0) 304 return -EINVAL; 305 306 page = memdup_user_nul(buf, count); 307 if (IS_ERR(page)) 308 return PTR_ERR(page); 309 310 length = -EINVAL; 311 if (sscanf(page, "%d", &new_value) != 1) 312 goto out; 313 314 if (new_value) { 315 enforcing = enforcing_enabled(fsi->state); 316 length = selinux_disable(fsi->state); 317 if (length) 318 goto out; 319 audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS, 320 "enforcing=%d old_enforcing=%d auid=%u ses=%u" 321 " enabled=0 old-enabled=1 lsm=selinux res=1", 322 enforcing, enforcing, 323 from_kuid(&init_user_ns, audit_get_loginuid(current)), 324 audit_get_sessionid(current)); 325 } 326 327 length = count; 328out: 329 kfree(page); 330 return length; 331} 332#else 333#define sel_write_disable NULL 334#endif 335 336static const struct file_operations sel_disable_ops = { 337 .write = sel_write_disable, 338 .llseek = generic_file_llseek, 339}; 340 341static ssize_t sel_read_policyvers(struct file *filp, char __user *buf, 342 size_t count, loff_t *ppos) 343{ 344 char tmpbuf[TMPBUFLEN]; 345 ssize_t length; 346 347 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX); 348 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 349} 350 351static const struct file_operations sel_policyvers_ops = { 352 .read = sel_read_policyvers, 353 .llseek = generic_file_llseek, 354}; 355 356/* declaration for sel_write_load */ 357static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_dir, 358 unsigned int *bool_num, char ***bool_pending_names, 359 unsigned int **bool_pending_values); 360static int sel_make_classes(struct selinux_policy *newpolicy, 361 struct dentry *class_dir, 362 unsigned long *last_class_ino); 363 364/* declaration for sel_make_class_dirs */ 365static struct dentry *sel_make_dir(struct dentry *dir, const char *name, 366 unsigned long *ino); 367 368/* declaration for sel_make_policy_nodes */ 369static struct dentry *sel_make_disconnected_dir(struct super_block *sb, 370 unsigned long *ino); 371 372/* declaration for sel_make_policy_nodes */ 373static void sel_remove_entries(struct dentry *de); 374 375static ssize_t sel_read_mls(struct file *filp, char __user *buf, 376 size_t count, loff_t *ppos) 377{ 378 struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info; 379 char tmpbuf[TMPBUFLEN]; 380 ssize_t length; 381 382 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", 383 security_mls_enabled(fsi->state)); 384 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 385} 386 387static const struct file_operations sel_mls_ops = { 388 .read = sel_read_mls, 389 .llseek = generic_file_llseek, 390}; 391 392struct policy_load_memory { 393 size_t len; 394 void *data; 395}; 396 397static int sel_open_policy(struct inode *inode, struct file *filp) 398{ 399 struct selinux_fs_info *fsi = inode->i_sb->s_fs_info; 400 struct selinux_state *state = fsi->state; 401 struct policy_load_memory *plm = NULL; 402 int rc; 403 404 BUG_ON(filp->private_data); 405 406 mutex_lock(&fsi->state->policy_mutex); 407 408 rc = avc_has_perm(&selinux_state, 409 current_sid(), SECINITSID_SECURITY, 410 SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL); 411 if (rc) 412 goto err; 413 414 rc = -EBUSY; 415 if (fsi->policy_opened) 416 goto err; 417 418 rc = -ENOMEM; 419 plm = kzalloc(sizeof(*plm), GFP_KERNEL); 420 if (!plm) 421 goto err; 422 423 rc = security_read_policy(state, &plm->data, &plm->len); 424 if (rc) 425 goto err; 426 427 if ((size_t)i_size_read(inode) != plm->len) { 428 inode_lock(inode); 429 i_size_write(inode, plm->len); 430 inode_unlock(inode); 431 } 432 433 fsi->policy_opened = 1; 434 435 filp->private_data = plm; 436 437 mutex_unlock(&fsi->state->policy_mutex); 438 439 return 0; 440err: 441 mutex_unlock(&fsi->state->policy_mutex); 442 443 if (plm) 444 vfree(plm->data); 445 kfree(plm); 446 return rc; 447} 448 449static int sel_release_policy(struct inode *inode, struct file *filp) 450{ 451 struct selinux_fs_info *fsi = inode->i_sb->s_fs_info; 452 struct policy_load_memory *plm = filp->private_data; 453 454 BUG_ON(!plm); 455 456 fsi->policy_opened = 0; 457 458 vfree(plm->data); 459 kfree(plm); 460 461 return 0; 462} 463 464static ssize_t sel_read_policy(struct file *filp, char __user *buf, 465 size_t count, loff_t *ppos) 466{ 467 struct policy_load_memory *plm = filp->private_data; 468 int ret; 469 470 ret = avc_has_perm(&selinux_state, 471 current_sid(), SECINITSID_SECURITY, 472 SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL); 473 if (ret) 474 return ret; 475 476 return simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); 477} 478 479static vm_fault_t sel_mmap_policy_fault(struct vm_fault *vmf) 480{ 481 struct policy_load_memory *plm = vmf->vma->vm_file->private_data; 482 unsigned long offset; 483 struct page *page; 484 485 if (vmf->flags & (FAULT_FLAG_MKWRITE | FAULT_FLAG_WRITE)) 486 return VM_FAULT_SIGBUS; 487 488 offset = vmf->pgoff << PAGE_SHIFT; 489 if (offset >= roundup(plm->len, PAGE_SIZE)) 490 return VM_FAULT_SIGBUS; 491 492 page = vmalloc_to_page(plm->data + offset); 493 get_page(page); 494 495 vmf->page = page; 496 497 return 0; 498} 499 500static const struct vm_operations_struct sel_mmap_policy_ops = { 501 .fault = sel_mmap_policy_fault, 502 .page_mkwrite = sel_mmap_policy_fault, 503}; 504 505static int sel_mmap_policy(struct file *filp, struct vm_area_struct *vma) 506{ 507 if (vma->vm_flags & VM_SHARED) { 508 /* do not allow mprotect to make mapping writable */ 509 vma->vm_flags &= ~VM_MAYWRITE; 510 511 if (vma->vm_flags & VM_WRITE) 512 return -EACCES; 513 } 514 515 vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP; 516 vma->vm_ops = &sel_mmap_policy_ops; 517 518 return 0; 519} 520 521static const struct file_operations sel_policy_ops = { 522 .open = sel_open_policy, 523 .read = sel_read_policy, 524 .mmap = sel_mmap_policy, 525 .release = sel_release_policy, 526 .llseek = generic_file_llseek, 527}; 528 529static void sel_remove_old_bool_data(unsigned int bool_num, char **bool_names, 530 unsigned int *bool_values) 531{ 532 u32 i; 533 534 /* bool_dir cleanup */ 535 for (i = 0; i < bool_num; i++) 536 kfree(bool_names[i]); 537 kfree(bool_names); 538 kfree(bool_values); 539} 540 541static int sel_make_policy_nodes(struct selinux_fs_info *fsi, 542 struct selinux_policy *newpolicy) 543{ 544 int ret = 0; 545 struct dentry *tmp_parent, *tmp_bool_dir, *tmp_class_dir, *old_dentry; 546 unsigned int tmp_bool_num, old_bool_num; 547 char **tmp_bool_names, **old_bool_names; 548 unsigned int *tmp_bool_values, *old_bool_values; 549 