X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=security%2Fselinux%2Fhooks.c;h=85a220465a8ffa4d9ccf7225c9f2fd537164afd7;hb=f12c03722045882a50c270f6332cf2c7b16a83d2;hp=d569cde440e65f9c5920971c90954e1a90c882e6;hpb=b0c636b99997c8594da6a46e166ce4fcf6956fda;p=linux-2.6 diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index d569cde440..85a220465a 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4,22 +4,22 @@ * This file contains the SELinux hook function implementations. * * Authors: Stephen Smalley, - * Chris Vance, - * Wayne Salamon, - * James Morris + * Chris Vance, + * Wayne Salamon, + * James Morris * * Copyright (C) 2001,2002 Networks Associates Technology, Inc. * Copyright (C) 2003 Red Hat, Inc., James Morris * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. - * + * * Copyright (C) 2006, 2007 Hewlett-Packard Development Company, L.P. - * Paul Moore + * Paul Moore * Copyright (C) 2007 Hitachi Software Engineering Co., Ltd. - * Yuichi Nakamura + * Yuichi Nakamura * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2, - * as published by the Free Software Foundation. + * as published by the Free Software Foundation. */ #include @@ -80,8 +80,10 @@ #include "objsec.h" #include "netif.h" #include "netnode.h" +#include "netport.h" #include "xfrm.h" #include "netlabel.h" +#include "audit.h" #define XATTR_SELINUX_SUFFIX "selinux" #define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX @@ -97,11 +99,11 @@ extern struct security_operations *security_ops; atomic_t selinux_secmark_refcount = ATOMIC_INIT(0); #ifdef CONFIG_SECURITY_SELINUX_DEVELOP -int selinux_enforcing = 0; +int selinux_enforcing; static int __init enforcing_setup(char *str) { - selinux_enforcing = simple_strtol(str,NULL,0); + selinux_enforcing = simple_strtol(str, NULL, 0); return 1; } __setup("enforcing=", enforcing_setup); @@ -121,13 +123,13 @@ int selinux_enabled = 1; #endif /* Original (dummy) security module. */ -static struct security_operations *original_ops = NULL; +static struct security_operations *original_ops; /* Minimal support for a secondary security module, just to allow the use of the dummy or capability modules. The owlsm module can alternatively be used as a secondary module as long as CONFIG_OWLSM_FD is not enabled. */ -static struct security_operations *secondary_ops = NULL; +static struct security_operations *secondary_ops; /* Lists of inode and superblock security structures initialized before the policy was loaded. */ @@ -161,7 +163,7 @@ static int task_alloc_security(struct task_struct *task) if (!tsec) return -ENOMEM; - tsec->osid = tsec->sid = tsec->ptrace_sid = SECINITSID_UNLABELED; + tsec->osid = tsec->sid = SECINITSID_UNLABELED; task->security = tsec; return 0; @@ -321,10 +323,10 @@ enum { }; static match_table_t tokens = { - {Opt_context, "context=%s"}, - {Opt_fscontext, "fscontext=%s"}, - {Opt_defcontext, "defcontext=%s"}, - {Opt_rootcontext, "rootcontext=%s"}, + {Opt_context, CONTEXT_STR "%s"}, + {Opt_fscontext, FSCONTEXT_STR "%s"}, + {Opt_defcontext, DEFCONTEXT_STR "%s"}, + {Opt_rootcontext, ROOTCONTEXT_STR "%s"}, {Opt_error, NULL}, }; @@ -573,8 +575,8 @@ static int selinux_set_mnt_opts(struct super_block *sb, goto out; } rc = -EINVAL; - printk(KERN_WARNING "Unable to set superblock options before " - "the security server is initialized\n"); + printk(KERN_WARNING "SELinux: Unable to set superblock options " + "before the security server is initialized\n"); goto out; } @@ -668,7 +670,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, rc = security_fs_use(sb->s_type->name, &sbsec->behavior, &sbsec->sid); if (rc) { printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n", - __FUNCTION__, sb->s_type->name, rc); + __func__, sb->s_type->name, rc); goto out; } @@ -753,9 +755,18 @@ static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb, int set_context = (oldsbsec->flags & CONTEXT_MNT); int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT); - /* we can't error, we can't save the info, this shouldn't get called - * this early in the boot process. */ - BUG_ON(!ss_initialized); + /* + * if the parent was able to be mounted it clearly had no special lsm + * mount options. thus we can safely put this sb on the list and deal + * with it later + */ + if (!ss_initialized) { + spin_lock(&sb_security_lock); + if (list_empty(&newsbsec->list)) + list_add(&newsbsec->list, &superblock_security_head); + spin_unlock(&sb_security_lock); + return; + } /* how can we clone if the old one wasn't set up?? */ BUG_ON(!oldsbsec->initialized); @@ -1052,7 +1063,7 @@ static int selinux_proc_get_sid(struct proc_dir_entry *de, int buflen, rc; char *buffer, *path, *end; - buffer = (char*)__get_free_page(GFP_KERNEL); + buffer = (char *)__get_free_page(GFP_KERNEL); if (!buffer) return -ENOMEM; @@ -1133,8 +1144,8 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent dentry = d_find_alias(inode); } if (!dentry) { - printk(KERN_WARNING "%s: no dentry for dev=%s " - "ino=%ld\n", __FUNCTION__, inode->i_sb->s_id, + printk(KERN_WARNING "SELinux: %s: no dentry for dev=%s " + "ino=%ld\n", __func__, inode->i_sb->s_id, inode->i_ino); goto out_unlock; } @@ -1171,8 +1182,8 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent dput(dentry); if (rc < 0) { if (rc != -ENODATA) { - printk(KERN_WARNING "%s: getxattr returned " - "%d for dev=%s ino=%ld\n", __FUNCTION__, + printk(KERN_WARNING "SELinux: %s: getxattr returned " + "%d for dev=%s ino=%ld\n", __func__, -rc, inode->i_sb->s_id, inode->i_ino); kfree(context); goto out_unlock; @@ -1185,9 +1196,9 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent sbsec->def_sid, GFP_NOFS); if (rc) { - printk(KERN_WARNING "%s: context_to_sid(%s) " + printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) " "returned %d for dev=%s ino=%ld\n", - __FUNCTION__, context, -rc, + __func__, context, -rc, inode->i_sb->s_id, inode->i_ino); kfree(context); /* Leave with the unlabeled SID */ @@ -1303,7 +1314,7 @@ static int task_has_capability(struct task_struct *tsk, tsec = tsk->security; - AVC_AUDIT_DATA_INIT(&ad,CAP); + AVC_AUDIT_DATA_INIT(&ad, CAP); ad.tsk = tsk; ad.u.cap = cap; @@ -1346,7 +1357,7 @@ static int inode_has_perm(struct task_struct *tsk, struct inode_security_struct *isec; struct avc_audit_data ad; - if (unlikely (IS_PRIVATE (inode))) + if (unlikely(IS_PRIVATE(inode))) return 0; tsec = tsk->security; @@ -1371,7 +1382,7 @@ static inline int dentry_has_perm(struct task_struct *tsk, { struct inode *inode = dentry->d_inode; struct avc_audit_data ad; - AVC_AUDIT_DATA_INIT(&ad,FS); + AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.path.mnt = mnt; ad.u.fs.path.dentry = dentry; return inode_has_perm(tsk, inode, av, &ad); @@ -1468,9 +1479,9 @@ static int may_create_key(u32 ksid, return avc_has_perm(tsec->sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL); } -#define MAY_LINK 0 -#define MAY_UNLINK 1 -#define MAY_RMDIR 2 +#define MAY_LINK 0 +#define MAY_UNLINK 1 +#define MAY_RMDIR 2 /* Check whether a task can link, unlink, or rmdir a file/directory. */ static int may_link(struct inode *dir, @@ -1508,7 +1519,8 @@ static int may_link(struct inode *dir, av = DIR__RMDIR; break; default: - printk(KERN_WARNING "may_link: unrecognized kind %d\n", kind); + printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n", + __func__, kind); return 0; } @@ -1638,8 +1650,8 @@ static inline u32 open_file_mask_to_av(int mode, int mask) else if (S_ISDIR(mode)) av |= DIR__OPEN; else - printk(KERN_ERR "SELinux: WARNING: inside open_file_to_av " - "with unknown mode:%x\n", mode); + printk(KERN_ERR "SELinux: WARNING: inside %s with " + "unknown mode:%x\n", __func__, mode); } return av; } @@ -1671,23 +1683,17 @@ static inline u32 file_to_av(struct file *file) static int selinux_ptrace(struct task_struct *parent, struct task_struct *child) { - struct task_security_struct *psec = parent->security; - struct task_security_struct *csec = child->security; int rc; - rc = secondary_ops->ptrace(parent,child); + rc = secondary_ops->ptrace(parent, child); if (rc) return rc; - rc = task_has_perm(parent, child, PROCESS__PTRACE); - /* Save the SID of the tracing process for later use in apply_creds. */ - if (!(child->ptrace & PT_PTRACED) && !rc) - csec->ptrace_sid = psec->sid; - return rc; + return task_has_perm(parent, child, PROCESS__PTRACE); } static int selinux_capget(struct task_struct *target, kernel_cap_t *effective, - kernel_cap_t *inheritable, kernel_cap_t *permitted) + kernel_cap_t *inheritable, kernel_cap_t *permitted) { int error; @@ -1699,7 +1705,7 @@ static int selinux_capget(struct task_struct *target, kernel_cap_t *effective, } static int selinux_capset_check(struct task_struct *target, kernel_cap_t *effective, - kernel_cap_t *inheritable, kernel_cap_t *permitted) + kernel_cap_t *inheritable, kernel_cap_t *permitted) { int error; @@ -1711,7 +1717,7 @@ static int selinux_capset_check(struct task_struct *target, kernel_cap_t *effect } static void selinux_capset_set(struct task_struct *target, kernel_cap_t *effective, - kernel_cap_t *inheritable, kernel_cap_t *permitted) + kernel_cap_t *inheritable, kernel_cap_t *permitted) { secondary_ops->capset_set(target, effective, inheritable, permitted); } @@ -1724,7 +1730,7 @@ static int selinux_capable(struct task_struct *tsk, int cap) if (rc) return rc; - return task_has_capability(tsk,cap); + return task_has_capability(tsk, cap); } static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid) @@ -1733,7 +1739,7 @@ static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid) char *buffer, *path, *end; rc = -ENOMEM; - buffer = (char*)__get_free_page(GFP_KERNEL); + buffer = (char *)__get_free_page(GFP_KERNEL); if (!buffer) goto out; @@ -1791,7 +1797,7 @@ static int selinux_sysctl(ctl_table *table, int op) /* The op values are "defined" in sysctl.c, thereby creating * a bad coupling between this module and sysctl.c */ - if(op == 001) { + if (op == 001) { error = avc_has_perm(tsec->sid, tsid, SECCLASS_DIR, DIR__SEARCH, NULL); } else { @@ -1803,7 +1809,7 @@ static int selinux_sysctl(ctl_table *table, int op) if (av) error = avc_has_perm(tsec->sid, tsid, SECCLASS_FILE, av, NULL); - } + } return error; } @@ -1816,25 +1822,23 @@ static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb) return 0; switch (cmds) { - case Q_SYNC: - case Q_QUOTAON: - case Q_QUOTAOFF: - case Q_SETINFO: - case Q_SETQUOTA: - rc = superblock_has_perm(current, - sb, - FILESYSTEM__QUOTAMOD, NULL); - break; - case Q_GETFMT: - case Q_GETINFO: - case Q_GETQUOTA: - rc = superblock_has_perm(current, - sb, - FILESYSTEM__QUOTAGET, NULL); - break; - default: - rc = 0; /* let the kernel handle invalid cmds */ - break; + case Q_SYNC: + case Q_QUOTAON: + case Q_QUOTAOFF: + case Q_SETINFO: + case Q_SETQUOTA: + rc = superblock_has_perm(current, sb, FILESYSTEM__QUOTAMOD, + NULL); + break; + case Q_GETFMT: + case Q_GETINFO: + case Q_GETQUOTA: + rc = superblock_has_perm(current, sb, FILESYSTEM__QUOTAGET, + NULL); + break; + default: + rc = 0; /* let the kernel handle invalid cmds */ + break; } return rc; } @@ -1853,23 +1857,23 @@ static int selinux_syslog(int type) return rc; switch (type) { - case 3: /* Read last kernel messages */ - case 10: /* Return size of the log buffer */ - rc = task_has_system(current, SYSTEM__SYSLOG_READ); - break; - case 6: /* Disable logging to console */ - case 7: /* Enable logging to console */ - case 8: /* Set level of messages printed to console */ - rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE); - break; - case 0: /* Close log */ - case 1: /* Open log */ - case 2: /* Read from log */ - case 4: /* Read/clear last kernel messages */ - case 5: /* Clear ring buffer */ - default: - rc = task_has_system(current, SYSTEM__SYSLOG_MOD); - break; + case 3: /* Read last kernel messages */ + case 10: /* Return size of the log buffer */ + rc = task_has_system(current, SYSTEM__SYSLOG_READ); + break; + case 6: /* Disable logging to console */ + case 7: /* Enable logging to console */ + case 8: /* Set level of messages printed to console */ + rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE); + break; + case 0: /* Close log */ + case 1: /* Open log */ + case 2: /* Read from log */ + case 4: /* Read/clear last kernel messages */ + case 5: /* Clear ring buffer */ + default: + rc = task_has_system(current, SYSTEM__SYSLOG_MOD); + break; } return rc; } @@ -1905,6 +1909,22 @@ static int selinux_vm_enough_memory(struct mm_struct *mm, long pages) return __vm_enough_memory(mm, pages, cap_sys_admin); } +/** + * task_tracer_task - return the task that is tracing the given task + * @task: task to consider + * + * Returns