1
// SPDX-License-Identifier: GPL-2.0-only
2
/* Updated: Karl MacMillan <[email protected]>
3
 *
4
 *	Added conditional policy language extensions
5
 *
6
 *  Updated: Hewlett-Packard <[email protected]>
7
 *
8
 *	Added support for the policy capability bitmap
9
 *
10
 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
11
 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
12
 * Copyright (C) 2004 Red Hat, Inc., James Morris <[email protected]>
13
 */
14

15
#include <linux/kernel.h>
16
#include <linux/pagemap.h>
17
#include <linux/slab.h>
18
#include <linux/vmalloc.h>
19
#include <linux/fs.h>
20
#include <linux/fs_context.h>
21
#include <linux/hex.h>
22
#include <linux/mount.h>
23
#include <linux/mutex.h>
24
#include <linux/namei.h>
25
#include <linux/init.h>
26
#include <linux/string.h>
27
#include <linux/security.h>
28
#include <linux/major.h>
29
#include <linux/seq_file.h>
30
#include <linux/percpu.h>
31
#include <linux/audit.h>
32
#include <linux/uaccess.h>
33
#include <linux/kobject.h>
34
#include <linux/ctype.h>
35

36
/* selinuxfs pseudo filesystem for exporting the security policy API.
37
   Based on the proc code and the fs/nfsd/nfsctl.c code. */
38

39
#include "initcalls.h"
40
#include "flask.h"
41
#include "avc.h"
42
#include "avc_ss.h"
43
#include "security.h"
44
#include "objsec.h"
45
#include "conditional.h"
46
#include "ima.h"
47

48
enum sel_inos {
49
	SEL_ROOT_INO = 2,
50
	SEL_LOAD,	/* load policy */
51
	SEL_ENFORCE,	/* get or set enforcing status */
52
	SEL_CONTEXT,	/* validate context */
53
	SEL_ACCESS,	/* compute access decision */
54
	SEL_CREATE,	/* compute create labeling decision */
55
	SEL_RELABEL,	/* compute relabeling decision */
56
	SEL_USER,	/* compute reachable user contexts */
57
	SEL_POLICYVERS,	/* return policy version for this kernel */
58
	SEL_COMMIT_BOOLS, /* commit new boolean values */
59
	SEL_MLS,	/* return if MLS policy is enabled */
60
	SEL_DISABLE,	/* disable SELinux until next reboot */
61
	SEL_MEMBER,	/* compute polyinstantiation membership decision */
62
	SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */
63
	SEL_COMPAT_NET,	/* whether to use old compat network packet controls */
64
	SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */
65
	SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */
66
	SEL_STATUS,	/* export current status using mmap() */
67
	SEL_POLICY,	/* allow userspace to read the in kernel policy */
68
	SEL_VALIDATE_TRANS, /* compute validatetrans decision */
69
	SEL_INO_NEXT,	/* The next inode number to use */
70
};
71

72
struct selinux_fs_info {
73
	struct dentry *bool_dir;
74
	unsigned int bool_num;
75
	char **bool_pending_names;
76
	int *bool_pending_values;
77
	struct dentry *class_dir;
78
	unsigned long last_class_ino;
79
	bool policy_opened;
80
	unsigned long last_ino;
81
	struct super_block *sb;
82
};
83

84
static int selinux_fs_info_create(struct super_block *sb)
85
{
86
	struct selinux_fs_info *fsi;
87

88
	fsi = kzalloc(sizeof(*fsi), GFP_KERNEL);
89
	if (!fsi)
90
		return -ENOMEM;
91

92
	fsi->last_ino = SEL_INO_NEXT - 1;
93
	fsi->sb = sb;
94
	sb->s_fs_info = fsi;
95
	return 0;
96
}
97

98
static void selinux_fs_info_free(struct super_block *sb)
99
{
100
	struct selinux_fs_info *fsi = sb->s_fs_info;
101
	unsigned int i;
102

103
	if (fsi) {
104
		for (i = 0; i < fsi->bool_num; i++)
105
			kfree(fsi->bool_pending_names[i]);
106
		kfree(fsi->bool_pending_names);
107
		kfree(fsi->bool_pending_values);
108
	}
109
	kfree(sb->s_fs_info);
110
	sb->s_fs_info = NULL;
111
}
112

113
#define SEL_INITCON_INO_OFFSET		0x01000000
114
#define SEL_BOOL_INO_OFFSET		0x02000000
115
#define SEL_CLASS_INO_OFFSET		0x04000000
116
#define SEL_POLICYCAP_INO_OFFSET	0x08000000
117
#define SEL_INO_MASK			0x00ffffff
118

119
#define BOOL_DIR_NAME "booleans"
120
#define CLASS_DIR_NAME "class"
121

122
#define TMPBUFLEN	12
123
static ssize_t sel_read_enforce(struct file *filp, char __user *buf,
124
				size_t count, loff_t *ppos)
125
{
126
	char tmpbuf[TMPBUFLEN];
127
	ssize_t length;
128

129
	length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
130
			   enforcing_enabled());
131
	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
132
}
133

134
#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
135
static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
136
				 size_t count, loff_t *ppos)
137

138
{
139
	char *page = NULL;
140
	ssize_t length;
141
	int scan_value;
142
	bool old_value, new_value;
143

144
	if (count >= PAGE_SIZE)
145
		return -ENOMEM;
146

147
	/* No partial writes. */
148
	if (*ppos != 0)
149
		return -EINVAL;
150

151
	page = memdup_user_nul(buf, count);
152
	if (IS_ERR(page))
153
		return PTR_ERR(page);
154

155
	length = -EINVAL;
156
	if (sscanf(page, "%d", &scan_value) != 1)
157
		goto out;
158

159
	new_value = !!scan_value;
160

161
	old_value = enforcing_enabled();
162
	if (new_value != old_value) {
163
		length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
164
				      SECCLASS_SECURITY, SECURITY__SETENFORCE,
165
				      NULL);
166
		if (length)
167
			goto out;
168
		audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS,
169
			"enforcing=%d old_enforcing=%d auid=%u ses=%u"
170
			" enabled=1 old-enabled=1 lsm=selinux res=1",
171
			new_value, old_value,
172
			from_kuid(&init_user_ns, audit_get_loginuid(current)),
173
			audit_get_sessionid(current));
174
		enforcing_set(new_value);
175
		if (new_value)
176
			avc_ss_reset(0);
177
		selnl_notify_setenforce(new_value);
178
		selinux_status_update_setenforce(new_value);
179
		if (!new_value)
180
			call_blocking_lsm_notifier(LSM_POLICY_CHANGE, NULL);
181

182
		selinux_ima_measure_state();
183
	}
184
	length = count;
185
out:
186
	kfree(page);
187
	return length;
188
}
189
#else
190
#define sel_write_enforce NULL
191
#endif
192

193
static const struct file_operations sel_enforce_ops = {
194
	.read		= sel_read_enforce,
195
	.write		= sel_write_enforce,
196
	.llseek		= generic_file_llseek,
197
};
198

199
static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf,
200
					size_t count, loff_t *ppos)
201
{
202
	char tmpbuf[TMPBUFLEN];
203
	ssize_t length;
204
	ino_t ino = file_inode(filp)->i_ino;
205
	int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ?
206
		security_get_reject_unknown() :
207
		!security_get_allow_unknown();
208

209
	length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown);
210
	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
211
}
212

213
static const struct file_operations sel_handle_unknown_ops = {
214
	.read		= sel_read_handle_unknown,
215
	.llseek		= generic_file_llseek,
216
};
217

218
static int sel_open_handle_status(struct inode *inode, struct file *filp)
219
{
220
	struct page    *status = selinux_kernel_status_page();
221

222
	if (!status)
223
		return -ENOMEM;
224

225
	filp->private_data = status;
226

227
	return 0;
228
}
229

230
static ssize_t sel_read_handle_status(struct file *filp, char __user *buf,
231
				      size_t count, loff_t *ppos)
232
{
233
	struct page    *status = filp->private_data;
234

235
	BUG_ON(!status);
236

237
	return simple_read_from_buffer(buf, count, ppos,
238
				       page_address(status),
239
				       sizeof(struct selinux_kernel_status));
240
}
241

242
static int sel_mmap_handle_status(struct file *filp,
243
				  struct vm_area_struct *vma)
244
{
245
	struct page    *status = filp->private_data;
246
	unsigned long	size = vma->vm_end - vma->vm_start;
247

248
	BUG_ON(!status);
249

250
	/* only allows one page from the head */
251
	if (vma->vm_pgoff > 0 || size != PAGE_SIZE)
252
		return -EIO;
253
	/* disallow writable mapping */
254
	if (vma->vm_flags & VM_WRITE)
255
		return -EPERM;
256
	/* disallow mprotect() turns it into writable */
257
	vm_flags_clear(vma, VM_MAYWRITE);
258

