1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0-only
2*4882a593Smuzhiyun /* Updated: Karl MacMillan <kmacmillan@tresys.com>
3*4882a593Smuzhiyun *
4*4882a593Smuzhiyun * Added conditional policy language extensions
5*4882a593Smuzhiyun *
6*4882a593Smuzhiyun * Updated: Hewlett-Packard <paul@paul-moore.com>
7*4882a593Smuzhiyun *
8*4882a593Smuzhiyun * Added support for the policy capability bitmap
9*4882a593Smuzhiyun *
10*4882a593Smuzhiyun * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
11*4882a593Smuzhiyun * Copyright (C) 2003 - 2004 Tresys Technology, LLC
12*4882a593Smuzhiyun * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
13*4882a593Smuzhiyun */
14*4882a593Smuzhiyun
15*4882a593Smuzhiyun #include <linux/kernel.h>
16*4882a593Smuzhiyun #include <linux/pagemap.h>
17*4882a593Smuzhiyun #include <linux/slab.h>
18*4882a593Smuzhiyun #include <linux/vmalloc.h>
19*4882a593Smuzhiyun #include <linux/fs.h>
20*4882a593Smuzhiyun #include <linux/fs_context.h>
21*4882a593Smuzhiyun #include <linux/mount.h>
22*4882a593Smuzhiyun #include <linux/mutex.h>
23*4882a593Smuzhiyun #include <linux/namei.h>
24*4882a593Smuzhiyun #include <linux/init.h>
25*4882a593Smuzhiyun #include <linux/string.h>
26*4882a593Smuzhiyun #include <linux/security.h>
27*4882a593Smuzhiyun #include <linux/major.h>
28*4882a593Smuzhiyun #include <linux/seq_file.h>
29*4882a593Smuzhiyun #include <linux/percpu.h>
30*4882a593Smuzhiyun #include <linux/audit.h>
31*4882a593Smuzhiyun #include <linux/uaccess.h>
32*4882a593Smuzhiyun #include <linux/kobject.h>
33*4882a593Smuzhiyun #include <linux/ctype.h>
34*4882a593Smuzhiyun
35*4882a593Smuzhiyun /* selinuxfs pseudo filesystem for exporting the security policy API.
36*4882a593Smuzhiyun Based on the proc code and the fs/nfsd/nfsctl.c code. */
37*4882a593Smuzhiyun
38*4882a593Smuzhiyun #include "flask.h"
39*4882a593Smuzhiyun #include "avc.h"
40*4882a593Smuzhiyun #include "avc_ss.h"
41*4882a593Smuzhiyun #include "security.h"
42*4882a593Smuzhiyun #include "objsec.h"
43*4882a593Smuzhiyun #include "conditional.h"
44*4882a593Smuzhiyun
45*4882a593Smuzhiyun enum sel_inos {
46*4882a593Smuzhiyun SEL_ROOT_INO = 2,
47*4882a593Smuzhiyun SEL_LOAD, /* load policy */
48*4882a593Smuzhiyun SEL_ENFORCE, /* get or set enforcing status */
49*4882a593Smuzhiyun SEL_CONTEXT, /* validate context */
50*4882a593Smuzhiyun SEL_ACCESS, /* compute access decision */
51*4882a593Smuzhiyun SEL_CREATE, /* compute create labeling decision */
52*4882a593Smuzhiyun SEL_RELABEL, /* compute relabeling decision */
53*4882a593Smuzhiyun SEL_USER, /* compute reachable user contexts */
54*4882a593Smuzhiyun SEL_POLICYVERS, /* return policy version for this kernel */
55*4882a593Smuzhiyun SEL_COMMIT_BOOLS, /* commit new boolean values */
56*4882a593Smuzhiyun SEL_MLS, /* return if MLS policy is enabled */
57*4882a593Smuzhiyun SEL_DISABLE, /* disable SELinux until next reboot */
58*4882a593Smuzhiyun SEL_MEMBER, /* compute polyinstantiation membership decision */
59*4882a593Smuzhiyun SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */
60*4882a593Smuzhiyun SEL_COMPAT_NET, /* whether to use old compat network packet controls */
61*4882a593Smuzhiyun SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */
62*4882a593Smuzhiyun SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */
63*4882a593Smuzhiyun SEL_STATUS, /* export current status using mmap() */
64*4882a593Smuzhiyun SEL_POLICY, /* allow userspace to read the in kernel policy */
65*4882a593Smuzhiyun SEL_VALIDATE_TRANS, /* compute validatetrans decision */
66*4882a593Smuzhiyun SEL_INO_NEXT, /* The next inode number to use */
67*4882a593Smuzhiyun };
68*4882a593Smuzhiyun
69*4882a593Smuzhiyun struct selinux_fs_info {
70*4882a593Smuzhiyun struct dentry *bool_dir;
71*4882a593Smuzhiyun unsigned int bool_num;
72*4882a593Smuzhiyun char **bool_pending_names;
73*4882a593Smuzhiyun unsigned int *bool_pending_values;
74*4882a593Smuzhiyun struct dentry *class_dir;
75*4882a593Smuzhiyun unsigned long last_class_ino;
76*4882a593Smuzhiyun bool policy_opened;
77*4882a593Smuzhiyun struct dentry *policycap_dir;
78*4882a593Smuzhiyun unsigned long last_ino;
79*4882a593Smuzhiyun struct selinux_state *state;
80*4882a593Smuzhiyun struct super_block *sb;
81*4882a593Smuzhiyun };
82*4882a593Smuzhiyun
selinux_fs_info_create(struct super_block * sb)83*4882a593Smuzhiyun static int selinux_fs_info_create(struct super_block *sb)
84*4882a593Smuzhiyun {
85*4882a593Smuzhiyun struct selinux_fs_info *fsi;
86*4882a593Smuzhiyun
87*4882a593Smuzhiyun fsi = kzalloc(sizeof(*fsi), GFP_KERNEL);
88*4882a593Smuzhiyun if (!fsi)
89*4882a593Smuzhiyun return -ENOMEM;
90*4882a593Smuzhiyun
91*4882a593Smuzhiyun fsi->last_ino = SEL_INO_NEXT - 1;
92*4882a593Smuzhiyun fsi->state = &selinux_state;
93*4882a593Smuzhiyun fsi->sb = sb;
94*4882a593Smuzhiyun sb->s_fs_info = fsi;
95*4882a593Smuzhiyun return 0;
96*4882a593Smuzhiyun }
97*4882a593Smuzhiyun
selinux_fs_info_free(struct super_block * sb)98*4882a593Smuzhiyun static void selinux_fs_info_free(struct super_block *sb)
99*4882a593Smuzhiyun {
100*4882a593Smuzhiyun struct selinux_fs_info *fsi = sb->s_fs_info;
101*4882a593Smuzhiyun int i;
102*4882a593Smuzhiyun
103*4882a593Smuzhiyun if (fsi) {
104*4882a593Smuzhiyun for (i = 0; i < fsi->bool_num; i++)
105*4882a593Smuzhiyun kfree(fsi->bool_pending_names[i]);
106*4882a593Smuzhiyun kfree(fsi->bool_pending_names);
107*4882a593Smuzhiyun kfree(fsi->bool_pending_values);
108*4882a593Smuzhiyun }
109*4882a593Smuzhiyun kfree(sb->s_fs_info);
110*4882a593Smuzhiyun sb->s_fs_info = NULL;
111*4882a593Smuzhiyun }
112*4882a593Smuzhiyun
113*4882a593Smuzhiyun #define SEL_INITCON_INO_OFFSET 0x01000000
114*4882a593Smuzhiyun #define SEL_BOOL_INO_OFFSET 0x02000000
115*4882a593Smuzhiyun #define SEL_CLASS_INO_OFFSET 0x04000000
116*4882a593Smuzhiyun #define SEL_POLICYCAP_INO_OFFSET 0x08000000
117*4882a593Smuzhiyun #define SEL_INO_MASK 0x00ffffff
118*4882a593Smuzhiyun
119*4882a593Smuzhiyun #define BOOL_DIR_NAME "booleans"
120*4882a593Smuzhiyun #define CLASS_DIR_NAME "class"
121*4882a593Smuzhiyun #define POLICYCAP_DIR_NAME "policy_capabilities"
122*4882a593Smuzhiyun
123*4882a593Smuzhiyun #define TMPBUFLEN 12
sel_read_enforce(struct file * filp,char __user * buf,size_t count,loff_t * ppos)124*4882a593Smuzhiyun static ssize_t sel_read_enforce(struct file *filp, char __user *buf,
125*4882a593Smuzhiyun size_t count, loff_t *ppos)
126*4882a593Smuzhiyun {
127*4882a593Smuzhiyun struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
128*4882a593Smuzhiyun char tmpbuf[TMPBUFLEN];
129*4882a593Smuzhiyun ssize_t length;
130*4882a593Smuzhiyun
131*4882a593Smuzhiyun length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
132*4882a593Smuzhiyun enforcing_enabled(fsi->state));
133*4882a593Smuzhiyun return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
134*4882a593Smuzhiyun }
135*4882a593Smuzhiyun
136*4882a593Smuzhiyun #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
sel_write_enforce(struct file * file,const char __user * buf,size_t count,loff_t * ppos)137*4882a593Smuzhiyun static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
138*4882a593Smuzhiyun size_t count, loff_t *ppos)
139*4882a593Smuzhiyun
140*4882a593Smuzhiyun {
141*4882a593Smuzhiyun struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
142*4882a593Smuzhiyun struct selinux_state *state = fsi->state;
143*4882a593Smuzhiyun char *page = NULL;
144*4882a593Smuzhiyun ssize_t length;
145*4882a593Smuzhiyun int old_value, new_value;
146*4882a593Smuzhiyun
147*4882a593Smuzhiyun if (count >= PAGE_SIZE)
148*4882a593Smuzhiyun return -ENOMEM;
149*4882a593Smuzhiyun
150*4882a593Smuzhiyun /* No partial writes. */
151*4882a593Smuzhiyun if (*ppos != 0)
152*4882a593Smuzhiyun return -EINVAL;
153*4882a593Smuzhiyun
154*4882a593Smuzhiyun page = memdup_user_nul(buf, count);
155*4882a593Smuzhiyun if (IS_ERR(page))
156*4882a593Smuzhiyun return PTR_ERR(page);
157*4882a593Smuzhiyun
158*4882a593Smuzhiyun length = -EINVAL;
159*4882a593Smuzhiyun if (sscanf(page, "%d", &new_value) != 1)
160*4882a593Smuzhiyun goto out;
161*4882a593Smuzhiyun
162*4882a593Smuzhiyun new_value = !!new_value;
163*4882a593Smuzhiyun
164*4882a593Smuzhiyun old_value = enforcing_enabled(state);
165*4882a593Smuzhiyun if (new_value != old_value) {
166*4882a593Smuzhiyun length = avc_has_perm(&selinux_state,
167*4882a593Smuzhiyun current_sid(), SECINITSID_SECURITY,
168*4882a593Smuzhiyun SECCLASS_SECURITY, SECURITY__SETENFORCE,
169*4882a593Smuzhiyun NULL);
170*4882a593Smuzhiyun if (length)
171*4882a593Smuzhiyun goto out;
172*4882a593Smuzhiyun audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS,
173*4882a593Smuzhiyun "enforcing=%d old_enforcing=%d auid=%u ses=%u"
174*4882a593Smuzhiyun " enabled=1 old-enabled=1 lsm=selinux res=1",
175*4882a593Smuzhiyun new_value, old_value,
176*4882a593Smuzhiyun from_kuid(&init_user_ns, audit_get_loginuid(current)),
177*4882a593Smuzhiyun audit_get_sessionid(current));
178*4882a593Smuzhiyun enforcing_set(state, new_value);
179*4882a593Smuzhiyun if (new_value)
180*4882a593Smuzhiyun avc_ss_reset(state->avc, 0);
181*4882a593Smuzhiyun selnl_notify_setenforce(new_value);
182*4882a593Smuzhiyun selinux_status_update_setenforce(state, new_value);
183*4882a593Smuzhiyun if (!new_value)
184*4882a593Smuzhiyun call_blocking_lsm_notifier(LSM_POLICY_CHANGE, NULL);
185*4882a593Smuzhiyun }
186*4882a593Smuzhiyun length = count;
187*4882a593Smuzhiyun out:
188*4882a593Smuzhiyun kfree(page);
189*4882a593Smuzhiyun return length;
190*4882a593Smuzhiyun }
191*4882a593Smuzhiyun #else
192*4882a593Smuzhiyun #define sel_write_enforce NULL
193*4882a593Smuzhiyun #endif
194*4882a593Smuzhiyun
195*4882a593Smuzhiyun static const struct file_operations sel_enforce_ops = {
196*4882a593Smuzhiyun .read = sel_read_enforce,
197*4882a593Smuzhiyun .write = sel_write_enforce,
198*4882a593Smuzhiyun .llseek = generic_file_llseek,
199*4882a593Smuzhiyun };
200*4882a593Smuzhiyun
sel_read_handle_unknown(struct file * filp,char __user * buf,size_t count,loff_t * ppos)201*4882a593Smuzhiyun static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf,
202*4882a593Smuzhiyun size_t count, loff_t *ppos)
203*4882a593Smuzhiyun {
204*4882a593Smuzhiyun struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
205*4882a593Smuzhiyun struct selinux_state *state = fsi->state;
206*4882a593Smuzhiyun char tmpbuf[TMPBUFLEN];
207*4882a593Smuzhiyun ssize_t length;
208*4882a593Smuzhiyun ino_t ino = file_inode(filp)->i_ino;
209*4882a593Smuzhiyun int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ?