NULL if noone is tracing @task, or the &struct task_struct + * pointer to its tracer. + * + * Must be called under rcu_read_lock(). + */ +static struct task_struct *task_tracer_task(struct task_struct *task) +{ + if (task->ptrace & PT_PTRACED) + return rcu_dereference(task->parent); + return NULL; +} + /* binprm security operations */ static int selinux_bprm_alloc_security(struct linux_binprm *bprm) @@ -1959,7 +1979,7 @@ static int selinux_bprm_set_security(struct linux_binprm *bprm) } else { /* Check for a default transition on this program. */ rc = security_transition_sid(tsec->sid, isec->sid, - SECCLASS_PROCESS, &newsid); + SECCLASS_PROCESS, &newsid); if (rc) return rc; } @@ -1970,7 +1990,7 @@ static int selinux_bprm_set_security(struct linux_binprm *bprm) if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) newsid = tsec->sid; - if (tsec->sid == newsid) { + if (tsec->sid == newsid) { rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad); if (rc) @@ -1998,13 +2018,13 @@ static int selinux_bprm_set_security(struct linux_binprm *bprm) return 0; } -static int selinux_bprm_check_security (struct linux_binprm *bprm) +static int selinux_bprm_check_security(struct linux_binprm *bprm) { return secondary_ops->bprm_check_security(bprm); } -static int selinux_bprm_secureexec (struct linux_binprm *bprm) +static int selinux_bprm_secureexec(struct linux_binprm *bprm) { struct task_security_struct *tsec = current->security; int atsecure = 0; @@ -2031,7 +2051,7 @@ extern struct vfsmount *selinuxfs_mount; extern struct dentry *selinux_null; /* Derived from fs/exec.c:flush_old_files. */ -static inline void flush_unauthorized_files(struct files_struct * files) +static inline void flush_unauthorized_files(struct files_struct *files) { struct avc_audit_data ad; struct file *file, *devnull = NULL; @@ -2066,7 +2086,7 @@ static inline void flush_unauthorized_files(struct files_struct * files) /* Revalidate access to inherited open files. */ - AVC_AUDIT_DATA_INIT(&ad,FS); + AVC_AUDIT_DATA_INIT(&ad, FS); spin_lock(&files->file_lock); for (;;) { @@ -2082,7 +2102,7 @@ static inline void flush_unauthorized_files(struct files_struct * files) if (!set) continue; spin_unlock(&files->file_lock); - for ( ; set ; i++,set >>= 1) { + for ( ; set ; i++, set >>= 1) { if (set & 1) { file = fget(i); if (!file) @@ -2151,12 +2171,25 @@ static void selinux_bprm_apply_creds(struct linux_binprm *bprm, int unsafe) /* Check for ptracing, and update the task SID if ok. Otherwise, leave SID unchanged and kill. */ if (unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) { - rc = avc_has_perm(tsec->ptrace_sid, sid, - SECCLASS_PROCESS, PROCESS__PTRACE, - NULL); - if (rc) { - bsec->unsafe = 1; - return; + struct task_struct *tracer; + struct task_security_struct *sec; + u32 ptsid = 0; + + rcu_read_lock(); + tracer = task_tracer_task(current); + if (likely(tracer != NULL)) { + sec = tracer->security; + ptsid = sec->sid; + } + rcu_read_unlock(); + + if (ptsid != 0) { + rc = avc_has_perm(ptsid, sid, SECCLASS_PROCESS, + PROCESS__PTRACE, NULL); + if (rc) { + bsec->unsafe = 1; + return; + } } } tsec->sid = sid; @@ -2226,7 +2259,7 @@ static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm) for (i = 0; i < RLIM_NLIMITS; i++) { rlim = current->signal->rlim + i; initrlim = init_task.signal->rlim+i; - rlim->rlim_cur = min(rlim->rlim_max,initrlim->rlim_cur); + rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); } if (current->signal->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) { /* @@ -2264,10 +2297,10 @@ static inline int match_prefix(char *prefix, int plen, char *option, int olen) static inline int selinux_option(char *option, int len) { - return (match_prefix("context=", sizeof("context=")-1, option, len) || - match_prefix("fscontext=", sizeof("fscontext=")-1, option, len) || - match_prefix("defcontext=", sizeof("defcontext=")-1, option, len) || - match_prefix("rootcontext=", sizeof("rootcontext=")-1, option, len)); + return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) || + match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) || + match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) || + match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len)); } static inline void take_option(char **to, char *from, int *first, int len) @@ -2281,16 +2314,15 @@ static inline void take_option(char **to, char *from, int *first, int len) *to += len; } -static inline void take_selinux_option(char **to, char *from, int *first, - int len) +static inline void take_selinux_option(char **to, char *from, int *first, + int len) { int current_size = 0; if (!*first) { **to = '|'; *to += 1; - } - else + } else *first = 0; while (current_size < len) { @@ -2354,7 +2386,7 @@ static int selinux_sb_kern_mount(struct super_block *sb, void *data) if (rc) return rc; - AVC_AUDIT_DATA_INIT(&ad,FS); + AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.path.dentry = sb->s_root; return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad); } @@ -2363,29 +2395,29 @@ static int selinux_sb_statfs(struct dentry *dentry) { struct avc_audit_data ad; - AVC_AUDIT_DATA_INIT(&ad,FS); + AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.path.dentry = dentry->d_sb->s_root; return superblock_has_perm(current, dentry->d_sb, FILESYSTEM__GETATTR, &ad); } -static int selinux_mount(char * dev_name, - struct nameidata *nd, - char * type, - unsigned long flags, - void * data) +static int selinux_mount(char *dev_name, + struct path *path, + char *type, + unsigned long flags, + void *data) { int rc; - rc = secondary_ops->sb_mount(dev_name, nd, type, flags, data); + rc = secondary_ops->sb_mount(dev_name, path, type, flags, data); if (rc) return rc; if (flags & MS_REMOUNT) - return superblock_has_perm(current, nd->path.mnt->mnt_sb, - FILESYSTEM__REMOUNT, NULL); + return superblock_has_perm(current, path->mnt->mnt_sb, + FILESYSTEM__REMOUNT, NULL); else - return dentry_has_perm(current, nd->path.mnt, nd->path.dentry, - FILE__MOUNTON); + return dentry_has_perm(current, path->mnt, path->dentry, + FILE__MOUNTON); } static int selinux_umount(struct vfsmount *mnt, int flags) @@ -2396,8 +2428,8 @@ static int selinux_umount(struct vfsmount *mnt, int flags) if (rc) return rc; - return superblock_has_perm(current,mnt->mnt_sb, - FILESYSTEM__UNMOUNT,NULL); + return