259
	return remap_pfn_range(vma, vma->vm_start,
260
			       page_to_pfn(status),
261
			       size, vma->vm_page_prot);
262
}
263

264
static const struct file_operations sel_handle_status_ops = {
265
	.open		= sel_open_handle_status,
266
	.read		= sel_read_handle_status,
267
	.mmap		= sel_mmap_handle_status,
268
	.llseek		= generic_file_llseek,
269
};
270

271
static ssize_t sel_write_disable(struct file *file, const char __user *buf,
272
				 size_t count, loff_t *ppos)
273

274
{
275
	char *page;
276
	ssize_t length;
277
	int new_value;
278

279
	if (count >= PAGE_SIZE)
280
		return -ENOMEM;
281

282
	/* No partial writes. */
283
	if (*ppos != 0)
284
		return -EINVAL;
285

286
	page = memdup_user_nul(buf, count);
287
	if (IS_ERR(page))
288
		return PTR_ERR(page);
289

290
	if (sscanf(page, "%d", &new_value) != 1) {
291
		length = -EINVAL;
292
		goto out;
293
	}
294
	length = count;
295

296
	if (new_value) {
297
		pr_err("SELinux: https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-runtime-disable\n");
298
		pr_err("SELinux: Runtime disable is not supported, use selinux=0 on the kernel cmdline.\n");
299
	}
300

301
out:
302
	kfree(page);
303
	return length;
304
}
305

306
static const struct file_operations sel_disable_ops = {
307
	.write		= sel_write_disable,
308
	.llseek		= generic_file_llseek,
309
};
310

311
static ssize_t sel_read_policyvers(struct file *filp, char __user *buf,
312
				   size_t count, loff_t *ppos)
313
{
314
	char tmpbuf[TMPBUFLEN];
315
	ssize_t length;
316

317
	length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX);
318
	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
319
}
320

321
static const struct file_operations sel_policyvers_ops = {
322
	.read		= sel_read_policyvers,
323
	.llseek		= generic_file_llseek,
324
};
325

326
/* declaration for sel_write_load */
327
static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_dir,
328
			  unsigned int *bool_num, char ***bool_pending_names,
329
			  int **bool_pending_values);
330
static int sel_make_classes(struct selinux_policy *newpolicy,
331
			    struct dentry *class_dir,
332
			    unsigned long *last_class_ino);
333

334
/* declaration for sel_make_class_dirs */
335
static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
336
			unsigned long *ino);
337

338
/* declaration for sel_make_policy_nodes */
339
static struct dentry *sel_make_swapover_dir(struct super_block *sb,
340
						unsigned long *ino);
341

342
static ssize_t sel_read_mls(struct file *filp, char __user *buf,
343
				size_t count, loff_t *ppos)
344
{
345
	char tmpbuf[TMPBUFLEN];
346
	ssize_t length;
347

348
	length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
349
			   security_mls_enabled());
350
	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
351
}
352

353
static const struct file_operations sel_mls_ops = {
354
	.read		= sel_read_mls,
355
	.llseek		= generic_file_llseek,
356
};
357

358
struct policy_load_memory {
359
	size_t len;
360
	void *data;
361
};
362

363
static int sel_open_policy(struct inode *inode, struct file *filp)
364
{
365
	struct selinux_fs_info *fsi = inode->i_sb->s_fs_info;
366
	struct policy_load_memory *plm = NULL;
367
	int rc;
368

369
	BUG_ON(filp->private_data);
370

371
	mutex_lock(&selinux_state.policy_mutex);
372

373
	rc = avc_has_perm(current_sid(), SECINITSID_SECURITY,
374
			  SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL);
375
	if (rc)
376
		goto err;
377

378
	rc = -EBUSY;
379
	if (fsi->policy_opened)
380
		goto err;
381

382
	rc = -ENOMEM;
383
	plm = kzalloc(sizeof(*plm), GFP_KERNEL);
384
	if (!plm)
385
		goto err;
386

387
	rc = security_read_policy(&plm->data, &plm->len);
388
	if (rc)
389
		goto err;
390

391
	if ((size_t)i_size_read(inode) != plm->len) {
392
		inode_lock(inode);
393
		i_size_write(inode, plm->len);
394
		inode_unlock(inode);
395
	}
396

397
	fsi->policy_opened = 1;
398

399
	filp->private_data = plm;
400

401
	mutex_unlock(&selinux_state.policy_mutex);
402

403
	return 0;
404
err:
405
	mutex_unlock(&selinux_state.policy_mutex);
406

407
	if (plm)
408
		vfree(plm->data);
409
	kfree(plm);
410
	return rc;
411
}
412

413
static int sel_release_policy(struct inode *inode, struct file *filp)
414
{
415
	struct selinux_fs_info *fsi = inode->i_sb->s_fs_info;
416
	struct policy_load_memory *plm = filp->private_data;
417

418
	BUG_ON(!plm);
419

420
	fsi->policy_opened = 0;
421

422
	vfree(plm->data);
423
	kfree(plm);
424

425
	return 0;
426
}
427

428
static ssize_t sel_read_policy(struct file *filp, char __user *buf,
429
			       size_t count, loff_t *ppos)
430
{
431
	struct policy_load_memory *plm = filp->private_data;
432
	int ret;
433

434
	ret = avc_has_perm(current_sid(), SECINITSID_SECURITY,
435
			  SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL);
436
	if (ret)
437
		return ret;
438

439
	return simple_read_from_buffer(buf, count, ppos, plm->data, plm->len);
440
}
441

442
static vm_fault_t sel_mmap_policy_fault(struct vm_fault *vmf)
443
{
444
	struct policy_load_memory *plm = vmf->vma->vm_file->private_data;
445
	unsigned long offset;
446
	struct page *page;
447

448
	if (vmf->flags & (FAULT_FLAG_MKWRITE | FAULT_FLAG_WRITE))
449
		return VM_FAULT_SIGBUS;
450

451
	offset = vmf->pgoff << PAGE_SHIFT;
452
	if (offset >= roundup(plm->len, PAGE_SIZE))
453
		return VM_FAULT_SIGBUS;
454

455
	page = vmalloc_to_page(plm->data + offset);
456
	get_page(page);
457

458
	vmf->page = page;
459

460
	return 0;
461
}
462

463
static const struct vm_operations_struct sel_mmap_policy_ops = {
464
	.fault = sel_mmap_policy_fault,
465
	.page_mkwrite = sel_mmap_policy_fault,
466
};
467

468
static int sel_mmap_policy(struct file *filp, struct vm_area_struct *vma)
469
{
470
	if (vma->vm_flags & VM_SHARED) {
471
		/* do not allow mprotect to make mapping writable */
472
		vm_flags_clear(vma, VM_MAYWRITE);
473

474
		if (vma->vm_flags & VM_WRITE)
475
			return -EACCES;
476
	}
477

478
	vm_flags_set(vma, VM_DONTEXPAND | VM_DONTDUMP);
479
	vma->vm_ops = &sel_mmap_policy_ops;
480

481
	return 0;
482
}
483

484
static const struct file_operations sel_policy_ops = {
485
	.open		= sel_open_policy,
486
	.read		= sel_read_policy,
487
	.mmap		= sel_mmap_policy,
488
	.release	= sel_release_policy,
489
	.llseek		= generic_file_llseek,
490
};
491

492
static void sel_remove_old_bool_data(unsigned int bool_num, char **bool_names,
493
				     int *bool_values)
494
{
495
	u32 i;
496

497
	/* bool_dir cleanup */
498
	for (i = 0; i < bool_num; i++)
499
		kfree(bool_names[i]);
500
	kfree(bool_names);
501
	kfree(bool_values);
502
}
503

504
static int sel_make_policy_nodes(struct selinux_fs_info *fsi,
505
				struct selinux_policy *newpolicy)
506
{
507
	int ret = 0;
508
	struct dentry *tmp_parent, *tmp_bool_dir, *tmp_class_dir;
509
	struct renamedata rd = {};
510
	unsigned int bool_num = 0;
511
	char **bool_names = NULL;
512
	int *bool_values = NULL;
513
	unsigned long tmp_ino = fsi->last_ino; /* Don't increment last_ino in this function */
514

515
	tmp_parent = sel_make_swapover_dir(fsi->sb, &tmp_ino);
516
	if (IS_ERR(tmp_parent))
517
		return PTR_ERR(tmp_parent);
518

519
	tmp_ino = fsi->bool_dir->d_inode->i_ino - 1; /* sel_make_dir will increment and set */
520
	tmp_bool_dir = sel_make_dir(tmp_parent, BOOL_DIR_NAME, &tmp_ino);
521
	if (IS_ERR(tmp_bool_dir)) {
522
		ret = PTR_ERR(tmp_bool_dir);
523
		goto out;
524
	}
525