210*4882a593Smuzhiyun security_get_reject_unknown(state) :
211*4882a593Smuzhiyun !security_get_allow_unknown(state);
212*4882a593Smuzhiyun
213*4882a593Smuzhiyun length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown);
214*4882a593Smuzhiyun return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
215*4882a593Smuzhiyun }
216*4882a593Smuzhiyun
217*4882a593Smuzhiyun static const struct file_operations sel_handle_unknown_ops = {
218*4882a593Smuzhiyun .read = sel_read_handle_unknown,
219*4882a593Smuzhiyun .llseek = generic_file_llseek,
220*4882a593Smuzhiyun };
221*4882a593Smuzhiyun
sel_open_handle_status(struct inode * inode,struct file * filp)222*4882a593Smuzhiyun static int sel_open_handle_status(struct inode *inode, struct file *filp)
223*4882a593Smuzhiyun {
224*4882a593Smuzhiyun struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
225*4882a593Smuzhiyun struct page *status = selinux_kernel_status_page(fsi->state);
226*4882a593Smuzhiyun
227*4882a593Smuzhiyun if (!status)
228*4882a593Smuzhiyun return -ENOMEM;
229*4882a593Smuzhiyun
230*4882a593Smuzhiyun filp->private_data = status;
231*4882a593Smuzhiyun
232*4882a593Smuzhiyun return 0;
233*4882a593Smuzhiyun }
234*4882a593Smuzhiyun
sel_read_handle_status(struct file * filp,char __user * buf,size_t count,loff_t * ppos)235*4882a593Smuzhiyun static ssize_t sel_read_handle_status(struct file *filp, char __user *buf,
236*4882a593Smuzhiyun size_t count, loff_t *ppos)
237*4882a593Smuzhiyun {
238*4882a593Smuzhiyun struct page *status = filp->private_data;
239*4882a593Smuzhiyun
240*4882a593Smuzhiyun BUG_ON(!status);
241*4882a593Smuzhiyun
242*4882a593Smuzhiyun return simple_read_from_buffer(buf, count, ppos,
243*4882a593Smuzhiyun page_address(status),
244*4882a593Smuzhiyun sizeof(struct selinux_kernel_status));
245*4882a593Smuzhiyun }
246*4882a593Smuzhiyun
sel_mmap_handle_status(struct file * filp,struct vm_area_struct * vma)247*4882a593Smuzhiyun static int sel_mmap_handle_status(struct file *filp,
248*4882a593Smuzhiyun struct vm_area_struct *vma)
249*4882a593Smuzhiyun {
250*4882a593Smuzhiyun struct page *status = filp->private_data;
251*4882a593Smuzhiyun unsigned long size = vma->vm_end - vma->vm_start;
252*4882a593Smuzhiyun
253*4882a593Smuzhiyun BUG_ON(!status);
254*4882a593Smuzhiyun
255*4882a593Smuzhiyun /* only allows one page from the head */
256*4882a593Smuzhiyun if (vma->vm_pgoff > 0 || size != PAGE_SIZE)
257*4882a593Smuzhiyun return -EIO;
258*4882a593Smuzhiyun /* disallow writable mapping */
259*4882a593Smuzhiyun if (vma->vm_flags & VM_WRITE)
260*4882a593Smuzhiyun return -EPERM;
261*4882a593Smuzhiyun /* disallow mprotect() turns it into writable */
262*4882a593Smuzhiyun vma->vm_flags &= ~VM_MAYWRITE;
263*4882a593Smuzhiyun
264*4882a593Smuzhiyun return remap_pfn_range(vma, vma->vm_start,
265*4882a593Smuzhiyun page_to_pfn(status),
266*4882a593Smuzhiyun size, vma->vm_page_prot);
267*4882a593Smuzhiyun }
268*4882a593Smuzhiyun
269*4882a593Smuzhiyun static const struct file_operations sel_handle_status_ops = {
270*4882a593Smuzhiyun .open = sel_open_handle_status,
271*4882a593Smuzhiyun .read = sel_read_handle_status,
272*4882a593Smuzhiyun .mmap = sel_mmap_handle_status,
273*4882a593Smuzhiyun .llseek = generic_file_llseek,
274*4882a593Smuzhiyun };
275*4882a593Smuzhiyun
276*4882a593Smuzhiyun #ifdef CONFIG_SECURITY_SELINUX_DISABLE
sel_write_disable(struct file * file,const char __user * buf,size_t count,loff_t * ppos)277*4882a593Smuzhiyun static ssize_t sel_write_disable(struct file *file, const char __user *buf,
278*4882a593Smuzhiyun size_t count, loff_t *ppos)
279*4882a593Smuzhiyun
280*4882a593Smuzhiyun {
281*4882a593Smuzhiyun struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
282*4882a593Smuzhiyun char *page;
283*4882a593Smuzhiyun ssize_t length;
284*4882a593Smuzhiyun int new_value;
285*4882a593Smuzhiyun int enforcing;
286*4882a593Smuzhiyun
287*4882a593Smuzhiyun /* NOTE: we are now officially considering runtime disable as
288*4882a593Smuzhiyun * deprecated, and using it will become increasingly painful
289*4882a593Smuzhiyun * (e.g. sleeping/blocking) as we progress through future
290*4882a593Smuzhiyun * kernel releases until eventually it is removed
291*4882a593Smuzhiyun */
292*4882a593Smuzhiyun pr_err("SELinux: Runtime disable is deprecated, use selinux=0 on the kernel cmdline.\n");
293*4882a593Smuzhiyun
294*4882a593Smuzhiyun if (count >= PAGE_SIZE)
295*4882a593Smuzhiyun return -ENOMEM;
296*4882a593Smuzhiyun
297*4882a593Smuzhiyun /* No partial writes. */
298*4882a593Smuzhiyun if (*ppos != 0)
299*4882a593Smuzhiyun return -EINVAL;
300*4882a593Smuzhiyun
301*4882a593Smuzhiyun page = memdup_user_nul(buf, count);
302*4882a593Smuzhiyun if (IS_ERR(page))
303*4882a593Smuzhiyun return PTR_ERR(page);
304*4882a593Smuzhiyun
305*4882a593Smuzhiyun length = -EINVAL;
306*4882a593Smuzhiyun if (sscanf(page, "%d", &new_value) != 1)
307*4882a593Smuzhiyun goto out;
308*4882a593Smuzhiyun
309*4882a593Smuzhiyun if (new_value) {
310*4882a593Smuzhiyun enforcing = enforcing_enabled(fsi->state);
311*4882a593Smuzhiyun length = selinux_disable(fsi->state);
312*4882a593Smuzhiyun if (length)
313*4882a593Smuzhiyun goto out;
314*4882a593Smuzhiyun audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS,
315*4882a593Smuzhiyun "enforcing=%d old_enforcing=%d auid=%u ses=%u"
316*4882a593Smuzhiyun " enabled=0 old-enabled=1 lsm=selinux res=1",
317*4882a593Smuzhiyun enforcing, enforcing,
318*4882a593Smuzhiyun from_kuid(&init_user_ns, audit_get_loginuid(current)),
319*4882a593Smuzhiyun audit_get_sessionid(current));
320*4882a593Smuzhiyun }
321*4882a593Smuzhiyun
322*4882a593Smuzhiyun length = count;
323*4882a593Smuzhiyun out:
324*4882a593Smuzhiyun kfree(page);
325*4882a593Smuzhiyun return length;
326*4882a593Smuzhiyun }
327*4882a593Smuzhiyun #else
328*4882a593Smuzhiyun #define sel_write_disable NULL
329*4882a593Smuzhiyun #endif
330*4882a593Smuzhiyun
331*4882a593Smuzhiyun static const struct file_operations sel_disable_ops = {
332*4882a593Smuzhiyun .write = sel_write_disable,
333*4882a593Smuzhiyun .llseek = generic_file_llseek,
334*4882a593Smuzhiyun };
335*4882a593Smuzhiyun
sel_read_policyvers(struct file * filp,char __user * buf,size_t count,loff_t * ppos)336*4882a593Smuzhiyun static ssize_t sel_read_policyvers(struct file *filp, char __user *buf,
337*4882a593Smuzhiyun size_t count, loff_t *ppos)
338*4882a593Smuzhiyun {
339*4882a593Smuzhiyun char tmpbuf[TMPBUFLEN];
340*4882a593Smuzhiyun ssize_t length;
341*4882a593Smuzhiyun
342*4882a593Smuzhiyun length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX);
343*4882a593Smuzhiyun return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
344*4882a593Smuzhiyun }
345*4882a593Smuzhiyun
346*4882a593Smuzhiyun static const struct file_operations sel_policyvers_ops = {
347*4882a593Smuzhiyun .read = sel_read_policyvers,
348*4882a593Smuzhiyun .llseek = generic_file_llseek,
349*4882a593Smuzhiyun };
350*4882a593Smuzhiyun
351*4882a593Smuzhiyun /* declaration for sel_write_load */
352*4882a593Smuzhiyun static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_dir,
353*4882a593Smuzhiyun unsigned int *bool_num, char ***bool_pending_names,
354*4882a593Smuzhiyun unsigned int **bool_pending_values);
355*4882a593Smuzhiyun static int sel_make_classes(struct selinux_policy *newpolicy,
356*4882a593Smuzhiyun struct dentry *class_dir,
357*4882a593Smuzhiyun unsigned long *last_class_ino);
358*4882a593Smuzhiyun
359*4882a593Smuzhiyun /* declaration for sel_make_class_dirs */
360*4882a593Smuzhiyun static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
361*4882a593Smuzhiyun unsigned long *ino);
362*4882a593Smuzhiyun
363*4882a593Smuzhiyun /* declaration for sel_make_policy_nodes */
364*4882a593Smuzhiyun static struct dentry *sel_make_disconnected_dir(struct super_block *sb,
365*4882a593Smuzhiyun unsigned long *ino);
366*4882a593Smuzhiyun
367*4882a593Smuzhiyun /* declaration for sel_make_policy_nodes */
368*4882a593Smuzhiyun static void sel_remove_entries(struct dentry *de);
369*4882a593Smuzhiyun
sel_read_mls(struct file * filp,char __user * buf,size_t count,loff_t * ppos)370*4882a593Smuzhiyun static ssize_t sel_read_mls(struct file *filp, char __user *buf,
371*4882a593Smuzhiyun size_t count, loff_t *ppos)
372*4882a593Smuzhiyun {
373*4882a593Smuzhiyun struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
374*4882a593Smuzhiyun char tmpbuf[TMPBUFLEN];
375*4882a593Smuzhiyun ssize_t length;
376*4882a593Smuzhiyun
377*4882a593Smuzhiyun length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
378*4882a593Smuzhiyun security_mls_enabled(fsi->state));
379*4882a593Smuzhiyun return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
380*4882a593Smuzhiyun }
381*4882a593Smuzhiyun
382*4882a593Smuzhiyun static const struct file_operations sel_mls_ops = {
383*4882a593Smuzhiyun .read = sel_read_mls,
384*4882a593Smuzhiyun .llseek = generic_file_llseek,
385*4882a593Smuzhiyun };
386*4882a593Smuzhiyun
387*4882a593Smuzhiyun struct policy_load_memory {
388*4882a593Smuzhiyun size_t len;
389*4882a593Smuzhiyun void *data;
390*4882a593Smuzhiyun };
391*4882a593Smuzhiyun
sel_open_policy(struct inode * inode,struct file * filp)392*4882a593Smuzhiyun static int sel_open_policy(struct inode *inode, struct file *filp)
393*4882a593Smuzhiyun {
394*4882a593Smuzhiyun struct selinux_fs_info *fsi = inode->i_sb->s_fs_info;
395*4882a593Smuzhiyun struct selinux_state *state = fsi->state;
396*4882a593Smuzhiyun struct policy_load_memory *plm = NULL;
397*4882a593Smuzhiyun int rc;
398*4882a593Smuzhiyun
399*4882a593Smuzhiyun BUG_ON(filp->private_data);
400*4882a593Smuzhiyun
401*4882a593Smuzhiyun mutex_lock(&fsi->state->policy_mutex);
402*4882a593Smuzhiyun
403*4882a593Smuzhiyun rc = avc_has_perm(&selinux_state,
404*4882a593Smuzhiyun current_sid(), SECINITSID_SECURITY,
405*4882a593Smuzhiyun SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL);
406*4882a593Smuzhiyun if (rc)
407*4882a593Smuzhiyun goto err;
408*4882a593Smuzhiyun
409*4882a593Smuzhiyun rc = -EBUSY;
410*4882a593Smuzhiyun if (fsi->policy_opened)
411*4882a593Smuzhiyun goto err;
412*4882a593Smuzhiyun
413*4882a593Smuzhiyun rc = -ENOMEM;
414*4882a593Smuzhiyun plm = kzalloc(sizeof(*plm), GFP_KERNEL);
415*4882a593Smuzhiyun if (!plm)
416*4882a593Smuzhiyun goto err;
417*4882a593Smuzhiyun
418*4882a593Smuzhiyun rc = security_read_policy(state, &plm->data, &plm->len);
419*4882a593Smuzhiyun if (rc)
420*4882a593Smuzhiyun goto err;
421*4882a593Smuzhiyun
422*4882a593Smuzhiyun if ((size_t)i_size_read(inode) != plm->len) {
423*4882a593Smuzhiyun inode_lock(inode);
424*4882a593Smuzhiyun i_size_write(inode, plm->len);
425*4882a593Smuzhiyun inode_unlock(inode);
426*4882a593Smuzhiyun }
427*4882a593Smuzhiyun
428*4882a593Smuzhiyun fsi->policy_opened = 1;
429*4882a593Smuzhiyun
430*4882a593Smuzhiyun filp->private_data = plm;
431*4882a593Smuzhiyun
432*4882a593Smuzhiyun mutex_unlock(&fsi->state->policy_mutex);
433*4882a593Smuzhiyun
434*4882a593Smuzhiyun return 0;
435*4882a593Smuzhiyun err:
436*4882a593Smuzhiyun mutex_unlock(&fsi->state->policy_mutex);
437*4882a593Smuzhiyun
438*4882a593Smuzhiyun if (plm)
439*4882a593Smuzhiyun vfree(plm->data);
440*4882a593Smuzhiyun kfree(plm);
441*4882a593Smuzhiyun return rc;
442*4882a593Smuzhiyun }
443*4882a593Smuzhiyun
sel_release_policy(struct inode * inode,struct file * filp)444*4882a593Smuzhiyun static int sel_release_policy(struct inode *inode, struct file *filp)
445*4882a593Smuzhiyun {
446*4882a593Smuzhiyun struct selinux_fs_info *fsi = inode->i_sb->s_fs_info;
447*4882a593Smuzhiyun struct policy_load_memory *plm = filp->private_data;
448*4882a593Smuzhiyun
449*4882a593Smuzhiyun BUG_ON(!plm);
450*4882a593Smuzhiyun
451*4882a593Smuzhiyun fsi->policy_opened = 0;
452*4882a593Smuzhiyun
453*4882a593Smuzhiyun vfree(plm->data);
454*4882a593Smuzhiyun kfree(plm);
455*4882a593Smuzhiyun
456*4882a593Smuzhiyun return 0;
457*4882a593Smuzhiyun }
458*4882a593Smuzhiyun
sel_read_policy(struct file * filp,char __user * buf,size_t count,loff_t * ppos)459*4882a593Smuzhiyun static ssize_t sel_read_policy(struct file *filp, char __user *buf,
460*4882a593Smuzhiyun size_t count, loff_t *ppos)
461*4882a593Smuzhiyun {
462*4882a593Smuzhiyun struct policy_load_memory *plm = filp->private_data;
463*4882a593Smuzhiyun int ret;
464*4882a593Smuzhiyun
465*4882a593Smuzhiyun ret = avc_has_perm(&selinux_state,
466*4882a593Smuzhiyun current_sid(), SECINITSID_SECURITY,
467*4882a593Smuzhiyun SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL);
468*4882a593Smuzhiyun if (ret)
469*4882a593Smuzhiyun return ret;
470*4882a593Smuzhiyun
471*4882a593Smuzhiyun return simple_read_from_buffer(buf, count, ppos, plm->data, plm->len);
472*4882a593Smuzhiyun }
473*4882a593Smuzhiyun
sel_mmap_policy_fault(struct vm_fault * vmf)474*4882a593Smuzhiyun static vm_fault_t sel_mmap_policy_fault(struct vm_fault *vmf)
475*4882a593Smuzhiyun {
476*4882a593Smuzhiyun struct policy_load_memory *plm = vmf->vma->vm_file->private_data;
477*4882a593Smuzhiyun unsigned long offset;
478*4882a593Smuzhiyun struct page *page;
479*4882a593Smuzhiyun
480*4882a593Smuzhiyun if (vmf->flags & (FAULT_FLAG_MKWRITE | FAULT_FLAG_WRITE))
481*4882a593Smuzhiyun return VM_FAULT_SIGBUS;
482*4882a593Smuzhiyun
483*4882a593Smuzhiyun offset = vmf->pgoff << PAGE_SHIFT;
484*4882a593Smuzhiyun if (offset >= roundup(plm->len, PAGE_SIZE))
485*4882a593Smuzhiyun return VM_FAULT_SIGBUS;
486*4882a593Smuzhiyun
487*4882a593Smuzhiyun page = vmalloc_to_page(plm->data + offset);
488*4882a593Smuzhiyun get_page(page);
489*4882a593Smuzhiyun
490*4882a593Smuzhiyun vmf->page = page;
491*4882a593Smuzhiyun
492*4882a593Smuzhiyun return 0;
493*4882a593Smuzhiyun }
494*4882a593Smuzhiyun
495*4882a593Smuzhiyun static const struct vm_operations_struct sel_mmap_policy_ops = {
496*4882a593Smuzhiyun .fault = sel_mmap_policy_fault,
497*4882a593Smuzhiyun .page_mkwrite = sel_mmap_policy_fault,
498*4882a593Smuzhiyun };
499*4882a593Smuzhiyun
sel_mmap_policy(struct file * filp,struct vm_area_struct * vma)500*4882a593Smuzhiyun static int sel_mmap_policy(struct file *filp, struct vm_area_struct *vma)
501*4882a593Smuzhiyun {
502*4882a593Smuzhiyun if (vma->vm_flags & VM_SHARED) {
503*4882a593Smuzhiyun /* do not allow mprotect to make mapping writable */
504*4882a593Smuzhiyun vma->vm_flags &= ~VM_MAYWRITE;
505*4882a593Smuzhiyun
506*4882a593Smuzhiyun if (vma->vm_flags & VM_WRITE)
507*4882a593Smuzhiyun return -EACCES;
508*4882a593Smuzhiyun }
509*4882a593Smuzhiyun
510*4882a593Smuzhiyun vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP;
511*4882a593Smuzhiyun vma->vm_ops = &sel_mmap_policy_ops;
512*4882a593Smuzhiyun
513*4882a593Smuzhiyun return 0;
514*4882a593Smuzhiyun }
515*4882a593Smuzhiyun
516*4882a593Smuzhiyun static const struct file_operations sel_policy_ops = {
517*4882a593Smuzhiyun .open = sel_open_policy,
518*4882a593Smuzhiyun .read = sel_read_policy,
519*4882a593Smuzhiyun .mmap = sel_mmap_policy,
520*4882a593Smuzhiyun .release = sel_release_policy,
521*4882a593Smuzhiyun .llseek = generic_file_llseek,
522*4882a593Smuzhiyun };
523*4882a593Smuzhiyun
sel_remove_old_bool_data(unsigned int bool_num,char ** bool_names,unsigned int * bool_values)524*4882a593Smuzhiyun static void sel_remove_old_bool_data(unsigned int bool_num, char **bool_names,
525*4882a593Smuzhiyun unsigned int *bool_values)
526*4882a593Smuzhiyun {
527*4882a593Smuzhiyun u32 i;
528*4882a593Smuzhiyun
529*4882a593Smuzhiyun /* bool_dir cleanup */
530*4882a593Smuzhiyun for (i = 0; i < bool_num; i++)
531*4882a593Smuzhiyun kfree(bool_names[i]);
532*4882a593Smuzhiyun kfree(bool_names);
533*4882a593Smuzhiyun kfree(bool_values);
534*4882a593Smuzhiyun }
535*4882a593Smuzhiyun
sel_make_policy_nodes(struct selinux_fs_info * fsi,struct selinux_policy * newpolicy)536*4882a593Smuzhiyun static int sel_make_policy_nodes(struct selinux_fs_info *fsi,
537*4882a593Smuzhiyun struct selinux_policy *newpolicy)
538*4882a593Smuzhiyun {
539*4882a593Smuzhiyun int ret = 0;
540*4882a593Smuzhiyun struct dentry *tmp_parent, *tmp_bool_dir, *tmp_class_dir, *old_dentry;
541*4882a593Smuzhiyun unsigned int tmp_bool_num, old_bool_num;
542*4882a593Smuzhiyun char **tmp_bool_names, **old_bool_names;
543*4882a593Smuzhiyun unsigned int *tmp_bool_values, *old_bool_values;
544*4882a593Smuzhiyun unsigned long tmp_ino = fsi->last_ino; /* Don't increment last_ino in this function */
545*4882a593Smuzhiyun
546*4882a593Smuzhiyun tmp_parent = sel_make_disconnected_dir(fsi->sb, &tmp_ino);
547*4882a593Smuzhiyun if (IS_ERR(tmp_parent))
548*4882a593Smuzhiyun return PTR_ERR(tmp_parent);
549*4882a593Smuzhiyun