superblock_has_perm(current, mnt->mnt_sb, + FILESYSTEM__UNMOUNT, NULL); } /* inode security operations */ @@ -2437,7 +2469,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, printk(KERN_WARNING "%s: " "security_transition_sid failed, rc=%d (dev=%s " "ino=%ld)\n", - __FUNCTION__, + __func__, -rc, inode->i_sb->s_id, inode->i_ino); return rc; } @@ -2483,7 +2515,7 @@ static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, stru { int rc; - rc = secondary_ops->inode_link(old_dentry,dir,new_dentry); + rc = secondary_ops->inode_link(old_dentry, dir, new_dentry); if (rc) return rc; return may_link(dir, old_dentry, MAY_LINK); @@ -2526,7 +2558,7 @@ static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mod } static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry, - struct inode *new_inode, struct dentry *new_dentry) + struct inode *new_inode, struct dentry *new_dentry) { return may_rename(old_inode, old_dentry, new_inode, new_dentry); } @@ -2540,7 +2572,7 @@ static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *na { int rc; - rc = secondary_ops->inode_follow_link(dentry,nameidata); + rc = secondary_ops->inode_follow_link(dentry, nameidata); if (rc) return rc; return dentry_has_perm(current, NULL, dentry, FILE__READ); @@ -2587,7 +2619,7 @@ static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) return dentry_has_perm(current, mnt, dentry, FILE__GETATTR); } -static int selinux_inode_setotherxattr(struct dentry *dentry, char *name) +static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name) { if (!strncmp(name, XATTR_SECURITY_PREFIX, sizeof XATTR_SECURITY_PREFIX - 1)) { @@ -2606,7 +2638,8 @@ static int selinux_inode_setotherxattr(struct dentry *dentry, char *name) return dentry_has_perm(current, NULL, dentry, FILE__SETATTR); } -static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags) +static int selinux_inode_setxattr(struct dentry *dentry, const char *name, + const void *value, size_t size, int flags) { struct task_security_struct *tsec = current->security; struct inode *inode = dentry->d_inode; @@ -2626,7 +2659,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value if (!is_owner_or_cap(inode)) return -EPERM; - AVC_AUDIT_DATA_INIT(&ad,FS); + AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.path.dentry = dentry; rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass, @@ -2644,7 +2677,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value return rc; rc = security_validate_transition(isec->sid, newsid, tsec->sid, - isec->sclass); + isec->sclass); if (rc) return rc; @@ -2655,8 +2688,9 @@ static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value &ad); } -static void selinux_inode_post_setxattr(struct dentry *dentry, char *name, - void *value, size_t size, int flags) +static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name, + const void *value, size_t size, + int flags) { struct inode *inode = dentry->d_inode; struct inode_security_struct *isec = inode->i_security; @@ -2671,7 +2705,7 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, char *name, rc = security_context_to_sid(value, size, &newsid); if (rc) { printk(KERN_WARNING "%s: unable to obtain SID for context " - "%s, rc=%d\n", __FUNCTION__, (char*)value, -rc); + "%s, rc=%d\n", __func__, (char *)value, -rc); return; } @@ -2679,17 +2713,17 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, char *name, return; } -static int selinux_inode_getxattr (struct dentry *dentry, char *name) +static int selinux_inode_getxattr(struct dentry *dentry, const char *name) { return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); } -static int selinux_inode_listxattr (struct dentry *dentry) +static int selinux_inode_listxattr(struct dentry *dentry) { return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); } -static int selinux_inode_removexattr (struct dentry *dentry, char *name) +static int selinux_inode_removexattr(struct dentry *dentry, const char *name) { if (strcmp(name, XATTR_NAME_SELINUX)) return selinux_inode_setotherxattr(dentry, name); @@ -2730,7 +2764,7 @@ out_nofree: } static int selinux_inode_setsecurity(struct inode *inode, const char *name, - const void *value, size_t size, int flags) + const void *value, size_t size, int flags) { struct inode_security_struct *isec = inode->i_security; u32 newsid; @@ -2742,7 +2776,7 @@ static int selinux_inode_setsecurity(struct inode *inode, const char *name, if (!value || !size) return -EACCES; - rc = security_context_to_sid((void*)value, size, &newsid); + rc = security_context_to_sid((void *)value, size, &newsid); if (rc) return rc; @@ -2768,6 +2802,12 @@ static int selinux_inode_killpriv(struct dentry *dentry) return secondary_ops->inode_killpriv(dentry); } +static void selinux_inode_getsecid(const struct inode *inode, u32 *secid) +{ + struct inode_security_struct *isec = inode->i_security; + *secid = isec->sid; +} + /* file security operations */ static int selinux_revalidate_file_permission(struct file *file, int mask) @@ -2827,42 +2867,41 @@ static int selinux_file_ioctl(struct file *file, unsigned int cmd, int error = 0; switch (cmd) { - case FIONREAD: - /* fall through */ - case FIBMAP: - /* fall through */ - case FIGETBSZ: - /* fall through */ - case EXT2_IOC_GETFLAGS: - /* fall through */ - case EXT2_IOC_GETVERSION: - error = file_has_perm(current, file, FILE__GETATTR); - break; - - case EXT2_IOC_SETFLAGS: - /* fall through */ - case EXT2_IOC_SETVERSION: - error = file_has_perm(current, file, FILE__SETATTR); - break; + case FIONREAD: + /* fall through */ + case FIBMAP: + /* fall through */ + case FIGETBSZ: + /* fall through */ + case EXT2_IOC_GETFLAGS: + /* fall through */ + case EXT2_IOC_GETVERSION: + error = file_has_perm(current, file, FILE__GETATTR); + break; - /* sys_ioctl() checks */ - case FIONBIO: - /* fall through */ - case FIOASYNC: - error = file_has_perm(current, file, 0); - break; + case EXT2_IOC_SETFLAGS: + /* fall through */ + case EXT2_IOC_SETVERSION: + error = file_has_perm(current, file, FILE__SETATTR); + break; - case KDSKBENT: - case KDSKBSENT: - error = task_has_capability(current,CAP_SYS_TTY_CONFIG); - break; + /* sys_ioctl() checks */ + case FIONBIO: + /* fall through */ + case FIOASYNC: + error = file_has_perm(current, file, 0); + break; - /* default case assumes that