unsigned long tmp_ino = fsi->last_ino; /* Don't increment last_ino in this function */ 550 551 tmp_parent = sel_make_disconnected_dir(fsi->sb, &tmp_ino); 552 if (IS_ERR(tmp_parent)) 553 return PTR_ERR(tmp_parent); 554 555 tmp_ino = fsi->bool_dir->d_inode->i_ino - 1; /* sel_make_dir will increment and set */ 556 tmp_bool_dir = sel_make_dir(tmp_parent, BOOL_DIR_NAME, &tmp_ino); 557 if (IS_ERR(tmp_bool_dir)) { 558 ret = PTR_ERR(tmp_bool_dir); 559 goto out; 560 } 561 562 tmp_ino = fsi->class_dir->d_inode->i_ino - 1; /* sel_make_dir will increment and set */ 563 tmp_class_dir = sel_make_dir(tmp_parent, CLASS_DIR_NAME, &tmp_ino); 564 if (IS_ERR(tmp_class_dir)) { 565 ret = PTR_ERR(tmp_class_dir); 566 goto out; 567 } 568 569 ret = sel_make_bools(newpolicy, tmp_bool_dir, &tmp_bool_num, 570 &tmp_bool_names, &tmp_bool_values); 571 if (ret) 572 goto out; 573 574 ret = sel_make_classes(newpolicy, tmp_class_dir, 575 &fsi->last_class_ino); 576 if (ret) 577 goto out; 578 579 /* booleans */ 580 old_dentry = fsi->bool_dir; 581 lock_rename(tmp_bool_dir, old_dentry); 582 d_exchange(tmp_bool_dir, fsi->bool_dir); 583 584 old_bool_num = fsi->bool_num; 585 old_bool_names = fsi->bool_pending_names; 586 old_bool_values = fsi->bool_pending_values; 587 588 fsi->bool_num = tmp_bool_num; 589 fsi->bool_pending_names = tmp_bool_names; 590 fsi->bool_pending_values = tmp_bool_values; 591 592 sel_remove_old_bool_data(old_bool_num, old_bool_names, old_bool_values); 593 594 fsi->bool_dir = tmp_bool_dir; 595 unlock_rename(tmp_bool_dir, old_dentry); 596 597 /* classes */ 598 old_dentry = fsi->class_dir; 599 lock_rename(tmp_class_dir, old_dentry); 600 d_exchange(tmp_class_dir, fsi->class_dir); 601 fsi->class_dir = tmp_class_dir; 602 unlock_rename(tmp_class_dir, old_dentry); 603 604out: 605 /* Since the other temporary dirs are children of tmp_parent 606 * this will handle all the cleanup in the case of a failure before 607 * the swapover 608 */ 609 sel_remove_entries(tmp_parent); 610 dput(tmp_parent); /* d_genocide() only handles the children */ 611 612 return ret; 613} 614 615static ssize_t sel_write_load(struct file *file, const char __user *buf, 616 size_t count, loff_t *ppos) 617 618{ 619 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 620 struct selinux_load_state load_state; 621 ssize_t length; 622 void *data = NULL; 623 624 mutex_lock(&fsi->state->policy_mutex); 625 626 length = avc_has_perm(&selinux_state, 627 current_sid(), SECINITSID_SECURITY, 628 SECCLASS_SECURITY, SECURITY__LOAD_POLICY, NULL); 629 if (length) 630 goto out; 631 632 /* No partial writes. */ 633 length = -EINVAL; 634 if (*ppos != 0) 635 goto out; 636 637 length = -ENOMEM; 638 data = vmalloc(count); 639 if (!data) 640 goto out; 641 642 length = -EFAULT; 643 if (copy_from_user(data, buf, count) != 0) 644 goto out; 645 646 length = security_load_policy(fsi->state, data, count, &load_state); 647 if (length) { 648 pr_warn_ratelimited("SELinux: failed to load policy\n"); 649 goto out; 650 } 651 652 length = sel_make_policy_nodes(fsi, load_state.policy); 653 if (length) { 654 pr_warn_ratelimited("SELinux: failed to initialize selinuxfs\n"); 655 selinux_policy_cancel(fsi->state, &load_state); 656 goto out; 657 } 658 659 selinux_policy_commit(fsi->state, &load_state); 660 661 length = count; 662 663 audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, 664 "auid=%u ses=%u lsm=selinux res=1", 665 from_kuid(&init_user_ns, audit_get_loginuid(current)), 666 audit_get_sessionid(current)); 667out: 668 mutex_unlock(&fsi->state->policy_mutex); 669 vfree(data); 670 return length; 671} 672 673static const struct file_operations sel_load_ops = { 674 .write = sel_write_load, 675 .llseek = generic_file_llseek, 676}; 677 678static ssize_t sel_write_context(struct file *file, char *buf, size_t size) 679{ 680 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 681 struct selinux_state *state = fsi->state; 682 char *canon = NULL; 683 u32 sid, len; 684 ssize_t length; 685 686 length = avc_has_perm(&selinux_state, 687 current_sid(), SECINITSID_SECURITY, 688 SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, NULL); 689 if (length) 690 goto out; 691 692 length = security_context_to_sid(state, buf, size, &sid, GFP_KERNEL); 693 if (length) 694 goto out; 695 696 length = security_sid_to_context(state, sid, &canon, &len); 697 if (length) 698 goto out; 699 700 length = -ERANGE; 701 if (len > SIMPLE_TRANSACTION_LIMIT) { 702 pr_err("SELinux: %s: context size (%u) exceeds " 703 "payload max\n", __func__, len); 704 goto out; 705 } 706 707 memcpy(buf, canon, len); 708 length = len; 709out: 710 kfree(canon); 711 return length; 712} 713 714static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf, 715 size_t count, loff_t *ppos) 716{ 717 struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info; 718 char tmpbuf[TMPBUFLEN]; 719 ssize_t length; 720 721 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", 722 checkreqprot_get(fsi->state)); 723 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 724} 725 726static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, 727 size_t count, loff_t *ppos) 728{ 729 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 730 char *page; 731 ssize_t length; 732 unsigned int new_value; 733 734 length = avc_has_perm(&selinux_state, 735 current_sid(), SECINITSID_SECURITY, 736 SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT, 737 NULL); 738 if (length) 739 return length; 740 741 if (count >= PAGE_SIZE) 742 return -ENOMEM; 743 744 /* No partial writes. */ 745 if (*ppos != 0) 746 return -EINVAL; 747 748 page = memdup_user_nul(buf, count); 749 if (IS_ERR(page)) 750 return PTR_ERR(page); 751 752 length = -EINVAL; 753 if (sscanf(page, "%u", &new_value) != 1) 754 goto out; 755 756 if (new_value) { 757 char comm[sizeof(current->comm)]; 758 759 memcpy(comm, current->comm, sizeof(comm)); 760 pr_err("SELinux: %s (%d) set checkreqprot to 1. This is deprecated and will be rejected in a future kernel release.\n", 761 comm, current->pid); 762 } 763 764 checkreqprot_set(fsi->state, (new_value ? 