550*4882a593Smuzhiyun tmp_ino = fsi->bool_dir->d_inode->i_ino - 1; /* sel_make_dir will increment and set */
551*4882a593Smuzhiyun tmp_bool_dir = sel_make_dir(tmp_parent, BOOL_DIR_NAME, &tmp_ino);
552*4882a593Smuzhiyun if (IS_ERR(tmp_bool_dir)) {
553*4882a593Smuzhiyun ret = PTR_ERR(tmp_bool_dir);
554*4882a593Smuzhiyun goto out;
555*4882a593Smuzhiyun }
556*4882a593Smuzhiyun
557*4882a593Smuzhiyun tmp_ino = fsi->class_dir->d_inode->i_ino - 1; /* sel_make_dir will increment and set */
558*4882a593Smuzhiyun tmp_class_dir = sel_make_dir(tmp_parent, CLASS_DIR_NAME, &tmp_ino);
559*4882a593Smuzhiyun if (IS_ERR(tmp_class_dir)) {
560*4882a593Smuzhiyun ret = PTR_ERR(tmp_class_dir);
561*4882a593Smuzhiyun goto out;
562*4882a593Smuzhiyun }
563*4882a593Smuzhiyun
564*4882a593Smuzhiyun ret = sel_make_bools(newpolicy, tmp_bool_dir, &tmp_bool_num,
565*4882a593Smuzhiyun &tmp_bool_names, &tmp_bool_values);
566*4882a593Smuzhiyun if (ret) {
567*4882a593Smuzhiyun pr_err("SELinux: failed to load policy booleans\n");
568*4882a593Smuzhiyun goto out;
569*4882a593Smuzhiyun }
570*4882a593Smuzhiyun
571*4882a593Smuzhiyun ret = sel_make_classes(newpolicy, tmp_class_dir,
572*4882a593Smuzhiyun &fsi->last_class_ino);
573*4882a593Smuzhiyun if (ret) {
574*4882a593Smuzhiyun pr_err("SELinux: failed to load policy classes\n");
575*4882a593Smuzhiyun goto out;
576*4882a593Smuzhiyun }
577*4882a593Smuzhiyun
578*4882a593Smuzhiyun /* booleans */
579*4882a593Smuzhiyun old_dentry = fsi->bool_dir;
580*4882a593Smuzhiyun lock_rename(tmp_bool_dir, old_dentry);
581*4882a593Smuzhiyun d_exchange(tmp_bool_dir, fsi->bool_dir);
582*4882a593Smuzhiyun
583*4882a593Smuzhiyun old_bool_num = fsi->bool_num;
584*4882a593Smuzhiyun old_bool_names = fsi->bool_pending_names;
585*4882a593Smuzhiyun old_bool_values = fsi->bool_pending_values;
586*4882a593Smuzhiyun
587*4882a593Smuzhiyun fsi->bool_num = tmp_bool_num;
588*4882a593Smuzhiyun fsi->bool_pending_names = tmp_bool_names;
589*4882a593Smuzhiyun fsi->bool_pending_values = tmp_bool_values;
590*4882a593Smuzhiyun
591*4882a593Smuzhiyun sel_remove_old_bool_data(old_bool_num, old_bool_names, old_bool_values);
592*4882a593Smuzhiyun
593*4882a593Smuzhiyun fsi->bool_dir = tmp_bool_dir;
594*4882a593Smuzhiyun unlock_rename(tmp_bool_dir, old_dentry);
595*4882a593Smuzhiyun
596*4882a593Smuzhiyun /* classes */
597*4882a593Smuzhiyun old_dentry = fsi->class_dir;
598*4882a593Smuzhiyun lock_rename(tmp_class_dir, old_dentry);
599*4882a593Smuzhiyun d_exchange(tmp_class_dir, fsi->class_dir);
600*4882a593Smuzhiyun fsi->class_dir = tmp_class_dir;
601*4882a593Smuzhiyun unlock_rename(tmp_class_dir, old_dentry);
602*4882a593Smuzhiyun
603*4882a593Smuzhiyun out:
604*4882a593Smuzhiyun /* Since the other temporary dirs are children of tmp_parent
605*4882a593Smuzhiyun * this will handle all the cleanup in the case of a failure before
606*4882a593Smuzhiyun * the swapover
607*4882a593Smuzhiyun */
608*4882a593Smuzhiyun sel_remove_entries(tmp_parent);
609*4882a593Smuzhiyun dput(tmp_parent); /* d_genocide() only handles the children */
610*4882a593Smuzhiyun
611*4882a593Smuzhiyun return ret;
612*4882a593Smuzhiyun }
613*4882a593Smuzhiyun
sel_write_load(struct file * file,const char __user * buf,size_t count,loff_t * ppos)614*4882a593Smuzhiyun static ssize_t sel_write_load(struct file *file, const char __user *buf,
615*4882a593Smuzhiyun size_t count, loff_t *ppos)
616*4882a593Smuzhiyun
617*4882a593Smuzhiyun {
618*4882a593Smuzhiyun struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
619*4882a593Smuzhiyun struct selinux_load_state load_state;
620*4882a593Smuzhiyun ssize_t length;
621*4882a593Smuzhiyun void *data = NULL;
622*4882a593Smuzhiyun
623*4882a593Smuzhiyun mutex_lock(&fsi->state->policy_mutex);
624*4882a593Smuzhiyun
625*4882a593Smuzhiyun length = avc_has_perm(&selinux_state,
626*4882a593Smuzhiyun current_sid(), SECINITSID_SECURITY,
627*4882a593Smuzhiyun SECCLASS_SECURITY, SECURITY__LOAD_POLICY, NULL);
628*4882a593Smuzhiyun if (length)
629*4882a593Smuzhiyun goto out;
630*4882a593Smuzhiyun
631*4882a593Smuzhiyun /* No partial writes. */
632*4882a593Smuzhiyun length = -EINVAL;
633*4882a593Smuzhiyun if (*ppos != 0)
634*4882a593Smuzhiyun goto out;
635*4882a593Smuzhiyun
636*4882a593Smuzhiyun length = -ENOMEM;
637*4882a593Smuzhiyun data = vmalloc(count);
638*4882a593Smuzhiyun if (!data)
639*4882a593Smuzhiyun goto out;
640*4882a593Smuzhiyun
641*4882a593Smuzhiyun length = -EFAULT;
642*4882a593Smuzhiyun if (copy_from_user(data, buf, count) != 0)
643*4882a593Smuzhiyun goto out;
644*4882a593Smuzhiyun
645*4882a593Smuzhiyun length = security_load_policy(fsi->state, data, count, &load_state);
646*4882a593Smuzhiyun if (length) {
647*4882a593Smuzhiyun pr_warn_ratelimited("SELinux: failed to load policy\n");
648*4882a593Smuzhiyun goto out;
649*4882a593Smuzhiyun }
650*4882a593Smuzhiyun
651*4882a593Smuzhiyun length = sel_make_policy_nodes(fsi, load_state.policy);
652*4882a593Smuzhiyun if (length) {
653*4882a593Smuzhiyun selinux_policy_cancel(fsi->state, &load_state);
654*4882a593Smuzhiyun goto out;
655*4882a593Smuzhiyun }
656*4882a593Smuzhiyun
657*4882a593Smuzhiyun selinux_policy_commit(fsi->state, &load_state);
658*4882a593Smuzhiyun
659*4882a593Smuzhiyun length = count;
660*4882a593Smuzhiyun
661*4882a593Smuzhiyun audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
662*4882a593Smuzhiyun "auid=%u ses=%u lsm=selinux res=1",
663*4882a593Smuzhiyun from_kuid(&init_user_ns, audit_get_loginuid(current)),
664*4882a593Smuzhiyun audit_get_sessionid(current));
665*4882a593Smuzhiyun out:
666*4882a593Smuzhiyun mutex_unlock(&fsi->state->policy_mutex);
667*4882a593Smuzhiyun vfree(data);
668*4882a593Smuzhiyun return length;
669*4882a593Smuzhiyun }
670*4882a593Smuzhiyun
671*4882a593Smuzhiyun static const struct file_operations sel_load_ops = {
672*4882a593Smuzhiyun .write = sel_write_load,
673*4882a593Smuzhiyun .llseek = generic_file_llseek,
674*4882a593Smuzhiyun };
675*4882a593Smuzhiyun
sel_write_context(struct file * file,char * buf,size_t size)676*4882a593Smuzhiyun static ssize_t sel_write_context(struct file *file, char *buf, size_t size)
677*4882a593Smuzhiyun {
678*4882a593Smuzhiyun struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
679*4882a593Smuzhiyun struct selinux_state *state = fsi->state;
680*4882a593Smuzhiyun char *canon = NULL;
681*4882a593Smuzhiyun u32 sid, len;
682*4882a593Smuzhiyun ssize_t length;
683*4882a593Smuzhiyun
684*4882a593Smuzhiyun length = avc_has_perm(&selinux_state,
685*4882a593Smuzhiyun current_sid(), SECINITSID_SECURITY,
686*4882a593Smuzhiyun SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, NULL);
687*4882a593Smuzhiyun if (length)
688*4882a593Smuzhiyun goto out;
689*4882a593Smuzhiyun
690*4882a593Smuzhiyun length = security_context_to_sid(state, buf, size, &sid, GFP_KERNEL);
691*4882a593Smuzhiyun if (length)
692*4882a593Smuzhiyun goto out;
693*4882a593Smuzhiyun
694*4882a593Smuzhiyun length = security_sid_to_context(state, sid, &canon, &len);
695*4882a593Smuzhiyun if (length)
696*4882a593Smuzhiyun goto out;
697*4882a593Smuzhiyun
698*4882a593Smuzhiyun length = -ERANGE;
699*4882a593Smuzhiyun if (len > SIMPLE_TRANSACTION_LIMIT) {
700*4882a593Smuzhiyun pr_err("SELinux: %s: context size (%u) exceeds "
701*4882a593Smuzhiyun "payload max\n", __func__, len);
702*4882a593Smuzhiyun goto out;
703*4882a593Smuzhiyun }
704*4882a593Smuzhiyun
705*4882a593Smuzhiyun memcpy(buf, canon, len);
706*4882a593Smuzhiyun length = len;
707*4882a593Smuzhiyun out:
708*4882a593Smuzhiyun kfree(canon);
709*4882a593Smuzhiyun return length;
710*4882a593Smuzhiyun }
711*4882a593Smuzhiyun
sel_read_checkreqprot(struct file * filp,char __user * buf,size_t count,loff_t * ppos)712*4882a593Smuzhiyun static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf,
713*4882a593Smuzhiyun size_t count, loff_t *ppos)
714*4882a593Smuzhiyun {
715*4882a593Smuzhiyun struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
716*4882a593Smuzhiyun char tmpbuf[TMPBUFLEN];
717*4882a593Smuzhiyun ssize_t length;
718*4882a593Smuzhiyun
719*4882a593Smuzhiyun length = scnprintf(tmpbuf, TMPBUFLEN, "%u",
720*4882a593Smuzhiyun checkreqprot_get(fsi->state));
721*4882a593Smuzhiyun return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
722*4882a593Smuzhiyun }
723*4882a593Smuzhiyun
sel_write_checkreqprot(struct file * file,const char __user * buf,size_t count,loff_t * ppos)724*4882a593Smuzhiyun static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
725*4882a593Smuzhiyun size_t count, loff_t *ppos)
726*4882a593Smuzhiyun {
727*4882a593Smuzhiyun struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
728*4882a593Smuzhiyun char *page;
729*4882a593Smuzhiyun ssize_t length;
730*4882a593Smuzhiyun unsigned int new_value;
731*4882a593Smuzhiyun
732*4882a593Smuzhiyun length = avc_has_perm(&selinux_state,
733*4882a593Smuzhiyun current_sid(), SECINITSID_SECURITY,
734*4882a593Smuzhiyun SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT,
735*4882a593Smuzhiyun NULL);
736*4882a593Smuzhiyun if (length)
737*4882a593Smuzhiyun return length;
738*4882a593Smuzhiyun
739*4882a593Smuzhiyun if (count >= PAGE_SIZE)
740*4882a593Smuzhiyun return -ENOMEM;
741*4882a593Smuzhiyun
742*4882a593Smuzhiyun /* No partial writes. */
743*4882a593Smuzhiyun if (*ppos != 0)
744*4882a593Smuzhiyun return -EINVAL;
745*4882a593Smuzhiyun
746*4882a593Smuzhiyun page = memdup_user_nul(buf, count);
747*4882a593Smuzhiyun if (IS_ERR(page))
748*4882a593Smuzhiyun return PTR_ERR(page);
749*4882a593Smuzhiyun
750*4882a593Smuzhiyun length = -EINVAL;
751*4882a593Smuzhiyun if (sscanf(page, "%u", &new_value) != 1)
752*4882a593Smuzhiyun goto out;
753*4882a593Smuzhiyun
754*4882a593Smuzhiyun if (new_value) {
755*4882a593Smuzhiyun char comm[sizeof(current->comm)];
756*4882a593Smuzhiyun
757*4882a593Smuzhiyun memcpy(comm, current->comm, sizeof(comm));
758*4882a593Smuzhiyun pr_warn_once("SELinux: %s (%d) set checkreqprot to 1. This is deprecated and will be rejected in a future kernel release.\n",
759*4882a593Smuzhiyun comm, current->pid);
760*4882a593Smuzhiyun }
761*4882a593Smuzhiyun
762*4882a593Smuzhiyun checkreqprot_set(fsi->state, (new_value ? 1 : 0));
763*4882a593Smuzhiyun length = count;
764*4882a593Smuzhiyun out:
765*4882a593Smuzhiyun kfree(page);
766*4882a593Smuzhiyun return length;
767*4882a593Smuzhiyun }
768*4882a593Smuzhiyun static const struct file_operations sel_checkreqprot_ops = {
769*4882a593Smuzhiyun .read = sel_read_checkreqprot,
770*4882a593Smuzhiyun .write = sel_write_checkreqprot,
771*4882a593Smuzhiyun .llseek = generic_file_llseek,
772*4882a593Smuzhiyun };
773*4882a593Smuzhiyun
sel_write_validatetrans(struct file * file,const char __user * buf,size_t count,loff_t * ppos)774*4882a593Smuzhiyun static ssize_t sel_write_validatetrans(struct file *file,
775*4882a593Smuzhiyun const char __user *buf,
776*4882a593Smuzhiyun size_t count, loff_t *ppos)
777*4882a593Smuzhiyun {
778*4882a593Smuzhiyun struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
779*4882a593Smuzhiyun struct selinux_state *state = fsi->state;
780*4882a593Smuzhiyun char *oldcon = NULL, *newcon = NULL, *taskcon = NULL;
781*4882a593Smuzhiyun char *req = NULL;
782*4882a593Smuzhiyun u32 osid, nsid, tsid;
783*4882a593Smuzhiyun u16 tclass;
784*4882a593Smuzhiyun int rc;
785*4882a593Smuzhiyun
786*4882a593Smuzhiyun rc = avc_has_perm(&selinux_state,
787*4882a593Smuzhiyun current_sid(), SECINITSID_SECURITY,
788*4882a593Smuzhiyun SECCLASS_SECURITY, SECURITY__VALIDATE_TRANS, NULL);
789*4882a593Smuzhiyun if (rc)
790*4882a593Smuzhiyun goto out;
791*4882a593Smuzhiyun
792*4882a593Smuzhiyun rc = -ENOMEM;
793*4882a593Smuzhiyun if (count >= PAGE_SIZE)
794*4882a593Smuzhiyun goto out;
795*4882a593Smuzhiyun
796*4882a593Smuzhiyun /* No partial writes. */
797*4882a593Smuzhiyun rc = -EINVAL;
798*4882a593Smuzhiyun if (*ppos != 0)
799*4882a593Smuzhiyun goto out;
800*4882a593Smuzhiyun
801*4882a593Smuzhiyun req = memdup_user_nul(buf, count);
802*4882a593Smuzhiyun if (IS_ERR(req)) {
803*4882a593Smuzhiyun rc = PTR_ERR(req);
804*4882a593Smuzhiyun req = NULL;
805*4882a593Smuzhiyun goto out;
806*4882a593Smuzhiyun }
807*4882a593Smuzhiyun
808*4882a593Smuzhiyun rc = -ENOMEM;
809*4882a593Smuzhiyun oldcon = kzalloc(count + 1, GFP_KERNEL);
810*4882a593Smuzhiyun if (!oldcon)
811*4882a593Smuzhiyun goto out;
812*4882a593Smuzhiyun
813*4882a593Smuzhiyun newcon = kzalloc(count + 1, GFP_KERNEL);
814*4882a593Smuzhiyun if (!newcon)
815*4882a593Smuzhiyun goto out;
816*4882a593Smuzhiyun
817*4882a593Smuzhiyun taskcon = kzalloc(count + 1, GFP_KERNEL);
818*4882a593Smuzhiyun if (!taskcon)
819*4882a593Smuzhiyun goto out;
820*4882a593Smuzhiyun
821*4882a593Smuzhiyun rc = -EINVAL;
822*4882a593Smuzhiyun if (sscanf(req, "%s %s %hu %s", oldcon, newcon, &tclass, taskcon) != 4)
823*4882a593Smuzhiyun goto out;
824*4882a593Smuzhiyun
825*4882a593Smuzhiyun rc = security_context_str_to_sid(state, oldcon, &osid, GFP_KERNEL);
826*4882a593Smuzhiyun if (rc)
827*4882a593Smuzhiyun goto out;
828*4882a593Smuzhiyun
829*4882a593Smuzhiyun rc = security_context_str_to_sid(state, newcon, &nsid, GFP_KERNEL);
830*4882a593Smuzhiyun if (rc)
831*4882a593Smuzhiyun goto out;
832*4882a593Smuzhiyun
833*4882a593Smuzhiyun rc = security_context_str_to_sid(state, taskcon, &tsid, GFP_KERNEL);
834*4882a593Smuzhiyun if (rc)
835*4882a593Smuzhiyun goto out;
836*4882a593Smuzhiyun
837*4882a593Smuzhiyun rc = security_validate_transition_user(state, osid, nsid, tsid, tclass);
838*4882a593Smuzhiyun if (!rc)
839*4882a593Smuzhiyun rc = count;
840*4882a593Smuzhiyun out:
841*4882a593Smuzhiyun kfree(req);
842*4882a593Smuzhiyun kfree(oldcon);
843*4882a593Smuzhiyun kfree(newcon);
844*4882a593Smuzhiyun kfree(taskcon);
845*4882a593Smuzhiyun return rc;
846*4882a593Smuzhiyun }
847*4882a593Smuzhiyun
848*4882a593Smuzhiyun static const struct file_operations sel_transition_ops = {
849*4882a593Smuzhiyun .write = sel_write_validatetrans,
850*4882a593Smuzhiyun .llseek = generic_file_llseek,
851*4882a593Smuzhiyun };
852*4882a593Smuzhiyun
853*4882a593Smuzhiyun /*
854*4882a593Smuzhiyun * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c
855*4882a593Smuzhiyun */
856*4882a593Smuzhiyun static ssize_t sel_write_access(struct file *file, char *buf, size_t size);
857*4882a593Smuzhiyun static ssize_t sel_write_create(struct file *file, char *buf, size_t size);
858*4882a593Smuzhiyun static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size);
859*4882a593Smuzhiyun static ssize_t sel_write_user(struct file *file, char *buf, size_t size);
860*4882a593Smuzhiyun static ssize_t sel_write_member(struct file *file, char *buf, size_t size);
861*4882a593Smuzhiyun
862*4882a593Smuzhiyun static ssize_t (*const write_op[])(struct file *, char *, size_t) = {
863*4882a593Smuzhiyun [SEL_ACCESS] = sel_write_access,
864*4882a593Smuzhiyun [SEL_CREATE] = sel_write_create,
865*4882a593Smuzhiyun [SEL_RELABEL] = sel_write_relabel,
866*4882a593Smuzhiyun [SEL_USER] = sel_write_user,
867*4882a593Smuzhiyun [SEL_MEMBER] = sel_write_member,
868*4882a593Smuzhiyun [SEL_CONTEXT] = sel_write_context,
869*4882a593Smuzhiyun };
870*4882a593Smuzhiyun
selinux_transaction_write(struct file * file,const char __user * buf,size_t size,loff_t * pos)871*4882a593Smuzhiyun static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos)
872*4882a593Smuzhiyun {
873*4882a593Smuzhiyun ino_t ino = file_inode(file)->i_ino;
874*4882a593Smuzhiyun char *data;
875*4882a593Smuzhiyun ssize_t rv;
876*4882a593Smuzhiyun
877*4882a593Smuzhiyun if (ino >= ARRAY_SIZE(write_op) || !write_op[ino])
878*4882a593Smuzhiyun return -EINVAL;
879*4882a593Smuzhiyun
880*4882a593Smuzhiyun data = simple_transaction_get(file, buf, size);
881*4882a593Smuzhiyun if (IS_ERR(data))
882*4882a593Smuzhiyun return PTR_ERR(data);
883*4882a593Smuzhiyun
884*4882a593Smuzhiyun rv = write_op[ino](file, data, size);
885*4882a593Smuzhiyun if (rv > 0) {
886*4882a593Smuzhiyun simple_transaction_set(file, rv);
887*4882a593Smuzhiyun rv = size;
888*4882a593Smuzhiyun }
889*4882a593Smuzhiyun return rv;
890*4882a593Smuzhiyun }
891*4882a593Smuzhiyun
892*4882a593Smuzhiyun static const struct file_operations transaction_ops = {
893*4882a593Smuzhiyun .write = selinux_transaction_write,
894*4882a593Smuzhiyun .read = simple_transaction_read,
895*4882a593Smuzhiyun .release = simple_transaction_release,
896*4882a593Smuzhiyun .llseek = generic_file_llseek,
897*4882a593Smuzhiyun };
898*4882a593Smuzhiyun
899*4882a593Smuzhiyun /*
900*4882a593Smuzhiyun * payload - write methods
901*4882a593Smuzhiyun * If the method has a response, the response should be put in buf,
902*4882a593Smuzhiyun * and the length returned. Otherwise return 0 or and -error.
