^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * NSA Security-Enhanced Linux (SELinux) security module
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * This file contains the SELinux hook function implementations.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) * Authors: Stephen Smalley, <sds@tycho.nsa.gov>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) * Chris Vance, <cvance@nai.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) * Wayne Salamon, <wsalamon@nai.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) * James Morris <jmorris@redhat.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) * Copyright (C) 2001,2002 Networks Associates Technology, Inc.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) * Copyright (C) 2003-2008 Red Hat, Inc., James Morris <jmorris@redhat.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) * Eric Paris <eparis@redhat.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) * <dgoeddel@trustedcs.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) * Copyright (C) 2006, 2007, 2009 Hewlett-Packard Development Company, L.P.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) * Paul Moore <paul@paul-moore.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) * Copyright (C) 2007 Hitachi Software Engineering Co., Ltd.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) * Yuichi Nakamura <ynakam@hitachisoft.jp>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) * Copyright (C) 2016 Mellanox Technologies
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) #include <linux/init.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) #include <linux/kd.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) #include <linux/kernel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) #include <linux/kernel_read_file.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) #include <linux/tracehook.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) #include <linux/errno.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) #include <linux/sched/signal.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) #include <linux/sched/task.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) #include <linux/lsm_hooks.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) #include <linux/xattr.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) #include <linux/capability.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) #include <linux/unistd.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) #include <linux/mm.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) #include <linux/mman.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) #include <linux/pagemap.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) #include <linux/proc_fs.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) #include <linux/swap.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) #include <linux/spinlock.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) #include <linux/syscalls.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) #include <linux/dcache.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) #include <linux/file.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) #include <linux/fdtable.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) #include <linux/namei.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) #include <linux/mount.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) #include <linux/fs_context.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) #include <linux/fs_parser.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) #include <linux/netfilter_ipv4.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) #include <linux/netfilter_ipv6.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) #include <linux/tty.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) #include <net/icmp.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) #include <net/ip.h> /* for local_port_range[] */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) #include <net/tcp.h> /* struct or_callable used in sock_rcv_skb */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) #include <net/inet_connection_sock.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) #include <net/net_namespace.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) #include <net/netlabel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) #include <linux/uaccess.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) #include <asm/ioctls.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) #include <linux/atomic.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) #include <linux/bitops.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) #include <linux/interrupt.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) #include <linux/netdevice.h> /* for network interface checks */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) #include <net/netlink.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) #include <linux/tcp.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) #include <linux/udp.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) #include <linux/dccp.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) #include <linux/sctp.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) #include <net/sctp/structs.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) #include <linux/quota.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) #include <linux/un.h> /* for Unix socket types */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) #include <net/af_unix.h> /* for Unix socket types */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) #include <linux/parser.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) #include <linux/nfs_mount.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) #include <net/ipv6.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) #include <linux/hugetlb.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) #include <linux/personality.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) #include <linux/audit.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) #include <linux/string.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) #include <linux/mutex.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) #include <linux/posix-timers.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) #include <linux/syslog.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) #include <linux/user_namespace.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) #include <linux/export.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) #include <linux/msg.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) #include <linux/shm.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) #include <linux/bpf.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) #include <linux/kernfs.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) #include <linux/stringhash.h> /* for hashlen_string() */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) #include <uapi/linux/mount.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) #include <linux/fsnotify.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) #include <linux/fanotify.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) #include "avc.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) #include "objsec.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) #include "netif.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) #include "netnode.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) #include "netport.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) #include "ibpkey.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) #include "xfrm.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) #include "netlabel.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) #include "audit.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) #include "avc_ss.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) struct selinux_state selinux_state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) /* SECMARK reference count */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) static int selinux_enforcing_boot __initdata;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) static int __init enforcing_setup(char *str)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) unsigned long enforcing;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) if (!kstrtoul(str, 0, &enforcing))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) selinux_enforcing_boot = enforcing ? 1 : 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) __setup("enforcing=", enforcing_setup);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) #define selinux_enforcing_boot 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) int selinux_enabled_boot __initdata = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) #ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) static int __init selinux_enabled_setup(char *str)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) unsigned long enabled;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) if (!kstrtoul(str, 0, &enabled))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) selinux_enabled_boot = enabled ? 1 : 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) __setup("selinux=", selinux_enabled_setup);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) static unsigned int selinux_checkreqprot_boot =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) static int __init checkreqprot_setup(char *str)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) unsigned long checkreqprot;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) if (!kstrtoul(str, 0, &checkreqprot)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) selinux_checkreqprot_boot = checkreqprot ? 1 : 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) if (checkreqprot)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) pr_warn("SELinux: checkreqprot set to 1 via kernel parameter. This is deprecated and will be rejected in a future kernel release.\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) __setup("checkreqprot=", checkreqprot_setup);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) * selinux_secmark_enabled - Check to see if SECMARK is currently enabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) * This function checks the SECMARK reference counter to see if any SECMARK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) * targets are currently configured, if the reference counter is greater than
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) * zero SECMARK is considered to be enabled. Returns true (1) if SECMARK is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) * enabled, false (0) if SECMARK is disabled. If the always_check_network
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) * policy capability is enabled, SECMARK is always considered enabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) static int selinux_secmark_enabled(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) return (selinux_policycap_alwaysnetwork() ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) atomic_read(&selinux_secmark_refcount));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) * selinux_peerlbl_enabled - Check to see if peer labeling is currently enabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) * This function checks if NetLabel or labeled IPSEC is enabled. Returns true
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) * (1) if any are enabled or false (0) if neither are enabled. If the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) * always_check_network policy capability is enabled, peer labeling
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) * is always considered enabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) static int selinux_peerlbl_enabled(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) return (selinux_policycap_alwaysnetwork() ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) netlbl_enabled() || selinux_xfrm_enabled());
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) static int selinux_netcache_avc_callback(u32 event)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) if (event == AVC_CALLBACK_RESET) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) sel_netif_flush();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) sel_netnode_flush();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) sel_netport_flush();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) synchronize_net();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) static int selinux_lsm_notifier_avc_callback(u32 event)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) if (event == AVC_CALLBACK_RESET) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) sel_ib_pkey_flush();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) call_blocking_lsm_notifier(LSM_POLICY_CHANGE, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) * initialise the security for the init task
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) static void cred_init_security(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) struct cred *cred = (struct cred *) current->real_cred;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) struct task_security_struct *tsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) tsec = selinux_cred(cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) tsec->osid = tsec->sid = SECINITSID_KERNEL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) * get the security ID of a set of credentials
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) static inline u32 cred_sid(const struct cred *cred)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) const struct task_security_struct *tsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) tsec = selinux_cred(cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) return tsec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) * get the objective security ID of a task
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) static inline u32 task_sid(const struct task_struct *task)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) u32 sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) sid = cred_sid(__task_cred(task));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) return sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) * Try reloading inode security labels that have been marked as invalid. The
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) * @may_sleep parameter indicates when sleeping and thus reloading labels is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) * allowed; when set to false, returns -ECHILD when the label is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) * invalid. The @dentry parameter should be set to a dentry of the inode.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) static int __inode_security_revalidate(struct inode *inode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) struct dentry *dentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) bool may_sleep)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) struct inode_security_struct *isec = selinux_inode(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) might_sleep_if(may_sleep);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) if (selinux_initialized(&selinux_state) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) isec->initialized != LABEL_INITIALIZED) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) if (!may_sleep)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) return -ECHILD;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) * Try reloading the inode security label. This will fail if
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) * @opt_dentry is NULL and no dentry for this inode can be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) * found; in that case, continue using the old label.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) inode_doinit_with_dentry(inode, dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) static struct inode_security_struct *inode_security_novalidate(struct inode *inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) return selinux_inode(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) static struct inode_security_struct *inode_security_rcu(struct inode *inode, bool rcu)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) int error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) error = __inode_security_revalidate(inode, NULL, !rcu);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) if (error)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) return ERR_PTR(error);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) return selinux_inode(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) * Get the security label of an inode.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) static struct inode_security_struct *inode_security(struct inode *inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) __inode_security_revalidate(inode, NULL, true);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) return selinux_inode(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) static struct inode_security_struct *backing_inode_security_novalidate(struct dentry *dentry)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) struct inode *inode = d_backing_inode(dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) return selinux_inode(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) * Get the security label of a dentry's backing inode.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) static struct inode_security_struct *backing_inode_security(struct dentry *dentry)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) struct inode *inode = d_backing_inode(dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) __inode_security_revalidate(inode, dentry, true);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) return selinux_inode(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) static void inode_free_security(struct inode *inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) struct inode_security_struct *isec = selinux_inode(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) struct superblock_security_struct *sbsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) if (!isec)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) sbsec = inode->i_sb->s_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) * As not all inode security structures are in a list, we check for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) * empty list outside of the lock to make sure that we won't waste
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) * time taking a lock doing nothing.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) * The list_del_init() function can be safely called more than once.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) * It should not be possible for this function to be called with
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) * concurrent list_add(), but for better safety against future changes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) * in the code, we use list_empty_careful() here.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) if (!list_empty_careful(&isec->list)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) spin_lock(&sbsec->isec_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) list_del_init(&isec->list);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) spin_unlock(&sbsec->isec_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) static void superblock_free_security(struct super_block *sb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) struct superblock_security_struct *sbsec = sb->s_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) sb->s_security = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) kfree(sbsec);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350) struct selinux_mnt_opts {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) const char *fscontext, *context, *rootcontext, *defcontext;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) static void selinux_free_mnt_opts(void *mnt_opts)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) struct selinux_mnt_opts *opts = mnt_opts;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) kfree(opts->fscontext);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) kfree(opts->context);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) kfree(opts->rootcontext);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) kfree(opts->defcontext);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) kfree(opts);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) enum {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) Opt_error = -1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) Opt_context = 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) Opt_defcontext = 1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) Opt_fscontext = 2,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) Opt_rootcontext = 3,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370) Opt_seclabel = 4,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) #define A(s, has_arg) {#s, sizeof(#s) - 1, Opt_##s, has_arg}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) static struct {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) const char *name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) int len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) int opt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) bool has_arg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) } tokens[] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) A(context, true),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) A(fscontext, true),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) A(defcontext, true),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) A(rootcontext, true),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) A(seclabel, false),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) #undef A
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388) static int match_opt_prefix(char *s, int l, char **arg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) for (i = 0; i < ARRAY_SIZE(tokens); i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) size_t len = tokens[i].len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) if (len > l || memcmp(s, tokens[i].name, len))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) if (tokens[i].has_arg) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) if (len == l || s[len] != '=')
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) *arg = s + len + 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400) } else if (len != l)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402) return tokens[i].opt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) return Opt_error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407) #define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409) static int may_context_mount_sb_relabel(u32 sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410) struct superblock_security_struct *sbsec,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) const struct cred *cred)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) const struct task_security_struct *tsec = selinux_cred(cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418) FILESYSTEM__RELABELFROM, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423) tsec->sid, sid, SECCLASS_FILESYSTEM,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) FILESYSTEM__RELABELTO, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428) static int may_context_mount_inode_relabel(u32 sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429) struct superblock_security_struct *sbsec,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430) const struct cred *cred)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432) const struct task_security_struct *tsec = selinux_cred(cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436) FILESYSTEM__RELABELFROM, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441) sid, sbsec->sid, SECCLASS_FILESYSTEM,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) FILESYSTEM__ASSOCIATE, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446) static int selinux_is_genfs_special_handling(struct super_block *sb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448) /* Special handling. Genfs but also in-core setxattr handler */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449) return !strcmp(sb->s_type->name, "sysfs") ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450) !strcmp(sb->s_type->name, "pstore") ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451) !strcmp(sb->s_type->name, "debugfs") ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452) !strcmp(sb->s_type->name, "tracefs") ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453) !strcmp(sb->s_type->name, "rootfs") ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) (selinux_policycap_cgroupseclabel() &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455) (!strcmp(sb->s_type->name, "cgroup") ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456) !strcmp(sb->s_type->name, "cgroup2")));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459) static int selinux_is_sblabel_mnt(struct super_block *sb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461) struct superblock_security_struct *sbsec = sb->s_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464) * IMPORTANT: Double-check logic in this function when adding a new
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465) * SECURITY_FS_USE_* definition!
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467) BUILD_BUG_ON(SECURITY_FS_USE_MAX != 7);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469) switch (sbsec->behavior) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470) case SECURITY_FS_USE_XATTR:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471) case SECURITY_FS_USE_TRANS:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472) case SECURITY_FS_USE_TASK:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473) case SECURITY_FS_USE_NATIVE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474) return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476) case SECURITY_FS_USE_GENFS:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477) return selinux_is_genfs_special_handling(sb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479) /* Never allow relabeling on context mounts */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480) case SECURITY_FS_USE_MNTPOINT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 481) case SECURITY_FS_USE_NONE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 482) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 483) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 484) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 485) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 486)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 487) static int sb_finish_set_opts(struct super_block *sb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 488) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 489) struct superblock_security_struct *sbsec = sb->s_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 490) struct dentry *root = sb->s_root;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 491) struct inode *root_inode = d_backing_inode(root);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 492) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 493)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 494) if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 495) /* Make sure that the xattr handler exists and that no
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 496) error other than -ENODATA is returned by getxattr on
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 497) the root directory. -ENODATA is ok, as this may be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 498) the first boot of the SELinux kernel before we have
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 499) assigned xattr values to the filesystem. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 500) if (!(root_inode->i_opflags & IOP_XATTR)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 501) pr_warn("SELinux: (dev %s, type %s) has no "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 502) "xattr support\n", sb->s_id, sb->s_type->name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 503) rc = -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 504) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 505) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 506)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 507) rc = __vfs_getxattr(root, root_inode, XATTR_NAME_SELINUX, NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 508) 0, XATTR_NOSECURITY);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 509) if (rc < 0 && rc != -ENODATA) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 510) if (rc == -EOPNOTSUPP)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 511) pr_warn("SELinux: (dev %s, type "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 512) "%s) has no security xattr handler\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 513) sb->s_id, sb->s_type->name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 514) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 515) pr_warn("SELinux: (dev %s, type "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 516) "%s) getxattr errno %d\n", sb->s_id,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 517) sb->s_type->name, -rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 518) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 519) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 520) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 521)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 522) sbsec->flags |= SE_SBINITIALIZED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 523)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 524) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 525) * Explicitly set or clear SBLABEL_MNT. It's not sufficient to simply
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 526) * leave the flag untouched because sb_clone_mnt_opts might be handing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 527) * us a superblock that needs the flag to be cleared.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 528) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 529) if (selinux_is_sblabel_mnt(sb))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 530) sbsec->flags |= SBLABEL_MNT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 531) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 532) sbsec->flags &= ~SBLABEL_MNT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 533)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 534) /* Initialize the root inode. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 535) rc = inode_doinit_with_dentry(root_inode, root);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 536)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 537) /* Initialize any other inodes associated with the superblock, e.g.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 538) inodes created prior to initial policy load or inodes created
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 539) during get_sb by a pseudo filesystem that directly
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 540) populates itself. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 541) spin_lock(&sbsec->isec_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 542) while (!list_empty(&sbsec->isec_head)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 543) struct inode_security_struct *isec =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 544) list_first_entry(&sbsec->isec_head,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 545) struct inode_security_struct, list);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 546) struct inode *inode = isec->inode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 547) list_del_init(&isec->list);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 548) spin_unlock(&sbsec->isec_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 549) inode = igrab(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 550) if (inode) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 551) if (!IS_PRIVATE(inode))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 552) inode_doinit_with_dentry(inode, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 553) iput(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 554) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 555) spin_lock(&sbsec->isec_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 556) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 557) spin_unlock(&sbsec->isec_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 558) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 559) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 560) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 561)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 562) static int bad_option(struct superblock_security_struct *sbsec, char flag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 563) u32 old_sid, u32 new_sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 564) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 565) char mnt_flags = sbsec->flags & SE_MNTMASK;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 566)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 567) /* check if the old mount command had the same options */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 568) if (sbsec->flags & SE_SBINITIALIZED)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 569) if (!(sbsec->flags & flag) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 570) (old_sid != new_sid))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 571) return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 572)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 573) /* check if we were passed the same options twice,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 574) * aka someone passed context=a,context=b
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 575) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 576) if (!(sbsec->flags & SE_SBINITIALIZED))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 577) if (mnt_flags & flag)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 578) return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 579) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 580) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 581)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 582) static int parse_sid(struct super_block *sb, const char *s, u32 *sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 583) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 584) int rc = security_context_str_to_sid(&selinux_state, s,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 585) sid, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 586) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 587) pr_warn("SELinux: security_context_str_to_sid"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 588) "(%s) failed for (dev %s, type %s) errno=%d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 589) s, sb->s_id, sb->s_type->name, rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 590) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 591) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 592)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 593) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 594) * Allow filesystems with binary mount data to explicitly set mount point
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 595) * labeling information.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 596) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 597) static int selinux_set_mnt_opts(struct super_block *sb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 598) void *mnt_opts,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 599) unsigned long kern_flags,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 600) unsigned long *set_kern_flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 601) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 602) const struct cred *cred = current_cred();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 603) struct superblock_security_struct *sbsec = sb->s_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 604) struct dentry *root = sbsec->sb->s_root;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 605) struct selinux_mnt_opts *opts = mnt_opts;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 606) struct inode_security_struct *root_isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 607) u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 608) u32 defcontext_sid = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 609) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 610)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 611) mutex_lock(&sbsec->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 612)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 613) if (!selinux_initialized(&selinux_state)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 614) if (!opts) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 615) /* Defer initialization until selinux_complete_init,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 616) after the initial policy is loaded and the security
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 617) server is ready to handle calls. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 618) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 619) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 620) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 621) pr_warn("SELinux: Unable to set superblock options "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 622) "before the security server is initialized\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 623) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 624) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 625) if (kern_flags && !set_kern_flags) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 626) /* Specifying internal flags without providing a place to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 627) * place the results is not allowed */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 628) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 629) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 630) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 631)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 632) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 633) * Binary mount data FS will come through this function twice. Once
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 634) * from an explicit call and once from the generic calls from the vfs.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 635) * Since the generic VFS calls will not contain any security mount data
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 636) * we need to skip the double mount verification.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 637) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 638) * This does open a hole in which we will not notice if the first
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 639) * mount using this sb set explict options and a second mount using
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 640) * this sb does not set any security options. (The first options
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 641) * will be used for both mounts)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 642) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 643) if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 644) && !opts)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 645) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 646)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 647) root_isec = backing_inode_security_novalidate(root);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 648)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 649) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 650) * parse the mount options, check if they are valid sids.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 651) * also check if someone is trying to mount the same sb more
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 652) * than once with different security options.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 653) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 654) if (opts) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 655) if (opts->fscontext) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 656) rc = parse_sid(sb, opts->fscontext, &fscontext_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 657) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 658) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 659) if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 660) fscontext_sid))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 661) goto out_double_mount;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 662) sbsec->flags |= FSCONTEXT_MNT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 663) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 664) if (opts->context) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 665) rc = parse_sid(sb, opts->context, &context_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 666) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 667) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 668) if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 669) context_sid))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 670) goto out_double_mount;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 671) sbsec->flags |= CONTEXT_MNT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 672) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 673) if (opts->rootcontext) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 674) rc = parse_sid(sb, opts->rootcontext, &rootcontext_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 675) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 676) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 677) if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 678) rootcontext_sid))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 679) goto out_double_mount;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 680) sbsec->flags |= ROOTCONTEXT_MNT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 681) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 682) if (opts->defcontext) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 683) rc = parse_sid(sb, opts->defcontext, &defcontext_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 684) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 685) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 686) if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 687) defcontext_sid))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 688) goto out_double_mount;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 689) sbsec->flags |= DEFCONTEXT_MNT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 690) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 691) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 692)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 693) if (sbsec->flags & SE_SBINITIALIZED) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 694) /* previously mounted with options, but not on this attempt? */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 695) if ((sbsec->flags & SE_MNTMASK) && !opts)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 696) goto out_double_mount;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 697) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 698) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 699) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 700)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 701) if (strcmp(sb->s_type->name, "proc") == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 702) sbsec->flags |= SE_SBPROC | SE_SBGENFS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 703)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 704) if (!strcmp(sb->s_type->name, "debugfs") ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 705) !strcmp(sb->s_type->name, "tracefs") ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 706) !strcmp(sb->s_type->name, "binder") ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 707) !strcmp(sb->s_type->name, "bpf") ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 708) !strcmp(sb->s_type->name, "pstore"))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 709) sbsec->flags |= SE_SBGENFS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 710)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 711) if (!strcmp(sb->s_type->name, "sysfs") ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 712) !strcmp(sb->s_type->name, "cgroup") ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 713) !strcmp(sb->s_type->name, "cgroup2"))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 714) sbsec->flags |= SE_SBGENFS | SE_SBGENFS_XATTR;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 715)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 716) if (!sbsec->behavior) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 717) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 718) * Determine the labeling behavior to use for this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 719) * filesystem type.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 720) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 721) rc = security_fs_use(&selinux_state, sb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 722) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 723) pr_warn("%s: security_fs_use(%s) returned %d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 724) __func__, sb->s_type->name, rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 725) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 726) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 727) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 728)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 729) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 730) * If this is a user namespace mount and the filesystem type is not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 731) * explicitly whitelisted, then no contexts are allowed on the command
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 732) * line and security labels must be ignored.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 733) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 734) if (sb->s_user_ns != &init_user_ns &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 735) strcmp(sb->s_type->name, "tmpfs") &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 736) strcmp(sb->s_type->name, "ramfs") &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 737) strcmp(sb->s_type->name, "devpts")) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 738) if (context_sid || fscontext_sid || rootcontext_sid ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 739) defcontext_sid) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 740) rc = -EACCES;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 741) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 742) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 743) if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 744) sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 745) rc = security_transition_sid(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 746) current_sid(),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 747) current_sid(),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 748) SECCLASS_FILE, NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 749) &sbsec->mntpoint_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 750) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 751) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 752) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 753) goto out_set_opts;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 754) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 755)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 756) /* sets the context of the superblock for the fs being mounted. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 757) if (fscontext_sid) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 758) rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 759) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 760) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 761)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 762) sbsec->sid = fscontext_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 763) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 764)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 765) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 766) * Switch to using mount point labeling behavior.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 767) * sets the label used on all file below the mountpoint, and will set
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 768) * the superblock context if not already set.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 769) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 770) if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !context_sid) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 771) sbsec->behavior = SECURITY_FS_USE_NATIVE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 772) *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 773) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 774)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 775) if (context_sid) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 776) if (!fscontext_sid) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 777) rc = may_context_mount_sb_relabel(context_sid, sbsec,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 778) cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 779) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 780) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 781) sbsec->sid = context_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 782) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 783) rc = may_context_mount_inode_relabel(context_sid, sbsec,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 784) cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 785) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 786) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 787) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 788) if (!rootcontext_sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 789) rootcontext_sid = context_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 790)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 791) sbsec->mntpoint_sid = context_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 792) sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 793) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 794)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 795) if (rootcontext_sid) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 796) rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 797) cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 798) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 799) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 800)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 801) root_isec->sid = rootcontext_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 802) root_isec->initialized = LABEL_INITIALIZED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 803) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 804)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 805) if (defcontext_sid) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 806) if (sbsec->behavior != SECURITY_FS_USE_XATTR &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 807) sbsec->behavior != SECURITY_FS_USE_NATIVE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 808) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 809) pr_warn("SELinux: defcontext option is "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 810) "invalid for this filesystem type\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 811) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 812) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 813)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 814) if (defcontext_sid != sbsec->def_sid) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 815) rc = may_context_mount_inode_relabel(defcontext_sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 816) sbsec, cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 817) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 818) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 819) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 820)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 821) sbsec->def_sid = defcontext_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 822) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 823)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 824) out_set_opts:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 825) rc = sb_finish_set_opts(sb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 826) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 827) mutex_unlock(&sbsec->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 828) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 829) out_double_mount:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 830) rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 831) pr_warn("SELinux: mount invalid. Same superblock, different "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 832) "security settings for (dev %s, type %s)\n", sb->s_id,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 833) sb->s_type->name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 834) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 835) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 836)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 837) static int selinux_cmp_sb_context(const struct super_block *oldsb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 838) const struct super_block *newsb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 839) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 840) struct superblock_security_struct *old = oldsb->s_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 841) struct superblock_security_struct *new = newsb->s_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 842) char oldflags = old->flags & SE_MNTMASK;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 843) char newflags = new->flags & SE_MNTMASK;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 844)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 845) if (oldflags != newflags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 846) goto mismatch;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 847) if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 848) goto mismatch;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 849) if ((oldflags & CONTEXT_MNT) && old->mntpoint_sid != new->mntpoint_sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 850) goto mismatch;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 851) if ((oldflags & DEFCONTEXT_MNT) && old->def_sid != new->def_sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 852) goto mismatch;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 853) if (oldflags & ROOTCONTEXT_MNT) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 854) struct inode_security_struct *oldroot = backing_inode_security(oldsb->s_root);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 855) struct inode_security_struct *newroot = backing_inode_security(newsb->s_root);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 856) if (oldroot->sid != newroot->sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 857) goto mismatch;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 858) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 859) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 860) mismatch:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 861) pr_warn("SELinux: mount invalid. Same superblock, "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 862) "different security settings for (dev %s, "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 863) "type %s)\n", newsb->s_id, newsb->s_type->name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 864) return -EBUSY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 865) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 866)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 867) static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 868) struct super_block *newsb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 869) unsigned long kern_flags,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 870) unsigned long *set_kern_flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 871) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 872) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 873) const struct superblock_security_struct *oldsbsec = oldsb->s_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 874) struct superblock_security_struct *newsbsec = newsb->s_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 875)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 876) int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 877) int set_context = (oldsbsec->flags & CONTEXT_MNT);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 878) int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 879)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 880) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 881) * if the parent was able to be mounted it clearly had no special lsm
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 882) * mount options. thus we can safely deal with this superblock later
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 883) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 884) if (!selinux_initialized(&selinux_state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 885) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 886)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 887) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 888) * Specifying internal flags without providing a place to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 889) * place the results is not allowed.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 890) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 891) if (kern_flags && !set_kern_flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 892) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 893)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 894) /* how can we clone if the old one wasn't set up?? */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 895) BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 896)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 897) /* if fs is reusing a sb, make sure that the contexts match */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 898) if (newsbsec->flags & SE_SBINITIALIZED) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 899) if ((kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 900) *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 901) return selinux_cmp_sb_context(oldsb, newsb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 902) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 903)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 904) mutex_lock(&newsbsec->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 905)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 906) newsbsec->flags = oldsbsec->flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 907)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 908) newsbsec->sid = oldsbsec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 909) newsbsec->def_sid = oldsbsec->def_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 910) newsbsec->behavior = oldsbsec->behavior;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 911)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 912) if (newsbsec->behavior == SECURITY_FS_USE_NATIVE &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 913) !(kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 914) rc = security_fs_use(&selinux_state, newsb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 915) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 916) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 917) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 918)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 919) if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !set_context) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 920) newsbsec->behavior = SECURITY_FS_USE_NATIVE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 921) *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 922) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 923)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 924) if (set_context) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 925) u32 sid = oldsbsec->mntpoint_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 926)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 927) if (!set_fscontext)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 928) newsbsec->sid = sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 929) if (!set_rootcontext) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 930) struct inode_security_struct *newisec = backing_inode_security(newsb->s_root);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 931) newisec->sid = sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 932) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 933) newsbsec->mntpoint_sid = sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 934) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 935) if (set_rootcontext) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 936) const struct inode_security_struct *oldisec = backing_inode_security(oldsb->s_root);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 937) struct inode_security_struct *newisec = backing_inode_security(newsb->s_root);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 938)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 939) newisec->sid = oldisec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 940) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 941)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 942) sb_finish_set_opts(newsb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 943) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 944) mutex_unlock(&newsbsec->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 945) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 946) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 947)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 948) static int selinux_add_opt(int token, const char *s, void **mnt_opts)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 949) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 950) struct selinux_mnt_opts *opts = *mnt_opts;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 951) bool is_alloc_opts = false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 952)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 953) if (token == Opt_seclabel) /* eaten and completely ignored */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 954) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 955)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 956) if (!s)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 957) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 958)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 959) if (!opts) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 960) opts = kzalloc(sizeof(struct selinux_mnt_opts), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 961) if (!opts)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 962) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 963) *mnt_opts = opts;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 964) is_alloc_opts = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 965) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 966)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 967) switch (token) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 968) case Opt_context:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 969) if (opts->context || opts->defcontext)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 970) goto Einval;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 971) opts->context = s;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 972) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 973) case Opt_fscontext:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 974) if (opts->fscontext)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 975) goto Einval;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 976) opts->fscontext = s;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 977) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 978) case Opt_rootcontext:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 979) if (opts->rootcontext)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 980) goto Einval;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 981) opts->rootcontext = s;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 982) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 983) case Opt_defcontext:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 984) if (opts->context || opts->defcontext)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 985) goto Einval;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 986) opts->defcontext = s;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 987) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 988) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 989) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 990) Einval:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 991) if (is_alloc_opts) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 992) kfree(opts);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 993) *mnt_opts = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 994) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 995) pr_warn(SEL_MOUNT_FAIL_MSG);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 996) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 997) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 998)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 999) static int selinux_add_mnt_opt(const char *option, const char *val, int len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1000) void **mnt_opts)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1001) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1002) int token = Opt_error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1003) int rc, i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1004)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1005) for (i = 0; i < ARRAY_SIZE(tokens); i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1006) if (strcmp(option, tokens[i].name) == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1007) token = tokens[i].opt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1008) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1009) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1010) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1011)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1012) if (token == Opt_error)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1013) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1014)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1015) if (token != Opt_seclabel) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1016) val = kmemdup_nul(val, len, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1017) if (!val) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1018) rc = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1019) goto free_opt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1020) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1021) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1022) rc = selinux_add_opt(token, val, mnt_opts);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1023) if (unlikely(rc)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1024) kfree(val);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1025) goto free_opt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1026) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1027) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1028)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1029) free_opt:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1030) if (*mnt_opts) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1031) selinux_free_mnt_opts(*mnt_opts);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1032) *mnt_opts = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1033) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1034) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1035) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1036)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1037) static int show_sid(struct seq_file *m, u32 sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1038) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1039) char *context = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1040) u32 len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1041) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1042)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1043) rc = security_sid_to_context(&selinux_state, sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1044) &context, &len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1045) if (!rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1046) bool has_comma = context && strchr(context, ',');