526
	tmp_ino = fsi->class_dir->d_inode->i_ino - 1; /* sel_make_dir will increment and set */
527
	tmp_class_dir = sel_make_dir(tmp_parent, CLASS_DIR_NAME, &tmp_ino);
528
	if (IS_ERR(tmp_class_dir)) {
529
		ret = PTR_ERR(tmp_class_dir);
530
		goto out;
531
	}
532

533
	ret = sel_make_bools(newpolicy, tmp_bool_dir, &bool_num,
534
			     &bool_names, &bool_values);
535
	if (ret)
536
		goto out;
537

538
	ret = sel_make_classes(newpolicy, tmp_class_dir,
539
			       &fsi->last_class_ino);
540
	if (ret)
541
		goto out;
542

543
	rd.old_parent = tmp_parent;
544
	rd.new_parent = fsi->sb->s_root;
545

546
	/* booleans */
547
	ret = start_renaming_two_dentries(&rd, tmp_bool_dir, fsi->bool_dir);
548
	if (ret)
549
		goto out;
550

551
	d_exchange(tmp_bool_dir, fsi->bool_dir);
552

553
	swap(fsi->bool_num, bool_num);
554
	swap(fsi->bool_pending_names, bool_names);
555
	swap(fsi->bool_pending_values, bool_values);
556

557
	fsi->bool_dir = tmp_bool_dir;
558
	end_renaming(&rd);
559

560
	/* classes */
561
	ret = start_renaming_two_dentries(&rd, tmp_class_dir, fsi->class_dir);
562
	if (ret)
563
		goto out;
564

565
	d_exchange(tmp_class_dir, fsi->class_dir);
566
	fsi->class_dir = tmp_class_dir;
567

568
	end_renaming(&rd);
569

570
out:
571
	sel_remove_old_bool_data(bool_num, bool_names, bool_values);
572
	/* Since the other temporary dirs are children of tmp_parent
573
	 * this will handle all the cleanup in the case of a failure before
574
	 * the swapover
575
	 */
576
	simple_recursive_removal(tmp_parent, NULL);
577

578
	return ret;
579
}
580

581
static ssize_t sel_write_load(struct file *file, const char __user *buf,
582
			      size_t count, loff_t *ppos)
583

584
{
585
	struct selinux_fs_info *fsi;
586
	struct selinux_load_state load_state;
587
	ssize_t length;
588
	void *data = NULL;
589

590
	/* no partial writes */
591
	if (*ppos)
592
		return -EINVAL;
593
	/* no empty policies */
594
	if (!count)
595
		return -EINVAL;
596

597
	mutex_lock(&selinux_state.policy_mutex);
598

599
	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
600
			      SECCLASS_SECURITY, SECURITY__LOAD_POLICY, NULL);
601
	if (length)
602
		goto out;
603

604
	data = vmalloc(count);
605
	if (!data) {
606
		length = -ENOMEM;
607
		goto out;
608
	}
609
	if (copy_from_user(data, buf, count) != 0) {
610
		length = -EFAULT;
611
		goto out;
612
	}
613

614
	length = security_load_policy(data, count, &load_state);
615
	if (length) {
616
		pr_warn_ratelimited("SELinux: failed to load policy\n");
617
		goto out;
618
	}
619
	fsi = file_inode(file)->i_sb->s_fs_info;
620
	length = sel_make_policy_nodes(fsi, load_state.policy);
621
	if (length) {
622
		pr_warn_ratelimited("SELinux: failed to initialize selinuxfs\n");
623
		selinux_policy_cancel(&load_state);
624
		goto out;
625
	}
626

627
	selinux_policy_commit(&load_state);
628
	length = count;
629
	audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
630
		"auid=%u ses=%u lsm=selinux res=1",
631
		from_kuid(&init_user_ns, audit_get_loginuid(current)),
632
		audit_get_sessionid(current));
633

634
out:
635
	mutex_unlock(&selinux_state.policy_mutex);
636
	vfree(data);
637
	return length;
638
}
639

640
static const struct file_operations sel_load_ops = {
641
	.write		= sel_write_load,
642
	.llseek		= generic_file_llseek,
643
};
644

645
static ssize_t sel_write_context(struct file *file, char *buf, size_t size)
646
{
647
	char *canon = NULL;
648
	u32 sid, len;
649
	ssize_t length;
650

651
	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
652
			      SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, NULL);
653
	if (length)
654
		goto out;
655

656
	length = security_context_to_sid(buf, size, &sid, GFP_KERNEL);
657
	if (length)
658
		goto out;
659

660
	length = security_sid_to_context(sid, &canon, &len);
661
	if (length)
662
		goto out;
663

664
	length = -ERANGE;
665
	if (len > SIMPLE_TRANSACTION_LIMIT) {
666
		pr_err("SELinux: %s:  context size (%u) exceeds "
667
			"payload max\n", __func__, len);
668
		goto out;
669
	}
670

671
	memcpy(buf, canon, len);
672
	length = len;
673
out:
674
	kfree(canon);
675
	return length;
676
}
677

678
static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf,
679
				     size_t count, loff_t *ppos)
680
{
681
	char tmpbuf[TMPBUFLEN];
682
	ssize_t length;
683

684
	length = scnprintf(tmpbuf, TMPBUFLEN, "%u",
685
			   checkreqprot_get());
686
	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
687
}
688

689
static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
690
				      size_t count, loff_t *ppos)
691
{
692
	char *page;
693
	ssize_t length;
694
	unsigned int new_value;
695

696
	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
697
			      SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT,
698
			      NULL);
699
	if (length)
700
		return length;
701

702
	if (count >= PAGE_SIZE)
703
		return -ENOMEM;
704

705
	/* No partial writes. */
706
	if (*ppos != 0)
707
		return -EINVAL;
708

709
	page = memdup_user_nul(buf, count);
710
	if (IS_ERR(page))
711
		return PTR_ERR(page);
712

713
	if (sscanf(page, "%u", &new_value) != 1) {
714
		length = -EINVAL;
715
		goto out;
716
	}
717
	length = count;
718

719
	if (new_value) {
720
		char comm[sizeof(current->comm)];
721

722
		strscpy(comm, current->comm);
723
		pr_err("SELinux: %s (%d) set checkreqprot to 1. This is no longer supported.\n",
724
		       comm, current->pid);
725
	}
726

727
	selinux_ima_measure_state();
728

729
out:
730
	kfree(page);
731
	return length;
732
}
733
static const struct file_operations sel_checkreqprot_ops = {
734
	.read		= sel_read_checkreqprot,
735
	.write		= sel_write_checkreqprot,
736
	.llseek		= generic_file_llseek,
737
};
738

739
static ssize_t sel_write_validatetrans(struct file *file,
740
					const char __user *buf,
741
					size_t count, loff_t *ppos)
742
{
743
	char *oldcon = NULL, *newcon = NULL, *taskcon = NULL;
744
	char *req = NULL;
745
	u32 osid, nsid, tsid;
746
	u16 tclass;
747
	int rc;
748

749
	rc = avc_has_perm(current_sid(), SECINITSID_SECURITY,
750
			  SECCLASS_SECURITY, SECURITY__VALIDATE_TRANS, NULL);
751
	if (rc)
752
		goto out;
753

754
	rc = -ENOMEM;
755
	if (count >= PAGE_SIZE)
756
		goto out;
757

758
	/* No partial writes. */
759
	rc = -EINVAL;
760
	if (*ppos != 0)
761
		goto out;
762

763
	req = memdup_user_nul(buf, count);
764
	if (IS_ERR(req)) {
765
		rc = PTR_ERR(req);
766
		req = NULL;
767
		goto out;
768
	}
769

770
	rc = -ENOMEM;
771
	oldcon = kzalloc(count + 1, GFP_KERNEL);
772
	if (!oldcon)
773
		goto out;
774

775
	newcon = kzalloc(count + 1, GFP_KERNEL);
776
	if (!newcon)
777
		goto out;
778

779
	taskcon = kzalloc(count + 1, GFP_KERNEL);
780
	if (!taskcon)
781
		goto out;
782

783
	rc = -EINVAL;
784
	if (sscanf(req, "%s %s %hu %s", oldcon, newcon, &tclass, taskcon) != 4)
785
		goto out;
786

787
	rc = security_context_str_to_sid(oldcon, &osid, GFP_KERNEL);
788
	if (rc)
789
		goto out;
790

791
	rc = security_context_str_to_sid(newcon, &nsid, GFP_KERNEL);
792
	if (rc)
793
		goto out;
794

795
	rc = security_context_str_to_sid(taskcon, &tsid, GFP_KERNEL);
796
	if (rc)
797
		goto out;
798

799
	rc = security_validate_transition_user(osid, nsid, tsid, tclass);
800
	if (!rc)
801
		rc = count;
802
out:
803
	kfree(req);
804
	kfree(oldcon);
805
	kfree(newcon);
806
	kfree(taskcon);
807
	return rc;
808
}
809