903*4882a593Smuzhiyun */
904*4882a593Smuzhiyun
sel_write_access(struct file * file,char * buf,size_t size)905*4882a593Smuzhiyun static ssize_t sel_write_access(struct file *file, char *buf, size_t size)
906*4882a593Smuzhiyun {
907*4882a593Smuzhiyun struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
908*4882a593Smuzhiyun struct selinux_state *state = fsi->state;
909*4882a593Smuzhiyun char *scon = NULL, *tcon = NULL;
910*4882a593Smuzhiyun u32 ssid, tsid;
911*4882a593Smuzhiyun u16 tclass;
912*4882a593Smuzhiyun struct av_decision avd;
913*4882a593Smuzhiyun ssize_t length;
914*4882a593Smuzhiyun
915*4882a593Smuzhiyun length = avc_has_perm(&selinux_state,
916*4882a593Smuzhiyun current_sid(), SECINITSID_SECURITY,
917*4882a593Smuzhiyun SECCLASS_SECURITY, SECURITY__COMPUTE_AV, NULL);
918*4882a593Smuzhiyun if (length)
919*4882a593Smuzhiyun goto out;
920*4882a593Smuzhiyun
921*4882a593Smuzhiyun length = -ENOMEM;
922*4882a593Smuzhiyun scon = kzalloc(size + 1, GFP_KERNEL);
923*4882a593Smuzhiyun if (!scon)
924*4882a593Smuzhiyun goto out;
925*4882a593Smuzhiyun
926*4882a593Smuzhiyun length = -ENOMEM;
927*4882a593Smuzhiyun tcon = kzalloc(size + 1, GFP_KERNEL);
928*4882a593Smuzhiyun if (!tcon)
929*4882a593Smuzhiyun goto out;
930*4882a593Smuzhiyun
931*4882a593Smuzhiyun length = -EINVAL;
932*4882a593Smuzhiyun if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
933*4882a593Smuzhiyun goto out;
934*4882a593Smuzhiyun
935*4882a593Smuzhiyun length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL);
936*4882a593Smuzhiyun if (length)
937*4882a593Smuzhiyun goto out;
938*4882a593Smuzhiyun
939*4882a593Smuzhiyun length = security_context_str_to_sid(state, tcon, &tsid, GFP_KERNEL);
940*4882a593Smuzhiyun if (length)
941*4882a593Smuzhiyun goto out;
942*4882a593Smuzhiyun
943*4882a593Smuzhiyun security_compute_av_user(state, ssid, tsid, tclass, &avd);
944*4882a593Smuzhiyun
945*4882a593Smuzhiyun length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT,
946*4882a593Smuzhiyun "%x %x %x %x %u %x",
947*4882a593Smuzhiyun avd.allowed, 0xffffffff,
948*4882a593Smuzhiyun avd.auditallow, avd.auditdeny,
949*4882a593Smuzhiyun avd.seqno, avd.flags);
950*4882a593Smuzhiyun out:
951*4882a593Smuzhiyun kfree(tcon);
952*4882a593Smuzhiyun kfree(scon);
953*4882a593Smuzhiyun return length;
954*4882a593Smuzhiyun }
955*4882a593Smuzhiyun
sel_write_create(struct file * file,char * buf,size_t size)956*4882a593Smuzhiyun static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
957*4882a593Smuzhiyun {
958*4882a593Smuzhiyun struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
959*4882a593Smuzhiyun struct selinux_state *state = fsi->state;
960*4882a593Smuzhiyun char *scon = NULL, *tcon = NULL;
961*4882a593Smuzhiyun char *namebuf = NULL, *objname = NULL;
962*4882a593Smuzhiyun u32 ssid, tsid, newsid;
963*4882a593Smuzhiyun u16 tclass;
964*4882a593Smuzhiyun ssize_t length;
965*4882a593Smuzhiyun char *newcon = NULL;
966*4882a593Smuzhiyun u32 len;
967*4882a593Smuzhiyun int nargs;
968*4882a593Smuzhiyun
969*4882a593Smuzhiyun length = avc_has_perm(&selinux_state,
970*4882a593Smuzhiyun current_sid(), SECINITSID_SECURITY,
971*4882a593Smuzhiyun SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE,
972*4882a593Smuzhiyun NULL);
973*4882a593Smuzhiyun if (length)
974*4882a593Smuzhiyun goto out;
975*4882a593Smuzhiyun
976*4882a593Smuzhiyun length = -ENOMEM;
977*4882a593Smuzhiyun scon = kzalloc(size + 1, GFP_KERNEL);
978*4882a593Smuzhiyun if (!scon)
979*4882a593Smuzhiyun goto out;
980*4882a593Smuzhiyun
981*4882a593Smuzhiyun length = -ENOMEM;
982*4882a593Smuzhiyun tcon = kzalloc(size + 1, GFP_KERNEL);
983*4882a593Smuzhiyun if (!tcon)
984*4882a593Smuzhiyun goto out;
985*4882a593Smuzhiyun
986*4882a593Smuzhiyun length = -ENOMEM;
987*4882a593Smuzhiyun namebuf = kzalloc(size + 1, GFP_KERNEL);
988*4882a593Smuzhiyun if (!namebuf)
989*4882a593Smuzhiyun goto out;
990*4882a593Smuzhiyun
991*4882a593Smuzhiyun length = -EINVAL;
992*4882a593Smuzhiyun nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf);
993*4882a593Smuzhiyun if (nargs < 3 || nargs > 4)
994*4882a593Smuzhiyun goto out;
995*4882a593Smuzhiyun if (nargs == 4) {
996*4882a593Smuzhiyun /*
997*4882a593Smuzhiyun * If and when the name of new object to be queried contains
998*4882a593Smuzhiyun * either whitespace or multibyte characters, they shall be
999*4882a593Smuzhiyun * encoded based on the percentage-encoding rule.
1000*4882a593Smuzhiyun * If not encoded, the sscanf logic picks up only left-half
1001*4882a593Smuzhiyun * of the supplied name; splitted by a whitespace unexpectedly.
1002*4882a593Smuzhiyun */
1003*4882a593Smuzhiyun char *r, *w;
1004*4882a593Smuzhiyun int c1, c2;
1005*4882a593Smuzhiyun
1006*4882a593Smuzhiyun r = w = namebuf;
1007*4882a593Smuzhiyun do {
1008*4882a593Smuzhiyun c1 = *r++;
1009*4882a593Smuzhiyun if (c1 == '+')
1010*4882a593Smuzhiyun c1 = ' ';
1011*4882a593Smuzhiyun else if (c1 == '%') {
1012*4882a593Smuzhiyun c1 = hex_to_bin(*r++);
1013*4882a593Smuzhiyun if (c1 < 0)
1014*4882a593Smuzhiyun goto out;
1015*4882a593Smuzhiyun c2 = hex_to_bin(*r++);
1016*4882a593Smuzhiyun if (c2 < 0)
1017*4882a593Smuzhiyun goto out;
1018*4882a593Smuzhiyun c1 = (c1 << 4) | c2;
1019*4882a593Smuzhiyun }
1020*4882a593Smuzhiyun *w++ = c1;
1021*4882a593Smuzhiyun } while (c1 != '\0');
1022*4882a593Smuzhiyun
1023*4882a593Smuzhiyun objname = namebuf;
1024*4882a593Smuzhiyun }
1025*4882a593Smuzhiyun
1026*4882a593Smuzhiyun length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL);
1027*4882a593Smuzhiyun if (length)
1028*4882a593Smuzhiyun goto out;
1029*4882a593Smuzhiyun
1030*4882a593Smuzhiyun length = security_context_str_to_sid(state, tcon, &tsid, GFP_KERNEL);
1031*4882a593Smuzhiyun if (length)
1032*4882a593Smuzhiyun goto out;
1033*4882a593Smuzhiyun
1034*4882a593Smuzhiyun length = security_transition_sid_user(state, ssid, tsid, tclass,
1035*4882a593Smuzhiyun objname, &newsid);
1036*4882a593Smuzhiyun if (length)
1037*4882a593Smuzhiyun goto out;
1038*4882a593Smuzhiyun
1039*4882a593Smuzhiyun length = security_sid_to_context(state, newsid, &newcon, &len);
1040*4882a593Smuzhiyun if (length)
1041*4882a593Smuzhiyun goto out;
1042*4882a593Smuzhiyun
1043*4882a593Smuzhiyun length = -ERANGE;
1044*4882a593Smuzhiyun if (len > SIMPLE_TRANSACTION_LIMIT) {
1045*4882a593Smuzhiyun pr_err("SELinux: %s: context size (%u) exceeds "
1046*4882a593Smuzhiyun "payload max\n", __func__, len);
1047*4882a593Smuzhiyun goto out;
1048*4882a593Smuzhiyun }
1049*4882a593Smuzhiyun
1050*4882a593Smuzhiyun memcpy(buf, newcon, len);
1051*4882a593Smuzhiyun length = len;
1052*4882a593Smuzhiyun out:
1053*4882a593Smuzhiyun kfree(newcon);
1054*4882a593Smuzhiyun kfree(namebuf);
1055*4882a593Smuzhiyun kfree(tcon);
1056*4882a593Smuzhiyun kfree(scon);
1057*4882a593Smuzhiyun return length;
1058*4882a593Smuzhiyun }
1059*4882a593Smuzhiyun
sel_write_relabel(struct file * file,char * buf,size_t size)1060*4882a593Smuzhiyun static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size)
1061*4882a593Smuzhiyun {
1062*4882a593Smuzhiyun struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
1063*4882a593Smuzhiyun struct selinux_state *state = fsi->state;
1064*4882a593Smuzhiyun char *scon = NULL, *tcon = NULL;
1065*4882a593Smuzhiyun u32 ssid, tsid, newsid;
1066*4882a593Smuzhiyun u16 tclass;
1067*4882a593Smuzhiyun ssize_t length;
1068*4882a593Smuzhiyun char *newcon = NULL;
1069*4882a593Smuzhiyun u32 len;
1070*4882a593Smuzhiyun
1071*4882a593Smuzhiyun length = avc_has_perm(&selinux_state,
1072*4882a593Smuzhiyun current_sid(), SECINITSID_SECURITY,
1073*4882a593Smuzhiyun SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL,
1074*4882a593Smuzhiyun NULL);
1075*4882a593Smuzhiyun if (length)
1076*4882a593Smuzhiyun goto out;
1077*4882a593Smuzhiyun
1078*4882a593Smuzhiyun length = -ENOMEM;
1079*4882a593Smuzhiyun scon = kzalloc(size + 1, GFP_KERNEL);
1080*4882a593Smuzhiyun if (!scon)
1081*4882a593Smuzhiyun goto out;
1082*4882a593Smuzhiyun
1083*4882a593Smuzhiyun length = -ENOMEM;
1084*4882a593Smuzhiyun tcon = kzalloc(size + 1, GFP_KERNEL);
1085*4882a593Smuzhiyun if (!tcon)
1086*4882a593Smuzhiyun goto out;
1087*4882a593Smuzhiyun
1088*4882a593Smuzhiyun length = -EINVAL;
1089*4882a593Smuzhiyun if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
1090*4882a593Smuzhiyun goto out;
1091*4882a593Smuzhiyun
1092*4882a593Smuzhiyun length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL);
1093*4882a593Smuzhiyun if (length)
1094*4882a593Smuzhiyun goto out;
1095*4882a593Smuzhiyun
1096*4882a593Smuzhiyun length = security_context_str_to_sid(state, tcon, &tsid, GFP_KERNEL);
1097*4882a593Smuzhiyun if (length)
1098*4882a593Smuzhiyun goto out;
1099*4882a593Smuzhiyun
1100*4882a593Smuzhiyun length = security_change_sid(state, ssid, tsid, tclass, &newsid);
1101*4882a593Smuzhiyun if (length)
1102*4882a593Smuzhiyun goto out;
1103*4882a593Smuzhiyun
1104*4882a593Smuzhiyun length = security_sid_to_context(state, newsid, &newcon, &len);
1105*4882a593Smuzhiyun if (length)
1106*4882a593Smuzhiyun goto out;
1107*4882a593Smuzhiyun
1108*4882a593Smuzhiyun length = -ERANGE;
1109*4882a593Smuzhiyun if (len > SIMPLE_TRANSACTION_LIMIT)
1110*4882a593Smuzhiyun goto out;
1111*4882a593Smuzhiyun
1112*4882a593Smuzhiyun memcpy(buf, newcon, len);
1113*4882a593Smuzhiyun length = len;
1114*4882a593Smuzhiyun out:
1115*4882a593Smuzhiyun kfree(newcon);
1116*4882a593Smuzhiyun kfree(tcon);
1117*4882a593Smuzhiyun kfree(scon);
1118*4882a593Smuzhiyun return length;
1119*4882a593Smuzhiyun }
1120*4882a593Smuzhiyun
sel_write_user(struct file * file,char * buf,size_t size)1121*4882a593Smuzhiyun static ssize_t sel_write_user(struct file *file, char *buf, size_t size)
1122*4882a593Smuzhiyun {
1123*4882a593Smuzhiyun struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
1124*4882a593Smuzhiyun struct selinux_state *state = fsi->state;
1125*4882a593Smuzhiyun char *con = NULL, *user = NULL, *ptr;
1126*4882a593Smuzhiyun u32 sid, *sids = NULL;
1127*4882a593Smuzhiyun ssize_t length;
1128*4882a593Smuzhiyun char *newcon;
1129*4882a593Smuzhiyun int i, rc;
1130*4882a593Smuzhiyun u32 len, nsids;
1131*4882a593Smuzhiyun
1132*4882a593Smuzhiyun length = avc_has_perm(&selinux_state,
1133*4882a593Smuzhiyun current_sid(), SECINITSID_SECURITY,
1134*4882a593Smuzhiyun SECCLASS_SECURITY, SECURITY__COMPUTE_USER,
1135*4882a593Smuzhiyun NULL);
1136*4882a593Smuzhiyun if (length)
1137*4882a593Smuzhiyun goto out;
1138*4882a593Smuzhiyun
1139*4882a593Smuzhiyun length = -ENOMEM;
1140*4882a593Smuzhiyun con = kzalloc(size + 1, GFP_KERNEL);
1141*4882a593Smuzhiyun if (!con)
1142*4882a593Smuzhiyun goto out;
1143*4882a593Smuzhiyun
1144*4882a593Smuzhiyun length = -ENOMEM;
1145*4882a593Smuzhiyun user = kzalloc(size + 1, GFP_KERNEL);
1146*4882a593Smuzhiyun if (!user)
1147*4882a593Smuzhiyun goto out;
1148*4882a593Smuzhiyun
1149*4882a593Smuzhiyun length = -EINVAL;
1150*4882a593Smuzhiyun if (sscanf(buf, "%s %s", con, user) != 2)
1151*4882a593Smuzhiyun goto out;
1152*4882a593Smuzhiyun
1153*4882a593Smuzhiyun length = security_context_str_to_sid(state, con, &sid, GFP_KERNEL);
1154*4882a593Smuzhiyun if (length)
1155*4882a593Smuzhiyun goto out;
1156*4882a593Smuzhiyun
1157*4882a593Smuzhiyun length = security_get_user_sids(state, sid, user, &sids, &nsids);
1158*4882a593Smuzhiyun if (length)
1159*4882a593Smuzhiyun goto out;
1160*4882a593Smuzhiyun
1161*4882a593Smuzhiyun length = sprintf(buf, "%u", nsids) + 1;
1162*4882a593Smuzhiyun ptr = buf + length;
1163*4882a593Smuzhiyun for (i = 0; i < nsids; i++) {
1164*4882a593Smuzhiyun rc = security_sid_to_context(state, sids[i], &newcon, &len);
1165*4882a593Smuzhiyun if (rc) {
1166*4882a593Smuzhiyun length = rc;
1167*4882a593Smuzhiyun goto out;
1168*4882a593Smuzhiyun }
1169*4882a593Smuzhiyun if ((length + len) >= SIMPLE_TRANSACTION_LIMIT) {
1170*4882a593Smuzhiyun kfree(newcon);
1171*4882a593Smuzhiyun length = -ERANGE;
1172*4882a593Smuzhiyun goto out;
1173*4882a593Smuzhiyun }
1174*4882a593Smuzhiyun memcpy(ptr, newcon, len);
1175*4882a593Smuzhiyun kfree(newcon);
1176*4882a593Smuzhiyun ptr += len;
1177*4882a593Smuzhiyun length += len;
1178*4882a593Smuzhiyun }
1179*4882a593Smuzhiyun out:
1180*4882a593Smuzhiyun kfree(sids);
1181*4882a593Smuzhiyun kfree(user);
1182*4882a593Smuzhiyun kfree(con);
1183*4882a593Smuzhiyun return length;
1184*4882a593Smuzhiyun }
1185*4882a593Smuzhiyun
sel_write_member(struct file * file,char * buf,size_t size)1186*4882a593Smuzhiyun static ssize_t sel_write_member(struct file *file, char *buf, size_t size)
1187*4882a593Smuzhiyun {
1188*4882a593Smuzhiyun struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
1189*4882a593Smuzhiyun struct selinux_state *state = fsi->state;