the command will go - * to the file's ioctl() function. - */ - default: - error = file_has_perm(current, file, FILE__IOCTL); + case KDSKBENT: + case KDSKBSENT: + error = task_has_capability(current, CAP_SYS_TTY_CONFIG); + break; + /* default case assumes that the command will go + * to the file's ioctl() function. + */ + default: + error = file_has_perm(current, file, FILE__IOCTL); } return error; } @@ -2903,7 +2942,7 @@ static int selinux_file_mmap(struct file *file, unsigned long reqprot, unsigned long addr, unsigned long addr_only) { int rc = 0; - u32 sid = ((struct task_security_struct*)(current->security))->sid; + u32 sid = ((struct task_security_struct *)(current->security))->sid; if (addr < mmap_min_addr) rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT, @@ -2972,39 +3011,39 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd, int err = 0; switch (cmd) { - case F_SETFL: - if (!file->f_path.dentry || !file->f_path.dentry->d_inode) { - err = -EINVAL; - break; - } + case F_SETFL: + if (!file->f_path.dentry || !file->f_path.dentry->d_inode) { + err = -EINVAL; + break; + } - if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) { - err = file_has_perm(current, file,FILE__WRITE); - break; - } - /* fall through */ - case F_SETOWN: - case F_SETSIG: - case F_GETFL: - case F_GETOWN: - case F_GETSIG: - /* Just check FD__USE permission */ - err = file_has_perm(current, file, 0); + if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) { + err = file_has_perm(current, file, FILE__WRITE); break; - case F_GETLK: - case F_SETLK: - case F_SETLKW: + } + /* fall through */ + case F_SETOWN: + case F_SETSIG: + case F_GETFL: + case F_GETOWN: + case F_GETSIG: + /* Just check FD__USE permission */ + err = file_has_perm(current, file, 0); + break; + case F_GETLK: + case F_SETLK: + case F_SETLKW: #if BITS_PER_LONG == 32 - case F_GETLK64: - case F_SETLK64: - case F_SETLKW64: + case F_GETLK64: + case F_SETLK64: + case F_SETLKW64: #endif - if (!file->f_path.dentry || !file->f_path.dentry->d_inode) { - err = -EINVAL; - break; - } - err = file_has_perm(current, file, FILE__LOCK); + if (!file->f_path.dentry || !file->f_path.dentry->d_inode) { + err = -EINVAL; break; + } + err = file_has_perm(current, file, FILE__LOCK); + break; } return err; @@ -3025,13 +3064,13 @@ static int selinux_file_set_fowner(struct file *file) static int selinux_file_send_sigiotask(struct task_struct *tsk, struct fown_struct *fown, int signum) { - struct file *file; + struct file *file; u32 perm; struct task_security_struct *tsec; struct file_security_struct *fsec; /* struct fown_struct is never outside the context of a struct file */ - file = container_of(fown, struct file, f_owner); + file = container_of(fown, struct file, f_owner); tsec = tsk->security; fsec = file->f_security; @@ -3112,11 +3151,6 @@ static int selinux_task_alloc_security(struct task_struct *tsk) tsec2->keycreate_sid = tsec1->keycreate_sid; tsec2->sockcreate_sid = tsec1->sockcreate_sid; - /* Retain ptracer SID across fork, if any. - This will be reset by the ptrace hook upon any - subsequent ptrace_attach operations. */ - tsec2->ptrace_sid = tsec1->ptrace_sid; - return 0; } @@ -3138,7 +3172,7 @@ static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) static int selinux_task_post_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) { - return secondary_ops->task_post_setuid(id0,id1,id2,flags); + return secondary_ops->task_post_setuid(id0, id1, id2, flags); } static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) @@ -3164,7 +3198,8 @@ static int selinux_task_getsid(struct task_struct *p) static void selinux_task_getsecid(struct task_struct *p, u32 *secid) { - selinux_get_task_sid(p, secid); + struct task_security_struct *tsec = p->security; + *secid = tsec->sid; } static int selinux_task_setgroups(struct group_info *group_info) @@ -3181,7 +3216,7 @@ static int selinux_task_setnice(struct task_struct *p, int nice) if (rc) return rc; - return task_has_perm(current,p, PROCESS__SETSCHED); + return task_has_perm(current, p, PROCESS__SETSCHED); } static int selinux_task_setioprio(struct task_struct *p, int ioprio) @@ -3270,12 +3305,13 @@ static int selinux_task_prctl(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, - unsigned long arg5) + unsigned long arg5, + long *rc_p) { /* The current prctl operations do not appear to require any SELinux controls since they merely observe or modify the state of the current process. */ - return 0; + return secondary_ops->task_prctl(option, arg2, arg3, arg4, arg5, rc_p); } static int selinux_task_wait(struct task_struct *p) @@ -3285,7 +3321,7 @@ static int selinux_task_wait(struct task_struct *p) static void selinux_task_reparent_to_init(struct task_struct *p) { - struct task_security_struct *tsec; + struct task_security_struct *tsec; secondary_ops->task_reparent_to_init(p); @@ -3330,11 +3366,11 @@ static int selinux_parse_skb_ipv4(struct sk_buff *skb, *proto = ih->protocol; switch (ih->protocol) { - case IPPROTO_TCP: { - struct tcphdr _tcph, *th; + case IPPROTO_TCP: { + struct tcphdr _tcph, *th; - if (ntohs(ih->frag_off) & IP_OFFSET) - break; + if (ntohs(ih->frag_off) & IP_OFFSET) + break; offset += ihlen; th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); @@ -3344,23 +3380,23 @@ static int selinux_parse_skb_ipv4(struct sk_buff *skb, ad->u.net.sport = th->source; ad->u.net.dport = th->dest; break; - } - - case IPPROTO_UDP: { - struct udphdr _udph, *uh; - - if (ntohs(ih->frag_off) & IP_OFFSET) - break; - + } + + case IPPROTO_UDP: { + struct udphdr _udph, *uh; + + if (ntohs(ih->frag_off) & IP_OFFSET) + break; + offset += ihlen; - uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); + uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); if (uh == NULL) - break; + break; - ad->u.net.sport = uh->source; - ad->u.net.dport = uh->dest; - break; - } + ad->u.net.sport = uh->source; + ad->u.net.dport = uh->dest; + break; + } case IPPROTO_DCCP: { struct dccp_hdr _dccph, *dh; @@ -3376,11 +3412,11 @@ static int selinux_parse_skb_ipv4(struct sk_buff *skb, ad->u.net.sport = dh->dccph_sport; ad->u.net.dport = dh->dccph_dport; break; - } + } - default: - break; - } + default: + break; + } out: return ret; } @@ -3415,7 +3451,7 @@ static int selinux_parse_skb_ipv6(struct sk_buff *skb, switch (nexthdr) { case