1
/* Updated: Karl MacMillan <[email protected]>
2
 *
3
 *	Added conditional policy language extensions
4
 *
5
 *  Updated: Hewlett-Packard <[email protected]>
6
 *
7
 *	Added support for the policy capability bitmap
8
 *
9
 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
10
 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
11
 * Copyright (C) 2004 Red Hat, Inc., James Morris <[email protected]>
12
 *	This program is free software; you can redistribute it and/or modify
13
 *	it under the terms of the GNU General Public License as published by
14
 *	the Free Software Foundation, version 2.
15
 */
16

17
#include <linux/kernel.h>
18
#include <linux/pagemap.h>
19
#include <linux/slab.h>
20
#include <linux/vmalloc.h>
21
#include <linux/fs.h>
22
#include <linux/mutex.h>
23
#include <linux/init.h>
24
#include <linux/string.h>
25
#include <linux/security.h>
26
#include <linux/major.h>
27
#include <linux/seq_file.h>
28
#include <linux/percpu.h>
29
#include <linux/audit.h>
30
#include <linux/uaccess.h>
31
#include <linux/kobject.h>
32
#include <linux/ctype.h>
33

34
/* selinuxfs pseudo filesystem for exporting the security policy API.
35
   Based on the proc code and the fs/nfsd/nfsctl.c code. */
36

37
#include "flask.h"
38
#include "avc.h"
39
#include "avc_ss.h"
40
#include "security.h"
41
#include "objsec.h"
42
#include "conditional.h"
43

44
/* Policy capability filenames */
45
static char *policycap_names[] = {
46
	"network_peer_controls",
47
	"open_perms"
48
};
49

50
unsigned int selinux_checkreqprot = CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE;
51

52
static int __init checkreqprot_setup(char *str)
53
{
54
	unsigned long checkreqprot;
55
	if (!strict_strtoul(str, 0, &checkreqprot))
56
		selinux_checkreqprot = checkreqprot ? 1 : 0;
57
	return 1;
58
}
59
__setup("checkreqprot=", checkreqprot_setup);
60

61
static DEFINE_MUTEX(sel_mutex);
62

63
/* global data for booleans */
64
static struct dentry *bool_dir;
65
static int bool_num;
66
static char **bool_pending_names;
67
static int *bool_pending_values;
68

69
/* global data for classes */
70
static struct dentry *class_dir;
71
static unsigned long last_class_ino;
72

73
static char policy_opened;
74

75
/* global data for policy capabilities */
76
static struct dentry *policycap_dir;
77

78
extern void selnl_notify_setenforce(int val);
79

80
/* Check whether a task is allowed to use a security operation. */
81
static int task_has_security(struct task_struct *tsk,
82
			     u32 perms)
83
{
84
	const struct task_security_struct *tsec;
85
	u32 sid = 0;
86

87
	rcu_read_lock();
88
	tsec = __task_cred(tsk)->security;
89
	if (tsec)
90
		sid = tsec->sid;
91
	rcu_read_unlock();
92
	if (!tsec)
93
		return -EACCES;
94

95
	return avc_has_perm(sid, SECINITSID_SECURITY,
96
			    SECCLASS_SECURITY, perms, NULL);
97
}
98

99
enum sel_inos {
100
	SEL_ROOT_INO = 2,
101
	SEL_LOAD,	/* load policy */
102
	SEL_ENFORCE,	/* get or set enforcing status */
103
	SEL_CONTEXT,	/* validate context */
104
	SEL_ACCESS,	/* compute access decision */
105
	SEL_CREATE,	/* compute create labeling decision */
106
	SEL_RELABEL,	/* compute relabeling decision */
107
	SEL_USER,	/* compute reachable user contexts */
108
	SEL_POLICYVERS,	/* return policy version for this kernel */
109
	SEL_COMMIT_BOOLS, /* commit new boolean values */
110
	SEL_MLS,	/* return if MLS policy is enabled */
111
	SEL_DISABLE,	/* disable SELinux until next reboot */
112
	SEL_MEMBER,	/* compute polyinstantiation membership decision */
113
	SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */
114
	SEL_COMPAT_NET,	/* whether to use old compat network packet controls */
115
	SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */
116
	SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */
117
	SEL_STATUS,	/* export current status using mmap() */
118
	SEL_POLICY,	/* allow userspace to read the in kernel policy */
119
	SEL_INO_NEXT,	/* The next inode number to use */
120
};
121

122
static unsigned long sel_last_ino = SEL_INO_NEXT - 1;
123

124
#define SEL_INITCON_INO_OFFSET		0x01000000
125
#define SEL_BOOL_INO_OFFSET		0x02000000
126
#define SEL_CLASS_INO_OFFSET		0x04000000
127
#define SEL_POLICYCAP_INO_OFFSET	0x08000000
128
#define SEL_INO_MASK			0x00ffffff
129

130
#define TMPBUFLEN	12
131
static ssize_t sel_read_enforce(struct file *filp, char __user *buf,
132
				size_t count, loff_t *ppos)
133
{
134
	char tmpbuf[TMPBUFLEN];
135
	ssize_t length;
136

137
	length = scnprintf(tmpbuf, TMPBUFLEN, "%d", selinux_enforcing);
138
	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
139
}
140

141
#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
142
static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
143
				 size_t count, loff_t *ppos)
144

145
{
146
	char *page = NULL;
147
	ssize_t length;
148
	int new_value;
149

150
	length = -ENOMEM;
151
	if (count >= PAGE_SIZE)
152
		goto out;
153

154
	/* No partial writes. */
155
	length = EINVAL;
156
	if (*ppos != 0)
157
		goto out;
158

159
	length = -ENOMEM;
160
	page = (char *)get_zeroed_page(GFP_KERNEL);
161
	if (!page)
162
		goto out;
163

164
	length = -EFAULT;
165
	if (copy_from_user(page, buf, count))
166
		goto out;
167

168
	length = -EINVAL;
169
	if (sscanf(page, "%d", &new_value) != 1)
170
		goto out;
171

172
	if (new_value != selinux_enforcing) {
173
		length = task_has_security(current, SECURITY__SETENFORCE);
174
		if (length)
175
			goto out;
176
		audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
177
			"enforcing=%d old_enforcing=%d auid=%u ses=%u",
178
			new_value, selinux_enforcing,
179
			audit_get_loginuid(current),
180
			audit_get_sessionid(current));
181
		selinux_enforcing = new_value;
182
		if (selinux_enforcing)
183
			avc_ss_reset(0);
184
		selnl_notify_setenforce(selinux_enforcing);
185
		selinux_status_update_setenforce(selinux_enforcing);
186
	}
187
	length = count;
188
out:
189
	free_page((unsigned long) page);
190
	return length;
191
}
192
#else
193
#define sel_write_enforce NULL
194
#endif
195

196
static const struct file_operations sel_enforce_ops = {
197
	.read		= sel_read_enforce,
198
	.write		= sel_write_enforce,
199
	.llseek		= generic_file_llseek,
200
};
201

202
static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf,
203
					size_t count, loff_t *ppos)
204
{
205
	char tmpbuf[TMPBUFLEN];
206
	ssize_t length;
207
	ino_t ino = filp->f_path.dentry->d_inode->i_ino;
208
	int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ?
209
		security_get_reject_unknown() : !security_get_allow_unknown();
210

211
	length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown);
212
	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
213
}
214

215
static const struct file_operations sel_handle_unknown_ops = {
216
	.read		= sel_read_handle_unknown,
217
	.llseek		= generic_file_llseek,
218
};
219

220
static int sel_open_handle_status(struct inode *inode, struct file *filp)
221
{
222
	struct page    *status = selinux_kernel_status_page();
223

224
	if (!status)
225
		return -ENOMEM;
226

227
	filp->private_data = status;
228

229
	return 0;
230
}
231

232
static ssize_t sel_read_handle_status(struct file *filp, char __user *buf,
233
				      size_t count, loff_t *ppos)
234
{
235
	struct page    *status = filp->private_data;
236