1 : 0)); 765 if (new_value) 766 ssleep(5); 767 length = count; 768 769 selinux_ima_measure_state(fsi->state); 770 771out: 772 kfree(page); 773 return length; 774} 775static const struct file_operations sel_checkreqprot_ops = { 776 .read = sel_read_checkreqprot, 777 .write = sel_write_checkreqprot, 778 .llseek = generic_file_llseek, 779}; 780 781static ssize_t sel_write_validatetrans(struct file *file, 782 const char __user *buf, 783 size_t count, loff_t *ppos) 784{ 785 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 786 struct selinux_state *state = fsi->state; 787 char *oldcon = NULL, *newcon = NULL, *taskcon = NULL; 788 char *req = NULL; 789 u32 osid, nsid, tsid; 790 u16 tclass; 791 int rc; 792 793 rc = avc_has_perm(&selinux_state, 794 current_sid(), SECINITSID_SECURITY, 795 SECCLASS_SECURITY, SECURITY__VALIDATE_TRANS, NULL); 796 if (rc) 797 goto out; 798 799 rc = -ENOMEM; 800 if (count >= PAGE_SIZE) 801 goto out; 802 803 /* No partial writes. */ 804 rc = -EINVAL; 805 if (*ppos != 0) 806 goto out; 807 808 req = memdup_user_nul(buf, count); 809 if (IS_ERR(req)) { 810 rc = PTR_ERR(req); 811 req = NULL; 812 goto out; 813 } 814 815 rc = -ENOMEM; 816 oldcon = kzalloc(count + 1, GFP_KERNEL); 817 if (!oldcon) 818 goto out; 819 820 newcon = kzalloc(count + 1, GFP_KERNEL); 821 if (!newcon) 822 goto out; 823 824 taskcon = kzalloc(count + 1, GFP_KERNEL); 825 if (!taskcon) 826 goto out; 827 828 rc = -EINVAL; 829 if (sscanf(req, "%s %s %hu %s", oldcon, newcon, &tclass, taskcon) != 4) 830 goto out; 831 832 rc = security_context_str_to_sid(state, oldcon, &osid, GFP_KERNEL); 833 if (rc) 834 goto out; 835 836 rc = security_context_str_to_sid(state, newcon, &nsid, GFP_KERNEL); 837 if (rc) 838 goto out; 839 840 rc = security_context_str_to_sid(state, taskcon, &tsid, GFP_KERNEL); 841 if (rc) 842 goto out; 843 844 rc = security_validate_transition_user(state, osid, nsid, tsid, tclass); 845 if (!rc) 846 rc = count; 847out: 848 kfree(req); 849 kfree(oldcon); 850 kfree(newcon); 851 kfree(taskcon); 852 return rc; 853} 854 855static const struct file_operations sel_transition_ops = { 856 .write = sel_write_validatetrans, 857 .llseek = generic_file_llseek, 858}; 859 860/* 861 * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c 862 */ 863static ssize_t sel_write_access(struct file *file, char *buf, size_t size); 864static ssize_t sel_write_create(struct file *file, char *buf, size_t size); 865static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size); 866static ssize_t sel_write_user(struct file *file, char *buf, size_t size); 867static ssize_t sel_write_member(struct file *file, char *buf, size_t size); 868 869static ssize_t (*const write_op[])(struct file *, char *, size_t) = { 870 [SEL_ACCESS] = sel_write_access, 871 [SEL_CREATE] = sel_write_create, 872 [SEL_RELABEL] = sel_write_relabel, 873 [SEL_USER] = sel_write_user, 874 [SEL_MEMBER] = sel_write_member, 875 [SEL_CONTEXT] = sel_write_context, 876}; 877 878static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos) 879{ 880 ino_t ino = file_inode(file)->i_ino; 881 char *data; 882 ssize_t rv; 883 884 if (ino >= ARRAY_SIZE(write_op) || !write_op[ino]) 885 return -EINVAL; 886 887 data = simple_transaction_get(file, buf, size); 888 if (IS_ERR(data)) 889 return PTR_ERR(data); 890 891 rv = write_op[ino](file, data, size); 892 if (rv > 0) { 893 simple_transaction_set(file, rv); 894 rv = size; 895 } 896 return rv; 897} 898 899static const struct file_operations transaction_ops = { 900 .write = selinux_transaction_write, 901 .read = simple_transaction_read, 902 .release = simple_transaction_release, 903 .llseek = generic_file_llseek, 904}; 905 906/* 907 * payload - write methods 908 * If the method has a response, the response should be put in buf, 909 * and the length returned. Otherwise return 0 or and -error. 910 */ 911 912static ssize_t sel_write_access(struct file *file, char *buf, size_t size) 913{ 914 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 915 struct selinux_state *state = fsi->state; 916 char *scon = NULL, *tcon = NULL; 917 u32 ssid, tsid; 918 u16 tclass; 919 struct av_decision avd; 920 ssize_t length; 921 922 length = avc_has_perm(&selinux_state, 923 current_sid(), SECINITSID_SECURITY, 924 SECCLASS_SECURITY, SECURITY__COMPUTE_AV, NULL); 925 if (length) 926 goto out; 927 928 length = -ENOMEM; 929 scon = kzalloc(size + 1, GFP_KERNEL); 930 if (!scon) 931 goto out; 932 933 length = -ENOMEM; 934 tcon = kzalloc(size + 1, GFP_KERNEL); 935 if (!tcon) 936 goto out; 937 938 length = -EINVAL; 939 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 940 goto out; 941 942 length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL); 943 if (length) 944 goto out; 945 946 length = security_context_str_to_sid(state, tcon, &tsid, GFP_KERNEL); 947 if (length) 948 goto out; 949 950 security_compute_av_user(state, ssid, tsid, tclass, &avd); 951 952 length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT, 953 "%x %x %x %x %u %x", 954 avd.allowed, 0xffffffff, 955 avd.auditallow, avd.auditdeny, 956 avd.seqno, avd.flags); 957out: 958 kfree(tcon); 959 kfree(scon); 960 return length; 961} 962 963static ssize_t sel_write_create(struct file *file, char *buf, size_t size) 964{ 965 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 966 struct selinux_state *state = fsi->state; 967 char *scon = NULL, *tcon = NULL; 968 char *namebuf = NULL, *objname = NULL; 969 u32 ssid, tsid, newsid; 970 u16 tclass; 971 ssize_t length; 972 char *newcon = NULL; 973 u32 len; 974 int nargs; 975 976 length = avc_has_perm(&selinux_state, 977 current_sid(), SECINITSID_SECURITY, 978 SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, 979 NULL); 980 if (length) 981 goto out; 982 983 length = -ENOMEM; 984 scon = kzalloc(size + 1, GFP_KERNEL); 985 if (!scon) 986 goto out; 987 988 length = -ENOMEM; 989 tcon = kzalloc(size + 1, GFP_KERNEL); 990 if (!tcon) 991 goto out; 992 993 length = -ENOMEM; 994 namebuf = kzalloc(size + 1, GFP_KERNEL); 995 if (!namebuf) 996 goto out; 997 998 length = -EINVAL; 999 nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf); 1000 if (nargs < 3 || nargs > 4) 1001 goto out; 1002 if (nargs == 4) { 1003 /* 1004 * If and when the name of new object to be queried contains 1005 * either whitespace or multibyte characters, they shall be 1006 * encoded based on the percentage-encoding rule. 1007 * If not encoded, the sscanf logic picks up only left-half 1008 * of the supplied name; splitted by a whitespace unexpectedly. 