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1047)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1048) seq_putc(m, '=');
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1049) if (has_comma)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1050) seq_putc(m, '\"');
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1051) seq_escape(m, context, "\"\n\\");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1052) if (has_comma)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1053) seq_putc(m, '\"');
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1054) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1055) kfree(context);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1056) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1057) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1058)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1059) static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1060) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1061) struct superblock_security_struct *sbsec = sb->s_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1062) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1063)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1064) if (!(sbsec->flags & SE_SBINITIALIZED))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1065) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1066)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1067) if (!selinux_initialized(&selinux_state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1068) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1069)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1070) if (sbsec->flags & FSCONTEXT_MNT) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1071) seq_putc(m, ',');
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1072) seq_puts(m, FSCONTEXT_STR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1073) rc = show_sid(m, sbsec->sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1074) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1075) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1076) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1077) if (sbsec->flags & CONTEXT_MNT) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1078) seq_putc(m, ',');
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1079) seq_puts(m, CONTEXT_STR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1080) rc = show_sid(m, sbsec->mntpoint_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1081) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1082) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1083) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1084) if (sbsec->flags & DEFCONTEXT_MNT) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1085) seq_putc(m, ',');
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1086) seq_puts(m, DEFCONTEXT_STR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1087) rc = show_sid(m, sbsec->def_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1088) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1089) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1090) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1091) if (sbsec->flags & ROOTCONTEXT_MNT) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1092) struct dentry *root = sbsec->sb->s_root;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1093) struct inode_security_struct *isec = backing_inode_security(root);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1094) seq_putc(m, ',');
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1095) seq_puts(m, ROOTCONTEXT_STR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1096) rc = show_sid(m, isec->sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1097) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1098) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1099) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1100) if (sbsec->flags & SBLABEL_MNT) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1101) seq_putc(m, ',');
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1102) seq_puts(m, SECLABEL_STR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1103) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1104) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1105) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1106)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1107) static inline u16 inode_mode_to_security_class(umode_t mode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1108) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1109) switch (mode & S_IFMT) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1110) case S_IFSOCK:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1111) return SECCLASS_SOCK_FILE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1112) case S_IFLNK:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1113) return SECCLASS_LNK_FILE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1114) case S_IFREG:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1115) return SECCLASS_FILE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1116) case S_IFBLK:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1117) return SECCLASS_BLK_FILE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1118) case S_IFDIR:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1119) return SECCLASS_DIR;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1120) case S_IFCHR:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1121) return SECCLASS_CHR_FILE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1122) case S_IFIFO:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1123) return SECCLASS_FIFO_FILE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1124)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1125) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1126)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1127) return SECCLASS_FILE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1128) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1129)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1130) static inline int default_protocol_stream(int protocol)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1131) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1132) return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1133) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1134)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1135) static inline int default_protocol_dgram(int protocol)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1136) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1137) return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1138) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1139)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1140) static inline u16 socket_type_to_security_class(int family, int type, int protocol)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1141) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1142) int extsockclass = selinux_policycap_extsockclass();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1143)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1144) switch (family) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1145) case PF_UNIX:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1146) switch (type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1147) case SOCK_STREAM:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1148) case SOCK_SEQPACKET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1149) return SECCLASS_UNIX_STREAM_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1150) case SOCK_DGRAM:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1151) case SOCK_RAW:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1152) return SECCLASS_UNIX_DGRAM_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1153) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1154) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1155) case PF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1156) case PF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1157) switch (type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1158) case SOCK_STREAM:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1159) case SOCK_SEQPACKET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1160) if (default_protocol_stream(protocol))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1161) return SECCLASS_TCP_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1162) else if (extsockclass && protocol == IPPROTO_SCTP)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1163) return SECCLASS_SCTP_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1164) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1165) return SECCLASS_RAWIP_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1166) case SOCK_DGRAM:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1167) if (default_protocol_dgram(protocol))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1168) return SECCLASS_UDP_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1169) else if (extsockclass && (protocol == IPPROTO_ICMP ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1170) protocol == IPPROTO_ICMPV6))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1171) return SECCLASS_ICMP_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1172) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1173) return SECCLASS_RAWIP_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1174) case SOCK_DCCP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1175) return SECCLASS_DCCP_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1176) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1177) return SECCLASS_RAWIP_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1178) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1179) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1180) case PF_NETLINK:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1181) switch (protocol) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1182) case NETLINK_ROUTE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1183) return SECCLASS_NETLINK_ROUTE_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1184) case NETLINK_SOCK_DIAG:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1185) return SECCLASS_NETLINK_TCPDIAG_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1186) case NETLINK_NFLOG:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1187) return SECCLASS_NETLINK_NFLOG_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1188) case NETLINK_XFRM:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1189) return SECCLASS_NETLINK_XFRM_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1190) case NETLINK_SELINUX:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1191) return SECCLASS_NETLINK_SELINUX_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1192) case NETLINK_ISCSI:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1193) return SECCLASS_NETLINK_ISCSI_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1194) case NETLINK_AUDIT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1195) return SECCLASS_NETLINK_AUDIT_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1196) case NETLINK_FIB_LOOKUP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1197) return SECCLASS_NETLINK_FIB_LOOKUP_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1198) case NETLINK_CONNECTOR:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1199) return SECCLASS_NETLINK_CONNECTOR_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1200) case NETLINK_NETFILTER:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1201) return SECCLASS_NETLINK_NETFILTER_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1202) case NETLINK_DNRTMSG:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1203) return SECCLASS_NETLINK_DNRT_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1204) case NETLINK_KOBJECT_UEVENT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1205) return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1206) case NETLINK_GENERIC:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1207) return SECCLASS_NETLINK_GENERIC_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1208) case NETLINK_SCSITRANSPORT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1209) return SECCLASS_NETLINK_SCSITRANSPORT_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1210) case NETLINK_RDMA:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1211) return SECCLASS_NETLINK_RDMA_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1212) case NETLINK_CRYPTO:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1213) return SECCLASS_NETLINK_CRYPTO_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1214) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1215) return SECCLASS_NETLINK_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1216) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1217) case PF_PACKET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1218) return SECCLASS_PACKET_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1219) case PF_KEY:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1220) return SECCLASS_KEY_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1221) case PF_APPLETALK:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1222) return SECCLASS_APPLETALK_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1223) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1224)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1225) if (extsockclass) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1226) switch (family) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1227) case PF_AX25:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1228) return SECCLASS_AX25_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1229) case PF_IPX:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1230) return SECCLASS_IPX_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1231) case PF_NETROM:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1232) return SECCLASS_NETROM_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1233) case PF_ATMPVC:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1234) return SECCLASS_ATMPVC_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1235) case PF_X25:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1236) return SECCLASS_X25_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1237) case PF_ROSE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1238) return SECCLASS_ROSE_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1239) case PF_DECnet:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1240) return SECCLASS_DECNET_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1241) case PF_ATMSVC:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1242) return SECCLASS_ATMSVC_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1243) case PF_RDS:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1244) return SECCLASS_RDS_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1245) case PF_IRDA:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1246) return SECCLASS_IRDA_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1247) case PF_PPPOX:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1248) return SECCLASS_PPPOX_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1249) case PF_LLC:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1250) return SECCLASS_LLC_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1251) case PF_CAN:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1252) return SECCLASS_CAN_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1253) case PF_TIPC:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1254) return SECCLASS_TIPC_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1255) case PF_BLUETOOTH:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1256) return SECCLASS_BLUETOOTH_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1257) case PF_IUCV:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1258) return SECCLASS_IUCV_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1259) case PF_RXRPC:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1260) return SECCLASS_RXRPC_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1261) case PF_ISDN:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1262) return SECCLASS_ISDN_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1263) case PF_PHONET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1264) return SECCLASS_PHONET_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1265) case PF_IEEE802154:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1266) return SECCLASS_IEEE802154_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1267) case PF_CAIF:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1268) return SECCLASS_CAIF_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1269) case PF_ALG:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1270) return SECCLASS_ALG_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1271) case PF_NFC:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1272) return SECCLASS_NFC_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1273) case PF_VSOCK:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1274) return SECCLASS_VSOCK_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1275) case PF_KCM:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1276) return SECCLASS_KCM_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1277) case PF_QIPCRTR:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1278) return SECCLASS_QIPCRTR_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1279) case PF_SMC:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1280) return SECCLASS_SMC_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1281) case PF_XDP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1282) return SECCLASS_XDP_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1283) #if PF_MAX > 45
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1284) #error New address family defined, please update this function.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1285) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1286) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1287) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1288)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1289) return SECCLASS_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1290) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1291)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1292) static int selinux_genfs_get_sid(struct dentry *dentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1293) u16 tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1294) u16 flags,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1295) u32 *sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1296) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1297) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1298) struct super_block *sb = dentry->d_sb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1299) char *buffer, *path;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1300)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1301) buffer = (char *)__get_free_page(GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1302) if (!buffer)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1303) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1304)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1305) path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1306) if (IS_ERR(path))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1307) rc = PTR_ERR(path);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1308) else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1309) if (flags & SE_SBPROC) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1310) /* each process gets a /proc/PID/ entry. Strip off the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1311) * PID part to get a valid selinux labeling.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1312) * e.g. /proc/1/net/rpc/nfs -> /net/rpc/nfs */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1313) while (path[1] >= '0' && path[1] <= '9') {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1314) path[1] = '/';
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1315) path++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1316) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1317) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1318) rc = security_genfs_sid(&selinux_state, sb->s_type->name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1319) path, tclass, sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1320) if (rc == -ENOENT) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1321) /* No match in policy, mark as unlabeled. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1322) *sid = SECINITSID_UNLABELED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1323) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1324) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1325) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1326) free_page((unsigned long)buffer);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1327) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1328) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1329)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1330) static int inode_doinit_use_xattr(struct inode *inode, struct dentry *dentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1331) u32 def_sid, u32 *sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1332) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1333) #define INITCONTEXTLEN 255
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1334) char *context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1335) unsigned int len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1336) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1337)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1338) len = INITCONTEXTLEN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1339) context = kmalloc(len + 1, GFP_NOFS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1340) if (!context)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1341) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1342)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1343) context[len] = '\0';
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1344) rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, context, len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1345) XATTR_NOSECURITY);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1346) if (rc == -ERANGE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1347) kfree(context);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1348)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1349) /* Need a larger buffer. Query for the right size. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1350) rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, NULL, 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1351) XATTR_NOSECURITY);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1352) if (rc < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1353) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1354)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1355) len = rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1356) context = kmalloc(len + 1, GFP_NOFS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1357) if (!context)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1358) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1359)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1360) context[len] = '\0';
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1361) rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1362) context, len, XATTR_NOSECURITY);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1363) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1364) if (rc < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1365) kfree(context);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1366) if (rc != -ENODATA) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1367) pr_warn("SELinux: %s: getxattr returned %d for dev=%s ino=%ld\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1368) __func__, -rc, inode->i_sb->s_id, inode->i_ino);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1369) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1370) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1371) *sid = def_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1372) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1373) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1374)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1375) rc = security_context_to_sid_default(&selinux_state, context, rc, sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1376) def_sid, GFP_NOFS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1377) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1378) char *dev = inode->i_sb->s_id;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1379) unsigned long ino = inode->i_ino;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1380)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1381) if (rc == -EINVAL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1382) pr_notice_ratelimited("SELinux: inode=%lu on dev=%s was found to have an invalid context=%s. This indicates you may need to relabel the inode or the filesystem in question.\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1383) ino, dev, context);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1384) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1385) pr_warn("SELinux: %s: context_to_sid(%s) returned %d for dev=%s ino=%ld\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1386) __func__, context, -rc, dev, ino);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1387) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1388) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1389) kfree(context);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1390) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1391) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1392)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1393) /* The inode's security attributes must be initialized before first use. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1394) static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1395) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1396) struct superblock_security_struct *sbsec = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1397) struct inode_security_struct *isec = selinux_inode(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1398) u32 task_sid, sid = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1399) u16 sclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1400) struct dentry *dentry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1401) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1402)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1403) if (isec->initialized == LABEL_INITIALIZED)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1404) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1405)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1406) spin_lock(&isec->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1407) if (isec->initialized == LABEL_INITIALIZED)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1408) goto out_unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1409)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1410) if (isec->sclass == SECCLASS_FILE)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1411) isec->sclass = inode_mode_to_security_class(inode->i_mode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1412)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1413) sbsec = inode->i_sb->s_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1414) if (!(sbsec->flags & SE_SBINITIALIZED)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1415) /* Defer initialization until selinux_complete_init,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1416) after the initial policy is loaded and the security
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1417) server is ready to handle calls. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1418) spin_lock(&sbsec->isec_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1419) if (list_empty(&isec->list))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1420) list_add(&isec->list, &sbsec->isec_head);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1421) spin_unlock(&sbsec->isec_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1422) goto out_unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1423) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1424)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1425) sclass = isec->sclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1426) task_sid = isec->task_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1427) sid = isec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1428) isec->initialized = LABEL_PENDING;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1429) spin_unlock(&isec->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1430)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1431) switch (sbsec->behavior) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1432) case SECURITY_FS_USE_NATIVE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1433) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1434) case SECURITY_FS_USE_XATTR:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1435) if (!(inode->i_opflags & IOP_XATTR)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1436) sid = sbsec->def_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1437) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1438) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1439) /* Need a dentry, since the xattr API requires one.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1440) Life would be simpler if we could just pass the inode. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1441) if (opt_dentry) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1442) /* Called from d_instantiate or d_splice_alias. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1443) dentry = dget(opt_dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1444) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1445) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1446) * Called from selinux_complete_init, try to find a dentry.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1447) * Some filesystems really want a connected one, so try
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1448) * that first. We could split SECURITY_FS_USE_XATTR in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1449) * two, depending upon that...
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1450) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1451) dentry = d_find_alias(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1452) if (!dentry)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1453) dentry = d_find_any_alias(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1454) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1455) if (!dentry) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1456) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1457) * this is can be hit on boot when a file is accessed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1458) * before the policy is loaded. When we load policy we
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1459) * may find inodes that have no dentry on the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1460) * sbsec->isec_head list. No reason to complain as these
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1461) * will get fixed up the next time we go through
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1462) * inode_doinit with a dentry, before these inodes could
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1463) * be used again by userspace.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1464) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1465) goto out_invalid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1466) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1467)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1468) rc = inode_doinit_use_xattr(inode, dentry, sbsec->def_sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1469) &sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1470) dput(dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1471) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1472) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1473) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1474) case SECURITY_FS_USE_TASK:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1475) sid = task_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1476) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1477) case SECURITY_FS_USE_TRANS:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1478) /* Default to the fs SID. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1479) sid = sbsec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1480)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1481) /* Try to obtain a transition SID. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1482) rc = security_transition_sid(&selinux_state, task_sid, sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1483) sclass, NULL, &sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1484) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1485) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1486) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1487) case SECURITY_FS_USE_MNTPOINT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1488) sid = sbsec->mntpoint_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1489) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1490) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1491) /* Default to the fs superblock SID. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1492) sid = sbsec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1493)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1494) if ((sbsec->flags & SE_SBGENFS) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1495) (!S_ISLNK(inode->i_mode) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1496) selinux_policycap_genfs_seclabel_symlinks())) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1497) /* We must have a dentry to determine the label on
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1498) * procfs inodes */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1499) if (opt_dentry) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1500) /* Called from d_instantiate or
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1501) * d_splice_alias. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1502) dentry = dget(opt_dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1503) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1504) /* Called from selinux_complete_init, try to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1505) * find a dentry. Some filesystems really want
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1506) * a connected one, so try that first.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1507) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1508) dentry = d_find_alias(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1509) if (!dentry)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1510) dentry = d_find_any_alias(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1511) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1512) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1513) * This can be hit on boot when a file is accessed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1514) * before the policy is loaded. When we load policy we
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1515) * may find inodes that have no dentry on the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1516) * sbsec->isec_head list. No reason to complain as
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1517) * these will get fixed up the next time we go through
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1518) * inode_doinit() with a dentry, before these inodes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1519) * could be used again by userspace.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1520) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1521) if (!dentry)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1522) goto out_invalid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1523) rc = selinux_genfs_get_sid(dentry, sclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1524) sbsec->flags, &sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1525) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1526) dput(dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1527) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1528) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1529)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1530) if ((sbsec->flags & SE_SBGENFS_XATTR) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1531) (inode->i_opflags & IOP_XATTR)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1532) rc = inode_doinit_use_xattr(inode, dentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1533) sid, &sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1534) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1535) dput(dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1536) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1537) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1538) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1539) dput(dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1540) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1541) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1542) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1543)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1544) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1545) spin_lock(&isec->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1546) if (isec->initialized == LABEL_PENDING) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1547) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1548) isec->initialized = LABEL_INVALID;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1549) goto out_unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1550) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1551) isec->initialized = LABEL_INITIALIZED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1552) isec->sid = sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1553) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1554)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1555) out_unlock:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1556) spin_unlock(&isec->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1557) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1558)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1559) out_invalid:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1560) spin_lock(&isec->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1561) if (isec->initialized == LABEL_PENDING) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1562) isec->initialized = LABEL_INVALID;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1563) isec->sid = sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1564) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1565) spin_unlock(&isec->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1566) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1567) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1568)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1569) /* Convert a Linux signal to an access vector. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1570) static inline u32 signal_to_av(int sig)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1571) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1572) u32 perm = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1573)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1574) switch (sig) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1575) case SIGCHLD:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1576) /* Commonly granted from child to parent. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1577) perm = PROCESS__SIGCHLD;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1578) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1579) case SIGKILL:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1580) /* Cannot be caught or ignored */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1581) perm = PROCESS__SIGKILL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1582) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1583) case SIGSTOP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1584) /* Cannot be caught or ignored */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1585) perm = PROCESS__SIGSTOP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1586) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1587) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1588) /* All other signals. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1589) perm = PROCESS__SIGNAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1590) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1591) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1592)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1593) return perm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1594) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1595)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1596) #if CAP_LAST_CAP > 63
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1597) #error Fix SELinux to handle capabilities > 63.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1598) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1599)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1600) /* Check whether a task is allowed to use a capability. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1601) static int cred_has_capability(const struct cred *cred,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1602) int cap, unsigned int opts, bool initns)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1603) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1604) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1605) struct av_decision avd;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1606) u16 sclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1607) u32 sid = cred_sid(cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1608) u32 av = CAP_TO_MASK(cap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1609) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1610)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1611) ad.type = LSM_AUDIT_DATA_CAP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1612) ad.u.cap = cap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1613)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1614) switch (CAP_TO_INDEX(cap)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1615) case 0:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1616) sclass = initns ? SECCLASS_CAPABILITY : SECCLASS_CAP_USERNS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1617) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1618) case 1:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1619) sclass = initns ? SECCLASS_CAPABILITY2 : SECCLASS_CAP2_USERNS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1620) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1621) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1622) pr_err("SELinux: out of range capability %d\n", cap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1623) BUG();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1624) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1625) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1626)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1627) rc = avc_has_perm_noaudit(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1628) sid, sid, sclass, av, 0, &avd);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1629) if (!(opts & CAP_OPT_NOAUDIT)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1630) int rc2 = avc_audit(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1631) sid, sid, sclass, av, &avd, rc, &ad, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1632) if (rc2)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1633) return rc2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1634) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1635) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1636) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1637)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1638) /* Check whether a task has a particular permission to an inode.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1639) The 'adp' parameter is optional and allows other audit
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1640) data to be passed (e.g. the dentry). */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1641) static int inode_has_perm(const struct cred *cred,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1642) struct inode *inode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1643) u32 perms,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1644) struct common_audit_data *adp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1645) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1646) struct inode_security_struct *isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1647) u32 sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1648)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1649) validate_creds(cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1650)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1651) if (unlikely(IS_PRIVATE(inode)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1652) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1653)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1654) sid = cred_sid(cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1655) isec = selinux_inode(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1656)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1657) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1658) sid, isec->sid, isec->sclass, perms, adp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1659) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1660)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1661) /* Same as inode_has_perm, but pass explicit audit data containing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1662) the dentry to help the auditing code to more easily generate the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1663) pathname if needed. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1664) static inline int dentry_has_perm(const struct cred *cred,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1665) struct dentry *dentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1666) u32 av)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1667) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1668) struct inode *inode = d_backing_inode(dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1669) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1670)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1671) ad.type = LSM_AUDIT_DATA_DENTRY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1672) ad.u.dentry = dentry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1673) __inode_security_revalidate(inode, dentry, true);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1674) return inode_has_perm(cred, inode, av, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1675) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1676)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1677) /* Same as inode_has_perm, but pass explicit audit data containing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1678) the path to help the auditing code to more easily generate the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1679) pathname if needed. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1680) static inline int path_has_perm(const struct cred *cred,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1681) const struct path *path,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1682) u32 av)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1683) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1684) struct inode *inode = d_backing_inode(path->dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1685) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1686)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1687) ad.type = LSM_AUDIT_DATA_PATH;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1688) ad.u.path = *path;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1689) __inode_security_revalidate(inode, path->dentry, true);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1690) return inode_has_perm(cred, inode, av, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1691) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1692)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1693) /* Same as path_has_perm, but uses the inode from the file struct. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1694) static inline int file_path_has_perm(const struct cred *cred,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1695) struct file *file,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1696) u32 av)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1697) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1698) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1699)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1700) ad.type = LSM_AUDIT_DATA_FILE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1701) ad.u.file = file;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1702) return inode_has_perm(cred, file_inode(file), av, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1703) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1704)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1705) #ifdef CONFIG_BPF_SYSCALL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1706) static int bpf_fd_pass(struct file *file, u32 sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1707) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1708)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1709) /* Check whether a task can use an open file descriptor to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1710) access an inode in a given way. Check access to the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1711) descriptor itself, and then use dentry_has_perm to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1712) check a particular permission to the file.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1713) Access to the descriptor is implicitly granted if it
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1714) has the same SID as the process. If av is zero, then
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1715) access to the file is not checked, e.g. for cases
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1716) where only the descriptor is affected like seek. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1717) static int file_has_perm(const struct cred *cred,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1718) struct file *file,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1719) u32 av)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1720) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1721) struct file_security_struct *fsec = selinux_file(file);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1722) struct inode *inode = file_inode(file);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1723) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1724) u32 sid = cred_sid(cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1725) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1726)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1727) ad.type = LSM_AUDIT_DATA_FILE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1728) ad.u.file = file;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1729)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1730) if (sid != fsec->sid) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1731) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1732) sid, fsec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1733) SECCLASS_FD,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1734) FD__USE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1735) &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1736) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1737) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1738) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1739)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1740) #ifdef CONFIG_BPF_SYSCALL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1741) rc = bpf_fd_pass(file, cred_sid(cred));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1742) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1743) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1744) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1745)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1746) /* av is zero if only checking access to the descriptor. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1747) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1748) if (av)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1749) rc = inode_has_perm(cred, inode, av, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1750)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1751) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1752) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1753) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1754)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1755) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1756) * Determine the label for an inode that might be unioned.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1757) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1758) static int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1759) selinux_determine_inode_label(const struct task_security_struct *tsec,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1760) struct inode *dir,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1761) const struct qstr *name, u16 tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1762) u32 *_new_isid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1763) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1764) const struct superblock_security_struct *sbsec = dir->i_sb->s_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1765)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1766) if ((sbsec->flags & SE_SBINITIALIZED) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1767) (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1768) *_new_isid = sbsec->mntpoint_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1769) } else if ((sbsec->flags & SBLABEL_MNT) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1770) tsec->create_sid) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1771) *_new_isid = tsec->create_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1772) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1773) const struct inode_security_struct *dsec = inode_security(dir);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1774) return security_transition_sid(&selinux_state, tsec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1775) dsec->sid, tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1776) name, _new_isid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1777) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1778)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1779) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1780) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1781)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1782) /* Check whether a task can create a file. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1783) static int may_create(struct inode *dir,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1784) struct dentry *dentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1785) u16 tclass)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1786) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1787) const struct task_security_struct *tsec = selinux_cred(current_cred());
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1788) struct inode_security_struct *dsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1789) struct superblock_security_struct *sbsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1790) u32 sid, newsid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1791) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1792) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1793)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1794) dsec = inode_security(dir);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1795) sbsec = dir->i_sb->s_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1796)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1797) sid = tsec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1798)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1799) ad.type = LSM_AUDIT_DATA_DENTRY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1800) ad.u.dentry = dentry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1801)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1802) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1803) sid, dsec->sid, SECCLASS_DIR,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1804) DIR__ADD_NAME | DIR__SEARCH,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1805) &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1806) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1807) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1808)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1809) rc = selinux_determine_inode_label(tsec, dir, &dentry->d_name, tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1810) &newsid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1811) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1812) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1813)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1814) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1815) sid, newsid, tclass, FILE__CREATE, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1816) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1817) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1818)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1819) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1820) newsid, sbsec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1821) SECCLASS_FILESYSTEM,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1822) FILESYSTEM__ASSOCIATE, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1823) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1824)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1825) #define MAY_LINK 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1826) #define MAY_UNLINK 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1827) #define MAY_RMDIR 2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1828)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1829) /* Check whether a task can link, unlink, or rmdir a file/directory. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1830) static int may_link(struct inode *dir,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1831) struct dentry *dentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1832) int kind)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1833)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1834) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1835) struct inode_security_struct *dsec, *isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1836) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1837) u32 sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1838) u32 av;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1839) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1840)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1841) dsec = inode_security(dir);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1842) isec = backing_inode_security(dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1843)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1844) ad.type = LSM_AUDIT_DATA_DENTRY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1845) ad.u.dentry = dentry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1846)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1847) av = DIR__SEARCH;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1848) av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1849) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1850) sid, dsec->sid, SECCLASS_DIR, av, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1851) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1852) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1853)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1854) switch (kind) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1855) case MAY_LINK:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1856) av = FILE__LINK;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1857) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1858) case MAY_UNLINK:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1859) av = FILE__UNLINK;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1860) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1861) case MAY_RMDIR:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1862) av = DIR__RMDIR;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1863) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1864) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1865) pr_warn("SELinux: %s: unrecognized kind %d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1866) __func__, kind);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1867) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1868) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1869)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1870) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1871) sid, isec->sid, isec->sclass, av, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1872) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1873) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1874)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1875) static inline int may_rename(struct inode *old_dir,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1876) struct dentry *old_dentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1877) struct inode *new_dir,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1878) struct dentry *new_dentry)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1879) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1880) struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1881) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1882) u32 sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1883) u32 av;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1884) int old_is_dir, new_is_dir;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1885) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1886)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1887) old_dsec = inode_security(old_dir);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1888) old_isec = backing_inode_security(old_dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1889) old_is_dir = d_is_dir(old_dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1890) new_dsec = inode_security(new_dir);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1891)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1892) ad.type = LSM_AUDIT_DATA_DENTRY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1893)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1894) ad.u.dentry = old_dentry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1895) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1896) sid, old_dsec->sid, SECCLASS_DIR,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1897) DIR__REMOVE_NAME | DIR__SEARCH, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1898) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1899) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1900) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1901) sid, old_isec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1902) old_isec->sclass, FILE__RENAME, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1903) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1904) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1905) if (old_is_dir && new_dir != old_dir) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1906) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1907) sid, old_isec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1908) old_isec->sclass, DIR__REPARENT, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1909) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1910) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1911) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1912)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1913) ad.u.dentry = new_dentry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1914) av = DIR__ADD_NAME | DIR__SEARCH;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1915) if (d_is_positive(new_dentry))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1916) av |= DIR__REMOVE_NAME;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1917) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1918) sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1919) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1920) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1921) if (d_is_positive(new_dentry)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1922) new_isec = backing_inode_security(new_dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1923) new_is_dir = d_is_dir(new_dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1924) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1925) sid, new_isec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1926) new_isec->sclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1927) (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1928) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1929) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1930) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1931)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1932) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1933) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1934)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1935) /* Check whether a task can perform a filesystem operation. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1936) static int superblock_has_perm(const struct cred *cred,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1937) struct super_block *sb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1938) u32 perms,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1939) struct common_audit_data *ad)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1940) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1941) struct superblock_security_struct *sbsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1942) u32 sid = cred_sid(cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1943)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1944) sbsec = sb->s_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1945) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1946) sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1947) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1948)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1949) /* Convert a Linux mode and permission mask to an access vector. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1950) static inline u32 file_mask_to_av(int mode, int mask)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1951) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1952) u32 av = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1953)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1954) if (!S_ISDIR(mode)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1955) if (mask & MAY_EXEC)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1956) av |= FILE__EXECUTE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1957) if (mask & MAY_READ)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1958) av |= FILE__READ;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1959)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1960) if (mask & MAY_APPEND)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1961) av |= FILE__APPEND;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1962) else if (mask & MAY_WRITE)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1963) av |= FILE__WRITE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1964)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1965) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1966) if (mask & MAY_EXEC)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1967) av |= DIR__SEARCH;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1968) if (mask & MAY_WRITE)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1969) av |= DIR__WRITE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1970) if (mask & MAY_READ)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1971) av |= DIR__READ;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1972) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1973)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1974) return av;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1975) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1976)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1977) /* Convert a Linux file to an access vector. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1978) static inline u32 file_to_av(struct file *file)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1979) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1980) u32 av = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1981)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1982) if (file->f_mode & FMODE_READ)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1983) av |= FILE__READ;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1984) if (file->f_mode & FMODE_WRITE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1985) if (file->f_flags & O_APPEND)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1986) av |= FILE__APPEND;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1987) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1988) av |= FILE__WRITE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1989) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1990) if (!av) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1991) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1992) * Special file opened with flags 3 for ioctl-only use.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1993) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1994) av = FILE__IOCTL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1995) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1996)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1997) return av;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1998) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1999)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2000) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2001) * Convert a file to an access vector and include the correct