237
	BUG_ON(!status);
238

239
	return simple_read_from_buffer(buf, count, ppos,
240
				       page_address(status),
241
				       sizeof(struct selinux_kernel_status));
242
}
243

244
static int sel_mmap_handle_status(struct file *filp,
245
				  struct vm_area_struct *vma)
246
{
247
	struct page    *status = filp->private_data;
248
	unsigned long	size = vma->vm_end - vma->vm_start;
249

250
	BUG_ON(!status);
251

252
	/* only allows one page from the head */
253
	if (vma->vm_pgoff > 0 || size != PAGE_SIZE)
254
		return -EIO;
255
	/* disallow writable mapping */
256
	if (vma->vm_flags & VM_WRITE)
257
		return -EPERM;
258
	/* disallow mprotect() turns it into writable */
259
	vma->vm_flags &= ~VM_MAYWRITE;
260

261
	return remap_pfn_range(vma, vma->vm_start,
262
			       page_to_pfn(status),
263
			       size, vma->vm_page_prot);
264
}
265

266
static const struct file_operations sel_handle_status_ops = {
267
	.open		= sel_open_handle_status,
268
	.read		= sel_read_handle_status,
269
	.mmap		= sel_mmap_handle_status,
270
	.llseek		= generic_file_llseek,
271
};
272

273
#ifdef CONFIG_SECURITY_SELINUX_DISABLE
274
static ssize_t sel_write_disable(struct file *file, const char __user *buf,
275
				 size_t count, loff_t *ppos)
276

277
{
278
	char *page = NULL;
279
	ssize_t length;
280
	int new_value;
281
	extern int selinux_disable(void);
282

283
	length = -ENOMEM;
284
	if (count >= PAGE_SIZE)
285
		goto out;
286

287
	/* No partial writes. */
288
	length = -EINVAL;
289
	if (*ppos != 0)
290
		goto out;
291

292
	length = -ENOMEM;
293
	page = (char *)get_zeroed_page(GFP_KERNEL);
294
	if (!page)
295
		goto out;
296

297
	length = -EFAULT;
298
	if (copy_from_user(page, buf, count))
299
		goto out;
300

301
	length = -EINVAL;
302
	if (sscanf(page, "%d", &new_value) != 1)
303
		goto out;
304

305
	if (new_value) {
306
		length = selinux_disable();
307
		if (length)
308
			goto out;
309
		audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
310
			"selinux=0 auid=%u ses=%u",
311
			audit_get_loginuid(current),
312
			audit_get_sessionid(current));
313
	}
314

315
	length = count;
316
out:
317
	free_page((unsigned long) page);
318
	return length;
319
}
320
#else
321
#define sel_write_disable NULL
322
#endif
323

324
static const struct file_operations sel_disable_ops = {
325
	.write		= sel_write_disable,
326
	.llseek		= generic_file_llseek,
327
};
328

329
static ssize_t sel_read_policyvers(struct file *filp, char __user *buf,
330
				   size_t count, loff_t *ppos)
331
{
332
	char tmpbuf[TMPBUFLEN];
333
	ssize_t length;
334

335
	length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX);
336
	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
337
}
338

339
static const struct file_operations sel_policyvers_ops = {
340
	.read		= sel_read_policyvers,
341
	.llseek		= generic_file_llseek,
342
};
343

344
/* declaration for sel_write_load */
345
static int sel_make_bools(void);
346
static int sel_make_classes(void);
347
static int sel_make_policycap(void);
348

349
/* declaration for sel_make_class_dirs */
350
static int sel_make_dir(struct inode *dir, struct dentry *dentry,
351
			unsigned long *ino);
352

353
static ssize_t sel_read_mls(struct file *filp, char __user *buf,
354
				size_t count, loff_t *ppos)
355
{
356
	char tmpbuf[TMPBUFLEN];
357
	ssize_t length;
358

359
	length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
360
			   security_mls_enabled());
361
	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
362
}
363

364
static const struct file_operations sel_mls_ops = {
365
	.read		= sel_read_mls,
366
	.llseek		= generic_file_llseek,
367
};
368

369
struct policy_load_memory {
370
	size_t len;
371
	void *data;
372
};
373

374
static int sel_open_policy(struct inode *inode, struct file *filp)
375
{
376
	struct policy_load_memory *plm = NULL;
377
	int rc;
378

379
	BUG_ON(filp->private_data);
380

381
	mutex_lock(&sel_mutex);
382

383
	rc = task_has_security(current, SECURITY__READ_POLICY);
384
	if (rc)
385
		goto err;
386

387
	rc = -EBUSY;
388
	if (policy_opened)
389
		goto err;
390

391
	rc = -ENOMEM;
392
	plm = kzalloc(sizeof(*plm), GFP_KERNEL);
393
	if (!plm)
394
		goto err;
395

396
	if (i_size_read(inode) != security_policydb_len()) {
397
		mutex_lock(&inode->i_mutex);
398
		i_size_write(inode, security_policydb_len());
399
		mutex_unlock(&inode->i_mutex);
400
	}
401

402
	rc = security_read_policy(&plm->data, &plm->len);
403
	if (rc)
404
		goto err;
405

406
	policy_opened = 1;
407

408
	filp->private_data = plm;
409

410
	mutex_unlock(&sel_mutex);
411

412
	return 0;
413
err:
414
	mutex_unlock(&sel_mutex);
415

416
	if (plm)
417
		vfree(plm->data);
418
	kfree(plm);
419
	return rc;
420
}
421

422
static int sel_release_policy(struct inode *inode, struct file *filp)
423
{
424
	struct policy_load_memory *plm = filp->private_data;
425

426
	BUG_ON(!plm);
427

428
	policy_opened = 0;
429

430
	vfree(plm->data);
431
	kfree(plm);
432

433
	return 0;
434
}
435

436
static ssize_t sel_read_policy(struct file *filp, char __user *buf,
437
			       size_t count, loff_t *ppos)
438
{
439
	struct policy_load_memory *plm = filp->private_data;
440
	int ret;
441

442
	mutex_lock(&sel_mutex);
443

444
	ret = task_has_security(current, SECURITY__READ_POLICY);
445
	if (ret)
446
		goto out;
447

448
	ret = simple_read_from_buffer(buf, count, ppos, plm->data, plm->len);
449
out:
450
	mutex_unlock(&sel_mutex);
451
	return ret;
452
}
453

454
static int sel_mmap_policy_fault(struct vm_area_struct *vma,
455
				 struct vm_fault *vmf)
456
{
457
	struct policy_load_memory *plm = vma->vm_file->private_data;
458
	unsigned long offset;
459
	struct page *page;
460

461
	if (vmf->flags & (FAULT_FLAG_MKWRITE | FAULT_FLAG_WRITE))
462
		return VM_FAULT_SIGBUS;
463

464
	offset = vmf->pgoff << PAGE_SHIFT;
465
	if (offset >= roundup(plm->len, PAGE_SIZE))
466
		return VM_FAULT_SIGBUS;
467

468
	page = vmalloc_to_page(plm->data + offset);
469
	get_page(page);
470

471
	vmf->page = page;
472

473
	return 0;
474
}
475

476
static struct vm_operations_struct sel_mmap_policy_ops = {
477
	.fault = sel_mmap_policy_fault,
478
	.page_mkwrite = sel_mmap_policy_fault,
479
};
480

481
int sel_mmap_policy(struct file *filp, struct vm_area_struct *vma)
482
{
483
	if (vma->vm_flags & VM_SHARED) {
484
		/* do not allow mprotect to make mapping writable */
485
		vma->vm_flags &= ~VM_MAYWRITE;
486

487
		if (vma->vm_flags & VM_WRITE)
488
			return -EACCES;
489
	}
490

491
	vma->vm_flags |= VM_RESERVED;
492
	vma->vm_ops = &sel_mmap_policy_ops;
493

494
	return 0;
495
}
496

497
static const struct file_operations sel_policy_ops = {
498
	.open		= sel_open_policy,
499
	.read		= sel_read_policy,
500
	.mmap		= sel_mmap_policy,
501
	.release	= sel_release_policy,
502
};
503