1009 */ 1010 char *r, *w; 1011 int c1, c2; 1012 1013 r = w = namebuf; 1014 do { 1015 c1 = *r++; 1016 if (c1 == '+') 1017 c1 = ' '; 1018 else if (c1 == '%') { 1019 c1 = hex_to_bin(*r++); 1020 if (c1 < 0) 1021 goto out; 1022 c2 = hex_to_bin(*r++); 1023 if (c2 < 0) 1024 goto out; 1025 c1 = (c1 << 4) | c2; 1026 } 1027 *w++ = c1; 1028 } while (c1 != '\0'); 1029 1030 objname = namebuf; 1031 } 1032 1033 length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL); 1034 if (length) 1035 goto out; 1036 1037 length = security_context_str_to_sid(state, tcon, &tsid, GFP_KERNEL); 1038 if (length) 1039 goto out; 1040 1041 length = security_transition_sid_user(state, ssid, tsid, tclass, 1042 objname, &newsid); 1043 if (length) 1044 goto out; 1045 1046 length = security_sid_to_context(state, newsid, &newcon, &len); 1047 if (length) 1048 goto out; 1049 1050 length = -ERANGE; 1051 if (len > SIMPLE_TRANSACTION_LIMIT) { 1052 pr_err("SELinux: %s: context size (%u) exceeds " 1053 "payload max\n", __func__, len); 1054 goto out; 1055 } 1056 1057 memcpy(buf, newcon, len); 1058 length = len; 1059out: 1060 kfree(newcon); 1061 kfree(namebuf); 1062 kfree(tcon); 1063 kfree(scon); 1064 return length; 1065} 1066 1067static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size) 1068{ 1069 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 1070 struct selinux_state *state = fsi->state; 1071 char *scon = NULL, *tcon = NULL; 1072 u32 ssid, tsid, newsid; 1073 u16 tclass; 1074 ssize_t length; 1075 char *newcon = NULL; 1076 u32 len; 1077 1078 length = avc_has_perm(&selinux_state, 1079 current_sid(), SECINITSID_SECURITY, 1080 SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, 1081 NULL); 1082 if (length) 1083 goto out; 1084 1085 length = -ENOMEM; 1086 scon = kzalloc(size + 1, GFP_KERNEL); 1087 if (!scon) 1088 goto out; 1089 1090 length = -ENOMEM; 1091 tcon = kzalloc(size + 1, GFP_KERNEL); 1092 if (!tcon) 1093 goto out; 1094 1095 length = -EINVAL; 1096 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 1097 goto out; 1098 1099 length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL); 1100 if (length) 1101 goto out; 1102 1103 length = security_context_str_to_sid(state, tcon, &tsid, GFP_KERNEL); 1104 if (length) 1105 goto out; 1106 1107 length = security_change_sid(state, ssid, tsid, tclass, &newsid); 1108 if (length) 1109 goto out; 1110 1111 length = security_sid_to_context(state, newsid, &newcon, &len); 1112 if (length) 1113 goto out; 1114 1115 length = -ERANGE; 1116 if (len > SIMPLE_TRANSACTION_LIMIT) 1117 goto out; 1118 1119 memcpy(buf, newcon, len); 1120 length = len; 1121out: 1122 kfree(newcon); 1123 kfree(tcon); 1124 kfree(scon); 1125 return length; 1126} 1127 1128static ssize_t sel_write_user(struct file *file, char *buf, size_t size) 1129{ 1130 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 1131 struct selinux_state *state = fsi->state; 1132 char *con = NULL, *user = NULL, *ptr; 1133 u32 sid, *sids = NULL; 1134 ssize_t length; 1135 char *newcon; 1136 int i, rc; 1137 u32 len, nsids; 1138 1139 length = avc_has_perm(&selinux_state, 1140 current_sid(), SECINITSID_SECURITY, 1141 SECCLASS_SECURITY, SECURITY__COMPUTE_USER, 1142 NULL); 1143 if (length) 1144 goto out; 1145 1146 length = -ENOMEM; 1147 con = kzalloc(size + 1, GFP_KERNEL); 1148 if (!con) 1149 goto out; 1150 1151 length = -ENOMEM; 1152 user = kzalloc(size + 1, GFP_KERNEL); 1153 if (!user) 1154 goto out; 1155 1156 length = -EINVAL; 1157 if (sscanf(buf, "%s %s", con, user) != 2) 1158 goto out; 1159 1160 length = security_context_str_to_sid(state, con, &sid, GFP_KERNEL); 1161 if (length) 1162 goto out; 1163 1164 length = security_get_user_sids(state, sid, user, &sids, &nsids); 1165 if (length) 1166 goto out; 1167 1168 length = sprintf(buf, "%u", nsids) + 1; 1169 ptr = buf + length; 1170 for (i = 0; i < nsids; i++) { 1171 rc = security_sid_to_context(state, sids[i], &newcon, &len); 1172 if (rc) { 1173 length = rc; 1174 goto out; 1175 } 1176 if ((length + len) >= SIMPLE_TRANSACTION_LIMIT) { 1177 kfree(newcon); 1178 length = -ERANGE; 1179 goto out; 1180 } 1181 memcpy(ptr, newcon, len); 1182 kfree(newcon); 1183 ptr += len; 1184 length += len; 1185 } 1186out: 1187 kfree(sids); 1188 kfree(user); 1189 kfree(con); 1190 return length; 1191} 1192 1193static ssize_t sel_write_member(struct file *file, char *buf, size_t size) 1194{ 1195 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 1196 struct selinux_state *state = fsi->state; 1197 char *scon = NULL, *tcon = NULL; 1198 u32 ssid, tsid, newsid; 1199 u16 tclass; 1200 ssize_t length; 1201 char *newcon = NULL; 1202 u32 len; 1203 1204 length = avc_has_perm(&selinux_state, 1205 current_sid(), SECINITSID_SECURITY, 1206 SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, 1207 NULL); 1208 if (length) 1209 goto out; 1210 1211 length = -ENOMEM; 1212 scon = kzalloc(size + 1, GFP_KERNEL); 1213 if (!scon) 1214 goto out; 1215 1216 length = -ENOMEM; 1217 tcon = kzalloc(size + 1, GFP_KERNEL); 1218 if (!tcon) 1219 goto out; 1220 1221 length = -EINVAL; 1222 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 1223 goto out; 1224 1225 length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL); 1226 if (length) 1227 goto out; 1228 1229 length = security_context_str_to_sid(state, tcon, &tsid, GFP_KERNEL); 1230 if (length) 1231 goto out; 1232 1233 length = security_member_sid(state, ssid, tsid, tclass, &newsid); 1234 if (length) 1235 goto out; 1236 1237 length = security_sid_to_context(state, newsid, &newcon, &len); 1238 if (length) 1239 goto out; 1240 1241 length = -ERANGE; 1242 if (len > SIMPLE_TRANSACTION_LIMIT) { 1243 pr_err("SELinux: %s: context size (%u) exceeds " 1244 "payload max\n", __func__, len); 1245 goto out; 1246 } 1247 1248 memcpy(buf, newcon, len); 1249 length = len; 1250out: 1251 kfree(newcon); 1252 kfree(tcon); 1253 kfree(scon); 1254 return length; 1255} 1256 1257static struct inode *sel_make_inode(struct super_block *sb, int mode) 1258{ 1259 struct inode *ret = new_inode(sb); 1260 1261 if (ret) { 1262 ret->i_mode = mode; 1263 ret->i_atime = ret->i_mtime = ret->i_ctime = current_time(ret); 1264 } 1265 return ret; 1266} 1267 1268static ssize_t sel_read_bool(struct file *filep, char __user *buf, 1269 size_t count, loff_t *ppos) 1270{ 1271 struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info; 1272 char *page = NULL; 1273 ssize_t length; 1274 ssize_t ret; 1275 int cur_enforcing; 1276 unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; 1277 const char *name = filep->f_path.dentry->d_name.name; 1278 1279 mutex_lock(&fsi->state->policy_mutex); 1280 1281 ret = -EINVAL; 1282 if (index >= fsi->bool_num || strcmp(name, 1283 fsi->bool_pending_names[index])) 1284 goto out_unlock; 1285 1286 ret = -ENOMEM; 1287 page = (char *)get_zeroed_page(GFP_KERNEL); 1288 if (!page) 1289 goto out_unlock; 1290 1291 cur_enforcing = security_get_bool_value(fsi->state, index); 1292 if (cur_enforcing < 0) { 1293 ret = cur_enforcing; 1294 goto out_unlock; 1295 } 