IPPROTO_TCP: { - struct tcphdr _tcph, *th; + struct tcphdr _tcph, *th; th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph); if (th == NULL) @@ -3448,7 +3484,7 @@ static int selinux_parse_skb_ipv6(struct sk_buff *skb, ad->u.net.sport = dh->dccph_sport; ad->u.net.dport = dh->dccph_dport; break; - } + } /* includes fragments */ default: @@ -3546,7 +3582,7 @@ static int socket_has_perm(struct task_struct *task, struct socket *sock, if (isec->sid == SECINITSID_KERNEL) goto out; - AVC_AUDIT_DATA_INIT(&ad,NET); + AVC_AUDIT_DATA_INIT(&ad, NET); ad.u.net.sk = sock->sk; err = avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad); @@ -3652,13 +3688,11 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in inet_get_local_port_range(&low, &high); if (snum < max(PROT_SOCK, low) || snum > high) { - err = security_port_sid(sk->sk_family, - sk->sk_type, - sk->sk_protocol, snum, - &sid); + err = sel_netport_sid(sk->sk_protocol, + snum, &sid); if (err) goto out; - AVC_AUDIT_DATA_INIT(&ad,NET); + AVC_AUDIT_DATA_INIT(&ad, NET); ad.u.net.sport = htons(snum); ad.u.net.family = family; err = avc_has_perm(isec->sid, sid, @@ -3668,12 +3702,12 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in goto out; } } - - switch(isec->sclass) { + + switch (isec->sclass) { case SECCLASS_TCP_SOCKET: node_perm = TCP_SOCKET__NODE_BIND; break; - + case SECCLASS_UDP_SOCKET: node_perm = UDP_SOCKET__NODE_BIND; break; @@ -3686,12 +3720,12 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in node_perm = RAWIP_SOCKET__NODE_BIND; break; } - + err = sel_netnode_sid(addrp, family, &sid); if (err) goto out; - - AVC_AUDIT_DATA_INIT(&ad,NET); + + AVC_AUDIT_DATA_INIT(&ad, NET); ad.u.net.sport = htons(snum); ad.u.net.family = family; @@ -3701,7 +3735,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in ipv6_addr_copy(&ad.u.net.v6info.saddr, &addr6->sin6_addr); err = avc_has_perm(isec->sid, sid, - isec->sclass, node_perm, &ad); + isec->sclass, node_perm, &ad); if (err) goto out; } @@ -3743,15 +3777,14 @@ static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, snum = ntohs(addr6->sin6_port); } - err = security_port_sid(sk->sk_family, sk->sk_type, - sk->sk_protocol, snum, &sid); + err = sel_netport_sid(sk->sk_protocol, snum, &sid); if (err) goto out; perm = (isec->sclass == SECCLASS_TCP_SOCKET) ? TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT; - AVC_AUDIT_DATA_INIT(&ad,NET); + AVC_AUDIT_DATA_INIT(&ad, NET); ad.u.net.dport = htons(snum); ad.u.net.family = sk->sk_family; err = avc_has_perm(isec->sid, sid, isec->sclass, perm, &ad); @@ -3789,7 +3822,7 @@ static int selinux_socket_accept(struct socket *sock, struct socket *newsock) } static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg, - int size) + int size) { int rc; @@ -3816,7 +3849,7 @@ static int selinux_socket_getpeername(struct socket *sock) return socket_has_perm(current, sock, SOCKET__GETATTR); } -static int selinux_socket_setsockopt(struct socket *sock,int level,int optname) +static int selinux_socket_setsockopt(struct socket *sock, int level, int optname) { int err; @@ -3855,7 +3888,7 @@ static int selinux_socket_unix_stream_connect(struct socket *sock, isec = SOCK_INODE(sock)->i_security; other_isec = SOCK_INODE(other)->i_security; - AVC_AUDIT_DATA_INIT(&ad,NET); + AVC_AUDIT_DATA_INIT(&ad, NET); ad.u.net.sk = other->sk; err = avc_has_perm(isec->sid, other_isec->sid, @@ -3867,7 +3900,7 @@ static int selinux_socket_unix_stream_connect(struct socket *sock, /* connecting socket */ ssec = sock->sk->sk_security; ssec->peer_sid = other_isec->sid; - + /* server child socket */ ssec = newsk->sk_security; ssec->peer_sid = isec->sid; @@ -3887,7 +3920,7 @@ static int selinux_socket_unix_may_send(struct socket *sock, isec = SOCK_INODE(sock)->i_security; other_isec = SOCK_INODE(other)->i_security; - AVC_AUDIT_DATA_INIT(&ad,NET); + AVC_AUDIT_DATA_INIT(&ad, NET); ad.u.net.sk = other->sk; err = avc_has_perm(isec->sid, other_isec->sid, @@ -3965,7 +3998,7 @@ static int selinux_sock_rcv_skb_iptables_compat(struct sock *sk, err = avc_has_perm(sk_sid, if_sid, SECCLASS_NETIF, netif_perm, ad); if (err) return err; - + err = sel_netnode_sid(addrp, family, &node_sid); if (err) return err; @@ -3975,9 +4008,8 @@ static int selinux_sock_rcv_skb_iptables_compat(struct sock *sk, if (!recv_perm) return 0; - err = security_port_sid(sk->sk_family, sk->sk_type, - sk->sk_protocol, ntohs(ad->u.net.sport), - &port_sid); + err = sel_netport_sid(sk->sk_protocol, + ntohs(ad->u.net.sport), &port_sid); if (unlikely(err)) { printk(KERN_WARNING "SELinux: failure in" @@ -4117,7 +4149,7 @@ out_len: err = -EFAULT; kfree(scontext); -out: +out: return err; } @@ -4134,7 +4166,7 @@ static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff * goto out; if (sock && family == PF_UNIX) - selinux_get_inode_sid(SOCK_INODE(sock), &peer_secid); + selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid); else if (skb) selinux_skb_peerlbl_sid(skb, family, &peer_secid); @@ -4178,7 +4210,7 @@ static void selinux_sk_getsecid(struct sock *sk, u32 *secid) } } -static void selinux_sock_graft(struct sock* sk, struct socket *parent) +static void selinux_sock_graft(struct sock *sk, struct socket *parent) { struct inode_security_struct *isec = SOCK_INODE(parent)->i_security; struct sk_security_struct *sksec = sk->sk_security; @@ -4255,13 +4287,13 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) struct nlmsghdr *nlh; struct socket *sock = sk->sk_socket; struct inode_security_struct *isec = SOCK_INODE(sock)->i_security; - + if (skb->len < NLMSG_SPACE(0)) { err = -EINVAL; goto out; } nlh = nlmsg_hdr(skb); - + err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm); if (err) { if (err == -EINVAL) { @@ -4387,7 +4419,7 @@ static int selinux_ip_postroute_iptables_compat(struct sock *sk, return err; err = avc_has_perm(sk_sid, if_sid, SECCLASS_NETIF, netif_perm, ad); return err; - + err = sel_netnode_sid(addrp, family, &node_sid); if (err) return err; @@ -4398,9 +4430,8 @@ static int selinux_ip_postroute_iptables_compat(struct sock *sk, if (send_perm != 0) return 0; - err = security_port_sid(sk->sk_family, sk->sk_type, - sk->sk_protocol, ntohs(ad->u.net.dport), - &port_sid); + err = sel_netport_sid(sk->sk_protocol, + ntohs(ad->u.net.dport), &port_sid); if (unlikely(err)) { printk(KERN_WARNING "SELinux: failure in" @@ -4571,7 +4602,7 @@ static int selinux_netlink_recv(struct sk_buff *skb, int capability) ad.u.cap = capability; return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid, - SECCLASS_CAPABILITY, CAP_TO_MASK(capability), &ad); + SECCLASS_CAPABILITY, CAP_TO_MASK(capability), &ad); } static int ipc_alloc_security(struct task_struct *task, @@ -4663,7 +4694,7 @@ static int selinux_msg_queue_alloc_security(struct msg_queue *msq) isec = msq->q_perm.security; AVC_AUDIT_DATA_INIT(&ad, IPC); - ad.u.ipc_id = msq->q_perm.key; + ad.u.ipc_id = msq->q_perm.key; rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ, MSGQ__CREATE, &ad); @@ -4700,7 +4731,7 @@ static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd) int err; int perms; - switch(cmd) { + switch (cmd) { case IPC_INFO: case MSG_INFO: /* No specific object, just general system-wide information. */ @@ -4784,7 +4815,7 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, msec = msg->security; AVC_AUDIT_DATA_INIT(&ad, IPC); - ad.u.ipc_id = msq->q_perm.key; + ad.u.ipc_id = msq->q_perm.key; rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ, MSGQ__READ, &ad); @@ -4810,7 +4841,7 @@ static int selinux_shm_alloc_security(struct shmid_kernel *shp) isec = shp->shm_perm.security; AVC_AUDIT_DATA_INIT(&ad, IPC); - ad.u.ipc_id = shp->shm_perm.key; + ad.u.ipc_id = shp->shm_perm.key; rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM, SHM__CREATE, &ad); @@ -4848,7 +4879,7 @@ static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd) int perms; int err; - switch(cmd) { + switch (cmd) { case IPC_INFO: case SHM_INFO: /* No specific object, just general system-wide information. */ @@ -4909,7 +4940,7 @@ static int selinux_sem_alloc_security(struct sem_array *sma) isec = sma->sem_perm.security; AVC_AUDIT_DATA_INIT(&ad, IPC); - ad.u.ipc_id = sma->sem_perm.key; + ad.u.ipc_id = sma->sem_perm.key; rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM, SEM__CREATE, &ad); @@ -4947,7 +4978,7 @@ static int selinux_sem_semctl(struct sem_array *sma, int cmd) int err; u32 perms; - switch(cmd) { + switch (cmd) { case IPC_INFO: case SEM_INFO: /* No specific object, just general system-wide information. */ @@ -5012,25 +5043,31 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag) return ipc_has_perm(ipcp, av); } +static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) +{ + struct ipc_security_struct *isec = ipcp->security; + *secid = isec->sid; +} + /* module stacking operations */ -static int selinux_register_security (const char *name, struct security_operations *ops) +static int selinux_register_security(const char *name, struct security_operations *ops) { if (secondary_ops != original_ops) { printk(KERN_ERR "%s: There is already a secondary security " - "module registered.\n", __FUNCTION__); + "module registered.\n", __func__); return -EINVAL; - } + } secondary_ops = ops; printk(KERN_INFO "%s: Registering secondary module %s\n", - __FUNCTION__, + __func__, name); return 0; } -static void selinux_d_instantiate (struct dentry *dentry, struct inode *inode) +static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode) { if (inode) inode_doinit_with_dentry(inode, dentry); @@ -5080,6 +5117,7 @@ static int selinux_setprocattr(struct task_struct *p, char *name, void *value, size_t size) { struct task_security_struct *tsec; + struct task_struct *tracer; u32 sid = 0; int error; char *str = value; @@ -5157,34 +5195,39 @@ static int selinux_setprocattr(struct task_struct *p, } while_each_thread(g, t); read_unlock(&tasklist_lock); - } + } /* Check permissions for the transition. */ error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS, - PROCESS__DYNTRANSITION, NULL); + PROCESS__DYNTRANSITION, NULL); if (error) return error; /* Check for ptracing, and update the task SID if ok. Otherwise, leave SID unchanged and fail. */ task_lock(p); - if (p->ptrace & PT_PTRACED) { - error = avc_has_perm_noaudit(tsec->ptrace_sid, sid, + rcu_read_lock(); + tracer = task_tracer_task(p); + if (tracer != NULL) { + struct task_security_struct *ptsec = tracer->security; + u32 ptsid = ptsec->sid; + rcu_read_unlock(); + error = avc_has_perm_noaudit(ptsid, sid, SECCLASS_PROCESS, PROCESS__PTRACE, 0, &avd); if (!error) tsec->sid = sid; task_unlock(p); - avc_audit(tsec->ptrace_sid, sid, SECCLASS_PROCESS, + avc_audit(ptsid, sid, SECCLASS_PROCESS, PROCESS__PTRACE, &avd, error, NULL); if (error) return error; } else { + rcu_read_unlock(); tsec->sid = sid; task_unlock(p); } - } - else + } else return -EINVAL; return size; @@ -5195,7 +5238,7 @@ static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) return security_sid_to_context(secid, secdata, seclen); } -static int selinux_secctx_to_secid(char *secdata, u32 seclen, u32 *secid) +static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) { return security_context_to_sid(secdata, seclen, secid); } @@ -5257,9 +5300,25 @@ static int selinux_key_permission(key_ref_t key_ref, SECCLASS_KEY, perm, NULL); } +static int selinux_key_getsecurity(struct key *key, char **_buffer) +{ + struct key_security_struct *ksec = key->security; + char *context = NULL; + unsigned len; + int rc; + + rc = security_sid_to_context(ksec->sid, &context, &len); + if (!rc) + rc = len; + *_buffer = context; + return rc; +} + #endif static struct security_operations selinux_ops = { + .name = "selinux", + .ptrace = selinux_ptrace, .capget = selinux_capget, .capset_check = selinux_capset_check, @@ -5272,7 +5331,7 @@ static struct security_operations selinux_ops = { .vm_enough_memory = selinux_vm_enough_memory, .netlink_send = selinux_netlink_send, - .netlink_recv = selinux_netlink_recv, + .netlink_recv = selinux_netlink_recv, .bprm_alloc_security = selinux_bprm_alloc_security, .bprm_free_security = selinux_bprm_free_security, @@ -5285,13 +5344,13 @@ static struct security_operations selinux_ops = { .sb_alloc_security = selinux_sb_alloc_security, .sb_free_security = selinux_sb_free_security, .sb_copy_data = selinux_sb_copy_data, - .sb_kern_mount = selinux_sb_kern_mount, + .sb_kern_mount = selinux_sb_kern_mount, .sb_statfs = selinux_sb_statfs, .sb_mount = selinux_mount, .sb_umount = selinux_umount, .sb_get_mnt_opts = selinux_get_mnt_opts, .sb_set_mnt_opts = selinux_set_mnt_opts, - .sb_clone_mnt_opts = selinux_sb_clone_mnt_opts, + .sb_clone_mnt_opts = selinux_sb_clone_mnt_opts, .sb_parse_opts_str = selinux_parse_opts_str, @@ -5316,11 +5375,12 @@ static struct security_operations selinux_ops = { .inode_getxattr = selinux_inode_getxattr, .inode_listxattr = selinux_inode_listxattr, .inode_removexattr = selinux_inode_removexattr, - .inode_getsecurity = selinux_inode_getsecurity, - .inode_setsecurity = selinux_inode_setsecurity, - .inode_listsecurity = selinux_inode_listsecurity, + .inode_getsecurity = selinux_inode_getsecurity, + .inode_setsecurity = selinux_inode_setsecurity, + .inode_listsecurity = selinux_inode_listsecurity, .inode_need_killpriv = selinux_inode_need_killpriv, .inode_killpriv = selinux_inode_killpriv, + .inode_getsecid = selinux_inode_getsecid, .file_permission = selinux_file_permission, .file_alloc_security = selinux_file_alloc_security, @@ -5334,7 +5394,7 @@ static struct security_operations selinux_ops = { .file_send_sigiotask = selinux_file_send_sigiotask, .file_receive = selinux_file_receive, - .dentry_open = selinux_dentry_open, + .dentry_open = selinux_dentry_open, .task_create = selinux_task_create, .task_alloc_security = selinux_task_alloc_security, @@ -5344,7 +5404,7 @@ static struct security_operations selinux_ops = { .task_setgid = selinux_task_setgid, .task_setpgid = selinux_task_setpgid, .task_getpgid = selinux_task_getpgid, - .task_getsid = selinux_task_getsid, + .task_getsid = selinux_task_getsid, .task_getsecid = selinux_task_getsecid, .task_setgroups = selinux_task_setgroups, .task_setnice = selinux_task_setnice, @@ -5358,9 +5418,10 @@ static struct security_operations selinux_ops = { .task_wait = selinux_task_wait, .task_prctl = selinux_task_prctl, .task_reparent_to_init = selinux_task_reparent_to_init, - .task_to_inode = selinux_task_to_inode, + .task_to_inode = selinux_task_to_inode, .ipc_permission = selinux_ipc_permission, + .ipc_getsecid = selinux_ipc_getsecid, .msg_msg_alloc_security = selinux_msg_msg_alloc_security, .msg_msg_free_security = selinux_msg_msg_free_security, @@ -5378,24 +5439,24 @@ static struct security_operations selinux_ops = { .shm_shmctl = selinux_shm_shmctl, .shm_shmat = selinux_shm_shmat, - .sem_alloc_security = selinux_sem_alloc_security, - .sem_free_security = selinux_sem_free_security, + .sem_alloc_security = selinux_sem_alloc_security, + .sem_free_security = selinux_sem_free_security, .sem_associate = selinux_sem_associate, .sem_semctl = selinux_sem_semctl, .sem_semop = selinux_sem_semop, .register_security = selinux_register_security, - .d_instantiate = selinux_d_instantiate, + .d_instantiate = selinux_d_instantiate, - .getprocattr = selinux_getprocattr, - .setprocattr = selinux_setprocattr, + .getprocattr = selinux_getprocattr, + .setprocattr = selinux_setprocattr, .secid_to_secctx = selinux_secid_to_secctx, .secctx_to_secid = selinux_secctx_to_secid, .release_secctx = selinux_release_secctx, - .unix_stream_connect = selinux_socket_unix_stream_connect, + .unix_stream_connect = selinux_socket_unix_stream_connect, .unix_may_send = selinux_socket_unix_may_send, .socket_create = selinux_socket_create, @@ -5417,7 +5478,7 @@ static struct security_operations selinux_ops = { .sk_alloc_security = selinux_sk_alloc_security, .sk_free_security = selinux_sk_free_security, .sk_clone_security = selinux_sk_clone_security, - .sk_getsecid = selinux_sk_getsecid, + .sk_getsecid = selinux_sk_getsecid, .sock_graft = selinux_sock_graft, .inet_conn_request = selinux_inet_conn_request, .inet_csk_clone = selinux_inet_csk_clone, @@ -5432,15 +5493,23 @@ static struct security_operations selinux_ops = { .xfrm_state_alloc_security = selinux_xfrm_state_alloc, .xfrm_state_free_security = selinux_xfrm_state_free, .xfrm_state_delete_security = selinux_xfrm_state_delete, - .xfrm_policy_lookup = selinux_xfrm_policy_lookup, + .xfrm_policy_lookup = selinux_xfrm_policy_lookup, .xfrm_state_pol_flow_match = selinux_xfrm_state_pol_flow_match, .xfrm_decode_session = selinux_xfrm_decode_session, #endif #ifdef CONFIG_KEYS - .key_alloc = selinux_key_alloc, - .key_free = selinux_key_free, - .key_permission = selinux_key_permission, + .key_alloc = selinux_key_alloc, + .key_free = selinux_key_free, + .key_permission = selinux_key_permission, + .key_getsecurity = selinux_key_getsecurity, +#endif + +#ifdef CONFIG_AUDIT + .audit_rule_init = selinux_audit_rule_init, + .audit_rule_known = selinux_audit_rule_known, + .audit_rule_match = selinux_audit_rule_match, + .audit_rule_free = selinux_audit_rule_free, #endif }; @@ -5448,6 +5517,11 @@ static __init int selinux_init(void) { struct task_security_struct *tsec; + if (!security_module_enable(&selinux_ops)) { + selinux_enabled = 0; + return 0; + } + if (!selinux_enabled) { printk(KERN_INFO "SELinux: Disabled at boot.\n"); return 0; @@ -5468,23 +5542,14 @@ static __init int selinux_init(void) original_ops = secondary_ops = security_ops; if (!secondary_ops) - panic ("SELinux: No initial security operations\n"); - if (register_security (&selinux_ops)) + panic("SELinux: No initial security operations\n"); + if (register_security(&selinux_ops)) panic("SELinux: Unable to register with kernel.\n"); - if (selinux_enforcing) { + if (selinux_enforcing) printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n"); - } else { + else printk(KERN_DEBUG "SELinux: Starting in permissive mode\n"); - } - -#ifdef CONFIG_KEYS - /* Add security information to initial keyrings */ - selinux_key_alloc(&root_user_keyring, current, - KEY_ALLOC_NOT_IN_QUOTA); - selinux_key_alloc(&root_session_keyring, current, - KEY_ALLOC_NOT_IN_QUOTA); -#endif return 0; } @@ -5501,8 +5566,8 @@ next_sb: if (!list_empty(&superblock_security_head)) { struct superblock_security_struct *sbsec = list_entry(superblock_security_head.next, - struct superblock_security_struct, - list); + struct superblock_security_struct, + list); struct super_block *sb = sbsec->sb; sb->s_count++; spin_unlock(&sb_security_lock); @@ -5621,10 +5686,11 @@ static void selinux_nf_ip_exit(void) #endif /* CONFIG_NETFILTER */ #ifdef CONFIG_SECURITY_SELINUX_DISABLE +static int selinux_disabled; + int selinux_disable(void) { extern void exit_sel_fs(void); - static int selinux_disabled = 0; if (ss_initialized) { /* Not permitted after initial policy load. */ @@ -5653,5 +5719,3 @@ int selinux_disable(void) return 0; } #endif - -