1190*4882a593Smuzhiyun char *scon = NULL, *tcon = NULL;
1191*4882a593Smuzhiyun u32 ssid, tsid, newsid;
1192*4882a593Smuzhiyun u16 tclass;
1193*4882a593Smuzhiyun ssize_t length;
1194*4882a593Smuzhiyun char *newcon = NULL;
1195*4882a593Smuzhiyun u32 len;
1196*4882a593Smuzhiyun
1197*4882a593Smuzhiyun length = avc_has_perm(&selinux_state,
1198*4882a593Smuzhiyun current_sid(), SECINITSID_SECURITY,
1199*4882a593Smuzhiyun SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER,
1200*4882a593Smuzhiyun NULL);
1201*4882a593Smuzhiyun if (length)
1202*4882a593Smuzhiyun goto out;
1203*4882a593Smuzhiyun
1204*4882a593Smuzhiyun length = -ENOMEM;
1205*4882a593Smuzhiyun scon = kzalloc(size + 1, GFP_KERNEL);
1206*4882a593Smuzhiyun if (!scon)
1207*4882a593Smuzhiyun goto out;
1208*4882a593Smuzhiyun
1209*4882a593Smuzhiyun length = -ENOMEM;
1210*4882a593Smuzhiyun tcon = kzalloc(size + 1, GFP_KERNEL);
1211*4882a593Smuzhiyun if (!tcon)
1212*4882a593Smuzhiyun goto out;
1213*4882a593Smuzhiyun
1214*4882a593Smuzhiyun length = -EINVAL;
1215*4882a593Smuzhiyun if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
1216*4882a593Smuzhiyun goto out;
1217*4882a593Smuzhiyun
1218*4882a593Smuzhiyun length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL);
1219*4882a593Smuzhiyun if (length)
1220*4882a593Smuzhiyun goto out;
1221*4882a593Smuzhiyun
1222*4882a593Smuzhiyun length = security_context_str_to_sid(state, tcon, &tsid, GFP_KERNEL);
1223*4882a593Smuzhiyun if (length)
1224*4882a593Smuzhiyun goto out;
1225*4882a593Smuzhiyun
1226*4882a593Smuzhiyun length = security_member_sid(state, ssid, tsid, tclass, &newsid);
1227*4882a593Smuzhiyun if (length)
1228*4882a593Smuzhiyun goto out;
1229*4882a593Smuzhiyun
1230*4882a593Smuzhiyun length = security_sid_to_context(state, newsid, &newcon, &len);
1231*4882a593Smuzhiyun if (length)
1232*4882a593Smuzhiyun goto out;
1233*4882a593Smuzhiyun
1234*4882a593Smuzhiyun length = -ERANGE;
1235*4882a593Smuzhiyun if (len > SIMPLE_TRANSACTION_LIMIT) {
1236*4882a593Smuzhiyun pr_err("SELinux: %s: context size (%u) exceeds "
1237*4882a593Smuzhiyun "payload max\n", __func__, len);
1238*4882a593Smuzhiyun goto out;
1239*4882a593Smuzhiyun }
1240*4882a593Smuzhiyun
1241*4882a593Smuzhiyun memcpy(buf, newcon, len);
1242*4882a593Smuzhiyun length = len;
1243*4882a593Smuzhiyun out:
1244*4882a593Smuzhiyun kfree(newcon);
1245*4882a593Smuzhiyun kfree(tcon);
1246*4882a593Smuzhiyun kfree(scon);
1247*4882a593Smuzhiyun return length;
1248*4882a593Smuzhiyun }
1249*4882a593Smuzhiyun
sel_make_inode(struct super_block * sb,int mode)1250*4882a593Smuzhiyun static struct inode *sel_make_inode(struct super_block *sb, int mode)
1251*4882a593Smuzhiyun {
1252*4882a593Smuzhiyun struct inode *ret = new_inode(sb);
1253*4882a593Smuzhiyun
1254*4882a593Smuzhiyun if (ret) {
1255*4882a593Smuzhiyun ret->i_mode = mode;
1256*4882a593Smuzhiyun ret->i_atime = ret->i_mtime = ret->i_ctime = current_time(ret);
1257*4882a593Smuzhiyun }
1258*4882a593Smuzhiyun return ret;
1259*4882a593Smuzhiyun }
1260*4882a593Smuzhiyun
sel_read_bool(struct file * filep,char __user * buf,size_t count,loff_t * ppos)1261*4882a593Smuzhiyun static ssize_t sel_read_bool(struct file *filep, char __user *buf,
1262*4882a593Smuzhiyun size_t count, loff_t *ppos)
1263*4882a593Smuzhiyun {
1264*4882a593Smuzhiyun struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info;
1265*4882a593Smuzhiyun char *page = NULL;
1266*4882a593Smuzhiyun ssize_t length;
1267*4882a593Smuzhiyun ssize_t ret;
1268*4882a593Smuzhiyun int cur_enforcing;
1269*4882a593Smuzhiyun unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
1270*4882a593Smuzhiyun const char *name = filep->f_path.dentry->d_name.name;
1271*4882a593Smuzhiyun
1272*4882a593Smuzhiyun mutex_lock(&fsi->state->policy_mutex);
1273*4882a593Smuzhiyun
1274*4882a593Smuzhiyun ret = -EINVAL;
1275*4882a593Smuzhiyun if (index >= fsi->bool_num || strcmp(name,
1276*4882a593Smuzhiyun fsi->bool_pending_names[index]))
1277*4882a593Smuzhiyun goto out_unlock;
1278*4882a593Smuzhiyun
1279*4882a593Smuzhiyun ret = -ENOMEM;
1280*4882a593Smuzhiyun page = (char *)get_zeroed_page(GFP_KERNEL);
1281*4882a593Smuzhiyun if (!page)
1282*4882a593Smuzhiyun goto out_unlock;
1283*4882a593Smuzhiyun
1284*4882a593Smuzhiyun cur_enforcing = security_get_bool_value(fsi->state, index);
1285*4882a593Smuzhiyun if (cur_enforcing < 0) {
1286*4882a593Smuzhiyun ret = cur_enforcing;
1287*4882a593Smuzhiyun goto out_unlock;
1288*4882a593Smuzhiyun }
1289*4882a593Smuzhiyun length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing,
1290*4882a593Smuzhiyun fsi->bool_pending_values[index]);
1291*4882a593Smuzhiyun mutex_unlock(&fsi->state->policy_mutex);
1292*4882a593Smuzhiyun ret = simple_read_from_buffer(buf, count, ppos, page, length);
1293*4882a593Smuzhiyun out_free:
1294*4882a593Smuzhiyun free_page((unsigned long)page);
1295*4882a593Smuzhiyun return ret;
1296*4882a593Smuzhiyun
1297*4882a593Smuzhiyun out_unlock:
1298*4882a593Smuzhiyun mutex_unlock(&fsi->state->policy_mutex);
1299*4882a593Smuzhiyun goto out_free;
1300*4882a593Smuzhiyun }
1301*4882a593Smuzhiyun
sel_write_bool(struct file * filep,const char __user * buf,size_t count,loff_t * ppos)1302*4882a593Smuzhiyun static ssize_t sel_write_bool(struct file *filep, const char __user *buf,
1303*4882a593Smuzhiyun size_t count, loff_t *ppos)
1304*4882a593Smuzhiyun {
1305*4882a593Smuzhiyun struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info;
1306*4882a593Smuzhiyun char *page = NULL;
1307*4882a593Smuzhiyun ssize_t length;
1308*4882a593Smuzhiyun int new_value;
1309*4882a593Smuzhiyun unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
1310*4882a593Smuzhiyun const char *name = filep->f_path.dentry->d_name.name;
1311*4882a593Smuzhiyun
1312*4882a593Smuzhiyun if (count >= PAGE_SIZE)
1313*4882a593Smuzhiyun return -ENOMEM;
1314*4882a593Smuzhiyun
1315*4882a593Smuzhiyun /* No partial writes. */
1316*4882a593Smuzhiyun if (*ppos != 0)
1317*4882a593Smuzhiyun return -EINVAL;
1318*4882a593Smuzhiyun
1319*4882a593Smuzhiyun page = memdup_user_nul(buf, count);
1320*4882a593Smuzhiyun if (IS_ERR(page))
1321*4882a593Smuzhiyun return PTR_ERR(page);
1322*4882a593Smuzhiyun
1323*4882a593Smuzhiyun mutex_lock(&fsi->state->policy_mutex);
1324*4882a593Smuzhiyun
1325*4882a593Smuzhiyun length = avc_has_perm(&selinux_state,
1326*4882a593Smuzhiyun current_sid(), SECINITSID_SECURITY,
1327*4882a593Smuzhiyun SECCLASS_SECURITY, SECURITY__SETBOOL,
1328*4882a593Smuzhiyun NULL);
1329*4882a593Smuzhiyun if (length)
1330*4882a593Smuzhiyun goto out;
1331*4882a593Smuzhiyun
1332*4882a593Smuzhiyun length = -EINVAL;
1333*4882a593Smuzhiyun if (index >= fsi->bool_num || strcmp(name,
1334*4882a593Smuzhiyun fsi->bool_pending_names[index]))
1335*4882a593Smuzhiyun goto out;
1336*4882a593Smuzhiyun
1337*4882a593Smuzhiyun length = -EINVAL;
1338*4882a593Smuzhiyun if (sscanf(page, "%d", &new_value) != 1)
1339*4882a593Smuzhiyun goto out;
1340*4882a593Smuzhiyun
1341*4882a593Smuzhiyun if (new_value)
1342*4882a593Smuzhiyun new_value = 1;
1343*4882a593Smuzhiyun
1344*4882a593Smuzhiyun fsi->bool_pending_values[index] = new_value;
1345*4882a593Smuzhiyun length = count;
1346*4882a593Smuzhiyun
1347*4882a593Smuzhiyun out:
1348*4882a593Smuzhiyun mutex_unlock(&fsi->state->policy_mutex);
1349*4882a593Smuzhiyun kfree(page);
1350*4882a593Smuzhiyun return length;
1351*4882a593Smuzhiyun }
1352*4882a593Smuzhiyun
1353*4882a593Smuzhiyun static const struct file_operations sel_bool_ops = {
1354*4882a593Smuzhiyun .read = sel_read_bool,
1355*4882a593Smuzhiyun .write = sel_write_bool,
1356*4882a593Smuzhiyun .llseek = generic_file_llseek,
1357*4882a593Smuzhiyun };
1358*4882a593Smuzhiyun
sel_commit_bools_write(struct file * filep,const char __user * buf,size_t count,loff_t * ppos)1359*4882a593Smuzhiyun static ssize_t sel_commit_bools_write(struct file *filep,
1360*4882a593Smuzhiyun const char __user *buf,
1361*4882a593Smuzhiyun size_t count, loff_t *ppos)
1362*4882a593Smuzhiyun {
1363*4882a593Smuzhiyun struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info;
1364*4882a593Smuzhiyun char *page = NULL;
1365*4882a593Smuzhiyun ssize_t length;
1366*4882a593Smuzhiyun int new_value;
1367*4882a593Smuzhiyun
1368*4882a593Smuzhiyun if (count >= PAGE_SIZE)
1369*4882a593Smuzhiyun return -ENOMEM;
1370*4882a593Smuzhiyun
1371*4882a593Smuzhiyun /* No partial writes. */
1372*4882a593Smuzhiyun if (*ppos != 0)
1373*4882a593Smuzhiyun return -EINVAL;
1374*4882a593Smuzhiyun
1375*4882a593Smuzhiyun page = memdup_user_nul(buf, count);
1376*4882a593Smuzhiyun if (IS_ERR(page))
1377*4882a593Smuzhiyun return PTR_ERR(page);
1378*4882a593Smuzhiyun
1379*4882a593Smuzhiyun mutex_lock(&fsi->state->policy_mutex);
1380*4882a593Smuzhiyun
1381*4882a593Smuzhiyun length = avc_has_perm(&selinux_state,
1382*4882a593Smuzhiyun current_sid(), SECINITSID_SECURITY,
1383*4882a593Smuzhiyun SECCLASS_SECURITY, SECURITY__SETBOOL,
1384*4882a593Smuzhiyun NULL);
1385*4882a593Smuzhiyun if (length)
1386*4882a593Smuzhiyun goto out;
1387*4882a593Smuzhiyun
1388*4882a593Smuzhiyun length = -EINVAL;
1389*4882a593Smuzhiyun if (sscanf(page, "%d", &new_value) != 1)
1390*4882a593Smuzhiyun goto out;
1391*4882a593Smuzhiyun
1392*4882a593Smuzhiyun length = 0;
1393*4882a593Smuzhiyun if (new_value && fsi->bool_pending_values)
1394*4882a593Smuzhiyun length = security_set_bools(fsi->state, fsi->bool_num,
1395*4882a593Smuzhiyun fsi->bool_pending_values);
1396*4882a593Smuzhiyun
1397*4882a593Smuzhiyun if (!length)
1398*4882a593Smuzhiyun length = count;
1399*4882a593Smuzhiyun
1400*4882a593Smuzhiyun out:
1401*4882a593Smuzhiyun mutex_unlock(&fsi->state->policy_mutex);
1402*4882a593Smuzhiyun kfree(page);
1403*4882a593Smuzhiyun return length;
1404*4882a593Smuzhiyun }
1405*4882a593Smuzhiyun
1406*4882a593Smuzhiyun static const struct file_operations sel_commit_bools_ops = {
1407*4882a593Smuzhiyun .write = sel_commit_bools_write,
1408*4882a593Smuzhiyun .llseek = generic_file_llseek,
1409*4882a593Smuzhiyun };
1410*4882a593Smuzhiyun
sel_remove_entries(struct dentry * de)1411*4882a593Smuzhiyun static void sel_remove_entries(struct dentry *de)
1412*4882a593Smuzhiyun {
1413*4882a593Smuzhiyun d_genocide(de);
1414*4882a593Smuzhiyun shrink_dcache_parent(de);
1415*4882a593Smuzhiyun }
1416*4882a593Smuzhiyun
sel_make_bools(struct selinux_policy * newpolicy,struct dentry * bool_dir,unsigned int * bool_num,char *** bool_pending_names,unsigned int ** bool_pending_values)1417*4882a593Smuzhiyun static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_dir,
1418*4882a593Smuzhiyun unsigned int *bool_num, char ***bool_pending_names,
1419*4882a593Smuzhiyun unsigned int **bool_pending_values)
1420*4882a593Smuzhiyun {
1421*4882a593Smuzhiyun int ret;
1422*4882a593Smuzhiyun ssize_t len;
1423*4882a593Smuzhiyun struct dentry *dentry = NULL;
1424*4882a593Smuzhiyun struct inode *inode = NULL;
1425*4882a593Smuzhiyun struct inode_security_struct *isec;
1426*4882a593Smuzhiyun char **names = NULL, *page;
1427*4882a593Smuzhiyun u32 i, num;
1428*4882a593Smuzhiyun int *values = NULL;
1429*4882a593Smuzhiyun u32 sid;
1430*4882a593Smuzhiyun
1431*4882a593Smuzhiyun ret = -ENOMEM;
1432*4882a593Smuzhiyun page = (char *)get_zeroed_page(GFP_KERNEL);
1433*4882a593Smuzhiyun if (!page)
1434*4882a593Smuzhiyun goto out;
1435*4882a593Smuzhiyun
1436*4882a593Smuzhiyun ret = security_get_bools(newpolicy, &num, &names, &values);
1437*4882a593Smuzhiyun if (ret)
1438*4882a593Smuzhiyun goto out;
1439*4882a593Smuzhiyun
1440*4882a593Smuzhiyun for (i = 0; i < num; i++) {
1441*4882a593Smuzhiyun ret = -ENOMEM;
1442*4882a593Smuzhiyun dentry = d_alloc_name(bool_dir, names[i]);
1443*4882a593Smuzhiyun if (!dentry)
1444*4882a593Smuzhiyun goto out;
1445*4882a593Smuzhiyun
1446*4882a593Smuzhiyun ret = -ENOMEM;
1447*4882a593Smuzhiyun inode = sel_make_inode(bool_dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR);
1448*4882a593Smuzhiyun if (!inode) {
1449*4882a593Smuzhiyun dput(dentry);
1450*4882a593Smuzhiyun goto out;
1451*4882a593Smuzhiyun }
1452*4882a593Smuzhiyun
1453*4882a593Smuzhiyun ret = -ENAMETOOLONG;
1454*4882a593Smuzhiyun len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]);
1455*4882a593Smuzhiyun if (len >= PAGE_SIZE) {
1456*4882a593Smuzhiyun dput(dentry);
1457*4882a593Smuzhiyun iput(inode);
1458*4882a593Smuzhiyun goto out;
1459*4882a593Smuzhiyun }
1460*4882a593Smuzhiyun
1461*4882a593Smuzhiyun isec = selinux_inode(inode);
1462*4882a593Smuzhiyun ret = selinux_policy_genfs_sid(newpolicy, "selinuxfs", page,
1463*4882a593Smuzhiyun SECCLASS_FILE, &sid);
1464*4882a593Smuzhiyun if (ret) {
1465*4882a593Smuzhiyun pr_warn_ratelimited("SELinux: no sid found, defaulting to security isid for %s\n",