1296 length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing, 1297 fsi->bool_pending_values[index]); 1298 mutex_unlock(&fsi->state->policy_mutex); 1299 ret = simple_read_from_buffer(buf, count, ppos, page, length); 1300out_free: 1301 free_page((unsigned long)page); 1302 return ret; 1303 1304out_unlock: 1305 mutex_unlock(&fsi->state->policy_mutex); 1306 goto out_free; 1307} 1308 1309static ssize_t sel_write_bool(struct file *filep, const char __user *buf, 1310 size_t count, loff_t *ppos) 1311{ 1312 struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info; 1313 char *page = NULL; 1314 ssize_t length; 1315 int new_value; 1316 unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; 1317 const char *name = filep->f_path.dentry->d_name.name; 1318 1319 if (count >= PAGE_SIZE) 1320 return -ENOMEM; 1321 1322 /* No partial writes. */ 1323 if (*ppos != 0) 1324 return -EINVAL; 1325 1326 page = memdup_user_nul(buf, count); 1327 if (IS_ERR(page)) 1328 return PTR_ERR(page); 1329 1330 mutex_lock(&fsi->state->policy_mutex); 1331 1332 length = avc_has_perm(&selinux_state, 1333 current_sid(), SECINITSID_SECURITY, 1334 SECCLASS_SECURITY, SECURITY__SETBOOL, 1335 NULL); 1336 if (length) 1337 goto out; 1338 1339 length = -EINVAL; 1340 if (index >= fsi->bool_num || strcmp(name, 1341 fsi->bool_pending_names[index])) 1342 goto out; 1343 1344 length = -EINVAL; 1345 if (sscanf(page, "%d", &new_value) != 1) 1346 goto out; 1347 1348 if (new_value) 1349 new_value = 1; 1350 1351 fsi->bool_pending_values[index] = new_value; 1352 length = count; 1353 1354out: 1355 mutex_unlock(&fsi->state->policy_mutex); 1356 kfree(page); 1357 return length; 1358} 1359 1360static const struct file_operations sel_bool_ops = { 1361 .read = sel_read_bool, 1362 .write = sel_write_bool, 1363 .llseek = generic_file_llseek, 1364}; 1365 1366static ssize_t sel_commit_bools_write(struct file *filep, 1367 const char __user *buf, 1368 size_t count, loff_t *ppos) 1369{ 1370 struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info; 1371 char *page = NULL; 1372 ssize_t length; 1373 int new_value; 1374 1375 if (count >= PAGE_SIZE) 1376 return -ENOMEM; 1377 1378 /* No partial writes. */ 1379 if (*ppos != 0) 1380 return -EINVAL; 1381 1382 page = memdup_user_nul(buf, count); 1383 if (IS_ERR(page)) 1384 return PTR_ERR(page); 1385 1386 mutex_lock(&fsi->state->policy_mutex); 1387 1388 length = avc_has_perm(&selinux_state, 1389 current_sid(), SECINITSID_SECURITY, 1390 SECCLASS_SECURITY, SECURITY__SETBOOL, 1391 NULL); 1392 if (length) 1393 goto out; 1394 1395 length = -EINVAL; 1396 if (sscanf(page, "%d", &new_value) != 1) 1397 goto out; 1398 1399 length = 0; 1400 if (new_value && fsi->bool_pending_values) 1401 length = security_set_bools(fsi->state, fsi->bool_num, 1402 fsi->bool_pending_values); 1403 1404 if (!length) 1405 length = count; 1406 1407out: 1408 mutex_unlock(&fsi->state->policy_mutex); 1409 kfree(page); 1410 return length; 1411} 1412 1413static const struct file_operations sel_commit_bools_ops = { 1414 .write = sel_commit_bools_write, 1415 .llseek = generic_file_llseek, 1416}; 1417 1418static void sel_remove_entries(struct dentry *de) 1419{ 1420 d_genocide(de); 1421 shrink_dcache_parent(de); 1422} 1423 1424static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_dir, 1425 unsigned int *bool_num, char ***bool_pending_names, 1426 unsigned int **bool_pending_values) 1427{ 1428 int ret; 1429 ssize_t len; 1430 struct dentry *dentry = NULL; 1431 struct inode *inode = NULL; 1432 struct inode_security_struct *isec; 1433 char **names = NULL, *page; 1434 u32 i, num; 1435 int *values = NULL; 1436 u32 sid; 1437 1438 ret = -ENOMEM; 1439 page = (char *)get_zeroed_page(GFP_KERNEL); 1440 if (!page) 1441 goto out; 1442 1443 ret = security_get_bools(newpolicy, &num, &names, &values); 1444 if (ret) 1445 goto out; 1446 1447 for (i = 0; i < num; i++) { 1448 ret = -ENOMEM; 1449 dentry = d_alloc_name(bool_dir, names[i]); 1450 if (!dentry) 1451 goto out; 1452 1453 ret = -ENOMEM; 1454 inode = sel_make_inode(bool_dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR); 1455 if (!inode) { 1456 dput(dentry); 1457 goto out; 1458 } 1459 1460 ret = -ENAMETOOLONG; 1461 len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]); 1462 if (len >= PAGE_SIZE) { 1463 dput(dentry); 1464 iput(inode); 1465 goto out; 1466 } 1467 1468 isec = selinux_inode(inode); 1469 ret = selinux_policy_genfs_sid(newpolicy, "selinuxfs", page, 1470 SECCLASS_FILE, &sid); 1471 if (ret) { 1472 pr_warn_ratelimited("SELinux: no sid found, defaulting to security isid for %s\n", 1473 page); 1474 sid = SECINITSID_SECURITY; 1475 } 1476 1477 isec->sid = sid; 1478 isec->initialized = LABEL_INITIALIZED; 1479 inode->i_fop = &sel_bool_ops; 1480 inode->i_ino = i|SEL_BOOL_INO_OFFSET; 1481 d_add(dentry, inode); 1482 } 1483 *bool_num = num; 1484 *bool_pending_names = names; 1485 *bool_pending_values = values; 1486 1487 free_page((unsigned long)page); 1488 return 0; 1489out: 1490 free_page((unsigned long)page); 1491 1492 if (names) { 1493 for (i = 0; i < num; i++) 1494 kfree(names[i]); 1495 kfree(names); 1496 } 1497 kfree(values); 1498 sel_remove_entries(bool_dir); 1499 1500 return ret; 1501} 1502 1503static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf, 1504 size_t count, loff_t *ppos) 1505{ 1506 struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info; 1507 struct selinux_state *state = fsi->state; 1508 char tmpbuf[TMPBUFLEN]; 1509 ssize_t length; 1510 1511 length = scnprintf(tmpbuf, TMPBUFLEN, "%u", 1512 avc_get_cache_threshold(state->avc)); 1513 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 1514} 1515 1516static ssize_t sel_write_avc_cache_threshold(struct file *file, 1517 const char __user *buf, 1518 size_t count, loff_t *ppos) 1519 1520{ 1521 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 1522 struct selinux_state *state = fsi->state; 1523 char *page; 1524 ssize_t ret; 1525 unsigned int new_value; 1526 1527 ret = avc_has_perm(&selinux_state, 1528 current_sid(), SECINITSID_SECURITY, 1529 SECCLASS_SECURITY, SECURITY__SETSECPARAM, 1530 NULL); 1531 if (ret) 1532 return ret; 1533 1534 if (count >= PAGE_SIZE) 1535 return -ENOMEM; 1536 1537 /* No partial writes. */ 1538 if (*ppos != 0) 1539 return -EINVAL; 1540 1541 page = memdup_user_nul(buf, count); 1542 if (IS_ERR(page)) 1543 return PTR_ERR(page); 1544 1545 ret = -EINVAL; 1546 if (sscanf(page, "%u", &new_value) != 1) 1547 goto out; 1548 1549 avc_set_cache_threshold(state->avc, new_value); 1550 1551 ret = count; 1552out: 