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2002) * open permission.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2003) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2004) static inline u32 open_file_to_av(struct file *file)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2005) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2006) u32 av = file_to_av(file);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2007) struct inode *inode = file_inode(file);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2008)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2009) if (selinux_policycap_openperm() &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2010) inode->i_sb->s_magic != SOCKFS_MAGIC)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2011) av |= FILE__OPEN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2012)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2013) return av;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2014) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2015)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2016) /* Hook functions begin here. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2017)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2018) static int selinux_binder_set_context_mgr(const struct cred *mgr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2019) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2020) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2021) current_sid(), cred_sid(mgr), SECCLASS_BINDER,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2022) BINDER__SET_CONTEXT_MGR, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2023) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2024)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2025) static int selinux_binder_transaction(const struct cred *from,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2026) const struct cred *to)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2027) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2028) u32 mysid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2029) u32 fromsid = cred_sid(from);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2030) u32 tosid = cred_sid(to);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2031) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2032)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2033) if (mysid != fromsid) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2034) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2035) mysid, fromsid, SECCLASS_BINDER,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2036) BINDER__IMPERSONATE, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2037) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2038) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2039) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2040)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2041) return avc_has_perm(&selinux_state, fromsid, tosid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2042) SECCLASS_BINDER, BINDER__CALL, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2043) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2044)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2045) static int selinux_binder_transfer_binder(const struct cred *from,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2046) const struct cred *to)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2047) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2048) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2049) cred_sid(from), cred_sid(to),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2050) SECCLASS_BINDER, BINDER__TRANSFER,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2051) NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2052) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2053)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2054) static int selinux_binder_transfer_file(const struct cred *from,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2055) const struct cred *to,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2056) struct file *file)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2057) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2058) u32 sid = cred_sid(to);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2059) struct file_security_struct *fsec = selinux_file(file);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2060) struct dentry *dentry = file->f_path.dentry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2061) struct inode_security_struct *isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2062) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2063) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2064)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2065) ad.type = LSM_AUDIT_DATA_PATH;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2066) ad.u.path = file->f_path;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2067)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2068) if (sid != fsec->sid) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2069) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2070) sid, fsec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2071) SECCLASS_FD,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2072) FD__USE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2073) &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2074) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2075) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2076) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2077)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2078) #ifdef CONFIG_BPF_SYSCALL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2079) rc = bpf_fd_pass(file, sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2080) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2081) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2082) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2083)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2084) if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2085) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2086)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2087) isec = backing_inode_security(dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2088) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2089) sid, isec->sid, isec->sclass, file_to_av(file),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2090) &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2091) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2092)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2093) static int selinux_ptrace_access_check(struct task_struct *child,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2094) unsigned int mode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2095) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2096) u32 sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2097) u32 csid = task_sid(child);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2098)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2099) if (mode & PTRACE_MODE_READ)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2100) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2101) sid, csid, SECCLASS_FILE, FILE__READ, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2102)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2103) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2104) sid, csid, SECCLASS_PROCESS, PROCESS__PTRACE, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2105) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2106)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2107) static int selinux_ptrace_traceme(struct task_struct *parent)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2108) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2109) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2110) task_sid(parent), current_sid(), SECCLASS_PROCESS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2111) PROCESS__PTRACE, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2112) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2113)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2114) static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2115) kernel_cap_t *inheritable, kernel_cap_t *permitted)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2116) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2117) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2118) current_sid(), task_sid(target), SECCLASS_PROCESS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2119) PROCESS__GETCAP, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2120) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2121)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2122) static int selinux_capset(struct cred *new, const struct cred *old,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2123) const kernel_cap_t *effective,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2124) const kernel_cap_t *inheritable,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2125) const kernel_cap_t *permitted)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2126) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2127) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2128) cred_sid(old), cred_sid(new), SECCLASS_PROCESS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2129) PROCESS__SETCAP, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2130) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2131)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2132) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2133) * (This comment used to live with the selinux_task_setuid hook,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2134) * which was removed).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2135) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2136) * Since setuid only affects the current process, and since the SELinux
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2137) * controls are not based on the Linux identity attributes, SELinux does not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2138) * need to control this operation. However, SELinux does control the use of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2139) * the CAP_SETUID and CAP_SETGID capabilities using the capable hook.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2140) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2141)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2142) static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2143) int cap, unsigned int opts)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2144) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2145) return cred_has_capability(cred, cap, opts, ns == &init_user_ns);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2146) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2147)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2148) static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2149) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2150) const struct cred *cred = current_cred();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2151) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2152)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2153) if (!sb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2154) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2155)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2156) switch (cmds) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2157) case Q_SYNC:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2158) case Q_QUOTAON:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2159) case Q_QUOTAOFF:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2160) case Q_SETINFO:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2161) case Q_SETQUOTA:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2162) case Q_XQUOTAOFF:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2163) case Q_XQUOTAON:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2164) case Q_XSETQLIM:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2165) rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2166) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2167) case Q_GETFMT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2168) case Q_GETINFO:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2169) case Q_GETQUOTA:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2170) case Q_XGETQUOTA:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2171) case Q_XGETQSTAT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2172) case Q_XGETQSTATV:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2173) case Q_XGETNEXTQUOTA:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2174) rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2175) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2176) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2177) rc = 0; /* let the kernel handle invalid cmds */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2178) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2179) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2180) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2181) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2182)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2183) static int selinux_quota_on(struct dentry *dentry)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2184) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2185) const struct cred *cred = current_cred();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2186)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2187) return dentry_has_perm(cred, dentry, FILE__QUOTAON);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2188) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2189)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2190) static int selinux_syslog(int type)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2191) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2192) switch (type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2193) case SYSLOG_ACTION_READ_ALL: /* Read last kernel messages */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2194) case SYSLOG_ACTION_SIZE_BUFFER: /* Return size of the log buffer */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2195) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2196) current_sid(), SECINITSID_KERNEL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2197) SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2198) case SYSLOG_ACTION_CONSOLE_OFF: /* Disable logging to console */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2199) case SYSLOG_ACTION_CONSOLE_ON: /* Enable logging to console */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2200) /* Set level of messages printed to console */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2201) case SYSLOG_ACTION_CONSOLE_LEVEL:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2202) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2203) current_sid(), SECINITSID_KERNEL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2204) SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2205) NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2206) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2207) /* All other syslog types */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2208) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2209) current_sid(), SECINITSID_KERNEL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2210) SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2211) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2212)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2213) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2214) * Check that a process has enough memory to allocate a new virtual
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2215) * mapping. 0 means there is enough memory for the allocation to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2216) * succeed and -ENOMEM implies there is not.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2217) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2218) * Do not audit the selinux permission check, as this is applied to all
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2219) * processes that allocate mappings.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2220) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2221) static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2222) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2223) int rc, cap_sys_admin = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2224)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2225) rc = cred_has_capability(current_cred(), CAP_SYS_ADMIN,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2226) CAP_OPT_NOAUDIT, true);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2227) if (rc == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2228) cap_sys_admin = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2229)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2230) return cap_sys_admin;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2231) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2232)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2233) /* binprm security operations */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2234)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2235) static u32 ptrace_parent_sid(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2236) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2237) u32 sid = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2238) struct task_struct *tracer;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2239)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2240) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2241) tracer = ptrace_parent(current);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2242) if (tracer)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2243) sid = task_sid(tracer);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2244) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2245)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2246) return sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2247) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2248)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2249) static int check_nnp_nosuid(const struct linux_binprm *bprm,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2250) const struct task_security_struct *old_tsec,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2251) const struct task_security_struct *new_tsec)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2252) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2253) int nnp = (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2254) int nosuid = !mnt_may_suid(bprm->file->f_path.mnt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2255) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2256) u32 av;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2257)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2258) if (!nnp && !nosuid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2259) return 0; /* neither NNP nor nosuid */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2260)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2261) if (new_tsec->sid == old_tsec->sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2262) return 0; /* No change in credentials */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2263)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2264) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2265) * If the policy enables the nnp_nosuid_transition policy capability,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2266) * then we permit transitions under NNP or nosuid if the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2267) * policy allows the corresponding permission between
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2268) * the old and new contexts.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2269) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2270) if (selinux_policycap_nnp_nosuid_transition()) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2271) av = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2272) if (nnp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2273) av |= PROCESS2__NNP_TRANSITION;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2274) if (nosuid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2275) av |= PROCESS2__NOSUID_TRANSITION;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2276) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2277) old_tsec->sid, new_tsec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2278) SECCLASS_PROCESS2, av, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2279) if (!rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2280) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2281) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2282)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2283) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2284) * We also permit NNP or nosuid transitions to bounded SIDs,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2285) * i.e. SIDs that are guaranteed to only be allowed a subset
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2286) * of the permissions of the current SID.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2287) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2288) rc = security_bounded_transition(&selinux_state, old_tsec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2289) new_tsec->sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2290) if (!rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2291) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2292)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2293) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2294) * On failure, preserve the errno values for NNP vs nosuid.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2295) * NNP: Operation not permitted for caller.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2296) * nosuid: Permission denied to file.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2297) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2298) if (nnp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2299) return -EPERM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2300) return -EACCES;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2301) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2302)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2303) static int selinux_bprm_creds_for_exec(struct linux_binprm *bprm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2304) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2305) const struct task_security_struct *old_tsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2306) struct task_security_struct *new_tsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2307) struct inode_security_struct *isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2308) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2309) struct inode *inode = file_inode(bprm->file);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2310) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2311)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2312) /* SELinux context only depends on initial program or script and not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2313) * the script interpreter */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2314)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2315) old_tsec = selinux_cred(current_cred());
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2316) new_tsec = selinux_cred(bprm->cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2317) isec = inode_security(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2318)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2319) /* Default to the current task SID. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2320) new_tsec->sid = old_tsec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2321) new_tsec->osid = old_tsec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2322)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2323) /* Reset fs, key, and sock SIDs on execve. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2324) new_tsec->create_sid = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2325) new_tsec->keycreate_sid = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2326) new_tsec->sockcreate_sid = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2327)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2328) if (old_tsec->exec_sid) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2329) new_tsec->sid = old_tsec->exec_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2330) /* Reset exec SID on execve. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2331) new_tsec->exec_sid = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2332)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2333) /* Fail on NNP or nosuid if not an allowed transition. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2334) rc = check_nnp_nosuid(bprm, old_tsec, new_tsec);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2335) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2336) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2337) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2338) /* Check for a default transition on this program. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2339) rc = security_transition_sid(&selinux_state, old_tsec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2340) isec->sid, SECCLASS_PROCESS, NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2341) &new_tsec->sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2342) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2343) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2344)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2345) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2346) * Fallback to old SID on NNP or nosuid if not an allowed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2347) * transition.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2348) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2349) rc = check_nnp_nosuid(bprm, old_tsec, new_tsec);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2350) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2351) new_tsec->sid = old_tsec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2352) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2353)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2354) ad.type = LSM_AUDIT_DATA_FILE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2355) ad.u.file = bprm->file;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2356)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2357) if (new_tsec->sid == old_tsec->sid) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2358) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2359) old_tsec->sid, isec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2360) SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2361) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2362) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2363) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2364) /* Check permissions for the transition. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2365) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2366) old_tsec->sid, new_tsec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2367) SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2368) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2369) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2370)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2371) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2372) new_tsec->sid, isec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2373) SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2374) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2375) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2376)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2377) /* Check for shared state */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2378) if (bprm->unsafe & LSM_UNSAFE_SHARE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2379) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2380) old_tsec->sid, new_tsec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2381) SECCLASS_PROCESS, PROCESS__SHARE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2382) NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2383) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2384) return -EPERM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2385) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2386)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2387) /* Make sure that anyone attempting to ptrace over a task that
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2388) * changes its SID has the appropriate permit */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2389) if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2390) u32 ptsid = ptrace_parent_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2391) if (ptsid != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2392) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2393) ptsid, new_tsec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2394) SECCLASS_PROCESS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2395) PROCESS__PTRACE, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2396) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2397) return -EPERM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2398) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2399) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2400)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2401) /* Clear any possibly unsafe personality bits on exec: */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2402) bprm->per_clear |= PER_CLEAR_ON_SETID;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2403)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2404) /* Enable secure mode for SIDs transitions unless
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2405) the noatsecure permission is granted between
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2406) the two SIDs, i.e. ahp returns 0. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2407) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2408) old_tsec->sid, new_tsec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2409) SECCLASS_PROCESS, PROCESS__NOATSECURE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2410) NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2411) bprm->secureexec |= !!rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2412) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2413)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2414) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2415) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2416)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2417) static int match_file(const void *p, struct file *file, unsigned fd)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2418) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2419) return file_has_perm(p, file, file_to_av(file)) ? fd + 1 : 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2420) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2421)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2422) /* Derived from fs/exec.c:flush_old_files. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2423) static inline void flush_unauthorized_files(const struct cred *cred,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2424) struct files_struct *files)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2425) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2426) struct file *file, *devnull = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2427) struct tty_struct *tty;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2428) int drop_tty = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2429) unsigned n;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2430)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2431) tty = get_current_tty();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2432) if (tty) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2433) spin_lock(&tty->files_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2434) if (!list_empty(&tty->tty_files)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2435) struct tty_file_private *file_priv;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2436)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2437) /* Revalidate access to controlling tty.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2438) Use file_path_has_perm on the tty path directly
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2439) rather than using file_has_perm, as this particular
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2440) open file may belong to another process and we are
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2441) only interested in the inode-based check here. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2442) file_priv = list_first_entry(&tty->tty_files,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2443) struct tty_file_private, list);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2444) file = file_priv->file;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2445) if (file_path_has_perm(cred, file, FILE__READ | FILE__WRITE))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2446) drop_tty = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2447) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2448) spin_unlock(&tty->files_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2449) tty_kref_put(tty);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2450) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2451) /* Reset controlling tty. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2452) if (drop_tty)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2453) no_tty();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2454)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2455) /* Revalidate access to inherited open files. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2456) n = iterate_fd(files, 0, match_file, cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2457) if (!n) /* none found? */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2458) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2459)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2460) devnull = dentry_open(&selinux_null, O_RDWR, cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2461) if (IS_ERR(devnull))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2462) devnull = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2463) /* replace all the matching ones with this */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2464) do {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2465) replace_fd(n - 1, devnull, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2466) } while ((n = iterate_fd(files, n, match_file, cred)) != 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2467) if (devnull)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2468) fput(devnull);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2469) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2470)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2471) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2472) * Prepare a process for imminent new credential changes due to exec
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2473) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2474) static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2475) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2476) struct task_security_struct *new_tsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2477) struct rlimit *rlim, *initrlim;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2478) int rc, i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2479)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2480) new_tsec = selinux_cred(bprm->cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2481) if (new_tsec->sid == new_tsec->osid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2482) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2483)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2484) /* Close files for which the new task SID is not authorized. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2485) flush_unauthorized_files(bprm->cred, current->files);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2486)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2487) /* Always clear parent death signal on SID transitions. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2488) current->pdeath_signal = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2489)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2490) /* Check whether the new SID can inherit resource limits from the old
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2491) * SID. If not, reset all soft limits to the lower of the current
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2492) * task's hard limit and the init task's soft limit.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2493) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2494) * Note that the setting of hard limits (even to lower them) can be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2495) * controlled by the setrlimit check. The inclusion of the init task's
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2496) * soft limit into the computation is to avoid resetting soft limits
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2497) * higher than the default soft limit for cases where the default is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2498) * lower than the hard limit, e.g. RLIMIT_CORE or RLIMIT_STACK.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2499) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2500) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2501) new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2502) PROCESS__RLIMITINH, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2503) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2504) /* protect against do_prlimit() */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2505) task_lock(current);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2506) for (i = 0; i < RLIM_NLIMITS; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2507) rlim = current->signal->rlim + i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2508) initrlim = init_task.signal->rlim + i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2509) rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2510) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2511) task_unlock(current);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2512) if (IS_ENABLED(CONFIG_POSIX_TIMERS))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2513) update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2514) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2515) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2516)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2517) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2518) * Clean up the process immediately after the installation of new credentials
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2519) * due to exec
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2520) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2521) static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2522) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2523) const struct task_security_struct *tsec = selinux_cred(current_cred());
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2524) u32 osid, sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2525) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2526)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2527) osid = tsec->osid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2528) sid = tsec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2529)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2530) if (sid == osid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2531) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2532)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2533) /* Check whether the new SID can inherit signal state from the old SID.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2534) * If not, clear itimers to avoid subsequent signal generation and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2535) * flush and unblock signals.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2536) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2537) * This must occur _after_ the task SID has been updated so that any
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2538) * kill done after the flush will be checked against the new SID.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2539) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2540) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2541) osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2542) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2543) clear_itimer();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2544)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2545) spin_lock_irq(¤t->sighand->siglock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2546) if (!fatal_signal_pending(current)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2547) flush_sigqueue(¤t->pending);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2548) flush_sigqueue(¤t->signal->shared_pending);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2549) flush_signal_handlers(current, 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2550) sigemptyset(¤t->blocked);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2551) recalc_sigpending();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2552) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2553) spin_unlock_irq(¤t->sighand->siglock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2554) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2555)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2556) /* Wake up the parent if it is waiting so that it can recheck
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2557) * wait permission to the new task SID. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2558) read_lock(&tasklist_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2559) __wake_up_parent(current, current->real_parent);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2560) read_unlock(&tasklist_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2561) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2562)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2563) /* superblock security operations */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2564)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2565) static int selinux_sb_alloc_security(struct super_block *sb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2566) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2567) struct superblock_security_struct *sbsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2568)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2569) sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2570) if (!sbsec)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2571) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2572)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2573) mutex_init(&sbsec->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2574) INIT_LIST_HEAD(&sbsec->isec_head);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2575) spin_lock_init(&sbsec->isec_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2576) sbsec->sb = sb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2577) sbsec->sid = SECINITSID_UNLABELED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2578) sbsec->def_sid = SECINITSID_FILE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2579) sbsec->mntpoint_sid = SECINITSID_UNLABELED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2580) sb->s_security = sbsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2581)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2582) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2583) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2584)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2585) static void selinux_sb_free_security(struct super_block *sb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2586) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2587) superblock_free_security(sb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2588) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2589)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2590) static inline int opt_len(const char *s)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2591) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2592) bool open_quote = false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2593) int len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2594) char c;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2595)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2596) for (len = 0; (c = s[len]) != '\0'; len++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2597) if (c == '"')
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2598) open_quote = !open_quote;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2599) if (c == ',' && !open_quote)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2600) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2601) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2602) return len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2603) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2604)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2605) static int selinux_sb_eat_lsm_opts(char *options, void **mnt_opts)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2606) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2607) char *from = options;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2608) char *to = options;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2609) bool first = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2610) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2611)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2612) while (1) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2613) int len = opt_len(from);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2614) int token;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2615) char *arg = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2616)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2617) token = match_opt_prefix(from, len, &arg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2618)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2619) if (token != Opt_error) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2620) char *p, *q;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2621)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2622) /* strip quotes */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2623) if (arg) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2624) for (p = q = arg; p < from + len; p++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2625) char c = *p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2626) if (c != '"')
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2627) *q++ = c;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2628) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2629) arg = kmemdup_nul(arg, q - arg, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2630) if (!arg) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2631) rc = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2632) goto free_opt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2633) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2634) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2635) rc = selinux_add_opt(token, arg, mnt_opts);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2636) if (unlikely(rc)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2637) kfree(arg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2638) goto free_opt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2639) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2640) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2641) if (!first) { // copy with preceding comma
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2642) from--;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2643) len++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2644) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2645) if (to != from)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2646) memmove(to, from, len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2647) to += len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2648) first = false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2649) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2650) if (!from[len])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2651) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2652) from += len + 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2653) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2654) *to = '\0';
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2655) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2656)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2657) free_opt:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2658) if (*mnt_opts) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2659) selinux_free_mnt_opts(*mnt_opts);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2660) *mnt_opts = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2661) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2662) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2663) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2664)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2665) static int selinux_sb_remount(struct super_block *sb, void *mnt_opts)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2666) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2667) struct selinux_mnt_opts *opts = mnt_opts;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2668) struct superblock_security_struct *sbsec = sb->s_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2669) u32 sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2670) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2671)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2672) if (!(sbsec->flags & SE_SBINITIALIZED))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2673) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2674)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2675) if (!opts)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2676) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2677)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2678) if (opts->fscontext) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2679) rc = parse_sid(sb, opts->fscontext, &sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2680) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2681) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2682) if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2683) goto out_bad_option;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2684) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2685) if (opts->context) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2686) rc = parse_sid(sb, opts->context, &sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2687) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2688) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2689) if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2690) goto out_bad_option;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2691) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2692) if (opts->rootcontext) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2693) struct inode_security_struct *root_isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2694) root_isec = backing_inode_security(sb->s_root);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2695) rc = parse_sid(sb, opts->rootcontext, &sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2696) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2697) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2698) if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2699) goto out_bad_option;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2700) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2701) if (opts->defcontext) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2702) rc = parse_sid(sb, opts->defcontext, &sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2703) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2704) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2705) if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2706) goto out_bad_option;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2707) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2708) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2709)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2710) out_bad_option:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2711) pr_warn("SELinux: unable to change security options "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2712) "during remount (dev %s, type=%s)\n", sb->s_id,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2713) sb->s_type->name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2714) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2715) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2716)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2717) static int selinux_sb_kern_mount(struct super_block *sb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2718) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2719) const struct cred *cred = current_cred();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2720) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2721)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2722) ad.type = LSM_AUDIT_DATA_DENTRY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2723) ad.u.dentry = sb->s_root;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2724) return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2725) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2726)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2727) static int selinux_sb_statfs(struct dentry *dentry)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2728) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2729) const struct cred *cred = current_cred();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2730) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2731)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2732) ad.type = LSM_AUDIT_DATA_DENTRY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2733) ad.u.dentry = dentry->d_sb->s_root;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2734) return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2735) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2736)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2737) static int selinux_mount(const char *dev_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2738) const struct path *path,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2739) const char *type,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2740) unsigned long flags,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2741) void *data)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2742) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2743) const struct cred *cred = current_cred();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2744)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2745) if (flags & MS_REMOUNT)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2746) return superblock_has_perm(cred, path->dentry->d_sb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2747) FILESYSTEM__REMOUNT, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2748) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2749) return path_has_perm(cred, path, FILE__MOUNTON);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2750) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2751)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2752) static int selinux_move_mount(const struct path *from_path,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2753) const struct path *to_path)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2754) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2755) const struct cred *cred = current_cred();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2756)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2757) return path_has_perm(cred, to_path, FILE__MOUNTON);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2758) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2759)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2760) static int selinux_umount(struct vfsmount *mnt, int flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2761) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2762) const struct cred *cred = current_cred();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2763)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2764) return superblock_has_perm(cred, mnt->mnt_sb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2765) FILESYSTEM__UNMOUNT, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2766) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2767)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2768) static int selinux_fs_context_dup(struct fs_context *fc,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2769) struct fs_context *src_fc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2770) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2771) const struct selinux_mnt_opts *src = src_fc->security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2772) struct selinux_mnt_opts *opts;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2773)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2774) if (!src)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2775) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2776)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2777) fc->security = kzalloc(sizeof(struct selinux_mnt_opts), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2778) if (!fc->security)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2779) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2780)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2781) opts = fc->security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2782)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2783) if (src->fscontext) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2784) opts->fscontext = kstrdup(src->fscontext, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2785) if (!opts->fscontext)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2786) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2787) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2788) if (src->context) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2789) opts->context = kstrdup(src->context, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2790) if (!opts->context)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2791) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2792) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2793) if (src->rootcontext) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2794) opts->rootcontext = kstrdup(src->rootcontext, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2795) if (!opts->rootcontext)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2796) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2797) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2798) if (src->defcontext) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2799) opts->defcontext = kstrdup(src->defcontext, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2800) if (!opts->defcontext)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2801) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2802) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2803) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2804) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2805)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2806) static const struct fs_parameter_spec selinux_fs_parameters[] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2807) fsparam_string(CONTEXT_STR, Opt_context),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2808) fsparam_string(DEFCONTEXT_STR, Opt_defcontext),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2809) fsparam_string(FSCONTEXT_STR, Opt_fscontext),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2810) fsparam_string(ROOTCONTEXT_STR, Opt_rootcontext),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2811) fsparam_flag (SECLABEL_STR, Opt_seclabel),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2812) {}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2813) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2814)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2815) static int selinux_fs_context_parse_param(struct fs_context *fc,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2816) struct fs_parameter *param)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2817) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2818) struct fs_parse_result result;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2819) int opt, rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2820)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2821) opt = fs_parse(fc, selinux_fs_parameters, param, &result);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2822) if (opt < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2823) return opt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2824)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2825) rc = selinux_add_opt(opt, param->string, &fc->security);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2826) if (!rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2827) param->string = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2828)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2829) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2830) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2831)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2832) /* inode security operations */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2833)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2834) static int selinux_inode_alloc_security(struct inode *inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2835) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2836) struct inode_security_struct *isec = selinux_inode(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2837) u32 sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2838)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2839) spin_lock_init(&isec->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2840) INIT_LIST_HEAD(&isec->list);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2841) isec->inode = inode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2842) isec->sid = SECINITSID_UNLABELED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2843) isec->sclass = SECCLASS_FILE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2844) isec->task_sid = sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2845) isec->initialized = LABEL_INVALID;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2846)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2847) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2848) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2849)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2850) static void selinux_inode_free_security(struct inode *inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2851) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2852) inode_free_security(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2853) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2854)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2855) static int selinux_dentry_init_security(struct dentry *dentry, int mode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2856) const struct qstr *name, void **ctx,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2857) u32 *ctxlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2858) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2859) u32 newsid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2860) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2861)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2862) rc = selinux_determine_inode_label(selinux_cred(current_cred()),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2863) d_inode(dentry->d_parent), name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2864) inode_mode_to_security_class(mode),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2865) &newsid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2866) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2867) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2868)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2869) return security_sid_to_context(&selinux_state, newsid, (char **)ctx,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2870) ctxlen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2871) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2872)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2873) static int selinux_dentry_create_files_as(struct dentry *dentry, int mode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2874) struct qstr *name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2875) const struct cred *old,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2876) struct cred *new)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2877) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2878) u32 newsid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2879) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2880) struct task_security_struct *tsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2881)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2882) rc = selinux_determine_inode_label(selinux_cred(old),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2883) d_inode(dentry->d_parent), name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2884) inode_mode_to_security_class(mode),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2885) &newsid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2886) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2887) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2888)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2889) tsec = selinux_cred(new);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2890) tsec->create_sid = newsid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2891) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2892) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2893)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2894) static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2895) const struct qstr *qstr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2896) const char **name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2897) void **value, size_t *len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2898) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2899) const struct task_security_struct *tsec = selinux_cred(current_cred());