1466*4882a593Smuzhiyun page);
1467*4882a593Smuzhiyun sid = SECINITSID_SECURITY;
1468*4882a593Smuzhiyun }
1469*4882a593Smuzhiyun
1470*4882a593Smuzhiyun isec->sid = sid;
1471*4882a593Smuzhiyun isec->initialized = LABEL_INITIALIZED;
1472*4882a593Smuzhiyun inode->i_fop = &sel_bool_ops;
1473*4882a593Smuzhiyun inode->i_ino = i|SEL_BOOL_INO_OFFSET;
1474*4882a593Smuzhiyun d_add(dentry, inode);
1475*4882a593Smuzhiyun }
1476*4882a593Smuzhiyun *bool_num = num;
1477*4882a593Smuzhiyun *bool_pending_names = names;
1478*4882a593Smuzhiyun *bool_pending_values = values;
1479*4882a593Smuzhiyun
1480*4882a593Smuzhiyun free_page((unsigned long)page);
1481*4882a593Smuzhiyun return 0;
1482*4882a593Smuzhiyun out:
1483*4882a593Smuzhiyun free_page((unsigned long)page);
1484*4882a593Smuzhiyun
1485*4882a593Smuzhiyun if (names) {
1486*4882a593Smuzhiyun for (i = 0; i < num; i++)
1487*4882a593Smuzhiyun kfree(names[i]);
1488*4882a593Smuzhiyun kfree(names);
1489*4882a593Smuzhiyun }
1490*4882a593Smuzhiyun kfree(values);
1491*4882a593Smuzhiyun sel_remove_entries(bool_dir);
1492*4882a593Smuzhiyun
1493*4882a593Smuzhiyun return ret;
1494*4882a593Smuzhiyun }
1495*4882a593Smuzhiyun
sel_read_avc_cache_threshold(struct file * filp,char __user * buf,size_t count,loff_t * ppos)1496*4882a593Smuzhiyun static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf,
1497*4882a593Smuzhiyun size_t count, loff_t *ppos)
1498*4882a593Smuzhiyun {
1499*4882a593Smuzhiyun struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
1500*4882a593Smuzhiyun struct selinux_state *state = fsi->state;
1501*4882a593Smuzhiyun char tmpbuf[TMPBUFLEN];
1502*4882a593Smuzhiyun ssize_t length;
1503*4882a593Smuzhiyun
1504*4882a593Smuzhiyun length = scnprintf(tmpbuf, TMPBUFLEN, "%u",
1505*4882a593Smuzhiyun avc_get_cache_threshold(state->avc));
1506*4882a593Smuzhiyun return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
1507*4882a593Smuzhiyun }
1508*4882a593Smuzhiyun
sel_write_avc_cache_threshold(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1509*4882a593Smuzhiyun static ssize_t sel_write_avc_cache_threshold(struct file *file,
1510*4882a593Smuzhiyun const char __user *buf,
1511*4882a593Smuzhiyun size_t count, loff_t *ppos)
1512*4882a593Smuzhiyun
1513*4882a593Smuzhiyun {
1514*4882a593Smuzhiyun struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
1515*4882a593Smuzhiyun struct selinux_state *state = fsi->state;
1516*4882a593Smuzhiyun char *page;
1517*4882a593Smuzhiyun ssize_t ret;
1518*4882a593Smuzhiyun unsigned int new_value;
1519*4882a593Smuzhiyun
1520*4882a593Smuzhiyun ret = avc_has_perm(&selinux_state,
1521*4882a593Smuzhiyun current_sid(), SECINITSID_SECURITY,
1522*4882a593Smuzhiyun SECCLASS_SECURITY, SECURITY__SETSECPARAM,
1523*4882a593Smuzhiyun NULL);
1524*4882a593Smuzhiyun if (ret)
1525*4882a593Smuzhiyun return ret;
1526*4882a593Smuzhiyun
1527*4882a593Smuzhiyun if (count >= PAGE_SIZE)
1528*4882a593Smuzhiyun return -ENOMEM;
1529*4882a593Smuzhiyun
1530*4882a593Smuzhiyun /* No partial writes. */
1531*4882a593Smuzhiyun if (*ppos != 0)
1532*4882a593Smuzhiyun return -EINVAL;
1533*4882a593Smuzhiyun
1534*4882a593Smuzhiyun page = memdup_user_nul(buf, count);
1535*4882a593Smuzhiyun if (IS_ERR(page))
1536*4882a593Smuzhiyun return PTR_ERR(page);
1537*4882a593Smuzhiyun
1538*4882a593Smuzhiyun ret = -EINVAL;
1539*4882a593Smuzhiyun if (sscanf(page, "%u", &new_value) != 1)
1540*4882a593Smuzhiyun goto out;
1541*4882a593Smuzhiyun
1542*4882a593Smuzhiyun avc_set_cache_threshold(state->avc, new_value);
1543*4882a593Smuzhiyun
1544*4882a593Smuzhiyun ret = count;
1545*4882a593Smuzhiyun out:
1546*4882a593Smuzhiyun kfree(page);
1547*4882a593Smuzhiyun return ret;
1548*4882a593Smuzhiyun }
1549*4882a593Smuzhiyun
sel_read_avc_hash_stats(struct file * filp,char __user * buf,size_t count,loff_t * ppos)1550*4882a593Smuzhiyun static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf,
1551*4882a593Smuzhiyun size_t count, loff_t *ppos)
1552*4882a593Smuzhiyun {
1553*4882a593Smuzhiyun struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
1554*4882a593Smuzhiyun struct selinux_state *state = fsi->state;
1555*4882a593Smuzhiyun char *page;
1556*4882a593Smuzhiyun ssize_t length;
1557*4882a593Smuzhiyun
1558*4882a593Smuzhiyun page = (char *)__get_free_page(GFP_KERNEL);
1559*4882a593Smuzhiyun if (!page)
1560*4882a593Smuzhiyun return -ENOMEM;
1561*4882a593Smuzhiyun
1562*4882a593Smuzhiyun length = avc_get_hash_stats(state->avc, page);
1563*4882a593Smuzhiyun if (length >= 0)
1564*4882a593Smuzhiyun length = simple_read_from_buffer(buf, count, ppos, page, length);
1565*4882a593Smuzhiyun free_page((unsigned long)page);
1566*4882a593Smuzhiyun
1567*4882a593Smuzhiyun return length;
1568*4882a593Smuzhiyun }
1569*4882a593Smuzhiyun
sel_read_sidtab_hash_stats(struct file * filp,char __user * buf,size_t count,loff_t * ppos)1570*4882a593Smuzhiyun static ssize_t sel_read_sidtab_hash_stats(struct file *filp, char __user *buf,
1571*4882a593Smuzhiyun size_t count, loff_t *ppos)
1572*4882a593Smuzhiyun {
1573*4882a593Smuzhiyun struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
1574*4882a593Smuzhiyun struct selinux_state *state = fsi->state;
1575*4882a593Smuzhiyun char *page;
1576*4882a593Smuzhiyun ssize_t length;
1577*4882a593Smuzhiyun
1578*4882a593Smuzhiyun page = (char *)__get_free_page(GFP_KERNEL);
1579*4882a593Smuzhiyun if (!page)
1580*4882a593Smuzhiyun return -ENOMEM;
1581*4882a593Smuzhiyun
1582*4882a593Smuzhiyun length = security_sidtab_hash_stats(state, page);
1583*4882a593Smuzhiyun if (length >= 0)
1584*4882a593Smuzhiyun length = simple_read_from_buffer(buf, count, ppos, page,
1585*4882a593Smuzhiyun length);
1586*4882a593Smuzhiyun free_page((unsigned long)page);
1587*4882a593Smuzhiyun
1588*4882a593Smuzhiyun return length;
1589*4882a593Smuzhiyun }
1590*4882a593Smuzhiyun
1591*4882a593Smuzhiyun static const struct file_operations sel_sidtab_hash_stats_ops = {
1592*4882a593Smuzhiyun .read = sel_read_sidtab_hash_stats,
1593*4882a593Smuzhiyun .llseek = generic_file_llseek,
1594*4882a593Smuzhiyun };
1595*4882a593Smuzhiyun
1596*4882a593Smuzhiyun static const struct file_operations sel_avc_cache_threshold_ops = {
1597*4882a593Smuzhiyun .read = sel_read_avc_cache_threshold,
1598*4882a593Smuzhiyun .write = sel_write_avc_cache_threshold,
1599*4882a593Smuzhiyun .llseek = generic_file_llseek,
1600*4882a593Smuzhiyun };
1601*4882a593Smuzhiyun
1602*4882a593Smuzhiyun static const struct file_operations sel_avc_hash_stats_ops = {
1603*4882a593Smuzhiyun .read = sel_read_avc_hash_stats,
1604*4882a593Smuzhiyun .llseek = generic_file_llseek,
1605*4882a593Smuzhiyun };
1606*4882a593Smuzhiyun
1607*4882a593Smuzhiyun #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
sel_avc_get_stat_idx(loff_t * idx)1608*4882a593Smuzhiyun static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx)
1609*4882a593Smuzhiyun {
1610*4882a593Smuzhiyun int cpu;
1611*4882a593Smuzhiyun
1612*4882a593Smuzhiyun for (cpu = *idx; cpu < nr_cpu_ids; ++cpu) {
1613*4882a593Smuzhiyun if (!cpu_possible(cpu))
1614*4882a593Smuzhiyun continue;
1615*4882a593Smuzhiyun *idx = cpu + 1;
1616*4882a593Smuzhiyun return &per_cpu(avc_cache_stats, cpu);
1617*4882a593Smuzhiyun }
1618*4882a593Smuzhiyun (*idx)++;
1619*4882a593Smuzhiyun return NULL;
1620*4882a593Smuzhiyun }
1621*4882a593Smuzhiyun
sel_avc_stats_seq_start(struct seq_file * seq,loff_t * pos)1622*4882a593Smuzhiyun static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos)
1623*4882a593Smuzhiyun {
1624*4882a593Smuzhiyun loff_t n = *pos - 1;
1625*4882a593Smuzhiyun
1626*4882a593Smuzhiyun if (*pos == 0)
1627*4882a593Smuzhiyun return SEQ_START_TOKEN;
1628*4882a593Smuzhiyun
1629*4882a593Smuzhiyun return sel_avc_get_stat_idx(&n);
1630*4882a593Smuzhiyun }
1631*4882a593Smuzhiyun
sel_avc_stats_seq_next(struct seq_file * seq,void * v,loff_t * pos)1632*4882a593Smuzhiyun static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1633*4882a593Smuzhiyun {
1634*4882a593Smuzhiyun return sel_avc_get_stat_idx(pos);
1635*4882a593Smuzhiyun }
1636*4882a593Smuzhiyun
sel_avc_stats_seq_show(struct seq_file * seq,void * v)1637*4882a593Smuzhiyun static int sel_avc_stats_seq_show(struct seq_file *seq, void *v)
1638*4882a593Smuzhiyun {
1639*4882a593Smuzhiyun struct avc_cache_stats *st = v;
1640*4882a593Smuzhiyun
1641*4882a593Smuzhiyun if (v == SEQ_START_TOKEN) {
1642*4882a593Smuzhiyun seq_puts(seq,
1643*4882a593Smuzhiyun "lookups hits misses allocations reclaims frees\n");
1644*4882a593Smuzhiyun } else {
1645*4882a593Smuzhiyun unsigned int lookups = st->lookups;
1646*4882a593Smuzhiyun unsigned int misses = st->misses;
1647*4882a593Smuzhiyun unsigned int hits = lookups - misses;
1648*4882a593Smuzhiyun seq_printf(seq, "%u %u %u %u %u %u\n", lookups,
1649*4882a593Smuzhiyun hits, misses, st->allocations,
1650*4882a593Smuzhiyun st->reclaims, st->frees);
1651*4882a593Smuzhiyun }
1652*4882a593Smuzhiyun return 0;
1653*4882a593Smuzhiyun }
1654*4882a593Smuzhiyun
sel_avc_stats_seq_stop(struct seq_file * seq,void * v)1655*4882a593Smuzhiyun static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v)
1656*4882a593Smuzhiyun { }
1657*4882a593Smuzhiyun
1658*4882a593Smuzhiyun static const struct seq_operations sel_avc_cache_stats_seq_ops = {
1659*4882a593Smuzhiyun .start = sel_avc_stats_seq_start,
1660*4882a593Smuzhiyun .next = sel_avc_stats_seq_next,
1661*4882a593Smuzhiyun .show = sel_avc_stats_seq_show,
1662*4882a593Smuzhiyun .stop = sel_avc_stats_seq_stop,
1663*4882a593Smuzhiyun };
1664*4882a593Smuzhiyun
sel_open_avc_cache_stats(struct inode * inode,struct file * file)1665*4882a593Smuzhiyun static int sel_open_avc_cache_stats(struct inode *inode, struct file *file)
1666*4882a593Smuzhiyun {
1667*4882a593Smuzhiyun return seq_open(file, &sel_avc_cache_stats_seq_ops);
1668*4882a593Smuzhiyun }
1669*4882a593Smuzhiyun
1670*4882a593Smuzhiyun static const struct file_operations sel_avc_cache_stats_ops = {
1671*4882a593Smuzhiyun .open = sel_open_avc_cache_stats,
1672*4882a593Smuzhiyun .read = seq_read,
1673*4882a593Smuzhiyun .llseek = seq_lseek,
1674*4882a593Smuzhiyun .release = seq_release,
1675*4882a593Smuzhiyun };
1676*4882a593Smuzhiyun #endif
1677*4882a593Smuzhiyun
sel_make_avc_files(struct dentry * dir)1678*4882a593Smuzhiyun static int sel_make_avc_files(struct dentry *dir)
1679*4882a593Smuzhiyun {
1680*4882a593Smuzhiyun struct super_block *sb = dir->d_sb;
1681*4882a593Smuzhiyun struct selinux_fs_info *fsi = sb->s_fs_info;
1682*4882a593Smuzhiyun int i;
1683*4882a593Smuzhiyun static const struct tree_descr files[] = {
1684*4882a593Smuzhiyun { "cache_threshold",
1685*4882a593Smuzhiyun &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR },
1686*4882a593Smuzhiyun { "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO },
1687*4882a593Smuzhiyun #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
1688*4882a593Smuzhiyun { "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO },
1689*4882a593Smuzhiyun #endif
1690*4882a593Smuzhiyun };
1691*4882a593Smuzhiyun
1692*4882a593Smuzhiyun for (i = 0; i < ARRAY_SIZE(files); i++) {
1693*4882a593Smuzhiyun struct inode *inode;
1694*4882a593Smuzhiyun struct dentry *dentry;
1695*4882a593Smuzhiyun
1696*4882a593Smuzhiyun dentry = d_alloc_name(dir, files[i].name);
1697*4882a593Smuzhiyun if (!dentry)
1698*4882a593Smuzhiyun return -ENOMEM;
1699*4882a593Smuzhiyun
1700*4882a593Smuzhiyun inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode);
1701*4882a593Smuzhiyun if (!inode) {
1702*4882a593Smuzhiyun dput(dentry);
1703*4882a593Smuzhiyun return -ENOMEM;
1704*4882a593Smuzhiyun }
1705*4882a593Smuzhiyun
1706*4882a593Smuzhiyun inode->i_fop = files[i].ops;
1707*4882a593Smuzhiyun inode->i_ino = ++fsi->last_ino;
1708*4882a593Smuzhiyun d_add(dentry, inode);
1709*4882a593Smuzhiyun }
1710*4882a593Smuzhiyun
1711*4882a593Smuzhiyun return 0;
1712*4882a593Smuzhiyun }
1713*4882a593Smuzhiyun
sel_make_ss_files(struct dentry * dir)1714*4882a593Smuzhiyun static int sel_make_ss_files(struct dentry *dir)
1715*4882a593Smuzhiyun {
1716*4882a593Smuzhiyun struct super_block *sb = dir->d_sb;
1717*4882a593Smuzhiyun struct selinux_fs_info *fsi = sb->s_fs_info;
1718*4882a593Smuzhiyun int i;
1719*4882a593Smuzhiyun static struct tree_descr files[] = {
1720*4882a593Smuzhiyun { "sidtab_hash_stats", &sel_sidtab_hash_stats_ops, S_IRUGO },
1721*4882a593Smuzhiyun };
1722*4882a593Smuzhiyun
1723*4882a593Smuzhiyun for (i = 0; i < ARRAY_SIZE(files); i++) {
1724*4882a593Smuzhiyun struct inode *inode;
1725*4882a593Smuzhiyun struct dentry *dentry;
1726*4882a593Smuzhiyun
1727*4882a593Smuzhiyun dentry = d_alloc_name(dir, files[i].name);
1728*4882a593Smuzhiyun if (!dentry)
1729*4882a593Smuzhiyun return -ENOMEM;
1730*4882a593Smuzhiyun