1553 kfree(page); 1554 return ret; 1555} 1556 1557static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf, 1558 size_t count, loff_t *ppos) 1559{ 1560 struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info; 1561 struct selinux_state *state = fsi->state; 1562 char *page; 1563 ssize_t length; 1564 1565 page = (char *)__get_free_page(GFP_KERNEL); 1566 if (!page) 1567 return -ENOMEM; 1568 1569 length = avc_get_hash_stats(state->avc, page); 1570 if (length >= 0) 1571 length = simple_read_from_buffer(buf, count, ppos, page, length); 1572 free_page((unsigned long)page); 1573 1574 return length; 1575} 1576 1577static ssize_t sel_read_sidtab_hash_stats(struct file *filp, char __user *buf, 1578 size_t count, loff_t *ppos) 1579{ 1580 struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info; 1581 struct selinux_state *state = fsi->state; 1582 char *page; 1583 ssize_t length; 1584 1585 page = (char *)__get_free_page(GFP_KERNEL); 1586 if (!page) 1587 return -ENOMEM; 1588 1589 length = security_sidtab_hash_stats(state, page); 1590 if (length >= 0) 1591 length = simple_read_from_buffer(buf, count, ppos, page, 1592 length); 1593 free_page((unsigned long)page); 1594 1595 return length; 1596} 1597 1598static const struct file_operations sel_sidtab_hash_stats_ops = { 1599 .read = sel_read_sidtab_hash_stats, 1600 .llseek = generic_file_llseek, 1601}; 1602 1603static const struct file_operations sel_avc_cache_threshold_ops = { 1604 .read = sel_read_avc_cache_threshold, 1605 .write = sel_write_avc_cache_threshold, 1606 .llseek = generic_file_llseek, 1607}; 1608 1609static const struct file_operations sel_avc_hash_stats_ops = { 1610 .read = sel_read_avc_hash_stats, 1611 .llseek = generic_file_llseek, 1612}; 1613 1614#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 1615static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx) 1616{ 1617 int cpu; 1618 1619 for (cpu = *idx; cpu < nr_cpu_ids; ++cpu) { 1620 if (!cpu_possible(cpu)) 1621 continue; 1622 *idx = cpu + 1; 1623 return &per_cpu(avc_cache_stats, cpu); 1624 } 1625 (*idx)++; 1626 return NULL; 1627} 1628 1629static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos) 1630{ 1631 loff_t n = *pos - 1; 1632 1633 if (*pos == 0) 1634 return SEQ_START_TOKEN; 1635 1636 return sel_avc_get_stat_idx(&n); 1637} 1638 1639static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos) 1640{ 1641 return sel_avc_get_stat_idx(pos); 1642} 1643 1644static int sel_avc_stats_seq_show(struct seq_file *seq, void *v) 1645{ 1646 struct avc_cache_stats *st = v; 1647 1648 if (v == SEQ_START_TOKEN) { 1649 seq_puts(seq, 1650 "lookups hits misses allocations reclaims frees\n"); 1651 } else { 1652 unsigned int lookups = st->lookups; 1653 unsigned int misses = st->misses; 1654 unsigned int hits = lookups - misses; 1655 seq_printf(seq, "%u %u %u %u %u %u\n", lookups, 1656 hits, misses, st->allocations, 1657 st->reclaims, st->frees); 1658 } 1659 return 0; 1660} 1661 1662static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v) 1663{ } 1664 1665static const struct seq_operations sel_avc_cache_stats_seq_ops = { 1666 .start = sel_avc_stats_seq_start, 1667 .next = sel_avc_stats_seq_next, 1668 .show = sel_avc_stats_seq_show, 1669 .stop = sel_avc_stats_seq_stop, 1670}; 1671 1672static int sel_open_avc_cache_stats(struct inode *inode, struct file *file) 1673{ 1674 return seq_open(file, &sel_avc_cache_stats_seq_ops); 1675} 1676 1677static const struct file_operations sel_avc_cache_stats_ops = { 1678 .open = sel_open_avc_cache_stats, 1679 .read = seq_read, 1680 .llseek = seq_lseek, 1681 .release = seq_release, 1682}; 1683#endif 1684 1685static int sel_make_avc_files(struct dentry *dir) 1686{ 1687 struct super_block *sb = dir->d_sb; 1688 struct selinux_fs_info *fsi = sb->s_fs_info; 1689 int i; 1690 static const struct tree_descr files[] = { 1691 { "cache_threshold", 1692 &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR }, 1693 { "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO }, 1694#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 1695 { "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO }, 1696#endif 1697 }; 1698 1699 for (i = 0; i < ARRAY_SIZE(files); i++) { 1700 struct inode *inode; 1701 struct dentry *dentry; 1702 1703 dentry = d_alloc_name(dir, files[i].name); 1704 if (!dentry) 1705 return -ENOMEM; 1706 1707 inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode); 1708 if (!inode) { 1709 dput(dentry); 1710 return -ENOMEM; 1711 } 1712 1713 inode->i_fop = files[i].ops; 1714 inode->i_ino = ++fsi->last_ino; 1715 d_add(dentry, inode); 1716 } 1717 1718 return 0; 1719} 1720 1721static int sel_make_ss_files(struct dentry *dir) 1722{ 1723 struct super_block *sb = dir->d_sb; 1724 struct selinux_fs_info *fsi = sb->s_fs_info; 1725 int i; 1726 static struct tree_descr files[] = { 1727 { "sidtab_hash_stats", &sel_sidtab_hash_stats_ops, S_IRUGO }, 1728 }; 1729 1730 for (i = 0; i < ARRAY_SIZE(files); i++) { 1731 struct inode *inode; 1732 struct dentry *dentry; 1733 1734 dentry = d_alloc_name(dir, files[i].name); 1735 if (!dentry) 1736 return -ENOMEM; 1737 1738 inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode); 1739 if (!inode) { 1740 dput(dentry); 1741 return -ENOMEM; 1742 } 1743 1744 inode->i_fop = files[i].ops; 1745 inode->i_ino = ++fsi->last_ino; 1746 d_add(dentry, inode); 1747 } 1748 1749 return 0; 1750} 1751 1752static ssize_t sel_read_initcon(struct file *file, char __user *buf, 1753 size_t count, loff_t *ppos) 1754{ 1755 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 1756 char *con; 1757 u32 sid, len; 1758 ssize_t ret; 1759 1760 sid = file_inode(file)->i_ino&SEL_INO_MASK; 1761 ret = security_sid_to_context(fsi->state, sid, &con, &len); 1762 if (ret) 1763 return ret; 1764 1765 ret = simple_read_from_buffer(buf, count, ppos, con, len); 1766 kfree(con); 1767 return ret; 1768} 1769 1770static const struct file_operations sel_initcon_ops = { 1771 .read = sel_read_initcon, 1772 .llseek = generic_file_llseek, 1773}; 1774 1775static int sel_make_initcon_files(struct dentry *dir) 1776{ 1777 int i; 1778 1779 for (i = 1; i <= SECINITSID_NUM; i++) { 1780 struct inode *inode; 1781 struct dentry *dentry; 1782 const char *s = security_get_initial_sid_context(i); 1783 1784 if (!s) 1785 continue; 1786 dentry = d_alloc_name(dir, s); 1787 if (!dentry) 1788 return -ENOMEM; 1789 1790 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1791 if (!inode) { 1792 dput(dentry); 1793 return -ENOMEM; 1794 } 1795 1796 inode->i_fop = &sel_initcon_ops; 