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2900) struct superblock_security_struct *sbsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2901) u32 newsid, clen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2902) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2903) char *context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2904)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2905) sbsec = dir->i_sb->s_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2906)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2907) newsid = tsec->create_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2908)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2909) rc = selinux_determine_inode_label(tsec, dir, qstr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2910) inode_mode_to_security_class(inode->i_mode),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2911) &newsid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2912) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2913) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2914)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2915) /* Possibly defer initialization to selinux_complete_init. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2916) if (sbsec->flags & SE_SBINITIALIZED) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2917) struct inode_security_struct *isec = selinux_inode(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2918) isec->sclass = inode_mode_to_security_class(inode->i_mode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2919) isec->sid = newsid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2920) isec->initialized = LABEL_INITIALIZED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2921) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2922)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2923) if (!selinux_initialized(&selinux_state) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2924) !(sbsec->flags & SBLABEL_MNT))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2925) return -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2926)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2927) if (name)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2928) *name = XATTR_SELINUX_SUFFIX;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2929)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2930) if (value && len) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2931) rc = security_sid_to_context_force(&selinux_state, newsid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2932) &context, &clen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2933) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2934) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2935) *value = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2936) *len = clen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2937) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2938)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2939) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2940) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2941)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2942) static int selinux_inode_init_security_anon(struct inode *inode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2943) const struct qstr *name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2944) const struct inode *context_inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2945) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2946) const struct task_security_struct *tsec = selinux_cred(current_cred());
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2947) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2948) struct inode_security_struct *isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2949) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2950)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2951) if (unlikely(!selinux_initialized(&selinux_state)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2952) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2953)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2954) isec = selinux_inode(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2955)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2956) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2957) * We only get here once per ephemeral inode. The inode has
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2958) * been initialized via inode_alloc_security but is otherwise
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2959) * untouched.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2960) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2961)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2962) if (context_inode) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2963) struct inode_security_struct *context_isec =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2964) selinux_inode(context_inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2965) if (context_isec->initialized != LABEL_INITIALIZED) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2966) pr_err("SELinux: context_inode is not initialized");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2967) return -EACCES;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2968) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2969)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2970) isec->sclass = context_isec->sclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2971) isec->sid = context_isec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2972) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2973) isec->sclass = SECCLASS_ANON_INODE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2974) rc = security_transition_sid(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2975) &selinux_state, tsec->sid, tsec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2976) isec->sclass, name, &isec->sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2977) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2978) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2979) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2980)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2981) isec->initialized = LABEL_INITIALIZED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2982) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2983) * Now that we've initialized security, check whether we're
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2984) * allowed to actually create this type of anonymous inode.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2985) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2986)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2987) ad.type = LSM_AUDIT_DATA_INODE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2988) ad.u.inode = inode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2989)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2990) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2991) tsec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2992) isec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2993) isec->sclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2994) FILE__CREATE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2995) &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2996) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2997)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2998) static int selinux_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2999) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3000) return may_create(dir, dentry, SECCLASS_FILE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3001) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3002)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3003) static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3004) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3005) return may_link(dir, old_dentry, MAY_LINK);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3006) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3007)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3008) static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3009) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3010) return may_link(dir, dentry, MAY_UNLINK);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3011) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3012)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3013) static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3014) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3015) return may_create(dir, dentry, SECCLASS_LNK_FILE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3016) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3017)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3018) static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mask)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3019) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3020) return may_create(dir, dentry, SECCLASS_DIR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3021) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3022)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3023) static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3024) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3025) return may_link(dir, dentry, MAY_RMDIR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3026) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3027)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3028) static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3029) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3030) return may_create(dir, dentry, inode_mode_to_security_class(mode));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3031) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3032)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3033) static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3034) struct inode *new_inode, struct dentry *new_dentry)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3035) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3036) return may_rename(old_inode, old_dentry, new_inode, new_dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3037) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3038)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3039) static int selinux_inode_readlink(struct dentry *dentry)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3040) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3041) const struct cred *cred = current_cred();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3042)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3043) return dentry_has_perm(cred, dentry, FILE__READ);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3044) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3045)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3046) static int selinux_inode_follow_link(struct dentry *dentry, struct inode *inode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3047) bool rcu)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3048) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3049) const struct cred *cred = current_cred();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3050) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3051) struct inode_security_struct *isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3052) u32 sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3053)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3054) validate_creds(cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3055)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3056) ad.type = LSM_AUDIT_DATA_DENTRY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3057) ad.u.dentry = dentry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3058) sid = cred_sid(cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3059) isec = inode_security_rcu(inode, rcu);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3060) if (IS_ERR(isec))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3061) return PTR_ERR(isec);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3062)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3063) return avc_has_perm_flags(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3064) sid, isec->sid, isec->sclass, FILE__READ, &ad,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3065) rcu ? MAY_NOT_BLOCK : 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3066) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3067)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3068) static noinline int audit_inode_permission(struct inode *inode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3069) u32 perms, u32 audited, u32 denied,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3070) int result)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3071) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3072) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3073) struct inode_security_struct *isec = selinux_inode(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3074) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3075)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3076) ad.type = LSM_AUDIT_DATA_INODE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3077) ad.u.inode = inode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3078)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3079) rc = slow_avc_audit(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3080) current_sid(), isec->sid, isec->sclass, perms,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3081) audited, denied, result, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3082) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3083) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3084) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3085) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3086)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3087) static int selinux_inode_permission(struct inode *inode, int mask)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3088) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3089) const struct cred *cred = current_cred();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3090) u32 perms;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3091) bool from_access;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3092) bool no_block = mask & MAY_NOT_BLOCK;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3093) struct inode_security_struct *isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3094) u32 sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3095) struct av_decision avd;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3096) int rc, rc2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3097) u32 audited, denied;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3098)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3099) from_access = mask & MAY_ACCESS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3100) mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3101)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3102) /* No permission to check. Existence test. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3103) if (!mask)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3104) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3105)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3106) validate_creds(cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3107)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3108) if (unlikely(IS_PRIVATE(inode)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3109) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3110)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3111) perms = file_mask_to_av(inode->i_mode, mask);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3112)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3113) sid = cred_sid(cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3114) isec = inode_security_rcu(inode, no_block);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3115) if (IS_ERR(isec))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3116) return PTR_ERR(isec);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3117)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3118) rc = avc_has_perm_noaudit(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3119) sid, isec->sid, isec->sclass, perms,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3120) no_block ? AVC_NONBLOCKING : 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3121) &avd);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3122) audited = avc_audit_required(perms, &avd, rc,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3123) from_access ? FILE__AUDIT_ACCESS : 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3124) &denied);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3125) if (likely(!audited))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3126) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3127)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3128) /* fall back to ref-walk if we have to generate audit */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3129) if (no_block)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3130) return -ECHILD;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3131)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3132) rc2 = audit_inode_permission(inode, perms, audited, denied, rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3133) if (rc2)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3134) return rc2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3135) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3136) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3137)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3138) static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3139) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3140) const struct cred *cred = current_cred();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3141) struct inode *inode = d_backing_inode(dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3142) unsigned int ia_valid = iattr->ia_valid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3143) __u32 av = FILE__WRITE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3144)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3145) /* ATTR_FORCE is just used for ATTR_KILL_S[UG]ID. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3146) if (ia_valid & ATTR_FORCE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3147) ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_MODE |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3148) ATTR_FORCE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3149) if (!ia_valid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3150) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3151) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3152)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3153) if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3154) ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3155) return dentry_has_perm(cred, dentry, FILE__SETATTR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3156)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3157) if (selinux_policycap_openperm() &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3158) inode->i_sb->s_magic != SOCKFS_MAGIC &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3159) (ia_valid & ATTR_SIZE) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3160) !(ia_valid & ATTR_FILE))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3161) av |= FILE__OPEN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3162)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3163) return dentry_has_perm(cred, dentry, av);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3164) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3165)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3166) static int selinux_inode_getattr(const struct path *path)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3167) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3168) return path_has_perm(current_cred(), path, FILE__GETATTR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3169) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3170)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3171) static bool has_cap_mac_admin(bool audit)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3172) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3173) const struct cred *cred = current_cred();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3174) unsigned int opts = audit ? CAP_OPT_NONE : CAP_OPT_NOAUDIT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3175)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3176) if (cap_capable(cred, &init_user_ns, CAP_MAC_ADMIN, opts))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3177) return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3178) if (cred_has_capability(cred, CAP_MAC_ADMIN, opts, true))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3179) return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3180) return true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3181) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3182)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3183) static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3184) const void *value, size_t size, int flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3185) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3186) struct inode *inode = d_backing_inode(dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3187) struct inode_security_struct *isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3188) struct superblock_security_struct *sbsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3189) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3190) u32 newsid, sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3191) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3192)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3193) if (strcmp(name, XATTR_NAME_SELINUX)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3194) rc = cap_inode_setxattr(dentry, name, value, size, flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3195) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3196) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3197)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3198) /* Not an attribute we recognize, so just check the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3199) ordinary setattr permission. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3200) return dentry_has_perm(current_cred(), dentry, FILE__SETATTR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3201) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3202)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3203) if (!selinux_initialized(&selinux_state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3204) return (inode_owner_or_capable(inode) ? 0 : -EPERM);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3205)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3206) sbsec = inode->i_sb->s_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3207) if (!(sbsec->flags & SBLABEL_MNT))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3208) return -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3209)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3210) if (!inode_owner_or_capable(inode))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3211) return -EPERM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3212)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3213) ad.type = LSM_AUDIT_DATA_DENTRY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3214) ad.u.dentry = dentry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3215)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3216) isec = backing_inode_security(dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3217) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3218) sid, isec->sid, isec->sclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3219) FILE__RELABELFROM, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3220) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3221) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3222)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3223) rc = security_context_to_sid(&selinux_state, value, size, &newsid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3224) GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3225) if (rc == -EINVAL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3226) if (!has_cap_mac_admin(true)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3227) struct audit_buffer *ab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3228) size_t audit_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3229)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3230) /* We strip a nul only if it is at the end, otherwise the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3231) * context contains a nul and we should audit that */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3232) if (value) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3233) const char *str = value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3234)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3235) if (str[size - 1] == '\0')
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3236) audit_size = size - 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3237) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3238) audit_size = size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3239) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3240) audit_size = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3241) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3242) ab = audit_log_start(audit_context(),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3243) GFP_ATOMIC, AUDIT_SELINUX_ERR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3244) audit_log_format(ab, "op=setxattr invalid_context=");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3245) audit_log_n_untrustedstring(ab, value, audit_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3246) audit_log_end(ab);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3247)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3248) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3249) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3250) rc = security_context_to_sid_force(&selinux_state, value,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3251) size, &newsid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3252) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3253) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3254) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3255)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3256) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3257) sid, newsid, isec->sclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3258) FILE__RELABELTO, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3259) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3260) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3261)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3262) rc = security_validate_transition(&selinux_state, isec->sid, newsid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3263) sid, isec->sclass);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3264) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3265) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3266)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3267) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3268) newsid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3269) sbsec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3270) SECCLASS_FILESYSTEM,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3271) FILESYSTEM__ASSOCIATE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3272) &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3273) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3274)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3275) static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3276) const void *value, size_t size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3277) int flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3278) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3279) struct inode *inode = d_backing_inode(dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3280) struct inode_security_struct *isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3281) u32 newsid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3282) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3283)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3284) if (strcmp(name, XATTR_NAME_SELINUX)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3285) /* Not an attribute we recognize, so nothing to do. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3286) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3287) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3288)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3289) if (!selinux_initialized(&selinux_state)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3290) /* If we haven't even been initialized, then we can't validate
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3291) * against a policy, so leave the label as invalid. It may
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3292) * resolve to a valid label on the next revalidation try if
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3293) * we've since initialized.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3294) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3295) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3296) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3297)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3298) rc = security_context_to_sid_force(&selinux_state, value, size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3299) &newsid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3300) if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3301) pr_err("SELinux: unable to map context to SID"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3302) "for (%s, %lu), rc=%d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3303) inode->i_sb->s_id, inode->i_ino, -rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3304) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3305) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3306)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3307) isec = backing_inode_security(dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3308) spin_lock(&isec->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3309) isec->sclass = inode_mode_to_security_class(inode->i_mode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3310) isec->sid = newsid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3311) isec->initialized = LABEL_INITIALIZED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3312) spin_unlock(&isec->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3313)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3314) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3315) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3316)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3317) static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3318) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3319) const struct cred *cred = current_cred();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3320)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3321) return dentry_has_perm(cred, dentry, FILE__GETATTR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3322) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3323)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3324) static int selinux_inode_listxattr(struct dentry *dentry)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3325) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3326) const struct cred *cred = current_cred();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3327)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3328) return dentry_has_perm(cred, dentry, FILE__GETATTR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3329) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3330)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3331) static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3332) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3333) if (strcmp(name, XATTR_NAME_SELINUX)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3334) int rc = cap_inode_removexattr(dentry, name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3335) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3336) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3337)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3338) /* Not an attribute we recognize, so just check the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3339) ordinary setattr permission. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3340) return dentry_has_perm(current_cred(), dentry, FILE__SETATTR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3341) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3342)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3343) if (!selinux_initialized(&selinux_state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3344) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3345)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3346) /* No one is allowed to remove a SELinux security label.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3347) You can change the label, but all data must be labeled. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3348) return -EACCES;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3349) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3350)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3351) static int selinux_path_notify(const struct path *path, u64 mask,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3352) unsigned int obj_type)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3353) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3354) int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3355) u32 perm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3356)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3357) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3358)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3359) ad.type = LSM_AUDIT_DATA_PATH;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3360) ad.u.path = *path;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3361)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3362) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3363) * Set permission needed based on the type of mark being set.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3364) * Performs an additional check for sb watches.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3365) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3366) switch (obj_type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3367) case FSNOTIFY_OBJ_TYPE_VFSMOUNT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3368) perm = FILE__WATCH_MOUNT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3369) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3370) case FSNOTIFY_OBJ_TYPE_SB:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3371) perm = FILE__WATCH_SB;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3372) ret = superblock_has_perm(current_cred(), path->dentry->d_sb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3373) FILESYSTEM__WATCH, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3374) if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3375) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3376) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3377) case FSNOTIFY_OBJ_TYPE_INODE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3378) perm = FILE__WATCH;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3379) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3380) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3381) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3382) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3383)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3384) /* blocking watches require the file:watch_with_perm permission */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3385) if (mask & (ALL_FSNOTIFY_PERM_EVENTS))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3386) perm |= FILE__WATCH_WITH_PERM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3387)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3388) /* watches on read-like events need the file:watch_reads permission */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3389) if (mask & (FS_ACCESS | FS_ACCESS_PERM | FS_CLOSE_NOWRITE))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3390) perm |= FILE__WATCH_READS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3391)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3392) return path_has_perm(current_cred(), path, perm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3393) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3394)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3395) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3396) * Copy the inode security context value to the user.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3397) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3398) * Permission check is handled by selinux_inode_getxattr hook.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3399) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3400) static int selinux_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3401) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3402) u32 size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3403) int error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3404) char *context = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3405) struct inode_security_struct *isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3406)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3407) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3408) * If we're not initialized yet, then we can't validate contexts, so
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3409) * just let vfs_getxattr fall back to using the on-disk xattr.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3410) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3411) if (!selinux_initialized(&selinux_state) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3412) strcmp(name, XATTR_SELINUX_SUFFIX))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3413) return -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3414)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3415) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3416) * If the caller has CAP_MAC_ADMIN, then get the raw context
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3417) * value even if it is not defined by current policy; otherwise,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3418) * use the in-core value under current policy.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3419) * Use the non-auditing forms of the permission checks since
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3420) * getxattr may be called by unprivileged processes commonly
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3421) * and lack of permission just means that we fall back to the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3422) * in-core context value, not a denial.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3423) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3424) isec = inode_security(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3425) if (has_cap_mac_admin(false))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3426) error = security_sid_to_context_force(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3427) isec->sid, &context,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3428) &size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3429) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3430) error = security_sid_to_context(&selinux_state, isec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3431) &context, &size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3432) if (error)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3433) return error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3434) error = size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3435) if (alloc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3436) *buffer = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3437) goto out_nofree;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3438) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3439) kfree(context);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3440) out_nofree:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3441) return error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3442) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3443)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3444) static int selinux_inode_setsecurity(struct inode *inode, const char *name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3445) const void *value, size_t size, int flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3446) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3447) struct inode_security_struct *isec = inode_security_novalidate(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3448) struct superblock_security_struct *sbsec = inode->i_sb->s_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3449) u32 newsid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3450) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3451)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3452) if (strcmp(name, XATTR_SELINUX_SUFFIX))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3453) return -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3454)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3455) if (!(sbsec->flags & SBLABEL_MNT))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3456) return -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3457)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3458) if (!value || !size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3459) return -EACCES;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3460)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3461) rc = security_context_to_sid(&selinux_state, value, size, &newsid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3462) GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3463) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3464) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3465)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3466) spin_lock(&isec->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3467) isec->sclass = inode_mode_to_security_class(inode->i_mode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3468) isec->sid = newsid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3469) isec->initialized = LABEL_INITIALIZED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3470) spin_unlock(&isec->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3471) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3472) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3473)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3474) static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3475) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3476) const int len = sizeof(XATTR_NAME_SELINUX);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3477)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3478) if (!selinux_initialized(&selinux_state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3479) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3480)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3481) if (buffer && len <= buffer_size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3482) memcpy(buffer, XATTR_NAME_SELINUX, len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3483) return len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3484) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3485)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3486) static void selinux_inode_getsecid(struct inode *inode, u32 *secid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3487) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3488) struct inode_security_struct *isec = inode_security_novalidate(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3489) *secid = isec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3490) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3491)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3492) static int selinux_inode_copy_up(struct dentry *src, struct cred **new)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3493) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3494) u32 sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3495) struct task_security_struct *tsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3496) struct cred *new_creds = *new;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3497)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3498) if (new_creds == NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3499) new_creds = prepare_creds();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3500) if (!new_creds)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3501) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3502) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3503)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3504) tsec = selinux_cred(new_creds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3505) /* Get label from overlay inode and set it in create_sid */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3506) selinux_inode_getsecid(d_inode(src), &sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3507) tsec->create_sid = sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3508) *new = new_creds;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3509) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3510) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3511)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3512) static int selinux_inode_copy_up_xattr(const char *name)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3513) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3514) /* The copy_up hook above sets the initial context on an inode, but we
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3515) * don't then want to overwrite it by blindly copying all the lower
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3516) * xattrs up. Instead, we have to filter out SELinux-related xattrs.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3517) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3518) if (strcmp(name, XATTR_NAME_SELINUX) == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3519) return 1; /* Discard */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3520) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3521) * Any other attribute apart from SELINUX is not claimed, supported
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3522) * by selinux.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3523) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3524) return -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3525) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3526)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3527) /* kernfs node operations */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3528)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3529) static int selinux_kernfs_init_security(struct kernfs_node *kn_dir,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3530) struct kernfs_node *kn)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3531) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3532) const struct task_security_struct *tsec = selinux_cred(current_cred());
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3533) u32 parent_sid, newsid, clen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3534) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3535) char *context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3536)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3537) rc = kernfs_xattr_get(kn_dir, XATTR_NAME_SELINUX, NULL, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3538) if (rc == -ENODATA)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3539) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3540) else if (rc < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3541) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3542)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3543) clen = (u32)rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3544) context = kmalloc(clen, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3545) if (!context)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3546) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3547)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3548) rc = kernfs_xattr_get(kn_dir, XATTR_NAME_SELINUX, context, clen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3549) if (rc < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3550) kfree(context);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3551) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3552) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3553)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3554) rc = security_context_to_sid(&selinux_state, context, clen, &parent_sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3555) GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3556) kfree(context);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3557) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3558) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3559)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3560) if (tsec->create_sid) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3561) newsid = tsec->create_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3562) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3563) u16 secclass = inode_mode_to_security_class(kn->mode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3564) struct qstr q;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3565)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3566) q.name = kn->name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3567) q.hash_len = hashlen_string(kn_dir, kn->name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3568)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3569) rc = security_transition_sid(&selinux_state, tsec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3570) parent_sid, secclass, &q,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3571) &newsid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3572) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3573) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3574) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3575)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3576) rc = security_sid_to_context_force(&selinux_state, newsid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3577) &context, &clen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3578) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3579) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3580)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3581) rc = kernfs_xattr_set(kn, XATTR_NAME_SELINUX, context, clen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3582) XATTR_CREATE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3583) kfree(context);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3584) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3585) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3586)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3587)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3588) /* file security operations */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3589)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3590) static int selinux_revalidate_file_permission(struct file *file, int mask)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3591) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3592) const struct cred *cred = current_cred();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3593) struct inode *inode = file_inode(file);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3594)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3595) /* file_mask_to_av won't add FILE__WRITE if MAY_APPEND is set */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3596) if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3597) mask |= MAY_APPEND;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3598)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3599) return file_has_perm(cred, file,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3600) file_mask_to_av(inode->i_mode, mask));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3601) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3602)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3603) static int selinux_file_permission(struct file *file, int mask)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3604) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3605) struct inode *inode = file_inode(file);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3606) struct file_security_struct *fsec = selinux_file(file);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3607) struct inode_security_struct *isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3608) u32 sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3609)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3610) if (!mask)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3611) /* No permission to check. Existence test. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3612) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3613)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3614) isec = inode_security(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3615) if (sid == fsec->sid && fsec->isid == isec->sid &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3616) fsec->pseqno == avc_policy_seqno(&selinux_state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3617) /* No change since file_open check. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3618) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3619)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3620) return selinux_revalidate_file_permission(file, mask);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3621) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3622)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3623) static int selinux_file_alloc_security(struct file *file)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3624) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3625) struct file_security_struct *fsec = selinux_file(file);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3626) u32 sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3627)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3628) fsec->sid = sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3629) fsec->fown_sid = sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3630)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3631) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3632) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3633)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3634) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3635) * Check whether a task has the ioctl permission and cmd
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3636) * operation to an inode.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3637) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3638) static int ioctl_has_perm(const struct cred *cred, struct file *file,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3639) u32 requested, u16 cmd)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3640) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3641) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3642) struct file_security_struct *fsec = selinux_file(file);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3643) struct inode *inode = file_inode(file);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3644) struct inode_security_struct *isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3645) struct lsm_ioctlop_audit ioctl;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3646) u32 ssid = cred_sid(cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3647) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3648) u8 driver = cmd >> 8;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3649) u8 xperm = cmd & 0xff;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3650)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3651) ad.type = LSM_AUDIT_DATA_IOCTL_OP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3652) ad.u.op = &ioctl;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3653) ad.u.op->cmd = cmd;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3654) ad.u.op->path = file->f_path;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3655)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3656) if (ssid != fsec->sid) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3657) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3658) ssid, fsec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3659) SECCLASS_FD,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3660) FD__USE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3661) &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3662) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3663) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3664) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3665)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3666) if (unlikely(IS_PRIVATE(inode)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3667) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3668)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3669) isec = inode_security(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3670) rc = avc_has_extended_perms(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3671) ssid, isec->sid, isec->sclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3672) requested, driver, xperm, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3673) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3674) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3675) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3676)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3677) static int selinux_file_ioctl(struct file *file, unsigned int cmd,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3678) unsigned long arg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3679) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3680) const struct cred *cred = current_cred();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3681) int error = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3682)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3683) switch (cmd) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3684) case FIONREAD:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3685) case FIBMAP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3686) case FIGETBSZ:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3687) case FS_IOC_GETFLAGS:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3688) case FS_IOC_GETVERSION:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3689) error = file_has_perm(cred, file, FILE__GETATTR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3690) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3691)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3692) case FS_IOC_SETFLAGS:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3693) case FS_IOC_SETVERSION:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3694) error = file_has_perm(cred, file, FILE__SETATTR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3695) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3696)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3697) /* sys_ioctl() checks */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3698) case FIONBIO:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3699) case FIOASYNC:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3700) error = file_has_perm(cred, file, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3701) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3702)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3703) case KDSKBENT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3704) case KDSKBSENT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3705) error = cred_has_capability(cred, CAP_SYS_TTY_CONFIG,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3706) CAP_OPT_NONE, true);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3707) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3708)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3709) case FIOCLEX:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3710) case FIONCLEX:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3711) if (!selinux_policycap_ioctl_skip_cloexec())
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3712) error = ioctl_has_perm(cred, file, FILE__IOCTL, (u16) cmd);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3713) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3714)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3715) /* default case assumes that the command will go
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3716) * to the file's ioctl() function.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3717) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3718) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3719) error = ioctl_has_perm(cred, file, FILE__IOCTL, (u16) cmd);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3720) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3721) return error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3722) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3723)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3724) static int default_noexec __ro_after_init;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3725)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3726) static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3727) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3728) const struct cred *cred = current_cred();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3729) u32 sid = cred_sid(cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3730) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3731)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3732) if (default_noexec &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3733) (prot & PROT_EXEC) && (!file || IS_PRIVATE(file_inode(file)) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3734) (!shared && (prot & PROT_WRITE)))) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3735) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3736) * We are making executable an anonymous mapping or a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3737) * private file mapping that will also be writable.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3738) * This has an additional check.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3739) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3740) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3741) sid, sid, SECCLASS_PROCESS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3742) PROCESS__EXECMEM, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3743) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3744) goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3745) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3746)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3747) if (file) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3748) /* read access is always possible with a mapping */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3749) u32 av = FILE__READ;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3750)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3751) /* write access only matters if the mapping is shared */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3752) if (shared && (prot & PROT_WRITE))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3753) av |= FILE__WRITE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3754)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3755) if (prot & PROT_EXEC)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3756) av |= FILE__EXECUTE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3757)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3758) return file_has_perm(cred, file, av);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3759) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3760)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3761) error:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3762) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3763) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3764)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3765) static int selinux_mmap_addr(unsigned long addr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3766) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3767) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3768)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3769) if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3770) u32 sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3771) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3772) sid, sid, SECCLASS_MEMPROTECT,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3773) MEMPROTECT__MMAP_ZERO, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3774) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3775)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3776) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3777) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3778)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3779) static int selinux_mmap_file(struct file *file, unsigned long reqprot,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3780) unsigned long prot, unsigned long flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3781) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3782) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3783) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3784)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3785) if (file) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3786) ad.type = LSM_AUDIT_DATA_FILE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3787) ad.u.file = file;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3788) rc = inode_has_perm(current_cred(), file_inode(file),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3789) FILE__MAP, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3790) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3791) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3792) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3793)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3794) if (checkreqprot_get(&selinux_state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3795) prot = reqprot;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3796)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3797) return file_map_prot_check(file, prot,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3798) (flags & MAP_TYPE) == MAP_SHARED);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3799) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3800)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3801) static int selinux_file_mprotect(struct vm_area_struct *vma,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3802) unsigned long reqprot,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3803) unsigned long prot)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3804) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3805) const struct cred *cred = current_cred();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3806) u32 sid = cred_sid(cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3807)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3808) if (checkreqprot_get(&selinux_state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3809) prot = reqprot;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3810)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3811) if (default_noexec &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3812) (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3813) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3814) if (vma->vm_start >= vma->vm_mm->start_brk &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3815) vma->vm_end <= vma->vm_mm->brk) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3816) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3817) sid, sid, SECCLASS_PROCESS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3818) PROCESS__EXECHEAP, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3819) } else if (!vma->vm_file &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3820) ((vma->vm_start <= vma->vm_mm->start_stack &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3821) vma->vm_end >= vma->vm_mm->start_stack) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3822) vma_is_stack_for_current(vma))) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3823) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3824) sid, sid, SECCLASS_PROCESS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3825) PROCESS__EXECSTACK, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3826) } else if (vma->vm_file && vma->anon_vma) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3827) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3828) * We are making executable a file mapping that has