810
static const struct file_operations sel_transition_ops = {
811
	.write		= sel_write_validatetrans,
812
	.llseek		= generic_file_llseek,
813
};
814

815
/*
816
 * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c
817
 */
818
static ssize_t sel_write_access(struct file *file, char *buf, size_t size);
819
static ssize_t sel_write_create(struct file *file, char *buf, size_t size);
820
static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size);
821
static ssize_t sel_write_user(struct file *file, char *buf, size_t size);
822
static ssize_t sel_write_member(struct file *file, char *buf, size_t size);
823

824
static ssize_t (*const write_op[])(struct file *, char *, size_t) = {
825
	[SEL_ACCESS] = sel_write_access,
826
	[SEL_CREATE] = sel_write_create,
827
	[SEL_RELABEL] = sel_write_relabel,
828
	[SEL_USER] = sel_write_user,
829
	[SEL_MEMBER] = sel_write_member,
830
	[SEL_CONTEXT] = sel_write_context,
831
};
832

833
static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos)
834
{
835
	ino_t ino = file_inode(file)->i_ino;
836
	char *data;
837
	ssize_t rv;
838

839
	if (ino >= ARRAY_SIZE(write_op) || !write_op[ino])
840
		return -EINVAL;
841

842
	data = simple_transaction_get(file, buf, size);
843
	if (IS_ERR(data))
844
		return PTR_ERR(data);
845

846
	rv = write_op[ino](file, data, size);
847
	if (rv > 0) {
848
		simple_transaction_set(file, rv);
849
		rv = size;
850
	}
851
	return rv;
852
}
853

854
static const struct file_operations transaction_ops = {
855
	.write		= selinux_transaction_write,
856
	.read		= simple_transaction_read,
857
	.release	= simple_transaction_release,
858
	.llseek		= generic_file_llseek,
859
};
860

861
/*
862
 * payload - write methods
863
 * If the method has a response, the response should be put in buf,
864
 * and the length returned.  Otherwise return 0 or and -error.
865
 */
866

867
static ssize_t sel_write_access(struct file *file, char *buf, size_t size)
868
{
869
	char *scon = NULL, *tcon = NULL;
870
	u32 ssid, tsid;
871
	u16 tclass;
872
	struct av_decision avd;
873
	ssize_t length;
874

875
	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
876
			      SECCLASS_SECURITY, SECURITY__COMPUTE_AV, NULL);
877
	if (length)
878
		goto out;
879

880
	length = -ENOMEM;
881
	scon = kzalloc(size + 1, GFP_KERNEL);
882
	if (!scon)
883
		goto out;
884

885
	length = -ENOMEM;
886
	tcon = kzalloc(size + 1, GFP_KERNEL);
887
	if (!tcon)
888
		goto out;
889

890
	length = -EINVAL;
891
	if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
892
		goto out;
893

894
	length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
895
	if (length)
896
		goto out;
897

898
	length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
899
	if (length)
900
		goto out;
901

902
	security_compute_av_user(ssid, tsid, tclass, &avd);
903

904
	length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT,
905
			  "%x %x %x %x %u %x",
906
			  avd.allowed, 0xffffffff,
907
			  avd.auditallow, avd.auditdeny,
908
			  avd.seqno, avd.flags);
909
out:
910
	kfree(tcon);
911
	kfree(scon);
912
	return length;
913
}
914

915
static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
916
{
917
	char *scon = NULL, *tcon = NULL;
918
	char *namebuf = NULL, *objname = NULL;
919
	u32 ssid, tsid, newsid;
920
	u16 tclass;
921
	ssize_t length;
922
	char *newcon = NULL;
923
	u32 len;
924
	int nargs;
925

926
	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
927
			      SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE,
928
			      NULL);
929
	if (length)
930
		goto out;
931

932
	length = -ENOMEM;
933
	scon = kzalloc(size + 1, GFP_KERNEL);
934
	if (!scon)
935
		goto out;
936

937
	length = -ENOMEM;
938
	tcon = kzalloc(size + 1, GFP_KERNEL);
939
	if (!tcon)
940
		goto out;
941

942
	length = -ENOMEM;
943
	namebuf = kzalloc(size + 1, GFP_KERNEL);
944
	if (!namebuf)
945
		goto out;
946

947
	length = -EINVAL;
948
	nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf);
949
	if (nargs < 3 || nargs > 4)
950
		goto out;
951
	if (nargs == 4) {
952
		/*
953
		 * If and when the name of new object to be queried contains
954
		 * either whitespace or multibyte characters, they shall be
955
		 * encoded based on the percentage-encoding rule.
956
		 * If not encoded, the sscanf logic picks up only left-half
957
		 * of the supplied name; split by a whitespace unexpectedly.
958
		 */
959
		char   *r, *w;
960
		int     c1, c2;
961

962
		r = w = namebuf;
963
		do {
964
			c1 = *r++;
965
			if (c1 == '+')
966
				c1 = ' ';
967
			else if (c1 == '%') {
968
				c1 = hex_to_bin(*r++);
969
				if (c1 < 0)
970
					goto out;
971
				c2 = hex_to_bin(*r++);
972
				if (c2 < 0)
973
					goto out;
974
				c1 = (c1 << 4) | c2;
975
			}
976
			*w++ = c1;
977
		} while (c1 != '\0');
978

979
		objname = namebuf;
980
	}
981

982
	length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
983
	if (length)
984
		goto out;
985

986
	length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
987
	if (length)
988
		goto out;
989

990
	length = security_transition_sid_user(ssid, tsid, tclass,
991
					      objname, &newsid);
992
	if (length)
993
		goto out;
994

995
	length = security_sid_to_context(newsid, &newcon, &len);
996
	if (length)
997
		goto out;
998

999
	length = -ERANGE;
1000
	if (len > SIMPLE_TRANSACTION_LIMIT) {
1001
		pr_err("SELinux: %s:  context size (%u) exceeds "
1002
			"payload max\n", __func__, len);
1003
		goto out;
1004
	}
1005

1006
	memcpy(buf, newcon, len);
1007
	length = len;
1008
out:
1009
	kfree(newcon);
1010
	kfree(namebuf);
1011
	kfree(tcon);
1012
	kfree(scon);
1013
	return length;
1014
}
1015

1016
static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size)
1017
{
1018
	char *scon = NULL, *tcon = NULL;
1019
	u32 ssid, tsid, newsid;
1020
	u16 tclass;
1021
	ssize_t length;
1022
	char *newcon = NULL;
1023
	u32 len;
1024

1025
	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1026
			      SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL,
1027
			      NULL);
1028
	if (length)
1029
		goto out;
1030

1031
	length = -ENOMEM;
1032
	scon = kzalloc(size + 1, GFP_KERNEL);
1033
	if (!scon)
1034
		goto out;
1035

1036
	length = -ENOMEM;
1037
	tcon = kzalloc(size + 1, GFP_KERNEL);
1038
	if (!tcon)
1039
		goto out;
1040

1041
	length = -EINVAL;
1042
	if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
1043
		goto out;
1044

1045
	length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
1046
	if (length)
1047
		goto out;
1048

1049
	length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
1050
	if (length)
1051
		goto out;
1052

1053
	length = security_change_sid(ssid, tsid, tclass, &newsid);
1054
	if (length)
1055
		goto out;
1056

1057
	length = security_sid_to_context(newsid, &newcon, &len);
1058
	if (length)
1059
		goto out;
1060

1061
	length = -ERANGE;
1062
	if (len > SIMPLE_TRANSACTION_LIMIT)
1063
		goto out;
1064

1065
	memcpy(buf, newcon, len);
1066
	length = len;
1067
out:
1068
	kfree(newcon);
1069
	kfree(tcon);
1070
	kfree(scon);
1071
	return length;
1072
}
1073

1074
static ssize_t sel_write_user(struct file *file, char *buf, size_t size)
1075
{
1076
	char *con = NULL, *user = NULL, *ptr;
1077
	u32 sid, *sids = NULL;
1078
	ssize_t length;
1079
	char *newcon;
1080
	int rc;
1081
	u32 i, len, nsids;
1082

1083
	pr_warn_ratelimited("SELinux: %s (%d) wrote to /sys/fs/selinux/user!"
1084
		" This will not be supported in the future; please update your"
1085
		" userspace.\n", current->comm, current->pid);
1086
	ssleep(5);
1087

1088
	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1089
			      SECCLASS_SECURITY, SECURITY__COMPUTE_USER,
1090
			      NULL);
1091
	if (length)
1092
		goto out;
1093

1094
	length = -ENOMEM;
1095
	con = kzalloc(size + 1, GFP_KERNEL);
1096
	if (!con)
1097
		goto out;
1098

1099
	length = -ENOMEM;
1100
	user = kzalloc(size + 1, GFP_KERNEL);
1101
	if (!user)
1102
		goto out;
1103