1731*4882a593Smuzhiyun inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode);
1732*4882a593Smuzhiyun if (!inode) {
1733*4882a593Smuzhiyun dput(dentry);
1734*4882a593Smuzhiyun return -ENOMEM;
1735*4882a593Smuzhiyun }
1736*4882a593Smuzhiyun
1737*4882a593Smuzhiyun inode->i_fop = files[i].ops;
1738*4882a593Smuzhiyun inode->i_ino = ++fsi->last_ino;
1739*4882a593Smuzhiyun d_add(dentry, inode);
1740*4882a593Smuzhiyun }
1741*4882a593Smuzhiyun
1742*4882a593Smuzhiyun return 0;
1743*4882a593Smuzhiyun }
1744*4882a593Smuzhiyun
sel_read_initcon(struct file * file,char __user * buf,size_t count,loff_t * ppos)1745*4882a593Smuzhiyun static ssize_t sel_read_initcon(struct file *file, char __user *buf,
1746*4882a593Smuzhiyun size_t count, loff_t *ppos)
1747*4882a593Smuzhiyun {
1748*4882a593Smuzhiyun struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
1749*4882a593Smuzhiyun char *con;
1750*4882a593Smuzhiyun u32 sid, len;
1751*4882a593Smuzhiyun ssize_t ret;
1752*4882a593Smuzhiyun
1753*4882a593Smuzhiyun sid = file_inode(file)->i_ino&SEL_INO_MASK;
1754*4882a593Smuzhiyun ret = security_sid_to_context(fsi->state, sid, &con, &len);
1755*4882a593Smuzhiyun if (ret)
1756*4882a593Smuzhiyun return ret;
1757*4882a593Smuzhiyun
1758*4882a593Smuzhiyun ret = simple_read_from_buffer(buf, count, ppos, con, len);
1759*4882a593Smuzhiyun kfree(con);
1760*4882a593Smuzhiyun return ret;
1761*4882a593Smuzhiyun }
1762*4882a593Smuzhiyun
1763*4882a593Smuzhiyun static const struct file_operations sel_initcon_ops = {
1764*4882a593Smuzhiyun .read = sel_read_initcon,
1765*4882a593Smuzhiyun .llseek = generic_file_llseek,
1766*4882a593Smuzhiyun };
1767*4882a593Smuzhiyun
sel_make_initcon_files(struct dentry * dir)1768*4882a593Smuzhiyun static int sel_make_initcon_files(struct dentry *dir)
1769*4882a593Smuzhiyun {
1770*4882a593Smuzhiyun int i;
1771*4882a593Smuzhiyun
1772*4882a593Smuzhiyun for (i = 1; i <= SECINITSID_NUM; i++) {
1773*4882a593Smuzhiyun struct inode *inode;
1774*4882a593Smuzhiyun struct dentry *dentry;
1775*4882a593Smuzhiyun const char *s = security_get_initial_sid_context(i);
1776*4882a593Smuzhiyun
1777*4882a593Smuzhiyun if (!s)
1778*4882a593Smuzhiyun continue;
1779*4882a593Smuzhiyun dentry = d_alloc_name(dir, s);
1780*4882a593Smuzhiyun if (!dentry)
1781*4882a593Smuzhiyun return -ENOMEM;
1782*4882a593Smuzhiyun
1783*4882a593Smuzhiyun inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1784*4882a593Smuzhiyun if (!inode) {
1785*4882a593Smuzhiyun dput(dentry);
1786*4882a593Smuzhiyun return -ENOMEM;
1787*4882a593Smuzhiyun }
1788*4882a593Smuzhiyun
1789*4882a593Smuzhiyun inode->i_fop = &sel_initcon_ops;
1790*4882a593Smuzhiyun inode->i_ino = i|SEL_INITCON_INO_OFFSET;
1791*4882a593Smuzhiyun d_add(dentry, inode);
1792*4882a593Smuzhiyun }
1793*4882a593Smuzhiyun
1794*4882a593Smuzhiyun return 0;
1795*4882a593Smuzhiyun }
1796*4882a593Smuzhiyun
sel_class_to_ino(u16 class)1797*4882a593Smuzhiyun static inline unsigned long sel_class_to_ino(u16 class)
1798*4882a593Smuzhiyun {
1799*4882a593Smuzhiyun return (class * (SEL_VEC_MAX + 1)) | SEL_CLASS_INO_OFFSET;
1800*4882a593Smuzhiyun }
1801*4882a593Smuzhiyun
sel_ino_to_class(unsigned long ino)1802*4882a593Smuzhiyun static inline u16 sel_ino_to_class(unsigned long ino)
1803*4882a593Smuzhiyun {
1804*4882a593Smuzhiyun return (ino & SEL_INO_MASK) / (SEL_VEC_MAX + 1);
1805*4882a593Smuzhiyun }
1806*4882a593Smuzhiyun
sel_perm_to_ino(u16 class,u32 perm)1807*4882a593Smuzhiyun static inline unsigned long sel_perm_to_ino(u16 class, u32 perm)
1808*4882a593Smuzhiyun {
1809*4882a593Smuzhiyun return (class * (SEL_VEC_MAX + 1) + perm) | SEL_CLASS_INO_OFFSET;
1810*4882a593Smuzhiyun }
1811*4882a593Smuzhiyun
sel_ino_to_perm(unsigned long ino)1812*4882a593Smuzhiyun static inline u32 sel_ino_to_perm(unsigned long ino)
1813*4882a593Smuzhiyun {
1814*4882a593Smuzhiyun return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1);
1815*4882a593Smuzhiyun }
1816*4882a593Smuzhiyun
sel_read_class(struct file * file,char __user * buf,size_t count,loff_t * ppos)1817*4882a593Smuzhiyun static ssize_t sel_read_class(struct file *file, char __user *buf,
1818*4882a593Smuzhiyun size_t count, loff_t *ppos)
1819*4882a593Smuzhiyun {
1820*4882a593Smuzhiyun unsigned long ino = file_inode(file)->i_ino;
1821*4882a593Smuzhiyun char res[TMPBUFLEN];
1822*4882a593Smuzhiyun ssize_t len = scnprintf(res, sizeof(res), "%d", sel_ino_to_class(ino));
1823*4882a593Smuzhiyun return simple_read_from_buffer(buf, count, ppos, res, len);
1824*4882a593Smuzhiyun }
1825*4882a593Smuzhiyun
1826*4882a593Smuzhiyun static const struct file_operations sel_class_ops = {
1827*4882a593Smuzhiyun .read = sel_read_class,
1828*4882a593Smuzhiyun .llseek = generic_file_llseek,
1829*4882a593Smuzhiyun };
1830*4882a593Smuzhiyun
sel_read_perm(struct file * file,char __user * buf,size_t count,loff_t * ppos)1831*4882a593Smuzhiyun static ssize_t sel_read_perm(struct file *file, char __user *buf,
1832*4882a593Smuzhiyun size_t count, loff_t *ppos)
1833*4882a593Smuzhiyun {
1834*4882a593Smuzhiyun unsigned long ino = file_inode(file)->i_ino;
1835*4882a593Smuzhiyun char res[TMPBUFLEN];
1836*4882a593Smuzhiyun ssize_t len = scnprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino));
1837*4882a593Smuzhiyun return simple_read_from_buffer(buf, count, ppos, res, len);
1838*4882a593Smuzhiyun }
1839*4882a593Smuzhiyun
1840*4882a593Smuzhiyun static const struct file_operations sel_perm_ops = {
1841*4882a593Smuzhiyun .read = sel_read_perm,
1842*4882a593Smuzhiyun .llseek = generic_file_llseek,
1843*4882a593Smuzhiyun };
1844*4882a593Smuzhiyun
sel_read_policycap(struct file * file,char __user * buf,size_t count,loff_t * ppos)1845*4882a593Smuzhiyun static ssize_t sel_read_policycap(struct file *file, char __user *buf,
1846*4882a593Smuzhiyun size_t count, loff_t *ppos)
1847*4882a593Smuzhiyun {
1848*4882a593Smuzhiyun struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
1849*4882a593Smuzhiyun int value;
1850*4882a593Smuzhiyun char tmpbuf[TMPBUFLEN];
1851*4882a593Smuzhiyun ssize_t length;
1852*4882a593Smuzhiyun unsigned long i_ino = file_inode(file)->i_ino;
1853*4882a593Smuzhiyun
1854*4882a593Smuzhiyun value = security_policycap_supported(fsi->state, i_ino & SEL_INO_MASK);
1855*4882a593Smuzhiyun length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value);
1856*4882a593Smuzhiyun
1857*4882a593Smuzhiyun return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
1858*4882a593Smuzhiyun }
1859*4882a593Smuzhiyun
1860*4882a593Smuzhiyun static const struct file_operations sel_policycap_ops = {
1861*4882a593Smuzhiyun .read = sel_read_policycap,
1862*4882a593Smuzhiyun .llseek = generic_file_llseek,
1863*4882a593Smuzhiyun };
1864*4882a593Smuzhiyun
sel_make_perm_files(struct selinux_policy * newpolicy,char * objclass,int classvalue,struct dentry * dir)1865*4882a593Smuzhiyun static int sel_make_perm_files(struct selinux_policy *newpolicy,
1866*4882a593Smuzhiyun char *objclass, int classvalue,
1867*4882a593Smuzhiyun struct dentry *dir)
1868*4882a593Smuzhiyun {
1869*4882a593Smuzhiyun int i, rc, nperms;
1870*4882a593Smuzhiyun char **perms;
1871*4882a593Smuzhiyun
1872*4882a593Smuzhiyun rc = security_get_permissions(newpolicy, objclass, &perms, &nperms);
1873*4882a593Smuzhiyun if (rc)
1874*4882a593Smuzhiyun return rc;
1875*4882a593Smuzhiyun
1876*4882a593Smuzhiyun for (i = 0; i < nperms; i++) {
1877*4882a593Smuzhiyun struct inode *inode;
1878*4882a593Smuzhiyun struct dentry *dentry;
1879*4882a593Smuzhiyun
1880*4882a593Smuzhiyun rc = -ENOMEM;
1881*4882a593Smuzhiyun dentry = d_alloc_name(dir, perms[i]);
1882*4882a593Smuzhiyun if (!dentry)
1883*4882a593Smuzhiyun goto out;
1884*4882a593Smuzhiyun
1885*4882a593Smuzhiyun rc = -ENOMEM;
1886*4882a593Smuzhiyun inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1887*4882a593Smuzhiyun if (!inode) {
1888*4882a593Smuzhiyun dput(dentry);
1889*4882a593Smuzhiyun goto out;
1890*4882a593Smuzhiyun }
1891*4882a593Smuzhiyun
1892*4882a593Smuzhiyun inode->i_fop = &sel_perm_ops;
1893*4882a593Smuzhiyun /* i+1 since perm values are 1-indexed */
1894*4882a593Smuzhiyun inode->i_ino = sel_perm_to_ino(classvalue, i + 1);
1895*4882a593Smuzhiyun d_add(dentry, inode);
1896*4882a593Smuzhiyun }
1897*4882a593Smuzhiyun rc = 0;
1898*4882a593Smuzhiyun out:
1899*4882a593Smuzhiyun for (i = 0; i < nperms; i++)
1900*4882a593Smuzhiyun kfree(perms[i]);
1901*4882a593Smuzhiyun kfree(perms);
1902*4882a593Smuzhiyun return rc;
1903*4882a593Smuzhiyun }
1904*4882a593Smuzhiyun
sel_make_class_dir_entries(struct selinux_policy * newpolicy,char * classname,int index,struct dentry * dir)1905*4882a593Smuzhiyun static int sel_make_class_dir_entries(struct selinux_policy *newpolicy,
1906*4882a593Smuzhiyun char *classname, int index,
1907*4882a593Smuzhiyun struct dentry *dir)
1908*4882a593Smuzhiyun {
1909*4882a593Smuzhiyun struct super_block *sb = dir->d_sb;
1910*4882a593Smuzhiyun struct selinux_fs_info *fsi = sb->s_fs_info;
1911*4882a593Smuzhiyun struct dentry *dentry = NULL;
1912*4882a593Smuzhiyun struct inode *inode = NULL;
1913*4882a593Smuzhiyun int rc;
1914*4882a593Smuzhiyun
1915*4882a593Smuzhiyun dentry = d_alloc_name(dir, "index");
1916*4882a593Smuzhiyun if (!dentry)
1917*4882a593Smuzhiyun return -ENOMEM;
1918*4882a593Smuzhiyun
1919*4882a593Smuzhiyun inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1920*4882a593Smuzhiyun if (!inode) {
1921*4882a593Smuzhiyun dput(dentry);
1922*4882a593Smuzhiyun return -ENOMEM;
1923*4882a593Smuzhiyun }
1924*4882a593Smuzhiyun
1925*4882a593Smuzhiyun inode->i_fop = &sel_class_ops;
1926*4882a593Smuzhiyun inode->i_ino = sel_class_to_ino(index);
1927*4882a593Smuzhiyun d_add(dentry, inode);
1928*4882a593Smuzhiyun
1929*4882a593Smuzhiyun dentry = sel_make_dir(dir, "perms", &fsi->last_class_ino);
1930*4882a593Smuzhiyun if (IS_ERR(dentry))
1931*4882a593Smuzhiyun return PTR_ERR(dentry);
1932*4882a593Smuzhiyun
1933*4882a593Smuzhiyun rc = sel_make_perm_files(newpolicy, classname, index, dentry);
1934*4882a593Smuzhiyun
1935*4882a593Smuzhiyun return rc;
1936*4882a593Smuzhiyun }
1937*4882a593Smuzhiyun
sel_make_classes(struct selinux_policy * newpolicy,struct dentry * class_dir,unsigned long * last_class_ino)1938*4882a593Smuzhiyun static int sel_make_classes(struct selinux_policy *newpolicy,
1939*4882a593Smuzhiyun struct dentry *class_dir,
1940*4882a593Smuzhiyun unsigned long *last_class_ino)
1941*4882a593Smuzhiyun {
1942*4882a593Smuzhiyun
1943*4882a593Smuzhiyun int rc, nclasses, i;
1944*4882a593Smuzhiyun char **classes;
1945*4882a593Smuzhiyun
1946*4882a593Smuzhiyun rc = security_get_classes(newpolicy, &classes, &nclasses);
1947*4882a593Smuzhiyun if (rc)
1948*4882a593Smuzhiyun return rc;
1949*4882a593Smuzhiyun
1950*4882a593Smuzhiyun /* +2 since classes are 1-indexed */
1951*4882a593Smuzhiyun *last_class_ino = sel_class_to_ino(nclasses + 2);
1952*4882a593Smuzhiyun
1953*4882a593Smuzhiyun for (i = 0; i < nclasses; i++) {
1954*4882a593Smuzhiyun struct dentry *class_name_dir;
1955*4882a593Smuzhiyun
1956*4882a593Smuzhiyun class_name_dir = sel_make_dir(class_dir, classes[i],
1957*4882a593Smuzhiyun last_class_ino);
1958*4882a593Smuzhiyun if (IS_ERR(class_name_dir)) {
1959*4882a593Smuzhiyun rc = PTR_ERR(class_name_dir);
1960*4882a593Smuzhiyun goto out;
1961*4882a593Smuzhiyun }
1962*4882a593Smuzhiyun
1963*4882a593Smuzhiyun /* i+1 since class values are 1-indexed */
1964*4882a593Smuzhiyun rc = sel_make_class_dir_entries(newpolicy, classes[i], i + 1,
1965*4882a593Smuzhiyun class_name_dir);
1966*4882a593Smuzhiyun if (rc)
1967*4882a593Smuzhiyun goto out;
1968*4882a593Smuzhiyun }
1969*4882a593Smuzhiyun rc = 0;
1970*4882a593Smuzhiyun out:
1971*4882a593Smuzhiyun for (i = 0; i < nclasses; i++)
1972*4882a593Smuzhiyun kfree(classes[i]);
1973*4882a593Smuzhiyun kfree(classes);
1974*4882a593Smuzhiyun return rc;
1975*4882a593Smuzhiyun }
1976*4882a593Smuzhiyun
sel_make_policycap(struct selinux_fs_info * fsi)1977*4882a593Smuzhiyun static int sel_make_policycap(struct selinux_fs_info *fsi)
1978*4882a593Smuzhiyun {
1979*4882a593Smuzhiyun unsigned int iter;
1980*4882a593Smuzhiyun struct dentry *dentry = NULL;
1981*4882a593Smuzhiyun struct inode *inode = NULL;
1982*4882a593Smuzhiyun
1983*4882a593Smuzhiyun for (iter = 0; iter <= POLICYDB_CAPABILITY_MAX; iter++) {
1984*4882a593Smuzhiyun if (iter < ARRAY_SIZE(selinux_policycap_names))
1985*4882a593Smuzhiyun dentry = d_alloc_name(fsi->policycap_dir,
1986*4882a593Smuzhiyun selinux_policycap_names[iter]);
1987*4882a593Smuzhiyun else
1988*4882a593Smuzhiyun dentry = d_alloc_name(fsi->policycap_dir, "unknown");
1989*4882a593Smuzhiyun
1990*4882a593Smuzhiyun if (dentry == NULL)
1991*4882a593Smuzhiyun return -ENOMEM;
1992*4882a593Smuzhiyun
1993*4882a593Smuzhiyun inode = sel_make_inode(fsi->sb, S_IFREG | 0444);
1994*4882a593Smuzhiyun if (inode == NULL) {
1995*4882a593Smuzhiyun dput(dentry);
1996*4882a593Smuzhiyun return -ENOMEM;
1997*4882a593Smuzhiyun }
1998*4882a593Smuzhiyun
1999*4882a593Smuzhiyun inode->i_fop = &sel_policycap_ops;
2000*4882a593Smuzhiyun inode->i_ino = iter | SEL_POLICYCAP_INO_OFFSET;
2001*4882a593Smuzhiyun d_add(dentry, inode);
2002*4882a593Smuzhiyun }
2003*4882a593Smuzhiyun
2004*4882a593Smuzhiyun return 0;
2005*4882a593Smuzhiyun }
2006*4882a593Smuzhiyun
sel_make_dir(struct dentry * dir,const char * name,unsigned long * ino)2007*4882a593Smuzhiyun static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
2008*4882a593Smuzhiyun unsigned long *ino)
2009*4882a593Smuzhiyun {
2010*4882a593Smuzhiyun struct dentry *dentry = d_alloc_name(dir, name);
2011*4882a593Smuzhiyun struct inode *inode;
2012*4882a593Smuzhiyun
2013*4882a593Smuzhiyun if (!dentry)
2014*4882a593Smuzhiyun return ERR_PTR(-ENOMEM);
2015*4882a593Smuzhiyun
2016*4882a593Smuzhiyun inode = sel_make_inode(dir->d_sb, S_IFDIR | S_IRUGO | S_IXUGO);
2017*4882a593Smuzhiyun if (!inode) {
2018*4882a593Smuzhiyun dput(dentry);
2019*4882a593Smuzhiyun return ERR_PTR(-ENOMEM);
2020*4882a593Smuzhiyun }
2021*4882a593Smuzhiyun
2022*4882a593Smuzhiyun inode->i_op = &simple_dir_inode_operations;
2023*4882a593Smuzhiyun inode->i_fop = &simple_dir_operations;
2024*4882a593Smuzhiyun inode->i_ino = ++(*ino);
2025*4882a593Smuzhiyun /* directory inodes start off with i_nlink == 2 (for "." entry) */
2026*4882a593Smuzhiyun inc_nlink(inode);
2027*4882a593Smuzhiyun d_add(dentry, inode);
2028*4882a593Smuzhiyun /* bump link count on parent directory, too */
2029*4882a593Smuzhiyun inc_nlink(d_inode(dir));
2030*4882a593Smuzhiyun
2031*4882a593Smuzhiyun return dentry;
2032*4882a593Smuzhiyun }
2033*4882a593Smuzhiyun
sel_make_disconnected_dir(struct super_block * sb,unsigned long * ino)2034*4882a593Smuzhiyun static struct dentry *sel_make_disconnected_dir(struct super_block *sb,
2035*4882a593Smuzhiyun unsigned long *ino)
2036*4882a593Smuzhiyun {
2037*4882a593Smuzhiyun struct inode *inode = sel_make_inode(sb, S_IFDIR | S_IRUGO | S_IXUGO);
2038*4882a593Smuzhiyun
2039*4882a593Smuzhiyun if (!inode)
2040*4882a593Smuzhiyun return ERR_PTR(-ENOMEM);
2041*4882a593Smuzhiyun
2042*4882a593Smuzhiyun inode->i_op = &simple_dir_inode_operations;
2043*4882a593Smuzhiyun inode->i_fop = &simple_dir_operations;
2044*4882a593Smuzhiyun inode->i_ino = ++(*ino);
2045*4882a593Smuzhiyun /* directory inodes start off with i_nlink == 2 (for "." entry) */
2046*4882a593Smuzhiyun inc_nlink(inode);
2047*4882a593Smuzhiyun return d_obtain_alias(inode);
2048*4882a593Smuzhiyun }
2049*4882a593Smuzhiyun
2050*4882a593Smuzhiyun #define NULL_FILE_NAME "null"
2051*4882a593Smuzhiyun
sel_fill_super(struct super_block * sb,struct fs_context * fc)2052*4882a593Smuzhiyun static int sel_fill_super(struct super_block *sb, struct fs_context *fc)
2053*4882a593Smuzhiyun {
2054*4882a593Smuzhiyun struct selinux_fs_info *fsi;
2055*4882a593Smuzhiyun int ret;
2056*4882a593Smuzhiyun struct dentry *dentry;
2057*4882a593Smuzhiyun struct inode *inode;
2058*4882a593Smuzhiyun struct inode_security_struct *isec;
2059*4882a593Smuzhiyun
2060*4882a593Smuzhiyun static const struct tree_descr selinux_files[] = {
2061*4882a593Smuzhiyun [SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR},
2062*4882a593Smuzhiyun [SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR},
2063*4882a593Smuzhiyun [SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO},
2064*4882a593Smuzhiyun [SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO},
2065*4882a593Smuzhiyun [SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO},
2066*4882a593Smuzhiyun [SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO},
2067*4882a593Smuzhiyun [SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO},
2068*4882a593Smuzhiyun [SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO},
2069*4882a593Smuzhiyun [SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR},
2070*4882a593Smuzhiyun [SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO},
2071*4882a593Smuzhiyun [SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR},
2072*4882a593Smuzhiyun [SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO},
2073*4882a593Smuzhiyun [SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR},
2074*4882a593Smuzhiyun [SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO},
2075*4882a593Smuzhiyun [SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO},
2076*4882a593Smuzhiyun [SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO},
2077*4882a593Smuzhiyun [SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO},
2078*4882a593Smuzhiyun [SEL_VALIDATE_TRANS] = {"validatetrans", &sel_transition_ops,
2079*4882a593Smuzhiyun S_IWUGO},
2080*4882a593Smuzhiyun /* last one */ {""}
2081*4882a593Smuzhiyun };
2082*4882a593Smuzhiyun
2083*4882a593Smuzhiyun ret = selinux_fs_info_create(sb);
2084*4882a593Smuzhiyun if (ret)
2085*4882a593Smuzhiyun goto err;
2086*4882a593Smuzhiyun
2087*4882a593Smuzhiyun ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);
2088*4882a593Smuzhiyun if (ret)
2089*4882a593Smuzhiyun goto err;
2090*4882a593Smuzhiyun
2091*4882a593Smuzhiyun fsi = sb->s_fs_info;
2092*4882a593Smuzhiyun fsi->bool_dir = sel_make_dir(sb->s_root, BOOL_DIR_NAME, &fsi->last_ino);
2093*4882a593Smuzhiyun if (IS_ERR(fsi->bool_dir)) {
2094*4882a593Smuzhiyun ret = PTR_ERR(fsi->bool_dir);
2095*4882a593Smuzhiyun fsi->bool_dir = NULL;
2096*4882a593Smuzhiyun goto err;
2097*4882a593Smuzhiyun }
2098*4882a593Smuzhiyun
2099*4882a593Smuzhiyun ret = -ENOMEM;
2100*4882a593Smuzhiyun dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME);
2101*4882a593Smuzhiyun if (!dentry)
2102*4882a593Smuzhiyun goto err;
2103*4882a593Smuzhiyun
2104*4882a593Smuzhiyun ret = -ENOMEM;
2105*4882a593Smuzhiyun inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO);
2106*4882a593Smuzhiyun if (!inode) {
2107*4882a593Smuzhiyun dput(dentry);
2108*4882a593Smuzhiyun goto err;
2109*4882a593Smuzhiyun }
2110*4882a593Smuzhiyun
2111*4882a593Smuzhiyun inode->i_ino = ++fsi->last_ino;
2112*4882a593Smuzhiyun isec = selinux_inode(inode);
2113*4882a593Smuzhiyun isec->sid = SECINITSID_DEVNULL;
2114*4882a593Smuzhiyun isec->sclass = SECCLASS_CHR_FILE;
2115*4882a593Smuzhiyun isec->initialized = LABEL_INITIALIZED;
2116*4882a593Smuzhiyun
2117*4882a593Smuzhiyun init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3));
2118*4882a593Smuzhiyun d_add(dentry, inode);
2119*4882a593Smuzhiyun
2120*4882a593Smuzhiyun dentry = sel_make_dir(sb->s_root, "avc", &fsi->last_ino);
2121*4882a593Smuzhiyun if (IS_ERR(dentry)) {
2122*4882a593Smuzhiyun ret = PTR_ERR(dentry);
2123*4882a593Smuzhiyun goto err;
2124*4882a593Smuzhiyun }
2125*4882a593Smuzhiyun
2126*4882a593Smuzhiyun ret = sel_make_avc_files(dentry);
2127*4882a593Smuzhiyun if (ret)
2128*4882a593Smuzhiyun goto err;
2129*4882a593Smuzhiyun
2130*4882a593Smuzhiyun dentry = sel_make_dir(sb->s_root, "ss", &fsi->last_ino);
2131*4882a593Smuzhiyun if (IS_ERR(dentry)) {
2132*4882a593Smuzhiyun ret = PTR_ERR(dentry);
2133*4882a593Smuzhiyun goto err;
2134*4882a593Smuzhiyun }
2135*4882a593Smuzhiyun
2136*4882a593Smuzhiyun ret = sel_make_ss_files(dentry);
2137*4882a593Smuzhiyun if (ret)
2138*4882a593Smuzhiyun goto err;
2139*4882a593Smuzhiyun
2140*4882a593Smuzhiyun dentry = sel_make_dir(sb->s_root, "initial_contexts", &fsi->last_ino);
2141*4882a593Smuzhiyun if (IS_ERR(dentry)) {
2142*4882a593Smuzhiyun ret = PTR_ERR(dentry);
2143*4882a593Smuzhiyun goto err;
2144*4882a593Smuzhiyun }
2145*4882a593Smuzhiyun
2146*4882a593Smuzhiyun ret = sel_make_initcon_files(dentry);
2147*4882a593Smuzhiyun if (ret)
2148*4882a593Smuzhiyun goto err;
2149*4882a593Smuzhiyun
2150*4882a593Smuzhiyun fsi->class_dir = sel_make_dir(sb->s_root, CLASS_DIR_NAME, &fsi->last_ino);
2151*4882a593Smuzhiyun if (IS_ERR(fsi->class_dir)) {
2152*4882a593Smuzhiyun ret = PTR_ERR(fsi->class_dir);
2153*4882a593Smuzhiyun fsi->class_dir = NULL;
2154*4882a593Smuzhiyun goto err;
2155*4882a593Smuzhiyun }
2156*4882a593Smuzhiyun
2157*4882a593Smuzhiyun fsi->policycap_dir = sel_make_dir(sb->s_root, POLICYCAP_DIR_NAME,
2158*4882a593Smuzhiyun &fsi->last_ino);
2159*4882a593Smuzhiyun if (IS_ERR(fsi->policycap_dir)) {
2160*4882a593Smuzhiyun ret = PTR_ERR(fsi->policycap_dir);
2161*4882a593Smuzhiyun fsi->policycap_dir = NULL;
2162*4882a593Smuzhiyun goto err;
2163*4882a593Smuzhiyun }
2164*4882a593Smuzhiyun
2165*4882a593Smuzhiyun ret = sel_make_policycap(fsi);
2166*4882a593Smuzhiyun if (ret) {
2167*4882a593Smuzhiyun pr_err("SELinux: failed to load policy capabilities\n");
2168*4882a593Smuzhiyun goto err;
2169*4882a593Smuzhiyun }
2170*4882a593Smuzhiyun
2171*4882a593Smuzhiyun return 0;
2172*4882a593Smuzhiyun err:
2173*4882a593Smuzhiyun pr_err("SELinux: %s: failed while creating inodes\n",
2174*4882a593Smuzhiyun __func__);
2175*4882a593Smuzhiyun
2176*4882a593Smuzhiyun selinux_fs_info_free(sb);
2177*4882a593Smuzhiyun
2178*4882a593Smuzhiyun return ret;
2179*4882a593Smuzhiyun }
2180*4882a593Smuzhiyun
sel_get_tree(struct fs_context * fc)2181*4882a593Smuzhiyun static int sel_get_tree(struct fs_context *fc)
2182*4882a593Smuzhiyun {
2183*4882a593Smuzhiyun return get_tree_single(fc, sel_fill_super);
2184*4882a593Smuzhiyun }
2185*4882a593Smuzhiyun
2186*4882a593Smuzhiyun static const struct fs_context_operations sel_context_ops = {
2187*4882a593Smuzhiyun .get_tree = sel_get_tree,
2188*4882a593Smuzhiyun };
2189*4882a593Smuzhiyun
sel_init_fs_context(struct fs_context * fc)2190*4882a593Smuzhiyun static int sel_init_fs_context(struct fs_context *fc)
2191*4882a593Smuzhiyun {
2192*4882a593Smuzhiyun fc->ops = &sel_context_ops;
2193*4882a593Smuzhiyun return 0;
2194*4882a593Smuzhiyun }
2195*4882a593Smuzhiyun
sel_kill_sb(struct super_block * sb)2196*4882a593Smuzhiyun static void sel_kill_sb(struct super_block *sb)
2197*4882a593Smuzhiyun {
2198*4882a593Smuzhiyun selinux_fs_info_free(sb);
2199*4882a593Smuzhiyun kill_litter_super(sb);
2200*4882a593Smuzhiyun }
2201*4882a593Smuzhiyun
2202*4882a593Smuzhiyun static struct file_system_type sel_fs_type = {
2203*4882a593Smuzhiyun .name = "selinuxfs",
2204*4882a593Smuzhiyun .init_fs_context = sel_init_fs_context,
2205*4882a593Smuzhiyun .kill_sb = sel_kill_sb,
2206*4882a593Smuzhiyun };
2207*4882a593Smuzhiyun
2208*4882a593Smuzhiyun struct vfsmount *selinuxfs_mount;
2209*4882a593Smuzhiyun struct path selinux_null;
2210*4882a593Smuzhiyun
init_sel_fs(void)2211*4882a593Smuzhiyun static int __init init_sel_fs(void)
2212*4882a593Smuzhiyun {
2213*4882a593Smuzhiyun struct qstr null_name = QSTR_INIT(NULL_FILE_NAME,
2214*4882a593Smuzhiyun sizeof(NULL_FILE_NAME)-1);
2215*4882a593Smuzhiyun int err;
2216*4882a593Smuzhiyun
2217*4882a593Smuzhiyun if (!selinux_enabled_boot)
2218*4882a593Smuzhiyun return 0;
2219*4882a593Smuzhiyun
2220*4882a593Smuzhiyun err = sysfs_create_mount_point(fs_kobj, "selinux");
2221*4882a593Smuzhiyun if (err)
2222*4882a593Smuzhiyun return err;
2223*4882a593Smuzhiyun
2224*4882a593Smuzhiyun err = register_filesystem(&sel_fs_type);
2225*4882a593Smuzhiyun if (err) {
2226*4882a593Smuzhiyun sysfs_remove_mount_point(fs_kobj, "selinux");
2227*4882a593Smuzhiyun return err;
2228*4882a593Smuzhiyun }
2229*4882a593Smuzhiyun
2230*4882a593Smuzhiyun selinux_null.mnt = selinuxfs_mount = kern_mount(&sel_fs_type);
2231*4882a593Smuzhiyun if (IS_ERR(selinuxfs_mount)) {
2232*4882a593Smuzhiyun pr_err("selinuxfs: could not mount!\n");
2233*4882a593Smuzhiyun err = PTR_ERR(selinuxfs_mount);
2234*4882a593Smuzhiyun selinuxfs_mount = NULL;
2235*4882a593Smuzhiyun }
2236*4882a593Smuzhiyun selinux_null.dentry = d_hash_and_lookup(selinux_null.mnt->mnt_root,
2237*4882a593Smuzhiyun &null_name);
2238*4882a593Smuzhiyun if (IS_ERR(selinux_null.dentry)) {
2239*4882a593Smuzhiyun pr_err("selinuxfs: could not lookup null!\n");
2240*4882a593Smuzhiyun err = PTR_ERR(selinux_null.dentry);
2241*4882a593Smuzhiyun selinux_null.dentry = NULL;
2242*4882a593Smuzhiyun }
2243*4882a593Smuzhiyun
2244*4882a593Smuzhiyun return err;
2245*4882a593Smuzhiyun }
2246*4882a593Smuzhiyun
2247*4882a593Smuzhiyun __initcall(init_sel_fs);
2248*4882a593Smuzhiyun
2249*4882a593Smuzhiyun #ifdef CONFIG_SECURITY_SELINUX_DISABLE
exit_sel_fs(void)2250*4882a593Smuzhiyun void exit_sel_fs(void)
2251*4882a593Smuzhiyun {
2252*4882a593Smuzhiyun sysfs_remove_mount_point(fs_kobj, "selinux");
2253*4882a593Smuzhiyun dput(selinux_null.dentry);
2254*4882a593Smuzhiyun kern_unmount(selinuxfs_mount);
2255*4882a593Smuzhiyun unregister_filesystem(&sel_fs_type);
2256*4882a593Smuzhiyun }
2257*4882a593Smuzhiyun #endif
2258