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3829) * had some COW done. Since pages might have been
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3830) * written, check ability to execute the possibly
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3831) * modified content. This typically should only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3832) * occur for text relocations.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3833) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3834) rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3835) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3836) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3837) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3838) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3839)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3840) return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3841) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3842)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3843) static int selinux_file_lock(struct file *file, unsigned int cmd)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3844) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3845) const struct cred *cred = current_cred();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3846)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3847) return file_has_perm(cred, file, FILE__LOCK);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3848) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3849)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3850) static int selinux_file_fcntl(struct file *file, unsigned int cmd,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3851) unsigned long arg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3852) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3853) const struct cred *cred = current_cred();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3854) int err = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3855)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3856) switch (cmd) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3857) case F_SETFL:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3858) if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3859) err = file_has_perm(cred, file, FILE__WRITE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3860) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3861) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3862) fallthrough;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3863) case F_SETOWN:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3864) case F_SETSIG:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3865) case F_GETFL:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3866) case F_GETOWN:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3867) case F_GETSIG:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3868) case F_GETOWNER_UIDS:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3869) /* Just check FD__USE permission */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3870) err = file_has_perm(cred, file, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3871) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3872) case F_GETLK:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3873) case F_SETLK:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3874) case F_SETLKW:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3875) case F_OFD_GETLK:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3876) case F_OFD_SETLK:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3877) case F_OFD_SETLKW:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3878) #if BITS_PER_LONG == 32
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3879) case F_GETLK64:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3880) case F_SETLK64:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3881) case F_SETLKW64:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3882) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3883) err = file_has_perm(cred, file, FILE__LOCK);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3884) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3885) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3886)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3887) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3888) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3889)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3890) static void selinux_file_set_fowner(struct file *file)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3891) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3892) struct file_security_struct *fsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3893)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3894) fsec = selinux_file(file);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3895) fsec->fown_sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3896) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3897)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3898) static int selinux_file_send_sigiotask(struct task_struct *tsk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3899) struct fown_struct *fown, int signum)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3900) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3901) struct file *file;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3902) u32 sid = task_sid(tsk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3903) u32 perm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3904) struct file_security_struct *fsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3905)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3906) /* struct fown_struct is never outside the context of a struct file */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3907) file = container_of(fown, struct file, f_owner);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3908)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3909) fsec = selinux_file(file);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3910)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3911) if (!signum)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3912) perm = signal_to_av(SIGIO); /* as per send_sigio_to_task */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3913) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3914) perm = signal_to_av(signum);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3915)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3916) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3917) fsec->fown_sid, sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3918) SECCLASS_PROCESS, perm, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3919) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3920)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3921) static int selinux_file_receive(struct file *file)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3922) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3923) const struct cred *cred = current_cred();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3924)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3925) return file_has_perm(cred, file, file_to_av(file));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3926) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3927)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3928) static int selinux_file_open(struct file *file)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3929) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3930) struct file_security_struct *fsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3931) struct inode_security_struct *isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3932)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3933) fsec = selinux_file(file);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3934) isec = inode_security(file_inode(file));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3935) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3936) * Save inode label and policy sequence number
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3937) * at open-time so that selinux_file_permission
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3938) * can determine whether revalidation is necessary.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3939) * Task label is already saved in the file security
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3940) * struct as its SID.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3941) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3942) fsec->isid = isec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3943) fsec->pseqno = avc_policy_seqno(&selinux_state);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3944) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3945) * Since the inode label or policy seqno may have changed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3946) * between the selinux_inode_permission check and the saving
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3947) * of state above, recheck that access is still permitted.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3948) * Otherwise, access might never be revalidated against the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3949) * new inode label or new policy.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3950) * This check is not redundant - do not remove.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3951) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3952) return file_path_has_perm(file->f_cred, file, open_file_to_av(file));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3953) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3954)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3955) /* task security operations */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3956)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3957) static int selinux_task_alloc(struct task_struct *task,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3958) unsigned long clone_flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3959) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3960) u32 sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3961)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3962) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3963) sid, sid, SECCLASS_PROCESS, PROCESS__FORK, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3964) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3965)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3966) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3967) * prepare a new set of credentials for modification
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3968) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3969) static int selinux_cred_prepare(struct cred *new, const struct cred *old,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3970) gfp_t gfp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3971) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3972) const struct task_security_struct *old_tsec = selinux_cred(old);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3973) struct task_security_struct *tsec = selinux_cred(new);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3974)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3975) *tsec = *old_tsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3976) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3977) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3978)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3979) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3980) * transfer the SELinux data to a blank set of creds
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3981) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3982) static void selinux_cred_transfer(struct cred *new, const struct cred *old)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3983) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3984) const struct task_security_struct *old_tsec = selinux_cred(old);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3985) struct task_security_struct *tsec = selinux_cred(new);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3986)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3987) *tsec = *old_tsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3988) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3989)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3990) static void selinux_cred_getsecid(const struct cred *c, u32 *secid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3991) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3992) *secid = cred_sid(c);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3993) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3994)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3995) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3996) * set the security data for a kernel service
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3997) * - all the creation contexts are set to unlabelled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3998) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3999) static int selinux_kernel_act_as(struct cred *new, u32 secid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4000) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4001) struct task_security_struct *tsec = selinux_cred(new);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4002) u32 sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4003) int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4004)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4005) ret = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4006) sid, secid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4007) SECCLASS_KERNEL_SERVICE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4008) KERNEL_SERVICE__USE_AS_OVERRIDE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4009) NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4010) if (ret == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4011) tsec->sid = secid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4012) tsec->create_sid = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4013) tsec->keycreate_sid = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4014) tsec->sockcreate_sid = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4015) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4016) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4017) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4018)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4019) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4020) * set the file creation context in a security record to the same as the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4021) * objective context of the specified inode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4022) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4023) static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4024) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4025) struct inode_security_struct *isec = inode_security(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4026) struct task_security_struct *tsec = selinux_cred(new);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4027) u32 sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4028) int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4029)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4030) ret = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4031) sid, isec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4032) SECCLASS_KERNEL_SERVICE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4033) KERNEL_SERVICE__CREATE_FILES_AS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4034) NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4035)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4036) if (ret == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4037) tsec->create_sid = isec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4038) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4039) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4040)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4041) static int selinux_kernel_module_request(char *kmod_name)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4042) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4043) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4044)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4045) ad.type = LSM_AUDIT_DATA_KMOD;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4046) ad.u.kmod_name = kmod_name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4047)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4048) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4049) current_sid(), SECINITSID_KERNEL, SECCLASS_SYSTEM,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4050) SYSTEM__MODULE_REQUEST, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4051) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4052)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4053) static int selinux_kernel_module_from_file(struct file *file)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4054) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4055) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4056) struct inode_security_struct *isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4057) struct file_security_struct *fsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4058) u32 sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4059) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4060)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4061) /* init_module */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4062) if (file == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4063) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4064) sid, sid, SECCLASS_SYSTEM,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4065) SYSTEM__MODULE_LOAD, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4066)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4067) /* finit_module */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4068)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4069) ad.type = LSM_AUDIT_DATA_FILE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4070) ad.u.file = file;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4071)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4072) fsec = selinux_file(file);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4073) if (sid != fsec->sid) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4074) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4075) sid, fsec->sid, SECCLASS_FD, FD__USE, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4076) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4077) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4078) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4079)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4080) isec = inode_security(file_inode(file));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4081) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4082) sid, isec->sid, SECCLASS_SYSTEM,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4083) SYSTEM__MODULE_LOAD, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4084) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4085)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4086) static int selinux_kernel_read_file(struct file *file,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4087) enum kernel_read_file_id id,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4088) bool contents)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4089) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4090) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4091)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4092) switch (id) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4093) case READING_MODULE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4094) rc = selinux_kernel_module_from_file(contents ? file : NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4095) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4096) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4097) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4098) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4099)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4100) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4101) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4102)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4103) static int selinux_kernel_load_data(enum kernel_load_data_id id, bool contents)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4104) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4105) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4106)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4107) switch (id) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4108) case LOADING_MODULE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4109) rc = selinux_kernel_module_from_file(NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4110) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4111) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4112) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4113)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4114) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4115) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4116)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4117) static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4118) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4119) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4120) current_sid(), task_sid(p), SECCLASS_PROCESS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4121) PROCESS__SETPGID, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4122) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4123)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4124) static int selinux_task_getpgid(struct task_struct *p)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4125) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4126) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4127) current_sid(), task_sid(p), SECCLASS_PROCESS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4128) PROCESS__GETPGID, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4129) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4130)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4131) static int selinux_task_getsid(struct task_struct *p)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4132) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4133) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4134) current_sid(), task_sid(p), SECCLASS_PROCESS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4135) PROCESS__GETSESSION, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4136) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4137)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4138) static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4139) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4140) *secid = task_sid(p);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4141) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4142)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4143) static int selinux_task_setnice(struct task_struct *p, int nice)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4144) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4145) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4146) current_sid(), task_sid(p), SECCLASS_PROCESS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4147) PROCESS__SETSCHED, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4148) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4149)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4150) static int selinux_task_setioprio(struct task_struct *p, int ioprio)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4151) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4152) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4153) current_sid(), task_sid(p), SECCLASS_PROCESS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4154) PROCESS__SETSCHED, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4155) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4156)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4157) static int selinux_task_getioprio(struct task_struct *p)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4158) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4159) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4160) current_sid(), task_sid(p), SECCLASS_PROCESS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4161) PROCESS__GETSCHED, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4162) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4163)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4164) static int selinux_task_prlimit(const struct cred *cred, const struct cred *tcred,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4165) unsigned int flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4166) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4167) u32 av = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4168)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4169) if (!flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4170) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4171) if (flags & LSM_PRLIMIT_WRITE)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4172) av |= PROCESS__SETRLIMIT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4173) if (flags & LSM_PRLIMIT_READ)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4174) av |= PROCESS__GETRLIMIT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4175) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4176) cred_sid(cred), cred_sid(tcred),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4177) SECCLASS_PROCESS, av, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4178) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4179)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4180) static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4181) struct rlimit *new_rlim)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4182) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4183) struct rlimit *old_rlim = p->signal->rlim + resource;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4184)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4185) /* Control the ability to change the hard limit (whether
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4186) lowering or raising it), so that the hard limit can
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4187) later be used as a safe reset point for the soft limit
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4188) upon context transitions. See selinux_bprm_committing_creds. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4189) if (old_rlim->rlim_max != new_rlim->rlim_max)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4190) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4191) current_sid(), task_sid(p),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4192) SECCLASS_PROCESS, PROCESS__SETRLIMIT, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4193)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4194) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4195) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4196)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4197) static int selinux_task_setscheduler(struct task_struct *p)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4198) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4199) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4200) current_sid(), task_sid(p), SECCLASS_PROCESS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4201) PROCESS__SETSCHED, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4202) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4203)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4204) static int selinux_task_getscheduler(struct task_struct *p)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4205) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4206) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4207) current_sid(), task_sid(p), SECCLASS_PROCESS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4208) PROCESS__GETSCHED, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4209) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4210)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4211) static int selinux_task_movememory(struct task_struct *p)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4212) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4213) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4214) current_sid(), task_sid(p), SECCLASS_PROCESS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4215) PROCESS__SETSCHED, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4216) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4217)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4218) static int selinux_task_kill(struct task_struct *p, struct kernel_siginfo *info,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4219) int sig, const struct cred *cred)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4220) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4221) u32 secid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4222) u32 perm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4223)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4224) if (!sig)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4225) perm = PROCESS__SIGNULL; /* null signal; existence test */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4226) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4227) perm = signal_to_av(sig);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4228) if (!cred)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4229) secid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4230) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4231) secid = cred_sid(cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4232) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4233) secid, task_sid(p), SECCLASS_PROCESS, perm, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4234) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4235)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4236) static void selinux_task_to_inode(struct task_struct *p,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4237) struct inode *inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4238) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4239) struct inode_security_struct *isec = selinux_inode(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4240) u32 sid = task_sid(p);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4241)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4242) spin_lock(&isec->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4243) isec->sclass = inode_mode_to_security_class(inode->i_mode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4244) isec->sid = sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4245) isec->initialized = LABEL_INITIALIZED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4246) spin_unlock(&isec->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4247) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4248)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4249) /* Returns error only if unable to parse addresses */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4250) static int selinux_parse_skb_ipv4(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4251) struct common_audit_data *ad, u8 *proto)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4252) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4253) int offset, ihlen, ret = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4254) struct iphdr _iph, *ih;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4255)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4256) offset = skb_network_offset(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4257) ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4258) if (ih == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4259) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4260)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4261) ihlen = ih->ihl * 4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4262) if (ihlen < sizeof(_iph))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4263) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4264)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4265) ad->u.net->v4info.saddr = ih->saddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4266) ad->u.net->v4info.daddr = ih->daddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4267) ret = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4268)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4269) if (proto)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4270) *proto = ih->protocol;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4271)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4272) switch (ih->protocol) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4273) case IPPROTO_TCP: {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4274) struct tcphdr _tcph, *th;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4275)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4276) if (ntohs(ih->frag_off) & IP_OFFSET)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4277) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4278)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4279) offset += ihlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4280) th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4281) if (th == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4282) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4283)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4284) ad->u.net->sport = th->source;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4285) ad->u.net->dport = th->dest;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4286) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4287) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4288)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4289) case IPPROTO_UDP: {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4290) struct udphdr _udph, *uh;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4291)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4292) if (ntohs(ih->frag_off) & IP_OFFSET)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4293) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4294)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4295) offset += ihlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4296) uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4297) if (uh == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4298) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4299)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4300) ad->u.net->sport = uh->source;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4301) ad->u.net->dport = uh->dest;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4302) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4303) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4304)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4305) case IPPROTO_DCCP: {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4306) struct dccp_hdr _dccph, *dh;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4307)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4308) if (ntohs(ih->frag_off) & IP_OFFSET)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4309) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4310)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4311) offset += ihlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4312) dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4313) if (dh == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4314) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4315)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4316) ad->u.net->sport = dh->dccph_sport;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4317) ad->u.net->dport = dh->dccph_dport;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4318) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4319) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4320)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4321) #if IS_ENABLED(CONFIG_IP_SCTP)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4322) case IPPROTO_SCTP: {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4323) struct sctphdr _sctph, *sh;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4324)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4325) if (ntohs(ih->frag_off) & IP_OFFSET)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4326) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4327)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4328) offset += ihlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4329) sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4330) if (sh == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4331) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4332)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4333) ad->u.net->sport = sh->source;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4334) ad->u.net->dport = sh->dest;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4335) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4336) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4337) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4338) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4339) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4340) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4341) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4342) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4343) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4344)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4345) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4346)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4347) /* Returns error only if unable to parse addresses */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4348) static int selinux_parse_skb_ipv6(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4349) struct common_audit_data *ad, u8 *proto)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4350) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4351) u8 nexthdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4352) int ret = -EINVAL, offset;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4353) struct ipv6hdr _ipv6h, *ip6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4354) __be16 frag_off;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4355)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4356) offset = skb_network_offset(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4357) ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4358) if (ip6 == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4359) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4360)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4361) ad->u.net->v6info.saddr = ip6->saddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4362) ad->u.net->v6info.daddr = ip6->daddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4363) ret = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4364)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4365) nexthdr = ip6->nexthdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4366) offset += sizeof(_ipv6h);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4367) offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4368) if (offset < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4369) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4370)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4371) if (proto)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4372) *proto = nexthdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4373)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4374) switch (nexthdr) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4375) case IPPROTO_TCP: {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4376) struct tcphdr _tcph, *th;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4377)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4378) th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4379) if (th == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4380) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4381)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4382) ad->u.net->sport = th->source;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4383) ad->u.net->dport = th->dest;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4384) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4385) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4386)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4387) case IPPROTO_UDP: {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4388) struct udphdr _udph, *uh;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4389)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4390) uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4391) if (uh == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4392) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4393)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4394) ad->u.net->sport = uh->source;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4395) ad->u.net->dport = uh->dest;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4396) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4397) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4398)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4399) case IPPROTO_DCCP: {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4400) struct dccp_hdr _dccph, *dh;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4401)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4402) dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4403) if (dh == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4404) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4405)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4406) ad->u.net->sport = dh->dccph_sport;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4407) ad->u.net->dport = dh->dccph_dport;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4408) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4409) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4410)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4411) #if IS_ENABLED(CONFIG_IP_SCTP)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4412) case IPPROTO_SCTP: {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4413) struct sctphdr _sctph, *sh;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4414)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4415) sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4416) if (sh == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4417) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4418)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4419) ad->u.net->sport = sh->source;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4420) ad->u.net->dport = sh->dest;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4421) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4422) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4423) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4424) /* includes fragments */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4425) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4426) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4427) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4428) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4429) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4430) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4431)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4432) #endif /* IPV6 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4433)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4434) static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4435) char **_addrp, int src, u8 *proto)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4436) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4437) char *addrp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4438) int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4439)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4440) switch (ad->u.net->family) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4441) case PF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4442) ret = selinux_parse_skb_ipv4(skb, ad, proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4443) if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4444) goto parse_error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4445) addrp = (char *)(src ? &ad->u.net->v4info.saddr :
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4446) &ad->u.net->v4info.daddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4447) goto okay;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4448)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4449) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4450) case PF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4451) ret = selinux_parse_skb_ipv6(skb, ad, proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4452) if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4453) goto parse_error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4454) addrp = (char *)(src ? &ad->u.net->v6info.saddr :
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4455) &ad->u.net->v6info.daddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4456) goto okay;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4457) #endif /* IPV6 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4458) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4459) addrp = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4460) goto okay;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4461) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4462)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4463) parse_error:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4464) pr_warn(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4465) "SELinux: failure in selinux_parse_skb(),"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4466) " unable to parse packet\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4467) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4468)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4469) okay:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4470) if (_addrp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4471) *_addrp = addrp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4472) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4473) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4474)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4475) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4476) * selinux_skb_peerlbl_sid - Determine the peer label of a packet
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4477) * @skb: the packet
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4478) * @family: protocol family
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4479) * @sid: the packet's peer label SID
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4480) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4481) * Description:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4482) * Check the various different forms of network peer labeling and determine
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4483) * the peer label/SID for the packet; most of the magic actually occurs in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4484) * the security server function security_net_peersid_cmp(). The function
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4485) * returns zero if the value in @sid is valid (although it may be SECSID_NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4486) * or -EACCES if @sid is invalid due to inconsistencies with the different
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4487) * peer labels.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4488) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4489) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4490) static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4491) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4492) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4493) u32 xfrm_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4494) u32 nlbl_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4495) u32 nlbl_type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4496)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4497) err = selinux_xfrm_skb_sid(skb, &xfrm_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4498) if (unlikely(err))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4499) return -EACCES;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4500) err = selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4501) if (unlikely(err))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4502) return -EACCES;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4503)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4504) err = security_net_peersid_resolve(&selinux_state, nlbl_sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4505) nlbl_type, xfrm_sid, sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4506) if (unlikely(err)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4507) pr_warn(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4508) "SELinux: failure in selinux_skb_peerlbl_sid(),"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4509) " unable to determine packet's peer label\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4510) return -EACCES;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4511) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4512)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4513) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4514) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4515)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4516) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4517) * selinux_conn_sid - Determine the child socket label for a connection
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4518) * @sk_sid: the parent socket's SID
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4519) * @skb_sid: the packet's SID
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4520) * @conn_sid: the resulting connection SID
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4521) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4522) * If @skb_sid is valid then the user:role:type information from @sk_sid is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4523) * combined with the MLS information from @skb_sid in order to create
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4524) * @conn_sid. If @skb_sid is not valid then @conn_sid is simply a copy
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4525) * of @sk_sid. Returns zero on success, negative values on failure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4526) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4527) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4528) static int selinux_conn_sid(u32 sk_sid, u32 skb_sid, u32 *conn_sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4529) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4530) int err = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4531)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4532) if (skb_sid != SECSID_NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4533) err = security_sid_mls_copy(&selinux_state, sk_sid, skb_sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4534) conn_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4535) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4536) *conn_sid = sk_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4537)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4538) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4539) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4540)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4541) /* socket security operations */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4542)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4543) static int socket_sockcreate_sid(const struct task_security_struct *tsec,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4544) u16 secclass, u32 *socksid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4545) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4546) if (tsec->sockcreate_sid > SECSID_NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4547) *socksid = tsec->sockcreate_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4548) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4549) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4550)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4551) return security_transition_sid(&selinux_state, tsec->sid, tsec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4552) secclass, NULL, socksid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4553) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4554)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4555) static int sock_has_perm(struct sock *sk, u32 perms)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4556) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4557) struct sk_security_struct *sksec = sk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4558) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4559) struct lsm_network_audit net = {0,};
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4560)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4561) if (sksec->sid == SECINITSID_KERNEL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4562) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4563)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4564) ad.type = LSM_AUDIT_DATA_NET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4565) ad.u.net = &net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4566) ad.u.net->sk = sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4567)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4568) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4569) current_sid(), sksec->sid, sksec->sclass, perms,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4570) &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4571) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4572)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4573) static int selinux_socket_create(int family, int type,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4574) int protocol, int kern)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4575) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4576) const struct task_security_struct *tsec = selinux_cred(current_cred());
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4577) u32 newsid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4578) u16 secclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4579) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4580)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4581) if (kern)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4582) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4583)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4584) secclass = socket_type_to_security_class(family, type, protocol);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4585) rc = socket_sockcreate_sid(tsec, secclass, &newsid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4586) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4587) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4588)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4589) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4590) tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4591) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4592)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4593) static int selinux_socket_post_create(struct socket *sock, int family,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4594) int type, int protocol, int kern)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4595) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4596) const struct task_security_struct *tsec = selinux_cred(current_cred());
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4597) struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(sock));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4598) struct sk_security_struct *sksec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4599) u16 sclass = socket_type_to_security_class(family, type, protocol);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4600) u32 sid = SECINITSID_KERNEL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4601) int err = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4602)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4603) if (!kern) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4604) err = socket_sockcreate_sid(tsec, sclass, &sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4605) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4606) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4607) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4608)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4609) isec->sclass = sclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4610) isec->sid = sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4611) isec->initialized = LABEL_INITIALIZED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4612)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4613) if (sock->sk) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4614) sksec = sock->sk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4615) sksec->sclass = sclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4616) sksec->sid = sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4617) /* Allows detection of the first association on this socket */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4618) if (sksec->sclass == SECCLASS_SCTP_SOCKET)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4619) sksec->sctp_assoc_state = SCTP_ASSOC_UNSET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4620)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4621) err = selinux_netlbl_socket_post_create(sock->sk, family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4622) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4623)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4624) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4625) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4626)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4627) static int selinux_socket_socketpair(struct socket *socka,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4628) struct socket *sockb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4629) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4630) struct sk_security_struct *sksec_a = socka->sk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4631) struct sk_security_struct *sksec_b = sockb->sk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4632)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4633) sksec_a->peer_sid = sksec_b->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4634) sksec_b->peer_sid = sksec_a->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4635)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4636) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4637) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4638)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4639) /* Range of port numbers used to automatically bind.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4640) Need to determine whether we should perform a name_bind
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4641) permission check between the socket and the port number. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4642)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4643) static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4644) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4645) struct sock *sk = sock->sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4646) struct sk_security_struct *sksec = sk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4647) u16 family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4648) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4649)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4650) err = sock_has_perm(sk, SOCKET__BIND);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4651) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4652) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4653)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4654) /* If PF_INET or PF_INET6, check name_bind permission for the port. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4655) family = sk->sk_family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4656) if (family == PF_INET || family == PF_INET6) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4657) char *addrp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4658) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4659) struct lsm_network_audit net = {0,};
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4660) struct sockaddr_in *addr4 = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4661) struct sockaddr_in6 *addr6 = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4662) u16 family_sa;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4663) unsigned short snum;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4664) u32 sid, node_perm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4665)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4666) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4667) * sctp_bindx(3) calls via selinux_sctp_bind_connect()
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4668) * that validates multiple binding addresses. Because of this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4669) * need to check address->sa_family as it is possible to have
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4670) * sk->sk_family = PF_INET6 with addr->sa_family = AF_INET.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4671) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4672) if (addrlen < offsetofend(struct sockaddr, sa_family))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4673) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4674) family_sa = address->sa_family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4675) switch (family_sa) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4676) case AF_UNSPEC:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4677) case AF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4678) if (addrlen < sizeof(struct sockaddr_in))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4679) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4680) addr4 = (struct sockaddr_in *)address;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4681) if (family_sa == AF_UNSPEC) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4682) /* see __inet_bind(), we only want to allow
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4683) * AF_UNSPEC if the address is INADDR_ANY
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4684) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4685) if (addr4->sin_addr.s_addr != htonl(INADDR_ANY))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4686) goto err_af;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4687) family_sa = AF_INET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4688) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4689) snum = ntohs(addr4->sin_port);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4690) addrp = (char *)&addr4->sin_addr.s_addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4691) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4692) case AF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4693) if (addrlen < SIN6_LEN_RFC2133)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4694) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4695) addr6 = (struct sockaddr_in6 *)address;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4696) snum = ntohs(addr6->sin6_port);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4697) addrp = (char *)&addr6->sin6_addr.s6_addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4698) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4699) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4700) goto err_af;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4701) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4702)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4703) ad.type = LSM_AUDIT_DATA_NET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4704) ad.u.net = &net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4705) ad.u.net->sport = htons(snum);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4706) ad.u.net->family = family_sa;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4707)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4708) if (snum) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4709) int low, high;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4710)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4711) inet_get_local_port_range(sock_net(sk), &low, &high);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4712)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4713) if (inet_port_requires_bind_service(sock_net(sk), snum) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4714) snum < low || snum > high) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4715) err = sel_netport_sid(sk->sk_protocol,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4716) snum, &sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4717) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4718) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4719) err = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4720) sksec->sid, sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4721) sksec->sclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4722) SOCKET__NAME_BIND, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4723) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4724) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4725) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4726) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4727)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4728) switch (sksec->sclass) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4729) case SECCLASS_TCP_SOCKET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4730) node_perm = TCP_SOCKET__NODE_BIND;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4731) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4732)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4733) case SECCLASS_UDP_SOCKET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4734) node_perm = UDP_SOCKET__NODE_BIND;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4735) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4736)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4737) case SECCLASS_DCCP_SOCKET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4738) node_perm = DCCP_SOCKET__NODE_BIND;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4739) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4740)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4741) case SECCLASS_SCTP_SOCKET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4742) node_perm = SCTP_SOCKET__NODE_BIND;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4743) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4744)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4745) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4746) node_perm = RAWIP_SOCKET__NODE_BIND;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4747) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4748) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4749)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4750) err = sel_netnode_sid(addrp, family_sa, &sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4751) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4752) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4753)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4754) if (family_sa == AF_INET)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4755) ad.u.net->v4info.saddr = addr4->sin_addr.s_addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4756) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4757) ad.u.net->v6info.saddr = addr6->sin6_addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4758)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4759) err = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4760) sksec->sid, sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4761) sksec->sclass, node_perm, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4762) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4763) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4764) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4765) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4766) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4767) err_af:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4768) /* Note that SCTP services expect -EINVAL, others -EAFNOSUPPORT. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4769) if (sksec->sclass == SECCLASS_SCTP_SOCKET)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4770) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4771) return -EAFNOSUPPORT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4772) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4773)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4774) /* This supports connect(2) and SCTP connect services such as sctp_connectx(3)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4775) * and sctp_sendmsg(3) as described in Documentation/security/SCTP.rst
