tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'selinux-pr-20180403' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull SELinux updates from Paul Moore:
"A bigger than usual pull request for SELinux, 13 patches (lucky!)
along with a scary looking diffstat.
Although if you look a bit closer, excluding the usual minor
tweaks/fixes, there are really only two significant changes in this
pull request: the addition of proper SELinux access controls for SCTP
and the encapsulation of a lot of internal SELinux state.
The SCTP changes are the result of a multi-month effort (maybe even a
year or longer?) between the SELinux folks and the SCTP folks to add
proper SELinux controls. A special thanks go to Richard for seeing
this through and keeping the effort moving forward.
The state encapsulation work is a bit of janitorial work that came out
of some early work on SELinux namespacing. The question of namespacing
is still an open one, but I believe there is some real value in the
encapsulation work so we've split that out and are now sending that up
to you"
* tag 'selinux-pr-20180403' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinux: wrap AVC state
selinux: wrap selinuxfs state
selinux: fix handling of uninitialized selinux state in get_bools/classes
selinux: Update SELinux SCTP documentation
selinux: Fix ltp test connect-syscall failure
selinux: rename the {is,set}_enforcing() functions
selinux: wrap global selinux state
selinux: fix typo in selinux_netlbl_sctp_sk_clone declaration
selinux: Add SCTP support
sctp: Add LSM hooks
sctp: Add ip option support
security: Add support for SCTP security hooks
netlabel: If PF_INET6, check sk_buff ip header version
+2953
-1269
+175
Documentation/security/LSM-sctp.rst
+175
Documentation/security/LSM-sctp.rst
···
1
+
SCTP LSM Support
2
+
================
3
+
4
+
For security module support, three SCTP specific hooks have been implemented::
5
+
6
+
security_sctp_assoc_request()
7
+
security_sctp_bind_connect()
8
+
security_sctp_sk_clone()
9
+
10
+
Also the following security hook has been utilised::
11
+
12
+
security_inet_conn_established()
13
+
14
+
The usage of these hooks are described below with the SELinux implementation
15
+
described in ``Documentation/security/SELinux-sctp.rst``
16
+
17
+
18
+
security_sctp_assoc_request()
19
+
-----------------------------
20
+
Passes the ``@ep`` and ``@chunk->skb`` of the association INIT packet to the
21
+
security module. Returns 0 on success, error on failure.
22
+
::
23
+
24
+
@ep - pointer to sctp endpoint structure.
25
+
@skb - pointer to skbuff of association packet.
26
+
27
+
28
+
security_sctp_bind_connect()
29
+
-----------------------------
30
+
Passes one or more ipv4/ipv6 addresses to the security module for validation
31
+
based on the ``@optname`` that will result in either a bind or connect
32
+
service as shown in the permission check tables below.
33
+
Returns 0 on success, error on failure.
34
+
::
35
+
36
+
@sk - Pointer to sock structure.
37
+
@optname - Name of the option to validate.
38
+
@address - One or more ipv4 / ipv6 addresses.
39
+
@addrlen - The total length of address(s). This is calculated on each
40
+
ipv4 or ipv6 address using sizeof(struct sockaddr_in) or
41
+
sizeof(struct sockaddr_in6).
42
+
43
+
------------------------------------------------------------------
44
+
| BIND Type Checks |
45
+
| @optname | @address contains |
46
+
|----------------------------|-----------------------------------|
47
+
| SCTP_SOCKOPT_BINDX_ADD | One or more ipv4 / ipv6 addresses |
48
+
| SCTP_PRIMARY_ADDR | Single ipv4 or ipv6 address |
49
+
| SCTP_SET_PEER_PRIMARY_ADDR | Single ipv4 or ipv6 address |
50
+
------------------------------------------------------------------
51
+
52
+
------------------------------------------------------------------
53
+
| CONNECT Type Checks |
54
+
| @optname | @address contains |
55
+
|----------------------------|-----------------------------------|
56
+
| SCTP_SOCKOPT_CONNECTX | One or more ipv4 / ipv6 addresses |
57
+
| SCTP_PARAM_ADD_IP | One or more ipv4 / ipv6 addresses |
58
+
| SCTP_SENDMSG_CONNECT | Single ipv4 or ipv6 address |
59
+
| SCTP_PARAM_SET_PRIMARY | Single ipv4 or ipv6 address |
60
+
------------------------------------------------------------------
61
+
62
+
A summary of the ``@optname`` entries is as follows::
63
+
64
+
SCTP_SOCKOPT_BINDX_ADD - Allows additional bind addresses to be
65
+
associated after (optionally) calling
66
+
bind(3).
67
+
sctp_bindx(3) adds a set of bind
68
+
addresses on a socket.
69
+
70
+
SCTP_SOCKOPT_CONNECTX - Allows the allocation of multiple
71
+
addresses for reaching a peer
72
+
(multi-homed).
73
+
sctp_connectx(3) initiates a connection
74
+
on an SCTP socket using multiple
75
+
destination addresses.
76
+
77
+
SCTP_SENDMSG_CONNECT - Initiate a connection that is generated by a
78
+
sendmsg(2) or sctp_sendmsg(3) on a new asociation.
79
+
80
+
SCTP_PRIMARY_ADDR - Set local primary address.
81
+
82
+
SCTP_SET_PEER_PRIMARY_ADDR - Request peer sets address as
83
+
association primary.
84
+
85
+
SCTP_PARAM_ADD_IP - These are used when Dynamic Address
86
+
SCTP_PARAM_SET_PRIMARY - Reconfiguration is enabled as explained below.
87
+
88
+
89
+
To support Dynamic Address Reconfiguration the following parameters must be
90
+
enabled on both endpoints (or use the appropriate **setsockopt**\(2))::
91
+
92
+
/proc/sys/net/sctp/addip_enable
93
+
/proc/sys/net/sctp/addip_noauth_enable
94
+
95
+
then the following *_PARAM_*'s are sent to the peer in an
96
+
ASCONF chunk when the corresponding ``@optname``'s are present::
97
+
98
+
@optname ASCONF Parameter
99
+
---------- ------------------
100
+
SCTP_SOCKOPT_BINDX_ADD -> SCTP_PARAM_ADD_IP
101
+
SCTP_SET_PEER_PRIMARY_ADDR -> SCTP_PARAM_SET_PRIMARY
102
+
103
+
104
+
security_sctp_sk_clone()
105
+
-------------------------
106
+
Called whenever a new socket is created by **accept**\(2)
107
+
(i.e. a TCP style socket) or when a socket is 'peeled off' e.g userspace
108
+
calls **sctp_peeloff**\(3).
109
+
::
110
+
111
+
@ep - pointer to current sctp endpoint structure.
112
+
@sk - pointer to current sock structure.
113
+
@sk - pointer to new sock structure.
114
+
115
+
116
+
security_inet_conn_established()
117
+
---------------------------------
118
+
Called when a COOKIE ACK is received::
119
+
120
+
@sk - pointer to sock structure.
121
+
@skb - pointer to skbuff of the COOKIE ACK packet.
122
+
123
+
124
+
Security Hooks used for Association Establishment
125
+
=================================================
126
+
The following diagram shows the use of ``security_sctp_bind_connect()``,
127
+
``security_sctp_assoc_request()``, ``security_inet_conn_established()`` when
128
+
establishing an association.
129
+
::
130
+
131
+
SCTP endpoint "A" SCTP endpoint "Z"
132
+
================= =================
133
+
sctp_sf_do_prm_asoc()
134
+
Association setup can be initiated
135
+
by a connect(2), sctp_connectx(3),
136
+
sendmsg(2) or sctp_sendmsg(3).
137
+
These will result in a call to
138
+
security_sctp_bind_connect() to
139
+
initiate an association to
140
+
SCTP peer endpoint "Z".
141
+
INIT --------------------------------------------->
142
+
sctp_sf_do_5_1B_init()
143
+
Respond to an INIT chunk.
144
+
SCTP peer endpoint "A" is
145
+
asking for an association. Call
146
+
security_sctp_assoc_request()
147
+
to set the peer label if first
148
+
association.
149
+
If not first association, check
150
+
whether allowed, IF so send:
151
+
<----------------------------------------------- INIT ACK
152
+
| ELSE audit event and silently
153
+
| discard the packet.
154
+
|
155
+
COOKIE ECHO ------------------------------------------>
156
+
|
157
+
|
158
+
|
159
+
<------------------------------------------- COOKIE ACK
160
+
| |
161
+
sctp_sf_do_5_1E_ca |
162
+
Call security_inet_conn_established() |
163
+
to set the peer label. |
164
+
| |
165
+
| If SCTP_SOCKET_TCP or peeled off
166
+
| socket security_sctp_sk_clone() is
167
+
| called to clone the new socket.
168
+
| |
169
+
ESTABLISHED ESTABLISHED
170
+
| |
171
+
------------------------------------------------------------------
172
+
| Association Established |
173
+
------------------------------------------------------------------
174
+
175
+
+158
Documentation/security/SELinux-sctp.rst
+158
Documentation/security/SELinux-sctp.rst
···
1
+
SCTP SELinux Support
2
+
=====================
3
+
4
+
Security Hooks
5
+
===============
6
+
7
+
``Documentation/security/LSM-sctp.rst`` describes the following SCTP security
8
+
hooks with the SELinux specifics expanded below::
9
+
10
+
security_sctp_assoc_request()
11
+
security_sctp_bind_connect()
12
+
security_sctp_sk_clone()
13
+
security_inet_conn_established()
14
+
15
+
16
+
security_sctp_assoc_request()
17
+
-----------------------------
18
+
Passes the ``@ep`` and ``@chunk->skb`` of the association INIT packet to the
19
+
security module. Returns 0 on success, error on failure.
20
+
::
21
+
22
+
@ep - pointer to sctp endpoint structure.
23
+
@skb - pointer to skbuff of association packet.
24
+
25
+
The security module performs the following operations:
26
+
IF this is the first association on ``@ep->base.sk``, then set the peer
27
+
sid to that in ``@skb``. This will ensure there is only one peer sid
28
+
assigned to ``@ep->base.sk`` that may support multiple associations.
29
+
30
+
ELSE validate the ``@ep->base.sk peer_sid`` against the ``@skb peer sid``
31
+
to determine whether the association should be allowed or denied.
32
+
33
+
Set the sctp ``@ep sid`` to socket's sid (from ``ep->base.sk``) with
34
+
MLS portion taken from ``@skb peer sid``. This will be used by SCTP
35
+
TCP style sockets and peeled off connections as they cause a new socket
36
+
to be generated.
37
+
38
+
If IP security options are configured (CIPSO/CALIPSO), then the ip
39
+
options are set on the socket.
40
+
41
+
42
+
security_sctp_bind_connect()
43
+
-----------------------------
44
+
Checks permissions required for ipv4/ipv6 addresses based on the ``@optname``
45
+
as follows::
46
+
47
+
------------------------------------------------------------------
48
+
| BIND Permission Checks |
49
+
| @optname | @address contains |
50
+
|----------------------------|-----------------------------------|
51
+
| SCTP_SOCKOPT_BINDX_ADD | One or more ipv4 / ipv6 addresses |
52
+
| SCTP_PRIMARY_ADDR | Single ipv4 or ipv6 address |
53
+
| SCTP_SET_PEER_PRIMARY_ADDR | Single ipv4 or ipv6 address |
54
+
------------------------------------------------------------------
55
+
56
+
------------------------------------------------------------------
57
+
| CONNECT Permission Checks |
58
+
| @optname | @address contains |
59
+
|----------------------------|-----------------------------------|
60
+
| SCTP_SOCKOPT_CONNECTX | One or more ipv4 / ipv6 addresses |
61
+
| SCTP_PARAM_ADD_IP | One or more ipv4 / ipv6 addresses |
62
+
| SCTP_SENDMSG_CONNECT | Single ipv4 or ipv6 address |
63
+
| SCTP_PARAM_SET_PRIMARY | Single ipv4 or ipv6 address |
64
+
------------------------------------------------------------------
65
+
66
+
67
+
``Documentation/security/LSM-sctp.rst`` gives a summary of the ``@optname``
68
+
entries and also describes ASCONF chunk processing when Dynamic Address
69
+
Reconfiguration is enabled.
70
+
71
+
72
+
security_sctp_sk_clone()
73
+
-------------------------
74
+
Called whenever a new socket is created by **accept**\(2) (i.e. a TCP style
75
+
socket) or when a socket is 'peeled off' e.g userspace calls
76
+
**sctp_peeloff**\(3). ``security_sctp_sk_clone()`` will set the new
77
+
sockets sid and peer sid to that contained in the ``@ep sid`` and
78
+
``@ep peer sid`` respectively.
79
+
::
80
+
81
+
@ep - pointer to current sctp endpoint structure.
82
+
@sk - pointer to current sock structure.
83
+
@sk - pointer to new sock structure.
84
+
85
+
86
+
security_inet_conn_established()
87
+
---------------------------------
88
+
Called when a COOKIE ACK is received where it sets the connection's peer sid
89
+
to that in ``@skb``::
90
+
91
+
@sk - pointer to sock structure.
92
+
@skb - pointer to skbuff of the COOKIE ACK packet.
93
+
94
+
95
+
Policy Statements
96
+
==================
97
+
The following class and permissions to support SCTP are available within the
98
+
kernel::
99
+
100
+
class sctp_socket inherits socket { node_bind }
101
+
102
+
whenever the following policy capability is enabled::
103
+
104
+
policycap extended_socket_class;
105
+
106
+
SELinux SCTP support adds the ``name_connect`` permission for connecting
107
+
to a specific port type and the ``association`` permission that is explained
108
+
in the section below.
109
+
110
+
If userspace tools have been updated, SCTP will support the ``portcon``
111
+
statement as shown in the following example::
112
+
113
+
portcon sctp 1024-1036 system_u:object_r:sctp_ports_t:s0
114
+
115
+
116
+
SCTP Peer Labeling
117
+
===================
118
+
An SCTP socket will only have one peer label assigned to it. This will be
119
+
assigned during the establishment of the first association. Any further
120
+
associations on this socket will have their packet peer label compared to
121
+
the sockets peer label, and only if they are different will the
122
+
``association`` permission be validated. This is validated by checking the
123
+
socket peer sid against the received packets peer sid to determine whether
124
+
the association should be allowed or denied.
125
+
126
+
NOTES:
127
+
1) If peer labeling is not enabled, then the peer context will always be
128
+
``SECINITSID_UNLABELED`` (``unlabeled_t`` in Reference Policy).
129
+
130
+
2) As SCTP can support more than one transport address per endpoint
131
+
(multi-homing) on a single socket, it is possible to configure policy
132
+
and NetLabel to provide different peer labels for each of these. As the
133
+
socket peer label is determined by the first associations transport
134
+
address, it is recommended that all peer labels are consistent.
135
+
136
+
3) **getpeercon**\(3) may be used by userspace to retrieve the sockets peer
137
+
context.
138
+
139
+
4) While not SCTP specific, be aware when using NetLabel that if a label
140
+
is assigned to a specific interface, and that interface 'goes down',
141
+
then the NetLabel service will remove the entry. Therefore ensure that
142
+
the network startup scripts call **netlabelctl**\(8) to set the required
143
+
label (see **netlabel-config**\(8) helper script for details).
144
+
145
+
5) The NetLabel SCTP peer labeling rules apply as discussed in the following
146
+
set of posts tagged "netlabel" at: http://www.paul-moore.com/blog/t.
147
+
148
+
6) CIPSO is only supported for IPv4 addressing: ``socket(AF_INET, ...)``
149
+
CALIPSO is only supported for IPv6 addressing: ``socket(AF_INET6, ...)``
150
+
151
+
Note the following when testing CIPSO/CALIPSO:
152
+
a) CIPSO will send an ICMP packet if an SCTP packet cannot be
153
+
delivered because of an invalid label.
154
+
b) CALIPSO does not send an ICMP packet, just silently discards it.
155
+
156
+
7) IPSEC is not supported as RFC 3554 - sctp/ipsec support has not been
157
+
implemented in userspace (**racoon**\(8) or **ipsec_pluto**\(8)),
158
+
although the kernel supports SCTP/IPSEC.
+36
include/linux/lsm_hooks.h
+36
include/linux/lsm_hooks.h
···
906
906
* associated with the TUN device's security structure.
907
907
* @security pointer to the TUN devices's security structure.
908
908
*
909
+
* Security hooks for SCTP
910
+
*
911
+
* @sctp_assoc_request:
912
+
* Passes the @ep and @chunk->skb of the association INIT packet to
913
+
* the security module.
914
+
* @ep pointer to sctp endpoint structure.
915
+
* @skb pointer to skbuff of association packet.
916
+
* Return 0 on success, error on failure.
917
+
* @sctp_bind_connect:
918
+
* Validiate permissions required for each address associated with sock
919
+
* @sk. Depending on @optname, the addresses will be treated as either
920
+
* for a connect or bind service. The @addrlen is calculated on each
921
+
* ipv4 and ipv6 address using sizeof(struct sockaddr_in) or
922
+
* sizeof(struct sockaddr_in6).
923
+
* @sk pointer to sock structure.
924
+
* @optname name of the option to validate.
925
+
* @address list containing one or more ipv4/ipv6 addresses.
926
+
* @addrlen total length of address(s).
927
+
* Return 0 on success, error on failure.
928
+
* @sctp_sk_clone:
929
+
* Called whenever a new socket is created by accept(2) (i.e. a TCP
930
+
* style socket) or when a socket is 'peeled off' e.g userspace
931
+
* calls sctp_peeloff(3).
932
+
* @ep pointer to current sctp endpoint structure.
933
+
* @sk pointer to current sock structure.
934
+
* @sk pointer to new sock structure.
935
+
*
909
936
* Security hooks for Infiniband
910
937
*
911
938
* @ib_pkey_access:
···
1692
1665
int (*tun_dev_attach_queue)(void *security);
1693
1666
int (*tun_dev_attach)(struct sock *sk, void *security);
1694
1667
int (*tun_dev_open)(void *security);
1668
+
int (*sctp_assoc_request)(struct sctp_endpoint *ep,
1669
+
struct sk_buff *skb);
1670
+
int (*sctp_bind_connect)(struct sock *sk, int optname,
1671
+
struct sockaddr *address, int addrlen);
1672
+
void (*sctp_sk_clone)(struct sctp_endpoint *ep, struct sock *sk,
1673
+
struct sock *newsk);
1695
1674
#endif /* CONFIG_SECURITY_NETWORK */
1696
1675
1697
1676
#ifdef CONFIG_SECURITY_INFINIBAND
···
1947
1914
struct list_head tun_dev_attach_queue;
1948
1915
struct list_head tun_dev_attach;
1949
1916
struct list_head tun_dev_open;
1917
+
struct list_head sctp_assoc_request;
1918
+
struct list_head sctp_bind_connect;
1919
+
struct list_head sctp_sk_clone;
1950
1920
#endif /* CONFIG_SECURITY_NETWORK */
1951
1921
#ifdef CONFIG_SECURITY_INFINIBAND
1952
1922
struct list_head ib_pkey_access;
+25
include/linux/security.h
+25
include/linux/security.h
···
112
112
struct xfrm_state;
113
113
struct xfrm_user_sec_ctx;
114
114
struct seq_file;
115
+
struct sctp_endpoint;
115
116
116
117
#ifdef CONFIG_MMU
117
118
extern unsigned long mmap_min_addr;
···
1227
1226
int security_tun_dev_attach_queue(void *security);
1228
1227
int security_tun_dev_attach(struct sock *sk, void *security);
1229
1228
int security_tun_dev_open(void *security);
1229
+
int security_sctp_assoc_request(struct sctp_endpoint *ep, struct sk_buff *skb);
1230
+
int security_sctp_bind_connect(struct sock *sk, int optname,
1231
+
struct sockaddr *address, int addrlen);
1232
+
void security_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk,
1233
+
struct sock *newsk);
1230
1234
1231
1235
#else /* CONFIG_SECURITY_NETWORK */
1232
1236
static inline int security_unix_stream_connect(struct sock *sock,
···
1423
1417
static inline int security_tun_dev_open(void *security)
1424
1418
{
1425
1419
return 0;
1420
+
}
1421
+
1422
+
static inline int security_sctp_assoc_request(struct sctp_endpoint *ep,
1423
+
struct sk_buff *skb)
1424
+
{
1425
+
return 0;
1426
+
}
1427
+
1428
+
static inline int security_sctp_bind_connect(struct sock *sk, int optname,
1429
+
struct sockaddr *address,
1430
+
int addrlen)
1431
+
{
1432
+
return 0;
1433
+
}
1434
+
1435
+
static inline void security_sctp_sk_clone(struct sctp_endpoint *ep,
1436
+
struct sock *sk,
1437
+
struct sock *newsk)
1438
+
{
1426
1439
}
1427
1440
#endif /* CONFIG_SECURITY_NETWORK */
1428
1441
+3
-1
include/net/sctp/sctp.h
+3
-1
include/net/sctp/sctp.h
···
432
432
static inline int sctp_frag_point(const struct sctp_association *asoc, int pmtu)
433
433
{
434
434
struct sctp_sock *sp = sctp_sk(asoc->base.sk);
435
+
struct sctp_af *af = sp->pf->af;
435
436
int frag = pmtu;
436
437
437
-
frag -= sp->pf->af->net_header_len;
438
+
frag -= af->ip_options_len(asoc->base.sk);
439
+
frag -= af->net_header_len;
438
440
frag -= sizeof(struct sctphdr) + sctp_datachk_len(&asoc->stream);
439
441
440
442
if (asoc->user_frag)
+12
include/net/sctp/structs.h
+12
include/net/sctp/structs.h
···
491
491
void (*ecn_capable)(struct sock *sk);
492
492
__u16 net_header_len;
493
493
int sockaddr_len;
494
+
int (*ip_options_len)(struct sock *sk);
494
495
sa_family_t sa_family;
495
496
struct list_head list;
496
497
};
···
516
515
int (*addr_to_user)(struct sctp_sock *sk, union sctp_addr *addr);
517
516
void (*to_sk_saddr)(union sctp_addr *, struct sock *sk);
518
517
void (*to_sk_daddr)(union sctp_addr *, struct sock *sk);
518
+
void (*copy_ip_options)(struct sock *sk, struct sock *newsk);
519
519
struct sctp_af *af;
520
520
};
521
521
···
1322
1320
reconf_enable:1;
1323
1321
1324
1322
__u8 strreset_enable;
1323
+
1324
+
/* Security identifiers from incoming (INIT). These are set by
1325
+
* security_sctp_assoc_request(). These will only be used by
1326
+
* SCTP TCP type sockets and peeled off connections as they
1327
+
* cause a new socket to be generated. security_sctp_sk_clone()
1328
+
* will then plug these into the new socket.
1329
+
*/
1330
+
1331
+
u32 secid;
1332
+
u32 peer_secid;
1325
1333
};
1326
1334
1327
1335
/* Recover the outter endpoint structure. */
+1
include/uapi/linux/sctp.h
+1
include/uapi/linux/sctp.h
+10
net/netlabel/netlabel_unlabeled.c
+10
net/netlabel/netlabel_unlabeled.c
···
1472
1472
iface = rcu_dereference(netlbl_unlhsh_def);
1473
1473
if (iface == NULL || !iface->valid)
1474
1474
goto unlabel_getattr_nolabel;
1475
+
1476
+
#if IS_ENABLED(CONFIG_IPV6)
1477
+
/* When resolving a fallback label, check the sk_buff version as
1478
+
* it is possible (e.g. SCTP) to have family = PF_INET6 while
1479
+
* receiving ip_hdr(skb)->version = 4.
1480
+
*/
1481
+
if (family == PF_INET6 && ip_hdr(skb)->version == 4)
1482
+
family = PF_INET;
1483
+
#endif /* IPv6 */
1484
+
1475
1485
switch (family) {
1476
1486
case PF_INET: {
1477
1487
struct iphdr *hdr4;
+7
-3
net/sctp/chunk.c
+7
-3
net/sctp/chunk.c
···
172
172
struct list_head *pos, *temp;
173
173
struct sctp_chunk *chunk;
174
174
struct sctp_datamsg *msg;
175
+
struct sctp_sock *sp;
176
+
struct sctp_af *af;
175
177
int err;
176
178
177
179
msg = sctp_datamsg_new(GFP_KERNEL);
···
192
190
/* This is the biggest possible DATA chunk that can fit into
193
191
* the packet
194
192
*/
195
-
max_data = asoc->pathmtu -
196
-
sctp_sk(asoc->base.sk)->pf->af->net_header_len -
197
-
sizeof(struct sctphdr) - sctp_datachk_len(&asoc->stream);
193
+
sp = sctp_sk(asoc->base.sk);
194
+
af = sp->pf->af;
195
+
max_data = asoc->pathmtu - af->net_header_len -
196
+
sizeof(struct sctphdr) - sctp_datachk_len(&asoc->stream) -
197
+
af->ip_options_len(asoc->base.sk);
198
198
max_data = SCTP_TRUNC4(max_data);
199
199
200
200
/* If the the peer requested that we authenticate DATA chunks
+38
-7
net/sctp/ipv6.c
+38
-7
net/sctp/ipv6.c
···
427
427
rcu_read_unlock();
428
428
}
429
429
430
+
/* Copy over any ip options */
431
+
static void sctp_v6_copy_ip_options(struct sock *sk, struct sock *newsk)
432
+
{
433
+
struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
434
+
struct ipv6_txoptions *opt;
435
+
436
+
newnp = inet6_sk(newsk);
437
+
438
+
rcu_read_lock();
439
+
opt = rcu_dereference(np->opt);
440
+
if (opt) {
441
+
opt = ipv6_dup_options(newsk, opt);
442
+
if (!opt)
443
+
pr_err("%s: Failed to copy ip options\n", __func__);
444
+
}
445
+
RCU_INIT_POINTER(newnp->opt, opt);
446
+
rcu_read_unlock();
447
+
}
448
+
449
+
/* Account for the IP options */
450
+
static int sctp_v6_ip_options_len(struct sock *sk)
451
+
{
452
+
struct ipv6_pinfo *np = inet6_sk(sk);
453
+
struct ipv6_txoptions *opt;
454
+
int len = 0;
455
+
456
+
rcu_read_lock();
457
+
opt = rcu_dereference(np->opt);
458
+
if (opt)
459
+
len = opt->opt_flen + opt->opt_nflen;
460
+
461
+
rcu_read_unlock();
462
+
return len;
463
+
}
464
+
430
465
/* Initialize a sockaddr_storage from in incoming skb. */
431
466
static void sctp_v6_from_skb(union sctp_addr *addr, struct sk_buff *skb,
432
467
int is_saddr)
···
701
666
struct sock *newsk;
702
667
struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
703
668
struct sctp6_sock *newsctp6sk;
704
-
struct ipv6_txoptions *opt;
705
669
706
670
newsk = sk_alloc(sock_net(sk), PF_INET6, GFP_KERNEL, sk->sk_prot, kern);
707
671
if (!newsk)
···
723
689
newnp->ipv6_ac_list = NULL;
724
690
newnp->ipv6_fl_list = NULL;
725
691
726
-
rcu_read_lock();
727
-
opt = rcu_dereference(np->opt);
728
-
if (opt)
729
-
opt = ipv6_dup_options(newsk, opt);
730
-
RCU_INIT_POINTER(newnp->opt, opt);
731
-
rcu_read_unlock();
692
+
sctp_v6_copy_ip_options(sk, newsk);
732
693
733
694
/* Initialize sk's sport, dport, rcv_saddr and daddr for getsockname()
734
695
* and getpeername().
···
1070
1041
.ecn_capable = sctp_v6_ecn_capable,
1071
1042
.net_header_len = sizeof(struct ipv6hdr),
1072
1043
.sockaddr_len = sizeof(struct sockaddr_in6),
1044
+
.ip_options_len = sctp_v6_ip_options_len,
1073
1045
#ifdef CONFIG_COMPAT
1074
1046
.compat_setsockopt = compat_ipv6_setsockopt,
1075
1047
.compat_getsockopt = compat_ipv6_getsockopt,
···
1089
1059
.addr_to_user = sctp_v6_addr_to_user,
1090
1060
.to_sk_saddr = sctp_v6_to_sk_saddr,
1091
1061
.to_sk_daddr = sctp_v6_to_sk_daddr,
1062
+
.copy_ip_options = sctp_v6_copy_ip_options,
1092
1063
.af = &sctp_af_inet6,
1093
1064
};
1094
1065
+21
-13
net/sctp/output.c
+21
-13
net/sctp/output.c
···
69
69
70
70
static void sctp_packet_reset(struct sctp_packet *packet)
71
71
{
72
+
/* sctp_packet_transmit() relies on this to reset size to the
73
+
* current overhead after sending packets.
74
+
*/
72
75
packet->size = packet->overhead;
76
+
73
77
packet->has_cookie_echo = 0;
74
78
packet->has_sack = 0;
75
79
packet->has_data = 0;
···
91
87
struct sctp_transport *tp = packet->transport;
92
88
struct sctp_association *asoc = tp->asoc;
93
89
struct sock *sk;
90
+
size_t overhead = sizeof(struct ipv6hdr) + sizeof(struct sctphdr);
94
91
95
92
pr_debug("%s: packet:%p vtag:0x%x\n", __func__, packet, vtag);
96
93
packet->vtag = vtag;
···
100
95
if (!sctp_packet_empty(packet))
101
96
return;
102
97
103
-
/* set packet max_size with pathmtu */
98
+
/* set packet max_size with pathmtu, then calculate overhead */
104
99
packet->max_size = tp->pathmtu;
105
-
if (!asoc)
100
+
if (asoc) {
101
+
struct sctp_sock *sp = sctp_sk(asoc->base.sk);
102
+
struct sctp_af *af = sp->pf->af;
103
+
104
+
overhead = af->net_header_len +
105
+
af->ip_options_len(asoc->base.sk);
106
+
overhead += sizeof(struct sctphdr);
107
+
packet->overhead = overhead;
108
+
packet->size = overhead;
109
+
} else {
110
+
packet->overhead = overhead;
111
+
packet->size = overhead;
106
112
return;
113
+
}
107
114
108
115
/* update dst or transport pathmtu if in need */
109
116
sk = asoc->base.sk;
···
157
140
struct sctp_transport *transport,
158
141
__u16 sport, __u16 dport)
159
142
{
160
-
struct sctp_association *asoc = transport->asoc;
161
-
size_t overhead;
162
-
163
143
pr_debug("%s: packet:%p transport:%p\n", __func__, packet, transport);
164
144
165
145
packet->transport = transport;
166
146
packet->source_port = sport;
167
147
packet->destination_port = dport;
168
148
INIT_LIST_HEAD(&packet->chunk_list);
169
-
if (asoc) {
170
-
struct sctp_sock *sp = sctp_sk(asoc->base.sk);
171
-
overhead = sp->pf->af->net_header_len;
172
-
} else {
173
-
overhead = sizeof(struct ipv6hdr);
174
-
}
175
-
overhead += sizeof(struct sctphdr);
176
-
packet->overhead = overhead;
149
+
/* The overhead will be calculated by sctp_packet_config() */
150
+
packet->overhead = 0;
177
151
sctp_packet_reset(packet);
178
152
packet->vtag = 0;
179
153
}
+43
net/sctp/protocol.c
+43
net/sctp/protocol.c
···
187
187
return error;
188
188
}
189
189
190
+
/* Copy over any ip options */
191
+
static void sctp_v4_copy_ip_options(struct sock *sk, struct sock *newsk)
192
+
{
193
+
struct inet_sock *newinet, *inet = inet_sk(sk);
194
+
struct ip_options_rcu *inet_opt, *newopt = NULL;
195
+
196
+
newinet = inet_sk(newsk);
197
+
198
+
rcu_read_lock();
199
+
inet_opt = rcu_dereference(inet->inet_opt);
200
+
if (inet_opt) {
201
+
newopt = sock_kmalloc(newsk, sizeof(*inet_opt) +
202
+
inet_opt->opt.optlen, GFP_ATOMIC);
203
+
if (newopt)
204
+
memcpy(newopt, inet_opt, sizeof(*inet_opt) +
205
+
inet_opt->opt.optlen);
206
+
else
207
+
pr_err("%s: Failed to copy ip options\n", __func__);
208
+
}
209
+
RCU_INIT_POINTER(newinet->inet_opt, newopt);
210
+
rcu_read_unlock();
211
+
}
212
+
213
+
/* Account for the IP options */
214
+
static int sctp_v4_ip_options_len(struct sock *sk)
215
+
{
216
+
struct inet_sock *inet = inet_sk(sk);
217
+
struct ip_options_rcu *inet_opt;
218
+
int len = 0;
219
+
220
+
rcu_read_lock();
221
+
inet_opt = rcu_dereference(inet->inet_opt);
222
+
if (inet_opt)
223
+
len = inet_opt->opt.optlen;
224
+
225
+
rcu_read_unlock();
226
+
return len;
227
+
}
228
+
190
229
/* Initialize a sctp_addr from in incoming skb. */
191
230
static void sctp_v4_from_skb(union sctp_addr *addr, struct sk_buff *skb,
192
231
int is_saddr)
···
576
537
577
538
sctp_copy_sock(newsk, sk, asoc);
578
539
sock_reset_flag(newsk, SOCK_ZAPPED);
540
+
541
+
sctp_v4_copy_ip_options(sk, newsk);
579
542
580
543
newinet = inet_sk(newsk);
581
544
···
997
956
.addr_to_user = sctp_v4_addr_to_user,
998
957
.to_sk_saddr = sctp_v4_to_sk_saddr,
999
958
.to_sk_daddr = sctp_v4_to_sk_daddr,
959
+
.copy_ip_options = sctp_v4_copy_ip_options,
1000
960
.af = &sctp_af_inet
1001
961
};
1002
962
···
1082
1040
.ecn_capable = sctp_v4_ecn_capable,
1083
1041
.net_header_len = sizeof(struct iphdr),
1084
1042
.sockaddr_len = sizeof(struct sockaddr_in),
1043
+
.ip_options_len = sctp_v4_ip_options_len,
1085
1044
#ifdef CONFIG_COMPAT
1086
1045
.compat_setsockopt = compat_ip_setsockopt,
1087
1046
.compat_getsockopt = compat_ip_getsockopt,
+12
net/sctp/sm_make_chunk.c
+12
net/sctp/sm_make_chunk.c
···
3098
3098
if (af->is_any(&addr))
3099
3099
memcpy(&addr, &asconf->source, sizeof(addr));
3100
3100
3101
+
if (security_sctp_bind_connect(asoc->ep->base.sk,
3102
+
SCTP_PARAM_ADD_IP,
3103
+
(struct sockaddr *)&addr,
3104
+
af->sockaddr_len))
3105
+
return SCTP_ERROR_REQ_REFUSED;
3106
+
3101
3107
/* ADDIP 4.3 D9) If an endpoint receives an ADD IP address
3102
3108
* request and does not have the local resources to add this
3103
3109
* new address to the association, it MUST return an Error
···
3169
3163
*/
3170
3164
if (af->is_any(&addr))
3171
3165
memcpy(&addr.v4, sctp_source(asconf), sizeof(addr));
3166
+
3167
+
if (security_sctp_bind_connect(asoc->ep->base.sk,
3168
+
SCTP_PARAM_SET_PRIMARY,
3169
+
(struct sockaddr *)&addr,
3170
+
af->sockaddr_len))
3171
+
return SCTP_ERROR_REQ_REFUSED;
3172
3172
3173
3173
peer = sctp_assoc_lookup_paddr(asoc, &addr);
3174
3174
if (!peer)
+18
net/sctp/sm_statefuns.c
+18
net/sctp/sm_statefuns.c
···
321
321
struct sctp_packet *packet;
322
322
int len;
323
323
324
+
/* Update socket peer label if first association. */
325
+
if (security_sctp_assoc_request((struct sctp_endpoint *)ep,
326
+
chunk->skb))
327
+
return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands);
328
+
324
329
/* 6.10 Bundling
325
330
* An endpoint MUST NOT bundle INIT, INIT ACK or
326
331
* SHUTDOWN COMPLETE with any other chunks.
···
927
922
*/
928
923
sctp_add_cmd_sf(commands, SCTP_CMD_INIT_COUNTER_RESET, SCTP_NULL());
929
924
925
+
/* Set peer label for connection. */
926
+
security_inet_conn_established(ep->base.sk, chunk->skb);
927
+
930
928
/* RFC 2960 5.1 Normal Establishment of an Association
931
929
*
932
930
* E) Upon reception of the COOKIE ACK, endpoint "A" will move
···
1466
1458
enum sctp_disposition retval;
1467
1459
struct sctp_packet *packet;
1468
1460
int len;
1461
+
1462
+
/* Update socket peer label if first association. */
1463
+
if (security_sctp_assoc_request((struct sctp_endpoint *)ep,
1464
+
chunk->skb))
1465
+
return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands);
1469
1466
1470
1467
/* 6.10 Bundling
1471
1468
* An endpoint MUST NOT bundle INIT, INIT ACK or
···
2157
2144
return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands);
2158
2145
}
2159
2146
}
2147
+
2148
+
/* Update socket peer label if first association. */
2149
+
if (security_sctp_assoc_request((struct sctp_endpoint *)ep,
2150
+
chunk->skb))
2151
+
return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands);
2160
2152
2161
2153
/* Set temp so that it won't be added into hashtable */
2162
2154
new_asoc->temp = 1;
+66
-4
net/sctp/socket.c
+66
-4
net/sctp/socket.c
···
1046
1046
/* Do the work. */
1047
1047
switch (op) {
1048
1048
case SCTP_BINDX_ADD_ADDR:
1049
+
/* Allow security module to validate bindx addresses. */
1050
+
err = security_sctp_bind_connect(sk, SCTP_SOCKOPT_BINDX_ADD,
1051
+
(struct sockaddr *)kaddrs,
1052
+
addrs_size);
1053
+
if (err)
1054
+
goto out;
1049
1055
err = sctp_bindx_add(sk, kaddrs, addrcnt);
1050
1056
if (err)
1051
1057
goto out;
···
1261
1255
1262
1256
if (assoc_id)
1263
1257
*assoc_id = asoc->assoc_id;
1258
+
1264
1259
err = sctp_wait_for_connect(asoc, &timeo);
1265
1260
/* Note: the asoc may be freed after the return of
1266
1261
* sctp_wait_for_connect.
···
1357
1350
if (unlikely(IS_ERR(kaddrs)))
1358
1351
return PTR_ERR(kaddrs);
1359
1352
1353
+
/* Allow security module to validate connectx addresses. */
1354
+
err = security_sctp_bind_connect(sk, SCTP_SOCKOPT_CONNECTX,
1355
+
(struct sockaddr *)kaddrs,
1356
+
addrs_size);
1357
+
if (err)
1358
+
goto out_free;
1359
+
1360
1360
err = __sctp_connect(sk, kaddrs, addrs_size, assoc_id);
1361
+
1362
+
out_free:
1361
1363
kvfree(kaddrs);
1362
1364
1363
1365
return err;
···
1696
1680
struct sctp_association *asoc;
1697
1681
enum sctp_scope scope;
1698
1682
struct cmsghdr *cmsg;
1683
+
struct sctp_af *af;
1699
1684
int err;
1700
1685
1701
1686
*tp = NULL;
···
1721
1704
}
1722
1705
1723
1706
scope = sctp_scope(daddr);
1707
+
1708
+
/* Label connection socket for first association 1-to-many
1709
+
* style for client sequence socket()->sendmsg(). This
1710
+
* needs to be done before sctp_assoc_add_peer() as that will
1711
+
* set up the initial packet that needs to account for any
1712
+
* security ip options (CIPSO/CALIPSO) added to the packet.
1713
+
*/
1714
+
af = sctp_get_af_specific(daddr->sa.sa_family);
1715
+
if (!af)
1716
+
return -EINVAL;
1717
+
err = security_sctp_bind_connect(sk, SCTP_SENDMSG_CONNECT,
1718
+
(struct sockaddr *)daddr,
1719
+
af->sockaddr_len);
1720
+
if (err < 0)
1721
+
return err;
1724
1722
1725
1723
asoc = sctp_association_new(ep, sk, scope, GFP_KERNEL);
1726
1724
if (!asoc)
···
2964
2932
{
2965
2933
struct sctp_prim prim;
2966
2934
struct sctp_transport *trans;
2935
+
struct sctp_af *af;
2936
+
int err;
2967
2937
2968
2938
if (optlen != sizeof(struct sctp_prim))
2969
2939
return -EINVAL;
2970
2940
2971
2941
if (copy_from_user(&prim, optval, sizeof(struct sctp_prim)))
2972
2942
return -EFAULT;
2943
+
2944
+
/* Allow security module to validate address but need address len. */
2945
+
af = sctp_get_af_specific(prim.ssp_addr.ss_family);
2946
+
if (!af)
2947
+
return -EINVAL;
2948
+
2949
+
err = security_sctp_bind_connect(sk, SCTP_PRIMARY_ADDR,
2950
+
(struct sockaddr *)&prim.ssp_addr,
2951
+
af->sockaddr_len);
2952
+
if (err)
2953
+
return err;
2973
2954
2974
2955
trans = sctp_addr_id2transport(sk, &prim.ssp_addr, prim.ssp_assoc_id);
2975
2956
if (!trans)
···
3206
3161
static int sctp_setsockopt_maxseg(struct sock *sk, char __user *optval, unsigned int optlen)
3207
3162
{
3208
3163
struct sctp_sock *sp = sctp_sk(sk);
3164
+
struct sctp_af *af = sp->pf->af;
3209
3165
struct sctp_assoc_value params;
3210
3166
struct sctp_association *asoc;
3211
3167
int val;
···
3231
3185
if (val) {
3232
3186
int min_len, max_len;
3233
3187
3234
-
min_len = SCTP_DEFAULT_MINSEGMENT - sp->pf->af->net_header_len;
3188
+
min_len = SCTP_DEFAULT_MINSEGMENT - af->net_header_len;
3189
+
min_len -= af->ip_options_len(sk);
3235
3190
min_len -= sizeof(struct sctphdr) +
3236
3191
sizeof(struct sctp_data_chunk);
3237
3192
···
3245
3198
asoc = sctp_id2assoc(sk, params.assoc_id);
3246
3199
if (asoc) {
3247
3200
if (val == 0) {
3248
-
val = asoc->pathmtu - sp->pf->af->net_header_len;
3201
+
val = asoc->pathmtu - af->net_header_len;
3202
+
val -= af->ip_options_len(sk);
3249
3203
val -= sizeof(struct sctphdr) +
3250
3204
sctp_datachk_len(&asoc->stream);
3251
3205
}
···
3314
3266
3315
3267
if (!sctp_assoc_lookup_laddr(asoc, (union sctp_addr *)&prim.sspp_addr))
3316
3268
return -EADDRNOTAVAIL;
3269
+
3270
+
/* Allow security module to validate address. */
3271
+
err = security_sctp_bind_connect(sk, SCTP_SET_PEER_PRIMARY_ADDR,
3272
+
(struct sockaddr *)&prim.sspp_addr,
3273
+
af->sockaddr_len);
3274
+
if (err)
3275
+
return err;
3317
3276
3318
3277
/* Create an ASCONF chunk with SET_PRIMARY parameter */
3319
3278
chunk = sctp_make_asconf_set_prim(asoc,
···
5195
5140
sctp_copy_sock(sock->sk, sk, asoc);
5196
5141
5197
5142
/* Make peeled-off sockets more like 1-1 accepted sockets.
5198
-
* Set the daddr and initialize id to something more random
5143
+
* Set the daddr and initialize id to something more random and also
5144
+
* copy over any ip options.
5199
5145
*/
5200
5146
sp->pf->to_sk_daddr(&asoc->peer.primary_addr, sk);
5147
+
sp->pf->copy_ip_options(sk, sock->sk);
5201
5148
5202
5149
/* Populate the fields of the newsk from the oldsk and migrate the
5203
5150
* asoc to the newsk.
···
8522
8465
{
8523
8466
struct inet_sock *inet = inet_sk(sk);
8524
8467
struct inet_sock *newinet;
8468
+
struct sctp_sock *sp = sctp_sk(sk);
8469
+
struct sctp_endpoint *ep = sp->ep;
8525
8470
8526
8471
newsk->sk_type = sk->sk_type;
8527
8472
newsk->sk_bound_dev_if = sk->sk_bound_dev_if;
···
8566
8507
if (newsk->sk_flags & SK_FLAGS_TIMESTAMP)
8567
8508
net_enable_timestamp();
8568
8509
8569
-
security_sk_clone(sk, newsk);
8510
+
/* Set newsk security attributes from orginal sk and connection
8511
+
* security attribute from ep.