1104
	length = -EINVAL;
1105
	if (sscanf(buf, "%s %s", con, user) != 2)
1106
		goto out;
1107

1108
	length = security_context_str_to_sid(con, &sid, GFP_KERNEL);
1109
	if (length)
1110
		goto out;
1111

1112
	length = security_get_user_sids(sid, user, &sids, &nsids);
1113
	if (length)
1114
		goto out;
1115

1116
	length = sprintf(buf, "%u", nsids) + 1;
1117
	ptr = buf + length;
1118
	for (i = 0; i < nsids; i++) {
1119
		rc = security_sid_to_context(sids[i], &newcon, &len);
1120
		if (rc) {
1121
			length = rc;
1122
			goto out;
1123
		}
1124
		if ((length + len) >= SIMPLE_TRANSACTION_LIMIT) {
1125
			kfree(newcon);
1126
			length = -ERANGE;
1127
			goto out;
1128
		}
1129
		memcpy(ptr, newcon, len);
1130
		kfree(newcon);
1131
		ptr += len;
1132
		length += len;
1133
	}
1134
out:
1135
	kfree(sids);
1136
	kfree(user);
1137
	kfree(con);
1138
	return length;
1139
}
1140

1141
static ssize_t sel_write_member(struct file *file, char *buf, size_t size)
1142
{
1143
	char *scon = NULL, *tcon = NULL;
1144
	u32 ssid, tsid, newsid;
1145
	u16 tclass;
1146
	ssize_t length;
1147
	char *newcon = NULL;
1148
	u32 len;
1149

1150
	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1151
			      SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER,
1152
			      NULL);
1153
	if (length)
1154
		goto out;
1155

1156
	length = -ENOMEM;
1157
	scon = kzalloc(size + 1, GFP_KERNEL);
1158
	if (!scon)
1159
		goto out;
1160

1161
	length = -ENOMEM;
1162
	tcon = kzalloc(size + 1, GFP_KERNEL);
1163
	if (!tcon)
1164
		goto out;
1165

1166
	length = -EINVAL;
1167
	if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
1168
		goto out;
1169

1170
	length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
1171
	if (length)
1172
		goto out;
1173

1174
	length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
1175
	if (length)
1176
		goto out;
1177

1178
	length = security_member_sid(ssid, tsid, tclass, &newsid);
1179
	if (length)
1180
		goto out;
1181

1182
	length = security_sid_to_context(newsid, &newcon, &len);
1183
	if (length)
1184
		goto out;
1185

1186
	length = -ERANGE;
1187
	if (len > SIMPLE_TRANSACTION_LIMIT) {
1188
		pr_err("SELinux: %s:  context size (%u) exceeds "
1189
			"payload max\n", __func__, len);
1190
		goto out;
1191
	}
1192

1193
	memcpy(buf, newcon, len);
1194
	length = len;
1195
out:
1196
	kfree(newcon);
1197
	kfree(tcon);
1198
	kfree(scon);
1199
	return length;
1200
}
1201

1202
static struct inode *sel_make_inode(struct super_block *sb, umode_t mode)
1203
{
1204
	struct inode *ret = new_inode(sb);
1205

1206
	if (ret) {
1207
		ret->i_mode = mode;
1208
		simple_inode_init_ts(ret);
1209
	}
1210
	return ret;
1211
}
1212

1213
static struct dentry *sel_attach(struct dentry *parent, const char *name,
1214
				 struct inode *inode)
1215
{
1216
	struct dentry *dentry = d_alloc_name(parent, name);
1217
	if (unlikely(!dentry)) {
1218
		iput(inode);
1219
		return ERR_PTR(-ENOMEM);
1220
	}
1221
	d_make_persistent(dentry, inode);
1222
	dput(dentry);
1223
	return dentry;
1224
}
1225

1226
static int sel_attach_file(struct dentry *parent, const char *name,
1227
			   struct inode *inode)
1228
{
1229
	struct dentry *dentry = sel_attach(parent, name, inode);
1230
	return PTR_ERR_OR_ZERO(dentry);
1231
}
1232

1233
static ssize_t sel_read_bool(struct file *filep, char __user *buf,
1234
			     size_t count, loff_t *ppos)
1235
{
1236
	struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info;
1237
	char buffer[4];
1238
	ssize_t length;
1239
	ssize_t ret;
1240
	int cur_enforcing;
1241
	unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
1242
	const char *name = filep->f_path.dentry->d_name.name;
1243

1244
	mutex_lock(&selinux_state.policy_mutex);
1245

1246
	ret = -EINVAL;
1247
	if (index >= fsi->bool_num || strcmp(name,
1248
					     fsi->bool_pending_names[index]))
1249
		goto out_unlock;
1250

1251
	cur_enforcing = security_get_bool_value(index);
1252
	if (cur_enforcing < 0) {
1253
		ret = cur_enforcing;
1254
		goto out_unlock;
1255
	}
1256
	length = scnprintf(buffer, sizeof(buffer), "%d %d", !!cur_enforcing,
1257
			  !!fsi->bool_pending_values[index]);
1258
	mutex_unlock(&selinux_state.policy_mutex);
1259
	return simple_read_from_buffer(buf, count, ppos, buffer, length);
1260

1261
out_unlock:
1262
	mutex_unlock(&selinux_state.policy_mutex);
1263
	return ret;
1264
}
1265

1266
static ssize_t sel_write_bool(struct file *filep, const char __user *buf,
1267
			      size_t count, loff_t *ppos)
1268
{
1269
	struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info;
1270
	char *page = NULL;
1271
	ssize_t length;
1272
	int new_value;
1273
	unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
1274
	const char *name = filep->f_path.dentry->d_name.name;
1275

1276
	if (count >= PAGE_SIZE)
1277
		return -ENOMEM;
1278

1279
	/* No partial writes. */
1280
	if (*ppos != 0)
1281
		return -EINVAL;
1282

1283
	page = memdup_user_nul(buf, count);
1284
	if (IS_ERR(page))
1285
		return PTR_ERR(page);
1286

1287
	mutex_lock(&selinux_state.policy_mutex);
1288

1289
	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1290
			      SECCLASS_SECURITY, SECURITY__SETBOOL,
1291
			      NULL);
1292
	if (length)
1293
		goto out;
1294

1295
	length = -EINVAL;
1296
	if (index >= fsi->bool_num || strcmp(name,
1297
					     fsi->bool_pending_names[index]))
1298
		goto out;
1299

1300
	length = -EINVAL;
1301
	if (sscanf(page, "%d", &new_value) != 1)
1302
		goto out;
1303

1304
	if (new_value)
1305
		new_value = 1;
1306

1307
	fsi->bool_pending_values[index] = new_value;
1308
	length = count;
1309

1310
out:
1311
	mutex_unlock(&selinux_state.policy_mutex);
1312
	kfree(page);
1313
	return length;
1314
}
1315

1316
static const struct file_operations sel_bool_ops = {
1317
	.read		= sel_read_bool,
1318
	.write		= sel_write_bool,
1319
	.llseek		= generic_file_llseek,
1320
};
1321

1322
static ssize_t sel_commit_bools_write(struct file *filep,
1323
				      const char __user *buf,
1324
				      size_t count, loff_t *ppos)
1325
{
1326
	struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info;
1327
	char *page = NULL;
1328
	ssize_t length;
1329
	int new_value;
1330

1331
	if (count >= PAGE_SIZE)
1332
		return -ENOMEM;
1333

1334
	/* No partial writes. */
1335
	if (*ppos != 0)
1336
		return -EINVAL;
1337

1338
	page = memdup_user_nul(buf, count);
1339
	if (IS_ERR(page))
1340
		return PTR_ERR(page);
1341

1342
	mutex_lock(&selinux_state.policy_mutex);
1343

1344
	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1345
			      SECCLASS_SECURITY, SECURITY__SETBOOL,
1346
			      NULL);
1347
	if (length)
1348
		goto out;
1349

1350
	length = -EINVAL;
1351
	if (sscanf(page, "%d", &new_value) != 1)
1352
		goto out;
1353

1354
	length = 0;
1355
	if (new_value && fsi->bool_pending_values)
1356
		length = security_set_bools(fsi->bool_num,
1357
					    fsi->bool_pending_values);
1358

1359
	if (!length)
1360
		length = count;
1361

1362
out:
1363
	mutex_unlock(&selinux_state.policy_mutex);
1364
	kfree(page);
1365
	return length;
1366
}
1367

1368
static const struct file_operations sel_commit_bools_ops = {
1369
	.write		= sel_commit_bools_write,
1370
	.llseek		= generic_file_llseek,
1371
};
1372

1373
static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_dir,
1374
			  unsigned int *bool_num, char ***bool_pending_names,
1375
			  int **bool_pending_values)
1376
{
1377
	int ret;
1378
	char **names, *page;
1379
	u32 i, num;
1380

1381
	page = (char *)get_zeroed_page(GFP_KERNEL);
1382
	if (!page)
1383
		return -ENOMEM;
1384

1385
	ret = security_get_bools(newpolicy, &num, &names, bool_pending_values);
1386
	if (ret)
1387
		goto out;
1388

1389
	*bool_num = num;
1390
	*bool_pending_names = names;
1391

1392
	for (i = 0; !ret && i < num; i++) {
1393
		struct inode *inode;
1394
		struct inode_security_struct *isec;
1395
		ssize_t len;
1396
		u32 sid;
1397

1398
		len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]);
1399
		if (len >= PAGE_SIZE) {
1400
			ret = -ENAMETOOLONG;
1401
			break;
1402
		}
1403

1404
		inode = sel_make_inode(bool_dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR);
1405
		if (!inode) {
1406
			ret = -ENOMEM;
1407
			break;
1408
		}
1409

1410
		isec = selinux_inode(inode);
1411
		ret = selinux_policy_genfs_sid(newpolicy, "selinuxfs", page,
1412
					 SECCLASS_FILE, &sid);
1413
		if (ret) {
1414
			pr_warn_ratelimited("SELinux: no sid found, defaulting to security isid for %s\n",
1415
					   page);
1416
			sid = SECINITSID_SECURITY;
1417
		}
1418

1419
		isec->sid = sid;
1420
		isec->initialized = LABEL_INITIALIZED;
1421
		inode->i_fop = &sel_bool_ops;
1422
		inode->i_ino = i|SEL_BOOL_INO_OFFSET;
1423

1424
		ret = sel_attach_file(bool_dir, names[i], inode);
1425
	}
1426
out:
1427
	free_page((unsigned long)page);
1428
	return ret;
1429
}
1430

1431
static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf,
1432
					    size_t count, loff_t *ppos)
1433
{
1434
	char tmpbuf[TMPBUFLEN];
1435
	ssize_t length;
1436

1437
	length = scnprintf(tmpbuf, TMPBUFLEN, "%u",
1438
			   avc_get_cache_threshold());
1439
	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
1440
}
1441

1442
static ssize_t sel_write_avc_cache_threshold(struct file *file,
1443
					     const char __user *buf,
1444
					     size_t count, loff_t *ppos)
1445

1446
{
1447
	char *page;
1448
	ssize_t ret;
1449
	unsigned int new_value;
1450

1451
	ret = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1452
			   SECCLASS_SECURITY, SECURITY__SETSECPARAM,
1453
			   NULL);
1454
	if (ret)
1455
		return ret;
1456

1457
	if (count >= PAGE_SIZE)
1458
		return -ENOMEM;
1459

1460
	/* No partial writes. */
1461
	if (*ppos != 0)
1462
		return -EINVAL;
1463

1464
	page = memdup_user_nul(buf, count);
1465
	if (IS_ERR(page))
1466
		return PTR_ERR(page);
1467

1468
	ret = -EINVAL;
1469
	if (sscanf(page, "%u", &new_value) != 1)
1470
		goto out;
1471

1472
	avc_set_cache_threshold(new_value);
1473

1474
	ret = count;
1475
out:
1476
	kfree(page);
1477
	return ret;
1478
}
1479

1480
static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf,
1481
				       size_t count, loff_t *ppos)
1482
{
1483
	char *page;
1484
	ssize_t length;
1485

1486
	page = (char *)__get_free_page(GFP_KERNEL);
1487
	if (!page)
1488
		return -ENOMEM;
1489

1490
	length = avc_get_hash_stats(page);
1491
	if (length >= 0)
1492
		length = simple_read_from_buffer(buf, count, ppos, page, length);
1493
	free_page((unsigned long)page);
1494

1495
	return length;
1496
}
1497

1498
static ssize_t sel_read_sidtab_hash_stats(struct file *filp, char __user *buf,
1499
					size_t count, loff_t *ppos)
1500
{
1501
	char *page;
1502
	ssize_t length;
1503

1504
	page = (char *)__get_free_page(GFP_KERNEL);
1505
	if (!page)
1506
		return -ENOMEM;
1507

1508
	length = security_sidtab_hash_stats(page);
1509
	if (length >= 0)
1510
		length = simple_read_from_buffer(buf, count, ppos, page,
1511
						length);
1512
	free_page((unsigned long)page);
1513

1514
	return length;
1515
}
1516

1517
static const struct file_operations sel_sidtab_hash_stats_ops = {
1518
	.read		= sel_read_sidtab_hash_stats,
1519
	.llseek		= generic_file_llseek,
1520
};
1521

1522
static const struct file_operations sel_avc_cache_threshold_ops = {
1523
	.read		= sel_read_avc_cache_threshold,
1524
	.write		= sel_write_avc_cache_threshold,
1525
	.llseek		= generic_file_llseek,
1526
};
1527

1528
static const struct file_operations sel_avc_hash_stats_ops = {
1529
	.read		= sel_read_avc_hash_stats,
1530
	.llseek		= generic_file_llseek,
1531
};
1532

1533
#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
1534
static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx)
1535
{
1536
	loff_t cpu;
1537

1538
	for (cpu = *idx; cpu < nr_cpu_ids; ++cpu) {
1539
		if (!cpu_possible(cpu))
1540
			continue;
1541
		*idx = cpu + 1;
1542
		return &per_cpu(avc_cache_stats, cpu);
1543
	}
1544
	(*idx)++;
1545
	return NULL;
1546
}
1547

1548
static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos)
1549
{
1550
	loff_t n = *pos - 1;
1551

1552
	if (*pos == 0)
1553
		return SEQ_START_TOKEN;
1554

1555
	return sel_avc_get_stat_idx(&n);
1556
}
1557

1558
static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1559
{
1560
	return sel_avc_get_stat_idx(pos);
1561
}
1562

1563
static int sel_avc_stats_seq_show(struct seq_file *seq, void *v)
1564
{
1565
	struct avc_cache_stats *st = v;
1566

1567
	if (v == SEQ_START_TOKEN) {
1568
		seq_puts(seq,
1569
			 "lookups hits misses allocations reclaims frees\n");
1570
	} else {
1571
		unsigned int lookups = st->lookups;
1572
		unsigned int misses = st->misses;
1573
		unsigned int hits = lookups - misses;
1574
		seq_printf(seq, "%u %u %u %u %u %u\n", lookups,
1575
			   hits, misses, st->allocations,
1576
			   st->reclaims, st->frees);
1577
	}
1578
	return 0;
1579
}
1580

1581
static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v)
1582
{ }
1583

1584
static const struct seq_operations sel_avc_cache_stats_seq_ops = {
1585
	.start		= sel_avc_stats_seq_start,
1586
	.next		= sel_avc_stats_seq_next,
1587
	.show		= sel_avc_stats_seq_show,
1588
	.stop		= sel_avc_stats_seq_stop,
1589
};
1590

1591
static int sel_open_avc_cache_stats(struct inode *inode, struct file *file)
1592
{
1593
	return seq_open(file, &sel_avc_cache_stats_seq_ops);
1594
}
1595

1596
static const struct file_operations sel_avc_cache_stats_ops = {
1597
	.open		= sel_open_avc_cache_stats,
1598
	.read		= seq_read,
1599
	.llseek		= seq_lseek,
1600
	.release	= seq_release,
1601
};
1602
#endif
1603

1604
static int sel_make_avc_files(struct dentry *dir)
1605
{
1606
	struct super_block *sb = dir->d_sb;
1607
	struct selinux_fs_info *fsi = sb->s_fs_info;
1608
	unsigned int i;
1609
	int err = 0;
1610
	static const struct tree_descr files[] = {
1611
		{ "cache_threshold",
1612
		  &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR },
1613
		{ "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO },
1614
#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
1615
		{ "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO },
1616
#endif
1617
	};
1618

1619
	for (i = 0; !err && i < ARRAY_SIZE(files); i++) {
1620
		struct inode *inode;
1621

1622
		inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode);
1623
		if (!inode)
1624
			return -ENOMEM;
1625

1626
		inode->i_fop = files[i].ops;
1627
		inode->i_ino = ++fsi->last_ino;
1628

1629
		err = sel_attach_file(dir, files[i].name, inode);
1630
	}
1631

1632
	return err;
1633
}
1634

1635
static int sel_make_ss_files(struct dentry *dir)
1636
{
1637
	struct super_block *sb = dir->d_sb;
1638
	struct selinux_fs_info *fsi = sb->s_fs_info;
1639
	unsigned int i;
1640
	int err = 0;
1641
	static const struct tree_descr files[] = {
1642
		{ "sidtab_hash_stats", &sel_sidtab_hash_stats_ops, S_IRUGO },
1643
	};
1644

1645
	for (i = 0; !err && i < ARRAY_SIZE(files); i++) {
1646
		struct inode *inode;
1647

1648
		inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode);
1649
		if (!inode)
1650
			return -ENOMEM;
1651

1652
		inode->i_fop = files[i].ops;
1653
		inode->i_ino = ++fsi->last_ino;
1654

1655
		err = sel_attach_file(dir, files[i].name, inode);
1656
	}
1657

1658
	return err;
1659
}
1660

1661
static ssize_t sel_read_initcon(struct file *file, char __user *buf,
1662
				size_t count, loff_t *ppos)
1663
{
1664
	char *con;
1665
	u32 sid, len;
1666
	ssize_t ret;
1667

1668
	sid = file_inode(file)->i_ino&SEL_INO_MASK;
1669
	ret = security_sid_to_context(sid, &con, &len);
1670
	if (ret)
1671
		return ret;
1672

1673
	ret = simple_read_from_buffer(buf, count, ppos, con, len);
1674
	kfree(con);
1675
	return ret;
1676
}
1677

1678
static const struct file_operations sel_initcon_ops = {
1679
	.read		= sel_read_initcon,
1680
	.llseek		= generic_file_llseek,
1681
};
1682

1683
static int sel_make_initcon_files(struct dentry *dir)
1684
{
1685
	unsigned int i;
1686
	int err = 0;
1687

1688
	for (i = 1; !err && i <= SECINITSID_NUM; i++) {
1689
		const char *s = security_get_initial_sid_context(i);
1690
		struct inode *inode;
1691

1692
		if (!s)
1693
			continue;
1694

1695
		inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1696
		if (!inode)
1697
			return -ENOMEM;
1698

1699
		inode->i_fop = &sel_initcon_ops;
1700
		inode->i_ino = i|SEL_INITCON_INO_OFFSET;
1701
		err = sel_attach_file(dir, s, inode);
1702
	}
1703

1704
	return err;
1705
}
1706

1707
static inline unsigned long sel_class_to_ino(u16 class)
1708
{
1709
	return (class * (SEL_VEC_MAX + 1)) | SEL_CLASS_INO_OFFSET;
1710
}
1711

1712
static inline u16 sel_ino_to_class(unsigned long ino)
1713
{
1714
	return (ino & SEL_INO_MASK) / (SEL_VEC_MAX + 1);
1715
}
1716

1717
static inline unsigned long sel_perm_to_ino(u16 class, u32 perm)
1718
{
1719
	return (class * (SEL_VEC_MAX + 1) + perm) | SEL_CLASS_INO_OFFSET;
1720
}
1721

1722
static inline u32 sel_ino_to_perm(unsigned long ino)
1723
{
1724
	return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1);
1725
}
1726

1727
static ssize_t sel_read_class(struct file *file, char __user *buf,
1728
				size_t count, loff_t *ppos)
1729
{
1730
	unsigned long ino = file_inode(file)->i_ino;
1731
	char res[TMPBUFLEN];
1732
	ssize_t len = scnprintf(res, sizeof(res), "%d", sel_ino_to_class(ino));
1733
	return simple_read_from_buffer(buf, count, ppos, res, len);
1734
}
1735

1736
static const struct file_operations sel_class_ops = {
1737
	.read		= sel_read_class,
1738
	.llseek		= generic_file_llseek,
1739
};
1740

1741
static ssize_t sel_read_perm(struct file *file, char __user *buf,
1742
				size_t count, loff_t *ppos)
1743
{
1744
	unsigned long ino = file_inode(file)->i_ino;
1745
	char res[TMPBUFLEN];
1746
	ssize_t len = scnprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino));
1747
	return simple_read_from_buffer(buf, count, ppos, res, len);
1748
}
1749

1750
static const struct file_operations sel_perm_ops = {
1751
	.read		= sel_read_perm,
1752
	.llseek		= generic_file_llseek,
1753
};
1754

1755
static ssize_t sel_read_policycap(struct file *file, char __user *buf,
1756
				  size_t count, loff_t *ppos)
1757
{
1758
	int value;
1759
	char tmpbuf[TMPBUFLEN];
1760
	ssize_t length;
1761
	unsigned long i_ino = file_inode(file)->i_ino;
1762

1763
	value = security_policycap_supported(i_ino & SEL_INO_MASK);
1764
	length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value);
1765

1766
	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
1767
}
1768

1769
static const struct file_operations sel_policycap_ops = {
1770
	.read		= sel_read_policycap,
1771
	.llseek		= generic_file_llseek,
1772
};
1773

1774
static int sel_make_perm_files(struct selinux_policy *newpolicy,
1775
			char *objclass, int classvalue,
1776
			struct dentry *dir)
1777
{
1778
	u32 i, nperms;
1779
	int rc;
1780
	char **perms;
1781

1782
	rc = security_get_permissions(newpolicy, objclass, &perms, &nperms);
1783
	if (rc)
1784
		return rc;
1785

1786
	for (i = 0; !rc && i < nperms; i++) {
1787
		struct inode *inode;
1788

1789
		inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1790
		if (!inode) {
1791
			rc = -ENOMEM;
1792
			break;
1793
		}
1794

1795
		inode->i_fop = &sel_perm_ops;
1796
		/* i+1 since perm values are 1-indexed */
1797
		inode->i_ino = sel_perm_to_ino(classvalue, i + 1);
1798

1799
		rc = sel_attach_file(dir, perms[i], inode);
1800
	}
1801
	for (i = 0; i < nperms; i++)
1802
		kfree(perms[i]);
1803
	kfree(perms);
1804
	return rc;
1805
}
1806

1807
static int sel_make_class_dir_entries(struct selinux_policy *newpolicy,
1808
				char *classname, int index,
1809
				struct dentry *dir)
1810
{
1811
	struct super_block *sb = dir->d_sb;
1812
	struct selinux_fs_info *fsi = sb->s_fs_info;
1813
	struct dentry *dentry = NULL;
1814
	struct inode *inode = NULL;
1815
	int err;
1816

1817
	inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1818
	if (!inode)
1819
		return -ENOMEM;
1820

1821
	inode->i_fop = &sel_class_ops;
1822
	inode->i_ino = sel_class_to_ino(index);
1823

1824
	err = sel_attach_file(dir, "index", inode);
1825
	if (err)
1826
		return err;
1827

1828
	dentry = sel_make_dir(dir, "perms", &fsi->last_class_ino);
1829
	if (IS_ERR(dentry))
1830
		return PTR_ERR(dentry);
1831

1832
	return sel_make_perm_files(newpolicy, classname, index, dentry);
1833
}
1834

1835
static int sel_make_classes(struct selinux_policy *newpolicy,
1836
			    struct dentry *class_dir,
1837
			    unsigned long *last_class_ino)
1838
{
1839
	u32 i, nclasses;
1840
	int rc;
1841
	char **classes;
1842

1843
	rc = security_get_classes(newpolicy, &classes, &nclasses);
1844
	if (rc)
1845
		return rc;
1846

1847
	/* +2 since classes are 1-indexed */
1848
	*last_class_ino = sel_class_to_ino(nclasses + 2);
1849

1850
	for (i = 0; i < nclasses; i++) {
1851
		struct dentry *class_name_dir;
1852

1853
		class_name_dir = sel_make_dir(class_dir, classes[i],
1854
					      last_class_ino);
1855
		if (IS_ERR(class_name_dir)) {
1856
			rc = PTR_ERR(class_name_dir);
1857
			goto out;
1858
		}
1859

1860
		/* i+1 since class values are 1-indexed */
1861
		rc = sel_make_class_dir_entries(newpolicy, classes[i], i + 1,
1862
				class_name_dir);
1863
		if (rc)
1864
			goto out;
1865
	}
1866
	rc = 0;
1867
out:
1868
	for (i = 0; i < nclasses; i++)
1869
		kfree(classes[i]);
1870
	kfree(classes);
1871
	return rc;
1872
}
1873

1874
static int sel_make_policycap(struct dentry *dir)
1875
{
1876
	struct super_block *sb = dir->d_sb;
1877
	unsigned int iter;
1878
	struct inode *inode = NULL;
1879
	int err = 0;
1880

1881
	for (iter = 0; !err && iter <= POLICYDB_CAP_MAX; iter++) {
1882
		const char *name;
1883

1884
		if (iter < ARRAY_SIZE(selinux_policycap_names))
1885
			name = selinux_policycap_names[iter];
1886
		else
1887
			name = "unknown";
1888

1889
		inode = sel_make_inode(sb, S_IFREG | 0444);
1890
		if (!inode)
1891
			return -ENOMEM;
1892

1893
		inode->i_fop = &sel_policycap_ops;
1894
		inode->i_ino = iter | SEL_POLICYCAP_INO_OFFSET;
1895
		err = sel_attach_file(dir, name, inode);
1896
	}
1897

1898
	return err;
1899
}
1900

1901
static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
1902
			unsigned long *ino)
1903
{
1904
	struct inode *inode;
1905

1906
	inode = sel_make_inode(dir->d_sb, S_IFDIR | S_IRUGO | S_IXUGO);
1907
	if (!inode)
1908
		return ERR_PTR(-ENOMEM);
1909

1910
	inode->i_op = &simple_dir_inode_operations;
1911
	inode->i_fop = &simple_dir_operations;
1912
	inode->i_ino = ++(*ino);
1913
	/* directory inodes start off with i_nlink == 2 (for "." entry) */
1914
	inc_nlink(inode);
1915
	/* bump link count on parent directory, too */
1916
	inc_nlink(d_inode(dir));
1917

1918
	return sel_attach(dir, name, inode);
1919
}
1920

1921
static int reject_all(struct mnt_idmap *idmap, struct inode *inode, int mask)
1922
{
1923
	return -EPERM;	// no access for anyone, root or no root.
1924
}
1925

1926
static const struct inode_operations swapover_dir_inode_operations = {
1927
	.lookup		= simple_lookup,
1928
	.permission	= reject_all,
1929
};
1930

1931
static struct dentry *sel_make_swapover_dir(struct super_block *sb,
1932
						unsigned long *ino)
1933
{
1934
	struct dentry *dentry = d_alloc_name(sb->s_root, ".swapover");
1935
	struct inode *inode;
1936

1937
	if (!dentry)
1938
		return ERR_PTR(-ENOMEM);
1939

1940
	inode = sel_make_inode(sb, S_IFDIR);
1941
	if (!inode) {
1942
		dput(dentry);
1943
		return ERR_PTR(-ENOMEM);
1944
	}
1945

1946
	inode->i_op = &swapover_dir_inode_operations;
1947
	inode->i_ino = ++(*ino);
1948
	/* directory inodes start off with i_nlink == 2 (for "." entry) */
1949
	inc_nlink(inode);
1950
	inode_lock(sb->s_root->d_inode);
1951
	d_make_persistent(dentry, inode);
1952
	inc_nlink(sb->s_root->d_inode);
1953
	inode_unlock(sb->s_root->d_inode);
1954
	dput(dentry);
1955
	return dentry;	// borrowed
1956
}
1957

1958
#define NULL_FILE_NAME "null"
1959

1960
static int sel_fill_super(struct super_block *sb, struct fs_context *fc)
1961
{
1962
	struct selinux_fs_info *fsi;
1963
	int ret;
1964
	struct dentry *dentry;
1965
	struct inode *inode;
1966
	struct inode_security_struct *isec;
1967

1968
	static const struct tree_descr selinux_files[] = {
1969
		[SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR},
1970
		[SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR},
1971
		[SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO},
1972
		[SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO},
1973
		[SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO},
1974
		[SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO},
1975
		[SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO},
1976
		[SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO},
1977
		[SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR},
1978
		[SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO},
1979
		[SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR},
1980
		[SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO},
1981
		[SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR},
1982
		[SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO},
1983
		[SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO},
1984
		[SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO},
1985
		[SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO},
1986
		[SEL_VALIDATE_TRANS] = {"validatetrans", &sel_transition_ops,
1987
					S_IWUGO},
1988
		/* last one */ {"", NULL, 0}
1989
	};
1990

1991
	ret = selinux_fs_info_create(sb);
1992
	if (ret)
1993
		goto err;
1994

1995
	ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);
1996
	if (ret)
1997
		goto err;
1998

1999
	fsi = sb->s_fs_info;
2000
	fsi->bool_dir = sel_make_dir(sb->s_root, BOOL_DIR_NAME, &fsi->last_ino);
2001
	if (IS_ERR(fsi->bool_dir)) {
2002
		ret = PTR_ERR(fsi->bool_dir);
2003
		fsi->bool_dir = NULL;
2004
		goto err;
2005
	}
2006

2007
	ret = -ENOMEM;
2008
	inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO);
2009
	if (!inode)
2010
		goto err;
2011

2012
	inode->i_ino = ++fsi->last_ino;
2013
	isec = selinux_inode(inode);
2014
	isec->sid = SECINITSID_DEVNULL;
2015
	isec->sclass = SECCLASS_CHR_FILE;
2016
	isec->initialized = LABEL_INITIALIZED;
2017

2018
	init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3));
2019
	ret = sel_attach_file(sb->s_root, NULL_FILE_NAME, inode);
2020
	if (ret)
2021
		goto err;
2022

2023
	dentry = sel_make_dir(sb->s_root, "avc", &fsi->last_ino);
2024
	if (IS_ERR(dentry)) {
2025
		ret = PTR_ERR(dentry);
2026
		goto err;
2027
	}
2028

2029
	ret = sel_make_avc_files(dentry);
2030
	if (ret)
2031
		goto err;
2032

2033
	dentry = sel_make_dir(sb->s_root, "ss", &fsi->last_ino);
2034
	if (IS_ERR(dentry)) {
2035
		ret = PTR_ERR(dentry);
2036
		goto err;
2037
	}
2038

2039
	ret = sel_make_ss_files(dentry);
2040
	if (ret)
2041
		goto err;
2042

2043
	dentry = sel_make_dir(sb->s_root, "initial_contexts", &fsi->last_ino);
2044
	if (IS_ERR(dentry)) {
2045
		ret = PTR_ERR(dentry);
2046
		goto err;
2047
	}
2048

2049
	ret = sel_make_initcon_files(dentry);
2050
	if (ret)
2051
		goto err;
2052

2053
	fsi->class_dir = sel_make_dir(sb->s_root, CLASS_DIR_NAME, &fsi->last_ino);
2054
	if (IS_ERR(fsi->class_dir)) {
2055
		ret = PTR_ERR(fsi->class_dir);
2056
		fsi->class_dir = NULL;
2057
		goto err;
2058
	}
2059

2060
	dentry = sel_make_dir(sb->s_root, "policy_capabilities", &fsi->last_ino);
2061
	if (IS_ERR(dentry)) {
2062
		ret = PTR_ERR(dentry);
2063
		goto err;
2064
	}
2065

2066
	ret = sel_make_policycap(dentry);
2067
	if (ret) {
2068
		pr_err("SELinux: failed to load policy capabilities\n");
2069
		goto err;
2070
	}
2071

2072
	return 0;
2073
err:
2074
	pr_err("SELinux: %s:  failed while creating inodes\n",
2075
		__func__);
2076

2077
	return ret;
2078
}
2079

2080
static int sel_get_tree(struct fs_context *fc)
2081
{
2082
	return get_tree_single(fc, sel_fill_super);
2083
}
2084

2085
static const struct fs_context_operations sel_context_ops = {
2086
	.get_tree	= sel_get_tree,
2087
};
2088

2089
static int sel_init_fs_context(struct fs_context *fc)
2090
{
2091
	fc->ops = &sel_context_ops;
2092
	return 0;
2093
}
2094

2095
static void sel_kill_sb(struct super_block *sb)
2096
{
2097
	selinux_fs_info_free(sb);
2098
	kill_anon_super(sb);
2099
}
2100

2101
static struct file_system_type sel_fs_type = {
2102
	.name		= "selinuxfs",
2103
	.init_fs_context = sel_init_fs_context,
2104
	.kill_sb	= sel_kill_sb,
2105
};
2106

2107
struct path selinux_null __ro_after_init;
2108

2109
int __init init_sel_fs(void)
2110
{
2111
	struct qstr null_name = QSTR_INIT(NULL_FILE_NAME,
2112
					  sizeof(NULL_FILE_NAME)-1);
2113
	int err;
2114

2115
	if (!selinux_enabled_boot)
2116
		return 0;
2117

2118
	err = sysfs_create_mount_point(fs_kobj, "selinux");
2119
	if (err)
2120
		return err;
2121

2122
	err = register_filesystem(&sel_fs_type);
2123
	if (err) {
2124
		sysfs_remove_mount_point(fs_kobj, "selinux");
2125
		return err;
2126
	}
2127

2128
	selinux_null.mnt = kern_mount(&sel_fs_type);
2129
	if (IS_ERR(selinux_null.mnt)) {
2130
		pr_err("selinuxfs:  could not mount!\n");
2131
		err = PTR_ERR(selinux_null.mnt);
2132
		selinux_null.mnt = NULL;
2133
		return err;
2134
	}
2135

2136
	selinux_null.dentry = try_lookup_noperm(&null_name,
2137
						  selinux_null.mnt->mnt_root);
2138
	if (IS_ERR(selinux_null.dentry)) {
2139
		pr_err("selinuxfs:  could not lookup null!\n");
2140
		err = PTR_ERR(selinux_null.dentry);
2141
		selinux_null.dentry = NULL;
2142
		return err;
2143
	}
2144

2145
	/*
2146
	 * Try to pre-allocate the status page, so the sequence number of the
2147
	 * initial policy load can be stored.
2148
	 */
2149
	(void) selinux_kernel_status_page();
2150

2151
	return err;
2152
}
2153

2154