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4776) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4777) static int selinux_socket_connect_helper(struct socket *sock,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4778) struct sockaddr *address, int addrlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4779) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4780) struct sock *sk = sock->sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4781) struct sk_security_struct *sksec = sk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4782) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4783)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4784) err = sock_has_perm(sk, SOCKET__CONNECT);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4785) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4786) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4787) if (addrlen < offsetofend(struct sockaddr, sa_family))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4788) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4789)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4790) /* connect(AF_UNSPEC) has special handling, as it is a documented
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4791) * way to disconnect the socket
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4792) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4793) if (address->sa_family == AF_UNSPEC)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4794) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4795)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4796) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4797) * If a TCP, DCCP or SCTP socket, check name_connect permission
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4798) * for the port.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4799) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4800) if (sksec->sclass == SECCLASS_TCP_SOCKET ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4801) sksec->sclass == SECCLASS_DCCP_SOCKET ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4802) sksec->sclass == SECCLASS_SCTP_SOCKET) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4803) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4804) struct lsm_network_audit net = {0,};
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4805) struct sockaddr_in *addr4 = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4806) struct sockaddr_in6 *addr6 = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4807) unsigned short snum;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4808) u32 sid, perm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4809)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4810) /* sctp_connectx(3) calls via selinux_sctp_bind_connect()
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4811) * that validates multiple connect addresses. Because of this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4812) * need to check address->sa_family as it is possible to have
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4813) * sk->sk_family = PF_INET6 with addr->sa_family = AF_INET.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4814) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4815) switch (address->sa_family) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4816) case AF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4817) addr4 = (struct sockaddr_in *)address;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4818) if (addrlen < sizeof(struct sockaddr_in))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4819) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4820) snum = ntohs(addr4->sin_port);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4821) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4822) case AF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4823) addr6 = (struct sockaddr_in6 *)address;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4824) if (addrlen < SIN6_LEN_RFC2133)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4825) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4826) snum = ntohs(addr6->sin6_port);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4827) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4828) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4829) /* Note that SCTP services expect -EINVAL, whereas
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4830) * others expect -EAFNOSUPPORT.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4831) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4832) if (sksec->sclass == SECCLASS_SCTP_SOCKET)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4833) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4834) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4835) return -EAFNOSUPPORT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4836) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4837)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4838) err = sel_netport_sid(sk->sk_protocol, snum, &sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4839) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4840) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4841)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4842) switch (sksec->sclass) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4843) case SECCLASS_TCP_SOCKET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4844) perm = TCP_SOCKET__NAME_CONNECT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4845) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4846) case SECCLASS_DCCP_SOCKET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4847) perm = DCCP_SOCKET__NAME_CONNECT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4848) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4849) case SECCLASS_SCTP_SOCKET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4850) perm = SCTP_SOCKET__NAME_CONNECT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4851) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4852) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4853)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4854) ad.type = LSM_AUDIT_DATA_NET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4855) ad.u.net = &net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4856) ad.u.net->dport = htons(snum);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4857) ad.u.net->family = address->sa_family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4858) err = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4859) sksec->sid, sid, sksec->sclass, perm, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4860) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4861) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4862) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4863)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4864) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4865) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4866)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4867) /* Supports connect(2), see comments in selinux_socket_connect_helper() */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4868) static int selinux_socket_connect(struct socket *sock,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4869) struct sockaddr *address, int addrlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4870) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4871) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4872) struct sock *sk = sock->sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4873)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4874) err = selinux_socket_connect_helper(sock, address, addrlen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4875) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4876) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4877)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4878) return selinux_netlbl_socket_connect(sk, address);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4879) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4880)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4881) static int selinux_socket_listen(struct socket *sock, int backlog)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4882) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4883) return sock_has_perm(sock->sk, SOCKET__LISTEN);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4884) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4885)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4886) static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4887) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4888) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4889) struct inode_security_struct *isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4890) struct inode_security_struct *newisec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4891) u16 sclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4892) u32 sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4893)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4894) err = sock_has_perm(sock->sk, SOCKET__ACCEPT);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4895) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4896) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4897)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4898) isec = inode_security_novalidate(SOCK_INODE(sock));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4899) spin_lock(&isec->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4900) sclass = isec->sclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4901) sid = isec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4902) spin_unlock(&isec->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4903)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4904) newisec = inode_security_novalidate(SOCK_INODE(newsock));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4905) newisec->sclass = sclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4906) newisec->sid = sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4907) newisec->initialized = LABEL_INITIALIZED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4908)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4909) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4910) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4911)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4912) static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4913) int size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4914) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4915) return sock_has_perm(sock->sk, SOCKET__WRITE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4916) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4917)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4918) static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4919) int size, int flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4920) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4921) return sock_has_perm(sock->sk, SOCKET__READ);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4922) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4923)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4924) static int selinux_socket_getsockname(struct socket *sock)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4925) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4926) return sock_has_perm(sock->sk, SOCKET__GETATTR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4927) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4928)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4929) static int selinux_socket_getpeername(struct socket *sock)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4930) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4931) return sock_has_perm(sock->sk, SOCKET__GETATTR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4932) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4933)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4934) static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4935) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4936) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4937)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4938) err = sock_has_perm(sock->sk, SOCKET__SETOPT);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4939) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4940) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4941)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4942) return selinux_netlbl_socket_setsockopt(sock, level, optname);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4943) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4944)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4945) static int selinux_socket_getsockopt(struct socket *sock, int level,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4946) int optname)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4947) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4948) return sock_has_perm(sock->sk, SOCKET__GETOPT);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4949) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4950)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4951) static int selinux_socket_shutdown(struct socket *sock, int how)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4952) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4953) return sock_has_perm(sock->sk, SOCKET__SHUTDOWN);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4954) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4955)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4956) static int selinux_socket_unix_stream_connect(struct sock *sock,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4957) struct sock *other,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4958) struct sock *newsk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4959) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4960) struct sk_security_struct *sksec_sock = sock->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4961) struct sk_security_struct *sksec_other = other->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4962) struct sk_security_struct *sksec_new = newsk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4963) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4964) struct lsm_network_audit net = {0,};
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4965) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4966)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4967) ad.type = LSM_AUDIT_DATA_NET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4968) ad.u.net = &net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4969) ad.u.net->sk = other;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4970)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4971) err = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4972) sksec_sock->sid, sksec_other->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4973) sksec_other->sclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4974) UNIX_STREAM_SOCKET__CONNECTTO, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4975) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4976) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4977)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4978) /* server child socket */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4979) sksec_new->peer_sid = sksec_sock->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4980) err = security_sid_mls_copy(&selinux_state, sksec_other->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4981) sksec_sock->sid, &sksec_new->sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4982) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4983) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4984)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4985) /* connecting socket */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4986) sksec_sock->peer_sid = sksec_new->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4987)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4988) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4989) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4990)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4991) static int selinux_socket_unix_may_send(struct socket *sock,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4992) struct socket *other)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4993) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4994) struct sk_security_struct *ssec = sock->sk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4995) struct sk_security_struct *osec = other->sk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4996) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4997) struct lsm_network_audit net = {0,};
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4998)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4999) ad.type = LSM_AUDIT_DATA_NET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5000) ad.u.net = &net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5001) ad.u.net->sk = other->sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5002)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5003) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5004) ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5005) &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5006) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5007)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5008) static int selinux_inet_sys_rcv_skb(struct net *ns, int ifindex,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5009) char *addrp, u16 family, u32 peer_sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5010) struct common_audit_data *ad)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5011) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5012) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5013) u32 if_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5014) u32 node_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5015)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5016) err = sel_netif_sid(ns, ifindex, &if_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5017) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5018) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5019) err = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5020) peer_sid, if_sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5021) SECCLASS_NETIF, NETIF__INGRESS, ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5022) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5023) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5024)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5025) err = sel_netnode_sid(addrp, family, &node_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5026) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5027) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5028) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5029) peer_sid, node_sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5030) SECCLASS_NODE, NODE__RECVFROM, ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5031) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5032)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5033) static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5034) u16 family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5035) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5036) int err = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5037) struct sk_security_struct *sksec = sk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5038) u32 sk_sid = sksec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5039) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5040) struct lsm_network_audit net = {0,};
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5041) char *addrp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5042)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5043) ad.type = LSM_AUDIT_DATA_NET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5044) ad.u.net = &net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5045) ad.u.net->netif = skb->skb_iif;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5046) ad.u.net->family = family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5047) err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5048) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5049) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5050)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5051) if (selinux_secmark_enabled()) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5052) err = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5053) sk_sid, skb->secmark, SECCLASS_PACKET,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5054) PACKET__RECV, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5055) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5056) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5057) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5058)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5059) err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5060) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5061) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5062) err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5063)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5064) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5065) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5066)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5067) static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5068) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5069) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5070) struct sk_security_struct *sksec = sk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5071) u16 family = sk->sk_family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5072) u32 sk_sid = sksec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5073) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5074) struct lsm_network_audit net = {0,};
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5075) char *addrp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5076) u8 secmark_active;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5077) u8 peerlbl_active;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5078)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5079) if (family != PF_INET && family != PF_INET6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5080) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5081)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5082) /* Handle mapped IPv4 packets arriving via IPv6 sockets */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5083) if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5084) family = PF_INET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5085)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5086) /* If any sort of compatibility mode is enabled then handoff processing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5087) * to the selinux_sock_rcv_skb_compat() function to deal with the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5088) * special handling. We do this in an attempt to keep this function
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5089) * as fast and as clean as possible. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5090) if (!selinux_policycap_netpeer())
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5091) return selinux_sock_rcv_skb_compat(sk, skb, family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5092)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5093) secmark_active = selinux_secmark_enabled();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5094) peerlbl_active = selinux_peerlbl_enabled();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5095) if (!secmark_active && !peerlbl_active)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5096) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5097)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5098) ad.type = LSM_AUDIT_DATA_NET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5099) ad.u.net = &net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5100) ad.u.net->netif = skb->skb_iif;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5101) ad.u.net->family = family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5102) err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5103) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5104) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5105)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5106) if (peerlbl_active) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5107) u32 peer_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5108)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5109) err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5110) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5111) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5112) err = selinux_inet_sys_rcv_skb(sock_net(sk), skb->skb_iif,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5113) addrp, family, peer_sid, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5114) if (err) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5115) selinux_netlbl_err(skb, family, err, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5116) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5117) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5118) err = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5119) sk_sid, peer_sid, SECCLASS_PEER,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5120) PEER__RECV, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5121) if (err) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5122) selinux_netlbl_err(skb, family, err, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5123) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5124) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5125) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5126)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5127) if (secmark_active) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5128) err = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5129) sk_sid, skb->secmark, SECCLASS_PACKET,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5130) PACKET__RECV, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5131) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5132) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5133) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5134)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5135) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5136) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5137)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5138) static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5139) int __user *optlen, unsigned len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5140) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5141) int err = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5142) char *scontext;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5143) u32 scontext_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5144) struct sk_security_struct *sksec = sock->sk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5145) u32 peer_sid = SECSID_NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5146)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5147) if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5148) sksec->sclass == SECCLASS_TCP_SOCKET ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5149) sksec->sclass == SECCLASS_SCTP_SOCKET)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5150) peer_sid = sksec->peer_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5151) if (peer_sid == SECSID_NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5152) return -ENOPROTOOPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5153)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5154) err = security_sid_to_context(&selinux_state, peer_sid, &scontext,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5155) &scontext_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5156) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5157) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5158)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5159) if (scontext_len > len) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5160) err = -ERANGE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5161) goto out_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5162) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5163)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5164) if (copy_to_user(optval, scontext, scontext_len))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5165) err = -EFAULT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5166)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5167) out_len:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5168) if (put_user(scontext_len, optlen))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5169) err = -EFAULT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5170) kfree(scontext);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5171) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5172) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5173)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5174) static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5175) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5176) u32 peer_secid = SECSID_NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5177) u16 family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5178) struct inode_security_struct *isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5179)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5180) if (skb && skb->protocol == htons(ETH_P_IP))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5181) family = PF_INET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5182) else if (skb && skb->protocol == htons(ETH_P_IPV6))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5183) family = PF_INET6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5184) else if (sock)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5185) family = sock->sk->sk_family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5186) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5187) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5188)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5189) if (sock && family == PF_UNIX) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5190) isec = inode_security_novalidate(SOCK_INODE(sock));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5191) peer_secid = isec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5192) } else if (skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5193) selinux_skb_peerlbl_sid(skb, family, &peer_secid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5194)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5195) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5196) *secid = peer_secid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5197) if (peer_secid == SECSID_NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5198) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5199) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5200) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5201)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5202) static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5203) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5204) struct sk_security_struct *sksec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5205)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5206) sksec = kzalloc(sizeof(*sksec), priority);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5207) if (!sksec)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5208) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5209)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5210) sksec->peer_sid = SECINITSID_UNLABELED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5211) sksec->sid = SECINITSID_UNLABELED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5212) sksec->sclass = SECCLASS_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5213) selinux_netlbl_sk_security_reset(sksec);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5214) sk->sk_security = sksec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5215)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5216) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5217) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5218)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5219) static void selinux_sk_free_security(struct sock *sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5220) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5221) struct sk_security_struct *sksec = sk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5222)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5223) sk->sk_security = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5224) selinux_netlbl_sk_security_free(sksec);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5225) kfree(sksec);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5226) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5227)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5228) static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5229) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5230) struct sk_security_struct *sksec = sk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5231) struct sk_security_struct *newsksec = newsk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5232)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5233) newsksec->sid = sksec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5234) newsksec->peer_sid = sksec->peer_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5235) newsksec->sclass = sksec->sclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5236)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5237) selinux_netlbl_sk_security_reset(newsksec);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5238) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5239)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5240) static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5241) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5242) if (!sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5243) *secid = SECINITSID_ANY_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5244) else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5245) struct sk_security_struct *sksec = sk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5246)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5247) *secid = sksec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5248) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5249) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5250)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5251) static void selinux_sock_graft(struct sock *sk, struct socket *parent)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5252) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5253) struct inode_security_struct *isec =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5254) inode_security_novalidate(SOCK_INODE(parent));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5255) struct sk_security_struct *sksec = sk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5256)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5257) if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5258) sk->sk_family == PF_UNIX)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5259) isec->sid = sksec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5260) sksec->sclass = isec->sclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5261) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5262)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5263) /* Called whenever SCTP receives an INIT chunk. This happens when an incoming
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5264) * connect(2), sctp_connectx(3) or sctp_sendmsg(3) (with no association
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5265) * already present).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5266) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5267) static int selinux_sctp_assoc_request(struct sctp_endpoint *ep,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5268) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5269) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5270) struct sk_security_struct *sksec = ep->base.sk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5271) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5272) struct lsm_network_audit net = {0,};
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5273) u8 peerlbl_active;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5274) u32 peer_sid = SECINITSID_UNLABELED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5275) u32 conn_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5276) int err = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5277)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5278) if (!selinux_policycap_extsockclass())
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5279) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5280)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5281) peerlbl_active = selinux_peerlbl_enabled();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5282)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5283) if (peerlbl_active) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5284) /* This will return peer_sid = SECSID_NULL if there are
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5285) * no peer labels, see security_net_peersid_resolve().
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5286) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5287) err = selinux_skb_peerlbl_sid(skb, ep->base.sk->sk_family,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5288) &peer_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5289) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5290) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5291)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5292) if (peer_sid == SECSID_NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5293) peer_sid = SECINITSID_UNLABELED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5294) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5295)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5296) if (sksec->sctp_assoc_state == SCTP_ASSOC_UNSET) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5297) sksec->sctp_assoc_state = SCTP_ASSOC_SET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5298)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5299) /* Here as first association on socket. As the peer SID
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5300) * was allowed by peer recv (and the netif/node checks),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5301) * then it is approved by policy and used as the primary
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5302) * peer SID for getpeercon(3).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5303) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5304) sksec->peer_sid = peer_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5305) } else if (sksec->peer_sid != peer_sid) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5306) /* Other association peer SIDs are checked to enforce
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5307) * consistency among the peer SIDs.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5308) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5309) ad.type = LSM_AUDIT_DATA_NET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5310) ad.u.net = &net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5311) ad.u.net->sk = ep->base.sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5312) err = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5313) sksec->peer_sid, peer_sid, sksec->sclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5314) SCTP_SOCKET__ASSOCIATION, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5315) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5316) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5317) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5318)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5319) /* Compute the MLS component for the connection and store
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5320) * the information in ep. This will be used by SCTP TCP type
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5321) * sockets and peeled off connections as they cause a new
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5322) * socket to be generated. selinux_sctp_sk_clone() will then
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5323) * plug this into the new socket.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5324) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5325) err = selinux_conn_sid(sksec->sid, peer_sid, &conn_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5326) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5327) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5328)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5329) ep->secid = conn_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5330) ep->peer_secid = peer_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5331)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5332) /* Set any NetLabel labels including CIPSO/CALIPSO options. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5333) return selinux_netlbl_sctp_assoc_request(ep, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5334) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5335)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5336) /* Check if sctp IPv4/IPv6 addresses are valid for binding or connecting
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5337) * based on their @optname.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5338) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5339) static int selinux_sctp_bind_connect(struct sock *sk, int optname,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5340) struct sockaddr *address,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5341) int addrlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5342) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5343) int len, err = 0, walk_size = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5344) void *addr_buf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5345) struct sockaddr *addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5346) struct socket *sock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5347)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5348) if (!selinux_policycap_extsockclass())
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5349) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5350)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5351) /* Process one or more addresses that may be IPv4 or IPv6 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5352) sock = sk->sk_socket;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5353) addr_buf = address;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5354)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5355) while (walk_size < addrlen) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5356) if (walk_size + sizeof(sa_family_t) > addrlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5357) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5358)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5359) addr = addr_buf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5360) switch (addr->sa_family) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5361) case AF_UNSPEC:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5362) case AF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5363) len = sizeof(struct sockaddr_in);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5364) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5365) case AF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5366) len = sizeof(struct sockaddr_in6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5367) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5368) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5369) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5370) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5371)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5372) if (walk_size + len > addrlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5373) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5374)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5375) err = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5376) switch (optname) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5377) /* Bind checks */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5378) case SCTP_PRIMARY_ADDR:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5379) case SCTP_SET_PEER_PRIMARY_ADDR:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5380) case SCTP_SOCKOPT_BINDX_ADD:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5381) err = selinux_socket_bind(sock, addr, len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5382) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5383) /* Connect checks */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5384) case SCTP_SOCKOPT_CONNECTX:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5385) case SCTP_PARAM_SET_PRIMARY:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5386) case SCTP_PARAM_ADD_IP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5387) case SCTP_SENDMSG_CONNECT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5388) err = selinux_socket_connect_helper(sock, addr, len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5389) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5390) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5391)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5392) /* As selinux_sctp_bind_connect() is called by the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5393) * SCTP protocol layer, the socket is already locked,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5394) * therefore selinux_netlbl_socket_connect_locked()
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5395) * is called here. The situations handled are:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5396) * sctp_connectx(3), sctp_sendmsg(3), sendmsg(2),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5397) * whenever a new IP address is added or when a new
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5398) * primary address is selected.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5399) * Note that an SCTP connect(2) call happens before
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5400) * the SCTP protocol layer and is handled via
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5401) * selinux_socket_connect().
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5402) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5403) err = selinux_netlbl_socket_connect_locked(sk, addr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5404) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5405) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5406)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5407) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5408) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5409)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5410) addr_buf += len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5411) walk_size += len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5412) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5413)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5414) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5415) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5416)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5417) /* Called whenever a new socket is created by accept(2) or sctp_peeloff(3). */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5418) static void selinux_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5419) struct sock *newsk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5420) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5421) struct sk_security_struct *sksec = sk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5422) struct sk_security_struct *newsksec = newsk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5423)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5424) /* If policy does not support SECCLASS_SCTP_SOCKET then call
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5425) * the non-sctp clone version.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5426) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5427) if (!selinux_policycap_extsockclass())
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5428) return selinux_sk_clone_security(sk, newsk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5429)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5430) newsksec->sid = ep->secid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5431) newsksec->peer_sid = ep->peer_secid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5432) newsksec->sclass = sksec->sclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5433) selinux_netlbl_sctp_sk_clone(sk, newsk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5434) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5435)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5436) static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5437) struct request_sock *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5438) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5439) struct sk_security_struct *sksec = sk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5440) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5441) u16 family = req->rsk_ops->family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5442) u32 connsid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5443) u32 peersid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5444)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5445) err = selinux_skb_peerlbl_sid(skb, family, &peersid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5446) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5447) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5448) err = selinux_conn_sid(sksec->sid, peersid, &connsid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5449) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5450) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5451) req->secid = connsid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5452) req->peer_secid = peersid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5453)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5454) return selinux_netlbl_inet_conn_request(req, family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5455) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5456)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5457) static void selinux_inet_csk_clone(struct sock *newsk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5458) const struct request_sock *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5459) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5460) struct sk_security_struct *newsksec = newsk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5461)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5462) newsksec->sid = req->secid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5463) newsksec->peer_sid = req->peer_secid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5464) /* NOTE: Ideally, we should also get the isec->sid for the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5465) new socket in sync, but we don't have the isec available yet.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5466) So we will wait until sock_graft to do it, by which
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5467) time it will have been created and available. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5468)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5469) /* We don't need to take any sort of lock here as we are the only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5470) * thread with access to newsksec */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5471) selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5472) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5473)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5474) static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5475) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5476) u16 family = sk->sk_family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5477) struct sk_security_struct *sksec = sk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5478)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5479) /* handle mapped IPv4 packets arriving via IPv6 sockets */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5480) if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5481) family = PF_INET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5482)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5483) selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5484) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5485)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5486) static int selinux_secmark_relabel_packet(u32 sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5487) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5488) const struct task_security_struct *__tsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5489) u32 tsid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5490)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5491) __tsec = selinux_cred(current_cred());
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5492) tsid = __tsec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5493)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5494) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5495) tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5496) NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5497) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5498)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5499) static void selinux_secmark_refcount_inc(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5500) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5501) atomic_inc(&selinux_secmark_refcount);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5502) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5503)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5504) static void selinux_secmark_refcount_dec(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5505) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5506) atomic_dec(&selinux_secmark_refcount);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5507) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5508)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5509) static void selinux_req_classify_flow(const struct request_sock *req,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5510) struct flowi *fl)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5511) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5512) fl->flowi_secid = req->secid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5513) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5514)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5515) static int selinux_tun_dev_alloc_security(void **security)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5516) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5517) struct tun_security_struct *tunsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5518)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5519) tunsec = kzalloc(sizeof(*tunsec), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5520) if (!tunsec)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5521) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5522) tunsec->sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5523)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5524) *security = tunsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5525) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5526) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5527)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5528) static void selinux_tun_dev_free_security(void *security)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5529) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5530) kfree(security);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5531) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5532)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5533) static int selinux_tun_dev_create(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5534) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5535) u32 sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5536)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5537) /* we aren't taking into account the "sockcreate" SID since the socket
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5538) * that is being created here is not a socket in the traditional sense,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5539) * instead it is a private sock, accessible only to the kernel, and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5540) * representing a wide range of network traffic spanning multiple
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5541) * connections unlike traditional sockets - check the TUN driver to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5542) * get a better understanding of why this socket is special */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5543)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5544) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5545) sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5546) NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5547) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5548)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5549) static int selinux_tun_dev_attach_queue(void *security)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5550) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5551) struct tun_security_struct *tunsec = security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5552)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5553) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5554) current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5555) TUN_SOCKET__ATTACH_QUEUE, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5556) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5557)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5558) static int selinux_tun_dev_attach(struct sock *sk, void *security)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5559) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5560) struct tun_security_struct *tunsec = security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5561) struct sk_security_struct *sksec = sk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5562)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5563) /* we don't currently perform any NetLabel based labeling here and it
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5564) * isn't clear that we would want to do so anyway; while we could apply
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5565) * labeling without the support of the TUN user the resulting labeled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5566) * traffic from the other end of the connection would almost certainly
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5567) * cause confusion to the TUN user that had no idea network labeling
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5568) * protocols were being used */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5569)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5570) sksec->sid = tunsec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5571) sksec->sclass = SECCLASS_TUN_SOCKET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5572)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5573) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5574) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5575)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5576) static int selinux_tun_dev_open(void *security)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5577) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5578) struct tun_security_struct *tunsec = security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5579) u32 sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5580) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5581)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5582) err = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5583) sid, tunsec->sid, SECCLASS_TUN_SOCKET,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5584) TUN_SOCKET__RELABELFROM, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5585) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5586) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5587) err = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5588) sid, sid, SECCLASS_TUN_SOCKET,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5589) TUN_SOCKET__RELABELTO, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5590) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5591) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5592) tunsec->sid = sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5593)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5594) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5595) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5596)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5597) #ifdef CONFIG_NETFILTER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5598)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5599) static unsigned int selinux_ip_forward(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5600) const struct net_device *indev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5601) u16 family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5602) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5603) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5604) char *addrp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5605) u32 peer_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5606) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5607) struct lsm_network_audit net = {0,};
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5608) u8 secmark_active;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5609) u8 netlbl_active;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5610) u8 peerlbl_active;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5611)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5612) if (!selinux_policycap_netpeer())
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5613) return NF_ACCEPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5614)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5615) secmark_active = selinux_secmark_enabled();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5616) netlbl_active = netlbl_enabled();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5617) peerlbl_active = selinux_peerlbl_enabled();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5618) if (!secmark_active && !peerlbl_active)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5619) return NF_ACCEPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5620)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5621) if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5622) return NF_DROP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5623)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5624) ad.type = LSM_AUDIT_DATA_NET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5625) ad.u.net = &net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5626) ad.u.net->netif = indev->ifindex;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5627) ad.u.net->family = family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5628) if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5629) return NF_DROP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5630)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5631) if (peerlbl_active) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5632) err = selinux_inet_sys_rcv_skb(dev_net(indev), indev->ifindex,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5633) addrp, family, peer_sid, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5634) if (err) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5635) selinux_netlbl_err(skb, family, err, 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5636) return NF_DROP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5637) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5638) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5639)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5640) if (secmark_active)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5641) if (avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5642) peer_sid, skb->secmark,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5643) SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5644) return NF_DROP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5645)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5646) if (netlbl_active)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5647) /* we do this in the FORWARD path and not the POST_ROUTING
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5648) * path because we want to make sure we apply the necessary
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5649) * labeling before IPsec is applied so we can leverage AH
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5650) * protection */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5651) if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5652) return NF_DROP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5653)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5654) return NF_ACCEPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5655) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5656)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5657) static unsigned int selinux_ipv4_forward(void *priv,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5658) struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5659) const struct nf_hook_state *state)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5660) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5661) return selinux_ip_forward(skb, state->in, PF_INET);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5662) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5663)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5664) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5665) static unsigned int selinux_ipv6_forward(void *priv,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5666) struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5667) const struct nf_hook_state *state)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5668) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5669) return selinux_ip_forward(skb, state->in, PF_INET6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5670) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5671) #endif /* IPV6 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5672)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5673) static unsigned int selinux_ip_output(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5674) u16 family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5675) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5676) struct sock *sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5677) u32 sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5678)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5679) if (!netlbl_enabled())
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5680) return NF_ACCEPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5681)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5682) /* we do this in the LOCAL_OUT path and not the POST_ROUTING path
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5683) * because we want to make sure we apply the necessary labeling
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5684) * before IPsec is applied so we can leverage AH protection */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5685) sk = skb->sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5686) if (sk) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5687) struct sk_security_struct *sksec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5688)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5689) if (sk_listener(sk))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5690) /* if the socket is the listening state then this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5691) * packet is a SYN-ACK packet which means it needs to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5692) * be labeled based on the connection/request_sock and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5693) * not the parent socket. unfortunately, we can't
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5694) * lookup the request_sock yet as it isn't queued on