8512
+
*/
8513
+
security_sctp_sk_clone(ep, sk, newsk);
8570
8514
}
8571
8515
8572
8516
static inline void sctp_copy_descendant(struct sock *sk_to,
+22
security/security.c
+22
security/security.c
···
1473
1473
{
1474
1474
call_void_hook(inet_conn_established, sk, skb);
1475
1475
}
1476
+
EXPORT_SYMBOL(security_inet_conn_established);
1476
1477
1477
1478
int security_secmark_relabel_packet(u32 secid)
1478
1479
{
···
1528
1527
return call_int_hook(tun_dev_open, 0, security);
1529
1528
}
1530
1529
EXPORT_SYMBOL(security_tun_dev_open);
1530
+
1531
+
int security_sctp_assoc_request(struct sctp_endpoint *ep, struct sk_buff *skb)
1532
+
{
1533
+
return call_int_hook(sctp_assoc_request, 0, ep, skb);
1534
+
}
1535
+
EXPORT_SYMBOL(security_sctp_assoc_request);
1536
+
1537
+
int security_sctp_bind_connect(struct sock *sk, int optname,
1538
+
struct sockaddr *address, int addrlen)
1539
+
{
1540
+
return call_int_hook(sctp_bind_connect, 0, sk, optname,
1541
+
address, addrlen);
1542
+
}
1543
+
EXPORT_SYMBOL(security_sctp_bind_connect);
1544
+
1545
+
void security_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk,
1546
+
struct sock *newsk)
1547
+
{
1548
+
call_void_hook(sctp_sk_clone, ep, sk, newsk);
1549
+
}
1550
+
EXPORT_SYMBOL(security_sctp_sk_clone);
1531
1551
1532
1552
#endif /* CONFIG_SECURITY_NETWORK */
1533
1553
+163
-119
security/selinux/avc.c
+163
-119
security/selinux/avc.c
···
82
82
struct avc_callback_node *next;
83
83
};
84
84
85
-
/* Exported via selinufs */
86
-
unsigned int avc_cache_threshold = AVC_DEF_CACHE_THRESHOLD;
87
-
88
85
#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
89
86
DEFINE_PER_CPU(struct avc_cache_stats, avc_cache_stats) = { 0 };
90
87
#endif
91
88
92
-
static struct avc_cache avc_cache;
89
+
struct selinux_avc {
90
+
unsigned int avc_cache_threshold;
91
+
struct avc_cache avc_cache;
92
+
};
93
+
94
+
static struct selinux_avc selinux_avc;
95
+
96
+
void selinux_avc_init(struct selinux_avc **avc)
97
+
{
98
+
int i;
99
+
100
+
selinux_avc.avc_cache_threshold = AVC_DEF_CACHE_THRESHOLD;
101
+
for (i = 0; i < AVC_CACHE_SLOTS; i++) {
102
+
INIT_HLIST_HEAD(&selinux_avc.avc_cache.slots[i]);
103
+
spin_lock_init(&selinux_avc.avc_cache.slots_lock[i]);
104
+
}
105
+
atomic_set(&selinux_avc.avc_cache.active_nodes, 0);
106
+
atomic_set(&selinux_avc.avc_cache.lru_hint, 0);
107
+
*avc = &selinux_avc;
108
+
}
109
+
110
+
unsigned int avc_get_cache_threshold(struct selinux_avc *avc)
111
+
{
112
+
return avc->avc_cache_threshold;
113
+
}
114
+
115
+
void avc_set_cache_threshold(struct selinux_avc *avc,
116
+
unsigned int cache_threshold)
117
+
{
118
+
avc->avc_cache_threshold = cache_threshold;
119
+
}
120
+
93
121
static struct avc_callback_node *avc_callbacks;
94
122
static struct kmem_cache *avc_node_cachep;
95
123
static struct kmem_cache *avc_xperms_data_cachep;
···
171
143
* @tsid: target security identifier
172
144
* @tclass: target security class
173
145
*/
174
-
static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tclass)
146
+
static void avc_dump_query(struct audit_buffer *ab, struct selinux_state *state,
147
+
u32 ssid, u32 tsid, u16 tclass)
175
148
{
176
149
int rc;
177
150
char *scontext;
178
151
u32 scontext_len;
179
152
180
-
rc = security_sid_to_context(ssid, &scontext, &scontext_len);
153
+
rc = security_sid_to_context(state, ssid, &scontext, &scontext_len);
181
154
if (rc)
182
155
audit_log_format(ab, "ssid=%d", ssid);
183
156
else {
···
186
157
kfree(scontext);
187
158
}
188
159
189
-
rc = security_sid_to_context(tsid, &scontext, &scontext_len);
160
+
rc = security_sid_to_context(state, tsid, &scontext, &scontext_len);
190
161
if (rc)
191
162
audit_log_format(ab, " tsid=%d", tsid);
192
163
else {
···
205
176
*/
206
177
void __init avc_init(void)
207
178
{
208
-
int i;
209
-
210
-
for (i = 0; i < AVC_CACHE_SLOTS; i++) {
211
-
INIT_HLIST_HEAD(&avc_cache.slots[i]);
212
-
spin_lock_init(&avc_cache.slots_lock[i]);
213
-
}
214
-
atomic_set(&avc_cache.active_nodes, 0);
215
-
atomic_set(&avc_cache.lru_hint, 0);
216
-
217
179
avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node),
218
180
0, SLAB_PANIC, NULL);
219
181
avc_xperms_cachep = kmem_cache_create("avc_xperms_node",
···
219
199
0, SLAB_PANIC, NULL);
220
200
}
221
201
222
-
int avc_get_hash_stats(char *page)
202
+
int avc_get_hash_stats(struct selinux_avc *avc, char *page)
223
203
{
224
204
int i, chain_len, max_chain_len, slots_used;
225
205
struct avc_node *node;
···
230
210
slots_used = 0;
231
211
max_chain_len = 0;
232
212
for (i = 0; i < AVC_CACHE_SLOTS; i++) {
233
-
head = &avc_cache.slots[i];
213
+
head = &avc->avc_cache.slots[i];
234
214
if (!hlist_empty(head)) {
235
215
slots_used++;
236
216
chain_len = 0;
···
245
225
246
226
return scnprintf(page, PAGE_SIZE, "entries: %d\nbuckets used: %d/%d\n"
247
227
"longest chain: %d\n",
248
-
atomic_read(&avc_cache.active_nodes),
228
+
atomic_read(&avc->avc_cache.active_nodes),
249
229
slots_used, AVC_CACHE_SLOTS, max_chain_len);
250
230
}
251
231
···
482
462
return audited;
483
463
}
484
464
485
-
static inline int avc_xperms_audit(u32 ssid, u32 tsid, u16 tclass,
486
-
u32 requested, struct av_decision *avd,
487
-
struct extended_perms_decision *xpd,
488
-
u8 perm, int result,
489
-
struct common_audit_data *ad)
465
+
static inline int avc_xperms_audit(struct selinux_state *state,
466
+
u32 ssid, u32 tsid, u16 tclass,
467
+
u32 requested, struct av_decision *avd,
468
+
struct extended_perms_decision *xpd,
469
+
u8 perm, int result,
470
+
struct common_audit_data *ad)
490
471
{
491
472
u32 audited, denied;
492
473
···
495
474
requested, avd, xpd, perm, result, &denied);
496
475
if (likely(!audited))
497
476
return 0;
498
-
return slow_avc_audit(ssid, tsid, tclass, requested,
477
+
return slow_avc_audit(state, ssid, tsid, tclass, requested,
499
478
audited, denied, result, ad, 0);
500
479
}
501
480
···
507
486
avc_cache_stats_incr(frees);
508
487
}
509
488
510
-
static void avc_node_delete(struct avc_node *node)
489
+
static void avc_node_delete(struct selinux_avc *avc, struct avc_node *node)
511
490
{
512
491
hlist_del_rcu(&node->list);
513
492
call_rcu(&node->rhead, avc_node_free);
514
-
atomic_dec(&avc_cache.active_nodes);
493
+
atomic_dec(&avc->avc_cache.active_nodes);
515
494
}
516
495
517
-
static void avc_node_kill(struct avc_node *node)
496
+
static void avc_node_kill(struct selinux_avc *avc, struct avc_node *node)
518
497
{
519
498
avc_xperms_free(node->ae.xp_node);
520
499
kmem_cache_free(avc_node_cachep, node);
521
500
avc_cache_stats_incr(frees);
522
-
atomic_dec(&avc_cache.active_nodes);
501
+
atomic_dec(&avc->avc_cache.active_nodes);
523
502
}
524
503
525
-
static void avc_node_replace(struct avc_node *new, struct avc_node *old)
504
+
static void avc_node_replace(struct selinux_avc *avc,
505
+
struct avc_node *new, struct avc_node *old)
526
506
{
527
507
hlist_replace_rcu(&old->list, &new->list);
528
508
call_rcu(&old->rhead, avc_node_free);
529
-
atomic_dec(&avc_cache.active_nodes);
509
+
atomic_dec(&avc->avc_cache.active_nodes);
530
510
}
531
511
532
-
static inline int avc_reclaim_node(void)
512
+
static inline int avc_reclaim_node(struct selinux_avc *avc)
533
513
{
534
514
struct avc_node *node;
535
515
int hvalue, try, ecx;
···
539
517
spinlock_t *lock;
540
518
541
519
for (try = 0, ecx = 0; try < AVC_CACHE_SLOTS; try++) {
542
-
hvalue = atomic_inc_return(&avc_cache.lru_hint) & (AVC_CACHE_SLOTS - 1);
543
-
head = &avc_cache.slots[hvalue];
544
-
lock = &avc_cache.slots_lock[hvalue];
520
+
hvalue = atomic_inc_return(&avc->avc_cache.lru_hint) &
521
+
(AVC_CACHE_SLOTS - 1);
522
+
head = &avc->avc_cache.slots[hvalue];
523
+
lock = &avc->avc_cache.slots_lock[hvalue];
545
524
546
525
if (!spin_trylock_irqsave(lock, flags))
547
526
continue;
548
527
549
528
rcu_read_lock();
550
529
hlist_for_each_entry(node, head, list) {
551
-
avc_node_delete(node);
530
+
avc_node_delete(avc, node);
552
531
avc_cache_stats_incr(reclaims);
553
532
ecx++;
554
533
if (ecx >= AVC_CACHE_RECLAIM) {
···
565
542
return ecx;
566
543
}
567
544
568
-
static struct avc_node *avc_alloc_node(void)
545
+
static struct avc_node *avc_alloc_node(struct selinux_avc *avc)
569
546
{
570
547
struct avc_node *node;
571
548
···
576
553
INIT_HLIST_NODE(&node->list);
577
554
avc_cache_stats_incr(allocations);
578
555
579
-
if (atomic_inc_return(&avc_cache.active_nodes) > avc_cache_threshold)
580
-
avc_reclaim_node();
556
+
if (atomic_inc_return(&avc->avc_cache.active_nodes) >
557
+
avc->avc_cache_threshold)
558
+
avc_reclaim_node(avc);
581
559
582
560
out:
583
561
return node;
···
592
568
memcpy(&node->ae.avd, avd, sizeof(node->ae.avd));
593
569
}
594
570
595
-
static inline struct avc_node *avc_search_node(u32 ssid, u32 tsid, u16 tclass)
571
+
static inline struct avc_node *avc_search_node(struct selinux_avc *avc,
572
+
u32 ssid, u32 tsid, u16 tclass)
596
573
{
597
574
struct avc_node *node, *ret = NULL;
598
575
int hvalue;
599
576
struct hlist_head *head;
600
577
601
578
hvalue = avc_hash(ssid, tsid, tclass);
602
-
head = &avc_cache.slots[hvalue];
579
+
head = &avc->avc_cache.slots[hvalue];
603
580
hlist_for_each_entry_rcu(node, head, list) {
604
581
if (ssid == node->ae.ssid &&
605
582
tclass == node->ae.tclass &&
···
625
600
* then this function returns the avc_node.
626
601
* Otherwise, this function returns NULL.
627
602
*/
628
-
static struct avc_node *avc_lookup(u32 ssid, u32 tsid, u16 tclass)
603
+
static struct avc_node *avc_lookup(struct selinux_avc *avc,
604
+
u32 ssid, u32 tsid, u16 tclass)
629
605
{
630
606
struct avc_node *node;
631
607
632
608
avc_cache_stats_incr(lookups);
633
-
node = avc_search_node(ssid, tsid, tclass);
609
+
node = avc_search_node(avc, ssid, tsid, tclass);
634
610
635
611
if (node)
636
612
return node;
···
640
614
return NULL;
641
615
}
642
616
643
-
static int avc_latest_notif_update(int seqno, int is_insert)
617
+
static int avc_latest_notif_update(struct selinux_avc *avc,
618
+
int seqno, int is_insert)
644
619
{
645
620
int ret = 0;
646
621
static DEFINE_SPINLOCK(notif_lock);
···
649
622
650
623
spin_lock_irqsave(¬if_lock, flag);
651
624
if (is_insert) {
652
-
if (seqno < avc_cache.latest_notif) {
625
+
if (seqno < avc->avc_cache.latest_notif) {
653
626
printk(KERN_WARNING "SELinux: avc: seqno %d < latest_notif %d\n",
654
-
seqno, avc_cache.latest_notif);
627
+
seqno, avc->avc_cache.latest_notif);
655
628
ret = -EAGAIN;
656
629
}
657
630
} else {
658
-
if (seqno > avc_cache.latest_notif)
659
-
avc_cache.latest_notif = seqno;
631
+
if (seqno > avc->avc_cache.latest_notif)
632
+
avc->avc_cache.latest_notif = seqno;
660
633
}
661
634
spin_unlock_irqrestore(¬if_lock, flag);
662
635
···
681
654
* the access vectors into a cache entry, returns
682
655
* avc_node inserted. Otherwise, this function returns NULL.
683
656
*/
684
-
static struct avc_node *avc_insert(u32 ssid, u32 tsid, u16 tclass,
685
-
struct av_decision *avd,
686
-
struct avc_xperms_node *xp_node)
657
+
static struct avc_node *avc_insert(struct selinux_avc *avc,
658
+
u32 ssid, u32 tsid, u16 tclass,
659
+
struct av_decision *avd,
660
+
struct avc_xperms_node *xp_node)
687
661
{
688
662
struct avc_node *pos, *node = NULL;
689
663
int hvalue;
690
664
unsigned long flag;
691
665
692
-
if (avc_latest_notif_update(avd->seqno, 1))
666
+
if (avc_latest_notif_update(avc, avd->seqno, 1))
693
667
goto out;
694
668
695
-
node = avc_alloc_node();
669
+
node = avc_alloc_node(avc);
696
670
if (node) {
697
671
struct hlist_head *head;
698
672
spinlock_t *lock;
···
706
678
kmem_cache_free(avc_node_cachep, node);
707
679
return NULL;
708
680
}
709
-
head = &avc_cache.slots[hvalue];
710
-
lock = &avc_cache.slots_lock[hvalue];
681
+
head = &avc->avc_cache.slots[hvalue];
682
+
lock = &avc->avc_cache.slots_lock[hvalue];
711
683
712
684
spin_lock_irqsave(lock, flag);
713
685
hlist_for_each_entry(pos, head, list) {
714
686
if (pos->ae.ssid == ssid &&
715
687
pos->ae.tsid == tsid &&
716
688
pos->ae.tclass == tclass) {
717
-
avc_node_replace(node, pos);
689
+
avc_node_replace(avc, node, pos);
718
690
goto found;
719
691
}
720
692
}
···
752
724
{
753
725
struct common_audit_data *ad = a;
754
726
audit_log_format(ab, " ");
755
-
avc_dump_query(ab, ad->selinux_audit_data->ssid,
756
-
ad->selinux_audit_data->tsid,
757
-
ad->selinux_audit_data->tclass);
727
+
avc_dump_query(ab, ad->selinux_audit_data->state,
728
+
ad->selinux_audit_data->ssid,
729
+
ad->selinux_audit_data->tsid,
730
+
ad->selinux_audit_data->tclass);
758
731
if (ad->selinux_audit_data->denied) {
759
732
audit_log_format(ab, " permissive=%u",
760
733
ad->selinux_audit_data->result ? 0 : 1);
···
763
734
}
764
735
765
736
/* This is the slow part of avc audit with big stack footprint */
766
-
noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
767
-
u32 requested, u32 audited, u32 denied, int result,
768
-
struct common_audit_data *a,
769
-
unsigned flags)
737
+
noinline int slow_avc_audit(struct selinux_state *state,
738
+
u32 ssid, u32 tsid, u16 tclass,
739
+
u32 requested, u32 audited, u32 denied, int result,
740
+
struct common_audit_data *a,
741
+
unsigned int flags)
770
742
{
771
743
struct common_audit_data stack_data;
772
744
struct selinux_audit_data sad;
···
795
765
sad.audited = audited;
796
766
sad.denied = denied;
797
767
sad.result = result;
768
+
sad.state = state;
798
769
799
770
a->selinux_audit_data = &sad;
800
771
···
844
813
* otherwise, this function updates the AVC entry. The original AVC-entry object
845
814
* will release later by RCU.
846
815
*/
847
-
static int avc_update_node(u32 event, u32 perms, u8 driver, u8 xperm, u32 ssid,
848
-
u32 tsid, u16 tclass, u32 seqno,
849
-
struct extended_perms_decision *xpd,
850
-
u32 flags)
816
+
static int avc_update_node(struct selinux_avc *avc,
817
+
u32 event, u32 perms, u8 driver, u8 xperm, u32 ssid,
818
+
u32 tsid, u16 tclass, u32 seqno,
819
+
struct extended_perms_decision *xpd,
820
+
u32 flags)
851
821
{
852
822
int hvalue, rc = 0;
853
823
unsigned long flag;
···
856
824
struct hlist_head *head;
857
825
spinlock_t *lock;
858
826
859
-
node = avc_alloc_node();
827
+
node = avc_alloc_node(avc);
860
828
if (!node) {
861
829
rc = -ENOMEM;
862
830
goto out;
···
865
833
/* Lock the target slot */
866
834
hvalue = avc_hash(ssid, tsid, tclass);
867
835
868
-
head = &avc_cache.slots[hvalue];
869
-
lock = &avc_cache.slots_lock[hvalue];
836
+
head = &avc->avc_cache.slots[hvalue];
837
+
lock = &avc->avc_cache.slots_lock[hvalue];
870
838
871
839
spin_lock_irqsave(lock, flag);
872
840
···
882
850
883
851
if (!orig) {
884
852
rc = -ENOENT;
885
-
avc_node_kill(node);
853
+
avc_node_kill(avc, node);
886
854
goto out_unlock;
887
855
}
888
856
···
926
894
avc_add_xperms_decision(node, xpd);
927
895
break;
928
896
}
929
-
avc_node_replace(node, orig);
897
+
avc_node_replace(avc, node, orig);
930
898
out_unlock:
931
899
spin_unlock_irqrestore(lock, flag);
932
900
out:
···
936
904
/**
937
905
* avc_flush - Flush the cache
938
906
*/
939
-
static void avc_flush(void)
907
+
static void avc_flush(struct selinux_avc *avc)
940
908
{
941
909
struct hlist_head *head;
942
910
struct avc_node *node;
···
945
913
int i;
946
914
947
915
for (i = 0; i < AVC_CACHE_SLOTS; i++) {
948
-
head = &avc_cache.slots[i];
949
-
lock = &avc_cache.slots_lock[i];
916
+
head = &avc->avc_cache.slots[i];
917
+
lock = &avc->avc_cache.slots_lock[i];
950
918
951
919
spin_lock_irqsave(lock, flag);
952
920
/*
···
955
923
*/
956
924
rcu_read_lock();
957
925
hlist_for_each_entry(node, head, list)
958
-
avc_node_delete(node);
926
+
avc_node_delete(avc, node);
959
927
rcu_read_unlock();
960
928
spin_unlock_irqrestore(lock, flag);
961
929
}
···
965
933
* avc_ss_reset - Flush the cache and revalidate migrated permissions.
966
934
* @seqno: policy sequence number
967
935
*/
968
-
int avc_ss_reset(u32 seqno)
936
+
int avc_ss_reset(struct selinux_avc *avc, u32 seqno)
969
937
{
970
938
struct avc_callback_node *c;
971
939
int rc = 0, tmprc;
972
940
973
-
avc_flush();
941
+
avc_flush(avc);
974
942
975
943
for (c = avc_callbacks; c; c = c->next) {
976
944
if (c->events & AVC_CALLBACK_RESET) {
···
982
950
}
983
951
}
984
952
985
-
avc_latest_notif_update(seqno, 0);
953
+
avc_latest_notif_update(avc, seqno, 0);
986
954
return rc;
987
955
}
988
956
···
995
963
* Don't inline this, since it's the slow-path and just
996
964
* results in a bigger stack frame.
997
965
*/
998
-
static noinline struct avc_node *avc_compute_av(u32 ssid, u32 tsid,
999
-
u16 tclass, struct av_decision *avd,
1000
-
struct avc_xperms_node *xp_node)
966
+
static noinline
967
+
struct avc_node *avc_compute_av(struct selinux_state *state,
968
+
u32 ssid, u32 tsid,
969
+
u16 tclass, struct av_decision *avd,
970
+
struct avc_xperms_node *xp_node)
1001
971
{
1002
972
rcu_read_unlock();
1003
973
INIT_LIST_HEAD(&xp_node->xpd_head);
1004
-
security_compute_av(ssid, tsid, tclass, avd, &xp_node->xp);
974
+
security_compute_av(state, ssid, tsid, tclass, avd, &xp_node->xp);
1005
975
rcu_read_lock();
1006
-
return avc_insert(ssid, tsid, tclass, avd, xp_node);
976
+
return avc_insert(state->avc, ssid, tsid, tclass, avd, xp_node);
1007
977
}
1008
978
1009
-
static noinline int avc_denied(u32 ssid, u32 tsid,
1010
-
u16 tclass, u32 requested,
1011
-
u8 driver, u8 xperm, unsigned flags,
1012
-
struct av_decision *avd)
979
+
static noinline int avc_denied(struct selinux_state *state,
980
+
u32 ssid, u32 tsid,
981
+
u16 tclass, u32 requested,
982
+
u8 driver, u8 xperm, unsigned int flags,
983
+
struct av_decision *avd)
1013
984
{
1014
985
if (flags & AVC_STRICT)
1015
986
return -EACCES;
1016
987
1017
-
if (selinux_enforcing && !(avd->flags & AVD_FLAGS_PERMISSIVE))
988
+
if (enforcing_enabled(state) &&
989
+
!(avd->flags & AVD_FLAGS_PERMISSIVE))
1018
990
return -EACCES;
1019
991
1020
-
avc_update_node(AVC_CALLBACK_GRANT, requested, driver, xperm, ssid,
1021
-
tsid, tclass, avd->seqno, NULL, flags);
992
+
avc_update_node(state->avc, AVC_CALLBACK_GRANT, requested, driver,
993
+
xperm, ssid, tsid, tclass, avd->seqno, NULL, flags);
1022
994
return 0;
1023
995
}
1024
996
···
1033
997
* as-is the case with ioctls, then multiple may be chained together and the
1034
998
* driver field is used to specify which set contains the permission.
1035
999
*/
1036
-
int avc_has_extended_perms(u32 ssid, u32 tsid, u16 tclass, u32 requested,
1037
-
u8 driver, u8 xperm, struct common_audit_data *ad)
1000
+
int avc_has_extended_perms(struct selinux_state *state,
1001
+
u32 ssid, u32 tsid, u16 tclass, u32 requested,
1002
+
u8 driver, u8 xperm, struct common_audit_data *ad)
1038
1003
{
1039
1004
struct avc_node *node;
1040
1005
struct av_decision avd;
···
1054
1017
1055
1018
rcu_read_lock();
1056
1019
1057
-
node = avc_lookup(ssid, tsid, tclass);
1020
+
node = avc_lookup(state->avc, ssid, tsid, tclass);
1058
1021
if (unlikely(!node)) {
1059
-
node = avc_compute_av(ssid, tsid, tclass, &avd, xp_node);
1022
+
node = avc_compute_av(state, ssid, tsid, tclass, &avd, xp_node);
1060
1023
} else {
1061
1024
memcpy(&avd, &node->ae.avd, sizeof(avd));
1062
1025
xp_node = node->ae.xp_node;
···
1080
1043
goto decision;
1081
1044
}
1082
1045
rcu_read_unlock();
1083
-
security_compute_xperms_decision(ssid, tsid, tclass, driver,
1084
-
&local_xpd);
1046
+
security_compute_xperms_decision(state, ssid, tsid, tclass,
1047
+
driver, &local_xpd);
1085
1048
rcu_read_lock();
1086
-
avc_update_node(AVC_CALLBACK_ADD_XPERMS, requested, driver, xperm,
1087
-
ssid, tsid, tclass, avd.seqno, &local_xpd, 0);
1049
+
avc_update_node(state->avc, AVC_CALLBACK_ADD_XPERMS, requested,
1050
+
driver, xperm, ssid, tsid, tclass, avd.seqno,
1051
+
&local_xpd, 0);
1088
1052
} else {
1089
1053
avc_quick_copy_xperms_decision(xperm, &local_xpd, xpd);
1090
1054
}
···
1097
1059
decision:
1098
1060
denied = requested & ~(avd.allowed);
1099
1061
if (unlikely(denied))
1100
-
rc = avc_denied(ssid, tsid, tclass, requested, driver, xperm,
1101
-
AVC_EXTENDED_PERMS, &avd);
1062
+
rc = avc_denied(state, ssid, tsid, tclass, requested,
1063
+
driver, xperm, AVC_EXTENDED_PERMS, &avd);
1102
1064
1103
1065
rcu_read_unlock();
1104
1066
1105
-
rc2 = avc_xperms_audit(ssid, tsid, tclass, requested,
1067
+
rc2 = avc_xperms_audit(state, ssid, tsid, tclass, requested,
1106
1068
&avd, xpd, xperm, rc, ad);
1107
1069
if (rc2)
1108
1070
return rc2;
···
1129
1091
* auditing, e.g. in cases where a lock must be held for the check but
1130
1092
* should be released for the auditing.
1131
1093
*/
1132
-
inline int avc_has_perm_noaudit(u32 ssid, u32 tsid,
1133
-
u16 tclass, u32 requested,
1134
-
unsigned flags,
1135
-
struct av_decision *avd)
1094
+
inline int avc_has_perm_noaudit(struct selinux_state *state,
1095
+
u32 ssid, u32 tsid,
1096
+
u16 tclass, u32 requested,
1097
+
unsigned int flags,
1098
+
struct av_decision *avd)
1136
1099
{
1137
1100
struct avc_node *node;
1138
1101
struct avc_xperms_node xp_node;
···
1144
1105
1145
1106
rcu_read_lock();
1146
1107
1147
-
node = avc_lookup(ssid, tsid, tclass);
1108
+
node = avc_lookup(state->avc, ssid, tsid, tclass);
1148
1109
if (unlikely(!node))
1149
-
node = avc_compute_av(ssid, tsid, tclass, avd, &xp_node);
1110
+
node = avc_compute_av(state, ssid, tsid, tclass, avd, &xp_node);
1150
1111
else
1151
1112
memcpy(avd, &node->ae.avd, sizeof(*avd));
1152
1113
1153
1114
denied = requested & ~(avd->allowed);
1154
1115
if (unlikely(denied))
1155
-
rc = avc_denied(ssid, tsid, tclass, requested, 0, 0, flags, avd);
1116
+
rc = avc_denied(state, ssid, tsid, tclass, requested, 0, 0,
1117
+
flags, avd);
1156
1118
1157
1119
rcu_read_unlock();
1158
1120
return rc;
···
1175
1135
* permissions are granted, -%EACCES if any permissions are denied, or
1176
1136
* another -errno upon other errors.
1177
1137
*/
1178
-
int avc_has_perm(u32 ssid, u32 tsid, u16 tclass,
1138
+
int avc_has_perm(struct selinux_state *state, u32 ssid, u32 tsid, u16 tclass,
1179
1139
u32 requested, struct common_audit_data *auditdata)
1180
1140
{
1181
1141
struct av_decision avd;
1182
1142
int rc, rc2;
1183
1143
1184
-
rc = avc_has_perm_noaudit(ssid, tsid, tclass, requested, 0, &avd);
1144
+
rc = avc_has_perm_noaudit(state, ssid, tsid, tclass, requested, 0,
1145
+
&avd);
1185
1146
1186
-
rc2 = avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata, 0);
1147
+
rc2 = avc_audit(state, ssid, tsid, tclass, requested, &avd, rc,
1148
+
auditdata, 0);
1187
1149
if (rc2)
1188
1150
return rc2;
1189
1151
return rc;
1190
1152
}
1191
1153
1192
-
int avc_has_perm_flags(u32 ssid, u32 tsid, u16 tclass,
1193
-
u32 requested, struct common_audit_data *auditdata,
1154
+
int avc_has_perm_flags(struct selinux_state *state,
1155
+
u32 ssid, u32 tsid, u16 tclass, u32 requested,
1156
+
struct common_audit_data *auditdata,
1194
1157
int flags)
1195
1158
{
1196
1159
struct av_decision avd;
1197
1160
int rc, rc2;
1198
1161
1199
-
rc = avc_has_perm_noaudit(ssid, tsid, tclass, requested, 0, &avd);
1162
+
rc = avc_has_perm_noaudit(state, ssid, tsid, tclass, requested, 0,
1163
+
&avd);
1200
1164
1201
-
rc2 = avc_audit(ssid, tsid, tclass, requested, &avd, rc,
1165
+
rc2 = avc_audit(state, ssid, tsid, tclass, requested, &avd, rc,
1202
1166
auditdata, flags);
1203
1167
if (rc2)
1204
1168
return rc2;
1205
1169
return rc;
1206
1170
}
1207
1171
1208
-
u32 avc_policy_seqno(void)
1172
+
u32 avc_policy_seqno(struct selinux_state *state)
1209
1173
{
1210
-
return avc_cache.latest_notif;
1174
+
return state->avc->avc_cache.latest_notif;
1211
1175
}
1212
1176
1213
1177
void avc_disable(void)
···
1228
1184
* the cache and get that memory back.
1229
1185
*/
1230
1186
if (avc_node_cachep) {
1231
-
avc_flush();
1187
+
avc_flush(selinux_state.avc);
1232
1188
/* kmem_cache_destroy(avc_node_cachep); */
1233
1189
}
1234
1190
}
+690
-232
security/selinux/hooks.c
+690
-232
security/selinux/hooks.c
···
67
67
#include <linux/tcp.h>
68
68
#include <linux/udp.h>
69
69
#include <linux/dccp.h>
70
+
#include <linux/sctp.h>
71
+
#include <net/sctp/structs.h>
70
72
#include <linux/quota.h>
71
73
#include <linux/un.h> /* for Unix socket types */
72
74
#include <net/af_unix.h> /* for Unix socket types */
···
100
98
#include "audit.h"
101
99
#include "avc_ss.h"
102
100
101
+
struct selinux_state selinux_state;
102
+
103
103
/* SECMARK reference count */
104
104
static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
105
105
106
106
#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
107
-
int selinux_enforcing;
107
+
static int selinux_enforcing_boot;
108
108
109
109
static int __init enforcing_setup(char *str)
110
110
{
111
111
unsigned long enforcing;
112
112
if (!kstrtoul(str, 0, &enforcing))
113
-
selinux_enforcing = enforcing ? 1 : 0;
113
+
selinux_enforcing_boot = enforcing ? 1 : 0;
114
114
return 1;
115
115
}
116
116
__setup("enforcing=", enforcing_setup);
117
+
#else
118
+
#define selinux_enforcing_boot 1
117
119
#endif
118
120
119
121
#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
···
135
129
int selinux_enabled = 1;
136
130
#endif
137
131
132
+
static unsigned int selinux_checkreqprot_boot =
133
+
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE;
134
+
135
+
static int __init checkreqprot_setup(char *str)
136
+
{
137
+
unsigned long checkreqprot;
138
+
139
+
if (!kstrtoul(str, 0, &checkreqprot))
140
+
selinux_checkreqprot_boot = checkreqprot ? 1 : 0;
141
+
return 1;
142
+
}
143
+
__setup("checkreqprot=", checkreqprot_setup);
144
+
138
145
static struct kmem_cache *sel_inode_cache;
139
146
static struct kmem_cache *file_security_cache;
140
147
···
164
145
*/
165
146
static int selinux_secmark_enabled(void)
166
147
{
167
-
return (selinux_policycap_alwaysnetwork || atomic_read(&selinux_secmark_refcount));
148
+
return (selinux_policycap_alwaysnetwork() ||
149
+
atomic_read(&selinux_secmark_refcount));
168
150
}
169
151
170
152
/**
···
180
160
*/
181
161
static int selinux_peerlbl_enabled(void)
182
162
{
183
-
return (selinux_policycap_alwaysnetwork || netlbl_enabled() || selinux_xfrm_enabled());
163
+
return (selinux_policycap_alwaysnetwork() ||
164
+
netlbl_enabled() || selinux_xfrm_enabled());
184
165
}
185
166
186
167
static int selinux_netcache_avc_callback(u32 event)
···
285
264
286
265
might_sleep_if(may_sleep);
287
266
288
-
if (ss_initialized && isec->initialized != LABEL_INITIALIZED) {
267
+
if (selinux_state.initialized &&
268
+
isec->initialized != LABEL_INITIALIZED) {
289
269
if (!may_sleep)
290
270
return -ECHILD;
291
271
···
468
446
const struct task_security_struct *tsec = cred->security;
469
447
int rc;
470
448
471
-
rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
449
+
rc = avc_has_perm(&selinux_state,
450
+
tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
472
451
FILESYSTEM__RELABELFROM, NULL);
473
452
if (rc)
474
453
return rc;
475
454
476
-
rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
455
+
rc = avc_has_perm(&selinux_state,
456
+
tsec->sid, sid, SECCLASS_FILESYSTEM,
477
457
FILESYSTEM__RELABELTO, NULL);
478
458
return rc;
479
459
}
···
486
462
{
487
463
const struct task_security_struct *tsec = cred->security;
488
464
int rc;
489
-
rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
465
+
rc = avc_has_perm(&selinux_state,
466
+
tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
490
467
FILESYSTEM__RELABELFROM, NULL);
491
468
if (rc)
492
469
return rc;
493
470
494
-
rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
471
+
rc = avc_has_perm(&selinux_state,
472
+
sid, sbsec->sid, SECCLASS_FILESYSTEM,
495
473
FILESYSTEM__ASSOCIATE, NULL);
496
474
return rc;
497
475
}
···
512
486
!strcmp(sb->s_type->name, "debugfs") ||
513
487
!strcmp(sb->s_type->name, "tracefs") ||
514
488
!strcmp(sb->s_type->name, "rootfs") ||
515
-
(selinux_policycap_cgroupseclabel &&
489
+
(selinux_policycap_cgroupseclabel() &&
516
490
(!strcmp(sb->s_type->name, "cgroup") ||
517
491
!strcmp(sb->s_type->name, "cgroup2")));
518
492
}
···
612
586
if (!(sbsec->flags & SE_SBINITIALIZED))
613
587
return -EINVAL;
614
588
615
-
if (!ss_initialized)
589
+
if (!selinux_state.initialized)
616
590
return -EINVAL;
617
591
618
592
/* make sure we always check enough bits to cover the mask */
···
643
617
644
618
i = 0;
645
619
if (sbsec->flags & FSCONTEXT_MNT) {
646
-
rc = security_sid_to_context(sbsec->sid, &context, &len);
620
+
rc = security_sid_to_context(&selinux_state, sbsec->sid,
621
+
&context, &len);
647
622
if (rc)
648
623
goto out_free;
649
624
opts->mnt_opts[i] = context;
650
625
opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;
651
626
}
652
627
if (sbsec->flags & CONTEXT_MNT) {
653
-
rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);
628
+
rc = security_sid_to_context(&selinux_state,
629
+
sbsec->mntpoint_sid,
630
+
&context, &len);
654
631
if (rc)
655
632
goto out_free;
656
633
opts->mnt_opts[i] = context;
657
634
opts->mnt_opts_flags[i++] = CONTEXT_MNT;
658
635
}
659
636
if (sbsec->flags & DEFCONTEXT_MNT) {
660
-
rc = security_sid_to_context(sbsec->def_sid, &context, &len);
637
+
rc = security_sid_to_context(&selinux_state, sbsec->def_sid,
638
+
&context, &len);
661
639
if (rc)
662
640
goto out_free;
663
641
opts->mnt_opts[i] = context;
···
671
641
struct dentry *root = sbsec->sb->s_root;
672
642
struct inode_security_struct *isec = backing_inode_security(root);
673
643
674
-
rc = security_sid_to_context(isec->sid, &context, &len);
644
+
rc = security_sid_to_context(&selinux_state, isec->sid,
645
+
&context, &len);
675
646
if (rc)
676
647
goto out_free;
677
648
opts->mnt_opts[i] = context;
···
735
704
736
705
mutex_lock(&sbsec->lock);
737
706
738
-
if (!ss_initialized) {
707
+
if (!selinux_state.initialized) {
739
708
if (!num_opts) {
740
709
/* Defer initialization until selinux_complete_init,
741
710
after the initial policy is loaded and the security
···
781
750
782
751
if (flags[i] == SBLABEL_MNT)
783
752
continue;
784
-
rc = security_context_str_to_sid(mount_options[i], &sid, GFP_KERNEL);
753
+
rc = security_context_str_to_sid(&selinux_state,
754
+
mount_options[i], &sid,
755
+
GFP_KERNEL);
785
756
if (rc) {
786
757
printk(KERN_WARNING "SELinux: security_context_str_to_sid"
787
758
"(%s) failed for (dev %s, type %s) errno=%d\n",
···
859
826
* Determine the labeling behavior to use for this
860
827
* filesystem type.
861
828
*/
862
-
rc = security_fs_use(sb);
829
+
rc = security_fs_use(&selinux_state, sb);
863
830
if (rc) {
864
831
printk(KERN_WARNING
865
832
"%s: security_fs_use(%s) returned %d\n",
···
884
851
}
885
852
if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
886
853
sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
887
-
rc = security_transition_sid(current_sid(), current_sid(),
854
+
rc = security_transition_sid(&selinux_state,
855
+
current_sid(),
856
+
current_sid(),
888
857
SECCLASS_FILE, NULL,
889
858
&sbsec->mntpoint_sid);
890
859
if (rc)
···
1022
987
* if the parent was able to be mounted it clearly had no special lsm
1023
988
* mount options. thus we can safely deal with this superblock later
1024
989
*/
1025
-
if (!ss_initialized)
990
+
if (!selinux_state.initialized)
1026
991
return 0;
1027
992
1028
993
/*
···
1049
1014
1050
1015
if (newsbsec->behavior == SECURITY_FS_USE_NATIVE &&
1051
1016
!(kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context) {
1052
-
rc = security_fs_use(newsb);
1017
+
rc = security_fs_use(&selinux_state, newsb);
1053
1018
if (rc)
1054
1019
goto out;
1055
1020
}
···
1332
1297
1333
1298
static inline u16 socket_type_to_security_class(int family, int type, int protocol)
1334
1299
{
1335
-
int extsockclass = selinux_policycap_extsockclass;
1300
+
int extsockclass = selinux_policycap_extsockclass();
1336
1301
1337
1302
switch (family) {
1338
1303
case PF_UNIX:
···
1506
1471
path++;
1507
1472
}
1508
1473
}
1509
-
rc = security_genfs_sid(sb->s_type->name, path, tclass, sid);
1474
+
rc = security_genfs_sid(&selinux_state, sb->s_type->name,
1475
+
path, tclass, sid);
1510
1476
}
1511
1477
free_page((unsigned long)buffer);
1512
1478
return rc;
···
1625
1589
sid = sbsec->def_sid;
1626
1590
rc = 0;
1627
1591
} else {
1628
-
rc = security_context_to_sid_default(context, rc, &sid,
1592
+
rc = security_context_to_sid_default(&selinux_state,
1593
+
context, rc, &sid,
1629
1594
sbsec->def_sid,
1630
1595
GFP_NOFS);
1631
1596
if (rc) {
···
1659
1622
sid = sbsec->sid;
1660
1623
1661
1624
/* Try to obtain a transition SID. */
1662
-
rc = security_transition_sid(task_sid, sid, sclass, NULL, &sid);
1625
+
rc = security_transition_sid(&selinux_state, task_sid, sid,
1626
+
sclass, NULL, &sid);
1663
1627
if (rc)
1664
1628
goto out;
1665
1629
break;
···
1778
1740
return -EINVAL;
1779
1741
}
1780
1742
1781
-
rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
1743
+
rc = avc_has_perm_noaudit(&selinux_state,
1744
+
sid, sid, sclass, av, 0, &avd);
1782
1745
if (audit == SECURITY_CAP_AUDIT) {
1783
-
int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad, 0);
1746
+
int rc2 = avc_audit(&selinux_state,
1747
+
sid, sid, sclass, av, &avd, rc, &ad, 0);
1784
1748
if (rc2)
1785
1749
return rc2;
1786
1750
}
···
1808
1768
sid = cred_sid(cred);
1809
1769
isec = inode->i_security;
1810
1770
1811
-
return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp);
1771
+
return avc_has_perm(&selinux_state,
1772
+
sid, isec->sid, isec->sclass, perms, adp);
1812
1773
}
1813
1774
1814
1775
/* Same as inode_has_perm, but pass explicit audit data containing
···
1882
1841
ad.u.file = file;
1883
1842
1884
1843
if (sid != fsec->sid) {
1885
-
rc = avc_has_perm(sid, fsec->sid,
1844
+
rc = avc_has_perm(&selinux_state,
1845
+
sid, fsec->sid,
1886
1846
SECCLASS_FD,
1887
1847
FD__USE,
1888
1848
&ad);
···
1925
1883
*_new_isid = tsec->create_sid;
1926
1884
} else {
1927
1885
const struct inode_security_struct *dsec = inode_security(dir);
1928
-
return security_transition_sid(tsec->sid, dsec->sid, tclass,
1886
+
return security_transition_sid(&selinux_state, tsec->sid,
1887
+
dsec->sid, tclass,
1929
1888
name, _new_isid);
1930
1889
}
1931
1890
···
1953
1910
ad.type = LSM_AUDIT_DATA_DENTRY;
1954
1911
ad.u.dentry = dentry;
1955
1912
1956
-
rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,
1913
+
rc = avc_has_perm(&selinux_state,
1914
+
sid, dsec->sid, SECCLASS_DIR,
1957
1915
DIR__ADD_NAME | DIR__SEARCH,
1958
1916
&ad);
1959
1917
if (rc)
···
1965
1921
if (rc)
1966
1922
return rc;
1967
1923
1968
-
rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad);
1924
+
rc = avc_has_perm(&selinux_state,
1925
+
sid, newsid, tclass, FILE__CREATE, &ad);
1969
1926
if (rc)
1970
1927
return rc;
1971
1928
1972
-
return avc_has_perm(newsid, sbsec->sid,
1929
+
return avc_has_perm(&selinux_state,
1930
+
newsid, sbsec->sid,
1973
1931
SECCLASS_FILESYSTEM,
1974
1932
FILESYSTEM__ASSOCIATE, &ad);
1975
1933
}
···
2000
1954
2001
1955
av = DIR__SEARCH;
2002
1956
av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
2003
-
rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad);
1957
+
rc = avc_has_perm(&selinux_state,
1958
+
sid, dsec->sid, SECCLASS_DIR, av, &ad);
2004
1959
if (rc)
2005
1960
return rc;
2006
1961
···
2021
1974
return 0;
2022
1975
}
2023
1976
2024
-
rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad);
1977
+
rc = avc_has_perm(&selinux_state,
1978
+
sid, isec->sid, isec->sclass, av, &ad);
2025
1979
return rc;
2026
1980
}
2027
1981
···
2046
1998
ad.type = LSM_AUDIT_DATA_DENTRY;
2047
1999
2048
2000
ad.u.dentry = old_dentry;
2049
-
rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,
2001
+
rc = avc_has_perm(&selinux_state,
2002
+
sid, old_dsec->sid, SECCLASS_DIR,
2050
2003
DIR__REMOVE_NAME | DIR__SEARCH, &ad);
2051
2004
if (rc)
2052
2005
return rc;
2053
-
rc = avc_has_perm(sid, old_isec->sid,
2006
+
rc = avc_has_perm(&selinux_state,
2007
+
sid, old_isec->sid,
2054
2008
old_isec->sclass, FILE__RENAME, &ad);
2055
2009
if (rc)
2056
2010
return rc;
2057
2011
if (old_is_dir && new_dir != old_dir) {
2058
-
rc = avc_has_perm(sid, old_isec->sid,
2012
+
rc = avc_has_perm(&selinux_state,
2013
+
sid, old_isec->sid,
2059
2014
old_isec->sclass, DIR__REPARENT, &ad);
2060
2015
if (rc)
2061
2016
return rc;
···
2068
2017
av = DIR__ADD_NAME | DIR__SEARCH;
2069
2018
if (d_is_positive(new_dentry))
2070
2019
av |= DIR__REMOVE_NAME;
2071
-
rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
2020
+
rc = avc_has_perm(&selinux_state,
2021
+
sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
2072
2022
if (rc)
2073
2023
return rc;
2074
2024
if (d_is_positive(new_dentry)) {
2075
2025
new_isec = backing_inode_security(new_dentry);
2076
2026
new_is_dir = d_is_dir(new_dentry);
2077
-
rc = avc_has_perm(sid, new_isec->sid,
2027
+
rc = avc_has_perm(&selinux_state,
2028
+
sid, new_isec->sid,
2078
2029
new_isec->sclass,
2079
2030
(new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
2080
2031
if (rc)
···
2096
2043
u32 sid = cred_sid(cred);
2097
2044
2098
2045
sbsec = sb->s_security;
2099
-
return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
2046
+
return avc_has_perm(&selinux_state,
2047
+
sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
2100
2048
}
2101
2049
2102
2050
/* Convert a Linux mode and permission mask to an access vector. */
···
2160
2106
u32 av = file_to_av(file);
2161
2107
struct inode *inode = file_inode(file);
2162
2108
2163
-
if (selinux_policycap_openperm && inode->i_sb->s_magic != SOCKFS_MAGIC)
2109
+
if (selinux_policycap_openperm() &&
2110
+
inode->i_sb->s_magic != SOCKFS_MAGIC)
2164
2111
av |= FILE__OPEN;
2165
2112
2166
2113
return av;
···
2174
2119
u32 mysid = current_sid();
2175
2120
u32 mgrsid = task_sid(mgr);
2176
2121
2177
-
return avc_has_perm(mysid, mgrsid, SECCLASS_BINDER,
2122
+
return avc_has_perm(&selinux_state,
2123
+
mysid, mgrsid, SECCLASS_BINDER,
2178
2124
BINDER__SET_CONTEXT_MGR, NULL);
2179
2125
}
2180
2126
···
2188
2132
int rc;
2189
2133
2190
2134
if (mysid != fromsid) {
2191
-
rc = avc_has_perm(mysid, fromsid, SECCLASS_BINDER,
2135
+
rc = avc_has_perm(&selinux_state,
2136
+
mysid, fromsid, SECCLASS_BINDER,
2192
2137
BINDER__IMPERSONATE, NULL);
2193
2138
if (rc)
2194
2139
return rc;
2195
2140
}
2196
2141
2197
-
return avc_has_perm(fromsid, tosid, SECCLASS_BINDER, BINDER__CALL,
2142
+
return avc_has_perm(&selinux_state,
2143
+
fromsid, tosid, SECCLASS_BINDER, BINDER__CALL,
2198
2144
NULL);
2199
2145
}
2200
2146
···
2206
2148
u32 fromsid = task_sid(from);
2207
2149
u32 tosid = task_sid(to);
2208
2150
2209
-
return avc_has_perm(fromsid, tosid, SECCLASS_BINDER, BINDER__TRANSFER,
2151
+
return avc_has_perm(&selinux_state,
2152
+
fromsid, tosid, SECCLASS_BINDER, BINDER__TRANSFER,
2210
2153
NULL);
2211
2154
}
2212
2155
···
2226
2167
ad.u.path = file->f_path;
2227
2168
2228
2169
if (sid != fsec->sid) {
2229
-
rc = avc_has_perm(sid, fsec->sid,
2170
+
rc = avc_has_perm(&selinux_state,
2171
+
sid, fsec->sid,
2230
2172
SECCLASS_FD,
2231
2173
FD__USE,
2232
2174
&ad);
···
2245
2185
return 0;
2246
2186
2247
2187
isec = backing_inode_security(dentry);
2248
-
return avc_has_perm(sid, isec->sid, isec->sclass, file_to_av(file),
2188
+
return avc_has_perm(&selinux_state,
2189
+
sid, isec->sid, isec->sclass, file_to_av(file),
2249
2190
&ad);
2250
2191
}
2251
2192
···
2257
2196
u32 csid = task_sid(child);
2258
2197
2259
2198
if (mode & PTRACE_MODE_READ)
2260
-
return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);
2199
+
return avc_has_perm(&selinux_state,
2200
+
sid, csid, SECCLASS_FILE, FILE__READ, NULL);
2261
2201
2262
-
return avc_has_perm(sid, csid, SECCLASS_PROCESS, PROCESS__PTRACE, NULL);
2202
+
return avc_has_perm(&selinux_state,
2203
+
sid, csid, SECCLASS_PROCESS, PROCESS__PTRACE, NULL);
2263
2204
}
2264
2205
2265
2206
static int selinux_ptrace_traceme(struct task_struct *parent)
2266
2207
{
2267
-
return avc_has_perm(task_sid(parent), current_sid(), SECCLASS_PROCESS,
2208
+
return avc_has_perm(&selinux_state,
2209
+
task_sid(parent), current_sid(), SECCLASS_PROCESS,
2268
2210
PROCESS__PTRACE, NULL);
2269
2211
}
2270
2212
2271
2213
static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
2272
2214
kernel_cap_t *inheritable, kernel_cap_t *permitted)
2273
2215
{
2274
-
return avc_has_perm(current_sid(), task_sid(target), SECCLASS_PROCESS,
2216
+
return avc_has_perm(&selinux_state,
2217
+
current_sid(), task_sid(target), SECCLASS_PROCESS,
2275
2218
PROCESS__GETCAP, NULL);
2276
2219
}
2277
2220
···
2284
2219
const kernel_cap_t *inheritable,
2285
2220
const kernel_cap_t *permitted)
2286
2221
{
2287
-
return avc_has_perm(cred_sid(old), cred_sid(new), SECCLASS_PROCESS,
2222
+
return avc_has_perm(&selinux_state,
2223
+
cred_sid(old), cred_sid(new), SECCLASS_PROCESS,
2288
2224
PROCESS__SETCAP, NULL);
2289
2225
}
2290
2226
···
2345
2279
switch (type) {
2346
2280
case SYSLOG_ACTION_READ_ALL: /* Read last kernel messages */
2347
2281
case SYSLOG_ACTION_SIZE_BUFFER: /* Return size of the log buffer */
2348
-
return avc_has_perm(current_sid(), SECINITSID_KERNEL,
2282
+
return avc_has_perm(&selinux_state,
2283
+
current_sid(), SECINITSID_KERNEL,
2349
2284
SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, NULL);
2350
2285
case SYSLOG_ACTION_CONSOLE_OFF: /* Disable logging to console */
2351
2286
case SYSLOG_ACTION_CONSOLE_ON: /* Enable logging to console */
2352
2287
/* Set level of messages printed to console */
2353
2288
case SYSLOG_ACTION_CONSOLE_LEVEL:
2354
-
return avc_has_perm(current_sid(), SECINITSID_KERNEL,
2289
+
return avc_has_perm(&selinux_state,
2290
+
current_sid(), SECINITSID_KERNEL,
2355
2291
SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE,
2356
2292
NULL);
2357
2293
}
2358
2294
/* All other syslog types */
2359
-
return avc_has_perm(current_sid(), SECINITSID_KERNEL,
2295
+
return avc_has_perm(&selinux_state,
2296
+
current_sid(), SECINITSID_KERNEL,
2360
2297
SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, NULL);
2361
2298
}
2362
2299
···
2420
2351
* policy allows the corresponding permission between
2421
2352
* the old and new contexts.
2422
2353
*/
2423
-
if (selinux_policycap_nnp_nosuid_transition) {
2354
+
if (selinux_policycap_nnp_nosuid_transition()) {
2424
2355
av = 0;
2425
2356
if (nnp)
2426
2357
av |= PROCESS2__NNP_TRANSITION;
2427
2358
if (nosuid)
2428
2359
av |= PROCESS2__NOSUID_TRANSITION;
2429
-
rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2360
+
rc = avc_has_perm(&selinux_state,
2361
+
old_tsec->sid, new_tsec->sid,
2430
2362
SECCLASS_PROCESS2, av, NULL);
2431
2363
if (!rc)
2432
2364
return 0;
···
2438
2368
* i.e. SIDs that are guaranteed to only be allowed a subset
2439
2369
* of the permissions of the current SID.
2440
2370
*/
2441
-
rc = security_bounded_transition(old_tsec->sid, new_tsec->sid);
2371
+
rc = security_bounded_transition(&selinux_state, old_tsec->sid,
2372
+
new_tsec->sid);
2442
2373
if (!rc)
2443
2374
return 0;
2444
2375
···
2491
2420
return rc;
2492
2421
} else {
2493
2422
/* Check for a default transition on this program. */
2494
-
rc = security_transition_sid(old_tsec->sid, isec->sid,
2495
-
SECCLASS_PROCESS, NULL,
2423
+
rc = security_transition_sid(&selinux_state, old_tsec->sid,
2424
+
isec->sid, SECCLASS_PROCESS, NULL,
2496
2425
&new_tsec->sid);
2497
2426
if (rc)
2498
2427
return rc;
···
2510
2439
ad.u.file = bprm->file;
2511
2440
2512
2441
if (new_tsec->sid == old_tsec->sid) {
2513
-
rc = avc_has_perm(old_tsec->sid, isec->sid,
2442
+
rc = avc_has_perm(&selinux_state,
2443
+
old_tsec->sid, isec->sid,
2514
2444
SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2515
2445
if (rc)
2516
2446
return rc;
2517
2447
} else {
2518
2448
/* Check permissions for the transition. */
2519
-
rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2449
+
rc = avc_has_perm(&selinux_state,
2450
+
old_tsec->sid, new_tsec->sid,
2520
2451
SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2521
2452
if (rc)
2522
2453
return rc;
2523
2454
2524
-
rc = avc_has_perm(new_tsec->sid, isec->sid,
2455
+
rc = avc_has_perm(&selinux_state,
2456
+
new_tsec->sid, isec->sid,
2525
2457
SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2526
2458
if (rc)
2527
2459
return rc;
2528
2460
2529
2461
/* Check for shared state */
2530
2462
if (bprm->unsafe & LSM_UNSAFE_SHARE) {
2531
-
rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2463
+
rc = avc_has_perm(&selinux_state,
2464
+
old_tsec->sid, new_tsec->sid,
2532
2465
SECCLASS_PROCESS, PROCESS__SHARE,
2533
2466
NULL);
2534
2467
if (rc)
···
2544
2469
if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
2545
2470
u32 ptsid = ptrace_parent_sid();
2546
2471
if (ptsid != 0) {
2547
-
rc = avc_has_perm(ptsid, new_tsec->sid,
2472
+
rc = avc_has_perm(&selinux_state,
2473
+
ptsid, new_tsec->sid,
2548
2474
SECCLASS_PROCESS,
2549
2475
PROCESS__PTRACE, NULL);
2550
2476
if (rc)
···
2559
2483
/* Enable secure mode for SIDs transitions unless
2560
2484
the noatsecure permission is granted between
2561
2485
the two SIDs, i.e. ahp returns 0. */
2562
-
rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2486
+
rc = avc_has_perm(&selinux_state,
2487
+
old_tsec->sid, new_tsec->sid,
2563
2488
SECCLASS_PROCESS, PROCESS__NOATSECURE,
2564
2489
NULL);
2565
2490
bprm->secureexec |= !!rc;
···
2652
2575
* higher than the default soft limit for cases where the default is
2653
2576
* lower than the hard limit, e.g. RLIMIT_CORE or RLIMIT_STACK.
2654
2577
*/
2655
-
rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2578
+
rc = avc_has_perm(&selinux_state,
2579
+
new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2656
2580
PROCESS__RLIMITINH, NULL);
2657
2581
if (rc) {
2658
2582
/* protect against do_prlimit() */
···
2693
2615
* This must occur _after_ the task SID has been updated so that any
2694
2616
* kill done after the flush will be checked against the new SID.
2695
2617
*/
2696
-
rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2618
+
rc = avc_has_perm(&selinux_state,
2619
+
osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2697
2620
if (rc) {
2698
2621
if (IS_ENABLED(CONFIG_POSIX_TIMERS)) {
2699
2622
memset(&itimer, 0, sizeof itimer);
···
2858
2779
2859
2780
if (flags[i] == SBLABEL_MNT)
2860
2781
continue;
2861
-
rc = security_context_str_to_sid(mount_options[i], &sid, GFP_KERNEL);
2782
+
rc = security_context_str_to_sid(&selinux_state,
2783
+
mount_options[i], &sid,
2784
+
GFP_KERNEL);
2862
2785
if (rc) {
2863
2786
printk(KERN_WARNING "SELinux: security_context_str_to_sid"
2864
2787
"(%s) failed for (dev %s, type %s) errno=%d\n",
···
2985
2904
if (rc)
2986
2905
return rc;
2987
2906
2988
-
return security_sid_to_context(newsid, (char **)ctx, ctxlen);
2907
+
return security_sid_to_context(&selinux_state, newsid, (char **)ctx,
2908
+
ctxlen);
2989
2909
}
2990
2910
2991
2911
static int selinux_dentry_create_files_as(struct dentry *dentry, int mode,
···
3040
2958
isec->initialized = LABEL_INITIALIZED;
3041
2959
}
3042
2960
3043
-
if (!ss_initialized || !(sbsec->flags & SBLABEL_MNT))
2961
+
if (!selinux_state.initialized || !(sbsec->flags & SBLABEL_MNT))
3044
2962
return -EOPNOTSUPP;
3045
2963
3046
2964
if (name)
3047
2965
*name = XATTR_SELINUX_SUFFIX;
3048
2966
3049
2967
if (value && len) {
3050
-
rc = security_sid_to_context_force(newsid, &context, &clen);
2968
+
rc = security_sid_to_context_force(&selinux_state, newsid,
2969
+
&context, &clen);
3051
2970
if (rc)
3052
2971
return rc;
3053
2972
*value = context;
···
3123
3040
if (IS_ERR(isec))
3124
3041
return PTR_ERR(isec);
3125
3042
3126
-
return avc_has_perm_flags(sid, isec->sid, isec->sclass, FILE__READ, &ad,
3043
+
return avc_has_perm_flags(&selinux_state,
3044
+
sid, isec->sid, isec->sclass, FILE__READ, &ad,
3127
3045
rcu ? MAY_NOT_BLOCK : 0);
3128
3046
}
3129
3047
···
3140
3056
ad.type = LSM_AUDIT_DATA_INODE;
3141
3057
ad.u.inode = inode;
3142
3058
3143
-
rc = slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms,
3059
+
rc = slow_avc_audit(&selinux_state,
3060
+
current_sid(), isec->sid, isec->sclass, perms,
3144
3061
audited, denied, result, &ad, flags);
3145
3062
if (rc)
3146
3063
return rc;
···
3179
3094
if (IS_ERR(isec))
3180
3095
return PTR_ERR(isec);
3181
3096
3182
-
rc = avc_has_perm_noaudit(sid, isec->sid, isec->sclass, perms, 0, &avd);
3097
+
rc = avc_has_perm_noaudit(&selinux_state,
3098
+
sid, isec->sid, isec->sclass, perms, 0, &avd);
3183
3099
audited = avc_audit_required(perms, &avd, rc,
3184
3100
from_access ? FILE__AUDIT_ACCESS : 0,
3185
3101
&denied);
···
3212
3126
ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
3213
3127
return dentry_has_perm(cred, dentry, FILE__SETATTR);
3214
3128
3215
-
if (selinux_policycap_openperm &&
3129
+
if (selinux_policycap_openperm() &&
3216
3130
inode->i_sb->s_magic != SOCKFS_MAGIC &&
3217
3131
(ia_valid & ATTR_SIZE) &&
3218
3132
!(ia_valid & ATTR_FILE))
···
3269
3183
ad.u.dentry = dentry;
3270
3184
3271
3185
isec = backing_inode_security(dentry);
3272
-
rc = avc_has_perm(sid, isec->sid, isec->sclass,
3186
+
rc = avc_has_perm(&selinux_state,
3187
+
sid, isec->sid, isec->sclass,
3273
3188
FILE__RELABELFROM, &ad);
3274
3189
if (rc)
3275
3190
return rc;
3276
3191
3277
-
rc = security_context_to_sid(value, size, &newsid, GFP_KERNEL);
3192
+
rc = security_context_to_sid(&selinux_state, value, size, &newsid,
3193
+
GFP_KERNEL);
3278
3194
if (rc == -EINVAL) {
3279
3195
if (!has_cap_mac_admin(true)) {
3280
3196
struct audit_buffer *ab;
···
3301
3213
3302
3214
return rc;
3303
3215
}
3304
-
rc = security_context_to_sid_force(value, size, &newsid);
3216
+
rc = security_context_to_sid_force(&selinux_state, value,
3217
+
size, &newsid);
3305
3218
}
3306
3219
if (rc)
3307
3220
return rc;
3308
3221
3309
-
rc = avc_has_perm(sid, newsid, isec->sclass,
3222
+
rc = avc_has_perm(&selinux_state,
3223
+
sid, newsid, isec->sclass,
3310
3224
FILE__RELABELTO, &ad);
3311
3225
if (rc)
3312
3226
return rc;
3313
3227
3314
-
rc = security_validate_transition(isec->sid, newsid, sid,
3315
-
isec->sclass);
3228
+
rc = security_validate_transition(&selinux_state, isec->sid, newsid,
3229
+
sid, isec->sclass);
3316
3230
if (rc)
3317
3231
return rc;
3318
3232
3319
-
return avc_has_perm(newsid,
3233
+
return avc_has_perm(&selinux_state,
3234
+
newsid,
3320
3235
sbsec->sid,
3321
3236
SECCLASS_FILESYSTEM,
3322
3237
FILESYSTEM__ASSOCIATE,
···
3340
3249
return;
3341
3250
}
3342
3251
3343
-
rc = security_context_to_sid_force(value, size, &newsid);
3252
+
rc = security_context_to_sid_force(&selinux_state, value, size,
3253
+
&newsid);
3344
3254
if (rc) {
3345
3255
printk(KERN_ERR "SELinux: unable to map context to SID"
3346
3256
"for (%s, %lu), rc=%d\n",
···
3416
3324
*/
3417
3325
isec = inode_security(inode);
3418
3326
if (has_cap_mac_admin(false))
3419
-
error = security_sid_to_context_force(isec->sid, &context,
3327
+
error = security_sid_to_context_force(&selinux_state,
3328
+
isec->sid, &context,
3420
3329
&size);
3421
3330
else
3422
-
error = security_sid_to_context(isec->sid, &context, &size);
3331
+
error = security_sid_to_context(&selinux_state, isec->sid,
3332
+
&context, &size);
3423
3333
if (error)
3424
3334
return error;
3425
3335
error = size;
···
3447
3353
if (!value || !size)
3448
3354
return -EACCES;
3449
3355
3450
-
rc = security_context_to_sid(value, size, &newsid, GFP_KERNEL);
3356
+
rc = security_context_to_sid(&selinux_state, value, size, &newsid,
3357
+
GFP_KERNEL);
3451
3358
if (rc)
3452
3359
return rc;
3453
3360
···
3537
3442
3538
3443
isec = inode_security(inode);
3539
3444
if (sid == fsec->sid && fsec->isid == isec->sid &&
3540
-
fsec->pseqno == avc_policy_seqno())
3445
+
fsec->pseqno == avc_policy_seqno(&selinux_state))
3541
3446
/* No change since file_open check. */
3542
3447
return 0;
3543
3448
···
3577
3482
ad.u.op->path = file->f_path;
3578
3483
3579
3484
if (ssid != fsec->sid) {
3580
-
rc = avc_has_perm(ssid, fsec->sid,
3485
+
rc = avc_has_perm(&selinux_state,
3486
+
ssid, fsec->sid,
3581
3487
SECCLASS_FD,
3582
3488
FD__USE,
3583
3489
&ad);
···
3590
3494
return 0;
3591
3495
3592
3496
isec = inode_security(inode);
3593
-
rc = avc_has_extended_perms(ssid, isec->sid, isec->sclass,
3594
-
requested, driver, xperm, &ad);
3497
+
rc = avc_has_extended_perms(&selinux_state,
3498
+
ssid, isec->sid, isec->sclass,
3499
+
requested, driver, xperm, &ad);
3595
3500
out:
3596
3501
return rc;
3597
3502
}
···
3660
3563
* private file mapping that will also be writable.
3661
3564
* This has an additional check.
3662
3565
*/
3663
-
rc = avc_has_perm(sid, sid, SECCLASS_PROCESS,
3566
+
rc = avc_has_perm(&selinux_state,
3567
+
sid, sid, SECCLASS_PROCESS,
3664
3568
PROCESS__EXECMEM, NULL);
3665
3569
if (rc)
3666
3570
goto error;
···
3691
3593
3692
3594
if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
3693
3595
u32 sid = current_sid();
3694
-
rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
3596
+
rc = avc_has_perm(&selinux_state,
3597
+
sid, sid, SECCLASS_MEMPROTECT,
3695
3598
MEMPROTECT__MMAP_ZERO, NULL);
3696
3599
}
3697
3600
···
3714
3615
return rc;
3715
3616
}
3716
3617
3717
-
if (selinux_checkreqprot)
3618
+
if (selinux_state.checkreqprot)
3718
3619
prot = reqprot;
3719
3620
3720
3621
return file_map_prot_check(file, prot,
···
3728
3629
const struct cred *cred = current_cred();
3729
3630
u32 sid = cred_sid(cred);
3730
3631
3731
-
if (selinux_checkreqprot)
3632
+
if (selinux_state.checkreqprot)
3732
3633
prot = reqprot;
3733
3634
3734
3635
if (default_noexec &&
···
3736
3637
int rc = 0;
3737
3638
if (vma->vm_start >= vma->vm_mm->start_brk &&
3738
3639
vma->vm_end <= vma->vm_mm->brk) {
3739
-
rc = avc_has_perm(sid, sid, SECCLASS_PROCESS,
3640
+
rc = avc_has_perm(&selinux_state,
3641
+
sid, sid, SECCLASS_PROCESS,
3740
3642
PROCESS__EXECHEAP, NULL);
3741
3643
} else if (!vma->vm_file &&
3742
3644
((vma->vm_start <= vma->vm_mm->start_stack &&
3743
3645
vma->vm_end >= vma->vm_mm->start_stack) ||
3744
3646
vma_is_stack_for_current(vma))) {
3745
-
rc = avc_has_perm(sid, sid, SECCLASS_PROCESS,
3647
+
rc = avc_has_perm(&selinux_state,
3648
+
sid, sid, SECCLASS_PROCESS,
3746
3649
PROCESS__EXECSTACK, NULL);
3747
3650
} else if (vma->vm_file && vma->anon_vma) {
3748
3651
/*
···
3836
3735
else
3837
3736
perm = signal_to_av(signum);
3838
3737
3839
-
return avc_has_perm(fsec->fown_sid, sid,
3738
+
return avc_has_perm(&selinux_state,
3739
+
fsec->fown_sid, sid,
3840
3740
SECCLASS_PROCESS, perm, NULL);
3841
3741
}
3842
3742
···
3863
3761
* struct as its SID.
3864
3762
*/
3865
3763
fsec->isid = isec->sid;
3866
-
fsec->pseqno = avc_policy_seqno();
3764
+
fsec->pseqno = avc_policy_seqno(&selinux_state);
3867
3765
/*
3868
3766
* Since the inode label or policy seqno may have changed
3869
3767
* between the selinux_inode_permission check and the saving
···
3882
3780
{
3883
3781
u32 sid = current_sid();
3884
3782
3885
-
return avc_has_perm(sid, sid, SECCLASS_PROCESS, PROCESS__FORK, NULL);
3783
+
return avc_has_perm(&selinux_state,
3784
+
sid, sid, SECCLASS_PROCESS, PROCESS__FORK, NULL);
3886
3785
}
3887
3786
3888
3787
/*
···
3957
3854
u32 sid = current_sid();
3958
3855
int ret;
3959
3856
3960
-
ret = avc_has_perm(sid, secid,
3857
+
ret = avc_has_perm(&selinux_state,
3858
+
sid, secid,
3961
3859
SECCLASS_KERNEL_SERVICE,
3962
3860
KERNEL_SERVICE__USE_AS_OVERRIDE,
3963
3861
NULL);
···
3982
3878
u32 sid = current_sid();
3983
3879
int ret;
3984
3880
3985
-
ret = avc_has_perm(sid, isec->sid,
3881
+
ret = avc_has_perm(&selinux_state,
3882
+
sid, isec->sid,
3986
3883
SECCLASS_KERNEL_SERVICE,
3987
3884
KERNEL_SERVICE__CREATE_FILES_AS,
3988
3885
NULL);
···
4000
3895
ad.type = LSM_AUDIT_DATA_KMOD;
4001
3896
ad.u.kmod_name = kmod_name;
4002
3897
4003
-
return avc_has_perm(current_sid(), SECINITSID_KERNEL, SECCLASS_SYSTEM,
3898
+
return avc_has_perm(&selinux_state,
3899
+
current_sid(), SECINITSID_KERNEL, SECCLASS_SYSTEM,
4004
3900
SYSTEM__MODULE_REQUEST, &ad);
4005
3901
}
4006
3902
···
4015
3909
4016
3910
/* init_module */
4017
3911
if (file == NULL)
4018
-
return avc_has_perm(sid, sid, SECCLASS_SYSTEM,
3912
+
return avc_has_perm(&selinux_state,
3913
+
sid, sid, SECCLASS_SYSTEM,
4019
3914
SYSTEM__MODULE_LOAD, NULL);
4020
3915
4021
3916
/* finit_module */
···
4026
3919
4027
3920
fsec = file->f_security;
4028
3921
if (sid != fsec->sid) {
4029
-
rc = avc_has_perm(sid, fsec->sid, SECCLASS_FD, FD__USE, &ad);
3922
+
rc = avc_has_perm(&selinux_state,
3923
+
sid, fsec->sid, SECCLASS_FD, FD__USE, &ad);
4030
3924
if (rc)
4031
3925
return rc;
4032
3926
}
4033
3927
4034
3928
isec = inode_security(file_inode(file));
4035
-
return avc_has_perm(sid, isec->sid, SECCLASS_SYSTEM,
3929
+
return avc_has_perm(&selinux_state,
3930
+
sid, isec->sid, SECCLASS_SYSTEM,
4036
3931
SYSTEM__MODULE_LOAD, &ad);
4037
3932
}
4038
3933
···
4056
3947
4057
3948
static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
4058
3949
{
4059
-
return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS,
3950
+
return avc_has_perm(&selinux_state,
3951
+
current_sid(), task_sid(p), SECCLASS_PROCESS,
4060
3952
PROCESS__SETPGID, NULL);
4061
3953
}
4062
3954
4063
3955
static int selinux_task_getpgid(struct task_struct *p)
4064
3956
{
4065
-
return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS,
3957
+
return avc_has_perm(&selinux_state,
3958
+
current_sid(), task_sid(p), SECCLASS_PROCESS,
4066
3959
PROCESS__GETPGID, NULL);
4067
3960
}
4068
3961
4069
3962
static int selinux_task_getsid(struct task_struct *p)
4070
3963
{
4071
-
return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS,
3964
+
return avc_has_perm(&selinux_state,
3965
+
current_sid(), task_sid(p), SECCLASS_PROCESS,
4072
3966
PROCESS__GETSESSION, NULL);
4073
3967
}
4074
3968
···
4082
3970
4083
3971
static int selinux_task_setnice(struct task_struct *p, int nice)
4084
3972
{
4085
-
return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS,
3973
+
return avc_has_perm(&selinux_state,
3974
+
current_sid(), task_sid(p), SECCLASS_PROCESS,
4086
3975
PROCESS__SETSCHED, NULL);
4087
3976
}
4088
3977
4089
3978
static int selinux_task_setioprio(struct task_struct *p, int ioprio)
4090
3979
{
4091
-
return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS,
3980
+
return avc_has_perm(&selinux_state,
3981
+
current_sid(), task_sid(p), SECCLASS_PROCESS,
4092
3982
PROCESS__SETSCHED, NULL);
4093
3983
}
4094
3984
4095
3985
static int selinux_task_getioprio(struct task_struct *p)
4096
3986
{
4097
-
return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS,
3987
+
return avc_has_perm(&selinux_state,
3988
+
current_sid(), task_sid(p), SECCLASS_PROCESS,
4098
3989
PROCESS__GETSCHED, NULL);
4099
3990
}
4100
3991
···
4112
3997
av |= PROCESS__SETRLIMIT;
4113
3998
if (flags & LSM_PRLIMIT_READ)
4114
3999
av |= PROCESS__GETRLIMIT;
4115
-
return avc_has_perm(cred_sid(cred), cred_sid(tcred),
4000
+
return avc_has_perm(&selinux_state,
4001
+
cred_sid(cred), cred_sid(tcred),
4116
4002
SECCLASS_PROCESS, av, NULL);
4117
4003
}
4118
4004
···
4127
4011
later be used as a safe reset point for the soft limit
4128
4012
upon context transitions. See selinux_bprm_committing_creds. */
4129
4013
if (old_rlim->rlim_max != new_rlim->rlim_max)
4130
-
return avc_has_perm(current_sid(), task_sid(p),
4014
+
return avc_has_perm(&selinux_state,
4015
+
current_sid(), task_sid(p),
4131
4016
SECCLASS_PROCESS, PROCESS__SETRLIMIT, NULL);
4132
4017
4133
4018
return 0;
···
4136
4019
4137
4020
static int selinux_task_setscheduler(struct task_struct *p)
4138
4021
{
4139
-
return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS,
4022
+
return avc_has_perm(&selinux_state,
4023
+
current_sid(), task_sid(p), SECCLASS_PROCESS,
4140
4024
PROCESS__SETSCHED, NULL);
4141
4025
}
4142
4026
4143
4027
static int selinux_task_getscheduler(struct task_struct *p)
4144
4028
{
4145
-
return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS,
4029
+
return avc_has_perm(&selinux_state,
4030
+
current_sid(), task_sid(p), SECCLASS_PROCESS,
4146
4031
PROCESS__GETSCHED, NULL);
4147
4032
}
4148
4033
4149
4034
static int selinux_task_movememory(struct task_struct *p)
4150
4035
{
4151
-
return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS,
4036
+
return avc_has_perm(&selinux_state,
4037
+
current_sid(), task_sid(p), SECCLASS_PROCESS,
4152
4038
PROCESS__SETSCHED, NULL);
4153
4039
}
4154
4040
···
4166
4046
perm = signal_to_av(sig);
4167
4047
if (!secid)
4168
4048
secid = current_sid();
4169
-
return avc_has_perm(secid, task_sid(p), SECCLASS_PROCESS, perm, NULL);
4049
+
return avc_has_perm(&selinux_state,
4050
+
secid, task_sid(p), SECCLASS_PROCESS, perm, NULL);
4170
4051
}
4171
4052
4172
4053
static void selinux_task_to_inode(struct task_struct *p,
···
4255
4134
break;
4256
4135
}
4257
4136
4137
+
#if IS_ENABLED(CONFIG_IP_SCTP)
4138
+
case IPPROTO_SCTP: {
4139
+
struct sctphdr _sctph, *sh;
4140
+
4141
+
if (ntohs(ih->frag_off) & IP_OFFSET)
4142
+
break;
4143
+
4144
+
offset += ihlen;
4145
+
sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph);
4146
+
if (sh == NULL)
4147
+
break;
4148
+
4149
+
ad->u.net->sport = sh->source;
4150
+
ad->u.net->dport = sh->dest;
4151
+
break;
4152
+
}
4153
+
#endif
4258
4154
default:
4259
4155
break;
4260
4156
}
···
4345
4207
break;
4346
4208
}
4347
4209
4210
+
#if IS_ENABLED(CONFIG_IP_SCTP)
4211
+
case IPPROTO_SCTP: {
4212
+
struct sctphdr _sctph, *sh;
4213
+
4214
+
sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph);
4215
+
if (sh == NULL)
4216
+
break;
4217
+
4218
+
ad->u.net->sport = sh->source;
4219
+
ad->u.net->dport = sh->dest;
4220
+
break;
4221
+
}
4222
+
#endif
4348
4223
/* includes fragments */
4349
4224
default:
4350
4225
break;
···
4438
4287
if (unlikely(err))
4439
4288
return -EACCES;
4440
4289
4441
-
err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
4290
+
err = security_net_peersid_resolve(&selinux_state, nlbl_sid,
4291
+
nlbl_type, xfrm_sid, sid);
4442
4292
if (unlikely(err)) {
4443
4293
printk(KERN_WARNING
4444
4294
"SELinux: failure in selinux_skb_peerlbl_sid(),"
···
4467
4315
int err = 0;
4468
4316
4469
4317
if (skb_sid != SECSID_NULL)
4470
-
err = security_sid_mls_copy(sk_sid, skb_sid, conn_sid);
4318
+
err = security_sid_mls_copy(&selinux_state, sk_sid, skb_sid,
4319
+
conn_sid);
4471
4320
else
4472
4321
*conn_sid = sk_sid;
4473
4322
···
4485
4332
return 0;
4486
4333
}
4487
4334
4488
-
return security_transition_sid(tsec->sid, tsec->sid, secclass, NULL,
4489
-
socksid);
4335
+
return security_transition_sid(&selinux_state, tsec->sid, tsec->sid,
4336
+
secclass, NULL, socksid);
4490
4337
}
4491
4338
4492
4339
static int sock_has_perm(struct sock *sk, u32 perms)
···
4502
4349
ad.u.net = &net;
4503
4350
ad.u.net->sk = sk;
4504
4351
4505
-
return avc_has_perm(current_sid(), sksec->sid, sksec->sclass, perms,
4352
+
return avc_has_perm(&selinux_state,
4353
+
current_sid(), sksec->sid, sksec->sclass, perms,
4506
4354
&ad);
4507
4355
}
4508
4356
···
4523
4369
if (rc)
4524
4370
return rc;
4525
4371
4526
-
return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
4372
+
return avc_has_perm(&selinux_state,
4373
+
tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
4527
4374
}
4528
4375
4529
4376
static int selinux_socket_post_create(struct socket *sock, int family,
···
4551
4396
sksec = sock->sk->sk_security;
4552
4397
sksec->sclass = sclass;
4553
4398
sksec->sid = sid;
4399
+
/* Allows detection of the first association on this socket */
4400
+
if (sksec->sclass == SECCLASS_SCTP_SOCKET)
4401
+
sksec->sctp_assoc_state = SCTP_ASSOC_UNSET;
4402
+
4554
4403
err = selinux_netlbl_socket_post_create(sock->sk, family);
4555
4404
}
4556
4405
···
4575
4416
if (err)
4576
4417
goto out;
4577
4418
4578
-
/*
4579
-
* If PF_INET or PF_INET6, check name_bind permission for the port.
4580
-
* Multiple address binding for SCTP is not supported yet: we just
4581
-
* check the first address now.
4582
-
*/
4419
+
/* If PF_INET or PF_INET6, check name_bind permission for the port. */
4583
4420
family = sk->sk_family;
4584
4421
if (family == PF_INET || family == PF_INET6) {
4585
4422
char *addrp;
···
4587
4432
unsigned short snum;
4588
4433
u32 sid, node_perm;
4589
4434
4590
-
if (family == PF_INET) {
4591
-
if (addrlen < sizeof(struct sockaddr_in)) {
4592
-
err = -EINVAL;
4593
-
goto out;
4594
-
}
4435
+
/*
4436
+
* sctp_bindx(3) calls via selinux_sctp_bind_connect()
4437
+
* that validates multiple binding addresses. Because of this
4438
+
* need to check address->sa_family as it is possible to have
4439
+
* sk->sk_family = PF_INET6 with addr->sa_family = AF_INET.
4440
+
*/
4441
+
switch (address->sa_family) {
4442
+
case AF_INET:
4443
+
if (addrlen < sizeof(struct sockaddr_in))
4444
+
return -EINVAL;
4595
4445
addr4 = (struct sockaddr_in *)address;
4596
4446
snum = ntohs(addr4->sin_port);
4597
4447
addrp = (char *)&addr4->sin_addr.s_addr;
4598
-
} else {
4599
-
if (addrlen < SIN6_LEN_RFC2133) {
4600
-
err = -EINVAL;
4601
-
goto out;
4602
-
}
4448
+
break;
4449
+
case AF_INET6:
4450
+
if (addrlen < SIN6_LEN_RFC2133)
4451
+
return -EINVAL;
4603
4452
addr6 = (struct sockaddr_in6 *)address;
4604
4453
snum = ntohs(addr6->sin6_port);
4605
4454
addrp = (char *)&addr6->sin6_addr.s6_addr;
4455
+
break;
4456
+
default:
4457
+
/* Note that SCTP services expect -EINVAL, whereas
4458
+
* others expect -EAFNOSUPPORT.
4459
+
*/
4460
+
if (sksec->sclass == SECCLASS_SCTP_SOCKET)
4461
+
return -EINVAL;
4462
+
else
4463
+
return -EAFNOSUPPORT;
4606
4464
}
4607
4465
4608
4466
if (snum) {
···
4633
4465
ad.u.net = &net;
4634
4466
ad.u.net->sport = htons(snum);
4635
4467
ad.u.net->family = family;
4636
-
err = avc_has_perm(sksec->sid, sid,
4468
+
err = avc_has_perm(&selinux_state,
4469
+
sksec->sid, sid,
4637
4470
sksec->sclass,
4638
4471
SOCKET__NAME_BIND, &ad);
4639
4472
if (err)
···
4655
4486
node_perm = DCCP_SOCKET__NODE_BIND;
4656
4487
break;
4657
4488
4489
+
case SECCLASS_SCTP_SOCKET:
4490
+
node_perm = SCTP_SOCKET__NODE_BIND;
4491
+
break;
4492
+
4658
4493
default:
4659
4494
node_perm = RAWIP_SOCKET__NODE_BIND;
4660
4495
break;
···
4673
4500
ad.u.net->sport = htons(snum);
4674
4501
ad.u.net->family = family;
4675
4502
4676
-
if (family == PF_INET)
4503
+
if (address->sa_family == AF_INET)
4677
4504
ad.u.net->v4info.saddr = addr4->sin_addr.s_addr;
4678
4505
else
4679
4506
ad.u.net->v6info.saddr = addr6->sin6_addr;
4680
4507
4681
-
err = avc_has_perm(sksec->sid, sid,
4508
+
err = avc_has_perm(&selinux_state,
4509
+
sksec->sid, sid,
4682
4510
sksec->sclass, node_perm, &ad);
4683
4511
if (err)
4684
4512
goto out;
···
4688
4514
return err;
4689
4515
}
4690
4516
4691
-
static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
4517
+
/* This supports connect(2) and SCTP connect services such as sctp_connectx(3)
4518
+
* and sctp_sendmsg(3) as described in Documentation/security/LSM-sctp.txt
4519
+
*/
4520
+
static int selinux_socket_connect_helper(struct socket *sock,
4521
+
struct sockaddr *address, int addrlen)
4692
4522
{
4693
4523
struct sock *sk = sock->sk;
4694
4524
struct sk_security_struct *sksec = sk->sk_security;
···
4703
4525
return err;
4704
4526
4705
4527
/*
4706
-
* If a TCP or DCCP socket, check name_connect permission for the port.
4528
+
* If a TCP, DCCP or SCTP socket, check name_connect permission
4529
+
* for the port.
4707
4530
*/
4708
4531
if (sksec->sclass == SECCLASS_TCP_SOCKET ||
4709
-
sksec->sclass == SECCLASS_DCCP_SOCKET) {
4532
+
sksec->sclass == SECCLASS_DCCP_SOCKET ||
4533
+
sksec->sclass == SECCLASS_SCTP_SOCKET) {
4710
4534
struct common_audit_data ad;
4711
4535
struct lsm_network_audit net = {0,};
4712
4536
struct sockaddr_in *addr4 = NULL;
···
4716
4536
unsigned short snum;
4717
4537
u32 sid, perm;
4718
4538
4719
-
if (sk->sk_family == PF_INET) {
4539
+
/* sctp_connectx(3) calls via selinux_sctp_bind_connect()
4540
+
* that validates multiple connect addresses. Because of this
4541
+
* need to check address->sa_family as it is possible to have
4542
+
* sk->sk_family = PF_INET6 with addr->sa_family = AF_INET.
4543
+
*/
4544
+
switch (address->sa_family) {
4545
+
case AF_INET:
4720
4546
addr4 = (struct sockaddr_in *)address;
4721
4547
if (addrlen < sizeof(struct sockaddr_in))
4722
4548
return -EINVAL;
4723
4549
snum = ntohs(addr4->sin_port);
4724
-
} else {
4550
+
break;
4551
+
case AF_INET6:
4725
4552
addr6 = (struct sockaddr_in6 *)address;
4726
4553
if (addrlen < SIN6_LEN_RFC2133)
4727
4554
return -EINVAL;
4728
4555
snum = ntohs(addr6->sin6_port);
4556
+
break;
4557
+
default:
4558
+
/* Note that SCTP services expect -EINVAL, whereas
4559
+
* others expect -EAFNOSUPPORT.
4560
+
*/
4561
+
if (sksec->sclass == SECCLASS_SCTP_SOCKET)
4562
+
return -EINVAL;
4563
+
else
4564
+
return -EAFNOSUPPORT;
4729
4565
}
4730
4566
4731
4567
err = sel_netport_sid(sk->sk_protocol, snum, &sid);
4732
4568
if (err)
4733
-
goto out;
4569
+
return err;
4734
4570
4735
-
perm = (sksec->sclass == SECCLASS_TCP_SOCKET) ?
4736
-
TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
4571
+
switch (sksec->sclass) {
4572
+
case SECCLASS_TCP_SOCKET:
4573
+
perm = TCP_SOCKET__NAME_CONNECT;
4574
+
break;
4575
+
case SECCLASS_DCCP_SOCKET:
4576
+
perm = DCCP_SOCKET__NAME_CONNECT;
4577
+
break;
4578
+
case SECCLASS_SCTP_SOCKET:
4579
+
perm = SCTP_SOCKET__NAME_CONNECT;
4580
+
break;
4581
+
}
4737
4582
4738
4583
ad.type = LSM_AUDIT_DATA_NET;
4739
4584
ad.u.net = &net;
4740
4585
ad.u.net->dport = htons(snum);
4741
4586
ad.u.net->family = sk->sk_family;
4742
-
err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad);
4587
+
err = avc_has_perm(&selinux_state,
4588
+
sksec->sid, sid, sksec->sclass, perm, &ad);
4743
4589
if (err)
4744
-
goto out;
4590
+
return err;
4745
4591
}
4746
4592
4747
-
err = selinux_netlbl_socket_connect(sk, address);
4593
+
return 0;
4594
+
}
4748
4595
4749
-
out:
4750
-
return err;
4596
+
/* Supports connect(2), see comments in selinux_socket_connect_helper() */
4597
+
static int selinux_socket_connect(struct socket *sock,
4598
+
struct sockaddr *address, int addrlen)
4599
+
{
4600
+
int err;
4601
+
struct sock *sk = sock->sk;
4602
+
4603
+
err = selinux_socket_connect_helper(sock, address, addrlen);
4604
+
if (err)
4605
+
return err;
4606
+
4607
+
return selinux_netlbl_socket_connect(sk, address);
4751
4608
}
4752
4609
4753
4610
static int selinux_socket_listen(struct socket *sock, int backlog)
···
4877
4660
ad.u.net = &net;
4878
4661
ad.u.net->sk = other;
4879
4662
4880
-
err = avc_has_perm(sksec_sock->sid, sksec_other->sid,
4663
+
err = avc_has_perm(&selinux_state,
4664
+
sksec_sock->sid, sksec_other->sid,
4881
4665
sksec_other->sclass,
4882
4666
UNIX_STREAM_SOCKET__CONNECTTO, &ad);
4883
4667
if (err)
···
4886
4668
4887
4669
/* server child socket */
4888
4670
sksec_new->peer_sid = sksec_sock->sid;
4889
-
err = security_sid_mls_copy(sksec_other->sid, sksec_sock->sid,
4890
-
&sksec_new->sid);
4671
+
err = security_sid_mls_copy(&selinux_state, sksec_other->sid,
4672
+
sksec_sock->sid, &sksec_new->sid);
4891
4673
if (err)
4892
4674
return err;
4893
4675
···
4909
4691
ad.u.net = &net;
4910
4692
ad.u.net->sk = other->sk;
4911
4693
4912
-
return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,
4694
+
return avc_has_perm(&selinux_state,
4695
+
ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,
4913
4696
&ad);
4914
4697
}
4915
4698
···
4925
4706
err = sel_netif_sid(ns, ifindex, &if_sid);
4926
4707
if (err)
4927
4708
return err;
4928
-
err = avc_has_perm(peer_sid, if_sid,
4709
+
err = avc_has_perm(&selinux_state,
4710
+
peer_sid, if_sid,
4929
4711
SECCLASS_NETIF, NETIF__INGRESS, ad);
4930
4712
if (err)
4931
4713
return err;
···
4934
4714
err = sel_netnode_sid(addrp, family, &node_sid);
4935
4715
if (err)
4936
4716
return err;
4937
-
return avc_has_perm(peer_sid, node_sid,
4717
+
return avc_has_perm(&selinux_state,
4718
+
peer_sid, node_sid,
4938
4719
SECCLASS_NODE, NODE__RECVFROM, ad);
4939
4720
}
4940
4721
···
4958
4737
return err;
4959
4738
4960
4739
if (selinux_secmark_enabled()) {
4961
-
err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4740
+
err = avc_has_perm(&selinux_state,
4741
+
sk_sid, skb->secmark, SECCLASS_PACKET,
4962
4742
PACKET__RECV, &ad);
4963
4743
if (err)
4964
4744
return err;
···
4996
4774
* to the selinux_sock_rcv_skb_compat() function to deal with the
4997
4775
* special handling. We do this in an attempt to keep this function
4998
4776
* as fast and as clean as possible. */
4999
-
if (!selinux_policycap_netpeer)
4777
+
if (!selinux_policycap_netpeer())
5000
4778
return selinux_sock_rcv_skb_compat(sk, skb, family);
5001
4779
5002
4780
secmark_active = selinux_secmark_enabled();
···
5024
4802
selinux_netlbl_err(skb, family, err, 0);
5025
4803
return err;
5026
4804
}
5027
-
err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
4805
+
err = avc_has_perm(&selinux_state,
4806
+
sk_sid, peer_sid, SECCLASS_PEER,
5028
4807
PEER__RECV, &ad);
5029
4808
if (err) {
5030
4809
selinux_netlbl_err(skb, family, err, 0);
···
5034
4811
}
5035
4812
5036
4813
if (secmark_active) {
5037
-
err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4814
+
err = avc_has_perm(&selinux_state,
4815
+
sk_sid, skb->secmark, SECCLASS_PACKET,
5038
4816
PACKET__RECV, &ad);
5039
4817
if (err)
5040
4818
return err;
···
5054
4830
u32 peer_sid = SECSID_NULL;
5055
4831
5056
4832
if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
5057
-
sksec->sclass == SECCLASS_TCP_SOCKET)
4833
+
sksec->sclass == SECCLASS_TCP_SOCKET ||
4834
+
sksec->sclass == SECCLASS_SCTP_SOCKET)
5058
4835
peer_sid = sksec->peer_sid;
5059
4836
if (peer_sid == SECSID_NULL)
5060
4837
return -ENOPROTOOPT;
5061
4838
5062
-
err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
4839
+
err = security_sid_to_context(&selinux_state, peer_sid, &scontext,
4840
+
&scontext_len);
5063
4841
if (err)
5064
4842
return err;
5065
4843
···
5169
4943
sksec->sclass = isec->sclass;
5170
4944
}
5171
4945
4946
+
/* Called whenever SCTP receives an INIT chunk. This happens when an incoming
4947
+
* connect(2), sctp_connectx(3) or sctp_sendmsg(3) (with no association
4948
+
* already present).
4949
+
*/
4950
+
static int selinux_sctp_assoc_request(struct sctp_endpoint *ep,
4951
+
struct sk_buff *skb)
4952
+
{
4953
+
struct sk_security_struct *sksec = ep->base.sk->sk_security;
4954
+
struct common_audit_data ad;
4955
+
struct lsm_network_audit net = {0,};
4956
+
u8 peerlbl_active;
4957
+
u32 peer_sid = SECINITSID_UNLABELED;
4958
+
u32 conn_sid;
4959
+
int err = 0;
4960
+
4961
+
if (!selinux_policycap_extsockclass())
4962
+
return 0;
4963
+
4964
+
peerlbl_active = selinux_peerlbl_enabled();
4965
+
4966
+
if (peerlbl_active) {
4967
+
/* This will return peer_sid = SECSID_NULL if there are
4968
+
* no peer labels, see security_net_peersid_resolve().
4969
+
*/
4970
+
err = selinux_skb_peerlbl_sid(skb, ep->base.sk->sk_family,
4971
+
&peer_sid);
4972
+
if (err)
4973
+
return err;
4974
+
4975
+
if (peer_sid == SECSID_NULL)
4976
+
peer_sid = SECINITSID_UNLABELED;
4977
+
}
4978
+
4979
+
if (sksec->sctp_assoc_state == SCTP_ASSOC_UNSET) {
4980
+
sksec->sctp_assoc_state = SCTP_ASSOC_SET;
4981
+
4982
+
/* Here as first association on socket. As the peer SID
4983
+
* was allowed by peer recv (and the netif/node checks),
4984
+
* then it is approved by policy and used as the primary
4985
+
* peer SID for getpeercon(3).
4986
+
*/
4987
+
sksec->peer_sid = peer_sid;
4988
+
} else if (sksec->peer_sid != peer_sid) {
4989
+
/* Other association peer SIDs are checked to enforce
4990
+
* consistency among the peer SIDs.
4991
+
*/
4992
+
ad.type = LSM_AUDIT_DATA_NET;
4993
+
ad.u.net = &net;
4994
+
ad.u.net->sk = ep->base.sk;
4995
+
err = avc_has_perm(&selinux_state,
4996
+
sksec->peer_sid, peer_sid, sksec->sclass,
4997
+
SCTP_SOCKET__ASSOCIATION, &ad);
4998
+
if (err)
4999
+
return err;
5000
+
}
5001
+
5002
+
/* Compute the MLS component for the connection and store
5003
+
* the information in ep. This will be used by SCTP TCP type
5004
+
* sockets and peeled off connections as they cause a new
5005
+
* socket to be generated. selinux_sctp_sk_clone() will then
5006
+
* plug this into the new socket.
5007
+
*/
5008
+
err = selinux_conn_sid(sksec->sid, peer_sid, &conn_sid);
5009
+
if (err)
5010
+
return err;
5011
+
5012
+
ep->secid = conn_sid;
5013
+
ep->peer_secid = peer_sid;
5014
+
5015
+
/* Set any NetLabel labels including CIPSO/CALIPSO options. */
5016
+
return selinux_netlbl_sctp_assoc_request(ep, skb);
5017
+
}
5018
+
5019
+
/* Check if sctp IPv4/IPv6 addresses are valid for binding or connecting
5020
+
* based on their @optname.
5021
+
*/
5022
+
static int selinux_sctp_bind_connect(struct sock *sk, int optname,
5023
+
struct sockaddr *address,
5024
+
int addrlen)
5025
+
{
5026
+
int len, err = 0, walk_size = 0;
5027
+
void *addr_buf;
5028
+
struct sockaddr *addr;
5029
+
struct socket *sock;
5030
+
5031
+
if (!selinux_policycap_extsockclass())
5032
+
return 0;
5033
+
5034
+
/* Process one or more addresses that may be IPv4 or IPv6 */
5035
+
sock = sk->sk_socket;
5036
+
addr_buf = address;
5037
+
5038
+
while (walk_size < addrlen) {
5039
+
addr = addr_buf;
5040
+
switch (addr->sa_family) {
5041
+
case AF_INET:
5042
+
len = sizeof(struct sockaddr_in);
5043
+
break;
5044
+
case AF_INET6:
5045
+
len = sizeof(struct sockaddr_in6);
5046
+
break;
5047
+
default:
5048
+
return -EAFNOSUPPORT;
5049
+
}
5050
+
5051
+
err = -EINVAL;
5052
+
switch (optname) {
5053
+
/* Bind checks */
5054
+
case SCTP_PRIMARY_ADDR:
5055
+
case SCTP_SET_PEER_PRIMARY_ADDR:
5056
+
case SCTP_SOCKOPT_BINDX_ADD:
5057
+
err = selinux_socket_bind(sock, addr, len);
5058
+
break;
5059
+
/* Connect checks */
5060
+
case SCTP_SOCKOPT_CONNECTX:
5061
+
case SCTP_PARAM_SET_PRIMARY:
5062
+
case SCTP_PARAM_ADD_IP:
5063
+
case SCTP_SENDMSG_CONNECT:
5064
+
err = selinux_socket_connect_helper(sock, addr, len);
5065
+
if (err)
5066
+
return err;
5067
+
5068
+
/* As selinux_sctp_bind_connect() is called by the
5069
+
* SCTP protocol layer, the socket is already locked,
5070
+
* therefore selinux_netlbl_socket_connect_locked() is
5071
+
* is called here. The situations handled are:
5072
+
* sctp_connectx(3), sctp_sendmsg(3), sendmsg(2),
5073
+
* whenever a new IP address is added or when a new
5074
+
* primary address is selected.
5075
+
* Note that an SCTP connect(2) call happens before
5076
+
* the SCTP protocol layer and is handled via
5077
+
* selinux_socket_connect().
5078
+
*/
5079
+
err = selinux_netlbl_socket_connect_locked(sk, addr);
5080
+
break;
5081
+
}
5082
+
5083
+
if (err)
5084
+
return err;
5085
+
5086
+
addr_buf += len;
5087
+
walk_size += len;
5088
+
}
5089
+
5090
+
return 0;
5091
+
}
5092
+
5093
+
/* Called whenever a new socket is created by accept(2) or sctp_peeloff(3). */
5094
+
static void selinux_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk,
5095
+
struct sock *newsk)
5096
+
{
5097
+
struct sk_security_struct *sksec = sk->sk_security;
5098
+
struct sk_security_struct *newsksec = newsk->sk_security;
5099
+
5100
+
/* If policy does not support SECCLASS_SCTP_SOCKET then call
5101
+
* the non-sctp clone version.
5102
+
*/
5103
+
if (!selinux_policycap_extsockclass())
5104
+
return selinux_sk_clone_security(sk, newsk);
5105
+
5106
+
newsksec->sid = ep->secid;
5107
+
newsksec->peer_sid = ep->peer_secid;
5108
+
newsksec->sclass = sksec->sclass;
5109
+
selinux_netlbl_sctp_sk_clone(sk, newsk);
5110
+
}
5111
+
5172
5112
static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
5173
5113
struct request_sock *req)
5174
5114
{
···
5393
5001
__tsec = current_security();
5394
5002
tsid = __tsec->sid;
5395
5003
5396
-
return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, NULL);
5004
+
return avc_has_perm(&selinux_state,
5005
+
tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO,
5006
+
NULL);
5397
5007
}
5398
5008
5399
5009
static void selinux_secmark_refcount_inc(void)
···
5443
5049
* connections unlike traditional sockets - check the TUN driver to
5444
5050
* get a better understanding of why this socket is special */
5445
5051
5446
-
return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
5052
+
return avc_has_perm(&selinux_state,
5053
+
sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
5447
5054
NULL);
5448
5055
}
5449
5056
···
5452
5057
{
5453
5058
struct tun_security_struct *tunsec = security;
5454
5059
5455
-
return avc_has_perm(current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET,
5060
+
return avc_has_perm(&selinux_state,
5061
+
current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET,
5456
5062
TUN_SOCKET__ATTACH_QUEUE, NULL);
5457
5063
}
5458
5064
···
5481
5085
u32 sid = current_sid();
5482
5086
int err;
5483
5087
5484
-
err = avc_has_perm(sid, tunsec->sid, SECCLASS_TUN_SOCKET,
5088
+
err = avc_has_perm(&selinux_state,
5089
+
sid, tunsec->sid, SECCLASS_TUN_SOCKET,
5485
5090
TUN_SOCKET__RELABELFROM, NULL);
5486
5091
if (err)
5487
5092
return err;
5488
-
err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET,
5093
+
err = avc_has_perm(&selinux_state,
5094
+
sid, sid, SECCLASS_TUN_SOCKET,
5489
5095
TUN_SOCKET__RELABELTO, NULL);
5490
5096
if (err)
5491
5097
return err;
···
5518
5120
sk->sk_protocol, nlh->nlmsg_type,
5519
5121
secclass_map[sksec->sclass - 1].name,
5520
5122
task_pid_nr(current), current->comm);
5521
-
if (!selinux_enforcing || security_get_allow_unknown())
5123
+
if (!enforcing_enabled(&selinux_state) ||
5124
+
security_get_allow_unknown(&selinux_state))
5522
5125
err = 0;
5523
5126
}
5524
5127
···
5549
5150
u8 netlbl_active;
5550
5151
u8 peerlbl_active;
5551
5152
5552
-
if (!selinux_policycap_netpeer)
5153
+
if (!selinux_policycap_netpeer())
5553
5154
return NF_ACCEPT;
5554
5155
5555
5156
secmark_active = selinux_secmark_enabled();
···
5578
5179
}
5579
5180
5580
5181
if (secmark_active)
5581
-
if (avc_has_perm(peer_sid, skb->secmark,
5182
+
if (avc_has_perm(&selinux_state,
5183
+
peer_sid, skb->secmark,
5582
5184
SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
5583
5185
return NF_DROP;
5584
5186
···
5691
5291
return NF_DROP;
5692
5292
5693
5293
if (selinux_secmark_enabled())
5694
-
if (avc_has_perm(sksec->sid, skb->secmark,
5294
+
if (avc_has_perm(&selinux_state,
5295
+
sksec->sid, skb->secmark,
5695
5296
SECCLASS_PACKET, PACKET__SEND, &ad))
5696
5297
return NF_DROP_ERR(-ECONNREFUSED);
5697
5298
···
5720
5319
* to the selinux_ip_postroute_compat() function to deal with the
5721
5320
* special handling. We do this in an attempt to keep this function
5722
5321
* as fast and as clean as possible. */
5723
-
if (!selinux_policycap_netpeer)
5322
+
if (!selinux_policycap_netpeer())
5724
5323
return selinux_ip_postroute_compat(skb, ifindex, family);
5725
5324
5726
5325
secmark_active = selinux_secmark_enabled();
···
5815
5414
return NF_DROP;
5816
5415
5817
5416
if (secmark_active)
5818
-
if (avc_has_perm(peer_sid, skb->secmark,
5417
+
if (avc_has_perm(&selinux_state,
5418
+
peer_sid, skb->secmark,
5819
5419
SECCLASS_PACKET, secmark_perm, &ad))
5820
5420
return NF_DROP_ERR(-ECONNREFUSED);
5821
5421
···
5826
5424
5827
5425
if (sel_netif_sid(dev_net(outdev), ifindex, &if_sid))
5828
5426
return NF_DROP;
5829
-
if (avc_has_perm(peer_sid, if_sid,
5427
+
if (avc_has_perm(&selinux_state,
5428
+
peer_sid, if_sid,
5830
5429
SECCLASS_NETIF, NETIF__EGRESS, &ad))
5831
5430
return NF_DROP_ERR(-ECONNREFUSED);
5832
5431
5833
5432
if (sel_netnode_sid(addrp, family, &node_sid))
5834
5433
return NF_DROP;
5835
-
if (avc_has_perm(peer_sid, node_sid,
5434
+
if (avc_has_perm(&selinux_state,
5435
+
peer_sid, node_sid,
5836
5436
SECCLASS_NODE, NODE__SENDTO, &ad))
5837
5437
return NF_DROP_ERR(-ECONNREFUSED);
5838
5438
}
···
5922
5518
ad.type = LSM_AUDIT_DATA_IPC;
5923
5519
ad.u.ipc_id = ipc_perms->key;
5924
5520
5925
-
return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
5521
+
return avc_has_perm(&selinux_state,
5522
+
sid, isec->sid, isec->sclass, perms, &ad);
5926
5523
}
5927
5524
5928
5525
static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
···
5953
5548
ad.type = LSM_AUDIT_DATA_IPC;
5954
5549
ad.u.ipc_id = msq->key;
5955
5550
5956
-
rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5551
+
rc = avc_has_perm(&selinux_state,
5552
+
sid, isec->sid, SECCLASS_MSGQ,
5957
5553
MSGQ__CREATE, &ad);
5958
5554
if (rc) {
5959
5555
ipc_free_security(msq);
···
5979
5573
ad.type = LSM_AUDIT_DATA_IPC;
5980
5574
ad.u.ipc_id = msq->key;
5981
5575
5982
-
return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5576
+
return avc_has_perm(&selinux_state,
5577
+
sid, isec->sid, SECCLASS_MSGQ,
5983
5578
MSGQ__ASSOCIATE, &ad);
5984
5579
}
5985
5580
···
5993
5586
case IPC_INFO:
5994
5587
case MSG_INFO:
5995
5588
/* No specific object, just general system-wide information. */
5996
-
return avc_has_perm(current_sid(), SECINITSID_KERNEL,
5589
+
return avc_has_perm(&selinux_state,
5590
+
current_sid(), SECINITSID_KERNEL,
5997
5591
SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL);
5998
5592
case IPC_STAT:
5999
5593
case MSG_STAT:
···
6033
5625
* Compute new sid based on current process and
6034
5626
* message queue this message will be stored in
6035
5627
*/
6036
-
rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG,
6037
-
NULL, &msec->sid);
5628
+
rc = security_transition_sid(&selinux_state, sid, isec->sid,
5629
+
SECCLASS_MSG, NULL, &msec->sid);
6038
5630
if (rc)
6039
5631
return rc;
6040
5632
}
···
6043
5635
ad.u.ipc_id = msq->key;
6044
5636
6045
5637
/* Can this process write to the queue? */
6046
-
rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5638
+
rc = avc_has_perm(&selinux_state,
5639
+
sid, isec->sid, SECCLASS_MSGQ,
6047
5640
MSGQ__WRITE, &ad);
6048
5641
if (!rc)
6049
5642
/* Can this process send the message */
6050
-
rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG,
5643
+
rc = avc_has_perm(&selinux_state,
5644
+
sid, msec->sid, SECCLASS_MSG,
6051
5645
MSG__SEND, &ad);
6052
5646
if (!rc)
6053
5647
/* Can the message be put in the queue? */
6054
-
rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ,
5648
+
rc = avc_has_perm(&selinux_state,
5649
+
msec->sid, isec->sid, SECCLASS_MSGQ,
6055
5650
MSGQ__ENQUEUE, &ad);
6056
5651
6057
5652
return rc;
···
6076
5665
ad.type = LSM_AUDIT_DATA_IPC;
6077
5666
ad.u.ipc_id = msq->key;
6078
5667
6079
-
rc = avc_has_perm(sid, isec->sid,
5668
+
rc = avc_has_perm(&selinux_state,
5669
+
sid, isec->sid,
6080
5670
SECCLASS_MSGQ, MSGQ__READ, &ad);
6081
5671
if (!rc)
6082
-
rc = avc_has_perm(sid, msec->sid,
5672
+
rc = avc_has_perm(&selinux_state,
5673
+
sid, msec->sid,
6083
5674
SECCLASS_MSG, MSG__RECEIVE, &ad);
6084
5675
return rc;
6085
5676
}
···
6103
5690
ad.type = LSM_AUDIT_DATA_IPC;
6104
5691
ad.u.ipc_id = shp->key;
6105
5692
6106
-
rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5693
+
rc = avc_has_perm(&selinux_state,
5694
+
sid, isec->sid, SECCLASS_SHM,
6107
5695
SHM__CREATE, &ad);
6108
5696
if (rc) {
6109
5697
ipc_free_security(shp);
···
6129
5715
ad.type = LSM_AUDIT_DATA_IPC;
6130
5716
ad.u.ipc_id = shp->key;
6131
5717
6132
-
return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5718
+
return avc_has_perm(&selinux_state,
5719
+
sid, isec->sid, SECCLASS_SHM,
6133
5720
SHM__ASSOCIATE, &ad);
6134
5721
}
6135
5722
···
6144
5729
case IPC_INFO:
6145
5730
case SHM_INFO:
6146
5731
/* No specific object, just general system-wide information. */
6147
-
return avc_has_perm(current_sid(), SECINITSID_KERNEL,
5732
+
return avc_has_perm(&selinux_state,
5733
+
current_sid(), SECINITSID_KERNEL,
6148
5734
SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL);
6149
5735
case IPC_STAT:
6150
5736
case SHM_STAT:
···
6199
5783
ad.type = LSM_AUDIT_DATA_IPC;
6200
5784
ad.u.ipc_id = sma->key;
6201
5785
6202
-
rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5786
+
rc = avc_has_perm(&selinux_state,
5787
+
sid, isec->sid, SECCLASS_SEM,
6203
5788
SEM__CREATE, &ad);
6204
5789
if (rc) {
6205
5790
ipc_free_security(sma);
···
6225
5808
ad.type = LSM_AUDIT_DATA_IPC;
6226
5809
ad.u.ipc_id = sma->key;
6227
5810
6228
-
return avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5811
+
return avc_has_perm(&selinux_state,
5812
+
sid, isec->sid, SECCLASS_SEM,
6229
5813
SEM__ASSOCIATE, &ad);
6230
5814
}
6231
5815
···
6240
5822
case IPC_INFO:
6241
5823
case SEM_INFO:
6242
5824
/* No specific object, just general system-wide information. */
6243
-
return avc_has_perm(current_sid(), SECINITSID_KERNEL,
5825
+
return avc_has_perm(&selinux_state,
5826
+
current_sid(), SECINITSID_KERNEL,
6244
5827
SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL);
6245
5828
case GETPID:
6246
5829
case GETNCNT:
···
6327
5908
__tsec = __task_cred(p)->security;
6328
5909
6329
5910
if (current != p) {
6330
-
error = avc_has_perm(current_sid(), __tsec->sid,
5911
+
error = avc_has_perm(&selinux_state,
5912
+
current_sid(), __tsec->sid,
6331
5913
SECCLASS_PROCESS, PROCESS__GETATTR, NULL);
6332
5914
if (error)
6333
5915
goto bad;
···
6355
5935
if (!sid)
6356
5936
return 0;
6357
5937
6358
-
error = security_sid_to_context(sid, value, &len);
5938
+
error = security_sid_to_context(&selinux_state, sid, value, &len);
6359
5939
if (error)
6360
5940
return error;
6361
5941
return len;
···
6377
5957
* Basic control over ability to set these attributes at all.
6378
5958
*/
6379
5959
if (!strcmp(name, "exec"))
6380
-
error = avc_has_perm(mysid, mysid, SECCLASS_PROCESS,
5960
+
error = avc_has_perm(&selinux_state,
5961
+
mysid, mysid, SECCLASS_PROCESS,
6381
5962
PROCESS__SETEXEC, NULL);
6382
5963
else if (!strcmp(name, "fscreate"))
6383
-
error = avc_has_perm(mysid, mysid, SECCLASS_PROCESS,
5964
+
error = avc_has_perm(&selinux_state,
5965
+
mysid, mysid, SECCLASS_PROCESS,
6384
5966
PROCESS__SETFSCREATE, NULL);
6385
5967
else if (!strcmp(name, "keycreate"))
6386
-
error = avc_has_perm(mysid, mysid, SECCLASS_PROCESS,
5968
+
error = avc_has_perm(&selinux_state,
5969
+
mysid, mysid, SECCLASS_PROCESS,
6387
5970
PROCESS__SETKEYCREATE, NULL);
6388
5971
else if (!strcmp(name, "sockcreate"))
6389
-
error = avc_has_perm(mysid, mysid, SECCLASS_PROCESS,
5972
+
error = avc_has_perm(&selinux_state,
5973
+
mysid, mysid, SECCLASS_PROCESS,
6390
5974
PROCESS__SETSOCKCREATE, NULL);
6391
5975
else if (!strcmp(name, "current"))
6392
-
error = avc_has_perm(mysid, mysid, SECCLASS_PROCESS,
5976
+
error = avc_has_perm(&selinux_state,
5977
+
mysid, mysid, SECCLASS_PROCESS,
6393
5978
PROCESS__SETCURRENT, NULL);
6394
5979
else
6395
5980
error = -EINVAL;
···
6407
5982
str[size-1] = 0;
6408
5983
size--;
6409
5984
}
6410
-
error = security_context_to_sid(value, size, &sid, GFP_KERNEL);
5985
+
error = security_context_to_sid(&selinux_state, value, size,
5986
+
&sid, GFP_KERNEL);
6411
5987
if (error == -EINVAL && !strcmp(name, "fscreate")) {
6412
5988
if (!has_cap_mac_admin(true)) {
6413
5989
struct audit_buffer *ab;
···
6427
6001
6428
6002
return error;
6429
6003
}
6430
-
error = security_context_to_sid_force(value, size,
6431
-
&sid);
6004
+
error = security_context_to_sid_force(
6005
+
&selinux_state,
6006
+
value, size, &sid);
6432
6007
}
6433
6008
if (error)
6434
6009
return error;
···
6451
6024
} else if (!strcmp(name, "fscreate")) {
6452
6025
tsec->create_sid = sid;
6453
6026
} else if (!strcmp(name, "keycreate")) {
6454
-
error = avc_has_perm(mysid, sid, SECCLASS_KEY, KEY__CREATE,
6027
+
error = avc_has_perm(&selinux_state,
6028
+
mysid, sid, SECCLASS_KEY, KEY__CREATE,
6455
6029
NULL);
6456
6030
if (error)
6457
6031
goto abort_change;
···
6467
6039
/* Only allow single threaded processes to change context */
6468
6040
error = -EPERM;
6469
6041
if (!current_is_single_threaded()) {
6470
-
error = security_bounded_transition(tsec->sid, sid);
6042
+
error = security_bounded_transition(&selinux_state,
6043
+
tsec->sid, sid);
6471
6044
if (error)
6472
6045
goto abort_change;
6473
6046
}
6474
6047
6475
6048
/* Check permissions for the transition. */
6476
-
error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
6049
+
error = avc_has_perm(&selinux_state,
6050
+
tsec->sid, sid, SECCLASS_PROCESS,
6477
6051
PROCESS__DYNTRANSITION, NULL);
6478
6052
if (error)
6479
6053
goto abort_change;
···
6484
6054
Otherwise, leave SID unchanged and fail. */
6485
6055
ptsid = ptrace_parent_sid();
6486
6056
if (ptsid != 0) {
6487
-
error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
6057
+
error = avc_has_perm(&selinux_state,
6058
+
ptsid, sid, SECCLASS_PROCESS,
6488
6059
PROCESS__PTRACE, NULL);
6489
6060
if (error)
6490
6061
goto abort_change;
···
6512
6081
6513
6082
static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
6514
6083
{
6515
-
return security_sid_to_context(secid, secdata, seclen);
6084
+
return security_sid_to_context(&selinux_state, secid,
6085
+
secdata, seclen);
6516
6086
}
6517
6087
6518
6088
static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
6519
6089
{
6520
-
return security_context_to_sid(secdata, seclen, secid, GFP_KERNEL);
6090
+
return security_context_to_sid(&selinux_state, secdata, seclen,
6091
+
secid, GFP_KERNEL);
6521
6092
}
6522
6093
6523
6094
static void selinux_release_secctx(char *secdata, u32 seclen)
···
6611
6178
key = key_ref_to_ptr(key_ref);
6612
6179
ksec = key->security;
6613
6180
6614
-
return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL);
6181
+
return avc_has_perm(&selinux_state,
6182
+
sid, ksec->sid, SECCLASS_KEY, perm, NULL);
6615
6183
}
6616
6184
6617
6185
static int selinux_key_getsecurity(struct key *key, char **_buffer)
···
6622
6188
unsigned len;
6623
6189
int rc;
6624
6190
6625
-
rc = security_sid_to_context(ksec->sid, &context, &len);
6191
+
rc = security_sid_to_context(&selinux_state, ksec->sid,
6192
+
&context, &len);
6626
6193
if (!rc)
6627
6194
rc = len;
6628
6195
*_buffer = context;
···
6648
6213
ibpkey.subnet_prefix = subnet_prefix;
6649
6214
ibpkey.pkey = pkey_val;
6650
6215
ad.u.ibpkey = &ibpkey;
6651
-
return avc_has_perm(sec->sid, sid,
6216
+
return avc_has_perm(&selinux_state,
6217
+
sec->sid, sid,
6652
6218
SECCLASS_INFINIBAND_PKEY,
6653
6219
INFINIBAND_PKEY__ACCESS, &ad);
6654
6220
}
···
6663
6227
struct ib_security_struct *sec = ib_sec;
6664
6228
struct lsm_ibendport_audit ibendport;
6665
6229
6666
-
err = security_ib_endport_sid(dev_name, port_num, &sid);
6230
+
err = security_ib_endport_sid(&selinux_state, dev_name, port_num,
6231
+
&sid);
6667
6232
6668
6233
if (err)
6669
6234
return err;
···
6673
6236
strncpy(ibendport.dev_name, dev_name, sizeof(ibendport.dev_name));
6674
6237
ibendport.port = port_num;
6675
6238
ad.u.ibendport = &ibendport;
6676
-
return avc_has_perm(sec->sid, sid,
6239
+
return avc_has_perm(&selinux_state,
6240
+
sec->sid, sid,
6677
6241
SECCLASS_INFINIBAND_ENDPORT,
6678
6242
INFINIBAND_ENDPORT__MANAGE_SUBNET, &ad);
6679
6243
}
···
6707
6269
6708
6270
switch (cmd) {
6709
6271
case BPF_MAP_CREATE:
6710
-
ret = avc_has_perm(sid, sid, SECCLASS_BPF, BPF__MAP_CREATE,
6272
+
ret = avc_has_perm(&selinux_state,
6273
+
sid, sid, SECCLASS_BPF, BPF__MAP_CREATE,
6711
6274
NULL);
6712
6275
break;
6713
6276
case BPF_PROG_LOAD:
6714
-
ret = avc_has_perm(sid, sid, SECCLASS_BPF, BPF__PROG_LOAD,
6277
+
ret = avc_has_perm(&selinux_state,
6278
+
sid, sid, SECCLASS_BPF, BPF__PROG_LOAD,
6715
6279
NULL);
6716
6280
break;
6717
6281
default:
···
6753
6313
if (file->f_op == &bpf_map_fops) {
6754
6314
map = file->private_data;
6755
6315
bpfsec = map->security;
6756
-
ret = avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF,
6316
+
ret = avc_has_perm(&selinux_state,
6317
+
sid, bpfsec->sid, SECCLASS_BPF,
6757
6318
bpf_map_fmode_to_av(file->f_mode), NULL);
6758
6319
if (ret)
6759
6320
return ret;
6760
6321
} else if (file->f_op == &bpf_prog_fops) {
6761
6322
prog = file->private_data;
6762
6323
bpfsec = prog->aux->security;
6763
-
ret = avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF,
6324
+
ret = avc_has_perm(&selinux_state,
6325
+
sid, bpfsec->sid, SECCLASS_BPF,
6764
6326
BPF__PROG_RUN, NULL);
6765
6327
if (ret)
6766
6328
return ret;
···
6776
6334
struct bpf_security_struct *bpfsec;
6777
6335
6778
6336
bpfsec = map->security;
6779
-
return avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF,
6337
+
return avc_has_perm(&selinux_state,
6338
+
sid, bpfsec->sid, SECCLASS_BPF,
6780
6339
bpf_map_fmode_to_av(fmode), NULL);
6781
6340
}
6782
6341
···
6787
6344
struct bpf_security_struct *bpfsec;
6788
6345
6789
6346
bpfsec = prog->aux->security;
6790
-
return avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF,
6347
+
return avc_has_perm(&selinux_state,
6348
+
sid, bpfsec->sid, SECCLASS_BPF,
6791
6349
BPF__PROG_RUN, NULL);
6792
6350
}
6793
6351
···
7007
6563
LSM_HOOK_INIT(sk_clone_security, selinux_sk_clone_security),
7008
6564
LSM_HOOK_INIT(sk_getsecid, selinux_sk_getsecid),
7009
6565
LSM_HOOK_INIT(sock_graft, selinux_sock_graft),
6566
+
LSM_HOOK_INIT(sctp_assoc_request, selinux_sctp_assoc_request),
6567
+
LSM_HOOK_INIT(sctp_sk_clone, selinux_sctp_sk_clone),
6568
+
LSM_HOOK_INIT(sctp_bind_connect, selinux_sctp_bind_connect),
7010
6569
LSM_HOOK_INIT(inet_conn_request, selinux_inet_conn_request),
7011
6570
LSM_HOOK_INIT(inet_csk_clone, selinux_inet_csk_clone),
7012
6571
LSM_HOOK_INIT(inet_conn_established, selinux_inet_conn_established),
···
7085
6638
7086
6639
printk(KERN_INFO "SELinux: Initializing.\n");
7087
6640
6641
+
memset(&selinux_state, 0, sizeof(selinux_state));
6642
+
enforcing_set(&selinux_state, selinux_enforcing_boot);
6643
+
selinux_state.checkreqprot = selinux_checkreqprot_boot;
6644
+
selinux_ss_init(&selinux_state.ss);
6645
+
selinux_avc_init(&selinux_state.avc);
6646
+
7088
6647
/* Set the security state for the initial task. */
7089
6648
cred_init_security();
7090
6649
···
7104
6651
0, SLAB_PANIC, NULL);
7105
6652
avc_init();
7106
6653
6654
+
avtab_cache_init();
6655
+
6656
+
ebitmap_cache_init();
6657
+
6658
+
hashtab_cache_init();
6659
+
7107
6660
security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), "selinux");
7108
6661
7109
6662
if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET))
···
7118
6659
if (avc_add_callback(selinux_lsm_notifier_avc_callback, AVC_CALLBACK_RESET))
7119
6660
panic("SELinux: Unable to register AVC LSM notifier callback\n");
7120
6661
7121
-
if (selinux_enforcing)
6662
+
if (selinux_enforcing_boot)
7122
6663
printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
7123
6664
else
7124
6665
printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
···
7239
6780
#endif /* CONFIG_NETFILTER */
7240
6781
7241
6782
#ifdef CONFIG_SECURITY_SELINUX_DISABLE
7242
-
static int selinux_disabled;
7243
-
7244
-
int selinux_disable(void)
6783
+
int selinux_disable(struct selinux_state *state)
7245
6784
{
7246
-
if (ss_initialized) {
6785
+
if (state->initialized) {
7247
6786
/* Not permitted after initial policy load. */
7248
6787
return -EINVAL;
7249
6788
}
7250
6789
7251
-
if (selinux_disabled) {
6790
+
if (state->disabled) {
7252
6791
/* Only do this once. */
7253
6792
return -EINVAL;
7254
6793
}
7255
6794
6795
+
state->disabled = 1;
6796
+
7256
6797
printk(KERN_INFO "SELinux: Disabled at runtime.\n");
7257
6798
7258
-
selinux_disabled = 1;
7259
6799
selinux_enabled = 0;
7260
6800
7261
6801
security_delete_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks));
+2
-1
security/selinux/ibpkey.c
+2
-1
security/selinux/ibpkey.c
+21
-17
security/selinux/include/avc.h
+21
-17
security/selinux/include/avc.h
···
20
20
#include "av_permissions.h"
21
21
#include "security.h"
22
22
23
-
#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
24
-
extern int selinux_enforcing;
25
-
#else
26
-
#define selinux_enforcing 1
27
-
#endif
28
-
29
23
/*
30
24
* An entry in the AVC.
31
25
*/
···
52
58
u32 audited;
53
59
u32 denied;
54
60
int result;
61
+
struct selinux_state *state;
55
62
};
56
63
57
64
/*
···
97
102
return audited;
98
103
}
99
104
100
-
int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
105
+
int slow_avc_audit(struct selinux_state *state,
106
+
u32 ssid, u32 tsid, u16 tclass,
101
107
u32 requested, u32 audited, u32 denied, int result,
102
108
struct common_audit_data *a,
103
109
unsigned flags);
···
123
127
* be performed under a lock, to allow the lock to be released
124
128
* before calling the auditing code.
125
129
*/
126
-
static inline int avc_audit(u32 ssid, u32 tsid,
130
+
static inline int avc_audit(struct selinux_state *state,
131
+
u32 ssid, u32 tsid,
127
132
u16 tclass, u32 requested,
128
133
struct av_decision *avd,
129
134
int result,
···
135
138
audited = avc_audit_required(requested, avd, result, 0, &denied);
136
139
if (likely(!audited))
137
140
return 0;
138
-
return slow_avc_audit(ssid, tsid, tclass,
141
+
return slow_avc_audit(state, ssid, tsid, tclass,
139
142
requested, audited, denied, result,
140
143
a, flags);
141
144
}
142
145
143
146
#define AVC_STRICT 1 /* Ignore permissive mode. */
144
147
#define AVC_EXTENDED_PERMS 2 /* update extended permissions */
145
-
int avc_has_perm_noaudit(u32 ssid, u32 tsid,
148
+
int avc_has_perm_noaudit(struct selinux_state *state,
149
+
u32 ssid, u32 tsid,
146
150
u16 tclass, u32 requested,
147
151
unsigned flags,
148
152
struct av_decision *avd);
149
153
150
-
int avc_has_perm(u32 ssid, u32 tsid,
154
+
int avc_has_perm(struct selinux_state *state,
155
+
u32 ssid, u32 tsid,
151
156
u16 tclass, u32 requested,
152
157
struct common_audit_data *auditdata);
153
-
int avc_has_perm_flags(u32 ssid, u32 tsid,
158
+
int avc_has_perm_flags(struct selinux_state *state,
159
+
u32 ssid, u32 tsid,
154
160
u16 tclass, u32 requested,
155
161
struct common_audit_data *auditdata,
156
162
int flags);
157
163
158
-
int avc_has_extended_perms(u32 ssid, u32 tsid, u16 tclass, u32 requested,
159
-
u8 driver, u8 perm, struct common_audit_data *ad);
164
+
int avc_has_extended_perms(struct selinux_state *state,
165
+
u32 ssid, u32 tsid, u16 tclass, u32 requested,
166
+
u8 driver, u8 perm, struct common_audit_data *ad);
160
167
161
168
162
-
u32 avc_policy_seqno(void);
169
+
u32 avc_policy_seqno(struct selinux_state *state);
163
170
164
171
#define AVC_CALLBACK_GRANT 1
165
172
#define AVC_CALLBACK_TRY_REVOKE 2
···
178
177
int avc_add_callback(int (*callback)(u32 event), u32 events);
179
178
180
179
/* Exported to selinuxfs */
181
-
int avc_get_hash_stats(char *page);
182
-
extern unsigned int avc_cache_threshold;
180
+
struct selinux_avc;
181
+
int avc_get_hash_stats(struct selinux_avc *avc, char *page);
182
+
unsigned int avc_get_cache_threshold(struct selinux_avc *avc);
183
+
void avc_set_cache_threshold(struct selinux_avc *avc,
184
+
unsigned int cache_threshold);
183
185
184
186
/* Attempt to free avc node cache */
185
187
void avc_disable(void);
+2
-7
security/selinux/include/avc_ss.h
+2
-7
security/selinux/include/avc_ss.h
···
9
9
10
10
#include "flask.h"
11
11
12
-
int avc_ss_reset(u32 seqno);
12
+
struct selinux_avc;
13
+
int avc_ss_reset(struct selinux_avc *avc, u32 seqno);
13
14
14
15
/* Class/perm mapping support */
15
16
struct security_class_mapping {
···
19
18
};
20
19
21
20
extern struct security_class_mapping secclass_map[];
22
-
23
-
/*
24
-
* The security server must be initialized before
25
-
* any labeling or access decisions can be provided.
26
-
*/
27
-
extern int ss_initialized;
28
21
29
22
#endif /* _SELINUX_AVC_SS_H_ */
30
23
+1
-1
security/selinux/include/classmap.h
+1
-1
security/selinux/include/classmap.h
+8
-3
security/selinux/include/conditional.h
+8
-3
security/selinux/include/conditional.h
···
13
13
#ifndef _SELINUX_CONDITIONAL_H_
14
14
#define _SELINUX_CONDITIONAL_H_
15
15
16
-
int security_get_bools(int *len, char ***names, int **values);
16
+
#include "security.h"
17
17
18
-
int security_set_bools(int len, int *values);
18
+
int security_get_bools(struct selinux_state *state,
19
+
int *len, char ***names, int **values);
19
20
20
-
int security_get_bool_value(int index);
21
+
int security_set_bools(struct selinux_state *state,
22
+
int len, int *values);
23
+
24
+
int security_get_bool_value(struct selinux_state *state,
25
+
int index);
21
26
22
27
#endif
+21
-1
security/selinux/include/netlabel.h
+21
-1
security/selinux/include/netlabel.h
···
32
32
#include <linux/skbuff.h>
33
33
#include <net/sock.h>
34
34
#include <net/request_sock.h>
35
+
#include <net/sctp/structs.h>
35
36
36
37
#include "avc.h"
37
38
#include "objsec.h"
···
53
52
int selinux_netlbl_skbuff_setsid(struct sk_buff *skb,
54
53
u16 family,
55
54
u32 sid);
56
-
55
+
int selinux_netlbl_sctp_assoc_request(struct sctp_endpoint *ep,
56
+
struct sk_buff *skb);
57
57
int selinux_netlbl_inet_conn_request(struct request_sock *req, u16 family);
58
58
void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family);
59
+
void selinux_netlbl_sctp_sk_clone(struct sock *sk, struct sock *newsk);
59
60
int selinux_netlbl_socket_post_create(struct sock *sk, u16 family);
60
61
int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
61
62
struct sk_buff *skb,
···
67
64
int level,
68
65
int optname);
69
66
int selinux_netlbl_socket_connect(struct sock *sk, struct sockaddr *addr);
67
+
int selinux_netlbl_socket_connect_locked(struct sock *sk,
68
+
struct sockaddr *addr);
70
69
71
70
#else
72
71
static inline void selinux_netlbl_cache_invalidate(void)
···
118
113
return 0;
119
114
}
120
115
116
+
static inline int selinux_netlbl_sctp_assoc_request(struct sctp_endpoint *ep,
117
+
struct sk_buff *skb)
118
+
{
119
+
return 0;
120
+
}
121
121
static inline int selinux_netlbl_inet_conn_request(struct request_sock *req,
122
122
u16 family)
123
123
{
124
124
return 0;
125
125
}
126
126
static inline void selinux_netlbl_inet_csk_clone(struct sock *sk, u16 family)
127
+
{
128
+
return;
129
+
}
130
+
static inline void selinux_netlbl_sctp_sk_clone(struct sock *sk,
131
+
struct sock *newsk)
127
132
{
128
133
return;
129
134
}
···
157
142
}
158
143
static inline int selinux_netlbl_socket_connect(struct sock *sk,
159
144
struct sockaddr *addr)
145
+
{
146
+
return 0;
147
+
}
148
+
static inline int selinux_netlbl_socket_connect_locked(struct sock *sk,
149
+
struct sockaddr *addr)
160
150
{
161
151
return 0;
162
152
}
+4
-2
security/selinux/include/objsec.h
+4
-2
security/selinux/include/objsec.h
···
130
130
u32 sid; /* SID of this object */
131
131
u32 peer_sid; /* SID of peer */
132
132
u16 sclass; /* sock security class */
133
+
enum { /* SCTP association state */
134
+
SCTP_ASSOC_UNSET = 0,
135
+
SCTP_ASSOC_SET,
136
+
} sctp_assoc_state;
133
137
};
134
138
135
139
struct tun_security_struct {
···
157
153
struct bpf_security_struct {
158
154
u32 sid; /*SID of bpf obj creater*/
159
155
};
160
-
161
-
extern unsigned int selinux_checkreqprot;
162
156
163
157
#endif /* _SELINUX_OBJSEC_H_ */
+172
-59
security/selinux/include/security.h
+172
-59
security/selinux/include/security.h
···
13
13
#include <linux/dcache.h>
14
14
#include <linux/magic.h>
15
15
#include <linux/types.h>
16
+
#include <linux/refcount.h>
17
+
#include <linux/workqueue.h>
16
18
#include "flask.h"
17
19
18
20
#define SECSID_NULL 0x00000000 /* unspecified SID */
···
83
81
84
82
extern char *selinux_policycap_names[__POLICYDB_CAPABILITY_MAX];
85
83
86
-
extern int selinux_policycap_netpeer;
87
-
extern int selinux_policycap_openperm;
88
-
extern int selinux_policycap_extsockclass;
89
-
extern int selinux_policycap_alwaysnetwork;
90
-
extern int selinux_policycap_cgroupseclabel;
91
-
extern int selinux_policycap_nnp_nosuid_transition;
92
-
93
84
/*
94
85
* type_datum properties
95
86
* available at the kernel policy version >= POLICYDB_VERSION_BOUNDARY
···
93
98
/* limitation of boundary depth */
94
99
#define POLICYDB_BOUNDS_MAXDEPTH 4
95
100
96
-
int security_mls_enabled(void);
101
+
struct selinux_avc;
102
+
struct selinux_ss;
97
103
98
-
int security_load_policy(void *data, size_t len);
99
-
int security_read_policy(void **data, size_t *len);
100
-
size_t security_policydb_len(void);
104
+
struct selinux_state {
105
+
bool disabled;
106
+
#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
107
+
bool enforcing;
108
+
#endif
109
+
bool checkreqprot;
110
+
bool initialized;
111
+
bool policycap[__POLICYDB_CAPABILITY_MAX];
112
+
struct selinux_avc *avc;
113
+
struct selinux_ss *ss;
114
+
};
101
115
102
-
int security_policycap_supported(unsigned int req_cap);
116
+
void selinux_ss_init(struct selinux_ss **ss);
117
+
void selinux_avc_init(struct selinux_avc **avc);
118
+
119
+
extern struct selinux_state selinux_state;
120
+
121
+
#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
122
+
static inline bool enforcing_enabled(struct selinux_state *state)
123
+
{
124
+
return state->enforcing;
125
+
}
126
+
127
+
static inline void enforcing_set(struct selinux_state *state, bool value)
128
+
{
129
+
state->enforcing = value;
130
+
}
131
+
#else
132
+
static inline bool enforcing_enabled(struct selinux_state *state)
133
+
{
134
+
return true;
135
+
}
136
+
137
+
static inline void enforcing_set(struct selinux_state *state, bool value)
138
+
{
139
+
}
140
+
#endif
141
+
142
+
static inline bool selinux_policycap_netpeer(void)
143
+
{
144
+
struct selinux_state *state = &selinux_state;
145
+
146
+
return state->policycap[POLICYDB_CAPABILITY_NETPEER];
147
+
}
148
+
149
+
static inline bool selinux_policycap_openperm(void)
150
+
{
151
+
struct selinux_state *state = &selinux_state;
152
+
153
+
return state->policycap[POLICYDB_CAPABILITY_OPENPERM];
154
+
}
155
+
156
+
static inline bool selinux_policycap_extsockclass(void)
157
+
{
158
+
struct selinux_state *state = &selinux_state;
159
+
160
+
return state->policycap[POLICYDB_CAPABILITY_EXTSOCKCLASS];
161
+
}
162
+
163
+
static inline bool selinux_policycap_alwaysnetwork(void)
164
+
{
165
+
struct selinux_state *state = &selinux_state;
166
+
167
+
return state->policycap[POLICYDB_CAPABILITY_ALWAYSNETWORK];
168
+
}
169
+
170
+
static inline bool selinux_policycap_cgroupseclabel(void)
171
+
{
172
+
struct selinux_state *state = &selinux_state;
173
+
174
+
return state->policycap[POLICYDB_CAPABILITY_CGROUPSECLABEL];
175
+
}
176
+
177
+
static inline bool selinux_policycap_nnp_nosuid_transition(void)
178
+
{
179
+
struct selinux_state *state = &selinux_state;
180
+
181
+
return state->policycap[POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION];
182
+
}
183
+
184
+
int security_mls_enabled(struct selinux_state *state);
185
+
int security_load_policy(struct selinux_state *state,
186
+
void *data, size_t len);
187
+
int security_read_policy(struct selinux_state *state,
188
+
void **data, size_t *len);
189
+
size_t security_policydb_len(struct selinux_state *state);
190
+
191
+
int security_policycap_supported(struct selinux_state *state,
192
+
unsigned int req_cap);
103
193
104
194
#define SEL_VEC_MAX 32
105
195
struct av_decision {
···
221
141
/* definitions of av_decision.flags */
222
142
#define AVD_FLAGS_PERMISSIVE 0x0001
223
143
224
-
void security_compute_av(u32 ssid, u32 tsid,
144
+
void security_compute_av(struct selinux_state *state,
145
+
u32 ssid, u32 tsid,
225
146
u16 tclass, struct av_decision *avd,
226
147
struct extended_perms *xperms);
227
148
228
-
void security_compute_xperms_decision(u32 ssid, u32 tsid, u16 tclass,
229
-
u8 driver, struct extended_perms_decision *xpermd);
149
+
void security_compute_xperms_decision(struct selinux_state *state,
150
+
u32 ssid, u32 tsid, u16 tclass,
151
+
u8 driver,
152
+
struct extended_perms_decision *xpermd);
230
153
231
-
void security_compute_av_user(u32 ssid, u32 tsid,
232
-
u16 tclass, struct av_decision *avd);
154
+
void security_compute_av_user(struct selinux_state *state,
155
+
u32 ssid, u32 tsid,
156
+
u16 tclass, struct av_decision *avd);
233
157
234
-
int security_transition_sid(u32 ssid, u32 tsid, u16 tclass,
158
+
int security_transition_sid(struct selinux_state *state,
159
+
u32 ssid, u32 tsid, u16 tclass,
235
160
const struct qstr *qstr, u32 *out_sid);
236
161
237
-
int security_transition_sid_user(u32 ssid, u32 tsid, u16 tclass,
162
+
int security_transition_sid_user(struct selinux_state *state,
163
+
u32 ssid, u32 tsid, u16 tclass,
238
164
const char *objname, u32 *out_sid);
239
165
240
-
int security_member_sid(u32 ssid, u32 tsid,
241
-
u16 tclass, u32 *out_sid);
166
+
int security_member_sid(struct selinux_state *state, u32 ssid, u32 tsid,
167
+
u16 tclass, u32 *out_sid);
242
168
243
-
int security_change_sid(u32 ssid, u32 tsid,
244
-
u16 tclass, u32 *out_sid);
169
+
int security_change_sid(struct selinux_state *state, u32 ssid, u32 tsid,
170
+
u16 tclass, u32 *out_sid);
245
171
246
-
int security_sid_to_context(u32 sid, char **scontext,
247
-
u32 *scontext_len);
172
+
int security_sid_to_context(struct selinux_state *state, u32 sid,
173
+
char **scontext, u32 *scontext_len);
248
174
249
-
int security_sid_to_context_force(u32 sid, char **scontext, u32 *scontext_len);
175
+
int security_sid_to_context_force(struct selinux_state *state,
176
+
u32 sid, char **scontext, u32 *scontext_len);
250
177
251
-
int security_context_to_sid(const char *scontext, u32 scontext_len,
178
+
int security_context_to_sid(struct selinux_state *state,
179
+
const char *scontext, u32 scontext_len,
252
180
u32 *out_sid, gfp_t gfp);
253
181
254
-
int security_context_str_to_sid(const char *scontext, u32 *out_sid, gfp_t gfp);
182
+
int security_context_str_to_sid(struct selinux_state *state,
183
+
const char *scontext, u32 *out_sid, gfp_t gfp);
255
184
256
-
int security_context_to_sid_default(const char *scontext, u32 scontext_len,
185
+
int security_context_to_sid_default(struct selinux_state *state,
186
+
const char *scontext, u32 scontext_len,
257
187
u32 *out_sid, u32 def_sid, gfp_t gfp_flags);
258
188
259
-
int security_context_to_sid_force(const char *scontext, u32 scontext_len,
189
+
int security_context_to_sid_force(struct selinux_state *state,
190
+
const char *scontext, u32 scontext_len,
260
191
u32 *sid);
261
192
262
-
int security_get_user_sids(u32 callsid, char *username,
193
+
int security_get_user_sids(struct selinux_state *state,
194
+
u32 callsid, char *username,
263
195
u32 **sids, u32 *nel);
264
196
265
-
int security_port_sid(u8 protocol, u16 port, u32 *out_sid);
197
+
int security_port_sid(struct selinux_state *state,
198
+
u8 protocol, u16 port, u32 *out_sid);
266
199
267
-
int security_ib_pkey_sid(u64 subnet_prefix, u16 pkey_num, u32 *out_sid);
200
+
int security_ib_pkey_sid(struct selinux_state *state,
201
+
u64 subnet_prefix, u16 pkey_num, u32 *out_sid);
268
202
269
-
int security_ib_endport_sid(const char *dev_name, u8 port_num, u32 *out_sid);
203
+
int security_ib_endport_sid(struct selinux_state *state,
204
+
const char *dev_name, u8 port_num, u32 *out_sid);
270
205
271
-
int security_netif_sid(char *name, u32 *if_sid);
206
+
int security_netif_sid(struct selinux_state *state,
207
+
char *name, u32 *if_sid);
272
208
273
-
int security_node_sid(u16 domain, void *addr, u32 addrlen,
274
-
u32 *out_sid);
209
+
int security_node_sid(struct selinux_state *state,
210
+
u16 domain, void *addr, u32 addrlen,
211
+
u32 *out_sid);
275
212
276
-
int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
213
+
int security_validate_transition(struct selinux_state *state,
214
+
u32 oldsid, u32 newsid, u32 tasksid,
277
215
u16 tclass);
278
216
279
-
int security_validate_transition_user(u32 oldsid, u32 newsid, u32 tasksid,
217
+
int security_validate_transition_user(struct selinux_state *state,
218
+
u32 oldsid, u32 newsid, u32 tasksid,
280
219
u16 tclass);
281
220
282
-
int security_bounded_transition(u32 oldsid, u32 newsid);
221
+
int security_bounded_transition(struct selinux_state *state,
222
+
u32 oldsid, u32 newsid);
283
223
284
-
int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid);
224
+
int security_sid_mls_copy(struct selinux_state *state,
225
+
u32 sid, u32 mls_sid, u32 *new_sid);
285
226
286
-
int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type,
227
+
int security_net_peersid_resolve(struct selinux_state *state,
228
+
u32 nlbl_sid, u32 nlbl_type,
287
229
u32 xfrm_sid,
288
230
u32 *peer_sid);
289
231
290
-
int security_get_classes(char ***classes, int *nclasses);
291
-
int security_get_permissions(char *class, char ***perms, int *nperms);
292
-
int security_get_reject_unknown(void);
293
-
int security_get_allow_unknown(void);
232
+
int security_get_classes(struct selinux_state *state,
233
+
char ***classes, int *nclasses);
234
+
int security_get_permissions(struct selinux_state *state,
235
+
char *class, char ***perms, int *nperms);
236
+
int security_get_reject_unknown(struct selinux_state *state);
237
+
int security_get_allow_unknown(struct selinux_state *state);
294
238
295
239
#define SECURITY_FS_USE_XATTR 1 /* use xattr */
296
240
#define SECURITY_FS_USE_TRANS 2 /* use transition SIDs, e.g. devpts/tmpfs */
···
325
221
#define SECURITY_FS_USE_NATIVE 7 /* use native label support */
326
222
#define SECURITY_FS_USE_MAX 7 /* Highest SECURITY_FS_USE_XXX */
327
223
328
-
int security_fs_use(struct super_block *sb);
224
+
int security_fs_use(struct selinux_state *state, struct super_block *sb);
329
225
330
-
int security_genfs_sid(const char *fstype, char *name, u16 sclass,
331
-
u32 *sid);
226
+
int security_genfs_sid(struct selinux_state *state,
227
+
const char *fstype, char *name, u16 sclass,
228
+
u32 *sid);
332
229
333
230
#ifdef CONFIG_NETLABEL
334
-
int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr,
231
+
int security_netlbl_secattr_to_sid(struct selinux_state *state,
232
+
struct netlbl_lsm_secattr *secattr,
335
233
u32 *sid);
336
234
337
-
int security_netlbl_sid_to_secattr(u32 sid,
235
+
int security_netlbl_sid_to_secattr(struct selinux_state *state,
236
+
u32 sid,
338
237
struct netlbl_lsm_secattr *secattr);
339
238
#else
340
-
static inline int security_netlbl_secattr_to_sid(
239
+
static inline int security_netlbl_secattr_to_sid(struct selinux_state *state,
341
240
struct netlbl_lsm_secattr *secattr,
342
241
u32 *sid)
343
242
{
344
243
return -EIDRM;
345
244
}
346
245
347
-
static inline int security_netlbl_sid_to_secattr(u32 sid,
348
-
struct netlbl_lsm_secattr *secattr)
246
+
static inline int security_netlbl_sid_to_secattr(struct selinux_state *state,
247
+
u32 sid,
248
+
struct netlbl_lsm_secattr *secattr)
349
249
{
350
250
return -ENOENT;
351
251
}
···
360
252
/*
361
253
* status notifier using mmap interface
362
254
*/
363
-
extern struct page *selinux_kernel_status_page(void);
255
+
extern struct page *selinux_kernel_status_page(struct selinux_state *state);
364
256
365
257
#define SELINUX_KERNEL_STATUS_VERSION 1
366
258
struct selinux_kernel_status {
···
374
266
*/
375
267
} __packed;
376
268
377
-
extern void selinux_status_update_setenforce(int enforcing);
378
-
extern void selinux_status_update_policyload(int seqno);
269
+
extern void selinux_status_update_setenforce(struct selinux_state *state,
270
+
int enforcing);
271
+
extern void selinux_status_update_policyload(struct selinux_state *state,
272
+
int seqno);
379
273
extern void selinux_complete_init(void);
380
-
extern int selinux_disable(void);
274
+
extern int selinux_disable(struct selinux_state *state);
381
275
extern void exit_sel_fs(void);
382
276
extern struct path selinux_null;
383
277
extern struct vfsmount *selinuxfs_mount;
···
387
277
extern void selnl_notify_policyload(u32 seqno);
388
278
extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm);
389
279
390
-
#endif /* _SELINUX_SECURITY_H_ */
280
+
extern void avtab_cache_init(void);
281
+
extern void ebitmap_cache_init(void);
282
+
extern void hashtab_cache_init(void);
391
283
284
+
#endif /* _SELINUX_SECURITY_H_ */
+1
-1
security/selinux/netif.c
+1
-1
security/selinux/netif.c
+147
-31
security/selinux/netlabel.c
+147
-31
security/selinux/netlabel.c
···
59
59
{
60
60
int rc;
61
61
62
-
rc = security_netlbl_secattr_to_sid(secattr, sid);
62
+
rc = security_netlbl_secattr_to_sid(&selinux_state, secattr, sid);
63
63
if (rc == 0 &&
64
64
(secattr->flags & NETLBL_SECATTR_CACHEABLE) &&
65
65
(secattr->flags & NETLBL_SECATTR_CACHE))
···
90
90
secattr = netlbl_secattr_alloc(GFP_ATOMIC);
91
91
if (secattr == NULL)
92
92
return NULL;
93
-
rc = security_netlbl_sid_to_secattr(sksec->sid, secattr);
93
+
rc = security_netlbl_sid_to_secattr(&selinux_state, sksec->sid,
94
+
secattr);
94
95
if (rc != 0) {
95
96
netlbl_secattr_free(secattr);
96
97
return NULL;
···
250
249
sk = skb_to_full_sk(skb);
251
250
if (sk != NULL) {
252
251
struct sk_security_struct *sksec = sk->sk_security;
252
+
253
253
if (sksec->nlbl_state != NLBL_REQSKB)
254
254
return 0;
255
255
secattr = selinux_netlbl_sock_getattr(sk, sid);
···
258
256
if (secattr == NULL) {
259
257
secattr = &secattr_storage;
260
258
netlbl_secattr_init(secattr);
261
-
rc = security_netlbl_sid_to_secattr(sid, secattr);
259
+
rc = security_netlbl_sid_to_secattr(&selinux_state, sid,
260
+
secattr);
262
261
if (rc != 0)
263
262
goto skbuff_setsid_return;
264
263
}
···
269
266
skbuff_setsid_return:
270
267
if (secattr == &secattr_storage)
271
268
netlbl_secattr_destroy(secattr);
269
+
return rc;
270
+
}
271
+
272
+
/**
273
+
* selinux_netlbl_sctp_assoc_request - Label an incoming sctp association.
274
+
* @ep: incoming association endpoint.
275
+
* @skb: the packet.
276
+
*
277
+
* Description:
278
+
* A new incoming connection is represented by @ep, ......
279
+
* Returns zero on success, negative values on failure.
280
+
*
281
+
*/
282
+
int selinux_netlbl_sctp_assoc_request(struct sctp_endpoint *ep,
283
+
struct sk_buff *skb)
284
+
{
285
+
int rc;
286
+
struct netlbl_lsm_secattr secattr;
287
+
struct sk_security_struct *sksec = ep->base.sk->sk_security;
288
+
struct sockaddr *addr;
289
+
struct sockaddr_in addr4;
290
+
#if IS_ENABLED(CONFIG_IPV6)
291
+
struct sockaddr_in6 addr6;
292
+
#endif
293
+
294
+
if (ep->base.sk->sk_family != PF_INET &&
295
+
ep->base.sk->sk_family != PF_INET6)
296
+
return 0;
297
+
298
+
netlbl_secattr_init(&secattr);
299
+
rc = security_netlbl_sid_to_secattr(&selinux_state,
300
+
ep->secid, &secattr);
301
+
if (rc != 0)
302
+
goto assoc_request_return;
303
+
304
+
/* Move skb hdr address info to a struct sockaddr and then call
305
+
* netlbl_conn_setattr().
306
+
*/
307
+
if (ip_hdr(skb)->version == 4) {
308
+
addr4.sin_family = AF_INET;
309
+
addr4.sin_addr.s_addr = ip_hdr(skb)->saddr;
310
+
addr = (struct sockaddr *)&addr4;
311
+
#if IS_ENABLED(CONFIG_IPV6)
312
+
} else {
313
+
addr6.sin6_family = AF_INET6;
314
+
addr6.sin6_addr = ipv6_hdr(skb)->saddr;
315
+
addr = (struct sockaddr *)&addr6;
316
+
#endif
317
+
}
318
+
319
+
rc = netlbl_conn_setattr(ep->base.sk, addr, &secattr);
320
+
if (rc == 0)
321
+
sksec->nlbl_state = NLBL_LABELED;
322
+
323
+
assoc_request_return:
324
+
netlbl_secattr_destroy(&secattr);
272
325
return rc;
273
326
}
274
327
···
348
289
return 0;
349
290
350
291
netlbl_secattr_init(&secattr);
351
-
rc = security_netlbl_sid_to_secattr(req->secid, &secattr);
292
+
rc = security_netlbl_sid_to_secattr(&selinux_state, req->secid,
293
+
&secattr);
352
294
if (rc != 0)
353
295
goto inet_conn_request_return;
354
296
rc = netlbl_req_setattr(req, &secattr);
···
376
316
sksec->nlbl_state = NLBL_LABELED;
377
317
else
378
318
sksec->nlbl_state = NLBL_UNSET;
319
+
}
320
+
321
+
/**
322
+
* selinux_netlbl_sctp_sk_clone - Copy state to the newly created sock
323
+
* @sk: current sock
324
+
* @newsk: the new sock
325
+
*
326
+
* Description:
327
+
* Called whenever a new socket is created by accept(2) or sctp_peeloff(3).
328
+
*/
329
+
void selinux_netlbl_sctp_sk_clone(struct sock *sk, struct sock *newsk)
330
+
{
331
+
struct sk_security_struct *sksec = sk->sk_security;
332
+
struct sk_security_struct *newsksec = newsk->sk_security;
333
+
334
+
newsksec->nlbl_state = sksec->nlbl_state;
379
335
}
380
336
381
337
/**
···
478
402
perm = RAWIP_SOCKET__RECVFROM;
479
403
}
480
404
481
-
rc = avc_has_perm(sksec->sid, nlbl_sid, sksec->sclass, perm, ad);
405
+
rc = avc_has_perm(&selinux_state,
406
+
sksec->sid, nlbl_sid, sksec->sclass, perm, ad);
482
407
if (rc == 0)
483
408
return 0;
484
409
···
546
469
}
547
470
548
471
/**
472
+
* selinux_netlbl_socket_connect_helper - Help label a client-side socket on
473
+
* connect
474
+
* @sk: the socket to label
475
+
* @addr: the destination address
476
+
*
477
+
* Description:
478
+
* Attempt to label a connected socket with NetLabel using the given address.
479
+
* Returns zero values on success, negative values on failure.
480
+
*
481
+
*/
482
+
static int selinux_netlbl_socket_connect_helper(struct sock *sk,
483
+
struct sockaddr *addr)
484
+
{
485
+
int rc;
486
+
struct sk_security_struct *sksec = sk->sk_security;
487
+
struct netlbl_lsm_secattr *secattr;
488
+
489
+
/* connected sockets are allowed to disconnect when the address family
490
+
* is set to AF_UNSPEC, if that is what is happening we want to reset
491
+
* the socket */
492
+
if (addr->sa_family == AF_UNSPEC) {
493
+
netlbl_sock_delattr(sk);
494
+
sksec->nlbl_state = NLBL_REQSKB;
495
+
rc = 0;
496
+
return rc;
497
+
}
498
+
secattr = selinux_netlbl_sock_genattr(sk);
499
+
if (secattr == NULL) {
500
+
rc = -ENOMEM;
501
+
return rc;
502
+
}
503
+
rc = netlbl_conn_setattr(sk, addr, secattr);
504
+
if (rc == 0)
505
+
sksec->nlbl_state = NLBL_CONNLABELED;
506
+
507
+
return rc;
508
+
}
509
+
510
+
/**
511
+
* selinux_netlbl_socket_connect_locked - Label a client-side socket on
512
+
* connect
513
+
* @sk: the socket to label
514
+
* @addr: the destination address
515
+
*
516
+
* Description:
517
+
* Attempt to label a connected socket that already has the socket locked
518
+
* with NetLabel using the given address.
519
+
* Returns zero values on success, negative values on failure.
520
+
*
521
+
*/
522
+
int selinux_netlbl_socket_connect_locked(struct sock *sk,
523
+
struct sockaddr *addr)
524
+
{
525
+
struct sk_security_struct *sksec = sk->sk_security;
526
+
527
+
if (sksec->nlbl_state != NLBL_REQSKB &&
528
+
sksec->nlbl_state != NLBL_CONNLABELED)
529
+
return 0;
530
+
531
+
return selinux_netlbl_socket_connect_helper(sk, addr);
532
+
}
533
+
534
+
/**
549
535
* selinux_netlbl_socket_connect - Label a client-side socket on connect
550
536
* @sk: the socket to label
551
537
* @addr: the destination address
···
621
481
int selinux_netlbl_socket_connect(struct sock *sk, struct sockaddr *addr)
622
482
{
623
483
int rc;
624
-
struct sk_security_struct *sksec = sk->sk_security;
625
-
struct netlbl_lsm_secattr *secattr;
626
-
627
-
if (sksec->nlbl_state != NLBL_REQSKB &&
628
-
sksec->nlbl_state != NLBL_CONNLABELED)
629
-
return 0;
630
484
631
485
lock_sock(sk);
632
-
633
-
/* connected sockets are allowed to disconnect when the address family
634
-
* is set to AF_UNSPEC, if that is what is happening we want to reset
635
-
* the socket */
636
-
if (addr->sa_family == AF_UNSPEC) {
637
-
netlbl_sock_delattr(sk);
638
-
sksec->nlbl_state = NLBL_REQSKB;
639
-
rc = 0;
640
-
goto socket_connect_return;
641
-
}
642
-
secattr = selinux_netlbl_sock_genattr(sk);
643
-
if (secattr == NULL) {
644
-
rc = -ENOMEM;
645
-
goto socket_connect_return;
646
-
}
647
-
rc = netlbl_conn_setattr(sk, addr, secattr);
648
-
if (rc == 0)
649
-
sksec->nlbl_state = NLBL_CONNLABELED;
650
-
651
-
socket_connect_return:
486
+
rc = selinux_netlbl_socket_connect_locked(sk, addr);
652
487
release_sock(sk);
488
+
653
489
return rc;
654
490
}
+2
-2
security/selinux/netnode.c
+2
-2
security/selinux/netnode.c
···
215
215
goto out;
216
216
switch (family) {
217
217
case PF_INET:
218
-
ret = security_node_sid(PF_INET,
218
+
ret = security_node_sid(&selinux_state, PF_INET,
219
219
addr, sizeof(struct in_addr), sid);
220
220
new->nsec.addr.ipv4 = *(__be32 *)addr;
221
221
break;
222
222
case PF_INET6:
223
-
ret = security_node_sid(PF_INET6,
223
+
ret = security_node_sid(&selinux_state, PF_INET6,
224
224
addr, sizeof(struct in6_addr), sid);
225
225
new->nsec.addr.ipv6 = *(struct in6_addr *)addr;
226
226
break;
+1
-1
security/selinux/netport.c
+1
-1
security/selinux/netport.c
+309
-184
security/selinux/selinuxfs.c
+309
-184
security/selinux/selinuxfs.c
···
19
19
#include <linux/slab.h>
20
20
#include <linux/vmalloc.h>
21
21
#include <linux/fs.h>
22
+
#include <linux/mount.h>
22
23
#include <linux/mutex.h>
23
24
#include <linux/init.h>
24
25
#include <linux/string.h>
···
41
40
#include "security.h"
42
41
#include "objsec.h"
43
42
#include "conditional.h"
44
-
45
-
unsigned int selinux_checkreqprot = CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE;
46
-
47
-
static int __init checkreqprot_setup(char *str)
48
-
{
49
-
unsigned long checkreqprot;
50
-
if (!kstrtoul(str, 0, &checkreqprot))
51
-
selinux_checkreqprot = checkreqprot ? 1 : 0;
52
-
return 1;
53
-
}
54
-
__setup("checkreqprot=", checkreqprot_setup);
55
-
56
-
static DEFINE_MUTEX(sel_mutex);
57
-
58
-
/* global data for booleans */
59
-
static struct dentry *bool_dir;
60
-
static int bool_num;
61
-
static char **bool_pending_names;
62
-
static int *bool_pending_values;
63
-
64
-
/* global data for classes */
65
-
static struct dentry *class_dir;
66
-
static unsigned long last_class_ino;
67
-
68
-
static char policy_opened;
69
-
70
-
/* global data for policy capabilities */
71
-
static struct dentry *policycap_dir;
72
43
73
44
enum sel_inos {
74
45
SEL_ROOT_INO = 2,
···
66
93
SEL_INO_NEXT, /* The next inode number to use */
67
94
};
68
95
69
-
static unsigned long sel_last_ino = SEL_INO_NEXT - 1;
96
+
struct selinux_fs_info {
97
+
struct dentry *bool_dir;
98
+
unsigned int bool_num;
99
+
char **bool_pending_names;
100
+
unsigned int *bool_pending_values;
101
+
struct dentry *class_dir;
102
+
unsigned long last_class_ino;
103
+
bool policy_opened;
104
+
struct dentry *policycap_dir;
105
+
struct mutex mutex;
106
+
unsigned long last_ino;
107
+
struct selinux_state *state;
108
+
struct super_block *sb;
109
+
};
110
+
111
+
static int selinux_fs_info_create(struct super_block *sb)
112
+
{
113
+
struct selinux_fs_info *fsi;
114
+
115
+
fsi = kzalloc(sizeof(*fsi), GFP_KERNEL);
116
+
if (!fsi)
117
+
return -ENOMEM;
118
+
119
+
mutex_init(&fsi->mutex);
120
+
fsi->last_ino = SEL_INO_NEXT - 1;
121
+
fsi->state = &selinux_state;
122
+
fsi->sb = sb;
123
+
sb->s_fs_info = fsi;
124
+
return 0;
125
+
}
126
+
127
+
static void selinux_fs_info_free(struct super_block *sb)
128
+
{
129
+
struct selinux_fs_info *fsi = sb->s_fs_info;
130
+
int i;
131
+
132
+
if (fsi) {
133
+
for (i = 0; i < fsi->bool_num; i++)
134
+
kfree(fsi->bool_pending_names[i]);
135
+
kfree(fsi->bool_pending_names);
136
+
kfree(fsi->bool_pending_values);
137
+
}
138
+
kfree(sb->s_fs_info);
139
+
sb->s_fs_info = NULL;
140
+
}
70
141
71
142
#define SEL_INITCON_INO_OFFSET 0x01000000
72
143
#define SEL_BOOL_INO_OFFSET 0x02000000
···
122
105
static ssize_t sel_read_enforce(struct file *filp, char __user *buf,
123
106
size_t count, loff_t *ppos)
124
107
{
108
+
struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
125
109
char tmpbuf[TMPBUFLEN];
126
110
ssize_t length;
127
111
128
-
length = scnprintf(tmpbuf, TMPBUFLEN, "%d", selinux_enforcing);
112
+
length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
113
+
enforcing_enabled(fsi->state));
129
114
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
130
115
}
131
116
···
136
117
size_t count, loff_t *ppos)
137
118
138
119
{
120
+
struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
121
+
struct selinux_state *state = fsi->state;
139
122
char *page = NULL;
140
123
ssize_t length;
141
-
int new_value;
124
+
int old_value, new_value;
142
125
143
126
if (count >= PAGE_SIZE)
144
127
return -ENOMEM;
···
159
138
160
139
new_value = !!new_value;
161
140
162
-
if (new_value != selinux_enforcing) {
163
-
length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
141
+
old_value = enforcing_enabled(state);
142
+
if (new_value != old_value) {
143
+
length = avc_has_perm(&selinux_state,
144
+
current_sid(), SECINITSID_SECURITY,
164
145
SECCLASS_SECURITY, SECURITY__SETENFORCE,
165
146
NULL);
166
147
if (length)
167
148
goto out;
168
149
audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
169
150
"enforcing=%d old_enforcing=%d auid=%u ses=%u",
170
-
new_value, selinux_enforcing,
151
+
new_value, old_value,
171
152
from_kuid(&init_user_ns, audit_get_loginuid(current)),
172
153
audit_get_sessionid(current));
173
-
selinux_enforcing = new_value;
174
-
if (selinux_enforcing)
175
-
avc_ss_reset(0);
176
-
selnl_notify_setenforce(selinux_enforcing);
177
-
selinux_status_update_setenforce(selinux_enforcing);
178
-
if (!selinux_enforcing)
154
+
enforcing_set(state, new_value);
155
+
if (new_value)
156
+
avc_ss_reset(state->avc, 0);
157
+
selnl_notify_setenforce(new_value);
158
+
selinux_status_update_setenforce(state, new_value);
159
+
if (!new_value)
179
160
call_lsm_notifier(LSM_POLICY_CHANGE, NULL);
180
161
}
181
162
length = count;
···
198
175
static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf,
199
176
size_t count, loff_t *ppos)
200
177
{
178
+
struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
179
+
struct selinux_state *state = fsi->state;
201
180
char tmpbuf[TMPBUFLEN];
202
181
ssize_t length;
203
182
ino_t ino = file_inode(filp)->i_ino;
204
183
int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ?
205
-
security_get_reject_unknown() : !security_get_allow_unknown();
184
+
security_get_reject_unknown(state) :
185
+
!security_get_allow_unknown(state);
206
186
207
187
length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown);
208
188
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
···
218
192
219
193
static int sel_open_handle_status(struct inode *inode, struct file *filp)
220
194
{
221
-
struct page *status = selinux_kernel_status_page();
195
+
struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
196
+
struct page *status = selinux_kernel_status_page(fsi->state);
222
197
223
198
if (!status)
224
199
return -ENOMEM;
···
275
248
size_t count, loff_t *ppos)
276
249
277
250
{
251
+
struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
278
252
char *page;
279
253
ssize_t length;
280
254
int new_value;
···
296
268
goto out;
297
269
298
270
if (new_value) {
299
-
length = selinux_disable();
271
+
length = selinux_disable(fsi->state);
300
272
if (length)
301
273
goto out;
302
274
audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
···
335
307
};
336
308
337
309
/* declaration for sel_write_load */
338
-
static int sel_make_bools(void);
339
-
static int sel_make_classes(void);
340
-
static int sel_make_policycap(void);
310
+
static int sel_make_bools(struct selinux_fs_info *fsi);
311
+
static int sel_make_classes(struct selinux_fs_info *fsi);
312
+
static int sel_make_policycap(struct selinux_fs_info *fsi);
341
313
342
314
/* declaration for sel_make_class_dirs */
343
315
static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
···
346
318
static ssize_t sel_read_mls(struct file *filp, char __user *buf,
347
319
size_t count, loff_t *ppos)
348
320
{
321
+
struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
349
322
char tmpbuf[TMPBUFLEN];
350
323
ssize_t length;
351
324
352
325
length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
353
-
security_mls_enabled());
326
+
security_mls_enabled(fsi->state));
354
327
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
355
328
}
356
329
···
367
338
368
339
static int sel_open_policy(struct inode *inode, struct file *filp)
369
340
{
341
+
struct selinux_fs_info *fsi = inode->i_sb->s_fs_info;
342
+
struct selinux_state *state = fsi->state;
370
343
struct policy_load_memory *plm = NULL;
371
344
int rc;
372
345
373
346
BUG_ON(filp->private_data);
374
347
375
-
mutex_lock(&sel_mutex);
348
+
mutex_lock(&fsi->mutex);
376
349
377
-
rc = avc_has_perm(current_sid(), SECINITSID_SECURITY,
350
+
rc = avc_has_perm(&selinux_state,
351
+
current_sid(), SECINITSID_SECURITY,
378
352
SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL);
379
353
if (rc)
380
354
goto err;
381
355
382
356
rc = -EBUSY;
383
-
if (policy_opened)
357
+
if (fsi->policy_opened)
384
358
goto err;
385
359
386
360
rc = -ENOMEM;
···
391
359
if (!plm)
392
360
goto err;
393
361
394
-
if (i_size_read(inode) != security_policydb_len()) {
362
+
if (i_size_read(inode) != security_policydb_len(state)) {
395
363
inode_lock(inode);
396
-
i_size_write(inode, security_policydb_len());
364
+
i_size_write(inode, security_policydb_len(state));
397
365
inode_unlock(inode);
398
366
}
399
367
400
-
rc = security_read_policy(&plm->data, &plm->len);
368
+
rc = security_read_policy(state, &plm->data, &plm->len);
401
369
if (rc)
402
370
goto err;
403
371
404
-
policy_opened = 1;
372
+
fsi->policy_opened = 1;
405
373
406
374
filp->private_data = plm;
407
375
408
-
mutex_unlock(&sel_mutex);
376
+
mutex_unlock(&fsi->mutex);
409
377
410
378
return 0;
411
379
err:
412
-
mutex_unlock(&sel_mutex);
380
+
mutex_unlock(&fsi->mutex);
413
381
414
382
if (plm)
415
383
vfree(plm->data);
···
419
387
420
388
static int sel_release_policy(struct inode *inode, struct file *filp)
421
389
{
390
+
struct selinux_fs_info *fsi = inode->i_sb->s_fs_info;
422
391
struct policy_load_memory *plm = filp->private_data;
423
392
424
393
BUG_ON(!plm);
425
394
426
-
policy_opened = 0;
395
+
fsi->policy_opened = 0;
427
396
428
397
vfree(plm->data);
429
398
kfree(plm);
···
435
402
static ssize_t sel_read_policy(struct file *filp, char __user *buf,
436
403
size_t count, loff_t *ppos)
437
404
{
405
+
struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
438
406
struct policy_load_memory *plm = filp->private_data;
439
407
int ret;
440
408
441
-
mutex_lock(&sel_mutex);
409
+
mutex_lock(&fsi->mutex);
442
410
443
-
ret = avc_has_perm(current_sid(), SECINITSID_SECURITY,
411
+
ret = avc_has_perm(&selinux_state,
412
+
current_sid(), SECINITSID_SECURITY,
444
413
SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL);
445
414
if (ret)
446
415
goto out;
447
416
448
417
ret = simple_read_from_buffer(buf, count, ppos, plm->data, plm->len);
449
418
out:
450
-
mutex_unlock(&sel_mutex);
419
+
mutex_unlock(&fsi->mutex);
451
420
return ret;
452
421
}
453
422
···
503
468
.llseek = generic_file_llseek,
504
469
};
505
470
471
+
static int sel_make_policy_nodes(struct selinux_fs_info *fsi)
472
+
{
473
+
int ret;
474
+
475
+
ret = sel_make_bools(fsi);
476
+
if (ret) {
477
+
pr_err("SELinux: failed to load policy booleans\n");
478
+
return ret;
479
+
}
480
+
481
+
ret = sel_make_classes(fsi);
482
+
if (ret) {
483
+
pr_err("SELinux: failed to load policy classes\n");
484
+
return ret;
485
+
}
486
+
487
+
ret = sel_make_policycap(fsi);
488
+
if (ret) {
489
+
pr_err("SELinux: failed to load policy capabilities\n");
490
+
return ret;
491
+
}
492
+
493
+
return 0;
494
+
}
495
+
506
496
static ssize_t sel_write_load(struct file *file, const char __user *buf,
507
497
size_t count, loff_t *ppos)
508
498
509
499
{
500
+
struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
510
501
ssize_t length;
511
502
void *data = NULL;
512
503
513
-
mutex_lock(&sel_mutex);
504
+
mutex_lock(&fsi->mutex);
514
505
515
-
length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
506
+
length = avc_has_perm(&selinux_state,
507
+
current_sid(), SECINITSID_SECURITY,
516
508
SECCLASS_SECURITY, SECURITY__LOAD_POLICY, NULL);
517
509
if (length)
518
510
goto out;
···
562
500
if (copy_from_user(data, buf, count) != 0)
563
501
goto out;
564
502
565
-
length = security_load_policy(data, count);
503
+
length = security_load_policy(fsi->state, data, count);
566
504
if (length) {
567
505
pr_warn_ratelimited("SELinux: failed to load policy\n");
568
506
goto out;
569
507
}
570
508
571
-
length = sel_make_bools();
572
-
if (length) {
573
-
pr_err("SELinux: failed to load policy booleans\n");
509
+
length = sel_make_policy_nodes(fsi);
510
+
if (length)
574
511
goto out1;
575
-
}
576
-
577
-
length = sel_make_classes();
578
-
if (length) {
579
-
pr_err("SELinux: failed to load policy classes\n");
580
-
goto out1;
581
-
}
582
-
583
-
length = sel_make_policycap();
584
-
if (length) {
585
-
pr_err("SELinux: failed to load policy capabilities\n");
586
-
goto out1;
587
-
}
588
512
589
513
length = count;
590
514
···
580
532
from_kuid(&init_user_ns, audit_get_loginuid(current)),
581
533
audit_get_sessionid(current));
582
534
out:
583
-
mutex_unlock(&sel_mutex);
535
+
mutex_unlock(&fsi->mutex);
584
536
vfree(data);
585
537
return length;
586
538
}
···
592
544
593
545
static ssize_t sel_write_context(struct file *file, char *buf, size_t size)
594
546
{
547
+
struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
548
+
struct selinux_state *state = fsi->state;
595
549
char *canon = NULL;
596
550
u32 sid, len;
597
551
ssize_t length;
598
552
599
-
length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
553
+
length = avc_has_perm(&selinux_state,
554
+
current_sid(), SECINITSID_SECURITY,
600
555
SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, NULL);
601
556
if (length)
602
557
goto out;
603
558
604
-
length = security_context_to_sid(buf, size, &sid, GFP_KERNEL);
559
+
length = security_context_to_sid(state, buf, size, &sid, GFP_KERNEL);
605
560
if (length)
606
561
goto out;
607
562
608
-
length = security_sid_to_context(sid, &canon, &len);
563
+
length = security_sid_to_context(state, sid, &canon, &len);
609
564
if (length)
610
565
goto out;
611
566
···
629
578
static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf,
630
579
size_t count, loff_t *ppos)
631
580
{
581
+
struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
632
582
char tmpbuf[TMPBUFLEN];
633
583
ssize_t length;
634
584
635
-
length = scnprintf(tmpbuf, TMPBUFLEN, "%u", selinux_checkreqprot);
585
+
length = scnprintf(tmpbuf, TMPBUFLEN, "%u", fsi->state->checkreqprot);
636
586
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
637
587
}
638
588
639
589
static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
640
590
size_t count, loff_t *ppos)
641
591
{
592
+
struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
642
593
char *page;
643
594
ssize_t length;
644
595
unsigned int new_value;
645
596
646
-
length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
597
+
length = avc_has_perm(&selinux_state,
598
+
current_sid(), SECINITSID_SECURITY,
647
599
SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT,
648
600
NULL);
649
601
if (length)
···
667
613
if (sscanf(page, "%u", &new_value) != 1)
668
614
goto out;
669
615
670
-
selinux_checkreqprot = new_value ? 1 : 0;
616
+
fsi->state->checkreqprot = new_value ? 1 : 0;
671
617
length = count;
672
618
out:
673
619
kfree(page);
···
683
629
const char __user *buf,
684
630
size_t count, loff_t *ppos)
685
631
{
632
+
struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
633
+
struct selinux_state *state = fsi->state;
686
634
char *oldcon = NULL, *newcon = NULL, *taskcon = NULL;
687
635
char *req = NULL;
688
636
u32 osid, nsid, tsid;
689
637
u16 tclass;
690
638
int rc;
691
639
692
-
rc = avc_has_perm(current_sid(), SECINITSID_SECURITY,
640
+
rc = avc_has_perm(&selinux_state,
641
+
current_sid(), SECINITSID_SECURITY,
693
642
SECCLASS_SECURITY, SECURITY__VALIDATE_TRANS, NULL);
694
643
if (rc)
695
644
goto out;
···
730
673
if (sscanf(req, "%s %s %hu %s", oldcon, newcon, &tclass, taskcon) != 4)
731
674
goto out;
732
675
733
-
rc = security_context_str_to_sid(oldcon, &osid, GFP_KERNEL);
676
+
rc = security_context_str_to_sid(state, oldcon, &osid, GFP_KERNEL);
734
677
if (rc)
735
678
goto out;
736
679
737
-
rc = security_context_str_to_sid(newcon, &nsid, GFP_KERNEL);
680
+
rc = security_context_str_to_sid(state, newcon, &nsid, GFP_KERNEL);
738
681
if (rc)
739
682
goto out;
740
683
741
-
rc = security_context_str_to_sid(taskcon, &tsid, GFP_KERNEL);
684
+
rc = security_context_str_to_sid(state, taskcon, &tsid, GFP_KERNEL);
742
685
if (rc)
743
686
goto out;
744
687
745
-
rc = security_validate_transition_user(osid, nsid, tsid, tclass);
688
+
rc = security_validate_transition_user(state, osid, nsid, tsid, tclass);
746
689
if (!rc)
747
690
rc = count;
748
691
out:
···
812
755
813
756
static ssize_t sel_write_access(struct file *file, char *buf, size_t size)
814
757
{
758
+
struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
759
+
struct selinux_state *state = fsi->state;
815
760
char *scon = NULL, *tcon = NULL;
816
761
u32 ssid, tsid;
817
762
u16 tclass;
818
763
struct av_decision avd;
819
764
ssize_t length;
820
765
821
-
length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
766
+
length = avc_has_perm(&selinux_state,
767
+
current_sid(), SECINITSID_SECURITY,
822
768
SECCLASS_SECURITY, SECURITY__COMPUTE_AV, NULL);
823
769
if (length)
824
770
goto out;
···
840
780
if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
841
781
goto out;
842
782
843
-
length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
783
+
length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL);
844
784
if (length)
845
785
goto out;
846
786
847
-
length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
787
+
length = security_context_str_to_sid(state, tcon, &tsid, GFP_KERNEL);
848
788
if (length)
849
789
goto out;
850
790
851
-
security_compute_av_user(ssid, tsid, tclass, &avd);
791
+
security_compute_av_user(state, ssid, tsid, tclass, &avd);
852
792
853
793
length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT,
854
794
"%x %x %x %x %u %x",
···
863
803
864
804
static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
865
805
{
806
+
struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
807
+
struct selinux_state *state = fsi->state;
866
808
char *scon = NULL, *tcon = NULL;
867
809
char *namebuf = NULL, *objname = NULL;
868
810
u32 ssid, tsid, newsid;
···
874
812
u32 len;
875
813
int nargs;
876
814
877
-
length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
815
+
length = avc_has_perm(&selinux_state,
816
+
current_sid(), SECINITSID_SECURITY,
878
817
SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE,
879
818
NULL);
880
819
if (length)
···
931
868
objname = namebuf;
932
869
}
933
870
934
-
length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
871
+
length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL);
935
872
if (length)
936
873
goto out;
937
874
938
-
length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
875
+
length = security_context_str_to_sid(state, tcon, &tsid, GFP_KERNEL);
939
876
if (length)
940
877
goto out;
941
878
942
-
length = security_transition_sid_user(ssid, tsid, tclass,
879
+
length = security_transition_sid_user(state, ssid, tsid, tclass,
943
880
objname, &newsid);
944
881
if (length)
945
882
goto out;
946
883
947
-
length = security_sid_to_context(newsid, &newcon, &len);
884
+
length = security_sid_to_context(state, newsid, &newcon, &len);
948
885
if (length)
949
886
goto out;
950
887
···
967
904
968
905
static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size)
969
906
{
907
+
struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
908
+
struct selinux_state *state = fsi->state;
970
909
char *scon = NULL, *tcon = NULL;
971
910
u32 ssid, tsid, newsid;
972
911
u16 tclass;
···
976
911
char *newcon = NULL;
977
912
u32 len;
978
913
979
-
length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
914
+
length = avc_has_perm(&selinux_state,
915
+
current_sid(), SECINITSID_SECURITY,
980
916
SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL,
981
917
NULL);
982
918
if (length)
···
997
931
if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
998
932
goto out;
999
933
1000
-
length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
934
+
length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL);
1001
935
if (length)
1002
936
goto out;
1003
937
1004
-
length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
938
+
length = security_context_str_to_sid(state, tcon, &tsid, GFP_KERNEL);
1005
939
if (length)
1006
940
goto out;
1007
941
1008
-
length = security_change_sid(ssid, tsid, tclass, &newsid);
942
+
length = security_change_sid(state, ssid, tsid, tclass, &newsid);
1009
943
if (length)
1010
944
goto out;
1011
945
1012
-
length = security_sid_to_context(newsid, &newcon, &len);
946
+
length = security_sid_to_context(state, newsid, &newcon, &len);
1013
947
if (length)
1014
948
goto out;
1015
949
···
1028
962
1029
963
static ssize_t sel_write_user(struct file *file, char *buf, size_t size)
1030
964
{
965
+
struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
966
+
struct selinux_state *state = fsi->state;
1031
967
char *con = NULL, *user = NULL, *ptr;
1032
968
u32 sid, *sids = NULL;
1033
969
ssize_t length;
···
1037
969
int i, rc;
1038
970
u32 len, nsids;
1039
971
1040
-
length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
972
+
length = avc_has_perm(&selinux_state,
973
+
current_sid(), SECINITSID_SECURITY,
1041
974
SECCLASS_SECURITY, SECURITY__COMPUTE_USER,
1042
975
NULL);
1043
976
if (length)
···
1058
989
if (sscanf(buf, "%s %s", con, user) != 2)
1059
990
goto out;
1060
991
1061
-
length = security_context_str_to_sid(con, &sid, GFP_KERNEL);
992
+
length = security_context_str_to_sid(state, con, &sid, GFP_KERNEL);
1062
993
if (length)
1063
994
goto out;
1064
995
1065
-
length = security_get_user_sids(sid, user, &sids, &nsids);
996
+
length = security_get_user_sids(state, sid, user, &sids, &nsids);
1066
997
if (length)
1067
998
goto out;
1068
999
1069
1000
length = sprintf(buf, "%u", nsids) + 1;
1070
1001
ptr = buf + length;
1071
1002
for (i = 0; i < nsids; i++) {
1072
-
rc = security_sid_to_context(sids[i], &newcon, &len);
1003
+
rc = security_sid_to_context(state, sids[i], &newcon, &len);
1073
1004
if (rc) {
1074
1005
length = rc;
1075
1006
goto out;
···
1093
1024
1094
1025
static ssize_t sel_write_member(struct file *file, char *buf, size_t size)
1095
1026
{
1027
+
struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
1028
+
struct selinux_state *state = fsi->state;
1096
1029
char *scon = NULL, *tcon = NULL;
1097
1030
u32 ssid, tsid, newsid;
1098
1031
u16 tclass;
···
1102
1031
char *newcon = NULL;
1103
1032
u32 len;
1104
1033
1105
-
length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1034
+
length = avc_has_perm(&selinux_state,
1035
+
current_sid(), SECINITSID_SECURITY,
1106
1036
SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER,
1107
1037
NULL);
1108
1038
if (length)
···
1123
1051
if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
1124
1052
goto out;
1125
1053
1126
-
length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
1054
+
length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL);
1127
1055
if (length)
1128
1056
goto out;
1129
1057
1130
-
length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
1058
+
length = security_context_str_to_sid(state, tcon, &tsid, GFP_KERNEL);
1131
1059
if (length)
1132
1060
goto out;
1133
1061
1134
-
length = security_member_sid(ssid, tsid, tclass, &newsid);
1062
+
length = security_member_sid(state, ssid, tsid, tclass, &newsid);
1135
1063
if (length)
1136
1064
goto out;
1137
1065
1138
-
length = security_sid_to_context(newsid, &newcon, &len);
1066
+
length = security_sid_to_context(state, newsid, &newcon, &len);
1139
1067
if (length)
1140
1068
goto out;
1141
1069
···
1169
1097
static ssize_t sel_read_bool(struct file *filep, char __user *buf,
1170
1098
size_t count, loff_t *ppos)
1171
1099
{
1100
+
struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info;
1172
1101
char *page = NULL;
1173
1102
ssize_t length;
1174
1103
ssize_t ret;
···
1177
1104
unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
1178
1105
const char *name = filep->f_path.dentry->d_name.name;
1179
1106
1180
-
mutex_lock(&sel_mutex);
1107
+
mutex_lock(&fsi->mutex);
1181
1108
1182
1109
ret = -EINVAL;
1183
-
if (index >= bool_num || strcmp(name, bool_pending_names[index]))
1110
+
if (index >= fsi->bool_num || strcmp(name,
1111
+
fsi->bool_pending_names[index]))
1184
1112
goto out;
1185
1113
1186
1114
ret = -ENOMEM;
···
1189
1115
if (!page)
1190
1116
goto out;
1191
1117
1192
-
cur_enforcing = security_get_bool_value(index);
1118
+
cur_enforcing = security_get_bool_value(fsi->state, index);
1193
1119
if (cur_enforcing < 0) {
1194
1120
ret = cur_enforcing;
1195
1121
goto out;
1196
1122
}
1197
1123
length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing,
1198
-
bool_pending_values[index]);
1124
+
fsi->bool_pending_values[index]);
1199
1125
ret = simple_read_from_buffer(buf, count, ppos, page, length);
1200
1126
out:
1201
-
mutex_unlock(&sel_mutex);
1127
+
mutex_unlock(&fsi->mutex);
1202
1128
free_page((unsigned long)page);
1203
1129
return ret;
1204
1130
}
···
1206
1132
static ssize_t sel_write_bool(struct file *filep, const char __user *buf,
1207
1133
size_t count, loff_t *ppos)
1208
1134
{
1135
+
struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info;
1209
1136
char *page = NULL;
1210
1137
ssize_t length;
1211
1138
int new_value;
1212
1139
unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
1213
1140
const char *name = filep->f_path.dentry->d_name.name;
1214
1141
1215
-
mutex_lock(&sel_mutex);
1142
+
mutex_lock(&fsi->mutex);
1216
1143
1217
-
length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1144
+
length = avc_has_perm(&selinux_state,
1145
+
current_sid(), SECINITSID_SECURITY,
1218
1146
SECCLASS_SECURITY, SECURITY__SETBOOL,
1219
1147
NULL);
1220
1148
if (length)
1221
1149
goto out;
1222
1150
1223
1151
length = -EINVAL;
1224
-
if (index >= bool_num || strcmp(name, bool_pending_names[index]))
1152
+
if (index >= fsi->bool_num || strcmp(name,
1153
+
fsi->bool_pending_names[index]))
1225
1154
goto out;
1226
1155
1227
1156
length = -ENOMEM;
···
1250
1173
if (new_value)
1251
1174
new_value = 1;
1252
1175
1253
-
bool_pending_values[index] = new_value;
1176
+
fsi->bool_pending_values[index] = new_value;
1254
1177
length = count;
1255
1178
1256
1179
out:
1257
-
mutex_unlock(&sel_mutex);
1180
+
mutex_unlock(&fsi->mutex);
1258
1181
kfree(page);
1259
1182
return length;
1260
1183
}
···
1269
1192
const char __user *buf,
1270
1193
size_t count, loff_t *ppos)
1271
1194
{
1195
+
struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info;
1272
1196
char *page = NULL;
1273
1197
ssize_t length;
1274
1198
int new_value;
1275
1199
1276
-
mutex_lock(&sel_mutex);
1200
+
mutex_lock(&fsi->mutex);
1277
1201
1278
-
length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1202
+
length = avc_has_perm(&selinux_state,
1203
+
current_sid(), SECINITSID_SECURITY,
1279
1204
SECCLASS_SECURITY, SECURITY__SETBOOL,
1280
1205
NULL);
1281
1206
if (length)
···
1304
1225
goto out;
1305
1226
1306
1227
length = 0;
1307
-
if (new_value && bool_pending_values)
1308
-
length = security_set_bools(bool_num, bool_pending_values);
1228
+
if (new_value && fsi->bool_pending_values)
1229
+
length = security_set_bools(fsi->state, fsi->bool_num,
1230
+
fsi->bool_pending_values);
1309
1231
1310
1232
if (!length)
1311
1233
length = count;
1312
1234
1313
1235
out:
1314
-
mutex_unlock(&sel_mutex);
1236
+
mutex_unlock(&fsi->mutex);
1315
1237
kfree(page);
1316
1238
return length;
1317
1239
}
···
1330
1250
1331
1251
#define BOOL_DIR_NAME "booleans"
1332
1252
1333
-
static int sel_make_bools(void)
1253
+
static int sel_make_bools(struct selinux_fs_info *fsi)
1334
1254
{
1335
1255
int i, ret;
1336
1256
ssize_t len;
1337
1257
struct dentry *dentry = NULL;
1338
-
struct dentry *dir = bool_dir;
1258
+
struct dentry *dir = fsi->bool_dir;
1339
1259
struct inode *inode = NULL;
1340
1260
struct inode_security_struct *isec;
1341
1261
char **names = NULL, *page;
···
1344
1264
u32 sid;
1345
1265
1346
1266
/* remove any existing files */
1347
-
for (i = 0; i < bool_num; i++)
1348
-
kfree(bool_pending_names[i]);
1349
-
kfree(bool_pending_names);
1350
-
kfree(bool_pending_values);
1351
-
bool_num = 0;
1352
-
bool_pending_names = NULL;
1353
-
bool_pending_values = NULL;
1267
+
for (i = 0; i < fsi->bool_num; i++)
1268
+
kfree(fsi->bool_pending_names[i]);
1269
+
kfree(fsi->bool_pending_names);
1270
+
kfree(fsi->bool_pending_values);
1271
+
fsi->bool_num = 0;
1272
+
fsi->bool_pending_names = NULL;
1273
+
fsi->bool_pending_values = NULL;
1354
1274
1355
1275
sel_remove_entries(dir);
1356
1276
···
1359
1279
if (!page)
1360
1280
goto out;
1361
1281
1362
-
ret = security_get_bools(&num, &names, &values);
1282
+
ret = security_get_bools(fsi->state, &num, &names, &values);
1363
1283
if (ret)
1364
1284
goto out;
1365
1285
···
1380
1300
goto out;
1381
1301
1382
1302
isec = (struct inode_security_struct *)inode->i_security;
1383
-
ret = security_genfs_sid("selinuxfs", page, SECCLASS_FILE, &sid);
1303
+
ret = security_genfs_sid(fsi->state, "selinuxfs", page,
1304
+
SECCLASS_FILE, &sid);
1384
1305
if (ret) {
1385
1306
pr_warn_ratelimited("SELinux: no sid found, defaulting to security isid for %s\n",
1386
1307
page);
···
1394
1313
inode->i_ino = i|SEL_BOOL_INO_OFFSET;
1395
1314
d_add(dentry, inode);
1396
1315
}
1397
-
bool_num = num;
1398
-
bool_pending_names = names;
1399
-
bool_pending_values = values;
1316
+
fsi->bool_num = num;
1317
+
fsi->bool_pending_names = names;
1318
+
fsi->bool_pending_values = values;
1400
1319
1401
1320
free_page((unsigned long)page);
1402
1321
return 0;
···
1414
1333
return ret;
1415
1334
}
1416
1335
1417
-
#define NULL_FILE_NAME "null"
1418
-
1419
-
struct path selinux_null;
1420
-
1421
1336
static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf,
1422
1337
size_t count, loff_t *ppos)
1423
1338
{
1339
+
struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
1340
+
struct selinux_state *state = fsi->state;
1424
1341
char tmpbuf[TMPBUFLEN];
1425
1342
ssize_t length;
1426
1343
1427
-
length = scnprintf(tmpbuf, TMPBUFLEN, "%u", avc_cache_threshold);
1344
+
length = scnprintf(tmpbuf, TMPBUFLEN, "%u",
1345
+
avc_get_cache_threshold(state->avc));
1428
1346
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
1429
1347
}
1430
1348
···
1432
1352
size_t count, loff_t *ppos)
1433
1353
1434
1354
{
1355
+
struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
1356
+
struct selinux_state *state = fsi->state;
1435
1357
char *page;
1436
1358
ssize_t ret;
1437
1359
unsigned int new_value;
1438
1360
1439
-
ret = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1361
+
ret = avc_has_perm(&selinux_state,
1362
+
current_sid(), SECINITSID_SECURITY,
1440
1363
SECCLASS_SECURITY, SECURITY__SETSECPARAM,
1441
1364
NULL);
1442
1365
if (ret)
···
1460
1377
if (sscanf(page, "%u", &new_value) != 1)
1461
1378
goto out;
1462
1379
1463
-
avc_cache_threshold = new_value;
1380
+
avc_set_cache_threshold(state->avc, new_value);
1464
1381
1465
1382
ret = count;
1466
1383
out:
···
1471
1388
static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf,
1472
1389
size_t count, loff_t *ppos)
1473
1390
{
1391
+
struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
1392
+
struct selinux_state *state = fsi->state;
1474
1393
char *page;
1475
1394
ssize_t length;
1476
1395
···
1480
1395
if (!page)
1481
1396
return -ENOMEM;
1482
1397
1483
-
length = avc_get_hash_stats(page);
1398
+
length = avc_get_hash_stats(state->avc, page);
1484
1399
if (length >= 0)
1485
1400
length = simple_read_from_buffer(buf, count, ppos, page, length);
1486
1401
free_page((unsigned long)page);
···
1571
1486
1572
1487
static int sel_make_avc_files(struct dentry *dir)
1573
1488
{
1489
+
struct super_block *sb = dir->d_sb;
1490
+
struct selinux_fs_info *fsi = sb->s_fs_info;
1574
1491
int i;
1575
1492
static const struct tree_descr files[] = {
1576
1493
{ "cache_threshold",
···
1596
1509
return -ENOMEM;
1597
1510
1598
1511
inode->i_fop = files[i].ops;
1599
-
inode->i_ino = ++sel_last_ino;
1512
+
inode->i_ino = ++fsi->last_ino;
1600
1513
d_add(dentry, inode);
1601
1514
}
1602
1515
···
1606
1519
static ssize_t sel_read_initcon(struct file *file, char __user *buf,
1607
1520
size_t count, loff_t *ppos)
1608
1521
{
1522
+
struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
1609
1523
char *con;
1610
1524
u32 sid, len;
1611
1525
ssize_t ret;
1612
1526
1613
1527
sid = file_inode(file)->i_ino&SEL_INO_MASK;
1614
-
ret = security_sid_to_context(sid, &con, &len);
1528
+
ret = security_sid_to_context(fsi->state, sid, &con, &len);
1615
1529
if (ret)
1616
1530
return ret;
1617
1531
···
1700
1612
static ssize_t sel_read_policycap(struct file *file, char __user *buf,
1701
1613
size_t count, loff_t *ppos)
1702
1614
{
1615
+
struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info;
1703
1616
int value;
1704
1617
char tmpbuf[TMPBUFLEN];
1705
1618
ssize_t length;
1706
1619
unsigned long i_ino = file_inode(file)->i_ino;
1707
1620
1708
-
value = security_policycap_supported(i_ino & SEL_INO_MASK);
1621
+
value = security_policycap_supported(fsi->state, i_ino & SEL_INO_MASK);
1709
1622
length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value);
1710
1623
1711
1624
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
···
1720
1631
static int sel_make_perm_files(char *objclass, int classvalue,
1721
1632
struct dentry *dir)
1722
1633
{
1634
+
struct selinux_fs_info *fsi = dir->d_sb->s_fs_info;
1723
1635
int i, rc, nperms;
1724
1636
char **perms;
1725
1637
1726
-
rc = security_get_permissions(objclass, &perms, &nperms);
1638
+
rc = security_get_permissions(fsi->state, objclass, &perms, &nperms);
1727
1639
if (rc)
1728
1640
return rc;
1729
1641
···
1758
1668
static int sel_make_class_dir_entries(char *classname, int index,
1759
1669
struct dentry *dir)
1760
1670
{
1671
+
struct super_block *sb = dir->d_sb;
1672
+
struct selinux_fs_info *fsi = sb->s_fs_info;
1761
1673
struct dentry *dentry = NULL;
1762
1674
struct inode *inode = NULL;
1763
1675
int rc;
···
1776
1684
inode->i_ino = sel_class_to_ino(index);
1777
1685
d_add(dentry, inode);
1778
1686
1779
-
dentry = sel_make_dir(dir, "perms", &last_class_ino);
1687
+
dentry = sel_make_dir(dir, "perms", &fsi->last_class_ino);
1780
1688
if (IS_ERR(dentry))
1781
1689
return PTR_ERR(dentry);
1782
1690
···
1785
1693
return rc;
1786
1694
}
1787
1695
1788
-
static int sel_make_classes(void)
1696
+
static int sel_make_classes(struct selinux_fs_info *fsi)
1789
1697
{
1698
+
1790
1699
int rc, nclasses, i;
1791
1700
char **classes;
1792
1701
1793
1702
/* delete any existing entries */
1794
-
sel_remove_entries(class_dir);
1703
+
sel_remove_entries(fsi->class_dir);
1795
1704
1796
-
rc = security_get_classes(&classes, &nclasses);
1705
+
rc = security_get_classes(fsi->state, &classes, &nclasses);
1797
1706
if (rc)
1798
1707
return rc;
1799
1708
1800
1709
/* +2 since classes are 1-indexed */
1801
-
last_class_ino = sel_class_to_ino(nclasses + 2);
1710
+
fsi->last_class_ino = sel_class_to_ino(nclasses + 2);
1802
1711
1803
1712
for (i = 0; i < nclasses; i++) {
1804
1713
struct dentry *class_name_dir;
1805
1714
1806
-
class_name_dir = sel_make_dir(class_dir, classes[i],
1807
-
&last_class_ino);
1715
+
class_name_dir = sel_make_dir(fsi->class_dir, classes[i],
1716
+
&fsi->last_class_ino);
1808
1717
if (IS_ERR(class_name_dir)) {
1809
1718
rc = PTR_ERR(class_name_dir);
1810
1719
goto out;
···
1825
1732
return rc;
1826
1733
}
1827
1734
1828
-
static int sel_make_policycap(void)
1735
+
static int sel_make_policycap(struct selinux_fs_info *fsi)
1829
1736
{
1830
1737
unsigned int iter;
1831
1738
struct dentry *dentry = NULL;
1832
1739
struct inode *inode = NULL;
1833
1740
1834
-
sel_remove_entries(policycap_dir);
1741
+
sel_remove_entries(fsi->policycap_dir);
1835
1742
1836
1743
for (iter = 0; iter <= POLICYDB_CAPABILITY_MAX; iter++) {
1837
1744
if (iter < ARRAY_SIZE(selinux_policycap_names))
1838
-
dentry = d_alloc_name(policycap_dir,
1745
+
dentry = d_alloc_name(fsi->policycap_dir,
1839
1746
selinux_policycap_names[iter]);
1840
1747
else
1841
-
dentry = d_alloc_name(policycap_dir, "unknown");
1748
+
dentry = d_alloc_name(fsi->policycap_dir, "unknown");
1842
1749
1843
1750
if (dentry == NULL)
1844
1751
return -ENOMEM;
1845
1752
1846
-
inode = sel_make_inode(policycap_dir->d_sb, S_IFREG | S_IRUGO);
1753
+
inode = sel_make_inode(fsi->sb, S_IFREG | 0444);
1847
1754
if (inode == NULL)
1848
1755
return -ENOMEM;
1849
1756
···
1882
1789
return dentry;
1883
1790
}
1884
1791
1792
+
#define NULL_FILE_NAME "null"
1793
+
1885
1794
static int sel_fill_super(struct super_block *sb, void *data, int silent)
1886
1795
{
1796
+
struct selinux_fs_info *fsi;
1887
1797
int ret;
1888
1798
struct dentry *dentry;
1889
1799
struct inode *inode;
···
1914
1818
S_IWUGO},
1915
1819
/* last one */ {""}
1916
1820
};
1821
+
1822
+
ret = selinux_fs_info_create(sb);
1823
+
if (ret)
1824
+
goto err;
1825
+
1917
1826
ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);
1918
1827
if (ret)
1919
1828
goto err;
1920
1829
1921
-
bool_dir = sel_make_dir(sb->s_root, BOOL_DIR_NAME, &sel_last_ino);
1922
-
if (IS_ERR(bool_dir)) {
1923
-
ret = PTR_ERR(bool_dir);
1924
-
bool_dir = NULL;
1830
+
fsi = sb->s_fs_info;
1831
+
fsi->bool_dir = sel_make_dir(sb->s_root, BOOL_DIR_NAME, &fsi->last_ino);
1832
+
if (IS_ERR(fsi->bool_dir)) {
1833
+
ret = PTR_ERR(fsi->bool_dir);
1834
+
fsi->bool_dir = NULL;
1925
1835
goto err;
1926
1836
}
1927
1837
···
1941
1839
if (!inode)
1942
1840
goto err;
1943
1841
1944
-
inode->i_ino = ++sel_last_ino;
1842
+
inode->i_ino = ++fsi->last_ino;
1945
1843
isec = (struct inode_security_struct *)inode->i_security;
1946
1844
isec->sid = SECINITSID_DEVNULL;
1947
1845
isec->sclass = SECCLASS_CHR_FILE;
···
1949
1847
1950
1848
init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3));
1951
1849
d_add(dentry, inode);
1952
-
selinux_null.dentry = dentry;
1953
1850
1954
-
dentry = sel_make_dir(sb->s_root, "avc", &sel_last_ino);
1851
+
dentry = sel_make_dir(sb->s_root, "avc", &fsi->last_ino);
1955
1852
if (IS_ERR(dentry)) {
1956
1853
ret = PTR_ERR(dentry);
1957
1854
goto err;
···
1960
1859
if (ret)
1961
1860
goto err;
1962
1861
1963
-
dentry = sel_make_dir(sb->s_root, "initial_contexts", &sel_last_ino);
1862
+
dentry = sel_make_dir(sb->s_root, "initial_contexts", &fsi->last_ino);
1964
1863
if (IS_ERR(dentry)) {
1965
1864
ret = PTR_ERR(dentry);
1966
1865
goto err;
···
1970
1869
if (ret)
1971
1870
goto err;
1972
1871
1973
-
class_dir = sel_make_dir(sb->s_root, "class", &sel_last_ino);
1974
-
if (IS_ERR(class_dir)) {
1975
-
ret = PTR_ERR(class_dir);
1976
-
class_dir = NULL;
1872
+
fsi->class_dir = sel_make_dir(sb->s_root, "class", &fsi->last_ino);
1873
+
if (IS_ERR(fsi->class_dir)) {
1874
+
ret = PTR_ERR(fsi->class_dir);
1875
+
fsi->class_dir = NULL;
1977
1876
goto err;
1978
1877
}
1979
1878
1980
-
policycap_dir = sel_make_dir(sb->s_root, "policy_capabilities", &sel_last_ino);
1981
-
if (IS_ERR(policycap_dir)) {
1982
-
ret = PTR_ERR(policycap_dir);
1983
-
policycap_dir = NULL;
1879
+
fsi->policycap_dir = sel_make_dir(sb->s_root, "policy_capabilities",
1880
+
&fsi->last_ino);
1881
+
if (IS_ERR(fsi->policycap_dir)) {
1882
+
ret = PTR_ERR(fsi->policycap_dir);
1883
+
fsi->policycap_dir = NULL;
1984
1884
goto err;
1985
1885
}
1886
+
1887
+
ret = sel_make_policy_nodes(fsi);
1888
+
if (ret)
1889
+
goto err;
1986
1890
return 0;
1987
1891
err:
1988
1892
printk(KERN_ERR "SELinux: %s: failed while creating inodes\n",
1989
1893
__func__);
1894
+
1895
+
selinux_fs_info_free(sb);
1896
+
1990
1897
return ret;
1991
1898
}
1992
1899
···
2004
1895
return mount_single(fs_type, flags, data, sel_fill_super);
2005
1896
}
2006
1897
1898
+
static void sel_kill_sb(struct super_block *sb)
1899
+
{
1900
+
selinux_fs_info_free(sb);
1901
+
kill_litter_super(sb);
1902
+
}
1903
+
2007
1904
static struct file_system_type sel_fs_type = {
2008
1905
.name = "selinuxfs",
2009
1906
.mount = sel_mount,
2010
-
.kill_sb = kill_litter_super,
1907
+
.kill_sb = sel_kill_sb,
2011
1908
};
2012
1909
2013
1910
struct vfsmount *selinuxfs_mount;
1911
+
struct path selinux_null;
2014
1912
2015
1913
static int __init init_sel_fs(void)
2016
1914
{
1915
+
struct qstr null_name = QSTR_INIT(NULL_FILE_NAME,
1916
+
sizeof(NULL_FILE_NAME)-1);
2017
1917
int err;
2018
1918
2019
1919
if (!selinux_enabled)
···
2043
1925
printk(KERN_ERR "selinuxfs: could not mount!\n");
2044
1926
err = PTR_ERR(selinuxfs_mount);
2045
1927
selinuxfs_mount = NULL;
1928
+
}
1929
+
selinux_null.dentry = d_hash_and_lookup(selinux_null.mnt->mnt_root,
1930
+
&null_name);
1931
+
if (IS_ERR(selinux_null.dentry)) {
1932
+
pr_err("selinuxfs: could not lookup null!\n");
1933
+
err = PTR_ERR(selinux_null.dentry);
1934
+
selinux_null.dentry = NULL;
2046
1935
}
2047
1936
2048
1937
return err;
+2
-7
security/selinux/ss/avtab.c
+2
-7
security/selinux/ss/avtab.c
···
655
655
656
656
return rc;
657
657
}
658
-
void avtab_cache_init(void)
658
+
659
+
void __init avtab_cache_init(void)
659
660
{
660
661
avtab_node_cachep = kmem_cache_create("avtab_node",
661
662
sizeof(struct avtab_node),
···
664
663
avtab_xperms_cachep = kmem_cache_create("avtab_extended_perms",
665
664
sizeof(struct avtab_extended_perms),
666
665
0, SLAB_PANIC, NULL);
667
-
}
668
-
669
-
void avtab_cache_destroy(void)
670
-
{
671
-
kmem_cache_destroy(avtab_node_cachep);
672
-
kmem_cache_destroy(avtab_xperms_cachep);
673
666
}
-3
security/selinux/ss/avtab.h
-3
security/selinux/ss/avtab.h
···
114
114
115
115
struct avtab_node *avtab_search_node_next(struct avtab_node *node, int specified);
116
116
117
-
void avtab_cache_init(void);
118
-
void avtab_cache_destroy(void);
119
-
120
117
#define MAX_AVTAB_HASH_BITS 16
121
118
#define MAX_AVTAB_HASH_BUCKETS (1 << MAX_AVTAB_HASH_BITS)
122
119
+1
-6
security/selinux/ss/ebitmap.c
+1
-6
security/selinux/ss/ebitmap.c
···
523
523
return 0;
524
524
}
525
525
526
-
void ebitmap_cache_init(void)
526
+
void __init ebitmap_cache_init(void)
527
527
{
528
528
ebitmap_node_cachep = kmem_cache_create("ebitmap_node",
529
529
sizeof(struct ebitmap_node),
530
530
0, SLAB_PANIC, NULL);
531
-
}
532
-
533
-
void ebitmap_cache_destroy(void)
534
-
{
535
-
kmem_cache_destroy(ebitmap_node_cachep);
536
531
}
-3
security/selinux/ss/ebitmap.h
-3
security/selinux/ss/ebitmap.h
···
131
131
int ebitmap_read(struct ebitmap *e, void *fp);
132
132
int ebitmap_write(struct ebitmap *e, void *fp);
133
133
134
-
void ebitmap_cache_init(void);
135
-
void ebitmap_cache_destroy(void);
136
-
137
134
#ifdef CONFIG_NETLABEL
138
135
int ebitmap_netlbl_export(struct ebitmap *ebmap,
139
136
struct netlbl_lsm_catmap **catmap);
+2
-6
security/selinux/ss/hashtab.c
+2
-6
security/selinux/ss/hashtab.c
···
169
169
info->slots_used = slots_used;
170
170
info->max_chain_len = max_chain_len;
171
171
}
172
-
void hashtab_cache_init(void)
172
+
173
+
void __init hashtab_cache_init(void)
173
174
{
174
175
hashtab_node_cachep = kmem_cache_create("hashtab_node",
175
176
sizeof(struct hashtab_node),
176
177
0, SLAB_PANIC, NULL);
177
-
}
178
-
179
-
void hashtab_cache_destroy(void)
180
-
{
181
-
kmem_cache_destroy(hashtab_node_cachep);
182
178
}
-4
security/selinux/ss/hashtab.h
-4
security/selinux/ss/hashtab.h
+40
-32
security/selinux/ss/mls.c
+40
-32
security/selinux/ss/mls.c
···
33
33
* Return the length in bytes for the MLS fields of the
34
34
* security context string representation of `context'.
35
35
*/
36
-
int mls_compute_context_len(struct context *context)
36
+
int mls_compute_context_len(struct policydb *p, struct context *context)
37
37
{
38
38
int i, l, len, head, prev;
39
39
char *nm;
40
40
struct ebitmap *e;
41
41
struct ebitmap_node *node;
42
42
43
-
if (!policydb.mls_enabled)
43
+
if (!p->mls_enabled)
44
44
return 0;
45
45
46
46
len = 1; /* for the beginning ":" */
47
47
for (l = 0; l < 2; l++) {
48
48
int index_sens = context->range.level[l].sens;
49
-
len += strlen(sym_name(&policydb, SYM_LEVELS, index_sens - 1));
49
+
len += strlen(sym_name(p, SYM_LEVELS, index_sens - 1));
50
50
51
51
/* categories */
52
52
head = -2;
···
56
56
if (i - prev > 1) {
57
57
/* one or more negative bits are skipped */
58
58
if (head != prev) {
59
-
nm = sym_name(&policydb, SYM_CATS, prev);
59
+
nm = sym_name(p, SYM_CATS, prev);
60
60
len += strlen(nm) + 1;
61
61
}
62
-
nm = sym_name(&policydb, SYM_CATS, i);
62
+
nm = sym_name(p, SYM_CATS, i);
63
63
len += strlen(nm) + 1;
64
64
head = i;
65
65
}
66
66
prev = i;
67
67
}
68
68
if (prev != head) {
69
-
nm = sym_name(&policydb, SYM_CATS, prev);
69
+
nm = sym_name(p, SYM_CATS, prev);
70
70
len += strlen(nm) + 1;
71
71
}
72
72
if (l == 0) {
···
86
86
* the MLS fields of `context' into the string `*scontext'.
87
87
* Update `*scontext' to point to the end of the MLS fields.
88
88
*/
89
-
void mls_sid_to_context(struct context *context,
89
+
void mls_sid_to_context(struct policydb *p,
90
+
struct context *context,
90
91
char **scontext)
91
92
{
92
93
char *scontextp, *nm;
···
95
94
struct ebitmap *e;
96
95
struct ebitmap_node *node;
97
96
98
-
if (!policydb.mls_enabled)
97
+
if (!p->mls_enabled)
99
98
return;
100
99
101
100
scontextp = *scontext;
···
104
103
scontextp++;
105
104
106
105
for (l = 0; l < 2; l++) {
107
-
strcpy(scontextp, sym_name(&policydb, SYM_LEVELS,
106
+
strcpy(scontextp, sym_name(p, SYM_LEVELS,
108
107
context->range.level[l].sens - 1));
109
108
scontextp += strlen(scontextp);
110
109
···
120
119
*scontextp++ = '.';
121
120
else
122
121
*scontextp++ = ',';
123
-
nm = sym_name(&policydb, SYM_CATS, prev);
122
+
nm = sym_name(p, SYM_CATS, prev);
124
123
strcpy(scontextp, nm);
125
124
scontextp += strlen(nm);
126
125
}
···
128
127
*scontextp++ = ':';
129
128
else
130
129
*scontextp++ = ',';
131
-
nm = sym_name(&policydb, SYM_CATS, i);
130
+
nm = sym_name(p, SYM_CATS, i);
132
131
strcpy(scontextp, nm);
133
132
scontextp += strlen(nm);
134
133
head = i;
···
141
140
*scontextp++ = '.';
142
141
else
143
142
*scontextp++ = ',';
144
-
nm = sym_name(&policydb, SYM_CATS, prev);
143
+
nm = sym_name(p, SYM_CATS, prev);
145
144
strcpy(scontextp, nm);
146
145
scontextp += strlen(nm);
147
146
}
···
376
375
* the string `str'. This function will allocate temporary memory with the
377
376
* given constraints of gfp_mask.
378
377
*/
379
-
int mls_from_string(char *str, struct context *context, gfp_t gfp_mask)
378
+
int mls_from_string(struct policydb *p, char *str, struct context *context,
379
+
gfp_t gfp_mask)
380
380
{
381
381
char *tmpstr, *freestr;
382
382
int rc;
383
383
384
-
if (!policydb.mls_enabled)
384
+
if (!p->mls_enabled)
385
385
return -EINVAL;
386
386
387
387
/* we need freestr because mls_context_to_sid will change
···
391
389
if (!tmpstr) {
392
390
rc = -ENOMEM;
393
391
} else {
394
-
rc = mls_context_to_sid(&policydb, ':', &tmpstr, context,
392
+
rc = mls_context_to_sid(p, ':', &tmpstr, context,
395
393
NULL, SECSID_NULL);
396
394
kfree(freestr);
397
395
}
···
419
417
return rc;
420
418
}
421
419
422
-
int mls_setup_user_range(struct context *fromcon, struct user_datum *user,
420
+
int mls_setup_user_range(struct policydb *p,
421
+
struct context *fromcon, struct user_datum *user,
423
422
struct context *usercon)
424
423
{
425
-
if (policydb.mls_enabled) {
424
+
if (p->mls_enabled) {
426
425
struct mls_level *fromcon_sen = &(fromcon->range.level[0]);
427
426
struct mls_level *fromcon_clr = &(fromcon->range.level[1]);
428
427
struct mls_level *user_low = &(user->range.level[0]);
···
473
470
struct ebitmap_node *node;
474
471
int l, i;
475
472
476
-
if (!policydb.mls_enabled)
473
+
if (!oldp->mls_enabled || !newp->mls_enabled)
477
474
return 0;
478
475
479
476
for (l = 0; l < 2; l++) {
···
506
503
return 0;
507
504
}
508
505
509
-
int mls_compute_sid(struct context *scontext,
506
+
int mls_compute_sid(struct policydb *p,
507
+
struct context *scontext,
510
508
struct context *tcontext,
511
509
u16 tclass,
512
510
u32 specified,
···
519
515
struct class_datum *cladatum;
520
516
int default_range = 0;
521
517
522
-
if (!policydb.mls_enabled)
518
+
if (!p->mls_enabled)
523
519
return 0;
524
520
525
521
switch (specified) {
···
528
524
rtr.source_type = scontext->type;
529
525
rtr.target_type = tcontext->type;
530
526
rtr.target_class = tclass;
531
-
r = hashtab_search(policydb.range_tr, &rtr);
527
+
r = hashtab_search(p->range_tr, &rtr);
532
528
if (r)
533
529
return mls_range_set(newcontext, r);
534
530
535
-
if (tclass && tclass <= policydb.p_classes.nprim) {
536
-
cladatum = policydb.class_val_to_struct[tclass - 1];
531
+
if (tclass && tclass <= p->p_classes.nprim) {
532
+
cladatum = p->class_val_to_struct[tclass - 1];
537
533
if (cladatum)
538
534
default_range = cladatum->default_range;
539
535
}
···
555
551
556
552
/* Fallthrough */
557
553
case AVTAB_CHANGE:
558
-
if ((tclass == policydb.process_class) || (sock == true))
554
+
if ((tclass == p->process_class) || (sock == true))
559
555
/* Use the process MLS attributes. */
560
556
return mls_context_cpy(newcontext, scontext);
561
557
else
···
581
577
* NetLabel MLS sensitivity level field.
582
578
*
583
579
*/
584
-
void mls_export_netlbl_lvl(struct context *context,
580
+
void mls_export_netlbl_lvl(struct policydb *p,
581
+
struct context *context,
585
582
struct netlbl_lsm_secattr *secattr)
586
583
{
587
-
if (!policydb.mls_enabled)
584
+
if (!p->mls_enabled)
588
585
return;
589
586
590
587
secattr->attr.mls.lvl = context->range.level[0].sens - 1;
···
602
597
* NetLabel MLS sensitivity level into the context.
603
598
*
604
599
*/
605
-
void mls_import_netlbl_lvl(struct context *context,
600
+
void mls_import_netlbl_lvl(struct policydb *p,
601
+
struct context *context,
606
602
struct netlbl_lsm_secattr *secattr)
607
603
{
608
-
if (!policydb.mls_enabled)
604
+
if (!p->mls_enabled)
609
605
return;
610
606
611
607
context->range.level[0].sens = secattr->attr.mls.lvl + 1;
···
623
617
* MLS category field. Returns zero on success, negative values on failure.
624
618
*
625
619
*/
626
-
int mls_export_netlbl_cat(struct context *context,
620
+
int mls_export_netlbl_cat(struct policydb *p,
621
+
struct context *context,
627
622
struct netlbl_lsm_secattr *secattr)
628
623
{
629
624
int rc;
630
625
631
-
if (!policydb.mls_enabled)
626
+
if (!p->mls_enabled)
632
627
return 0;
633
628
634
629
rc = ebitmap_netlbl_export(&context->range.level[0].cat,
···
652
645
* negative values on failure.
653
646
*
654
647
*/
655
-
int mls_import_netlbl_cat(struct context *context,
648
+
int mls_import_netlbl_cat(struct policydb *p,
649
+
struct context *context,
656
650
struct netlbl_lsm_secattr *secattr)
657
651
{
658
652
int rc;
659
653
660
-
if (!policydb.mls_enabled)
654
+
if (!p->mls_enabled)
661
655
return 0;
662
656
663
657
rc = ebitmap_netlbl_import(&context->range.level[0].cat,
+25
-13
security/selinux/ss/mls.h
+25
-13
security/selinux/ss/mls.h
···
25
25
#include "context.h"
26
26
#include "policydb.h"
27
27
28
-
int mls_compute_context_len(struct context *context);
29
-
void mls_sid_to_context(struct context *context, char **scontext);
28
+
int mls_compute_context_len(struct policydb *p, struct context *context);
29
+
void mls_sid_to_context(struct policydb *p, struct context *context,
30
+
char **scontext);
30
31
int mls_context_isvalid(struct policydb *p, struct context *c);
31
32
int mls_range_isvalid(struct policydb *p, struct mls_range *r);
32
33
int mls_level_isvalid(struct policydb *p, struct mls_level *l);
···
39
38
struct sidtab *s,
40
39
u32 def_sid);
41
40
42
-
int mls_from_string(char *str, struct context *context, gfp_t gfp_mask);
41
+
int mls_from_string(struct policydb *p, char *str, struct context *context,
42
+
gfp_t gfp_mask);
43
43
44
44
int mls_range_set(struct context *context, struct mls_range *range);
45
45
···
48
46
struct policydb *newp,
49
47
struct context *context);
50
48
51
-
int mls_compute_sid(struct context *scontext,
49
+
int mls_compute_sid(struct policydb *p,
50
+
struct context *scontext,
52
51
struct context *tcontext,
53
52
u16 tclass,
54
53
u32 specified,
55
54
struct context *newcontext,
56
55
bool sock);
57
56
58
-
int mls_setup_user_range(struct context *fromcon, struct user_datum *user,
57
+
int mls_setup_user_range(struct policydb *p,
58
+
struct context *fromcon, struct user_datum *user,
59
59
struct context *usercon);
60
60
61
61
#ifdef CONFIG_NETLABEL
62
-
void mls_export_netlbl_lvl(struct context *context,
62
+
void mls_export_netlbl_lvl(struct policydb *p,
63
+
struct context *context,
63
64
struct netlbl_lsm_secattr *secattr);
64
-
void mls_import_netlbl_lvl(struct context *context,
65
+
void mls_import_netlbl_lvl(struct policydb *p,
66
+
struct context *context,
65
67
struct netlbl_lsm_secattr *secattr);
66
-
int mls_export_netlbl_cat(struct context *context,
68
+
int mls_export_netlbl_cat(struct policydb *p,
69
+
struct context *context,
67
70
struct netlbl_lsm_secattr *secattr);
68
-
int mls_import_netlbl_cat(struct context *context,
71
+
int mls_import_netlbl_cat(struct policydb *p,
72
+
struct context *context,
69
73
struct netlbl_lsm_secattr *secattr);
70
74
#else
71
-
static inline void mls_export_netlbl_lvl(struct context *context,
75
+
static inline void mls_export_netlbl_lvl(struct policydb *p,
76
+
struct context *context,
72
77
struct netlbl_lsm_secattr *secattr)
73
78
{
74
79
return;
75
80
}
76
-
static inline void mls_import_netlbl_lvl(struct context *context,
81
+
static inline void mls_import_netlbl_lvl(struct policydb *p,
82
+
struct context *context,
77
83
struct netlbl_lsm_secattr *secattr)
78
84
{
79
85
return;
80
86
}
81
-
static inline int mls_export_netlbl_cat(struct context *context,
87
+
static inline int mls_export_netlbl_cat(struct policydb *p,
88
+
struct context *context,
82
89
struct netlbl_lsm_secattr *secattr)
83
90
{
84
91
return -ENOMEM;
85
92
}
86
-
static inline int mls_import_netlbl_cat(struct context *context,
93
+
static inline int mls_import_netlbl_cat(struct policydb *p,
94
+
struct context *context,
87
95
struct netlbl_lsm_secattr *secattr)
88
96
{
89
97
return -ENOMEM;
+631
-473
security/selinux/ss/services.c
+631
-473
security/selinux/ss/services.c
···
80
80
"nnp_nosuid_transition"
81
81
};
82
82
83
-
int selinux_policycap_netpeer;
84
-
int selinux_policycap_openperm;
85
-
int selinux_policycap_extsockclass;
86
-
int selinux_policycap_alwaysnetwork;
87
-
int selinux_policycap_cgroupseclabel;
88
-
int selinux_policycap_nnp_nosuid_transition;
83
+
static struct selinux_ss selinux_ss;
89
84
90
-
static DEFINE_RWLOCK(policy_rwlock);
91
-
92
-
static struct sidtab sidtab;
93
-
struct policydb policydb;
94
-
int ss_initialized;
95
-
96
-
/*
97
-
* The largest sequence number that has been used when
98
-
* providing an access decision to the access vector cache.
99
-
* The sequence number only changes when a policy change
100
-
* occurs.
101
-
*/
102
-
static u32 latest_granting;
85
+
void selinux_ss_init(struct selinux_ss **ss)
86
+
{
87
+
rwlock_init(&selinux_ss.policy_rwlock);
88
+
mutex_init(&selinux_ss.status_lock);
89
+
*ss = &selinux_ss;
90
+
}
103
91
104
92
/* Forward declaration. */
105
-
static int context_struct_to_string(struct context *context, char **scontext,
93
+
static int context_struct_to_string(struct policydb *policydb,
94
+
struct context *context,
95
+
char **scontext,
106
96
u32 *scontext_len);
107
97
108
-
static void context_struct_compute_av(struct context *scontext,
109
-
struct context *tcontext,
110
-
u16 tclass,
111
-
struct av_decision *avd,
112
-
struct extended_perms *xperms);
113
-
114
-
struct selinux_mapping {
115
-
u16 value; /* policy value */
116
-
unsigned num_perms;
117
-
u32 perms[sizeof(u32) * 8];
118
-
};
119
-
120
-
static struct selinux_mapping *current_mapping;
121
-
static u16 current_mapping_size;
98
+
static void context_struct_compute_av(struct policydb *policydb,
99
+
struct context *scontext,
100
+
struct context *tcontext,
101
+
u16 tclass,
102
+
struct av_decision *avd,
103
+
struct extended_perms *xperms);
122
104
123
105
static int selinux_set_mapping(struct policydb *pol,
124
106
struct security_class_mapping *map,
125
-
struct selinux_mapping **out_map_p,
126
-
u16 *out_map_size)
107
+
struct selinux_map *out_map)
127
108
{
128
-
struct selinux_mapping *out_map = NULL;
129
-
size_t size = sizeof(struct selinux_mapping);
130
109
u16 i, j;
131
110
unsigned k;
132
111
bool print_unknown_handle = false;
···
118
139
i++;
119
140
120
141
/* Allocate space for the class records, plus one for class zero */
121
-
out_map = kcalloc(++i, size, GFP_ATOMIC);
122
-
if (!out_map)
142
+
out_map->mapping = kcalloc(++i, sizeof(*out_map->mapping), GFP_ATOMIC);
143
+
if (!out_map->mapping)
123
144
return -ENOMEM;
124
145
125
146
/* Store the raw class and permission values */
126
147
j = 0;
127
148
while (map[j].name) {
128
149
struct security_class_mapping *p_in = map + (j++);
129
-
struct selinux_mapping *p_out = out_map + j;
150
+
struct selinux_mapping *p_out = out_map->mapping + j;
130
151
131
152
/* An empty class string skips ahead */
132
153
if (!strcmp(p_in->name, "")) {
···
173
194
printk(KERN_INFO "SELinux: the above unknown classes and permissions will be %s\n",
174
195
pol->allow_unknown ? "allowed" : "denied");
175
196
176
-
*out_map_p = out_map;
177
-
*out_map_size = i;
197
+
out_map->size = i;
178
198
return 0;
179
199
err:
180
-
kfree(out_map);
200
+
kfree(out_map->mapping);
201
+
out_map->mapping = NULL;
181
202
return -EINVAL;
182
203
}
183
204
···
185
206
* Get real, policy values from mapped values
186
207
*/
187
208
188
-
static u16 unmap_class(u16 tclass)
209
+
static u16 unmap_class(struct selinux_map *map, u16 tclass)
189
210
{
190
-
if (tclass < current_mapping_size)
191
-
return current_mapping[tclass].value;
211
+
if (tclass < map->size)
212
+
return map->mapping[tclass].value;
192
213
193
214
return tclass;
194
215
}
···
196
217
/*
197
218
* Get kernel value for class from its policy value
198
219
*/
199
-
static u16 map_class(u16 pol_value)
220
+
static u16 map_class(struct selinux_map *map, u16 pol_value)
200
221
{
201
222
u16 i;
202
223
203
-
for (i = 1; i < current_mapping_size; i++) {
204
-
if (current_mapping[i].value == pol_value)
224
+
for (i = 1; i < map->size; i++) {
225
+
if (map->mapping[i].value == pol_value)
205
226
return i;
206
227
}
207
228
208
229
return SECCLASS_NULL;
209
230
}
210
231
211
-
static void map_decision(u16 tclass, struct av_decision *avd,
232
+
static void map_decision(struct selinux_map *map,
233
+
u16 tclass, struct av_decision *avd,
212
234
int allow_unknown)
213
235
{
214
-
if (tclass < current_mapping_size) {
215
-
unsigned i, n = current_mapping[tclass].num_perms;
236
+
if (tclass < map->size) {
237
+
struct selinux_mapping *mapping = &map->mapping[tclass];
238
+
unsigned int i, n = mapping->num_perms;
216
239
u32 result;
217
240
218
241
for (i = 0, result = 0; i < n; i++) {
219
-
if (avd->allowed & current_mapping[tclass].perms[i])
242
+
if (avd->allowed & mapping->perms[i])
220
243
result |= 1<<i;
221
-
if (allow_unknown && !current_mapping[tclass].perms[i])
244
+
if (allow_unknown && !mapping->perms[i])
222
245
result |= 1<<i;
223
246
}
224
247
avd->allowed = result;
225
248
226
249
for (i = 0, result = 0; i < n; i++)
227
-
if (avd->auditallow & current_mapping[tclass].perms[i])
250
+
if (avd->auditallow & mapping->perms[i])
228
251
result |= 1<<i;
229
252
avd->auditallow = result;
230
253
231
254
for (i = 0, result = 0; i < n; i++) {
232
-
if (avd->auditdeny & current_mapping[tclass].perms[i])
255
+
if (avd->auditdeny & mapping->perms[i])
233
256
result |= 1<<i;
234
-
if (!allow_unknown && !current_mapping[tclass].perms[i])
257
+
if (!allow_unknown && !mapping->perms[i])
235
258
result |= 1<<i;
236
259
}
237
260
/*
···
247
266
}
248
267
}
249
268
250
-
int security_mls_enabled(void)
269
+
int security_mls_enabled(struct selinux_state *state)
251
270
{
252
-
return policydb.mls_enabled;
271
+
struct policydb *p = &state->ss->policydb;
272
+
273
+
return p->mls_enabled;
253
274
}
254
275
255
276
/*
···
265
282
* of the process performing the transition. All other callers of
266
283
* constraint_expr_eval should pass in NULL for xcontext.
267
284
*/
268
-
static int constraint_expr_eval(struct context *scontext,
285
+
static int constraint_expr_eval(struct policydb *policydb,
286
+
struct context *scontext,
269
287
struct context *tcontext,
270
288
struct context *xcontext,
271
289
struct constraint_expr *cexpr)
···
310
326
case CEXPR_ROLE:
311
327
val1 = scontext->role;
312
328
val2 = tcontext->role;
313
-
r1 = policydb.role_val_to_struct[val1 - 1];
314
-
r2 = policydb.role_val_to_struct[val2 - 1];
329
+
r1 = policydb->role_val_to_struct[val1 - 1];
330
+
r2 = policydb->role_val_to_struct[val2 - 1];
315
331
switch (e->op) {
316
332
case CEXPR_DOM:
317
333
s[++sp] = ebitmap_get_bit(&r1->dominates,
···
456
472
return 0;
457
473
}
458
474
459
-
static void security_dump_masked_av(struct context *scontext,
475
+
static void security_dump_masked_av(struct policydb *policydb,
476
+
struct context *scontext,
460
477
struct context *tcontext,
461
478
u16 tclass,
462
479
u32 permissions,
···
477
492
if (!permissions)
478
493
return;
479
494
480
-
tclass_name = sym_name(&policydb, SYM_CLASSES, tclass - 1);
481
-
tclass_dat = policydb.class_val_to_struct[tclass - 1];
495
+
tclass_name = sym_name(policydb, SYM_CLASSES, tclass - 1);
496
+
tclass_dat = policydb->class_val_to_struct[tclass - 1];
482
497
common_dat = tclass_dat->comdatum;
483
498
484
499
/* init permission_names */
···
492
507
goto out;
493
508
494
509
/* get scontext/tcontext in text form */
495
-
if (context_struct_to_string(scontext,
510
+
if (context_struct_to_string(policydb, scontext,
496
511
&scontext_name, &length) < 0)
497
512
goto out;
498
513
499
-
if (context_struct_to_string(tcontext,
514
+
if (context_struct_to_string(policydb, tcontext,
500
515
&tcontext_name, &length) < 0)
501
516
goto out;
502
517
···
535
550
* security_boundary_permission - drops violated permissions
536
551
* on boundary constraint.
537
552
*/
538
-
static void type_attribute_bounds_av(struct context *scontext,
553
+
static void type_attribute_bounds_av(struct policydb *policydb,
554
+
struct context *scontext,
539
555
struct context *tcontext,
540
556
u16 tclass,
541
557
struct av_decision *avd)
···
548
562
struct type_datum *target;
549
563
u32 masked = 0;
550
564
551
-
source = flex_array_get_ptr(policydb.type_val_to_struct_array,
565
+
source = flex_array_get_ptr(policydb->type_val_to_struct_array,
552
566
scontext->type - 1);
553
567
BUG_ON(!source);
554
568
555
569
if (!source->bounds)
556
570
return;
557
571
558
-
target = flex_array_get_ptr(policydb.type_val_to_struct_array,
572
+
target = flex_array_get_ptr(policydb->type_val_to_struct_array,
559
573
tcontext->type - 1);
560
574
BUG_ON(!target);
561
575
···
570
584
tcontextp = &lo_tcontext;
571
585
}
572
586
573
-
context_struct_compute_av(&lo_scontext,
587
+
context_struct_compute_av(policydb, &lo_scontext,
574
588
tcontextp,
575
589
tclass,
576
590
&lo_avd,
···
585
599
avd->allowed &= ~masked;
586
600
587
601
/* audit masked permissions */
588
-
security_dump_masked_av(scontext, tcontext,
602
+
security_dump_masked_av(policydb, scontext, tcontext,
589
603
tclass, masked, "bounds");
590
604
}
591
605
···
618
632
* Compute access vectors and extended permissions based on a context
619
633
* structure pair for the permissions in a particular class.
620
634
*/
621
-
static void context_struct_compute_av(struct context *scontext,
622
-
struct context *tcontext,
623
-
u16 tclass,
624
-
struct av_decision *avd,
625
-
struct extended_perms *xperms)
635
+
static void context_struct_compute_av(struct policydb *policydb,
636
+
struct context *scontext,
637
+
struct context *tcontext,
638
+
u16 tclass,
639
+
struct av_decision *avd,
640
+
struct extended_perms *xperms)
626
641
{
627
642
struct constraint_node *constraint;
628
643
struct role_allow *ra;
···
642
655
xperms->len = 0;
643
656
}
644
657
645
-
if (unlikely(!tclass || tclass > policydb.p_classes.nprim)) {
658
+
if (unlikely(!tclass || tclass > policydb->p_classes.nprim)) {
646
659
if (printk_ratelimit())
647
660
printk(KERN_WARNING "SELinux: Invalid class %hu\n", tclass);
648
661
return;
649
662
}
650
663
651
-
tclass_datum = policydb.class_val_to_struct[tclass - 1];
664
+
tclass_datum = policydb->class_val_to_struct[tclass - 1];
652
665
653
666
/*
654
667
* If a specific type enforcement rule was defined for
···
656
669
*/
657
670
avkey.target_class = tclass;
658
671
avkey.specified = AVTAB_AV | AVTAB_XPERMS;
659
-
sattr = flex_array_get(policydb.type_attr_map_array, scontext->type - 1);
672
+
sattr = flex_array_get(policydb->type_attr_map_array,
673
+
scontext->type - 1);
660
674
BUG_ON(!sattr);
661
-
tattr = flex_array_get(policydb.type_attr_map_array, tcontext->type - 1);
675
+
tattr = flex_array_get(policydb->type_attr_map_array,
676
+
tcontext->type - 1);
662
677
BUG_ON(!tattr);
663
678
ebitmap_for_each_positive_bit(sattr, snode, i) {
664
679
ebitmap_for_each_positive_bit(tattr, tnode, j) {
665
680
avkey.source_type = i + 1;
666
681
avkey.target_type = j + 1;
667
-
for (node = avtab_search_node(&policydb.te_avtab, &avkey);
682
+
for (node = avtab_search_node(&policydb->te_avtab,
683
+
&avkey);
668
684
node;
669
685
node = avtab_search_node_next(node, avkey.specified)) {
670
686
if (node->key.specified == AVTAB_ALLOWED)
···
681
691
}
682
692
683
693
/* Check conditional av table for additional permissions */
684
-
cond_compute_av(&policydb.te_cond_avtab, &avkey,
694
+
cond_compute_av(&policydb->te_cond_avtab, &avkey,
685
695
avd, xperms);
686
696
687
697
}
···
694
704
constraint = tclass_datum->constraints;
695
705
while (constraint) {
696
706
if ((constraint->permissions & (avd->allowed)) &&
697
-
!constraint_expr_eval(scontext, tcontext, NULL,
707
+
!constraint_expr_eval(policydb, scontext, tcontext, NULL,
698
708
constraint->expr)) {
699
709
avd->allowed &= ~(constraint->permissions);
700
710
}
···
706
716
* role is changing, then check the (current_role, new_role)
707
717
* pair.
708
718
*/
709
-
if (tclass == policydb.process_class &&
710
-
(avd->allowed & policydb.process_trans_perms) &&
719
+
if (tclass == policydb->process_class &&
720
+
(avd->allowed & policydb->process_trans_perms) &&
711
721
scontext->role != tcontext->role) {
712
-
for (ra = policydb.role_allow; ra; ra = ra->next) {
722
+
for (ra = policydb->role_allow; ra; ra = ra->next) {
713
723
if (scontext->role == ra->role &&
714
724
tcontext->role == ra->new_role)
715
725
break;
716
726
}
717
727
if (!ra)
718
-
avd->allowed &= ~policydb.process_trans_perms;
728
+
avd->allowed &= ~policydb->process_trans_perms;
719
729
}
720
730
721
731
/*
···
723
733
* constraint, lazy checks have to mask any violated
724
734
* permission and notice it to userspace via audit.
725
735
*/
726
-
type_attribute_bounds_av(scontext, tcontext,
736
+
type_attribute_bounds_av(policydb, scontext, tcontext,
727
737
tclass, avd);
728
738
}
729
739
730
-
static int security_validtrans_handle_fail(struct context *ocontext,
740
+
static int security_validtrans_handle_fail(struct selinux_state *state,
741
+
struct context *ocontext,
731
742
struct context *ncontext,
732
743
struct context *tcontext,
733
744
u16 tclass)
734
745
{
746
+
struct policydb *p = &state->ss->policydb;
735
747
char *o = NULL, *n = NULL, *t = NULL;
736
748
u32 olen, nlen, tlen;
737
749
738
-
if (context_struct_to_string(ocontext, &o, &olen))
750
+
if (context_struct_to_string(p, ocontext, &o, &olen))
739
751
goto out;
740
-
if (context_struct_to_string(ncontext, &n, &nlen))
752
+
if (context_struct_to_string(p, ncontext, &n, &nlen))
741
753
goto out;
742
-
if (context_struct_to_string(tcontext, &t, &tlen))
754
+
if (context_struct_to_string(p, tcontext, &t, &tlen))
743
755
goto out;
744
756
audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
745
757
"op=security_validate_transition seresult=denied"
746
758
" oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
747
-
o, n, t, sym_name(&policydb, SYM_CLASSES, tclass-1));
759
+
o, n, t, sym_name(p, SYM_CLASSES, tclass-1));
748
760
out:
749
761
kfree(o);
750
762
kfree(n);
751
763
kfree(t);
752
764
753
-
if (!selinux_enforcing)
765
+
if (!enforcing_enabled(state))
754
766
return 0;
755
767
return -EPERM;
756
768
}
757
769
758
-
static int security_compute_validatetrans(u32 oldsid, u32 newsid, u32 tasksid,
770
+
static int security_compute_validatetrans(struct selinux_state *state,
771
+
u32 oldsid, u32 newsid, u32 tasksid,
759
772
u16 orig_tclass, bool user)
760
773
{
774
+
struct policydb *policydb;
775
+
struct sidtab *sidtab;
761
776
struct context *ocontext;
762
777
struct context *ncontext;
763
778
struct context *tcontext;
···
771
776
u16 tclass;
772
777
int rc = 0;
773
778
774
-
if (!ss_initialized)
779
+
780
+
if (!state->initialized)
775
781
return 0;
776
782
777
-
read_lock(&policy_rwlock);
783
+
read_lock(&state->ss->policy_rwlock);
784
+
785
+
policydb = &state->ss->policydb;
786
+
sidtab = &state->ss->sidtab;
778
787
779
788
if (!user)
780
-
tclass = unmap_class(orig_tclass);
789
+
tclass = unmap_class(&state->ss->map, orig_tclass);
781
790
else
782
791
tclass = orig_tclass;
783
792
784
-
if (!tclass || tclass > policydb.p_classes.nprim) {
793
+
if (!tclass || tclass > policydb->p_classes.nprim) {
785
794
rc = -EINVAL;
786
795
goto out;
787
796
}
788
-
tclass_datum = policydb.class_val_to_struct[tclass - 1];
797
+
tclass_datum = policydb->class_val_to_struct[tclass - 1];
789
798
790
-
ocontext = sidtab_search(&sidtab, oldsid);
799
+
ocontext = sidtab_search(sidtab, oldsid);
791
800
if (!ocontext) {
792
801
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
793
802
__func__, oldsid);
···
799
800
goto out;
800
801
}
801
802
802
-
ncontext = sidtab_search(&sidtab, newsid);
803
+
ncontext = sidtab_search(sidtab, newsid);
803
804
if (!ncontext) {
804
805
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
805
806
__func__, newsid);
···
807
808
goto out;
808
809
}
809
810
810
-
tcontext = sidtab_search(&sidtab, tasksid);
811
+
tcontext = sidtab_search(sidtab, tasksid);
811
812
if (!tcontext) {
812
813
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
813
814
__func__, tasksid);
···
817
818
818
819
constraint = tclass_datum->validatetrans;
819
820
while (constraint) {
820
-
if (!constraint_expr_eval(ocontext, ncontext, tcontext,
821
-
constraint->expr)) {
821
+
if (!constraint_expr_eval(policydb, ocontext, ncontext,
822
+
tcontext, constraint->expr)) {
822
823
if (user)
823
824
rc = -EPERM;
824
825
else
825
-
rc = security_validtrans_handle_fail(ocontext,
826
+
rc = security_validtrans_handle_fail(state,
827
+
ocontext,
826
828
ncontext,
827
829
tcontext,
828
830
tclass);
···
833
833
}
834
834
835
835
out:
836
-
read_unlock(&policy_rwlock);
836
+
read_unlock(&state->ss->policy_rwlock);
837
837
return rc;
838
838
}
839
839
840
-
int security_validate_transition_user(u32 oldsid, u32 newsid, u32 tasksid,
841
-
u16 tclass)
840
+
int security_validate_transition_user(struct selinux_state *state,
841
+
u32 oldsid, u32 newsid, u32 tasksid,
842
+
u16 tclass)
842
843
{
843
-
return security_compute_validatetrans(oldsid, newsid, tasksid,
844
-
tclass, true);
844
+
return security_compute_validatetrans(state, oldsid, newsid, tasksid,
845
+
tclass, true);
845
846
}
846
847
847
-
int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
848
+
int security_validate_transition(struct selinux_state *state,
849
+
u32 oldsid, u32 newsid, u32 tasksid,
848
850
u16 orig_tclass)
849
851
{
850
-
return security_compute_validatetrans(oldsid, newsid, tasksid,
851
-
orig_tclass, false);
852
+
return security_compute_validatetrans(state, oldsid, newsid, tasksid,
853
+
orig_tclass, false);
852
854
}
853
855
854
856
/*
···
862
860
* @oldsid : current security identifier
863
861
* @newsid : destinated security identifier
864
862
*/
865
-
int security_bounded_transition(u32 old_sid, u32 new_sid)
863
+
int security_bounded_transition(struct selinux_state *state,
864
+
u32 old_sid, u32 new_sid)
866
865
{
866
+
struct policydb *policydb;
867
+
struct sidtab *sidtab;
867
868
struct context *old_context, *new_context;
868
869
struct type_datum *type;
869
870
int index;
870
871
int rc;
871
872
872
-
if (!ss_initialized)
873
+
if (!state->initialized)
873
874
return 0;
874
875
875
-
read_lock(&policy_rwlock);
876
+
read_lock(&state->ss->policy_rwlock);
877
+
878
+
policydb = &state->ss->policydb;
879
+
sidtab = &state->ss->sidtab;
876
880
877
881
rc = -EINVAL;
878
-
old_context = sidtab_search(&sidtab, old_sid);
882
+
old_context = sidtab_search(sidtab, old_sid);
879
883
if (!old_context) {
880
884
printk(KERN_ERR "SELinux: %s: unrecognized SID %u\n",
881
885
__func__, old_sid);
···
889
881
}
890
882
891
883
rc = -EINVAL;
892
-
new_context = sidtab_search(&sidtab, new_sid);
884
+
new_context = sidtab_search(sidtab, new_sid);
893
885
if (!new_context) {
894
886
printk(KERN_ERR "SELinux: %s: unrecognized SID %u\n",
895
887
__func__, new_sid);
···
903
895
904
896
index = new_context->type;
905
897
while (true) {
906
-
type = flex_array_get_ptr(policydb.type_val_to_struct_array,
898
+
type = flex_array_get_ptr(policydb->type_val_to_struct_array,
907
899
index - 1);
908
900
BUG_ON(!type);
909
901
···
925
917
char *new_name = NULL;
926
918
u32 length;
927
919
928
-
if (!context_struct_to_string(old_context,
920
+
if (!context_struct_to_string(policydb, old_context,
929
921
&old_name, &length) &&
930
-
!context_struct_to_string(new_context,
922
+
!context_struct_to_string(policydb, new_context,
931
923
&new_name, &length)) {
932
924
audit_log(current->audit_context,
933
925
GFP_ATOMIC, AUDIT_SELINUX_ERR,
···
940
932
kfree(old_name);
941
933
}
942
934
out:
943
-
read_unlock(&policy_rwlock);
935
+
read_unlock(&state->ss->policy_rwlock);
944
936
945
937
return rc;
946
938
}
947
939
948
-
static void avd_init(struct av_decision *avd)
940
+
static void avd_init(struct selinux_state *state, struct av_decision *avd)
949
941
{
950
942
avd->allowed = 0;
951
943
avd->auditallow = 0;
952
944
avd->auditdeny = 0xffffffff;
953
-
avd->seqno = latest_granting;
945
+
avd->seqno = state->ss->latest_granting;
954
946
avd->flags = 0;
955
947
}
956
948
···
1008
1000
}
1009
1001
}
1010
1002
1011
-
void security_compute_xperms_decision(u32 ssid,
1012
-
u32 tsid,
1013
-
u16 orig_tclass,
1014
-
u8 driver,
1015
-
struct extended_perms_decision *xpermd)
1003
+
void security_compute_xperms_decision(struct selinux_state *state,
1004
+
u32 ssid,
1005
+
u32 tsid,
1006
+
u16 orig_tclass,
1007
+
u8 driver,
1008
+
struct extended_perms_decision *xpermd)
1016
1009
{
1010
+
struct policydb *policydb;
1011
+
struct sidtab *sidtab;
1017
1012
u16 tclass;
1018
1013
struct context *scontext, *tcontext;
1019
1014
struct avtab_key avkey;
···
1031
1020
memset(xpermd->auditallow->p, 0, sizeof(xpermd->auditallow->p));
1032
1021
memset(xpermd->dontaudit->p, 0, sizeof(xpermd->dontaudit->p));
1033
1022
1034
-
read_lock(&policy_rwlock);
1035
-
if (!ss_initialized)
1023
+
read_lock(&state->ss->policy_rwlock);
1024
+
if (!state->initialized)
1036
1025
goto allow;
1037
1026
1038
-
scontext = sidtab_search(&sidtab, ssid);
1027
+
policydb = &state->ss->policydb;
1028
+
sidtab = &state->ss->sidtab;
1029
+
1030
+
scontext = sidtab_search(sidtab, ssid);
1039
1031
if (!scontext) {
1040
1032
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
1041
1033
__func__, ssid);
1042
1034
goto out;
1043
1035
}
1044
1036
1045
-
tcontext = sidtab_search(&sidtab, tsid);
1037
+
tcontext = sidtab_search(sidtab, tsid);
1046
1038
if (!tcontext) {
1047
1039
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
1048
1040
__func__, tsid);
1049
1041
goto out;
1050
1042
}
1051
1043
1052
-
tclass = unmap_class(orig_tclass);
1044
+
tclass = unmap_class(&state->ss->map, orig_tclass);
1053
1045
if (unlikely(orig_tclass && !tclass)) {
1054
-
if (policydb.allow_unknown)
1046
+
if (policydb->allow_unknown)
1055
1047
goto allow;
1056
1048
goto out;
1057
1049
}
1058
1050
1059
1051
1060
-
if (unlikely(!tclass || tclass > policydb.p_classes.nprim)) {
1052
+
if (unlikely(!tclass || tclass > policydb->p_classes.nprim)) {
1061
1053
pr_warn_ratelimited("SELinux: Invalid class %hu\n", tclass);
1062
1054
goto out;
1063
1055
}
1064
1056
1065
1057
avkey.target_class = tclass;
1066
1058
avkey.specified = AVTAB_XPERMS;
1067
-
sattr = flex_array_get(policydb.type_attr_map_array,
1059
+
sattr = flex_array_get(policydb->type_attr_map_array,
1068
1060
scontext->type - 1);
1069
1061
BUG_ON(!sattr);
1070
-
tattr = flex_array_get(policydb.type_attr_map_array,
1062
+
tattr = flex_array_get(policydb->type_attr_map_array,
1071
1063
tcontext->type - 1);
1072
1064
BUG_ON(!tattr);
1073
1065
ebitmap_for_each_positive_bit(sattr, snode, i) {
1074
1066
ebitmap_for_each_positive_bit(tattr, tnode, j) {
1075
1067
avkey.source_type = i + 1;
1076
1068
avkey.target_type = j + 1;
1077
-
for (node = avtab_search_node(&policydb.te_avtab, &avkey);
1069
+
for (node = avtab_search_node(&policydb->te_avtab,
1070
+
&avkey);
1078
1071
node;
1079
1072
node = avtab_search_node_next(node, avkey.specified))
1080
1073
services_compute_xperms_decision(xpermd, node);
1081
1074
1082
-
cond_compute_xperms(&policydb.te_cond_avtab,
1075
+
cond_compute_xperms(&policydb->te_cond_avtab,
1083
1076
&avkey, xpermd);
1084
1077
}
1085
1078
}
1086
1079
out:
1087
-
read_unlock(&policy_rwlock);
1080
+
read_unlock(&state->ss->policy_rwlock);
1088
1081
return;
1089
1082
allow:
1090
1083
memset(xpermd->allowed->p, 0xff, sizeof(xpermd->allowed->p));
···
1106
1091
* Compute a set of access vector decisions based on the
1107
1092
* SID pair (@ssid, @tsid) for the permissions in @tclass.
1108
1093
*/
1109
-
void security_compute_av(u32 ssid,
1094
+
void security_compute_av(struct selinux_state *state,
1095
+
u32 ssid,
1110
1096
u32 tsid,
1111
1097
u16 orig_tclass,
1112
1098
struct av_decision *avd,
1113
1099
struct extended_perms *xperms)
1114
1100
{
1101
+
struct policydb *policydb;
1102
+
struct sidtab *sidtab;
1115
1103
u16 tclass;
1116
1104
struct context *scontext = NULL, *tcontext = NULL;
1117
1105
1118
-
read_lock(&policy_rwlock);
1119
-
avd_init(avd);
1106
+
read_lock(&state->ss->policy_rwlock);
1107
+
avd_init(state, avd);
1120
1108
xperms->len = 0;
1121
-
if (!ss_initialized)
1109
+
if (!state->initialized)
1122
1110
goto allow;
1123
1111
1124
-
scontext = sidtab_search(&sidtab, ssid);
1112
+
policydb = &state->ss->policydb;
1113
+
sidtab = &state->ss->sidtab;
1114
+
1115
+
scontext = sidtab_search(sidtab, ssid);
1125
1116
if (!scontext) {
1126
1117
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
1127
1118
__func__, ssid);
···
1135
1114
}
1136
1115
1137
1116
/* permissive domain? */
1138
-
if (ebitmap_get_bit(&policydb.permissive_map, scontext->type))
1117
+
if (ebitmap_get_bit(&policydb->permissive_map, scontext->type))
1139
1118
avd->flags |= AVD_FLAGS_PERMISSIVE;
1140
1119
1141
-
tcontext = sidtab_search(&sidtab, tsid);
1120
+
tcontext = sidtab_search(sidtab, tsid);
1142
1121
if (!tcontext) {
1143
1122
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
1144
1123
__func__, tsid);
1145
1124
goto out;
1146
1125
}
1147
1126
1148
-
tclass = unmap_class(orig_tclass);
1127
+
tclass = unmap_class(&state->ss->map, orig_tclass);
1149
1128
if (unlikely(orig_tclass && !tclass)) {
1150
-
if (policydb.allow_unknown)
1129
+
if (policydb->allow_unknown)
1151
1130
goto allow;
1152
1131
goto out;
1153
1132
}
1154
-
context_struct_compute_av(scontext, tcontext, tclass, avd, xperms);
1155
-
map_decision(orig_tclass, avd, policydb.allow_unknown);
1133
+
context_struct_compute_av(policydb, scontext, tcontext, tclass, avd,
1134
+
xperms);
1135
+
map_decision(&state->ss->map, orig_tclass, avd,
1136
+
policydb->allow_unknown);
1156
1137
out:
1157
-
read_unlock(&policy_rwlock);
1138
+
read_unlock(&state->ss->policy_rwlock);
1158
1139
return;
1159
1140
allow:
1160
1141
avd->allowed = 0xffffffff;
1161
1142
goto out;
1162
1143
}
1163
1144
1164
-
void security_compute_av_user(u32 ssid,
1145
+
void security_compute_av_user(struct selinux_state *state,
1146
+
u32 ssid,
1165
1147
u32 tsid,
1166
1148
u16 tclass,
1167
1149
struct av_decision *avd)
1168
1150
{
1151
+
struct policydb *policydb;
1152
+
struct sidtab *sidtab;
1169
1153
struct context *scontext = NULL, *tcontext = NULL;
1170
1154
1171
-
read_lock(&policy_rwlock);
1172
-
avd_init(avd);
1173
-
if (!ss_initialized)
1155
+
read_lock(&state->ss->policy_rwlock);
1156
+
avd_init(state, avd);
1157
+
if (!state->initialized)
1174
1158
goto allow;
1175
1159
1176
-
scontext = sidtab_search(&sidtab, ssid);
1160
+
policydb = &state->ss->policydb;
1161
+
sidtab = &state->ss->sidtab;
1162
+
1163
+
scontext = sidtab_search(sidtab, ssid);
1177
1164
if (!scontext) {
1178
1165
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
1179
1166
__func__, ssid);
···
1189
1160
}
1190
1161
1191
1162
/* permissive domain? */
1192
-
if (ebitmap_get_bit(&policydb.permissive_map, scontext->type))
1163
+
if (ebitmap_get_bit(&policydb->permissive_map, scontext->type))
1193
1164
avd->flags |= AVD_FLAGS_PERMISSIVE;
1194
1165
1195
-
tcontext = sidtab_search(&sidtab, tsid);
1166
+
tcontext = sidtab_search(sidtab, tsid);
1196
1167
if (!tcontext) {
1197
1168
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
1198
1169
__func__, tsid);
···
1200
1171
}
1201
1172
1202
1173
if (unlikely(!tclass)) {
1203
-
if (policydb.allow_unknown)
1174
+
if (policydb->allow_unknown)
1204
1175
goto allow;
1205
1176
goto out;
1206
1177
}
1207
1178
1208
-
context_struct_compute_av(scontext, tcontext, tclass, avd, NULL);
1179
+
context_struct_compute_av(policydb, scontext, tcontext, tclass, avd,
1180
+
NULL);
1209
1181
out:
1210
-
read_unlock(&policy_rwlock);
1182
+
read_unlock(&state->ss->policy_rwlock);
1211
1183
return;
1212
1184
allow:
1213
1185
avd->allowed = 0xffffffff;
···
1222
1192
* to point to this string and set `*scontext_len' to
1223
1193
* the length of the string.
1224
1194
*/
1225
-
static int context_struct_to_string(struct context *context, char **scontext, u32 *scontext_len)
1195
+
static int context_struct_to_string(struct policydb *p,
1196
+
struct context *context,
1197
+
char **scontext, u32 *scontext_len)
1226
1198
{
1227
1199
char *scontextp;
1228
1200
···
1243
1211
}
1244
1212
1245
1213
/* Compute the size of the context. */
1246
-
*scontext_len += strlen(sym_name(&policydb, SYM_USERS, context->user - 1)) + 1;
1247
-
*scontext_len += strlen(sym_name(&policydb, SYM_ROLES, context->role - 1)) + 1;
1248
-
*scontext_len += strlen(sym_name(&policydb, SYM_TYPES, context->type - 1)) + 1;
1249
-
*scontext_len += mls_compute_context_len(context);
1214
+
*scontext_len += strlen(sym_name(p, SYM_USERS, context->user - 1)) + 1;
1215
+
*scontext_len += strlen(sym_name(p, SYM_ROLES, context->role - 1)) + 1;
1216
+
*scontext_len += strlen(sym_name(p, SYM_TYPES, context->type - 1)) + 1;
1217
+
*scontext_len += mls_compute_context_len(p, context);
1250
1218
1251
1219
if (!scontext)
1252
1220
return 0;
···
1261
1229
* Copy the user name, role name and type name into the context.
1262
1230
*/
1263
1231
scontextp += sprintf(scontextp, "%s:%s:%s",
1264
-
sym_name(&policydb, SYM_USERS, context->user - 1),
1265
-
sym_name(&policydb, SYM_ROLES, context->role - 1),
1266
-
sym_name(&policydb, SYM_TYPES, context->type - 1));
1232
+
sym_name(p, SYM_USERS, context->user - 1),
1233
+
sym_name(p, SYM_ROLES, context->role - 1),
1234
+
sym_name(p, SYM_TYPES, context->type - 1));
1267
1235
1268
-
mls_sid_to_context(context, &scontextp);
1236
+
mls_sid_to_context(p, context, &scontextp);
1269
1237
1270
1238
*scontextp = 0;
1271
1239
···
1281
1249
return initial_sid_to_string[sid];
1282
1250
}
1283
1251
1284
-
static int security_sid_to_context_core(u32 sid, char **scontext,
1252
+
static int security_sid_to_context_core(struct selinux_state *state,
1253
+
u32 sid, char **scontext,
1285
1254
u32 *scontext_len, int force)
1286
1255
{
1256
+
struct policydb *policydb;
1257
+
struct sidtab *sidtab;
1287
1258
struct context *context;
1288
1259
int rc = 0;
1289
1260
···
1294
1259
*scontext = NULL;
1295
1260
*scontext_len = 0;
1296
1261
1297
-
if (!ss_initialized) {
1262
+
if (!state->initialized) {
1298
1263
if (sid <= SECINITSID_NUM) {
1299
1264
char *scontextp;
1300
1265
···
1315
1280
rc = -EINVAL;
1316
1281
goto out;
1317
1282
}
1318
-
read_lock(&policy_rwlock);
1283
+
read_lock(&state->ss->policy_rwlock);
1284
+
policydb = &state->ss->policydb;
1285
+
sidtab = &state->ss->sidtab;
1319
1286
if (force)
1320
-
context = sidtab_search_force(&sidtab, sid);
1287
+
context = sidtab_search_force(sidtab, sid);
1321
1288
else
1322
-
context = sidtab_search(&sidtab, sid);
1289
+
context = sidtab_search(sidtab, sid);
1323
1290
if (!context) {
1324
1291
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
1325
1292
__func__, sid);
1326
1293
rc = -EINVAL;
1327
1294
goto out_unlock;
1328
1295
}
1329
-
rc = context_struct_to_string(context, scontext, scontext_len);
1296
+
rc = context_struct_to_string(policydb, context, scontext,
1297
+
scontext_len);
1330
1298
out_unlock:
1331
-
read_unlock(&policy_rwlock);
1299
+
read_unlock(&state->ss->policy_rwlock);
1332
1300
out:
1333
1301
return rc;
1334
1302
···
1347
1309
* into a dynamically allocated string of the correct size. Set @scontext
1348
1310
* to point to this string and set @scontext_len to the length of the string.
1349
1311
*/
1350
-
int security_sid_to_context(u32 sid, char **scontext, u32 *scontext_len)
1312
+
int security_sid_to_context(struct selinux_state *state,
1313
+
u32 sid, char **scontext, u32 *scontext_len)
1351
1314
{
1352
-
return security_sid_to_context_core(sid, scontext, scontext_len, 0);
1315
+
return security_sid_to_context_core(state, sid, scontext,
1316
+
scontext_len, 0);
1353
1317
}
1354
1318
1355
-
int security_sid_to_context_force(u32 sid, char **scontext, u32 *scontext_len)
1319
+
int security_sid_to_context_force(struct selinux_state *state, u32 sid,
1320
+
char **scontext, u32 *scontext_len)
1356
1321
{
1357
-
return security_sid_to_context_core(sid, scontext, scontext_len, 1);
1322
+
return security_sid_to_context_core(state, sid, scontext,
1323
+
scontext_len, 1);
1358
1324
}
1359
1325
1360
1326
/*
···
1446
1404
return rc;
1447
1405
}
1448
1406
1449
-
static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
1407
+
static int security_context_to_sid_core(struct selinux_state *state,
1408
+
const char *scontext, u32 scontext_len,
1450
1409
u32 *sid, u32 def_sid, gfp_t gfp_flags,
1451
1410
int force)
1452
1411
{
1412
+
struct policydb *policydb;
1413
+
struct sidtab *sidtab;
1453
1414
char *scontext2, *str = NULL;
1454
1415
struct context context;
1455
1416
int rc = 0;
···
1466
1421
if (!scontext2)
1467
1422
return -ENOMEM;
1468
1423
1469
-
if (!ss_initialized) {
1424
+
if (!state->initialized) {
1470
1425
int i;
1471
1426
1472
1427
for (i = 1; i < SECINITSID_NUM; i++) {
···
1487
1442
if (!str)
1488
1443
goto out;
1489
1444
}
1490
-
1491
-
read_lock(&policy_rwlock);
1492
-
rc = string_to_context_struct(&policydb, &sidtab, scontext2,
1445
+
read_lock(&state->ss->policy_rwlock);
1446
+
policydb = &state->ss->policydb;
1447
+
sidtab = &state->ss->sidtab;
1448
+
rc = string_to_context_struct(policydb, sidtab, scontext2,
1493
1449
scontext_len, &context, def_sid);
1494
1450
if (rc == -EINVAL && force) {
1495
1451
context.str = str;
···
1498
1452
str = NULL;
1499
1453
} else if (rc)
1500
1454
goto out_unlock;
1501
-
rc = sidtab_context_to_sid(&sidtab, &context, sid);
1455
+
rc = sidtab_context_to_sid(sidtab, &context, sid);
1502
1456
context_destroy(&context);
1503
1457
out_unlock:
1504
-
read_unlock(&policy_rwlock);
1458
+
read_unlock(&state->ss->policy_rwlock);
1505
1459
out:
1506
1460
kfree(scontext2);
1507
1461
kfree(str);
···
1520
1474
* Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
1521
1475
* memory is available, or 0 on success.
1522
1476
*/
1523
-
int security_context_to_sid(const char *scontext, u32 scontext_len, u32 *sid,
1477
+
int security_context_to_sid(struct selinux_state *state,
1478
+
const char *scontext, u32 scontext_len, u32 *sid,
1524
1479
gfp_t gfp)
1525
1480
{
1526
-
return security_context_to_sid_core(scontext, scontext_len,
1481
+
return security_context_to_sid_core(state, scontext, scontext_len,
1527
1482
sid, SECSID_NULL, gfp, 0);
1528
1483
}
1529
1484
1530
-
int security_context_str_to_sid(const char *scontext, u32 *sid, gfp_t gfp)
1485
+
int security_context_str_to_sid(struct selinux_state *state,
1486
+
const char *scontext, u32 *sid, gfp_t gfp)
1531
1487
{
1532
-
return security_context_to_sid(scontext, strlen(scontext), sid, gfp);
1488
+
return security_context_to_sid(state, scontext, strlen(scontext),
1489
+
sid, gfp);
1533
1490
}
1534
1491
1535
1492
/**
···
1553
1504
* Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
1554
1505
* memory is available, or 0 on success.
1555
1506
*/
1556
-
int security_context_to_sid_default(const char *scontext, u32 scontext_len,
1507
+
int security_context_to_sid_default(struct selinux_state *state,
1508
+
const char *scontext, u32 scontext_len,
1557
1509
u32 *sid, u32 def_sid, gfp_t gfp_flags)
1558
1510
{
1559
-
return security_context_to_sid_core(scontext, scontext_len,
1511
+
return security_context_to_sid_core(state, scontext, scontext_len,
1560
1512
sid, def_sid, gfp_flags, 1);
1561
1513
}
1562
1514
1563
-
int security_context_to_sid_force(const char *scontext, u32 scontext_len,
1515
+
int security_context_to_sid_force(struct selinux_state *state,
1516
+
const char *scontext, u32 scontext_len,
1564
1517
u32 *sid)
1565
1518
{
1566
-
return security_context_to_sid_core(scontext, scontext_len,
1519
+
return security_context_to_sid_core(state, scontext, scontext_len,
1567
1520
sid, SECSID_NULL, GFP_KERNEL, 1);
1568
1521
}
1569
1522
1570
1523
static int compute_sid_handle_invalid_context(
1524
+
struct selinux_state *state,
1571
1525
struct context *scontext,
1572
1526
struct context *tcontext,
1573
1527
u16 tclass,
1574
1528
struct context *newcontext)
1575
1529
{
1530
+
struct policydb *policydb = &state->ss->policydb;
1576
1531
char *s = NULL, *t = NULL, *n = NULL;
1577
1532
u32 slen, tlen, nlen;
1578
1533
1579
-
if (context_struct_to_string(scontext, &s, &slen))
1534
+
if (context_struct_to_string(policydb, scontext, &s, &slen))
1580
1535
goto out;
1581
-
if (context_struct_to_string(tcontext, &t, &tlen))
1536
+
if (context_struct_to_string(policydb, tcontext, &t, &tlen))
1582
1537
goto out;
1583
-
if (context_struct_to_string(newcontext, &n, &nlen))
1538
+
if (context_struct_to_string(policydb, newcontext, &n, &nlen))
1584
1539
goto out;
1585
1540
audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
1586
1541
"op=security_compute_sid invalid_context=%s"
1587
1542
" scontext=%s"
1588
1543
" tcontext=%s"
1589
1544
" tclass=%s",
1590
-
n, s, t, sym_name(&policydb, SYM_CLASSES, tclass-1));
1545
+
n, s, t, sym_name(policydb, SYM_CLASSES, tclass-1));
1591
1546
out:
1592
1547
kfree(s);
1593
1548
kfree(t);
1594
1549
kfree(n);
1595
-
if (!selinux_enforcing)
1550
+
if (!enforcing_enabled(state))
1596
1551
return 0;
1597
1552
return -EACCES;
1598
1553
}
1599
1554
1600
-
static void filename_compute_type(struct policydb *p, struct context *newcontext,
1555
+
static void filename_compute_type(struct policydb *policydb,
1556
+
struct context *newcontext,
1601
1557
u32 stype, u32 ttype, u16 tclass,
1602
1558
const char *objname)
1603
1559
{
···
1614
1560
* like /dev or /var/run. This bitmap will quickly skip rule searches
1615
1561
* if the ttype does not contain any rules.
1616
1562
*/
1617
-
if (!ebitmap_get_bit(&p->filename_trans_ttypes, ttype))
1563
+
if (!ebitmap_get_bit(&policydb->filename_trans_ttypes, ttype))
1618
1564
return;
1619
1565
1620
1566
ft.stype = stype;
···
1622
1568
ft.tclass = tclass;
1623
1569
ft.name = objname;
1624
1570
1625
-
otype = hashtab_search(p->filename_trans, &ft);
1571
+
otype = hashtab_search(policydb->filename_trans, &ft);
1626
1572
if (otype)
1627
1573
newcontext->type = otype->otype;
1628
1574
}
1629
1575
1630
-
static int security_compute_sid(u32 ssid,
1576
+
static int security_compute_sid(struct selinux_state *state,
1577
+
u32 ssid,
1631
1578
u32 tsid,
1632
1579
u16 orig_tclass,
1633
1580
u32 specified,
···
1636
1581
u32 *out_sid,
1637
1582
bool kern)
1638
1583
{
1584
+
struct policydb *policydb;
1585
+
struct sidtab *sidtab;
1639
1586
struct class_datum *cladatum = NULL;
1640
1587
struct context *scontext = NULL, *tcontext = NULL, newcontext;
1641
1588
struct role_trans *roletr = NULL;
···
1648
1591
int rc = 0;
1649
1592
bool sock;
1650
1593
1651
-
if (!ss_initialized) {
1594
+
if (!state->initialized) {
1652
1595
switch (orig_tclass) {
1653
1596
case SECCLASS_PROCESS: /* kernel value */
1654
1597
*out_sid = ssid;
···
1662
1605
1663
1606
context_init(&newcontext);
1664
1607
1665
-
read_lock(&policy_rwlock);
1608
+
read_lock(&state->ss->policy_rwlock);
1666
1609
1667
1610
if (kern) {
1668
-
tclass = unmap_class(orig_tclass);
1611
+
tclass = unmap_class(&state->ss->map, orig_tclass);
1669
1612
sock = security_is_socket_class(orig_tclass);
1670
1613
} else {
1671
1614
tclass = orig_tclass;
1672
-
sock = security_is_socket_class(map_class(tclass));
1615
+
sock = security_is_socket_class(map_class(&state->ss->map,
1616
+
tclass));
1673
1617
}
1674
1618
1675
-
scontext = sidtab_search(&sidtab, ssid);
1619
+
policydb = &state->ss->policydb;
1620
+
sidtab = &state->ss->sidtab;
1621
+
1622
+
scontext = sidtab_search(sidtab, ssid);
1676
1623
if (!scontext) {
1677
1624
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
1678
1625
__func__, ssid);
1679
1626
rc = -EINVAL;
1680
1627
goto out_unlock;
1681
1628
}
1682
-
tcontext = sidtab_search(&sidtab, tsid);
1629
+
tcontext = sidtab_search(sidtab, tsid);
1683
1630
if (!tcontext) {
1684
1631
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
1685
1632
__func__, tsid);
···
1691
1630
goto out_unlock;
1692
1631
}
1693
1632
1694
-
if (tclass && tclass <= policydb.p_classes.nprim)
1695
-
cladatum = policydb.class_val_to_struct[tclass - 1];
1633
+
if (tclass && tclass <= policydb->p_classes.nprim)
1634
+
cladatum = policydb->class_val_to_struct[tclass - 1];
1696
1635
1697
1636
/* Set the user identity. */
1698
1637
switch (specified) {
···
1718
1657
} else if (cladatum && cladatum->default_role == DEFAULT_TARGET) {
1719
1658
newcontext.role = tcontext->role;
1720
1659
} else {
1721
-
if ((tclass == policydb.process_class) || (sock == true))
1660
+
if ((tclass == policydb->process_class) || (sock == true))
1722
1661
newcontext.role = scontext->role;
1723
1662
else
1724
1663
newcontext.role = OBJECT_R_VAL;
···
1730
1669
} else if (cladatum && cladatum->default_type == DEFAULT_TARGET) {
1731
1670
newcontext.type = tcontext->type;
1732
1671
} else {
1733
-
if ((tclass == policydb.process_class) || (sock == true)) {
1672
+
if ((tclass == policydb->process_class) || (sock == true)) {
1734
1673
/* Use the type of process. */
1735
1674
newcontext.type = scontext->type;
1736
1675
} else {
···
1744
1683
avkey.target_type = tcontext->type;
1745
1684
avkey.target_class = tclass;
1746
1685
avkey.specified = specified;
1747
-
avdatum = avtab_search(&policydb.te_avtab, &avkey);
1686
+
avdatum = avtab_search(&policydb->te_avtab, &avkey);
1748
1687
1749
1688
/* If no permanent rule, also check for enabled conditional rules */
1750
1689
if (!avdatum) {
1751
-
node = avtab_search_node(&policydb.te_cond_avtab, &avkey);
1690
+
node = avtab_search_node(&policydb->te_cond_avtab, &avkey);
1752
1691
for (; node; node = avtab_search_node_next(node, specified)) {
1753
1692
if (node->key.specified & AVTAB_ENABLED) {
1754
1693
avdatum = &node->datum;
···
1764
1703
1765
1704
/* if we have a objname this is a file trans check so check those rules */
1766
1705
if (objname)
1767
-
filename_compute_type(&policydb, &newcontext, scontext->type,
1706
+
filename_compute_type(policydb, &newcontext, scontext->type,
1768
1707
tcontext->type, tclass, objname);
1769
1708
1770
1709
/* Check for class-specific changes. */
1771
1710
if (specified & AVTAB_TRANSITION) {
1772
1711
/* Look for a role transition rule. */
1773
-
for (roletr = policydb.role_tr; roletr; roletr = roletr->next) {
1712
+
for (roletr = policydb->role_tr; roletr;
1713
+
roletr = roletr->next) {
1774
1714
if ((roletr->role == scontext->role) &&
1775
1715
(roletr->type == tcontext->type) &&
1776
1716
(roletr->tclass == tclass)) {
···
1784
1722
1785
1723
/* Set the MLS attributes.
1786
1724
This is done last because it may allocate memory. */
1787
-
rc = mls_compute_sid(scontext, tcontext, tclass, specified,
1725
+
rc = mls_compute_sid(policydb, scontext, tcontext, tclass, specified,
1788
1726
&newcontext, sock);
1789
1727
if (rc)
1790
1728
goto out_unlock;
1791
1729
1792
1730
/* Check the validity of the context. */
1793
-
if (!policydb_context_isvalid(&policydb, &newcontext)) {
1794
-
rc = compute_sid_handle_invalid_context(scontext,
1731
+
if (!policydb_context_isvalid(policydb, &newcontext)) {
1732
+
rc = compute_sid_handle_invalid_context(state, scontext,
1795
1733
tcontext,
1796
1734
tclass,
1797
1735
&newcontext);
···
1799
1737
goto out_unlock;
1800
1738
}
1801
1739
/* Obtain the sid for the context. */
1802
-
rc = sidtab_context_to_sid(&sidtab, &newcontext, out_sid);
1740
+
rc = sidtab_context_to_sid(sidtab, &newcontext, out_sid);
1803
1741
out_unlock:
1804
-
read_unlock(&policy_rwlock);
1742
+
read_unlock(&state->ss->policy_rwlock);
1805
1743
context_destroy(&newcontext);
1806
1744
out:
1807
1745
return rc;
···
1820
1758
* if insufficient memory is available, or %0 if the new SID was
1821
1759
* computed successfully.
1822
1760
*/
1823
-
int security_transition_sid(u32 ssid, u32 tsid, u16 tclass,
1761
+
int security_transition_sid(struct selinux_state *state,
1762
+
u32 ssid, u32 tsid, u16 tclass,
1824
1763
const struct qstr *qstr, u32 *out_sid)
1825
1764
{
1826
-
return security_compute_sid(ssid, tsid, tclass, AVTAB_TRANSITION,
1765
+
return security_compute_sid(state, ssid, tsid, tclass,
1766
+
AVTAB_TRANSITION,
1827
1767
qstr ? qstr->name : NULL, out_sid, true);
1828
1768
}
1829
1769
1830
-
int security_transition_sid_user(u32 ssid, u32 tsid, u16 tclass,
1770
+
int security_transition_sid_user(struct selinux_state *state,
1771
+
u32 ssid, u32 tsid, u16 tclass,
1831
1772
const char *objname, u32 *out_sid)
1832
1773
{
1833
-
return security_compute_sid(ssid, tsid, tclass, AVTAB_TRANSITION,
1774
+
return security_compute_sid(state, ssid, tsid, tclass,
1775
+
AVTAB_TRANSITION,
1834
1776
objname, out_sid, false);
1835
1777
}
1836
1778
···
1851
1785
* if insufficient memory is available, or %0 if the SID was
1852
1786
* computed successfully.
1853
1787
*/
1854
-
int security_member_sid(u32 ssid,
1788
+
int security_member_sid(struct selinux_state *state,
1789
+
u32 ssid,
1855
1790
u32 tsid,
1856
1791
u16 tclass,
1857
1792
u32 *out_sid)
1858
1793
{
1859
-
return security_compute_sid(ssid, tsid, tclass, AVTAB_MEMBER, NULL,
1794
+
return security_compute_sid(state, ssid, tsid, tclass,
1795
+
AVTAB_MEMBER, NULL,
1860
1796
out_sid, false);
1861
1797
}
1862
1798
···
1875
1807
* if insufficient memory is available, or %0 if the SID was
1876
1808
* computed successfully.
1877
1809
*/
1878
-
int security_change_sid(u32 ssid,
1810
+
int security_change_sid(struct selinux_state *state,
1811
+
u32 ssid,
1879
1812
u32 tsid,
1880
1813
u16 tclass,
1881
1814
u32 *out_sid)
1882
1815
{
1883
-
return security_compute_sid(ssid, tsid, tclass, AVTAB_CHANGE, NULL,
1816
+
return security_compute_sid(state,
1817
+
ssid, tsid, tclass, AVTAB_CHANGE, NULL,
1884
1818
out_sid, false);
1885
1819
}
1886
1820
···
1899
1829
return 0;
1900
1830
}
1901
1831
1902
-
static inline int convert_context_handle_invalid_context(struct context *context)
1832
+
static inline int convert_context_handle_invalid_context(
1833
+
struct selinux_state *state,
1834
+
struct context *context)
1903
1835
{
1836
+
struct policydb *policydb = &state->ss->policydb;
1904
1837
char *s;
1905
1838
u32 len;
1906
1839
1907
-
if (selinux_enforcing)
1840
+
if (enforcing_enabled(state))
1908
1841
return -EINVAL;
1909
1842
1910
-
if (!context_struct_to_string(context, &s, &len)) {
1843
+
if (!context_struct_to_string(policydb, context, &s, &len)) {
1911
1844
printk(KERN_WARNING "SELinux: Context %s would be invalid if enforcing\n", s);
1912
1845
kfree(s);
1913
1846
}
···
1918
1845
}
1919
1846
1920
1847
struct convert_context_args {
1848
+
struct selinux_state *state;
1921
1849
struct policydb *oldp;
1922
1850
struct policydb *newp;
1923
1851
};
···
2045
1971
2046
1972
/* Check the validity of the new context. */
2047
1973
if (!policydb_context_isvalid(args->newp, c)) {
2048
-
rc = convert_context_handle_invalid_context(&oldc);
1974
+
rc = convert_context_handle_invalid_context(args->state,
1975
+
&oldc);
2049
1976
if (rc)
2050
1977
goto bad;
2051
1978
}
···
2058
1983
return rc;
2059
1984
bad:
2060
1985
/* Map old representation to string and save it. */
2061
-
rc = context_struct_to_string(&oldc, &s, &len);
1986
+
rc = context_struct_to_string(args->oldp, &oldc, &s, &len);
2062
1987
if (rc)
2063
1988
return rc;
2064
1989
context_destroy(&oldc);
···
2071
1996
goto out;
2072
1997
}
2073
1998
2074
-
static void security_load_policycaps(void)
1999
+
static void security_load_policycaps(struct selinux_state *state)
2075
2000
{
2001
+
struct policydb *p = &state->ss->policydb;
2076
2002
unsigned int i;
2077
2003
struct ebitmap_node *node;
2078
2004
2079
-
selinux_policycap_netpeer = ebitmap_get_bit(&policydb.policycaps,
2080
-
POLICYDB_CAPABILITY_NETPEER);
2081
-
selinux_policycap_openperm = ebitmap_get_bit(&policydb.policycaps,
2082
-
POLICYDB_CAPABILITY_OPENPERM);
2083
-
selinux_policycap_extsockclass = ebitmap_get_bit(&policydb.policycaps,
2084
-
POLICYDB_CAPABILITY_EXTSOCKCLASS);
2085
-
selinux_policycap_alwaysnetwork = ebitmap_get_bit(&policydb.policycaps,
2086
-
POLICYDB_CAPABILITY_ALWAYSNETWORK);
2087
-
selinux_policycap_cgroupseclabel =
2088
-
ebitmap_get_bit(&policydb.policycaps,
2089
-
POLICYDB_CAPABILITY_CGROUPSECLABEL);
2090
-
selinux_policycap_nnp_nosuid_transition =
2091
-
ebitmap_get_bit(&policydb.policycaps,
2092
-
POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION);
2005
+
for (i = 0; i < ARRAY_SIZE(state->policycap); i++)
2006
+
state->policycap[i] = ebitmap_get_bit(&p->policycaps, i);
2093
2007
2094
2008
for (i = 0; i < ARRAY_SIZE(selinux_policycap_names); i++)
2095
2009
pr_info("SELinux: policy capability %s=%d\n",
2096
2010
selinux_policycap_names[i],
2097
-
ebitmap_get_bit(&policydb.policycaps, i));
2011
+
ebitmap_get_bit(&p->policycaps, i));
2098
2012
2099
-
ebitmap_for_each_positive_bit(&policydb.policycaps, node, i) {
2013
+
ebitmap_for_each_positive_bit(&p->policycaps, node, i) {
2100
2014
if (i >= ARRAY_SIZE(selinux_policycap_names))
2101
2015
pr_info("SELinux: unknown policy capability %u\n",
2102
2016
i);
2103
2017
}
2104
2018
}
2105
2019
2106
-
static int security_preserve_bools(struct policydb *p);
2020
+
static int security_preserve_bools(struct selinux_state *state,
2021
+
struct policydb *newpolicydb);
2107
2022
2108
2023
/**
2109
2024
* security_load_policy - Load a security policy configuration.
···
2105
2040
* This function will flush the access vector cache after
2106
2041
* loading the new policy.
2107
2042
*/
2108
-
int security_load_policy(void *data, size_t len)
2043
+
int security_load_policy(struct selinux_state *state, void *data, size_t len)
2109
2044
{
2045
+
struct policydb *policydb;
2046
+
struct sidtab *sidtab;
2110
2047
struct policydb *oldpolicydb, *newpolicydb;
2111
2048
struct sidtab oldsidtab, newsidtab;
2112
-
struct selinux_mapping *oldmap, *map = NULL;
2049
+
struct selinux_mapping *oldmapping;
2050
+
struct selinux_map newmap;
2113
2051
struct convert_context_args args;
2114
2052
u32 seqno;
2115
-
u16 map_size;
2116
2053
int rc = 0;
2117
2054
struct policy_file file = { data, len }, *fp = &file;
2118
2055
···
2125
2058
}
2126
2059
newpolicydb = oldpolicydb + 1;
2127
2060
2128
-
if (!ss_initialized) {
2129
-
avtab_cache_init();
2130
-
ebitmap_cache_init();
2131
-
hashtab_cache_init();
2132
-
rc = policydb_read(&policydb, fp);
2061
+
policydb = &state->ss->policydb;
2062
+
sidtab = &state->ss->sidtab;
2063
+
2064
+
if (!state->initialized) {
2065
+
rc = policydb_read(policydb, fp);
2066
+
if (rc)
2067
+
goto out;
2068
+
2069
+
policydb->len = len;
2070
+
rc = selinux_set_mapping(policydb, secclass_map,
2071
+
&state->ss->map);
2133
2072
if (rc) {
2134
-
avtab_cache_destroy();
2135
-
ebitmap_cache_destroy();
2136
-
hashtab_cache_destroy();
2073
+
policydb_destroy(policydb);
2137
2074
goto out;
2138
2075
}
2139
2076
2140
-
policydb.len = len;
2141
-
rc = selinux_set_mapping(&policydb, secclass_map,
2142
-
¤t_mapping,
2143
-
¤t_mapping_size);
2077
+
rc = policydb_load_isids(policydb, sidtab);
2144
2078
if (rc) {
2145
-
policydb_destroy(&policydb);
2146
-
avtab_cache_destroy();
2147
-
ebitmap_cache_destroy();
2148
-
hashtab_cache_destroy();
2079
+
policydb_destroy(policydb);
2149
2080
goto out;
2150
2081
}
2151
2082
2152
-
rc = policydb_load_isids(&policydb, &sidtab);
2153
-
if (rc) {
2154
-
policydb_destroy(&policydb);
2155
-
avtab_cache_destroy();
2156
-
ebitmap_cache_destroy();
2157
-
hashtab_cache_destroy();
2158
-
goto out;
2159
-
}
2160
-
2161
-
security_load_policycaps();
2162
-
ss_initialized = 1;
2163
-
seqno = ++latest_granting;
2083
+
security_load_policycaps(state);
2084
+
state->initialized = 1;
2085
+
seqno = ++state->ss->latest_granting;
2164
2086
selinux_complete_init();
2165
-
avc_ss_reset(seqno);
2087
+
avc_ss_reset(state->avc, seqno);
2166
2088
selnl_notify_policyload(seqno);
2167
-
selinux_status_update_policyload(seqno);
2089
+
selinux_status_update_policyload(state, seqno);
2168
2090
selinux_netlbl_cache_invalidate();
2169
2091
selinux_xfrm_notify_policyload();
2170
2092
goto out;
2171
2093
}
2172
2094
2173
2095
#if 0
2174
-
sidtab_hash_eval(&sidtab, "sids");
2096
+
sidtab_hash_eval(sidtab, "sids");
2175
2097
#endif
2176
2098
2177
2099
rc = policydb_read(newpolicydb, fp);
···
2169
2113
2170
2114
newpolicydb->len = len;
2171
2115
/* If switching between different policy types, log MLS status */
2172
-
if (policydb.mls_enabled && !newpolicydb->mls_enabled)
2116
+
if (policydb->mls_enabled && !newpolicydb->mls_enabled)
2173
2117
printk(KERN_INFO "SELinux: Disabling MLS support...\n");
2174
-
else if (!policydb.mls_enabled && newpolicydb->mls_enabled)
2118
+
else if (!policydb->mls_enabled && newpolicydb->mls_enabled)
2175
2119
printk(KERN_INFO "SELinux: Enabling MLS support...\n");
2176
2120
2177
2121
rc = policydb_load_isids(newpolicydb, &newsidtab);
···
2181
2125
goto out;
2182
2126
}
2183
2127
2184
-
rc = selinux_set_mapping(newpolicydb, secclass_map, &map, &map_size);
2128
+
rc = selinux_set_mapping(newpolicydb, secclass_map, &newmap);
2185
2129
if (rc)
2186
2130
goto err;
2187
2131
2188
-
rc = security_preserve_bools(newpolicydb);
2132
+
rc = security_preserve_bools(state, newpolicydb);
2189
2133
if (rc) {
2190
2134
printk(KERN_ERR "SELinux: unable to preserve booleans\n");
2191
2135
goto err;
2192
2136
}
2193
2137
2194
2138
/* Clone the SID table. */
2195
-
sidtab_shutdown(&sidtab);
2139
+
sidtab_shutdown(sidtab);
2196
2140
2197
-
rc = sidtab_map(&sidtab, clone_sid, &newsidtab);
2141
+
rc = sidtab_map(sidtab, clone_sid, &newsidtab);
2198
2142
if (rc)
2199
2143
goto err;
2200
2144
···
2202
2146
* Convert the internal representations of contexts
2203
2147
* in the new SID table.
2204
2148
*/
2205
-
args.oldp = &policydb;
2149
+
args.state = state;
2150
+
args.oldp = policydb;
2206
2151
args.newp = newpolicydb;
2207
2152
rc = sidtab_map(&newsidtab, convert_context, &args);
2208
2153
if (rc) {
···
2214
2157
}
2215
2158
2216
2159
/* Save the old policydb and SID table to free later. */
2217
-
memcpy(oldpolicydb, &policydb, sizeof(policydb));
2218
-
sidtab_set(&oldsidtab, &sidtab);
2160
+
memcpy(oldpolicydb, policydb, sizeof(*policydb));
2161
+
sidtab_set(&oldsidtab, sidtab);
2219
2162
2220
2163
/* Install the new policydb and SID table. */
2221
-
write_lock_irq(&policy_rwlock);
2222
-
memcpy(&policydb, newpolicydb, sizeof(policydb));
2223
-
sidtab_set(&sidtab, &newsidtab);
2224
-
security_load_policycaps();
2225
-
oldmap = current_mapping;
2226
-
current_mapping = map;
2227
-
current_mapping_size = map_size;
2228
-
seqno = ++latest_granting;
2229
-
write_unlock_irq(&policy_rwlock);
2164
+
write_lock_irq(&state->ss->policy_rwlock);
2165
+
memcpy(policydb, newpolicydb, sizeof(*policydb));
2166
+
sidtab_set(sidtab, &newsidtab);
2167
+
security_load_policycaps(state);
2168
+
oldmapping = state->ss->map.mapping;
2169
+
state->ss->map.mapping = newmap.mapping;
2170
+
state->ss->map.size = newmap.size;
2171
+
seqno = ++state->ss->latest_granting;
2172
+
write_unlock_irq(&state->ss->policy_rwlock);
2230
2173
2231
2174
/* Free the old policydb and SID table. */
2232
2175
policydb_destroy(oldpolicydb);
2233
2176
sidtab_destroy(&oldsidtab);
2234
-
kfree(oldmap);
2177
+
kfree(oldmapping);
2235
2178
2236
-
avc_ss_reset(seqno);
2179
+
avc_ss_reset(state->avc, seqno);
2237
2180
selnl_notify_policyload(seqno);
2238
-
selinux_status_update_policyload(seqno);
2181
+
selinux_status_update_policyload(state, seqno);
2239
2182
selinux_netlbl_cache_invalidate();
2240
2183
selinux_xfrm_notify_policyload();
2241
2184
···
2243
2186
goto out;
2244
2187
2245
2188
err:
2246
-
kfree(map);
2189
+
kfree(newmap.mapping);
2247
2190
sidtab_destroy(&newsidtab);
2248
2191
policydb_destroy(newpolicydb);
2249
2192
···
2252
2195
return rc;
2253
2196
}
2254
2197
2255
-
size_t security_policydb_len(void)
2198
+
size_t security_policydb_len(struct selinux_state *state)
2256
2199
{
2200
+
struct policydb *p = &state->ss->policydb;
2257
2201
size_t len;
2258
2202
2259
-
read_lock(&policy_rwlock);
2260
-
len = policydb.len;
2261
-
read_unlock(&policy_rwlock);
2203
+
read_lock(&state->ss->policy_rwlock);
2204
+
len = p->len;
2205
+
read_unlock(&state->ss->policy_rwlock);
2262
2206
2263
2207
return len;
2264
2208
}
···
2270
2212
* @port: port number
2271
2213
* @out_sid: security identifier
2272
2214
*/
2273
-
int security_port_sid(u8 protocol, u16 port, u32 *out_sid)
2215
+
int security_port_sid(struct selinux_state *state,
2216
+
u8 protocol, u16 port, u32 *out_sid)
2274
2217
{
2218
+
struct policydb *policydb;
2219
+
struct sidtab *sidtab;
2275
2220
struct ocontext *c;
2276
2221
int rc = 0;
2277
2222
2278
-
read_lock(&policy_rwlock);
2223
+
read_lock(&state->ss->policy_rwlock);
2279
2224
2280
-
c = policydb.ocontexts[OCON_PORT];
2225
+
policydb = &state->ss->policydb;
2226
+
sidtab = &state->ss->sidtab;
2227
+
2228
+
c = policydb->ocontexts[OCON_PORT];
2281
2229
while (c) {
2282
2230
if (c->u.port.protocol == protocol &&
2283
2231
c->u.port.low_port <= port &&
···
2294
2230
2295
2231
if (c) {
2296
2232
if (!c->sid[0]) {
2297
-
rc = sidtab_context_to_sid(&sidtab,
2233
+
rc = sidtab_context_to_sid(sidtab,
2298
2234
&c->context[0],
2299
2235
&c->sid[0]);
2300
2236
if (rc)
···
2306
2242
}
2307
2243
2308
2244
out:
2309
-
read_unlock(&policy_rwlock);
2245
+
read_unlock(&state->ss->policy_rwlock);
2310
2246
return rc;
2311
2247
}
2312
2248
···
2316
2252
* @pkey_num: pkey number
2317
2253
* @out_sid: security identifier
2318
2254
*/
2319
-
int security_ib_pkey_sid(u64 subnet_prefix, u16 pkey_num, u32 *out_sid)
2255
+
int security_ib_pkey_sid(struct selinux_state *state,
2256
+
u64 subnet_prefix, u16 pkey_num, u32 *out_sid)
2320
2257
{
2258
+
struct policydb *policydb;
2259
+
struct sidtab *sidtab;
2321
2260
struct ocontext *c;
2322
2261
int rc = 0;
2323
2262
2324
-
read_lock(&policy_rwlock);
2263
+
read_lock(&state->ss->policy_rwlock);
2325
2264
2326
-
c = policydb.ocontexts[OCON_IBPKEY];
2265
+
policydb = &state->ss->policydb;
2266
+
sidtab = &state->ss->sidtab;
2267
+
2268
+
c = policydb->ocontexts[OCON_IBPKEY];
2327
2269
while (c) {
2328
2270
if (c->u.ibpkey.low_pkey <= pkey_num &&
2329
2271
c->u.ibpkey.high_pkey >= pkey_num &&
···
2341
2271
2342
2272
if (c) {
2343
2273
if (!c->sid[0]) {
2344
-
rc = sidtab_context_to_sid(&sidtab,
2274
+
rc = sidtab_context_to_sid(sidtab,
2345
2275
&c->context[0],
2346
2276
&c->sid[0]);
2347
2277
if (rc)
···
2352
2282
*out_sid = SECINITSID_UNLABELED;
2353
2283
2354
2284
out:
2355
-
read_unlock(&policy_rwlock);
2285
+
read_unlock(&state->ss->policy_rwlock);
2356
2286
return rc;
2357
2287
}
2358
2288
···
2362
2292
* @port: port number
2363
2293
* @out_sid: security identifier
2364
2294
*/
2365
-
int security_ib_endport_sid(const char *dev_name, u8 port_num, u32 *out_sid)
2295
+
int security_ib_endport_sid(struct selinux_state *state,
2296
+
const char *dev_name, u8 port_num, u32 *out_sid)
2366
2297
{
2298
+
struct policydb *policydb;
2299
+
struct sidtab *sidtab;
2367
2300
struct ocontext *c;
2368
2301
int rc = 0;
2369
2302
2370
-
read_lock(&policy_rwlock);
2303
+
read_lock(&state->ss->policy_rwlock);
2371
2304
2372
-
c = policydb.ocontexts[OCON_IBENDPORT];
2305
+
policydb = &state->ss->policydb;
2306
+
sidtab = &state->ss->sidtab;
2307
+
2308
+
c = policydb->ocontexts[OCON_IBENDPORT];
2373
2309
while (c) {
2374
2310
if (c->u.ibendport.port == port_num &&
2375
2311
!strncmp(c->u.ibendport.dev_name,
···
2388
2312
2389
2313
if (c) {
2390
2314
if (!c->sid[0]) {
2391
-
rc = sidtab_context_to_sid(&sidtab,
2315
+
rc = sidtab_context_to_sid(sidtab,
2392
2316
&c->context[0],
2393
2317
&c->sid[0]);
2394
2318
if (rc)
···
2399
2323
*out_sid = SECINITSID_UNLABELED;
2400
2324
2401
2325
out:
2402
-
read_unlock(&policy_rwlock);
2326
+
read_unlock(&state->ss->policy_rwlock);
2403
2327
return rc;
2404
2328
}
2405
2329
···
2408
2332
* @name: interface name
2409
2333
* @if_sid: interface SID
2410
2334
*/
2411
-
int security_netif_sid(char *name, u32 *if_sid)
2335
+
int security_netif_sid(struct selinux_state *state,
2336
+
char *name, u32 *if_sid)
2412
2337
{
2338
+
struct policydb *policydb;
2339
+
struct sidtab *sidtab;
2413
2340
int rc = 0;
2414
2341
struct ocontext *c;
2415
2342
2416
-
read_lock(&policy_rwlock);
2343
+
read_lock(&state->ss->policy_rwlock);
2417
2344
2418
-
c = policydb.ocontexts[OCON_NETIF];
2345
+
policydb = &state->ss->policydb;
2346
+
sidtab = &state->ss->sidtab;
2347
+
2348
+
c = policydb->ocontexts[OCON_NETIF];
2419
2349
while (c) {
2420
2350
if (strcmp(name, c->u.name) == 0)
2421
2351
break;
···
2430
2348
2431
2349
if (c) {
2432
2350
if (!c->sid[0] || !c->sid[1]) {
2433
-
rc = sidtab_context_to_sid(&sidtab,
2351
+
rc = sidtab_context_to_sid(sidtab,
2434
2352
&c->context[0],
2435
2353
&c->sid[0]);
2436
2354
if (rc)
2437
2355
goto out;
2438
-
rc = sidtab_context_to_sid(&sidtab,
2356
+
rc = sidtab_context_to_sid(sidtab,
2439
2357
&c->context[1],
2440
2358
&c->sid[1]);
2441
2359
if (rc)
···
2446
2364
*if_sid = SECINITSID_NETIF;
2447
2365
2448
2366
out:
2449
-
read_unlock(&policy_rwlock);
2367
+
read_unlock(&state->ss->policy_rwlock);
2450
2368
return rc;
2451
2369
}
2452
2370
···
2470
2388
* @addrlen: address length in bytes
2471
2389
* @out_sid: security identifier
2472
2390
*/
2473
-
int security_node_sid(u16 domain,
2391
+
int security_node_sid(struct selinux_state *state,
2392
+
u16 domain,
2474
2393
void *addrp,
2475
2394
u32 addrlen,
2476
2395
u32 *out_sid)
2477
2396
{
2397
+
struct policydb *policydb;
2398
+
struct sidtab *sidtab;
2478
2399
int rc;
2479
2400
struct ocontext *c;
2480
2401
2481
-
read_lock(&policy_rwlock);
2402
+
read_lock(&state->ss->policy_rwlock);
2403
+
2404
+
policydb = &state->ss->policydb;
2405
+
sidtab = &state->ss->sidtab;
2482
2406
2483
2407
switch (domain) {
2484
2408
case AF_INET: {
···
2496
2408
2497
2409
addr = *((u32 *)addrp);
2498
2410
2499
-
c = policydb.ocontexts[OCON_NODE];
2411
+
c = policydb->ocontexts[OCON_NODE];
2500
2412
while (c) {
2501
2413
if (c->u.node.addr == (addr & c->u.node.mask))
2502
2414
break;
···
2509
2421
rc = -EINVAL;
2510
2422
if (addrlen != sizeof(u64) * 2)
2511
2423
goto out;
2512
-
c = policydb.ocontexts[OCON_NODE6];
2424
+
c = policydb->ocontexts[OCON_NODE6];
2513
2425
while (c) {
2514
2426
if (match_ipv6_addrmask(addrp, c->u.node6.addr,
2515
2427
c->u.node6.mask))
···
2526
2438
2527
2439
if (c) {
2528
2440
if (!c->sid[0]) {
2529
-
rc = sidtab_context_to_sid(&sidtab,
2441
+
rc = sidtab_context_to_sid(sidtab,
2530
2442
&c->context[0],
2531
2443
&c->sid[0]);
2532
2444
if (rc)
···
2539
2451
2540
2452
rc = 0;
2541
2453
out:
2542
-
read_unlock(&policy_rwlock);
2454
+
read_unlock(&state->ss->policy_rwlock);
2543
2455
return rc;
2544
2456
}
2545
2457
···
2559
2471
* number of elements in the array.
2560
2472
*/
2561
2473
2562
-
int security_get_user_sids(u32 fromsid,
2474
+
int security_get_user_sids(struct selinux_state *state,
2475
+
u32 fromsid,
2563
2476
char *username,
2564
2477
u32 **sids,
2565
2478
u32 *nel)
2566
2479
{
2480
+
struct policydb *policydb;
2481
+
struct sidtab *sidtab;
2567
2482
struct context *fromcon, usercon;
2568
2483
u32 *mysids = NULL, *mysids2, sid;
2569
2484
u32 mynel = 0, maxnel = SIDS_NEL;
···
2578
2487
*sids = NULL;
2579
2488
*nel = 0;
2580
2489
2581
-
if (!ss_initialized)
2490
+
if (!state->initialized)
2582
2491
goto out;
2583
2492
2584
-
read_lock(&policy_rwlock);
2493
+
read_lock(&state->ss->policy_rwlock);
2494
+
2495
+
policydb = &state->ss->policydb;
2496
+
sidtab = &state->ss->sidtab;
2585
2497
2586
2498
context_init(&usercon);
2587
2499
2588
2500
rc = -EINVAL;
2589
-
fromcon = sidtab_search(&sidtab, fromsid);
2501
+
fromcon = sidtab_search(sidtab, fromsid);
2590
2502
if (!fromcon)
2591
2503
goto out_unlock;
2592
2504
2593
2505
rc = -EINVAL;
2594
-
user = hashtab_search(policydb.p_users.table, username);
2506
+
user = hashtab_search(policydb->p_users.table, username);
2595
2507
if (!user)
2596
2508
goto out_unlock;
2597
2509
···
2606
2512
goto out_unlock;
2607
2513
2608
2514
ebitmap_for_each_positive_bit(&user->roles, rnode, i) {
2609
-
role = policydb.role_val_to_struct[i];
2515
+
role = policydb->role_val_to_struct[i];
2610
2516
usercon.role = i + 1;
2611
2517
ebitmap_for_each_positive_bit(&role->types, tnode, j) {
2612
2518
usercon.type = j + 1;
2613
2519
2614
-
if (mls_setup_user_range(fromcon, user, &usercon))
2520
+
if (mls_setup_user_range(policydb, fromcon, user,
2521
+
&usercon))
2615
2522
continue;
2616
2523
2617
-
rc = sidtab_context_to_sid(&sidtab, &usercon, &sid);
2524
+
rc = sidtab_context_to_sid(sidtab, &usercon, &sid);
2618
2525
if (rc)
2619
2526
goto out_unlock;
2620
2527
if (mynel < maxnel) {
···
2635
2540
}
2636
2541
rc = 0;
2637
2542
out_unlock:
2638
-
read_unlock(&policy_rwlock);
2543
+
read_unlock(&state->ss->policy_rwlock);
2639
2544
if (rc || !mynel) {
2640
2545
kfree(mysids);
2641
2546
goto out;
···
2649
2554
}
2650
2555
for (i = 0, j = 0; i < mynel; i++) {
2651
2556
struct av_decision dummy_avd;
2652
-
rc = avc_has_perm_noaudit(fromsid, mysids[i],
2557
+
rc = avc_has_perm_noaudit(state,
2558
+
fromsid, mysids[i],
2653
2559
SECCLASS_PROCESS, /* kernel value */
2654
2560
PROCESS__TRANSITION, AVC_STRICT,
2655
2561
&dummy_avd);
···
2679
2583
*
2680
2584
* The caller must acquire the policy_rwlock before calling this function.
2681
2585
*/
2682
-
static inline int __security_genfs_sid(const char *fstype,
2586
+
static inline int __security_genfs_sid(struct selinux_state *state,
2587
+
const char *fstype,
2683
2588
char *path,
2684
2589
u16 orig_sclass,
2685
2590
u32 *sid)
2686
2591
{
2592
+
struct policydb *policydb = &state->ss->policydb;
2593
+
struct sidtab *sidtab = &state->ss->sidtab;
2687
2594
int len;
2688
2595
u16 sclass;
2689
2596
struct genfs *genfs;
···
2696
2597
while (path[0] == '/' && path[1] == '/')
2697
2598
path++;
2698
2599
2699
-
sclass = unmap_class(orig_sclass);
2600
+
sclass = unmap_class(&state->ss->map, orig_sclass);
2700
2601
*sid = SECINITSID_UNLABELED;
2701
2602
2702
-
for (genfs = policydb.genfs; genfs; genfs = genfs->next) {
2603
+
for (genfs = policydb->genfs; genfs; genfs = genfs->next) {
2703
2604
cmp = strcmp(fstype, genfs->fstype);
2704
2605
if (cmp <= 0)
2705
2606
break;
···
2721
2622
goto out;
2722
2623
2723
2624
if (!c->sid[0]) {
2724
-
rc = sidtab_context_to_sid(&sidtab, &c->context[0], &c->sid[0]);
2625
+
rc = sidtab_context_to_sid(sidtab, &c->context[0], &c->sid[0]);
2725
2626
if (rc)
2726
2627
goto out;
2727
2628
}
···
2742
2643
* Acquire policy_rwlock before calling __security_genfs_sid() and release
2743
2644
* it afterward.
2744
2645
*/
2745
-
int security_genfs_sid(const char *fstype,
2646
+
int security_genfs_sid(struct selinux_state *state,
2647
+
const char *fstype,
2746
2648
char *path,
2747
2649
u16 orig_sclass,
2748
2650
u32 *sid)
2749
2651
{
2750
2652
int retval;
2751
2653
2752
-
read_lock(&policy_rwlock);
2753
-
retval = __security_genfs_sid(fstype, path, orig_sclass, sid);
2754
-
read_unlock(&policy_rwlock);
2654
+
read_lock(&state->ss->policy_rwlock);
2655
+
retval = __security_genfs_sid(state, fstype, path, orig_sclass, sid);
2656
+
read_unlock(&state->ss->policy_rwlock);
2755
2657
return retval;
2756
2658
}
2757
2659
···
2760
2660
* security_fs_use - Determine how to handle labeling for a filesystem.
2761
2661
* @sb: superblock in question
2762
2662
*/
2763
-
int security_fs_use(struct super_block *sb)
2663
+
int security_fs_use(struct selinux_state *state, struct super_block *sb)
2764
2664
{
2665
+
struct policydb *policydb;
2666
+
struct sidtab *sidtab;
2765
2667
int rc = 0;
2766
2668
struct ocontext *c;
2767
2669
struct superblock_security_struct *sbsec = sb->s_security;
2768
2670
const char *fstype = sb->s_type->name;
2769
2671
2770
-
read_lock(&policy_rwlock);
2672
+
read_lock(&state->ss->policy_rwlock);
2771
2673
2772
-
c = policydb.ocontexts[OCON_FSUSE];
2674
+
policydb = &state->ss->policydb;
2675
+
sidtab = &state->ss->sidtab;
2676
+
2677
+
c = policydb->ocontexts[OCON_FSUSE];
2773
2678
while (c) {
2774
2679
if (strcmp(fstype, c->u.name) == 0)
2775
2680
break;
···
2784
2679
if (c) {
2785
2680
sbsec->behavior = c->v.behavior;
2786
2681
if (!c->sid[0]) {
2787
-
rc = sidtab_context_to_sid(&sidtab, &c->context[0],
2682
+
rc = sidtab_context_to_sid(sidtab, &c->context[0],
2788
2683
&c->sid[0]);
2789
2684
if (rc)
2790
2685
goto out;
2791
2686
}
2792
2687
sbsec->sid = c->sid[0];
2793
2688
} else {
2794
-
rc = __security_genfs_sid(fstype, "/", SECCLASS_DIR,
2689
+
rc = __security_genfs_sid(state, fstype, "/", SECCLASS_DIR,
2795
2690
&sbsec->sid);
2796
2691
if (rc) {
2797
2692
sbsec->behavior = SECURITY_FS_USE_NONE;
···
2802
2697
}
2803
2698
2804
2699
out:
2805
-
read_unlock(&policy_rwlock);
2700
+
read_unlock(&state->ss->policy_rwlock);
2806
2701
return rc;
2807
2702
}
2808
2703
2809
-
int security_get_bools(int *len, char ***names, int **values)
2704
+
int security_get_bools(struct selinux_state *state,
2705
+
int *len, char ***names, int **values)
2810
2706
{
2707
+
struct policydb *policydb;
2811
2708
int i, rc;
2812
2709
2813
-
read_lock(&policy_rwlock);
2710
+
if (!state->initialized) {
2711
+
*len = 0;
2712
+
*names = NULL;
2713
+
*values = NULL;
2714
+
return 0;
2715
+
}
2716
+
2717
+
read_lock(&state->ss->policy_rwlock);
2718
+
2719
+
policydb = &state->ss->policydb;
2720
+
2814
2721
*names = NULL;
2815
2722
*values = NULL;
2816
2723
2817
2724
rc = 0;
2818
-
*len = policydb.p_bools.nprim;
2725
+
*len = policydb->p_bools.nprim;
2819
2726
if (!*len)
2820
2727
goto out;
2821
2728
···
2842
2725
goto err;
2843
2726
2844
2727
for (i = 0; i < *len; i++) {
2845
-
(*values)[i] = policydb.bool_val_to_struct[i]->state;
2728
+
(*values)[i] = policydb->bool_val_to_struct[i]->state;
2846
2729
2847
2730
rc = -ENOMEM;
2848
-
(*names)[i] = kstrdup(sym_name(&policydb, SYM_BOOLS, i), GFP_ATOMIC);
2731
+
(*names)[i] = kstrdup(sym_name(policydb, SYM_BOOLS, i),
2732
+
GFP_ATOMIC);
2849
2733
if (!(*names)[i])
2850
2734
goto err;
2851
2735
}
2852
2736
rc = 0;
2853
2737
out:
2854
-
read_unlock(&policy_rwlock);
2738
+
read_unlock(&state->ss->policy_rwlock);
2855
2739
return rc;
2856
2740
err:
2857
2741
if (*names) {
···
2864
2746
}
2865
2747
2866
2748
2867
-
int security_set_bools(int len, int *values)
2749
+
int security_set_bools(struct selinux_state *state, int len, int *values)
2868
2750
{
2751
+
struct policydb *policydb;
2869
2752
int i, rc;
2870
2753
int lenp, seqno = 0;
2871
2754
struct cond_node *cur;
2872
2755
2873
-
write_lock_irq(&policy_rwlock);
2756
+
write_lock_irq(&state->ss->policy_rwlock);
2757
+
2758
+
policydb = &state->ss->policydb;
2874
2759
2875
2760
rc = -EFAULT;
2876
-
lenp = policydb.p_bools.nprim;
2761
+
lenp = policydb->p_bools.nprim;
2877
2762
if (len != lenp)
2878
2763
goto out;
2879
2764
2880
2765
for (i = 0; i < len; i++) {
2881
-
if (!!values[i] != policydb.bool_val_to_struct[i]->state) {
2766
+
if (!!values[i] != policydb->bool_val_to_struct[i]->state) {
2882
2767
audit_log(current->audit_context, GFP_ATOMIC,
2883
2768
AUDIT_MAC_CONFIG_CHANGE,
2884
2769
"bool=%s val=%d old_val=%d auid=%u ses=%u",
2885
-
sym_name(&policydb, SYM_BOOLS, i),
2770
+
sym_name(policydb, SYM_BOOLS, i),
2886
2771
!!values[i],
2887
-
policydb.bool_val_to_struct[i]->state,
2772
+
policydb->bool_val_to_struct[i]->state,
2888
2773
from_kuid(&init_user_ns, audit_get_loginuid(current)),
2889
2774
audit_get_sessionid(current));
2890
2775
}
2891
2776
if (values[i])
2892
-
policydb.bool_val_to_struct[i]->state = 1;
2777
+
policydb->bool_val_to_struct[i]->state = 1;
2893
2778
else
2894
-
policydb.bool_val_to_struct[i]->state = 0;
2779
+
policydb->bool_val_to_struct[i]->state = 0;
2895
2780
}
2896
2781
2897
-
for (cur = policydb.cond_list; cur; cur = cur->next) {
2898
-
rc = evaluate_cond_node(&policydb, cur);
2782
+
for (cur = policydb->cond_list; cur; cur = cur->next) {
2783
+
rc = evaluate_cond_node(policydb, cur);
2899
2784
if (rc)
2900
2785
goto out;
2901
2786
}
2902
2787
2903
-
seqno = ++latest_granting;
2788
+
seqno = ++state->ss->latest_granting;
2904
2789
rc = 0;
2905
2790
out:
2906
-
write_unlock_irq(&policy_rwlock);
2791
+
write_unlock_irq(&state->ss->policy_rwlock);
2907
2792
if (!rc) {
2908
-
avc_ss_reset(seqno);
2793
+
avc_ss_reset(state->avc, seqno);
2909
2794
selnl_notify_policyload(seqno);
2910
-
selinux_status_update_policyload(seqno);
2795
+
selinux_status_update_policyload(state, seqno);
2911
2796
selinux_xfrm_notify_policyload();
2912
2797
}
2913
2798
return rc;
2914
2799
}
2915
2800
2916
-
int security_get_bool_value(int index)
2801
+
int security_get_bool_value(struct selinux_state *state,
2802
+
int index)
2917
2803
{
2804
+
struct policydb *policydb;
2918
2805
int rc;
2919
2806
int len;
2920
2807
2921
-
read_lock(&policy_rwlock);
2808
+
read_lock(&state->ss->policy_rwlock);
2809
+
2810
+
policydb = &state->ss->policydb;
2922
2811
2923
2812
rc = -EFAULT;
2924
-
len = policydb.p_bools.nprim;
2813
+
len = policydb->p_bools.nprim;
2925
2814
if (index >= len)
2926
2815
goto out;
2927
2816
2928
-
rc = policydb.bool_val_to_struct[index]->state;
2817
+
rc = policydb->bool_val_to_struct[index]->state;
2929
2818
out:
2930
-
read_unlock(&policy_rwlock);
2819
+
read_unlock(&state->ss->policy_rwlock);
2931
2820
return rc;
2932
2821
}
2933
2822
2934
-
static int security_preserve_bools(struct policydb *p)
2823
+
static int security_preserve_bools(struct selinux_state *state,
2824
+
struct policydb *policydb)
2935
2825
{
2936
2826
int rc, nbools = 0, *bvalues = NULL, i;
2937
2827
char **bnames = NULL;
2938
2828
struct cond_bool_datum *booldatum;
2939
2829
struct cond_node *cur;
2940
2830
2941
-
rc = security_get_bools(&nbools, &bnames, &bvalues);
2831
+
rc = security_get_bools(state, &nbools, &bnames, &bvalues);
2942
2832
if (rc)
2943
2833
goto out;
2944
2834
for (i = 0; i < nbools; i++) {
2945
-
booldatum = hashtab_search(p->p_bools.table, bnames[i]);
2835
+
booldatum = hashtab_search(policydb->p_bools.table, bnames[i]);
2946
2836
if (booldatum)
2947
2837
booldatum->state = bvalues[i];
2948
2838
}
2949
-
for (cur = p->cond_list; cur; cur = cur->next) {
2950
-
rc = evaluate_cond_node(p, cur);
2839
+
for (cur = policydb->cond_list; cur; cur = cur->next) {
2840
+
rc = evaluate_cond_node(policydb, cur);
2951
2841
if (rc)
2952
2842
goto out;
2953
2843
}
···
2974
2848
* security_sid_mls_copy() - computes a new sid based on the given
2975
2849
* sid and the mls portion of mls_sid.
2976
2850
*/
2977
-
int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid)
2851
+
int security_sid_mls_copy(struct selinux_state *state,
2852
+
u32 sid, u32 mls_sid, u32 *new_sid)
2978
2853
{
2854
+
struct policydb *policydb = &state->ss->policydb;
2855
+
struct sidtab *sidtab = &state->ss->sidtab;
2979
2856
struct context *context1;
2980
2857
struct context *context2;
2981
2858
struct context newcon;
···
2987
2858
int rc;
2988
2859
2989
2860
rc = 0;
2990
-
if (!ss_initialized || !policydb.mls_enabled) {
2861
+
if (!state->initialized || !policydb->mls_enabled) {
2991
2862
*new_sid = sid;
2992
2863
goto out;
2993
2864
}
2994
2865
2995
2866
context_init(&newcon);
2996
2867
2997
-
read_lock(&policy_rwlock);
2868
+
read_lock(&state->ss->policy_rwlock);
2998
2869
2999
2870
rc = -EINVAL;
3000
-
context1 = sidtab_search(&sidtab, sid);
2871
+
context1 = sidtab_search(sidtab, sid);
3001
2872
if (!context1) {
3002
2873
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
3003
2874
__func__, sid);
···
3005
2876
}
3006
2877
3007
2878
rc = -EINVAL;
3008
-
context2 = sidtab_search(&sidtab, mls_sid);
2879
+
context2 = sidtab_search(sidtab, mls_sid);
3009
2880
if (!context2) {
3010
2881
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
3011
2882
__func__, mls_sid);
···
3020
2891
goto out_unlock;
3021
2892
3022
2893
/* Check the validity of the new context. */
3023
-
if (!policydb_context_isvalid(&policydb, &newcon)) {
3024
-
rc = convert_context_handle_invalid_context(&newcon);
2894
+
if (!policydb_context_isvalid(policydb, &newcon)) {
2895
+
rc = convert_context_handle_invalid_context(state, &newcon);
3025
2896
if (rc) {
3026
-
if (!context_struct_to_string(&newcon, &s, &len)) {
2897
+
if (!context_struct_to_string(policydb, &newcon, &s,
2898
+
&len)) {
3027
2899
audit_log(current->audit_context,
3028
2900
GFP_ATOMIC, AUDIT_SELINUX_ERR,
3029
2901
"op=security_sid_mls_copy "
···
3035
2905
}
3036
2906
}
3037
2907
3038
-
rc = sidtab_context_to_sid(&sidtab, &newcon, new_sid);
2908
+
rc = sidtab_context_to_sid(sidtab, &newcon, new_sid);
3039
2909
out_unlock:
3040
-
read_unlock(&policy_rwlock);
2910
+
read_unlock(&state->ss->policy_rwlock);
3041
2911
context_destroy(&newcon);
3042
2912
out:
3043
2913
return rc;
···
3063
2933
* multiple, inconsistent labels | -<errno> | SECSID_NULL
3064
2934
*
3065
2935
*/
3066
-
int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type,
2936
+
int security_net_peersid_resolve(struct selinux_state *state,
2937
+
u32 nlbl_sid, u32 nlbl_type,
3067
2938
u32 xfrm_sid,
3068
2939
u32 *peer_sid)
3069
2940
{
2941
+
struct policydb *policydb = &state->ss->policydb;
2942
+
struct sidtab *sidtab = &state->ss->sidtab;
3070
2943
int rc;
3071
2944
struct context *nlbl_ctx;
3072
2945
struct context *xfrm_ctx;
···
3091
2958
return 0;
3092
2959
}
3093
2960
3094
-
/* we don't need to check ss_initialized here since the only way both
2961
+
/*
2962
+
* We don't need to check initialized here since the only way both
3095
2963
* nlbl_sid and xfrm_sid are not equal to SECSID_NULL would be if the
3096
-
* security server was initialized and ss_initialized was true */
3097
-
if (!policydb.mls_enabled)
2964
+
* security server was initialized and state->initialized was true.
2965
+
*/
2966
+
if (!policydb->mls_enabled)
3098
2967
return 0;
3099
2968
3100
-
read_lock(&policy_rwlock);
2969
+
read_lock(&state->ss->policy_rwlock);
3101
2970
3102
2971
rc = -EINVAL;
3103
-
nlbl_ctx = sidtab_search(&sidtab, nlbl_sid);
2972
+
nlbl_ctx = sidtab_search(sidtab, nlbl_sid);
3104
2973
if (!nlbl_ctx) {
3105
2974
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
3106
2975
__func__, nlbl_sid);
3107
2976
goto out;
3108
2977
}
3109
2978
rc = -EINVAL;
3110
-
xfrm_ctx = sidtab_search(&sidtab, xfrm_sid);
2979
+
xfrm_ctx = sidtab_search(sidtab, xfrm_sid);
3111
2980
if (!xfrm_ctx) {
3112
2981
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
3113
2982
__func__, xfrm_sid);
···
3126
2991
* expressive */
3127
2992
*peer_sid = xfrm_sid;
3128
2993
out:
3129
-
read_unlock(&policy_rwlock);
2994
+
read_unlock(&state->ss->policy_rwlock);
3130
2995
return rc;
3131
2996
}
3132
2997
···
3143
3008
return 0;
3144
3009
}
3145
3010
3146
-
int security_get_classes(char ***classes, int *nclasses)
3011
+
int security_get_classes(struct selinux_state *state,
3012
+
char ***classes, int *nclasses)
3147
3013
{
3014
+
struct policydb *policydb = &state->ss->policydb;
3148
3015
int rc;
3149
3016
3150
-
read_lock(&policy_rwlock);
3017
+
if (!state->initialized) {
3018
+
*nclasses = 0;
3019
+
*classes = NULL;
3020
+
return 0;
3021
+
}
3022
+
3023
+
read_lock(&state->ss->policy_rwlock);
3151
3024
3152
3025
rc = -ENOMEM;
3153
-
*nclasses = policydb.p_classes.nprim;
3026
+
*nclasses = policydb->p_classes.nprim;
3154
3027
*classes = kcalloc(*nclasses, sizeof(**classes), GFP_ATOMIC);
3155
3028
if (!*classes)
3156
3029
goto out;
3157
3030
3158
-
rc = hashtab_map(policydb.p_classes.table, get_classes_callback,
3031
+
rc = hashtab_map(policydb->p_classes.table, get_classes_callback,
3159
3032
*classes);
3160
3033
if (rc) {
3161
3034
int i;
···
3173
3030
}
3174
3031
3175
3032
out:
3176
-
read_unlock(&policy_rwlock);
3033
+
read_unlock(&state->ss->policy_rwlock);
3177
3034
return rc;
3178
3035
}
3179
3036
···
3190
3047
return 0;
3191
3048
}
3192
3049
3193
-
int security_get_permissions(char *class, char ***perms, int *nperms)
3050
+
int security_get_permissions(struct selinux_state *state,
3051
+
char *class, char ***perms, int *nperms)
3194
3052
{
3053
+
struct policydb *policydb = &state->ss->policydb;
3195
3054
int rc, i;
3196
3055
struct class_datum *match;
3197
3056
3198
-
read_lock(&policy_rwlock);
3057
+
read_lock(&state->ss->policy_rwlock);
3199
3058
3200
3059
rc = -EINVAL;
3201
-
match = hashtab_search(policydb.p_classes.table, class);
3060
+
match = hashtab_search(policydb->p_classes.table, class);
3202
3061
if (!match) {
3203
3062
printk(KERN_ERR "SELinux: %s: unrecognized class %s\n",
3204
3063
__func__, class);
···
3226
3081
goto err;
3227
3082
3228
3083
out:
3229
-
read_unlock(&policy_rwlock);
3084
+
read_unlock(&state->ss->policy_rwlock);
3230
3085
return rc;
3231
3086
3232
3087
err:
3233
-
read_unlock(&policy_rwlock);
3088
+
read_unlock(&state->ss->policy_rwlock);
3234
3089
for (i = 0; i < *nperms; i++)
3235
3090
kfree((*perms)[i]);
3236
3091
kfree(*perms);
3237
3092
return rc;
3238
3093
}
3239
3094
3240
-
int security_get_reject_unknown(void)
3095
+
int security_get_reject_unknown(struct selinux_state *state)
3241
3096
{
3242
-
return policydb.reject_unknown;
3097
+
return state->ss->policydb.reject_unknown;
3243
3098
}
3244
3099
3245
-
int security_get_allow_unknown(void)
3100
+
int security_get_allow_unknown(struct selinux_state *state)
3246
3101
{
3247
-
return policydb.allow_unknown;
3102
+
return state->ss->policydb.allow_unknown;
3248
3103
}
3249
3104
3250
3105
/**
···
3257
3112
* supported, false (0) if it isn't supported.
3258
3113
*
3259
3114
*/
3260
-
int security_policycap_supported(unsigned int req_cap)
3115
+
int security_policycap_supported(struct selinux_state *state,
3116
+
unsigned int req_cap)
3261
3117
{
3118
+
struct policydb *policydb = &state->ss->policydb;
3262
3119
int rc;
3263
3120
3264
-
read_lock(&policy_rwlock);
3265
-
rc = ebitmap_get_bit(&policydb.policycaps, req_cap);
3266
-
read_unlock(&policy_rwlock);
3121
+
read_lock(&state->ss->policy_rwlock);
3122
+
rc = ebitmap_get_bit(&policydb->policycaps, req_cap);
3123
+
read_unlock(&state->ss->policy_rwlock);
3267
3124
3268
3125
return rc;
3269
3126
}
···
3287
3140
3288
3141
int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
3289
3142
{
3143
+
struct selinux_state *state = &selinux_state;
3144
+
struct policydb *policydb = &state->ss->policydb;
3290
3145
struct selinux_audit_rule *tmprule;
3291
3146
struct role_datum *roledatum;
3292
3147
struct type_datum *typedatum;
···
3298
3149
3299
3150
*rule = NULL;
3300
3151
3301
-
if (!ss_initialized)
3152
+
if (!state->initialized)
3302
3153
return -EOPNOTSUPP;
3303
3154
3304
3155
switch (field) {
···
3331
3182
3332
3183
context_init(&tmprule->au_ctxt);
3333
3184
3334
-
read_lock(&policy_rwlock);
3185
+
read_lock(&state->ss->policy_rwlock);
3335
3186
3336
-
tmprule->au_seqno = latest_granting;
3187
+
tmprule->au_seqno = state->ss->latest_granting;
3337
3188
3338
3189
switch (field) {
3339
3190
case AUDIT_SUBJ_USER:
3340
3191
case AUDIT_OBJ_USER:
3341
3192
rc = -EINVAL;
3342
-
userdatum = hashtab_search(policydb.p_users.table, rulestr);
3193
+
userdatum = hashtab_search(policydb->p_users.table, rulestr);
3343
3194
if (!userdatum)
3344
3195
goto out;
3345
3196
tmprule->au_ctxt.user = userdatum->value;
···
3347
3198
case AUDIT_SUBJ_ROLE:
3348
3199
case AUDIT_OBJ_ROLE:
3349
3200
rc = -EINVAL;
3350
-
roledatum = hashtab_search(policydb.p_roles.table, rulestr);
3201
+
roledatum = hashtab_search(policydb->p_roles.table, rulestr);
3351
3202
if (!roledatum)
3352
3203
goto out;
3353
3204
tmprule->au_ctxt.role = roledatum->value;
···
3355
3206
case AUDIT_SUBJ_TYPE:
3356
3207
case AUDIT_OBJ_TYPE:
3357
3208
rc = -EINVAL;
3358
-
typedatum = hashtab_search(policydb.p_types.table, rulestr);
3209
+
typedatum = hashtab_search(policydb->p_types.table, rulestr);
3359
3210
if (!typedatum)
3360
3211
goto out;
3361
3212
tmprule->au_ctxt.type = typedatum->value;
···
3364
3215
case AUDIT_SUBJ_CLR:
3365
3216
case AUDIT_OBJ_LEV_LOW:
3366
3217
case AUDIT_OBJ_LEV_HIGH:
3367
-
rc = mls_from_string(rulestr, &tmprule->au_ctxt, GFP_ATOMIC);
3218
+
rc = mls_from_string(policydb, rulestr, &tmprule->au_ctxt,
3219
+
GFP_ATOMIC);
3368
3220
if (rc)
3369
3221
goto out;
3370
3222
break;
3371
3223
}
3372
3224
rc = 0;
3373
3225
out:
3374
-
read_unlock(&policy_rwlock);
3226
+
read_unlock(&state->ss->policy_rwlock);
3375
3227
3376
3228
if (rc) {
3377
3229
selinux_audit_rule_free(tmprule);
···
3412
3262
int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
3413
3263
struct audit_context *actx)
3414
3264
{
3265
+
struct selinux_state *state = &selinux_state;
3415
3266
struct context *ctxt;
3416
3267
struct mls_level *level;
3417
3268
struct selinux_audit_rule *rule = vrule;
···
3423
3272
return -ENOENT;
3424
3273
}
3425
3274
3426
-
read_lock(&policy_rwlock);
3275
+
read_lock(&state->ss->policy_rwlock);
3427
3276
3428
-
if (rule->au_seqno < latest_granting) {
3277
+
if (rule->au_seqno < state->ss->latest_granting) {
3429
3278
match = -ESTALE;
3430
3279
goto out;
3431
3280
}
3432
3281
3433
-
ctxt = sidtab_search(&sidtab, sid);
3282
+
ctxt = sidtab_search(&state->ss->sidtab, sid);
3434
3283
if (unlikely(!ctxt)) {
3435
3284
WARN_ONCE(1, "selinux_audit_rule_match: unrecognized SID %d\n",
3436
3285
sid);
···
3514
3363
}
3515
3364
3516
3365
out:
3517
-
read_unlock(&policy_rwlock);
3366
+
read_unlock(&state->ss->policy_rwlock);
3518
3367
return match;
3519
3368
}
3520
3369
···
3588
3437
* failure.
3589
3438
*
3590
3439
*/
3591
-
int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr,
3440
+
int security_netlbl_secattr_to_sid(struct selinux_state *state,
3441
+
struct netlbl_lsm_secattr *secattr,
3592
3442
u32 *sid)
3593
3443
{
3444
+
struct policydb *policydb = &state->ss->policydb;
3445
+
struct sidtab *sidtab = &state->ss->sidtab;
3594
3446
int rc;
3595
3447
struct context *ctx;
3596
3448
struct context ctx_new;
3597
3449
3598
-
if (!ss_initialized) {
3450
+
if (!state->initialized) {
3599
3451
*sid = SECSID_NULL;
3600
3452
return 0;
3601
3453
}
3602
3454
3603
-
read_lock(&policy_rwlock);
3455
+
read_lock(&state->ss->policy_rwlock);
3604
3456
3605
3457
if (secattr->flags & NETLBL_SECATTR_CACHE)
3606
3458
*sid = *(u32 *)secattr->cache->data;
···
3611
3457
*sid = secattr->attr.secid;
3612
3458
else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) {
3613
3459
rc = -EIDRM;
3614
-
ctx = sidtab_search(&sidtab, SECINITSID_NETMSG);
3460
+
ctx = sidtab_search(sidtab, SECINITSID_NETMSG);
3615
3461
if (ctx == NULL)
3616
3462
goto out;
3617
3463
···
3619
3465
ctx_new.user = ctx->user;
3620
3466
ctx_new.role = ctx->role;
3621
3467
ctx_new.type = ctx->type;
3622
-
mls_import_netlbl_lvl(&ctx_new, secattr);
3468
+
mls_import_netlbl_lvl(policydb, &ctx_new, secattr);
3623
3469
if (secattr->flags & NETLBL_SECATTR_MLS_CAT) {
3624
-
rc = mls_import_netlbl_cat(&ctx_new, secattr);
3470
+
rc = mls_import_netlbl_cat(policydb, &ctx_new, secattr);
3625
3471
if (rc)
3626
3472
goto out;
3627
3473
}
3628
3474
rc = -EIDRM;
3629
-
if (!mls_context_isvalid(&policydb, &ctx_new))
3475
+
if (!mls_context_isvalid(policydb, &ctx_new))
3630
3476
goto out_free;
3631
3477
3632
-
rc = sidtab_context_to_sid(&sidtab, &ctx_new, sid);
3478
+
rc = sidtab_context_to_sid(sidtab, &ctx_new, sid);
3633
3479
if (rc)
3634
3480
goto out_free;
3635
3481
···
3639
3485
} else
3640
3486
*sid = SECSID_NULL;
3641
3487
3642
-
read_unlock(&policy_rwlock);
3488
+
read_unlock(&state->ss->policy_rwlock);
3643
3489
return 0;
3644
3490
out_free:
3645
3491
ebitmap_destroy(&ctx_new.range.level[0].cat);
3646
3492
out:
3647
-
read_unlock(&policy_rwlock);
3493
+
read_unlock(&state->ss->policy_rwlock);
3648
3494
return rc;
3649
3495
}
3650
3496
···
3658
3504
* Returns zero on success, negative values on failure.
3659
3505
*
3660
3506
*/
3661
-
int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr)
3507
+
int security_netlbl_sid_to_secattr(struct selinux_state *state,
3508
+
u32 sid, struct netlbl_lsm_secattr *secattr)
3662
3509
{
3510
+
struct policydb *policydb = &state->ss->policydb;
3663
3511
int rc;
3664
3512
struct context *ctx;
3665
3513
3666
-
if (!ss_initialized)
3514
+
if (!state->initialized)
3667
3515
return 0;
3668
3516
3669
-
read_lock(&policy_rwlock);
3517
+
read_lock(&state->ss->policy_rwlock);
3670
3518
3671
3519
rc = -ENOENT;
3672
-
ctx = sidtab_search(&sidtab, sid);
3520
+
ctx = sidtab_search(&state->ss->sidtab, sid);
3673
3521
if (ctx == NULL)
3674
3522
goto out;
3675
3523
3676
3524
rc = -ENOMEM;
3677
-
secattr->domain = kstrdup(sym_name(&policydb, SYM_TYPES, ctx->type - 1),
3525
+
secattr->domain = kstrdup(sym_name(policydb, SYM_TYPES, ctx->type - 1),
3678
3526
GFP_ATOMIC);
3679
3527
if (secattr->domain == NULL)
3680
3528
goto out;
3681
3529
3682
3530
secattr->attr.secid = sid;
3683
3531
secattr->flags |= NETLBL_SECATTR_DOMAIN_CPY | NETLBL_SECATTR_SECID;
3684
-
mls_export_netlbl_lvl(ctx, secattr);
3685
-
rc = mls_export_netlbl_cat(ctx, secattr);
3532
+
mls_export_netlbl_lvl(policydb, ctx, secattr);
3533
+
rc = mls_export_netlbl_cat(policydb, ctx, secattr);
3686
3534
out:
3687
-
read_unlock(&policy_rwlock);
3535
+
read_unlock(&state->ss->policy_rwlock);
3688
3536
return rc;
3689
3537
}
3690
3538
#endif /* CONFIG_NETLABEL */
···
3697
3541
* @len: length of data in bytes
3698
3542
*
3699
3543
*/
3700
-
int security_read_policy(void **data, size_t *len)
3544
+
int security_read_policy(struct selinux_state *state,
3545
+
void **data, size_t *len)
3701
3546
{
3547
+
struct policydb *policydb = &state->ss->policydb;
3702
3548
int rc;
3703
3549
struct policy_file fp;
3704
3550
3705
-
if (!ss_initialized)
3551
+
if (!state->initialized)
3706
3552
return -EINVAL;
3707
3553
3708
-
*len = security_policydb_len();
3554
+
*len = security_policydb_len(state);
3709
3555
3710
3556
*data = vmalloc_user(*len);
3711
3557
if (!*data)
···
3716
3558
fp.data = *data;
3717
3559
fp.len = *len;
3718
3560
3719
-
read_lock(&policy_rwlock);
3720
-
rc = policydb_write(&policydb, &fp);
3721
-
read_unlock(&policy_rwlock);
3561
+
read_lock(&state->ss->policy_rwlock);
3562
+
rc = policydb_write(policydb, &fp);
3563
+
read_unlock(&state->ss->policy_rwlock);
3722
3564
3723
3565
if (rc)
3724
3566
return rc;
+22
-2
security/selinux/ss/services.h
+22
-2
security/selinux/ss/services.h
···
10
10
#include "policydb.h"
11
11
#include "sidtab.h"
12
12
13
-
extern struct policydb policydb;
13
+
/* Mapping for a single class */
14
+
struct selinux_mapping {
15
+
u16 value; /* policy value for class */
16
+
unsigned int num_perms; /* number of permissions in class */
17
+
u32 perms[sizeof(u32) * 8]; /* policy values for permissions */
18
+
};
19
+
20
+
/* Map for all of the classes, with array size */
21
+
struct selinux_map {
22
+
struct selinux_mapping *mapping; /* indexed by class */
23
+
u16 size; /* array size of mapping */
24
+
};
25
+
26
+
struct selinux_ss {
27
+
struct sidtab sidtab;
28
+
struct policydb policydb;
29
+
rwlock_t policy_rwlock;
30
+
u32 latest_granting;
31
+
struct selinux_map map;
32
+
struct page *status_page;
33
+
struct mutex status_lock;
34
+
};
14
35
15
36
void services_compute_xperms_drivers(struct extended_perms *xperms,
16
37
struct avtab_node *node);
···
40
19
struct avtab_node *node);
41
20
42
21
#endif /* _SS_SERVICES_H_ */
43
-
+24
-23
security/selinux/ss/status.c
+24
-23
security/selinux/ss/status.c
···
35
35
* In most cases, application shall confirm the kernel status is not
36
36
* changed without any system call invocations.
37
37
*/
38
-
static struct page *selinux_status_page;
39
-
static DEFINE_MUTEX(selinux_status_lock);
40
38
41
39
/*
42
40
* selinux_kernel_status_page
···
42
44
* It returns a reference to selinux_status_page. If the status page is
43
45
* not allocated yet, it also tries to allocate it at the first time.
44
46
*/
45
-
struct page *selinux_kernel_status_page(void)
47
+
struct page *selinux_kernel_status_page(struct selinux_state *state)
46
48
{
47
49
struct selinux_kernel_status *status;
48
50
struct page *result = NULL;
49
51
50
-
mutex_lock(&selinux_status_lock);
51
-
if (!selinux_status_page) {
52
-
selinux_status_page = alloc_page(GFP_KERNEL|__GFP_ZERO);
52
+
mutex_lock(&state->ss->status_lock);
53
+
if (!state->ss->status_page) {
54
+
state->ss->status_page = alloc_page(GFP_KERNEL|__GFP_ZERO);
53
55
54
-
if (selinux_status_page) {
55
-
status = page_address(selinux_status_page);
56
+
if (state->ss->status_page) {
57
+
status = page_address(state->ss->status_page);
56
58
57
59
status->version = SELINUX_KERNEL_STATUS_VERSION;
58
60
status->sequence = 0;
59
-
status->enforcing = selinux_enforcing;
61
+
status->enforcing = enforcing_enabled(state);
60
62
/*
61
63
* NOTE: the next policyload event shall set
62
64
* a positive value on the status->policyload,
···
64
66
* So, application can know it was updated.
65
67
*/
66
68
status->policyload = 0;
67
-
status->deny_unknown = !security_get_allow_unknown();
69
+
status->deny_unknown =
70
+
!security_get_allow_unknown(state);
68
71
}
69
72
}
70
-
result = selinux_status_page;
71
-
mutex_unlock(&selinux_status_lock);
73
+
result = state->ss->status_page;
74
+
mutex_unlock(&state->ss->status_lock);
72
75
73
76
return result;
74
77
}
···
79
80
*
80
81
* It updates status of the current enforcing/permissive mode.
81
82
*/
82
-
void selinux_status_update_setenforce(int enforcing)
83
+
void selinux_status_update_setenforce(struct selinux_state *state,
84
+
int enforcing)
83
85
{
84
86
struct selinux_kernel_status *status;
85
87
86
-
mutex_lock(&selinux_status_lock);
87
-
if (selinux_status_page) {
88
-
status = page_address(selinux_status_page);
88
+
mutex_lock(&state->ss->status_lock);
89
+
if (state->ss->status_page) {
90
+
status = page_address(state->ss->status_page);
89
91
90
92
status->sequence++;
91
93
smp_wmb();
···
96
96
smp_wmb();
97
97
status->sequence++;
98
98
}
99
-
mutex_unlock(&selinux_status_lock);
99
+
mutex_unlock(&state->ss->status_lock);
100
100
}
101
101
102
102
/*
···
105
105
* It updates status of the times of policy reloaded, and current
106
106
* setting of deny_unknown.
107
107
*/
108
-
void selinux_status_update_policyload(int seqno)
108
+
void selinux_status_update_policyload(struct selinux_state *state,
109
+
int seqno)
109
110
{
110
111
struct selinux_kernel_status *status;
111
112
112
-
mutex_lock(&selinux_status_lock);
113
-
if (selinux_status_page) {
114
-
status = page_address(selinux_status_page);
113
+
mutex_lock(&state->ss->status_lock);
114
+
if (state->ss->status_page) {
115
+
status = page_address(state->ss->status_page);
115
116
116
117
status->sequence++;
117
118
smp_wmb();
118
119
119
120
status->policyload = seqno;
120
-
status->deny_unknown = !security_get_allow_unknown();
121
+
status->deny_unknown = !security_get_allow_unknown(state);
121
122
122
123
smp_wmb();
123
124
status->sequence++;
124
125
}
125
-
mutex_unlock(&selinux_status_lock);
126
+
mutex_unlock(&state->ss->status_lock);
126
127
}
+15
-8
security/selinux/xfrm.c
+15
-8
security/selinux/xfrm.c
···
101
101
ctx->ctx_len = str_len;
102
102
memcpy(ctx->ctx_str, &uctx[1], str_len);
103
103
ctx->ctx_str[str_len] = '\0';
104
-
rc = security_context_to_sid(ctx->ctx_str, str_len, &ctx->ctx_sid, gfp);
104
+
rc = security_context_to_sid(&selinux_state, ctx->ctx_str, str_len,
105
+
&ctx->ctx_sid, gfp);
105
106
if (rc)
106
107
goto err;
107
108
108
-
rc = avc_has_perm(tsec->sid, ctx->ctx_sid,
109
+
rc = avc_has_perm(&selinux_state,
110
+
tsec->sid, ctx->ctx_sid,
109
111
SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, NULL);
110
112
if (rc)
111
113
goto err;
···
143
141
if (!ctx)
144
142
return 0;
145
143
146
-
return avc_has_perm(tsec->sid, ctx->ctx_sid,
144
+
return avc_has_perm(&selinux_state,
145
+
tsec->sid, ctx->ctx_sid,
147
146
SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT,
148
147
NULL);
149
148
}
···
166
163
if (!selinux_authorizable_ctx(ctx))
167
164
return -EINVAL;
168
165
169
-
rc = avc_has_perm(fl_secid, ctx->ctx_sid,
166
+
rc = avc_has_perm(&selinux_state,
167
+
fl_secid, ctx->ctx_sid,
170
168
SECCLASS_ASSOCIATION, ASSOCIATION__POLMATCH, NULL);
171
169
return (rc == -EACCES ? -ESRCH : rc);
172
170
}
···
206
202
/* We don't need a separate SA Vs. policy polmatch check since the SA
207
203
* is now of the same label as the flow and a flow Vs. policy polmatch
208
204
* check had already happened in selinux_xfrm_policy_lookup() above. */
209
-
return (avc_has_perm(fl->flowi_secid, state_sid,
205
+
return (avc_has_perm(&selinux_state,
206
+
fl->flowi_secid, state_sid,
210
207
SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO,
211
208
NULL) ? 0 : 1);
212
209
}
···
357
352
if (secid == 0)
358
353
return -EINVAL;
359
354
360
-
rc = security_sid_to_context(secid, &ctx_str, &str_len);
355
+
rc = security_sid_to_context(&selinux_state, secid, &ctx_str,
356
+
&str_len);
361
357
if (rc)
362
358
return rc;
363
359
···
426
420
/* This check even when there's no association involved is intended,
427
421
* according to Trent Jaeger, to make sure a process can't engage in
428
422
* non-IPsec communication unless explicitly allowed by policy. */
429
-
return avc_has_perm(sk_sid, peer_sid,
423
+
return avc_has_perm(&selinux_state,
424
+
sk_sid, peer_sid,
430
425
SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, ad);
431
426
}
432
427
···
470
463
/* This check even when there's no association involved is intended,
471
464
* according to Trent Jaeger, to make sure a process can't engage in
472
465
* non-IPsec communication unless explicitly allowed by policy. */
473
-
return avc_has_perm(sk_sid, SECINITSID_UNLABELED,
466
+
return avc_has_perm(&selinux_state, sk_sid, SECINITSID_UNLABELED,
474
467
SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, ad);
475
468
}