1797 inode->i_ino = i|SEL_INITCON_INO_OFFSET; 1798 d_add(dentry, inode); 1799 } 1800 1801 return 0; 1802} 1803 1804static inline unsigned long sel_class_to_ino(u16 class) 1805{ 1806 return (class * (SEL_VEC_MAX + 1)) | SEL_CLASS_INO_OFFSET; 1807} 1808 1809static inline u16 sel_ino_to_class(unsigned long ino) 1810{ 1811 return (ino & SEL_INO_MASK) / (SEL_VEC_MAX + 1); 1812} 1813 1814static inline unsigned long sel_perm_to_ino(u16 class, u32 perm) 1815{ 1816 return (class * (SEL_VEC_MAX + 1) + perm) | SEL_CLASS_INO_OFFSET; 1817} 1818 1819static inline u32 sel_ino_to_perm(unsigned long ino) 1820{ 1821 return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1); 1822} 1823 1824static ssize_t sel_read_class(struct file *file, char __user *buf, 1825 size_t count, loff_t *ppos) 1826{ 1827 unsigned long ino = file_inode(file)->i_ino; 1828 char res[TMPBUFLEN]; 1829 ssize_t len = scnprintf(res, sizeof(res), "%d", sel_ino_to_class(ino)); 1830 return simple_read_from_buffer(buf, count, ppos, res, len); 1831} 1832 1833static const struct file_operations sel_class_ops = { 1834 .read = sel_read_class, 1835 .llseek = generic_file_llseek, 1836}; 1837 1838static ssize_t sel_read_perm(struct file *file, char __user *buf, 1839 size_t count, loff_t *ppos) 1840{ 1841 unsigned long ino = file_inode(file)->i_ino; 1842 char res[TMPBUFLEN]; 1843 ssize_t len = scnprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino)); 1844 return simple_read_from_buffer(buf, count, ppos, res, len); 1845} 1846 1847static const struct file_operations sel_perm_ops = { 1848 .read = sel_read_perm, 1849 .llseek = generic_file_llseek, 1850}; 1851 1852static ssize_t sel_read_policycap(struct file *file, char __user *buf, 1853 size_t count, loff_t *ppos) 1854{ 1855 struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; 1856 int value; 1857 char tmpbuf[TMPBUFLEN]; 1858 ssize_t length; 1859 unsigned long i_ino = file_inode(file)->i_ino; 1860 1861 value = security_policycap_supported(fsi->state, i_ino & SEL_INO_MASK); 1862 length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value); 1863 1864 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 1865} 1866 1867static const struct file_operations sel_policycap_ops = { 1868 .read = sel_read_policycap, 1869 .llseek = generic_file_llseek, 1870}; 1871 1872static int sel_make_perm_files(struct selinux_policy *newpolicy, 1873 char *objclass, int classvalue, 1874 struct dentry *dir) 1875{ 1876 int i, rc, nperms; 1877 char **perms; 1878 1879 rc = security_get_permissions(newpolicy, objclass, &perms, &nperms); 1880 if (rc) 1881 return rc; 1882 1883 for (i = 0; i < nperms; i++) { 1884 struct inode *inode; 1885 struct dentry *dentry; 1886 1887 rc = -ENOMEM; 1888 dentry = d_alloc_name(dir, perms[i]); 1889 if (!dentry) 1890 goto out; 1891 1892 rc = -ENOMEM; 1893 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1894 if (!inode) { 1895 dput(dentry); 1896 goto out; 1897 } 1898 1899 inode->i_fop = &sel_perm_ops; 1900 /* i+1 since perm values are 1-indexed */ 1901 inode->i_ino = sel_perm_to_ino(classvalue, i + 1); 1902 d_add(dentry, inode); 1903 } 1904 rc = 0; 1905out: 1906 for (i = 0; i < nperms; i++) 1907 kfree(perms[i]); 1908 kfree(perms); 1909 return rc; 1910} 1911 1912static int sel_make_class_dir_entries(struct selinux_policy *newpolicy, 1913 char *classname, int index, 1914 struct dentry *dir) 1915{ 1916 struct super_block *sb = dir->d_sb; 1917 struct selinux_fs_info *fsi = sb->s_fs_info; 1918 struct dentry *dentry = NULL; 1919 struct inode *inode = NULL; 1920 int rc; 1921 1922 dentry = d_alloc_name(dir, "index"); 1923 if (!dentry) 1924 return -ENOMEM; 1925 1926 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); 1927 if (!inode) { 1928 dput(dentry); 1929 return -ENOMEM; 1930 } 1931 1932 inode->i_fop = &sel_class_ops; 1933 inode->i_ino = sel_class_to_ino(index); 1934 d_add(dentry, inode); 1935 1936 dentry = sel_make_dir(dir, "perms", &fsi->last_class_ino); 1937 if (IS_ERR(dentry)) 1938 return PTR_ERR(dentry); 1939 1940 rc = sel_make_perm_files(newpolicy, classname, index, dentry); 1941 1942 return rc; 1943} 1944 1945static int sel_make_classes(struct selinux_policy *newpolicy, 1946 struct dentry *class_dir, 1947 unsigned long *last_class_ino) 1948{ 1949 1950 int rc, nclasses, i; 1951 char **classes; 1952 1953 rc = security_get_classes(newpolicy, &classes, &nclasses); 1954 if (rc) 1955 return rc; 1956 1957 /* +2 since classes are 1-indexed */ 1958 *last_class_ino = sel_class_to_ino(nclasses + 2); 1959 1960 for (i = 0; i < nclasses; i++) { 1961 struct dentry *class_name_dir; 1962 1963 class_name_dir = sel_make_dir(class_dir, classes[i], 1964 last_class_ino); 1965 if (IS_ERR(class_name_dir)) { 1966 rc = PTR_ERR(class_name_dir); 1967 goto out; 1968 } 1969 1970 /* i+1 since class values are 1-indexed */ 1971 rc = sel_make_class_dir_entries(newpolicy, classes[i], i + 1, 1972 class_name_dir); 1973 if (rc) 1974 goto out; 1975 } 1976 rc = 0; 1977out: 1978 for (i = 0; i < nclasses; i++) 1979 kfree(classes[i]); 1980 kfree(classes); 1981 return rc; 1982} 1983 1984static int sel_make_policycap(struct selinux_fs_info *fsi) 1985{ 1986 unsigned int iter; 1987 struct dentry *dentry = NULL; 1988 struct inode *inode = NULL; 1989 1990 for (iter = 0; iter <= POLICYDB_CAP_MAX; iter++) { 1991 if (iter < ARRAY_SIZE(selinux_policycap_names)) 1992 dentry = d_alloc_name(fsi->policycap_dir, 1993 selinux_policycap_names[iter]); 1994 else 1995 dentry = d_alloc_name(fsi->policycap_dir, "unknown"); 1996 1997 if (dentry == NULL) 1998 return -ENOMEM; 1999 2000 inode = sel_make_inode(fsi->sb, S_IFREG | 0444); 2001 if (inode == NULL) { 2002 dput(dentry); 2003 return -ENOMEM; 2004 } 2005 2006 inode->i_fop = &sel_policycap_ops; 2007 inode->i_ino = iter | SEL_POLICYCAP_INO_OFFSET; 2008 d_add(dentry, inode); 2009 } 2010 2011 return 0; 2012} 2013 2014static struct dentry *sel_make_dir(struct dentry *dir, const char *name, 2015 unsigned long *ino) 2016{ 2017 struct dentry *dentry = d_alloc_name(dir, name); 2018 struct inode *inode; 2019 2020 if (!dentry) 2021 return ERR_PTR(-ENOMEM); 2022 2023 inode = sel_make_inode(dir->d_sb, S_IFDIR | S_IRUGO | S_IXUGO); 2024 if (!inode) { 2025 dput(dentry); 2026 return ERR_PTR(-ENOMEM); 2027 } 2028 2029 inode->i_op = &simple_dir_inode_operations; 2030 inode->i_fop = &simple_dir_operations; 2031 inode->i_ino = ++(*ino); 2032 /* directory inodes start off with i_nlink == 2 (for "." entry) */ 2033 inc_nlink(inode); 2034 d_add(dentry, inode); 2035 /* bump link count on parent directory, too */ 2036 inc_nlink(d_inode(dir)); 2037 2038 return dentry; 2039} 2040 2041static struct dentry *sel_make_disconnected_dir(struct super_block *sb, 2042 unsigned long *ino) 2043{ 2044 struct inode *inode = sel_make_inode(sb, S_IFDIR | S_IRUGO | S_IXUGO); 2045 2046 if (!inode) 2047 return ERR_PTR(-ENOMEM); 2048 2049 inode->i_op = &simple_dir_inode_operations; 2050 inode->i_fop = &simple_dir_operations; 2051 inode->i_ino = ++(*ino); 2052 /* directory inodes start off with i_nlink == 2 (for "." entry) */ 2053 inc_nlink(inode); 2054 return d_obtain_alias(inode); 2055} 2056 2057#define NULL_FILE_NAME "null" 2058 2059static int sel_fill_super(struct super_block *sb, struct fs_context *fc) 2060{ 2061 struct selinux_fs_info *fsi; 2062 int ret; 2063 struct dentry *dentry; 2064 struct inode *inode; 2065 struct inode_security_struct *isec; 2066 2067 static const struct tree_descr selinux_files[] = { 2068 [SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR}, 2069 [SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR}, 2070 [SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO}, 2071 [SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO}, 2072 [SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO}, 2073 [SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO}, 2074 [SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO}, 2075 [SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO}, 2076 [SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR}, 2077 [SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO}, 2078 [SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR}, 2079 [SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO}, 2080 [SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR}, 2081 [SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO}, 2082 [SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO}, 2083 [SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO}, 2084 [SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO}, 2085 [SEL_VALIDATE_TRANS] = {"validatetrans", &sel_transition_ops, 2086 S_IWUGO}, 2087 /* last one */ {""} 2088 }; 2089 2090 ret = selinux_fs_info_create(sb); 2091 if (ret) 2092 goto err; 2093 2094 ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files); 2095 if (ret) 2096 goto err; 2097 2098 fsi = sb->s_fs_info; 2099 fsi->bool_dir = sel_make_dir(sb->s_root, BOOL_DIR_NAME, &fsi->last_ino); 2100 if (IS_ERR(fsi->bool_dir)) { 2101 ret = PTR_ERR(fsi->bool_dir); 2102 fsi->bool_dir = NULL; 2103 goto err; 2104 } 2105 2106 ret = -ENOMEM; 2107 dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME); 2108 if (!dentry) 2109 goto err; 2110 2111 ret = -ENOMEM; 2112 inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO); 2113 if (!inode) { 2114 dput(dentry); 2115 goto err; 2116 } 2117 2118 inode->i_ino = ++fsi->last_ino; 2119 isec = selinux_inode(inode); 2120 isec->sid = SECINITSID_DEVNULL; 2121 isec->sclass = SECCLASS_CHR_FILE; 2122 isec->initialized = LABEL_INITIALIZED; 2123 2124 init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3)); 2125 d_add(dentry, inode); 2126 2127 dentry = sel_make_dir(sb->s_root, "avc", &fsi->last_ino); 2128 if (IS_ERR(dentry)) { 2129 ret = PTR_ERR(dentry); 2130 goto err; 2131 } 2132 2133 ret = sel_make_avc_files(dentry); 2134 if (ret) 2135 goto err; 2136 2137 dentry = sel_make_dir(sb->s_root, "ss", &fsi->last_ino); 2138 if (IS_ERR(dentry)) { 2139 ret = PTR_ERR(dentry); 2140 goto err; 2141 } 2142 2143 ret = sel_make_ss_files(dentry); 2144 if (ret) 2145 goto err; 2146 2147 dentry = sel_make_dir(sb->s_root, "initial_contexts", &fsi->last_ino); 2148 if (IS_ERR(dentry)) { 2149 ret = PTR_ERR(dentry); 2150 goto err; 2151 } 2152 2153 ret = sel_make_initcon_files(dentry); 2154 if (ret) 2155 goto err; 2156 2157 fsi->class_dir = sel_make_dir(sb->s_root, CLASS_DIR_NAME, &fsi->last_ino); 2158 if (IS_ERR(fsi->class_dir)) { 2159 ret = PTR_ERR(fsi->class_dir); 2160 fsi->class_dir = NULL; 2161 goto err; 2162 } 2163 2164 fsi->policycap_dir = sel_make_dir(sb->s_root, POLICYCAP_DIR_NAME, 2165 &fsi->last_ino); 2166 if (IS_ERR(fsi->policycap_dir)) { 2167 ret = PTR_ERR(fsi->policycap_dir); 2168 fsi->policycap_dir = NULL; 2169 goto err; 2170 } 2171 2172 ret = sel_make_policycap(fsi); 2173 if (ret) { 2174 pr_err("SELinux: failed to load policy capabilities\n"); 2175 goto err; 2176 } 2177 2178 return 0; 2179err: 2180 pr_err("SELinux: %s: failed while creating inodes\n", 2181 __func__); 2182 2183 selinux_fs_info_free(sb); 2184 2185 return ret; 2186} 2187 2188static int sel_get_tree(struct fs_context *fc) 2189{ 2190 return get_tree_single(fc, sel_fill_super); 2191} 2192 2193static const struct fs_context_operations sel_context_ops = { 2194 .get_tree = sel_get_tree, 2195}; 2196 2197static int sel_init_fs_context(struct fs_context *fc) 2198{ 2199 fc->ops = &sel_context_ops; 2200 return 0; 2201} 2202 2203static void sel_kill_sb(struct super_block *sb) 2204{ 2205 selinux_fs_info_free(sb); 2206 kill_litter_super(sb); 2207} 2208 2209static struct file_system_type sel_fs_type = { 2210 .name = "selinuxfs", 2211 .init_fs_context = sel_init_fs_context, 2212 .kill_sb = sel_kill_sb, 2213}; 2214 2215static struct vfsmount *selinuxfs_mount __ro_after_init; 2216struct path selinux_null __ro_after_init; 2217 2218static int __init init_sel_fs(void) 2219{ 2220 struct qstr null_name = QSTR_INIT(NULL_FILE_NAME, 2221 sizeof(NULL_FILE_NAME)-1); 2222 int err; 2223 2224 if (!selinux_enabled_boot) 2225 return 0; 2226 2227 err = sysfs_create_mount_point(fs_kobj, "selinux"); 2228 if (err) 2229 return err; 2230 2231 err = register_filesystem(&sel_fs_type); 2232 if (err) { 2233 sysfs_remove_mount_point(fs_kobj, "selinux"); 2234 return err; 2235 } 2236 2237 selinux_null.mnt = selinuxfs_mount = kern_mount(&sel_fs_type); 2238 if (IS_ERR(selinuxfs_mount)) { 2239 pr_err("selinuxfs: could not mount!\n"); 2240 err = PTR_ERR(selinuxfs_mount); 2241 selinuxfs_mount = NULL; 2242 } 2243 selinux_null.dentry = d_hash_and_lookup(selinux_null.mnt->mnt_root, 2244 &null_name); 2245 if (IS_ERR(selinux_null.dentry)) { 2246 pr_err("selinuxfs: could not lookup null!\n"); 2247 err = PTR_ERR(selinux_null.dentry); 2248 selinux_null.dentry = NULL; 2249 } 2250 2251 return err; 2252} 2253 2254__initcall(init_sel_fs); 2255 2256#ifdef CONFIG_SECURITY_SELINUX_DISABLE 2257void exit_sel_fs(void) 2258{ 2259 sysfs_remove_mount_point(fs_kobj, "selinux"); 2260 dput(selinux_null.dentry); 2261 kern_unmount(selinuxfs_mount); 2262 unregister_filesystem(&sel_fs_type); 2263} 2264#endif