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5695) * the parent socket until after the SYN-ACK is sent.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5696) * the "solution" is to simply pass the packet as-is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5697) * as any IP option based labeling should be copied
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5698) * from the initial connection request (in the IP
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5699) * layer). it is far from ideal, but until we get a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5700) * security label in the packet itself this is the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5701) * best we can do. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5702) return NF_ACCEPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5703)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5704) /* standard practice, label using the parent socket */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5705) sksec = sk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5706) sid = sksec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5707) } else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5708) sid = SECINITSID_KERNEL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5709) if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5710) return NF_DROP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5711)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5712) return NF_ACCEPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5713) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5714)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5715) static unsigned int selinux_ipv4_output(void *priv,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5716) struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5717) const struct nf_hook_state *state)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5718) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5719) return selinux_ip_output(skb, PF_INET);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5720) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5721)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5722) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5723) static unsigned int selinux_ipv6_output(void *priv,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5724) struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5725) const struct nf_hook_state *state)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5726) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5727) return selinux_ip_output(skb, PF_INET6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5728) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5729) #endif /* IPV6 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5730)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5731) static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5732) int ifindex,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5733) u16 family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5734) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5735) struct sock *sk = skb_to_full_sk(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5736) struct sk_security_struct *sksec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5737) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5738) struct lsm_network_audit net = {0,};
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5739) char *addrp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5740) u8 proto = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5741)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5742) if (sk == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5743) return NF_ACCEPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5744) sksec = sk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5745)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5746) ad.type = LSM_AUDIT_DATA_NET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5747) ad.u.net = &net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5748) ad.u.net->netif = ifindex;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5749) ad.u.net->family = family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5750) if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5751) return NF_DROP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5752)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5753) if (selinux_secmark_enabled())
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5754) if (avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5755) sksec->sid, skb->secmark,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5756) SECCLASS_PACKET, PACKET__SEND, &ad))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5757) return NF_DROP_ERR(-ECONNREFUSED);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5758)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5759) if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5760) return NF_DROP_ERR(-ECONNREFUSED);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5761)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5762) return NF_ACCEPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5763) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5764)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5765) static unsigned int selinux_ip_postroute(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5766) const struct net_device *outdev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5767) u16 family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5768) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5769) u32 secmark_perm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5770) u32 peer_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5771) int ifindex = outdev->ifindex;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5772) struct sock *sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5773) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5774) struct lsm_network_audit net = {0,};
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5775) char *addrp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5776) u8 secmark_active;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5777) u8 peerlbl_active;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5778)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5779) /* If any sort of compatibility mode is enabled then handoff processing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5780) * to the selinux_ip_postroute_compat() function to deal with the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5781) * special handling. We do this in an attempt to keep this function
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5782) * as fast and as clean as possible. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5783) if (!selinux_policycap_netpeer())
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5784) return selinux_ip_postroute_compat(skb, ifindex, family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5785)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5786) secmark_active = selinux_secmark_enabled();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5787) peerlbl_active = selinux_peerlbl_enabled();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5788) if (!secmark_active && !peerlbl_active)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5789) return NF_ACCEPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5790)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5791) sk = skb_to_full_sk(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5792)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5793) #ifdef CONFIG_XFRM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5794) /* If skb->dst->xfrm is non-NULL then the packet is undergoing an IPsec
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5795) * packet transformation so allow the packet to pass without any checks
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5796) * since we'll have another chance to perform access control checks
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5797) * when the packet is on it's final way out.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5798) * NOTE: there appear to be some IPv6 multicast cases where skb->dst
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5799) * is NULL, in this case go ahead and apply access control.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5800) * NOTE: if this is a local socket (skb->sk != NULL) that is in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5801) * TCP listening state we cannot wait until the XFRM processing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5802) * is done as we will miss out on the SA label if we do;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5803) * unfortunately, this means more work, but it is only once per
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5804) * connection. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5805) if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5806) !(sk && sk_listener(sk)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5807) return NF_ACCEPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5808) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5809)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5810) if (sk == NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5811) /* Without an associated socket the packet is either coming
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5812) * from the kernel or it is being forwarded; check the packet
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5813) * to determine which and if the packet is being forwarded
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5814) * query the packet directly to determine the security label. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5815) if (skb->skb_iif) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5816) secmark_perm = PACKET__FORWARD_OUT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5817) if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5818) return NF_DROP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5819) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5820) secmark_perm = PACKET__SEND;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5821) peer_sid = SECINITSID_KERNEL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5822) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5823) } else if (sk_listener(sk)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5824) /* Locally generated packet but the associated socket is in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5825) * listening state which means this is a SYN-ACK packet. In
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5826) * this particular case the correct security label is assigned
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5827) * to the connection/request_sock but unfortunately we can't
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5828) * query the request_sock as it isn't queued on the parent
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5829) * socket until after the SYN-ACK packet is sent; the only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5830) * viable choice is to regenerate the label like we do in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5831) * selinux_inet_conn_request(). See also selinux_ip_output()
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5832) * for similar problems. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5833) u32 skb_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5834) struct sk_security_struct *sksec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5835)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5836) sksec = sk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5837) if (selinux_skb_peerlbl_sid(skb, family, &skb_sid))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5838) return NF_DROP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5839) /* At this point, if the returned skb peerlbl is SECSID_NULL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5840) * and the packet has been through at least one XFRM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5841) * transformation then we must be dealing with the "final"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5842) * form of labeled IPsec packet; since we've already applied
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5843) * all of our access controls on this packet we can safely
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5844) * pass the packet. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5845) if (skb_sid == SECSID_NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5846) switch (family) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5847) case PF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5848) if (IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5849) return NF_ACCEPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5850) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5851) case PF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5852) if (IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5853) return NF_ACCEPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5854) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5855) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5856) return NF_DROP_ERR(-ECONNREFUSED);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5857) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5858) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5859) if (selinux_conn_sid(sksec->sid, skb_sid, &peer_sid))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5860) return NF_DROP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5861) secmark_perm = PACKET__SEND;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5862) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5863) /* Locally generated packet, fetch the security label from the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5864) * associated socket. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5865) struct sk_security_struct *sksec = sk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5866) peer_sid = sksec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5867) secmark_perm = PACKET__SEND;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5868) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5869)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5870) ad.type = LSM_AUDIT_DATA_NET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5871) ad.u.net = &net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5872) ad.u.net->netif = ifindex;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5873) ad.u.net->family = family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5874) if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5875) return NF_DROP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5876)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5877) if (secmark_active)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5878) if (avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5879) peer_sid, skb->secmark,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5880) SECCLASS_PACKET, secmark_perm, &ad))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5881) return NF_DROP_ERR(-ECONNREFUSED);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5882)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5883) if (peerlbl_active) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5884) u32 if_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5885) u32 node_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5886)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5887) if (sel_netif_sid(dev_net(outdev), ifindex, &if_sid))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5888) return NF_DROP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5889) if (avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5890) peer_sid, if_sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5891) SECCLASS_NETIF, NETIF__EGRESS, &ad))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5892) return NF_DROP_ERR(-ECONNREFUSED);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5893)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5894) if (sel_netnode_sid(addrp, family, &node_sid))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5895) return NF_DROP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5896) if (avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5897) peer_sid, node_sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5898) SECCLASS_NODE, NODE__SENDTO, &ad))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5899) return NF_DROP_ERR(-ECONNREFUSED);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5900) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5901)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5902) return NF_ACCEPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5903) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5904)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5905) static unsigned int selinux_ipv4_postroute(void *priv,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5906) struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5907) const struct nf_hook_state *state)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5908) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5909) return selinux_ip_postroute(skb, state->out, PF_INET);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5910) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5911)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5912) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5913) static unsigned int selinux_ipv6_postroute(void *priv,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5914) struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5915) const struct nf_hook_state *state)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5916) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5917) return selinux_ip_postroute(skb, state->out, PF_INET6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5918) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5919) #endif /* IPV6 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5920)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5921) #endif /* CONFIG_NETFILTER */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5922)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5923) static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5924) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5925) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5926) unsigned int msg_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5927) unsigned int data_len = skb->len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5928) unsigned char *data = skb->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5929) struct nlmsghdr *nlh;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5930) struct sk_security_struct *sksec = sk->sk_security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5931) u16 sclass = sksec->sclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5932) u32 perm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5933)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5934) while (data_len >= nlmsg_total_size(0)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5935) nlh = (struct nlmsghdr *)data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5936)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5937) /* NOTE: the nlmsg_len field isn't reliably set by some netlink
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5938) * users which means we can't reject skb's with bogus
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5939) * length fields; our solution is to follow what
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5940) * netlink_rcv_skb() does and simply skip processing at
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5941) * messages with length fields that are clearly junk
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5942) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5943) if (nlh->nlmsg_len < NLMSG_HDRLEN || nlh->nlmsg_len > data_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5944) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5945)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5946) rc = selinux_nlmsg_lookup(sclass, nlh->nlmsg_type, &perm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5947) if (rc == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5948) rc = sock_has_perm(sk, perm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5949) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5950) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5951) } else if (rc == -EINVAL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5952) /* -EINVAL is a missing msg/perm mapping */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5953) pr_warn_ratelimited("SELinux: unrecognized netlink"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5954) " message: protocol=%hu nlmsg_type=%hu sclass=%s"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5955) " pid=%d comm=%s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5956) sk->sk_protocol, nlh->nlmsg_type,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5957) secclass_map[sclass - 1].name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5958) task_pid_nr(current), current->comm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5959) if (enforcing_enabled(&selinux_state) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5960) !security_get_allow_unknown(&selinux_state))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5961) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5962) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5963) } else if (rc == -ENOENT) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5964) /* -ENOENT is a missing socket/class mapping, ignore */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5965) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5966) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5967) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5968) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5969)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5970) /* move to the next message after applying netlink padding */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5971) msg_len = NLMSG_ALIGN(nlh->nlmsg_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5972) if (msg_len >= data_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5973) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5974) data_len -= msg_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5975) data += msg_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5976) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5977)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5978) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5979) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5980)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5981) static void ipc_init_security(struct ipc_security_struct *isec, u16 sclass)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5982) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5983) isec->sclass = sclass;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5984) isec->sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5985) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5986)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5987) static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5988) u32 perms)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5989) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5990) struct ipc_security_struct *isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5991) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5992) u32 sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5993)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5994) isec = selinux_ipc(ipc_perms);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5995)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5996) ad.type = LSM_AUDIT_DATA_IPC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5997) ad.u.ipc_id = ipc_perms->key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5998)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5999) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6000) sid, isec->sid, isec->sclass, perms, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6001) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6002)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6003) static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6004) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6005) struct msg_security_struct *msec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6006)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6007) msec = selinux_msg_msg(msg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6008) msec->sid = SECINITSID_UNLABELED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6009)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6010) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6011) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6012)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6013) /* message queue security operations */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6014) static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6015) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6016) struct ipc_security_struct *isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6017) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6018) u32 sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6019) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6020)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6021) isec = selinux_ipc(msq);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6022) ipc_init_security(isec, SECCLASS_MSGQ);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6023)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6024) ad.type = LSM_AUDIT_DATA_IPC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6025) ad.u.ipc_id = msq->key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6026)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6027) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6028) sid, isec->sid, SECCLASS_MSGQ,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6029) MSGQ__CREATE, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6030) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6031) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6032)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6033) static int selinux_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6034) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6035) struct ipc_security_struct *isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6036) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6037) u32 sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6038)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6039) isec = selinux_ipc(msq);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6040)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6041) ad.type = LSM_AUDIT_DATA_IPC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6042) ad.u.ipc_id = msq->key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6043)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6044) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6045) sid, isec->sid, SECCLASS_MSGQ,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6046) MSGQ__ASSOCIATE, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6047) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6048)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6049) static int selinux_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6050) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6051) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6052) int perms;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6053)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6054) switch (cmd) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6055) case IPC_INFO:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6056) case MSG_INFO:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6057) /* No specific object, just general system-wide information. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6058) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6059) current_sid(), SECINITSID_KERNEL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6060) SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6061) case IPC_STAT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6062) case MSG_STAT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6063) case MSG_STAT_ANY:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6064) perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6065) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6066) case IPC_SET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6067) perms = MSGQ__SETATTR;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6068) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6069) case IPC_RMID:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6070) perms = MSGQ__DESTROY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6071) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6072) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6073) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6074) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6075)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6076) err = ipc_has_perm(msq, perms);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6077) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6078) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6079)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6080) static int selinux_msg_queue_msgsnd(struct kern_ipc_perm *msq, struct msg_msg *msg, int msqflg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6081) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6082) struct ipc_security_struct *isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6083) struct msg_security_struct *msec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6084) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6085) u32 sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6086) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6087)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6088) isec = selinux_ipc(msq);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6089) msec = selinux_msg_msg(msg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6090)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6091) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6092) * First time through, need to assign label to the message
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6093) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6094) if (msec->sid == SECINITSID_UNLABELED) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6095) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6096) * Compute new sid based on current process and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6097) * message queue this message will be stored in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6098) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6099) rc = security_transition_sid(&selinux_state, sid, isec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6100) SECCLASS_MSG, NULL, &msec->sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6101) if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6102) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6103) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6104)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6105) ad.type = LSM_AUDIT_DATA_IPC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6106) ad.u.ipc_id = msq->key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6107)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6108) /* Can this process write to the queue? */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6109) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6110) sid, isec->sid, SECCLASS_MSGQ,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6111) MSGQ__WRITE, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6112) if (!rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6113) /* Can this process send the message */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6114) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6115) sid, msec->sid, SECCLASS_MSG,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6116) MSG__SEND, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6117) if (!rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6118) /* Can the message be put in the queue? */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6119) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6120) msec->sid, isec->sid, SECCLASS_MSGQ,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6121) MSGQ__ENQUEUE, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6122)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6123) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6124) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6125)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6126) static int selinux_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6127) struct task_struct *target,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6128) long type, int mode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6129) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6130) struct ipc_security_struct *isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6131) struct msg_security_struct *msec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6132) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6133) u32 sid = task_sid(target);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6134) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6135)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6136) isec = selinux_ipc(msq);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6137) msec = selinux_msg_msg(msg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6138)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6139) ad.type = LSM_AUDIT_DATA_IPC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6140) ad.u.ipc_id = msq->key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6141)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6142) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6143) sid, isec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6144) SECCLASS_MSGQ, MSGQ__READ, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6145) if (!rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6146) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6147) sid, msec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6148) SECCLASS_MSG, MSG__RECEIVE, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6149) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6150) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6151)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6152) /* Shared Memory security operations */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6153) static int selinux_shm_alloc_security(struct kern_ipc_perm *shp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6154) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6155) struct ipc_security_struct *isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6156) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6157) u32 sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6158) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6159)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6160) isec = selinux_ipc(shp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6161) ipc_init_security(isec, SECCLASS_SHM);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6162)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6163) ad.type = LSM_AUDIT_DATA_IPC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6164) ad.u.ipc_id = shp->key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6165)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6166) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6167) sid, isec->sid, SECCLASS_SHM,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6168) SHM__CREATE, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6169) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6170) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6171)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6172) static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6173) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6174) struct ipc_security_struct *isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6175) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6176) u32 sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6177)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6178) isec = selinux_ipc(shp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6179)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6180) ad.type = LSM_AUDIT_DATA_IPC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6181) ad.u.ipc_id = shp->key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6182)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6183) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6184) sid, isec->sid, SECCLASS_SHM,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6185) SHM__ASSOCIATE, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6186) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6187)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6188) /* Note, at this point, shp is locked down */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6189) static int selinux_shm_shmctl(struct kern_ipc_perm *shp, int cmd)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6190) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6191) int perms;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6192) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6193)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6194) switch (cmd) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6195) case IPC_INFO:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6196) case SHM_INFO:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6197) /* No specific object, just general system-wide information. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6198) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6199) current_sid(), SECINITSID_KERNEL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6200) SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6201) case IPC_STAT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6202) case SHM_STAT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6203) case SHM_STAT_ANY:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6204) perms = SHM__GETATTR | SHM__ASSOCIATE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6205) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6206) case IPC_SET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6207) perms = SHM__SETATTR;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6208) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6209) case SHM_LOCK:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6210) case SHM_UNLOCK:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6211) perms = SHM__LOCK;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6212) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6213) case IPC_RMID:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6214) perms = SHM__DESTROY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6215) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6216) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6217) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6218) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6219)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6220) err = ipc_has_perm(shp, perms);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6221) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6222) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6223)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6224) static int selinux_shm_shmat(struct kern_ipc_perm *shp,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6225) char __user *shmaddr, int shmflg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6226) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6227) u32 perms;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6228)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6229) if (shmflg & SHM_RDONLY)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6230) perms = SHM__READ;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6231) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6232) perms = SHM__READ | SHM__WRITE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6233)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6234) return ipc_has_perm(shp, perms);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6235) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6236)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6237) /* Semaphore security operations */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6238) static int selinux_sem_alloc_security(struct kern_ipc_perm *sma)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6239) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6240) struct ipc_security_struct *isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6241) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6242) u32 sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6243) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6244)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6245) isec = selinux_ipc(sma);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6246) ipc_init_security(isec, SECCLASS_SEM);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6247)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6248) ad.type = LSM_AUDIT_DATA_IPC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6249) ad.u.ipc_id = sma->key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6250)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6251) rc = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6252) sid, isec->sid, SECCLASS_SEM,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6253) SEM__CREATE, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6254) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6255) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6256)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6257) static int selinux_sem_associate(struct kern_ipc_perm *sma, int semflg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6258) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6259) struct ipc_security_struct *isec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6260) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6261) u32 sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6262)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6263) isec = selinux_ipc(sma);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6264)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6265) ad.type = LSM_AUDIT_DATA_IPC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6266) ad.u.ipc_id = sma->key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6267)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6268) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6269) sid, isec->sid, SECCLASS_SEM,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6270) SEM__ASSOCIATE, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6271) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6272)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6273) /* Note, at this point, sma is locked down */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6274) static int selinux_sem_semctl(struct kern_ipc_perm *sma, int cmd)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6275) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6276) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6277) u32 perms;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6278)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6279) switch (cmd) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6280) case IPC_INFO:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6281) case SEM_INFO:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6282) /* No specific object, just general system-wide information. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6283) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6284) current_sid(), SECINITSID_KERNEL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6285) SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6286) case GETPID:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6287) case GETNCNT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6288) case GETZCNT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6289) perms = SEM__GETATTR;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6290) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6291) case GETVAL:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6292) case GETALL:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6293) perms = SEM__READ;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6294) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6295) case SETVAL:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6296) case SETALL:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6297) perms = SEM__WRITE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6298) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6299) case IPC_RMID:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6300) perms = SEM__DESTROY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6301) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6302) case IPC_SET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6303) perms = SEM__SETATTR;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6304) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6305) case IPC_STAT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6306) case SEM_STAT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6307) case SEM_STAT_ANY:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6308) perms = SEM__GETATTR | SEM__ASSOCIATE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6309) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6310) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6311) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6312) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6313)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6314) err = ipc_has_perm(sma, perms);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6315) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6316) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6317)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6318) static int selinux_sem_semop(struct kern_ipc_perm *sma,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6319) struct sembuf *sops, unsigned nsops, int alter)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6320) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6321) u32 perms;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6322)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6323) if (alter)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6324) perms = SEM__READ | SEM__WRITE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6325) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6326) perms = SEM__READ;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6327)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6328) return ipc_has_perm(sma, perms);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6329) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6330)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6331) static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6332) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6333) u32 av = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6334)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6335) av = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6336) if (flag & S_IRUGO)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6337) av |= IPC__UNIX_READ;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6338) if (flag & S_IWUGO)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6339) av |= IPC__UNIX_WRITE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6340)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6341) if (av == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6342) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6343)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6344) return ipc_has_perm(ipcp, av);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6345) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6346)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6347) static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6348) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6349) struct ipc_security_struct *isec = selinux_ipc(ipcp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6350) *secid = isec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6351) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6352)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6353) static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6354) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6355) if (inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6356) inode_doinit_with_dentry(inode, dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6357) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6358)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6359) static int selinux_getprocattr(struct task_struct *p,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6360) char *name, char **value)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6361) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6362) const struct task_security_struct *__tsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6363) u32 sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6364) int error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6365) unsigned len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6366)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6367) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6368) __tsec = selinux_cred(__task_cred(p));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6369)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6370) if (current != p) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6371) error = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6372) current_sid(), __tsec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6373) SECCLASS_PROCESS, PROCESS__GETATTR, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6374) if (error)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6375) goto bad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6376) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6377)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6378) if (!strcmp(name, "current"))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6379) sid = __tsec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6380) else if (!strcmp(name, "prev"))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6381) sid = __tsec->osid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6382) else if (!strcmp(name, "exec"))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6383) sid = __tsec->exec_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6384) else if (!strcmp(name, "fscreate"))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6385) sid = __tsec->create_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6386) else if (!strcmp(name, "keycreate"))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6387) sid = __tsec->keycreate_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6388) else if (!strcmp(name, "sockcreate"))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6389) sid = __tsec->sockcreate_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6390) else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6391) error = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6392) goto bad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6393) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6394) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6395)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6396) if (!sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6397) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6398)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6399) error = security_sid_to_context(&selinux_state, sid, value, &len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6400) if (error)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6401) return error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6402) return len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6403)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6404) bad:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6405) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6406) return error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6407) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6408)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6409) static int selinux_setprocattr(const char *name, void *value, size_t size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6410) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6411) struct task_security_struct *tsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6412) struct cred *new;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6413) u32 mysid = current_sid(), sid = 0, ptsid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6414) int error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6415) char *str = value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6416)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6417) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6418) * Basic control over ability to set these attributes at all.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6419) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6420) if (!strcmp(name, "exec"))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6421) error = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6422) mysid, mysid, SECCLASS_PROCESS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6423) PROCESS__SETEXEC, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6424) else if (!strcmp(name, "fscreate"))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6425) error = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6426) mysid, mysid, SECCLASS_PROCESS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6427) PROCESS__SETFSCREATE, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6428) else if (!strcmp(name, "keycreate"))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6429) error = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6430) mysid, mysid, SECCLASS_PROCESS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6431) PROCESS__SETKEYCREATE, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6432) else if (!strcmp(name, "sockcreate"))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6433) error = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6434) mysid, mysid, SECCLASS_PROCESS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6435) PROCESS__SETSOCKCREATE, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6436) else if (!strcmp(name, "current"))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6437) error = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6438) mysid, mysid, SECCLASS_PROCESS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6439) PROCESS__SETCURRENT, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6440) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6441) error = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6442) if (error)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6443) return error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6444)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6445) /* Obtain a SID for the context, if one was specified. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6446) if (size && str[0] && str[0] != '\n') {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6447) if (str[size-1] == '\n') {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6448) str[size-1] = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6449) size--;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6450) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6451) error = security_context_to_sid(&selinux_state, value, size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6452) &sid, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6453) if (error == -EINVAL && !strcmp(name, "fscreate")) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6454) if (!has_cap_mac_admin(true)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6455) struct audit_buffer *ab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6456) size_t audit_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6457)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6458) /* We strip a nul only if it is at the end, otherwise the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6459) * context contains a nul and we should audit that */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6460) if (str[size - 1] == '\0')
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6461) audit_size = size - 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6462) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6463) audit_size = size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6464) ab = audit_log_start(audit_context(),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6465) GFP_ATOMIC,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6466) AUDIT_SELINUX_ERR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6467) audit_log_format(ab, "op=fscreate invalid_context=");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6468) audit_log_n_untrustedstring(ab, value, audit_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6469) audit_log_end(ab);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6470)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6471) return error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6472) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6473) error = security_context_to_sid_force(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6474) &selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6475) value, size, &sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6476) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6477) if (error)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6478) return error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6479) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6480)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6481) new = prepare_creds();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6482) if (!new)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6483) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6484)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6485) /* Permission checking based on the specified context is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6486) performed during the actual operation (execve,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6487) open/mkdir/...), when we know the full context of the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6488) operation. See selinux_bprm_creds_for_exec for the execve
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6489) checks and may_create for the file creation checks. The
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6490) operation will then fail if the context is not permitted. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6491) tsec = selinux_cred(new);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6492) if (!strcmp(name, "exec")) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6493) tsec->exec_sid = sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6494) } else if (!strcmp(name, "fscreate")) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6495) tsec->create_sid = sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6496) } else if (!strcmp(name, "keycreate")) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6497) if (sid) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6498) error = avc_has_perm(&selinux_state, mysid, sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6499) SECCLASS_KEY, KEY__CREATE, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6500) if (error)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6501) goto abort_change;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6502) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6503) tsec->keycreate_sid = sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6504) } else if (!strcmp(name, "sockcreate")) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6505) tsec->sockcreate_sid = sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6506) } else if (!strcmp(name, "current")) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6507) error = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6508) if (sid == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6509) goto abort_change;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6510)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6511) /* Only allow single threaded processes to change context */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6512) error = -EPERM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6513) if (!current_is_single_threaded()) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6514) error = security_bounded_transition(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6515) tsec->sid, sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6516) if (error)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6517) goto abort_change;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6518) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6519)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6520) /* Check permissions for the transition. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6521) error = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6522) tsec->sid, sid, SECCLASS_PROCESS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6523) PROCESS__DYNTRANSITION, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6524) if (error)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6525) goto abort_change;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6526)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6527) /* Check for ptracing, and update the task SID if ok.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6528) Otherwise, leave SID unchanged and fail. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6529) ptsid = ptrace_parent_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6530) if (ptsid != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6531) error = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6532) ptsid, sid, SECCLASS_PROCESS,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6533) PROCESS__PTRACE, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6534) if (error)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6535) goto abort_change;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6536) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6537)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6538) tsec->sid = sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6539) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6540) error = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6541) goto abort_change;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6542) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6543)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6544) commit_creds(new);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6545) return size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6546)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6547) abort_change:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6548) abort_creds(new);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6549) return error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6550) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6551)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6552) static int selinux_ismaclabel(const char *name)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6553) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6554) return (strcmp(name, XATTR_SELINUX_SUFFIX) == 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6555) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6556)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6557) static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6558) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6559) return security_sid_to_context(&selinux_state, secid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6560) secdata, seclen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6561) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6562)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6563) static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6564) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6565) return security_context_to_sid(&selinux_state, secdata, seclen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6566) secid, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6567) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6568)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6569) static void selinux_release_secctx(char *secdata, u32 seclen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6570) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6571) kfree(secdata);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6572) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6573)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6574) static void selinux_inode_invalidate_secctx(struct inode *inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6575) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6576) struct inode_security_struct *isec = selinux_inode(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6577)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6578) spin_lock(&isec->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6579) isec->initialized = LABEL_INVALID;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6580) spin_unlock(&isec->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6581) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6582)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6583) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6584) * called with inode->i_mutex locked
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6585) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6586) static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6587) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6588) int rc = selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6589) ctx, ctxlen, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6590) /* Do not return error when suppressing label (SBLABEL_MNT not set). */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6591) return rc == -EOPNOTSUPP ? 0 : rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6592) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6593)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6594) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6595) * called with inode->i_mutex locked