504
static ssize_t sel_write_load(struct file *file, const char __user *buf,
505
			      size_t count, loff_t *ppos)
506

507
{
508
	ssize_t length;
509
	void *data = NULL;
510

511
	mutex_lock(&sel_mutex);
512

513
	length = task_has_security(current, SECURITY__LOAD_POLICY);
514
	if (length)
515
		goto out;
516

517
	/* No partial writes. */
518
	length = -EINVAL;
519
	if (*ppos != 0)
520
		goto out;
521

522
	length = -EFBIG;
523
	if (count > 64 * 1024 * 1024)
524
		goto out;
525

526
	length = -ENOMEM;
527
	data = vmalloc(count);
528
	if (!data)
529
		goto out;
530

531
	length = -EFAULT;
532
	if (copy_from_user(data, buf, count) != 0)
533
		goto out;
534

535
	length = security_load_policy(data, count);
536
	if (length)
537
		goto out;
538

539
	length = sel_make_bools();
540
	if (length)
541
		goto out1;
542

543
	length = sel_make_classes();
544
	if (length)
545
		goto out1;
546

547
	length = sel_make_policycap();
548
	if (length)
549
		goto out1;
550

551
	length = count;
552

553
out1:
554
	audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
555
		"policy loaded auid=%u ses=%u",
556
		audit_get_loginuid(current),
557
		audit_get_sessionid(current));
558
out:
559
	mutex_unlock(&sel_mutex);
560
	vfree(data);
561
	return length;
562
}
563

564
static const struct file_operations sel_load_ops = {
565
	.write		= sel_write_load,
566
	.llseek		= generic_file_llseek,
567
};
568

569
static ssize_t sel_write_context(struct file *file, char *buf, size_t size)
570
{
571
	char *canon = NULL;
572
	u32 sid, len;
573
	ssize_t length;
574

575
	length = task_has_security(current, SECURITY__CHECK_CONTEXT);
576
	if (length)
577
		goto out;
578

579
	length = security_context_to_sid(buf, size, &sid);
580
	if (length)
581
		goto out;
582

583
	length = security_sid_to_context(sid, &canon, &len);
584
	if (length)
585
		goto out;
586

587
	length = -ERANGE;
588
	if (len > SIMPLE_TRANSACTION_LIMIT) {
589
		printk(KERN_ERR "SELinux: %s:  context size (%u) exceeds "
590
			"payload max\n", __func__, len);
591
		goto out;
592
	}
593

594
	memcpy(buf, canon, len);
595
	length = len;
596
out:
597
	kfree(canon);
598
	return length;
599
}
600

601
static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf,
602
				     size_t count, loff_t *ppos)
603
{
604
	char tmpbuf[TMPBUFLEN];
605
	ssize_t length;
606

607
	length = scnprintf(tmpbuf, TMPBUFLEN, "%u", selinux_checkreqprot);
608
	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
609
}
610

611
static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
612
				      size_t count, loff_t *ppos)
613
{
614
	char *page = NULL;
615
	ssize_t length;
616
	unsigned int new_value;
617

618
	length = task_has_security(current, SECURITY__SETCHECKREQPROT);
619
	if (length)
620
		goto out;
621

622
	length = -ENOMEM;
623
	if (count >= PAGE_SIZE)
624
		goto out;
625

626
	/* No partial writes. */
627
	length = -EINVAL;
628
	if (*ppos != 0)
629
		goto out;
630

631
	length = -ENOMEM;
632
	page = (char *)get_zeroed_page(GFP_KERNEL);
633
	if (!page)
634
		goto out;
635

636
	length = -EFAULT;
637
	if (copy_from_user(page, buf, count))
638
		goto out;
639

640
	length = -EINVAL;
641
	if (sscanf(page, "%u", &new_value) != 1)
642
		goto out;
643

644
	selinux_checkreqprot = new_value ? 1 : 0;
645
	length = count;
646
out:
647
	free_page((unsigned long) page);
648
	return length;
649
}
650
static const struct file_operations sel_checkreqprot_ops = {
651
	.read		= sel_read_checkreqprot,
652
	.write		= sel_write_checkreqprot,
653
	.llseek		= generic_file_llseek,
654
};
655

656
/*
657
 * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c
658
 */
659
static ssize_t sel_write_access(struct file *file, char *buf, size_t size);
660
static ssize_t sel_write_create(struct file *file, char *buf, size_t size);
661
static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size);
662
static ssize_t sel_write_user(struct file *file, char *buf, size_t size);
663
static ssize_t sel_write_member(struct file *file, char *buf, size_t size);
664

665
static ssize_t (*write_op[])(struct file *, char *, size_t) = {
666
	[SEL_ACCESS] = sel_write_access,
667
	[SEL_CREATE] = sel_write_create,
668
	[SEL_RELABEL] = sel_write_relabel,
669
	[SEL_USER] = sel_write_user,
670
	[SEL_MEMBER] = sel_write_member,
671
	[SEL_CONTEXT] = sel_write_context,
672
};
673

674
static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos)
675
{
676
	ino_t ino = file->f_path.dentry->d_inode->i_ino;
677
	char *data;
678
	ssize_t rv;
679

680
	if (ino >= ARRAY_SIZE(write_op) || !write_op[ino])
681
		return -EINVAL;
682

683
	data = simple_transaction_get(file, buf, size);
684
	if (IS_ERR(data))
685
		return PTR_ERR(data);
686

687
	rv = write_op[ino](file, data, size);
688
	if (rv > 0) {
689
		simple_transaction_set(file, rv);
690
		rv = size;
691
	}
692
	return rv;
693
}
694

695
static const struct file_operations transaction_ops = {
696
	.write		= selinux_transaction_write,
697
	.read		= simple_transaction_read,
698
	.release	= simple_transaction_release,
699
	.llseek		= generic_file_llseek,
700
};
701

702
/*
703
 * payload - write methods
704
 * If the method has a response, the response should be put in buf,
705
 * and the length returned.  Otherwise return 0 or and -error.
706
 */
707

708
static ssize_t sel_write_access(struct file *file, char *buf, size_t size)
709
{
710
	char *scon = NULL, *tcon = NULL;
711
	u32 ssid, tsid;
712
	u16 tclass;
713
	struct av_decision avd;
714
	ssize_t length;
715

716
	length = task_has_security(current, SECURITY__COMPUTE_AV);
717
	if (length)
718
		goto out;
719

720
	length = -ENOMEM;
721
	scon = kzalloc(size + 1, GFP_KERNEL);
722
	if (!scon)
723
		goto out;
724

725
	length = -ENOMEM;
726
	tcon = kzalloc(size + 1, GFP_KERNEL);
727
	if (!tcon)
728
		goto out;
729

730
	length = -EINVAL;
731
	if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
732
		goto out;
733

734
	length = security_context_to_sid(scon, strlen(scon) + 1, &ssid);
735
	if (length)
736
		goto out;
737

738
	length = security_context_to_sid(tcon, strlen(tcon) + 1, &tsid);
739
	if (length)
740
		goto out;
741

742
	security_compute_av_user(ssid, tsid, tclass, &avd);
743

744
	length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT,
745
			  "%x %x %x %x %u %x",
746
			  avd.allowed, 0xffffffff,
747
			  avd.auditallow, avd.auditdeny,
748
			  avd.seqno, avd.flags);
749
out:
750
	kfree(tcon);
751
	kfree(scon);
752
	return length;
753
}
754

755
static inline int hexcode_to_int(int code) {
756
	if (code == '\0' || !isxdigit(code))
757
		return -1;
758
	if (isdigit(code))
759
		return code - '0';
760
	return tolower(code) - 'a' + 10;
761
}
762

763
static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
764
{
765
	char *scon = NULL, *tcon = NULL;
766
	char *namebuf = NULL, *objname = NULL;
767
	u32 ssid, tsid, newsid;
768
	u16 tclass;
769
	ssize_t length;
770
	char *newcon = NULL;
771
	u32 len;
772
	int nargs;
773

774
	length = task_has_security(current, SECURITY__COMPUTE_CREATE);
775
	if (length)
776
		goto out;
777

778
	length = -ENOMEM;
779
	scon = kzalloc(size + 1, GFP_KERNEL);
780
	if (!scon)
781
		goto out;
782

783
	length = -ENOMEM;
784
	tcon = kzalloc(size + 1, GFP_KERNEL);
785
	if (!tcon)
786
		goto out;
787

788
	length = -ENOMEM;
789
	namebuf = kzalloc(size + 1, GFP_KERNEL);
790
	if (!namebuf)
791
		goto out;
792

793
	length = -EINVAL;
794
	nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf);
795
	if (nargs < 3 || nargs > 4)
796
		goto out;
797
	if (nargs == 4) {
798
		/*
799
		 * If and when the name of new object to be queried contains
800
		 * either whitespace or multibyte characters, they shall be
801
		 * encoded based on the percentage-encoding rule.
802
		 * If not encoded, the sscanf logic picks up only left-half
803
		 * of the supplied name; splitted by a whitespace unexpectedly.
804
		 */
805
		char   *r, *w;
806
		int     c1, c2;
807

808
		r = w = namebuf;
809
		do {
810
			c1 = *r++;
811
			if (c1 == '+')
812
				c1 = ' ';
813
			else if (c1 == '%') {
814
				if ((c1 = hexcode_to_int(*r++)) < 0)
815
					goto out;
816
				if ((c2 = hexcode_to_int(*r++)) < 0)
817
					goto out;
818
				c1 = (c1 << 4) | c2;
819
			}
820
			*w++ = c1;
821
		} while (c1 != '\0');
822

823
		objname = namebuf;
824
	}
825

826
	length = security_context_to_sid(scon, strlen(scon) + 1, &ssid);
827
	if (length)
828
		goto out;
829

830
	length = security_context_to_sid(tcon, strlen(tcon) + 1, &tsid);
831
	if (length)
832
		goto out;
833

834
	length = security_transition_sid_user(ssid, tsid, tclass,
835
					      objname, &newsid);
836
	if (length)
837
		goto out;
838

839
	length = security_sid_to_context(newsid, &newcon, &len);
840
	if (length)
841
		goto out;
842

843
	length = -ERANGE;
844
	if (len > SIMPLE_TRANSACTION_LIMIT) {
845
		printk(KERN_ERR "SELinux: %s:  context size (%u) exceeds "
846
			"payload max\n", __func__, len);
847
		goto out;
848
	}
849

850
	memcpy(buf, newcon, len);
851
	length = len;
852
out:
853
	kfree(newcon);
854
	kfree(namebuf);
855
	kfree(tcon);
856
	kfree(scon);
857
	return length;
858
}
859

860
static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size)
861
{
862
	char *scon = NULL, *tcon = NULL;
863
	u32 ssid, tsid, newsid;
864
	u16 tclass;
865
	ssize_t length;
866
	char *newcon = NULL;
867
	u32 len;
868

869
	length = task_has_security(current, SECURITY__COMPUTE_RELABEL);
870
	if (length)
871
		goto out;
872

873
	length = -ENOMEM;
874
	scon = kzalloc(size + 1, GFP_KERNEL);
875
	if (!scon)
876
		goto out;
877

878
	length = -ENOMEM;
879
	tcon = kzalloc(size + 1, GFP_KERNEL);
880
	if (!tcon)
881
		goto out;
882

883
	length = -EINVAL;
884
	if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
885
		goto out;
886

887
	length = security_context_to_sid(scon, strlen(scon) + 1, &ssid);
888
	if (length)
889
		goto out;
890

891
	length = security_context_to_sid(tcon, strlen(tcon) + 1, &tsid);
892
	if (length)
893
		goto out;
894

895
	length = security_change_sid(ssid, tsid, tclass, &newsid);
896
	if (length)
897
		goto out;
898

899
	length = security_sid_to_context(newsid, &newcon, &len);
900
	if (length)
901
		goto out;
902

903
	length = -ERANGE;
904
	if (len > SIMPLE_TRANSACTION_LIMIT)
905
		goto out;
906

907
	memcpy(buf, newcon, len);
908
	length = len;
909
out:
910
	kfree(newcon);
911
	kfree(tcon);
912
	kfree(scon);
913
	return length;
914
}
915

916
static ssize_t sel_write_user(struct file *file, char *buf, size_t size)
917
{
918
	char *con = NULL, *user = NULL, *ptr;
919
	u32 sid, *sids = NULL;
920
	ssize_t length;
921
	char *newcon;
922
	int i, rc;
923
	u32 len, nsids;
924

925
	length = task_has_security(current, SECURITY__COMPUTE_USER);
926
	if (length)
927
		goto out;
928

929
	length = -ENOMEM;
930
	con = kzalloc(size + 1, GFP_KERNEL);
931
	if (!con)
932
		goto out;
933

934
	length = -ENOMEM;
935
	user = kzalloc(size + 1, GFP_KERNEL);
936
	if (!user)
937
		goto out;
938

939
	length = -EINVAL;
940
	if (sscanf(buf, "%s %s", con, user) != 2)
941
		goto out;
942

943
	length = security_context_to_sid(con, strlen(con) + 1, &sid);
944
	if (length)
945
		goto out;
946

947
	length = security_get_user_sids(sid, user, &sids, &nsids);
948
	if (length)
949
		goto out;
950

951
	length = sprintf(buf, "%u", nsids) + 1;
952
	ptr = buf + length;
953
	for (i = 0; i < nsids; i++) {
954
		rc = security_sid_to_context(sids[i], &newcon, &len);
955
		if (rc) {
956
			length = rc;
957
			goto out;
958
		}
959
		if ((length + len) >= SIMPLE_TRANSACTION_LIMIT) {
960
			kfree(newcon);
961
			length = -ERANGE;
962
			goto out;
963
		}
964
		memcpy(ptr, newcon, len);
965
		kfree(newcon);
966
		ptr += len;
967
		length += len;
968
	}
969
out:
970
	kfree(sids);
971
	kfree(user);
972
	kfree(con);
973
	return length;
974
}
975

976
static ssize_t sel_write_member(struct file *file, char *buf, size_t size)
977
{
978
	char *scon = NULL, *tcon = NULL;
979
	u32 ssid, tsid, newsid;
980
	u16 tclass;
981
	ssize_t length;
982
	char *newcon = NULL;
983
	u32 len;
984

985
	length = task_has_security(current, SECURITY__COMPUTE_MEMBER);
986
	if (length)
987
		goto out;
988

989
	length = -ENOMEM;
990
	scon = kzalloc(size + 1, GFP_KERNEL);
991
	if (!scon)
992
		goto out;
993

994
	length = -ENOMEM;
995
	tcon = kzalloc(size + 1, GFP_KERNEL);
996
	if (!tcon)
997
		goto out;
998

999
	length = -EINVAL;
1000
	if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
1001
		goto out;
1002

1003
	length = security_context_to_sid(scon, strlen(scon) + 1, &ssid);
1004
	if (length)
1005
		goto out;
1006

1007
	length = security_context_to_sid(tcon, strlen(tcon) + 1, &tsid);
1008
	if (length)
1009
		goto out;
1010

1011
	length = security_member_sid(ssid, tsid, tclass, &newsid);
1012
	if (length)
1013
		goto out;
1014

1015
	length = security_sid_to_context(newsid, &newcon, &len);
1016
	if (length)
1017
		goto out;
1018

1019
	length = -ERANGE;
1020
	if (len > SIMPLE_TRANSACTION_LIMIT) {
1021
		printk(KERN_ERR "SELinux: %s:  context size (%u) exceeds "
1022
			"payload max\n", __func__, len);
1023
		goto out;
1024
	}
1025

1026
	memcpy(buf, newcon, len);
1027
	length = len;
1028
out:
1029
	kfree(newcon);
1030
	kfree(tcon);
1031
	kfree(scon);
1032
	return length;
1033
}
1034

1035
static struct inode *sel_make_inode(struct super_block *sb, int mode)
1036
{
1037
	struct inode *ret = new_inode(sb);
1038

1039
	if (ret) {
1040
		ret->i_mode = mode;
1041
		ret->i_atime = ret->i_mtime = ret->i_ctime = CURRENT_TIME;
1042
	}
1043
	return ret;
1044
}
1045

1046
static ssize_t sel_read_bool(struct file *filep, char __user *buf,
1047
			     size_t count, loff_t *ppos)
1048
{
1049
	char *page = NULL;
1050
	ssize_t length;
1051
	ssize_t ret;
1052
	int cur_enforcing;
1053
	struct inode *inode = filep->f_path.dentry->d_inode;
1054
	unsigned index = inode->i_ino & SEL_INO_MASK;
1055
	const char *name = filep->f_path.dentry->d_name.name;
1056

1057
	mutex_lock(&sel_mutex);
1058

1059
	ret = -EINVAL;
1060
	if (index >= bool_num || strcmp(name, bool_pending_names[index]))
1061
		goto out;
1062

1063
	ret = -ENOMEM;
1064
	page = (char *)get_zeroed_page(GFP_KERNEL);
1065
	if (!page)
1066
		goto out;
1067

1068
	cur_enforcing = security_get_bool_value(index);
1069
	if (cur_enforcing < 0) {
1070
		ret = cur_enforcing;
1071
		goto out;
1072
	}
1073
	length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing,
1074
			  bool_pending_values[index]);
1075
	ret = simple_read_from_buffer(buf, count, ppos, page, length);
1076
out:
1077
	mutex_unlock(&sel_mutex);
1078
	free_page((unsigned long)page);
1079
	return ret;
1080
}
1081

1082
static ssize_t sel_write_bool(struct file *filep, const char __user *buf,
1083
			      size_t count, loff_t *ppos)
1084
{
1085
	char *page = NULL;
1086
	ssize_t length;
1087
	int new_value;
1088
	struct inode *inode = filep->f_path.dentry->d_inode;
1089
	unsigned index = inode->i_ino & SEL_INO_MASK;
1090
	const char *name = filep->f_path.dentry->d_name.name;
1091

1092
	mutex_lock(&sel_mutex);
1093

1094
	length = task_has_security(current, SECURITY__SETBOOL);
1095
	if (length)
1096
		goto out;
1097

1098
	length = -EINVAL;
1099
	if (index >= bool_num || strcmp(name, bool_pending_names[index]))
1100
		goto out;
1101

1102
	length = -ENOMEM;
1103
	if (count >= PAGE_SIZE)
1104
		goto out;
1105

1106
	/* No partial writes. */
1107
	length = -EINVAL;
1108
	if (*ppos != 0)
1109
		goto out;
1110

1111
	length = -ENOMEM;
1112
	page = (char *)get_zeroed_page(GFP_KERNEL);
1113
	if (!page)
1114
		goto out;
1115

1116
	length = -EFAULT;
1117
	if (copy_from_user(page, buf, count))
1118
		goto out;
1119

1120
	length = -EINVAL;
1121
	if (sscanf(page, "%d", &new_value) != 1)
1122
		goto out;
1123

1124
	if (new_value)
1125
		new_value = 1;
1126

1127
	bool_pending_values[index] = new_value;
1128
	length = count;
1129

1130
out:
1131
	mutex_unlock(&sel_mutex);
1132
	free_page((unsigned long) page);
1133
	return length;
1134
}
1135

1136
static const struct file_operations sel_bool_ops = {
1137
	.read		= sel_read_bool,
1138
	.write		= sel_write_bool,
1139
	.llseek		= generic_file_llseek,
1140
};
1141

1142
static ssize_t sel_commit_bools_write(struct file *filep,
1143
				      const char __user *buf,
1144
				      size_t count, loff_t *ppos)
1145
{
1146
	char *page = NULL;
1147
	ssize_t length;
1148
	int new_value;
1149

1150
	mutex_lock(&sel_mutex);
1151

1152
	length = task_has_security(current, SECURITY__SETBOOL);
1153
	if (length)
1154
		goto out;
1155

1156
	length = -ENOMEM;
1157
	if (count >= PAGE_SIZE)
1158
		goto out;
1159

1160
	/* No partial writes. */
1161
	length = -EINVAL;
1162
	if (*ppos != 0)
1163
		goto out;
1164

1165
	length = -ENOMEM;
1166
	page = (char *)get_zeroed_page(GFP_KERNEL);
1167
	if (!page)
1168
		goto out;
1169

1170
	length = -EFAULT;
1171
	if (copy_from_user(page, buf, count))
1172
		goto out;
1173

1174
	length = -EINVAL;
1175
	if (sscanf(page, "%d", &new_value) != 1)
1176
		goto out;
1177

1178
	length = 0;
1179
	if (new_value && bool_pending_values)
1180
		length = security_set_bools(bool_num, bool_pending_values);
1181

1182
	if (!length)
1183
		length = count;
1184

1185
out:
1186
	mutex_unlock(&sel_mutex);
1187
	free_page((unsigned long) page);
1188
	return length;
1189
}
1190

1191
static const struct file_operations sel_commit_bools_ops = {
1192
	.write		= sel_commit_bools_write,
1193
	.llseek		= generic_file_llseek,
1194
};
1195

1196
static void sel_remove_entries(struct dentry *de)
1197
{
1198
	struct list_head *node;
1199

1200
	spin_lock(&de->d_lock);
1201
	node = de->d_subdirs.next;
1202
	while (node != &de->d_subdirs) {
1203
		struct dentry *d = list_entry(node, struct dentry, d_u.d_child);
1204

1205
		spin_lock_nested(&d->d_lock, DENTRY_D_LOCK_NESTED);
1206
		list_del_init(node);
1207

1208
		if (d->d_inode) {
1209
			dget_dlock(d);
1210
			spin_unlock(&de->d_lock);
1211
			spin_unlock(&d->d_lock);
1212
			d_delete(d);
1213
			simple_unlink(de->d_inode, d);
1214
			dput(d);
1215
			spin_lock(&de->d_lock);
1216
		} else
1217
			spin_unlock(&d->d_lock);
1218
		node = de->d_subdirs.next;
1219
	}
1220

1221
	spin_unlock(&de->d_lock);
1222
}
1223

1224
#define BOOL_DIR_NAME "booleans"
1225

1226
static int sel_make_bools(void)
1227
{
1228
	int i, ret;
1229
	ssize_t len;
1230
	struct dentry *dentry = NULL;
1231
	struct dentry *dir = bool_dir;
1232
	struct inode *inode = NULL;
1233
	struct inode_security_struct *isec;
1234
	char **names = NULL, *page;
1235
	int num;
1236
	int *values = NULL;
1237
	u32 sid;
1238

1239
	/* remove any existing files */
1240
	for (i = 0; i < bool_num; i++)
1241
		kfree(bool_pending_names[i]);
1242
	kfree(bool_pending_names);
1243
	kfree(bool_pending_values);
1244
	bool_pending_names = NULL;
1245
	bool_pending_values = NULL;
1246

1247
	sel_remove_entries(dir);
1248

1249
	ret = -ENOMEM;
1250
	page = (char *)get_zeroed_page(GFP_KERNEL);
1251
	if (!page)
1252
		goto out;
1253

1254
	ret = security_get_bools(&num, &names, &values);
1255
	if (ret)
1256
		goto out;
1257

1258
	for (i = 0; i < num; i++) {
1259
		ret = -ENOMEM;
1260
		dentry = d_alloc_name(dir, names[i]);
1261
		if (!dentry)
1262
			goto out;
1263

1264
		ret = -ENOMEM;
1265
		inode = sel_make_inode(dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR);
1266
		if (!inode)
1267
			goto out;
1268

1269
		ret = -EINVAL;
1270
		len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]);
1271
		if (len < 0)
1272
			goto out;
1273

1274
		ret = -ENAMETOOLONG;
1275
		if (len >= PAGE_SIZE)
1276
			goto out;
1277

1278
		isec = (struct inode_security_struct *)inode->i_security;
1279
		ret = security_genfs_sid("selinuxfs", page, SECCLASS_FILE, &sid);
1280
		if (ret)
1281
			goto out;
1282

1283
		isec->sid = sid;
1284
		isec->initialized = 1;
1285
		inode->i_fop = &sel_bool_ops;
1286
		inode->i_ino = i|SEL_BOOL_INO_OFFSET;
1287
		d_add(dentry, inode);
1288
	}
1289
	bool_num = num;
1290
	bool_pending_names = names;
1291
	bool_pending_values = values;
1292

1293
	free_page((unsigned long)page);
1294
	return 0;
1295
out:
1296
	free_page((unsigned long)page);
1297

1298
	if (names) {
1299
		for (i = 0; i < num; i++)
1300
			kfree(names[i]);
1301
		kfree(names);
1302
	}
1303
	kfree(values);
1304
	sel_remove_entries(dir);
1305

1306
	return ret;
1307
}
1308

1309
#define NULL_FILE_NAME "null"
1310

1311
struct dentry *selinux_null;
1312

1313
static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf,
1314
					    size_t count, loff_t *ppos)
1315
{
1316
	char tmpbuf[TMPBUFLEN];
1317
	ssize_t length;
1318

1319
	length = scnprintf(tmpbuf, TMPBUFLEN, "%u", avc_cache_threshold);
1320
	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
1321
}
1322

1323
static ssize_t sel_write_avc_cache_threshold(struct file *file,
1324
					     const char __user *buf,
1325
					     size_t count, loff_t *ppos)
1326

1327
{
1328
	char *page = NULL;
1329
	ssize_t ret;
1330
	int new_value;
1331

1332
	ret = task_has_security(current, SECURITY__SETSECPARAM);
1333
	if (ret)
1334
		goto out;
1335

1336
	ret = -ENOMEM;
1337
	if (count >= PAGE_SIZE)
1338
		goto out;
1339

1340
	/* No partial writes. */
1341
	ret = -EINVAL;
1342
	if (*ppos != 0)
1343
		goto out;
1344

1345
	ret = -ENOMEM;
1346
	page = (char *)get_zeroed_page(GFP_KERNEL);
1347
	if (!page)
1348
		goto out;
1349

1350
	ret = -EFAULT;
1351
	if (copy_from_user(page, buf, count))
1352
		goto out;
1353

1354
	ret = -EINVAL;
1355
	if (sscanf(page, "%u", &new_value) != 1)
1356
		goto out;
1357

1358
	avc_cache_threshold = new_value;
1359

1360
	ret = count;
1361
out:
1362
	free_page((unsigned long)page);
1363
	return ret;
1364
}
1365

1366
static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf,
1367
				       size_t count, loff_t *ppos)
1368
{
1369
	char *page;
1370
	ssize_t length;
1371

1372
	page = (char *)__get_free_page(GFP_KERNEL);
1373
	if (!page)
1374
		return -ENOMEM;
1375

1376
	length = avc_get_hash_stats(page);
1377
	if (length >= 0)
1378
		length = simple_read_from_buffer(buf, count, ppos, page, length);
1379
	free_page((unsigned long)page);
1380

1381
	return length;
1382
}
1383

1384
static const struct file_operations sel_avc_cache_threshold_ops = {
1385
	.read		= sel_read_avc_cache_threshold,
1386
	.write		= sel_write_avc_cache_threshold,
1387
	.llseek		= generic_file_llseek,
1388
};
1389

1390
static const struct file_operations sel_avc_hash_stats_ops = {
1391
	.read		= sel_read_avc_hash_stats,
1392
	.llseek		= generic_file_llseek,
1393
};
1394

1395
#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
1396
static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx)
1397
{
1398
	int cpu;
1399

1400
	for (cpu = *idx; cpu < nr_cpu_ids; ++cpu) {
1401
		if (!cpu_possible(cpu))
1402
			continue;
1403
		*idx = cpu + 1;
1404
		return &per_cpu(avc_cache_stats, cpu);
1405
	}
1406
	return NULL;
1407
}
1408

1409
static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos)
1410
{
1411
	loff_t n = *pos - 1;
1412

1413
	if (*pos == 0)
1414
		return SEQ_START_TOKEN;
1415

1416
	return sel_avc_get_stat_idx(&n);
1417
}
1418

1419
static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1420
{
1421
	return sel_avc_get_stat_idx(pos);
1422
}
1423

1424
static int sel_avc_stats_seq_show(struct seq_file *seq, void *v)
1425
{
1426
	struct avc_cache_stats *st = v;
1427

1428
	if (v == SEQ_START_TOKEN)
1429
		seq_printf(seq, "lookups hits misses allocations reclaims "
1430
			   "frees\n");
1431
	else {
1432
		unsigned int lookups = st->lookups;
1433
		unsigned int misses = st->misses;
1434
		unsigned int hits = lookups - misses;
1435
		seq_printf(seq, "%u %u %u %u %u %u\n", lookups,
1436
			   hits, misses, st->allocations,
1437
			   st->reclaims, st->frees);
1438
	}
1439
	return 0;
1440
}
1441

1442
static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v)
1443
{ }
1444

1445
static const struct seq_operations sel_avc_cache_stats_seq_ops = {
1446
	.start		= sel_avc_stats_seq_start,
1447
	.next		= sel_avc_stats_seq_next,
1448
	.show		= sel_avc_stats_seq_show,
1449
	.stop		= sel_avc_stats_seq_stop,
1450
};
1451

1452
static int sel_open_avc_cache_stats(struct inode *inode, struct file *file)
1453
{
1454
	return seq_open(file, &sel_avc_cache_stats_seq_ops);
1455
}
1456

1457
static const struct file_operations sel_avc_cache_stats_ops = {
1458
	.open		= sel_open_avc_cache_stats,
1459
	.read		= seq_read,
1460
	.llseek		= seq_lseek,
1461
	.release	= seq_release,
1462
};
1463
#endif
1464

1465
static int sel_make_avc_files(struct dentry *dir)
1466
{
1467
	int i;
1468
	static struct tree_descr files[] = {
1469
		{ "cache_threshold",
1470
		  &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR },
1471
		{ "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO },
1472
#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
1473
		{ "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO },
1474
#endif
1475
	};
1476

1477
	for (i = 0; i < ARRAY_SIZE(files); i++) {
1478
		struct inode *inode;
1479
		struct dentry *dentry;
1480

1481
		dentry = d_alloc_name(dir, files[i].name);
1482
		if (!dentry)
1483
			return -ENOMEM;
1484

1485
		inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode);
1486
		if (!inode)
1487
			return -ENOMEM;
1488

1489
		inode->i_fop = files[i].ops;
1490
		inode->i_ino = ++sel_last_ino;
1491
		d_add(dentry, inode);
1492
	}
1493

1494
	return 0;
1495
}
1496

1497
static ssize_t sel_read_initcon(struct file *file, char __user *buf,
1498
				size_t count, loff_t *ppos)
1499
{
1500
	struct inode *inode;
1501
	char *con;
1502
	u32 sid, len;
1503
	ssize_t ret;
1504

1505
	inode = file->f_path.dentry->d_inode;
1506
	sid = inode->i_ino&SEL_INO_MASK;
1507
	ret = security_sid_to_context(sid, &con, &len);
1508
	if (ret)
1509
		return ret;
1510

1511
	ret = simple_read_from_buffer(buf, count, ppos, con, len);
1512
	kfree(con);
1513
	return ret;
1514
}
1515

1516
static const struct file_operations sel_initcon_ops = {
1517
	.read		= sel_read_initcon,
1518
	.llseek		= generic_file_llseek,
1519
};
1520

1521
static int sel_make_initcon_files(struct dentry *dir)
1522
{
1523
	int i;
1524

1525
	for (i = 1; i <= SECINITSID_NUM; i++) {
1526
		struct inode *inode;
1527
		struct dentry *dentry;
1528
		dentry = d_alloc_name(dir, security_get_initial_sid_context(i));
1529
		if (!dentry)
1530
			return -ENOMEM;
1531

1532
		inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1533
		if (!inode)
1534
			return -ENOMEM;
1535

1536
		inode->i_fop = &sel_initcon_ops;
1537
		inode->i_ino = i|SEL_INITCON_INO_OFFSET;
1538
		d_add(dentry, inode);
1539
	}
1540

1541
	return 0;
1542
}
1543

1544
static inline unsigned int sel_div(unsigned long a, unsigned long b)
1545
{
1546
	return a / b - (a % b < 0);
1547
}
1548

1549
static inline unsigned long sel_class_to_ino(u16 class)
1550
{
1551
	return (class * (SEL_VEC_MAX + 1)) | SEL_CLASS_INO_OFFSET;
1552
}
1553

1554
static inline u16 sel_ino_to_class(unsigned long ino)
1555
{
1556
	return sel_div(ino & SEL_INO_MASK, SEL_VEC_MAX + 1);
1557
}
1558

1559
static inline unsigned long sel_perm_to_ino(u16 class, u32 perm)
1560
{
1561
	return (class * (SEL_VEC_MAX + 1) + perm) | SEL_CLASS_INO_OFFSET;
1562
}
1563

1564
static inline u32 sel_ino_to_perm(unsigned long ino)
1565
{
1566
	return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1);
1567
}
1568

1569
static ssize_t sel_read_class(struct file *file, char __user *buf,
1570
				size_t count, loff_t *ppos)
1571
{
1572
	ssize_t rc, len;
1573
	char *page;
1574
	unsigned long ino = file->f_path.dentry->d_inode->i_ino;
1575

1576
	page = (char *)__get_free_page(GFP_KERNEL);
1577
	if (!page)
1578
		return -ENOMEM;
1579

1580
	len = snprintf(page, PAGE_SIZE, "%d", sel_ino_to_class(ino));
1581
	rc = simple_read_from_buffer(buf, count, ppos, page, len);
1582
	free_page((unsigned long)page);
1583

1584
	return rc;
1585
}
1586

1587
static const struct file_operations sel_class_ops = {
1588
	.read		= sel_read_class,
1589
	.llseek		= generic_file_llseek,
1590
};
1591

1592
static ssize_t sel_read_perm(struct file *file, char __user *buf,
1593
				size_t count, loff_t *ppos)
1594
{
1595
	ssize_t rc, len;
1596
	char *page;
1597
	unsigned long ino = file->f_path.dentry->d_inode->i_ino;
1598

1599
	page = (char *)__get_free_page(GFP_KERNEL);
1600
	if (!page)
1601
		return -ENOMEM;
1602

1603
	len = snprintf(page, PAGE_SIZE, "%d", sel_ino_to_perm(ino));
1604
	rc = simple_read_from_buffer(buf, count, ppos, page, len);
1605
	free_page((unsigned long)page);
1606

1607
	return rc;
1608
}
1609

1610
static const struct file_operations sel_perm_ops = {
1611
	.read		= sel_read_perm,
1612
	.llseek		= generic_file_llseek,
1613
};
1614

1615
static ssize_t sel_read_policycap(struct file *file, char __user *buf,
1616
				  size_t count, loff_t *ppos)
1617
{
1618
	int value;
1619
	char tmpbuf[TMPBUFLEN];
1620
	ssize_t length;
1621
	unsigned long i_ino = file->f_path.dentry->d_inode->i_ino;
1622

1623
	value = security_policycap_supported(i_ino & SEL_INO_MASK);
1624
	length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value);
1625

1626
	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
1627
}
1628

1629
static const struct file_operations sel_policycap_ops = {
1630
	.read		= sel_read_policycap,
1631
	.llseek		= generic_file_llseek,
1632
};
1633

1634
static int sel_make_perm_files(char *objclass, int classvalue,
1635
				struct dentry *dir)
1636
{
1637
	int i, rc, nperms;
1638
	char **perms;
1639

1640
	rc = security_get_permissions(objclass, &perms, &nperms);
1641
	if (rc)
1642
		return rc;
1643

1644
	for (i = 0; i < nperms; i++) {
1645
		struct inode *inode;
1646
		struct dentry *dentry;
1647

1648
		rc = -ENOMEM;
1649
		dentry = d_alloc_name(dir, perms[i]);
1650
		if (!dentry)
1651
			goto out;
1652

1653
		rc = -ENOMEM;
1654
		inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1655
		if (!inode)
1656
			goto out;
1657

1658
		inode->i_fop = &sel_perm_ops;
1659
		/* i+1 since perm values are 1-indexed */
1660
		inode->i_ino = sel_perm_to_ino(classvalue, i + 1);
1661
		d_add(dentry, inode);
1662
	}
1663
	rc = 0;
1664
out:
1665
	for (i = 0; i < nperms; i++)
1666
		kfree(perms[i]);
1667
	kfree(perms);
1668
	return rc;
1669
}
1670

1671
static int sel_make_class_dir_entries(char *classname, int index,
1672
					struct dentry *dir)
1673
{
1674
	struct dentry *dentry = NULL;
1675
	struct inode *inode = NULL;
1676
	int rc;
1677

1678
	dentry = d_alloc_name(dir, "index");
1679
	if (!dentry)
1680
		return -ENOMEM;
1681

1682
	inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1683
	if (!inode)
1684
		return -ENOMEM;
1685

1686
	inode->i_fop = &sel_class_ops;
1687
	inode->i_ino = sel_class_to_ino(index);
1688
	d_add(dentry, inode);
1689

1690
	dentry = d_alloc_name(dir, "perms");
1691
	if (!dentry)
1692
		return -ENOMEM;
1693

1694
	rc = sel_make_dir(dir->d_inode, dentry, &last_class_ino);
1695
	if (rc)
1696
		return rc;
1697

1698
	rc = sel_make_perm_files(classname, index, dentry);
1699

1700
	return rc;
1701
}
1702

1703
static void sel_remove_classes(void)
1704
{
1705
	struct list_head *class_node;
1706

1707
	list_for_each(class_node, &class_dir->d_subdirs) {
1708
		struct dentry *class_subdir = list_entry(class_node,
1709
					struct dentry, d_u.d_child);
1710
		struct list_head *class_subdir_node;
1711

1712
		list_for_each(class_subdir_node, &class_subdir->d_subdirs) {
1713
			struct dentry *d = list_entry(class_subdir_node,
1714
						struct dentry, d_u.d_child);
1715

1716
			if (d->d_inode)
1717
				if (d->d_inode->i_mode & S_IFDIR)
1718
					sel_remove_entries(d);
1719
		}
1720

1721
		sel_remove_entries(class_subdir);
1722
	}
1723

1724
	sel_remove_entries(class_dir);
1725
}
1726

1727
static int sel_make_classes(void)
1728
{
1729
	int rc, nclasses, i;
1730
	char **classes;
1731

1732
	/* delete any existing entries */
1733
	sel_remove_classes();
1734

1735
	rc = security_get_classes(&classes, &nclasses);
1736
	if (rc)
1737
		return rc;
1738

1739
	/* +2 since classes are 1-indexed */
1740
	last_class_ino = sel_class_to_ino(nclasses + 2);
1741

1742
	for (i = 0; i < nclasses; i++) {
1743
		struct dentry *class_name_dir;
1744

1745
		rc = -ENOMEM;
1746
		class_name_dir = d_alloc_name(class_dir, classes[i]);
1747
		if (!class_name_dir)
1748
			goto out;
1749

1750
		rc = sel_make_dir(class_dir->d_inode, class_name_dir,
1751
				&last_class_ino);
1752
		if (rc)
1753
			goto out;
1754

1755
		/* i+1 since class values are 1-indexed */
1756
		rc = sel_make_class_dir_entries(classes[i], i + 1,
1757
				class_name_dir);
1758
		if (rc)
1759
			goto out;
1760
	}
1761
	rc = 0;
1762
out:
1763
	for (i = 0; i < nclasses; i++)
1764
		kfree(classes[i]);
1765
	kfree(classes);
1766
	return rc;
1767
}
1768

1769
static int sel_make_policycap(void)
1770
{
1771
	unsigned int iter;
1772
	struct dentry *dentry = NULL;
1773
	struct inode *inode = NULL;
1774

1775
	sel_remove_entries(policycap_dir);
1776

1777
	for (iter = 0; iter <= POLICYDB_CAPABILITY_MAX; iter++) {
1778
		if (iter < ARRAY_SIZE(policycap_names))
1779
			dentry = d_alloc_name(policycap_dir,
1780
					      policycap_names[iter]);
1781
		else
1782
			dentry = d_alloc_name(policycap_dir, "unknown");
1783

1784
		if (dentry == NULL)
1785
			return -ENOMEM;
1786

1787
		inode = sel_make_inode(policycap_dir->d_sb, S_IFREG | S_IRUGO);
1788
		if (inode == NULL)
1789
			return -ENOMEM;
1790

1791
		inode->i_fop = &sel_policycap_ops;
1792
		inode->i_ino = iter | SEL_POLICYCAP_INO_OFFSET;
1793
		d_add(dentry, inode);
1794
	}
1795

1796
	return 0;
1797
}
1798

1799
static int sel_make_dir(struct inode *dir, struct dentry *dentry,
1800
			unsigned long *ino)
1801
{
1802
	struct inode *inode;
1803

1804
	inode = sel_make_inode(dir->i_sb, S_IFDIR | S_IRUGO | S_IXUGO);
1805
	if (!inode)
1806
		return -ENOMEM;
1807

1808
	inode->i_op = &simple_dir_inode_operations;
1809
	inode->i_fop = &simple_dir_operations;
1810
	inode->i_ino = ++(*ino);
1811
	/* directory inodes start off with i_nlink == 2 (for "." entry) */
1812
	inc_nlink(inode);
1813
	d_add(dentry, inode);
1814
	/* bump link count on parent directory, too */
1815
	inc_nlink(dir);
1816

1817
	return 0;
1818
}
1819

1820
static int sel_fill_super(struct super_block *sb, void *data, int silent)
1821
{
1822
	int ret;
1823
	struct dentry *dentry;
1824
	struct inode *inode, *root_inode;
1825
	struct inode_security_struct *isec;
1826

1827
	static struct tree_descr selinux_files[] = {
1828
		[SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR},
1829
		[SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR},
1830
		[SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO},
1831
		[SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO},
1832
		[SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO},
1833
		[SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO},
1834
		[SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO},
1835
		[SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO},
1836
		[SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR},
1837
		[SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO},
1838
		[SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR},
1839
		[SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO},
1840
		[SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR},
1841
		[SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO},
1842
		[SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO},
1843
		[SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO},
1844
		[SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUSR},
1845
		/* last one */ {""}
1846
	};
1847
	ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);
1848
	if (ret)
1849
		goto err;
1850

1851
	root_inode = sb->s_root->d_inode;
1852

1853
	ret = -ENOMEM;
1854
	dentry = d_alloc_name(sb->s_root, BOOL_DIR_NAME);
1855
	if (!dentry)
1856
		goto err;
1857

1858
	ret = sel_make_dir(root_inode, dentry, &sel_last_ino);
1859
	if (ret)
1860
		goto err;
1861

1862
	bool_dir = dentry;
1863

1864
	ret = -ENOMEM;
1865
	dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME);
1866
	if (!dentry)
1867
		goto err;
1868

1869
	ret = -ENOMEM;
1870
	inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO);
1871
	if (!inode)
1872
		goto err;
1873

1874
	inode->i_ino = ++sel_last_ino;
1875
	isec = (struct inode_security_struct *)inode->i_security;
1876
	isec->sid = SECINITSID_DEVNULL;
1877
	isec->sclass = SECCLASS_CHR_FILE;
1878
	isec->initialized = 1;
1879

1880
	init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3));
1881
	d_add(dentry, inode);
1882
	selinux_null = dentry;
1883

1884
	ret = -ENOMEM;
1885
	dentry = d_alloc_name(sb->s_root, "avc");
1886
	if (!dentry)
1887
		goto err;
1888

1889
	ret = sel_make_dir(root_inode, dentry, &sel_last_ino);
1890
	if (ret)
1891
		goto err;
1892

1893
	ret = sel_make_avc_files(dentry);
1894
	if (ret)
1895
		goto err;
1896

1897
	ret = -ENOMEM;
1898
	dentry = d_alloc_name(sb->s_root, "initial_contexts");
1899
	if (!dentry)
1900
		goto err;
1901

1902
	ret = sel_make_dir(root_inode, dentry, &sel_last_ino);
1903
	if (ret)
1904
		goto err;
1905

1906
	ret = sel_make_initcon_files(dentry);
1907
	if (ret)
1908
		goto err;
1909

1910
	ret = -ENOMEM;
1911
	dentry = d_alloc_name(sb->s_root, "class");
1912
	if (!dentry)
1913
		goto err;
1914

1915
	ret = sel_make_dir(root_inode, dentry, &sel_last_ino);
1916
	if (ret)
1917
		goto err;
1918

1919
	class_dir = dentry;
1920

1921
	ret = -ENOMEM;
1922
	dentry = d_alloc_name(sb->s_root, "policy_capabilities");
1923
	if (!dentry)
1924
		goto err;
1925

1926
	ret = sel_make_dir(root_inode, dentry, &sel_last_ino);
1927
	if (ret)
1928
		goto err;
1929

1930
	policycap_dir = dentry;
1931

1932
	return 0;
1933
err:
1934
	printk(KERN_ERR "SELinux: %s:  failed while creating inodes\n",
1935
		__func__);
1936
	return ret;
1937
}
1938

1939
static struct dentry *sel_mount(struct file_system_type *fs_type,
1940
		      int flags, const char *dev_name, void *data)
1941
{
1942
	return mount_single(fs_type, flags, data, sel_fill_super);
1943
}
1944

1945
static struct file_system_type sel_fs_type = {
1946
	.name		= "selinuxfs",
1947
	.mount		= sel_mount,
1948
	.kill_sb	= kill_litter_super,
1949
};
1950

1951
struct vfsmount *selinuxfs_mount;
1952
static struct kobject *selinuxfs_kobj;
1953

1954
static int __init init_sel_fs(void)
1955
{
1956
	int err;
1957

1958
	if (!selinux_enabled)
1959
		return 0;
1960

1961
	selinuxfs_kobj = kobject_create_and_add("selinux", fs_kobj);
1962
	if (!selinuxfs_kobj)
1963
		return -ENOMEM;
1964

1965
	err = register_filesystem(&sel_fs_type);
1966
	if (err) {
1967
		kobject_put(selinuxfs_kobj);
1968
		return err;
1969
	}
1970

1971
	selinuxfs_mount = kern_mount(&sel_fs_type);
1972
	if (IS_ERR(selinuxfs_mount)) {
1973
		printk(KERN_ERR "selinuxfs:  could not mount!\n");
1974
		err = PTR_ERR(selinuxfs_mount);
1975
		selinuxfs_mount = NULL;
1976
	}
1977

1978
	return err;
1979
}
1980

1981
__initcall(init_sel_fs);
1982

1983
#ifdef CONFIG_SECURITY_SELINUX_DISABLE
1984
void exit_sel_fs(void)
1985
{
1986
	kobject_put(selinuxfs_kobj);
1987
	unregister_filesystem(&sel_fs_type);
1988
}
1989
#endif
1990

1991