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6596) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6597) static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6598) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6599) return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6600) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6601)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6602) static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6603) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6604) int len = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6605) len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6606) ctx, true);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6607) if (len < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6608) return len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6609) *ctxlen = len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6610) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6611) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6612) #ifdef CONFIG_KEYS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6613)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6614) static int selinux_key_alloc(struct key *k, const struct cred *cred,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6615) unsigned long flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6616) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6617) const struct task_security_struct *tsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6618) struct key_security_struct *ksec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6619)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6620) ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6621) if (!ksec)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6622) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6623)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6624) tsec = selinux_cred(cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6625) if (tsec->keycreate_sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6626) ksec->sid = tsec->keycreate_sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6627) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6628) ksec->sid = tsec->sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6629)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6630) k->security = ksec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6631) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6632) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6633)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6634) static void selinux_key_free(struct key *k)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6635) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6636) struct key_security_struct *ksec = k->security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6637)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6638) k->security = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6639) kfree(ksec);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6640) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6641)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6642) static int selinux_key_permission(key_ref_t key_ref,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6643) const struct cred *cred,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6644) enum key_need_perm need_perm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6645) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6646) struct key *key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6647) struct key_security_struct *ksec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6648) u32 perm, sid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6649)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6650) switch (need_perm) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6651) case KEY_NEED_VIEW:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6652) perm = KEY__VIEW;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6653) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6654) case KEY_NEED_READ:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6655) perm = KEY__READ;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6656) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6657) case KEY_NEED_WRITE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6658) perm = KEY__WRITE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6659) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6660) case KEY_NEED_SEARCH:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6661) perm = KEY__SEARCH;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6662) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6663) case KEY_NEED_LINK:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6664) perm = KEY__LINK;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6665) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6666) case KEY_NEED_SETATTR:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6667) perm = KEY__SETATTR;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6668) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6669) case KEY_NEED_UNLINK:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6670) case KEY_SYSADMIN_OVERRIDE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6671) case KEY_AUTHTOKEN_OVERRIDE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6672) case KEY_DEFER_PERM_CHECK:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6673) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6674) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6675) WARN_ON(1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6676) return -EPERM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6677)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6678) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6679)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6680) sid = cred_sid(cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6681) key = key_ref_to_ptr(key_ref);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6682) ksec = key->security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6683)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6684) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6685) sid, ksec->sid, SECCLASS_KEY, perm, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6686) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6687)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6688) static int selinux_key_getsecurity(struct key *key, char **_buffer)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6689) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6690) struct key_security_struct *ksec = key->security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6691) char *context = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6692) unsigned len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6693) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6694)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6695) rc = security_sid_to_context(&selinux_state, ksec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6696) &context, &len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6697) if (!rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6698) rc = len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6699) *_buffer = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6700) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6701) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6702)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6703) #ifdef CONFIG_KEY_NOTIFICATIONS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6704) static int selinux_watch_key(struct key *key)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6705) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6706) struct key_security_struct *ksec = key->security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6707) u32 sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6708)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6709) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6710) sid, ksec->sid, SECCLASS_KEY, KEY__VIEW, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6711) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6712) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6713) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6714)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6715) #ifdef CONFIG_SECURITY_INFINIBAND
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6716) static int selinux_ib_pkey_access(void *ib_sec, u64 subnet_prefix, u16 pkey_val)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6717) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6718) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6719) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6720) u32 sid = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6721) struct ib_security_struct *sec = ib_sec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6722) struct lsm_ibpkey_audit ibpkey;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6723)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6724) err = sel_ib_pkey_sid(subnet_prefix, pkey_val, &sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6725) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6726) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6727)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6728) ad.type = LSM_AUDIT_DATA_IBPKEY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6729) ibpkey.subnet_prefix = subnet_prefix;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6730) ibpkey.pkey = pkey_val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6731) ad.u.ibpkey = &ibpkey;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6732) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6733) sec->sid, sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6734) SECCLASS_INFINIBAND_PKEY,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6735) INFINIBAND_PKEY__ACCESS, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6736) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6737)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6738) static int selinux_ib_endport_manage_subnet(void *ib_sec, const char *dev_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6739) u8 port_num)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6740) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6741) struct common_audit_data ad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6742) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6743) u32 sid = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6744) struct ib_security_struct *sec = ib_sec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6745) struct lsm_ibendport_audit ibendport;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6746)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6747) err = security_ib_endport_sid(&selinux_state, dev_name, port_num,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6748) &sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6749)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6750) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6751) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6752)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6753) ad.type = LSM_AUDIT_DATA_IBENDPORT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6754) strncpy(ibendport.dev_name, dev_name, sizeof(ibendport.dev_name));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6755) ibendport.port = port_num;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6756) ad.u.ibendport = &ibendport;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6757) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6758) sec->sid, sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6759) SECCLASS_INFINIBAND_ENDPORT,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6760) INFINIBAND_ENDPORT__MANAGE_SUBNET, &ad);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6761) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6762)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6763) static int selinux_ib_alloc_security(void **ib_sec)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6764) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6765) struct ib_security_struct *sec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6766)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6767) sec = kzalloc(sizeof(*sec), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6768) if (!sec)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6769) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6770) sec->sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6771)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6772) *ib_sec = sec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6773) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6774) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6775)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6776) static void selinux_ib_free_security(void *ib_sec)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6777) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6778) kfree(ib_sec);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6779) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6780) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6781)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6782) #ifdef CONFIG_BPF_SYSCALL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6783) static int selinux_bpf(int cmd, union bpf_attr *attr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6784) unsigned int size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6785) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6786) u32 sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6787) int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6788)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6789) switch (cmd) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6790) case BPF_MAP_CREATE:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6791) ret = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6792) sid, sid, SECCLASS_BPF, BPF__MAP_CREATE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6793) NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6794) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6795) case BPF_PROG_LOAD:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6796) ret = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6797) sid, sid, SECCLASS_BPF, BPF__PROG_LOAD,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6798) NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6799) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6800) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6801) ret = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6802) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6803) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6804)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6805) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6806) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6807)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6808) static u32 bpf_map_fmode_to_av(fmode_t fmode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6809) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6810) u32 av = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6811)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6812) if (fmode & FMODE_READ)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6813) av |= BPF__MAP_READ;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6814) if (fmode & FMODE_WRITE)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6815) av |= BPF__MAP_WRITE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6816) return av;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6817) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6818)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6819) /* This function will check the file pass through unix socket or binder to see
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6820) * if it is a bpf related object. And apply correspinding checks on the bpf
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6821) * object based on the type. The bpf maps and programs, not like other files and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6822) * socket, are using a shared anonymous inode inside the kernel as their inode.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6823) * So checking that inode cannot identify if the process have privilege to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6824) * access the bpf object and that's why we have to add this additional check in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6825) * selinux_file_receive and selinux_binder_transfer_files.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6826) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6827) static int bpf_fd_pass(struct file *file, u32 sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6828) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6829) struct bpf_security_struct *bpfsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6830) struct bpf_prog *prog;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6831) struct bpf_map *map;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6832) int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6833)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6834) if (file->f_op == &bpf_map_fops) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6835) map = file->private_data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6836) bpfsec = map->security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6837) ret = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6838) sid, bpfsec->sid, SECCLASS_BPF,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6839) bpf_map_fmode_to_av(file->f_mode), NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6840) if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6841) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6842) } else if (file->f_op == &bpf_prog_fops) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6843) prog = file->private_data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6844) bpfsec = prog->aux->security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6845) ret = avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6846) sid, bpfsec->sid, SECCLASS_BPF,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6847) BPF__PROG_RUN, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6848) if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6849) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6850) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6851) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6852) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6853)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6854) static int selinux_bpf_map(struct bpf_map *map, fmode_t fmode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6855) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6856) u32 sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6857) struct bpf_security_struct *bpfsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6858)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6859) bpfsec = map->security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6860) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6861) sid, bpfsec->sid, SECCLASS_BPF,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6862) bpf_map_fmode_to_av(fmode), NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6863) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6864)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6865) static int selinux_bpf_prog(struct bpf_prog *prog)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6866) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6867) u32 sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6868) struct bpf_security_struct *bpfsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6869)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6870) bpfsec = prog->aux->security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6871) return avc_has_perm(&selinux_state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6872) sid, bpfsec->sid, SECCLASS_BPF,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6873) BPF__PROG_RUN, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6874) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6875)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6876) static int selinux_bpf_map_alloc(struct bpf_map *map)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6877) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6878) struct bpf_security_struct *bpfsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6879)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6880) bpfsec = kzalloc(sizeof(*bpfsec), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6881) if (!bpfsec)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6882) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6883)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6884) bpfsec->sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6885) map->security = bpfsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6886)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6887) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6888) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6889)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6890) static void selinux_bpf_map_free(struct bpf_map *map)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6891) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6892) struct bpf_security_struct *bpfsec = map->security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6893)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6894) map->security = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6895) kfree(bpfsec);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6896) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6897)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6898) static int selinux_bpf_prog_alloc(struct bpf_prog_aux *aux)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6899) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6900) struct bpf_security_struct *bpfsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6901)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6902) bpfsec = kzalloc(sizeof(*bpfsec), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6903) if (!bpfsec)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6904) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6905)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6906) bpfsec->sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6907) aux->security = bpfsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6908)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6909) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6910) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6911)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6912) static void selinux_bpf_prog_free(struct bpf_prog_aux *aux)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6913) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6914) struct bpf_security_struct *bpfsec = aux->security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6915)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6916) aux->security = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6917) kfree(bpfsec);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6918) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6919) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6920)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6921) struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6922) .lbs_cred = sizeof(struct task_security_struct),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6923) .lbs_file = sizeof(struct file_security_struct),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6924) .lbs_inode = sizeof(struct inode_security_struct),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6925) .lbs_ipc = sizeof(struct ipc_security_struct),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6926) .lbs_msg_msg = sizeof(struct msg_security_struct),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6927) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6928)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6929) #ifdef CONFIG_PERF_EVENTS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6930) static int selinux_perf_event_open(struct perf_event_attr *attr, int type)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6931) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6932) u32 requested, sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6933)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6934) if (type == PERF_SECURITY_OPEN)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6935) requested = PERF_EVENT__OPEN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6936) else if (type == PERF_SECURITY_CPU)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6937) requested = PERF_EVENT__CPU;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6938) else if (type == PERF_SECURITY_KERNEL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6939) requested = PERF_EVENT__KERNEL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6940) else if (type == PERF_SECURITY_TRACEPOINT)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6941) requested = PERF_EVENT__TRACEPOINT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6942) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6943) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6944)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6945) return avc_has_perm(&selinux_state, sid, sid, SECCLASS_PERF_EVENT,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6946) requested, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6947) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6948)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6949) static int selinux_perf_event_alloc(struct perf_event *event)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6950) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6951) struct perf_event_security_struct *perfsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6952)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6953) perfsec = kzalloc(sizeof(*perfsec), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6954) if (!perfsec)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6955) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6956)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6957) perfsec->sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6958) event->security = perfsec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6959)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6960) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6961) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6962)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6963) static void selinux_perf_event_free(struct perf_event *event)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6964) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6965) struct perf_event_security_struct *perfsec = event->security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6966)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6967) event->security = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6968) kfree(perfsec);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6969) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6970)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6971) static int selinux_perf_event_read(struct perf_event *event)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6972) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6973) struct perf_event_security_struct *perfsec = event->security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6974) u32 sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6975)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6976) return avc_has_perm(&selinux_state, sid, perfsec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6977) SECCLASS_PERF_EVENT, PERF_EVENT__READ, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6978) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6979)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6980) static int selinux_perf_event_write(struct perf_event *event)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6981) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6982) struct perf_event_security_struct *perfsec = event->security;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6983) u32 sid = current_sid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6984)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6985) return avc_has_perm(&selinux_state, sid, perfsec->sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6986) SECCLASS_PERF_EVENT, PERF_EVENT__WRITE, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6987) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6988) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6989)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6990) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6991) * IMPORTANT NOTE: When adding new hooks, please be careful to keep this order:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6992) * 1. any hooks that don't belong to (2.) or (3.) below,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6993) * 2. hooks that both access structures allocated by other hooks, and allocate
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6994) * structures that can be later accessed by other hooks (mostly "cloning"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6995) * hooks),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6996) * 3. hooks that only allocate structures that can be later accessed by other
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6997) * hooks ("allocating" hooks).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6998) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6999) * Please follow block comment delimiters in the list to keep this order.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7000) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7001) * This ordering is needed for SELinux runtime disable to work at least somewhat
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7002) * safely. Breaking the ordering rules above might lead to NULL pointer derefs
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7003) * when disabling SELinux at runtime.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7004) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7005) static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7006) LSM_HOOK_INIT(binder_set_context_mgr, selinux_binder_set_context_mgr),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7007) LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7008) LSM_HOOK_INIT(binder_transfer_binder, selinux_binder_transfer_binder),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7009) LSM_HOOK_INIT(binder_transfer_file, selinux_binder_transfer_file),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7010)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7011) LSM_HOOK_INIT(ptrace_access_check, selinux_ptrace_access_check),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7012) LSM_HOOK_INIT(ptrace_traceme, selinux_ptrace_traceme),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7013) LSM_HOOK_INIT(capget, selinux_capget),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7014) LSM_HOOK_INIT(capset, selinux_capset),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7015) LSM_HOOK_INIT(capable, selinux_capable),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7016) LSM_HOOK_INIT(quotactl, selinux_quotactl),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7017) LSM_HOOK_INIT(quota_on, selinux_quota_on),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7018) LSM_HOOK_INIT(syslog, selinux_syslog),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7019) LSM_HOOK_INIT(vm_enough_memory, selinux_vm_enough_memory),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7020)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7021) LSM_HOOK_INIT(netlink_send, selinux_netlink_send),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7022)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7023) LSM_HOOK_INIT(bprm_creds_for_exec, selinux_bprm_creds_for_exec),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7024) LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7025) LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7026)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7027) LSM_HOOK_INIT(sb_free_security, selinux_sb_free_security),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7028) LSM_HOOK_INIT(sb_free_mnt_opts, selinux_free_mnt_opts),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7029) LSM_HOOK_INIT(sb_remount, selinux_sb_remount),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7030) LSM_HOOK_INIT(sb_kern_mount, selinux_sb_kern_mount),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7031) LSM_HOOK_INIT(sb_show_options, selinux_sb_show_options),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7032) LSM_HOOK_INIT(sb_statfs, selinux_sb_statfs),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7033) LSM_HOOK_INIT(sb_mount, selinux_mount),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7034) LSM_HOOK_INIT(sb_umount, selinux_umount),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7035) LSM_HOOK_INIT(sb_set_mnt_opts, selinux_set_mnt_opts),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7036) LSM_HOOK_INIT(sb_clone_mnt_opts, selinux_sb_clone_mnt_opts),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7037)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7038) LSM_HOOK_INIT(move_mount, selinux_move_mount),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7039)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7040) LSM_HOOK_INIT(dentry_init_security, selinux_dentry_init_security),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7041) LSM_HOOK_INIT(dentry_create_files_as, selinux_dentry_create_files_as),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7042)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7043) LSM_HOOK_INIT(inode_free_security, selinux_inode_free_security),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7044) LSM_HOOK_INIT(inode_init_security, selinux_inode_init_security),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7045) LSM_HOOK_INIT(inode_init_security_anon, selinux_inode_init_security_anon),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7046) LSM_HOOK_INIT(inode_create, selinux_inode_create),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7047) LSM_HOOK_INIT(inode_link, selinux_inode_link),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7048) LSM_HOOK_INIT(inode_unlink, selinux_inode_unlink),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7049) LSM_HOOK_INIT(inode_symlink, selinux_inode_symlink),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7050) LSM_HOOK_INIT(inode_mkdir, selinux_inode_mkdir),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7051) LSM_HOOK_INIT(inode_rmdir, selinux_inode_rmdir),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7052) LSM_HOOK_INIT(inode_mknod, selinux_inode_mknod),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7053) LSM_HOOK_INIT(inode_rename, selinux_inode_rename),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7054) LSM_HOOK_INIT(inode_readlink, selinux_inode_readlink),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7055) LSM_HOOK_INIT(inode_follow_link, selinux_inode_follow_link),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7056) LSM_HOOK_INIT(inode_permission, selinux_inode_permission),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7057) LSM_HOOK_INIT(inode_setattr, selinux_inode_setattr),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7058) LSM_HOOK_INIT(inode_getattr, selinux_inode_getattr),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7059) LSM_HOOK_INIT(inode_setxattr, selinux_inode_setxattr),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7060) LSM_HOOK_INIT(inode_post_setxattr, selinux_inode_post_setxattr),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7061) LSM_HOOK_INIT(inode_getxattr, selinux_inode_getxattr),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7062) LSM_HOOK_INIT(inode_listxattr, selinux_inode_listxattr),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7063) LSM_HOOK_INIT(inode_removexattr, selinux_inode_removexattr),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7064) LSM_HOOK_INIT(inode_getsecurity, selinux_inode_getsecurity),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7065) LSM_HOOK_INIT(inode_setsecurity, selinux_inode_setsecurity),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7066) LSM_HOOK_INIT(inode_listsecurity, selinux_inode_listsecurity),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7067) LSM_HOOK_INIT(inode_getsecid, selinux_inode_getsecid),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7068) LSM_HOOK_INIT(inode_copy_up, selinux_inode_copy_up),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7069) LSM_HOOK_INIT(inode_copy_up_xattr, selinux_inode_copy_up_xattr),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7070) LSM_HOOK_INIT(path_notify, selinux_path_notify),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7071)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7072) LSM_HOOK_INIT(kernfs_init_security, selinux_kernfs_init_security),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7073)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7074) LSM_HOOK_INIT(file_permission, selinux_file_permission),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7075) LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7076) LSM_HOOK_INIT(file_ioctl, selinux_file_ioctl),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7077) LSM_HOOK_INIT(mmap_file, selinux_mmap_file),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7078) LSM_HOOK_INIT(mmap_addr, selinux_mmap_addr),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7079) LSM_HOOK_INIT(file_mprotect, selinux_file_mprotect),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7080) LSM_HOOK_INIT(file_lock, selinux_file_lock),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7081) LSM_HOOK_INIT(file_fcntl, selinux_file_fcntl),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7082) LSM_HOOK_INIT(file_set_fowner, selinux_file_set_fowner),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7083) LSM_HOOK_INIT(file_send_sigiotask, selinux_file_send_sigiotask),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7084) LSM_HOOK_INIT(file_receive, selinux_file_receive),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7085)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7086) LSM_HOOK_INIT(file_open, selinux_file_open),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7087)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7088) LSM_HOOK_INIT(task_alloc, selinux_task_alloc),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7089) LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7090) LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7091) LSM_HOOK_INIT(cred_getsecid, selinux_cred_getsecid),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7092) LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7093) LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7094) LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7095) LSM_HOOK_INIT(kernel_load_data, selinux_kernel_load_data),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7096) LSM_HOOK_INIT(kernel_read_file, selinux_kernel_read_file),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7097) LSM_HOOK_INIT(task_setpgid, selinux_task_setpgid),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7098) LSM_HOOK_INIT(task_getpgid, selinux_task_getpgid),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7099) LSM_HOOK_INIT(task_getsid, selinux_task_getsid),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7100) LSM_HOOK_INIT(task_getsecid, selinux_task_getsecid),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7101) LSM_HOOK_INIT(task_setnice, selinux_task_setnice),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7102) LSM_HOOK_INIT(task_setioprio, selinux_task_setioprio),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7103) LSM_HOOK_INIT(task_getioprio, selinux_task_getioprio),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7104) LSM_HOOK_INIT(task_prlimit, selinux_task_prlimit),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7105) LSM_HOOK_INIT(task_setrlimit, selinux_task_setrlimit),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7106) LSM_HOOK_INIT(task_setscheduler, selinux_task_setscheduler),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7107) LSM_HOOK_INIT(task_getscheduler, selinux_task_getscheduler),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7108) LSM_HOOK_INIT(task_movememory, selinux_task_movememory),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7109) LSM_HOOK_INIT(task_kill, selinux_task_kill),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7110) LSM_HOOK_INIT(task_to_inode, selinux_task_to_inode),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7111)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7112) LSM_HOOK_INIT(ipc_permission, selinux_ipc_permission),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7113) LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7114)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7115) LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7116) LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7117) LSM_HOOK_INIT(msg_queue_msgsnd, selinux_msg_queue_msgsnd),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7118) LSM_HOOK_INIT(msg_queue_msgrcv, selinux_msg_queue_msgrcv),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7119)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7120) LSM_HOOK_INIT(shm_associate, selinux_shm_associate),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7121) LSM_HOOK_INIT(shm_shmctl, selinux_shm_shmctl),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7122) LSM_HOOK_INIT(shm_shmat, selinux_shm_shmat),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7123)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7124) LSM_HOOK_INIT(sem_associate, selinux_sem_associate),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7125) LSM_HOOK_INIT(sem_semctl, selinux_sem_semctl),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7126) LSM_HOOK_INIT(sem_semop, selinux_sem_semop),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7127)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7128) LSM_HOOK_INIT(d_instantiate, selinux_d_instantiate),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7129)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7130) LSM_HOOK_INIT(getprocattr, selinux_getprocattr),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7131) LSM_HOOK_INIT(setprocattr, selinux_setprocattr),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7132)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7133) LSM_HOOK_INIT(ismaclabel, selinux_ismaclabel),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7134) LSM_HOOK_INIT(secctx_to_secid, selinux_secctx_to_secid),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7135) LSM_HOOK_INIT(release_secctx, selinux_release_secctx),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7136) LSM_HOOK_INIT(inode_invalidate_secctx, selinux_inode_invalidate_secctx),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7137) LSM_HOOK_INIT(inode_notifysecctx, selinux_inode_notifysecctx),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7138) LSM_HOOK_INIT(inode_setsecctx, selinux_inode_setsecctx),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7139)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7140) LSM_HOOK_INIT(unix_stream_connect, selinux_socket_unix_stream_connect),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7141) LSM_HOOK_INIT(unix_may_send, selinux_socket_unix_may_send),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7142)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7143) LSM_HOOK_INIT(socket_create, selinux_socket_create),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7144) LSM_HOOK_INIT(socket_post_create, selinux_socket_post_create),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7145) LSM_HOOK_INIT(socket_socketpair, selinux_socket_socketpair),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7146) LSM_HOOK_INIT(socket_bind, selinux_socket_bind),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7147) LSM_HOOK_INIT(socket_connect, selinux_socket_connect),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7148) LSM_HOOK_INIT(socket_listen, selinux_socket_listen),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7149) LSM_HOOK_INIT(socket_accept, selinux_socket_accept),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7150) LSM_HOOK_INIT(socket_sendmsg, selinux_socket_sendmsg),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7151) LSM_HOOK_INIT(socket_recvmsg, selinux_socket_recvmsg),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7152) LSM_HOOK_INIT(socket_getsockname, selinux_socket_getsockname),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7153) LSM_HOOK_INIT(socket_getpeername, selinux_socket_getpeername),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7154) LSM_HOOK_INIT(socket_getsockopt, selinux_socket_getsockopt),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7155) LSM_HOOK_INIT(socket_setsockopt, selinux_socket_setsockopt),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7156) LSM_HOOK_INIT(socket_shutdown, selinux_socket_shutdown),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7157) LSM_HOOK_INIT(socket_sock_rcv_skb, selinux_socket_sock_rcv_skb),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7158) LSM_HOOK_INIT(socket_getpeersec_stream,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7159) selinux_socket_getpeersec_stream),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7160) LSM_HOOK_INIT(socket_getpeersec_dgram, selinux_socket_getpeersec_dgram),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7161) LSM_HOOK_INIT(sk_free_security, selinux_sk_free_security),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7162) LSM_HOOK_INIT(sk_clone_security, selinux_sk_clone_security),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7163) LSM_HOOK_INIT(sk_getsecid, selinux_sk_getsecid),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7164) LSM_HOOK_INIT(sock_graft, selinux_sock_graft),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7165) LSM_HOOK_INIT(sctp_assoc_request, selinux_sctp_assoc_request),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7166) LSM_HOOK_INIT(sctp_sk_clone, selinux_sctp_sk_clone),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7167) LSM_HOOK_INIT(sctp_bind_connect, selinux_sctp_bind_connect),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7168) LSM_HOOK_INIT(inet_conn_request, selinux_inet_conn_request),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7169) LSM_HOOK_INIT(inet_csk_clone, selinux_inet_csk_clone),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7170) LSM_HOOK_INIT(inet_conn_established, selinux_inet_conn_established),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7171) LSM_HOOK_INIT(secmark_relabel_packet, selinux_secmark_relabel_packet),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7172) LSM_HOOK_INIT(secmark_refcount_inc, selinux_secmark_refcount_inc),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7173) LSM_HOOK_INIT(secmark_refcount_dec, selinux_secmark_refcount_dec),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7174) LSM_HOOK_INIT(req_classify_flow, selinux_req_classify_flow),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7175) LSM_HOOK_INIT(tun_dev_free_security, selinux_tun_dev_free_security),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7176) LSM_HOOK_INIT(tun_dev_create, selinux_tun_dev_create),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7177) LSM_HOOK_INIT(tun_dev_attach_queue, selinux_tun_dev_attach_queue),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7178) LSM_HOOK_INIT(tun_dev_attach, selinux_tun_dev_attach),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7179) LSM_HOOK_INIT(tun_dev_open, selinux_tun_dev_open),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7180) #ifdef CONFIG_SECURITY_INFINIBAND
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7181) LSM_HOOK_INIT(ib_pkey_access, selinux_ib_pkey_access),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7182) LSM_HOOK_INIT(ib_endport_manage_subnet,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7183) selinux_ib_endport_manage_subnet),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7184) LSM_HOOK_INIT(ib_free_security, selinux_ib_free_security),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7185) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7186) #ifdef CONFIG_SECURITY_NETWORK_XFRM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7187) LSM_HOOK_INIT(xfrm_policy_free_security, selinux_xfrm_policy_free),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7188) LSM_HOOK_INIT(xfrm_policy_delete_security, selinux_xfrm_policy_delete),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7189) LSM_HOOK_INIT(xfrm_state_free_security, selinux_xfrm_state_free),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7190) LSM_HOOK_INIT(xfrm_state_delete_security, selinux_xfrm_state_delete),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7191) LSM_HOOK_INIT(xfrm_policy_lookup, selinux_xfrm_policy_lookup),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7192) LSM_HOOK_INIT(xfrm_state_pol_flow_match,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7193) selinux_xfrm_state_pol_flow_match),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7194) LSM_HOOK_INIT(xfrm_decode_session, selinux_xfrm_decode_session),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7195) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7196)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7197) #ifdef CONFIG_KEYS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7198) LSM_HOOK_INIT(key_free, selinux_key_free),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7199) LSM_HOOK_INIT(key_permission, selinux_key_permission),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7200) LSM_HOOK_INIT(key_getsecurity, selinux_key_getsecurity),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7201) #ifdef CONFIG_KEY_NOTIFICATIONS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7202) LSM_HOOK_INIT(watch_key, selinux_watch_key),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7203) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7204) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7205)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7206) #ifdef CONFIG_AUDIT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7207) LSM_HOOK_INIT(audit_rule_known, selinux_audit_rule_known),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7208) LSM_HOOK_INIT(audit_rule_match, selinux_audit_rule_match),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7209) LSM_HOOK_INIT(audit_rule_free, selinux_audit_rule_free),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7210) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7211)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7212) #ifdef CONFIG_BPF_SYSCALL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7213) LSM_HOOK_INIT(bpf, selinux_bpf),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7214) LSM_HOOK_INIT(bpf_map, selinux_bpf_map),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7215) LSM_HOOK_INIT(bpf_prog, selinux_bpf_prog),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7216) LSM_HOOK_INIT(bpf_map_free_security, selinux_bpf_map_free),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7217) LSM_HOOK_INIT(bpf_prog_free_security, selinux_bpf_prog_free),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7218) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7219)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7220) #ifdef CONFIG_PERF_EVENTS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7221) LSM_HOOK_INIT(perf_event_open, selinux_perf_event_open),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7222) LSM_HOOK_INIT(perf_event_free, selinux_perf_event_free),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7223) LSM_HOOK_INIT(perf_event_read, selinux_perf_event_read),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7224) LSM_HOOK_INIT(perf_event_write, selinux_perf_event_write),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7225) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7226)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7227) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7228) * PUT "CLONING" (ACCESSING + ALLOCATING) HOOKS HERE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7229) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7230) LSM_HOOK_INIT(fs_context_dup, selinux_fs_context_dup),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7231) LSM_HOOK_INIT(fs_context_parse_param, selinux_fs_context_parse_param),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7232) LSM_HOOK_INIT(sb_eat_lsm_opts, selinux_sb_eat_lsm_opts),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7233) LSM_HOOK_INIT(sb_add_mnt_opt, selinux_add_mnt_opt),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7234) #ifdef CONFIG_SECURITY_NETWORK_XFRM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7235) LSM_HOOK_INIT(xfrm_policy_clone_security, selinux_xfrm_policy_clone),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7236) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7237)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7238) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7239) * PUT "ALLOCATING" HOOKS HERE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7240) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7241) LSM_HOOK_INIT(msg_msg_alloc_security, selinux_msg_msg_alloc_security),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7242) LSM_HOOK_INIT(msg_queue_alloc_security,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7243) selinux_msg_queue_alloc_security),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7244) LSM_HOOK_INIT(shm_alloc_security, selinux_shm_alloc_security),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7245) LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7246) LSM_HOOK_INIT(inode_alloc_security, selinux_inode_alloc_security),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7247) LSM_HOOK_INIT(sem_alloc_security, selinux_sem_alloc_security),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7248) LSM_HOOK_INIT(secid_to_secctx, selinux_secid_to_secctx),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7249) LSM_HOOK_INIT(inode_getsecctx, selinux_inode_getsecctx),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7250) LSM_HOOK_INIT(sk_alloc_security, selinux_sk_alloc_security),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7251) LSM_HOOK_INIT(tun_dev_alloc_security, selinux_tun_dev_alloc_security),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7252) #ifdef CONFIG_SECURITY_INFINIBAND
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7253) LSM_HOOK_INIT(ib_alloc_security, selinux_ib_alloc_security),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7254) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7255) #ifdef CONFIG_SECURITY_NETWORK_XFRM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7256) LSM_HOOK_INIT(xfrm_policy_alloc_security, selinux_xfrm_policy_alloc),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7257) LSM_HOOK_INIT(xfrm_state_alloc, selinux_xfrm_state_alloc),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7258) LSM_HOOK_INIT(xfrm_state_alloc_acquire,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7259) selinux_xfrm_state_alloc_acquire),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7260) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7261) #ifdef CONFIG_KEYS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7262) LSM_HOOK_INIT(key_alloc, selinux_key_alloc),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7263) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7264) #ifdef CONFIG_AUDIT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7265) LSM_HOOK_INIT(audit_rule_init, selinux_audit_rule_init),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7266) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7267) #ifdef CONFIG_BPF_SYSCALL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7268) LSM_HOOK_INIT(bpf_map_alloc_security, selinux_bpf_map_alloc),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7269) LSM_HOOK_INIT(bpf_prog_alloc_security, selinux_bpf_prog_alloc),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7270) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7271) #ifdef CONFIG_PERF_EVENTS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7272) LSM_HOOK_INIT(perf_event_alloc, selinux_perf_event_alloc),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7273) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7274) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7275)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7276) static __init int selinux_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7277) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7278) pr_info("SELinux: Initializing.\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7279)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7280) memset(&selinux_state, 0, sizeof(selinux_state));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7281) enforcing_set(&selinux_state, selinux_enforcing_boot);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7282) checkreqprot_set(&selinux_state, selinux_checkreqprot_boot);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7283) selinux_avc_init(&selinux_state.avc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7284) mutex_init(&selinux_state.status_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7285) mutex_init(&selinux_state.policy_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7286)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7287) /* Set the security state for the initial task. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7288) cred_init_security();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7289)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7290) default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7291)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7292) avc_init();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7293)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7294) avtab_cache_init();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7295)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7296) ebitmap_cache_init();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7297)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7298) hashtab_cache_init();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7299)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7300) security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), "selinux");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7301)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7302) if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7303) panic("SELinux: Unable to register AVC netcache callback\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7304)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7305) if (avc_add_callback(selinux_lsm_notifier_avc_callback, AVC_CALLBACK_RESET))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7306) panic("SELinux: Unable to register AVC LSM notifier callback\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7307)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7308) if (selinux_enforcing_boot)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7309) pr_debug("SELinux: Starting in enforcing mode\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7310) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7311) pr_debug("SELinux: Starting in permissive mode\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7312)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7313) fs_validate_description("selinux", selinux_fs_parameters);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7314)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7315) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7316) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7317)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7318) static void delayed_superblock_init(struct super_block *sb, void *unused)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7319) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7320) selinux_set_mnt_opts(sb, NULL, 0, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7321) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7322)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7323) void selinux_complete_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7324) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7325) pr_debug("SELinux: Completing initialization.\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7326)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7327) /* Set up any superblocks initialized prior to the policy load. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7328) pr_debug("SELinux: Setting up existing superblocks.\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7329) iterate_supers(delayed_superblock_init, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7330) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7331)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7332) /* SELinux requires early initialization in order to label
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7333) all processes and objects when they are created. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7334) DEFINE_LSM(selinux) = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7335) .name = "selinux",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7336) .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7337) .enabled = &selinux_enabled_boot,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7338) .blobs = &selinux_blob_sizes,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7339) .init = selinux_init,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7340) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7341)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7342) #if defined(CONFIG_NETFILTER)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7343)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7344) static const struct nf_hook_ops selinux_nf_ops[] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7345) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7346) .hook = selinux_ipv4_postroute,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7347) .pf = NFPROTO_IPV4,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7348) .hooknum = NF_INET_POST_ROUTING,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7349) .priority = NF_IP_PRI_SELINUX_LAST,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7350) },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7351) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7352) .hook = selinux_ipv4_forward,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7353) .pf = NFPROTO_IPV4,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7354) .hooknum = NF_INET_FORWARD,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7355) .priority = NF_IP_PRI_SELINUX_FIRST,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7356) },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7357) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7358) .hook = selinux_ipv4_output,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7359) .pf = NFPROTO_IPV4,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7360) .hooknum = NF_INET_LOCAL_OUT,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7361) .priority = NF_IP_PRI_SELINUX_FIRST,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7362) },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7363) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7364) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7365) .hook = selinux_ipv6_postroute,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7366) .pf = NFPROTO_IPV6,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7367) .hooknum = NF_INET_POST_ROUTING,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7368) .priority = NF_IP6_PRI_SELINUX_LAST,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7369) },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7370) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7371) .hook = selinux_ipv6_forward,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7372) .pf = NFPROTO_IPV6,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7373) .hooknum = NF_INET_FORWARD,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7374) .priority = NF_IP6_PRI_SELINUX_FIRST,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7375) },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7376) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7377) .hook = selinux_ipv6_output,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7378) .pf = NFPROTO_IPV6,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7379) .hooknum = NF_INET_LOCAL_OUT,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7380) .priority = NF_IP6_PRI_SELINUX_FIRST,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7381) },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7382) #endif /* IPV6 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7383) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7384)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7385) static int __net_init selinux_nf_register(struct net *net)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7386) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7387) return nf_register_net_hooks(net, selinux_nf_ops,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7388) ARRAY_SIZE(selinux_nf_ops));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7389) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7390)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7391) static void __net_exit selinux_nf_unregister(struct net *net)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7392) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7393) nf_unregister_net_hooks(net, selinux_nf_ops,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7394) ARRAY_SIZE(selinux_nf_ops));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7395) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7396)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7397) static struct pernet_operations selinux_net_ops = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7398) .init = selinux_nf_register,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7399) .exit = selinux_nf_unregister,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7400) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7401)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7402) static int __init selinux_nf_ip_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7403) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7404) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7405)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7406) if (!selinux_enabled_boot)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7407) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7408)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7409) pr_debug("SELinux: Registering netfilter hooks\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7410)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7411) err = register_pernet_subsys(&selinux_net_ops);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7412) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7413) panic("SELinux: register_pernet_subsys: error %d\n", err);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7414)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7415) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7416) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7417) __initcall(selinux_nf_ip_init);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7418)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7419) #ifdef CONFIG_SECURITY_SELINUX_DISABLE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7420) static void selinux_nf_ip_exit(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7421) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7422) pr_debug("SELinux: Unregistering netfilter hooks\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7423)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7424) unregister_pernet_subsys(&selinux_net_ops);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7425) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7426) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7427)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7428) #else /* CONFIG_NETFILTER */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7429)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7430) #ifdef CONFIG_SECURITY_SELINUX_DISABLE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7431) #define selinux_nf_ip_exit()
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7432) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7433)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7434) #endif /* CONFIG_NETFILTER */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7435)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7436) #ifdef CONFIG_SECURITY_SELINUX_DISABLE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7437) int selinux_disable(struct selinux_state *state)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7438) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7439) if (selinux_initialized(state)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7440) /* Not permitted after initial policy load. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7441) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7442) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7443)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7444) if (selinux_disabled(state)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7445) /* Only do this once. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7446) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7447) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7448)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7449) selinux_mark_disabled(state);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7450)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7451) pr_info("SELinux: Disabled at runtime.\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7452)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7453) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7454) * Unregister netfilter hooks.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7455) * Must be done before security_delete_hooks() to avoid breaking
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7456) * runtime disable.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7457) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7458) selinux_nf_ip_exit();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7459)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7460) security_delete_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7461)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7462) /* Try to destroy the avc node cache */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7463) avc_disable();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7464)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7465) /* Unregister selinuxfs. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7466) exit_sel_fs();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7467)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7468) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7469) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7470) #endif
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags