aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/hooks.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r--security/selinux/hooks.c422
1 files changed, 142 insertions, 280 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 4ba83de5fa80..c5363f0c67ef 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -81,7 +81,6 @@
81#include <linux/personality.h> 81#include <linux/personality.h>
82#include <linux/audit.h> 82#include <linux/audit.h>
83#include <linux/string.h> 83#include <linux/string.h>
84#include <linux/selinux.h>
85#include <linux/mutex.h> 84#include <linux/mutex.h>
86#include <linux/posix-timers.h> 85#include <linux/posix-timers.h>
87#include <linux/syslog.h> 86#include <linux/syslog.h>
@@ -123,9 +122,8 @@ __setup("enforcing=", enforcing_setup);
123#define selinux_enforcing_boot 1 122#define selinux_enforcing_boot 1
124#endif 123#endif
125 124
125int selinux_enabled __lsm_ro_after_init = 1;
126#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM 126#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
127int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
128
129static int __init selinux_enabled_setup(char *str) 127static int __init selinux_enabled_setup(char *str)
130{ 128{
131 unsigned long enabled; 129 unsigned long enabled;
@@ -134,8 +132,6 @@ static int __init selinux_enabled_setup(char *str)
134 return 1; 132 return 1;
135} 133}
136__setup("selinux=", selinux_enabled_setup); 134__setup("selinux=", selinux_enabled_setup);
137#else
138int selinux_enabled = 1;
139#endif 135#endif
140 136
141static unsigned int selinux_checkreqprot_boot = 137static unsigned int selinux_checkreqprot_boot =
@@ -151,9 +147,6 @@ static int __init checkreqprot_setup(char *str)
151} 147}
152__setup("checkreqprot=", checkreqprot_setup); 148__setup("checkreqprot=", checkreqprot_setup);
153 149
154static struct kmem_cache *sel_inode_cache;
155static struct kmem_cache *file_security_cache;
156
157/** 150/**
158 * selinux_secmark_enabled - Check to see if SECMARK is currently enabled 151 * selinux_secmark_enabled - Check to see if SECMARK is currently enabled
159 * 152 *
@@ -216,12 +209,8 @@ static void cred_init_security(void)
216 struct cred *cred = (struct cred *) current->real_cred; 209 struct cred *cred = (struct cred *) current->real_cred;
217 struct task_security_struct *tsec; 210 struct task_security_struct *tsec;
218 211
219 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL); 212 tsec = selinux_cred(cred);
220 if (!tsec)
221 panic("SELinux: Failed to initialize initial task.\n");
222
223 tsec->osid = tsec->sid = SECINITSID_KERNEL; 213 tsec->osid = tsec->sid = SECINITSID_KERNEL;
224 cred->security = tsec;
225} 214}
226 215
227/* 216/*
@@ -231,7 +220,7 @@ static inline u32 cred_sid(const struct cred *cred)
231{ 220{
232 const struct task_security_struct *tsec; 221 const struct task_security_struct *tsec;
233 222
234 tsec = cred->security; 223 tsec = selinux_cred(cred);
235 return tsec->sid; 224 return tsec->sid;
236} 225}
237 226
@@ -252,13 +241,9 @@ static inline u32 task_sid(const struct task_struct *task)
252 241
253static int inode_alloc_security(struct inode *inode) 242static int inode_alloc_security(struct inode *inode)
254{ 243{
255 struct inode_security_struct *isec; 244 struct inode_security_struct *isec = selinux_inode(inode);
256 u32 sid = current_sid(); 245 u32 sid = current_sid();
257 246
258 isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
259 if (!isec)
260 return -ENOMEM;
261
262 spin_lock_init(&isec->lock); 247 spin_lock_init(&isec->lock);
263 INIT_LIST_HEAD(&isec->list); 248 INIT_LIST_HEAD(&isec->list);
264 isec->inode = inode; 249 isec->inode = inode;
@@ -266,7 +251,6 @@ static int inode_alloc_security(struct inode *inode)
266 isec->sclass = SECCLASS_FILE; 251 isec->sclass = SECCLASS_FILE;
267 isec->task_sid = sid; 252 isec->task_sid = sid;
268 isec->initialized = LABEL_INVALID; 253 isec->initialized = LABEL_INVALID;
269 inode->i_security = isec;
270 254
271 return 0; 255 return 0;
272} 256}
@@ -283,7 +267,7 @@ static int __inode_security_revalidate(struct inode *inode,
283 struct dentry *dentry, 267 struct dentry *dentry,
284 bool may_sleep) 268 bool may_sleep)
285{ 269{
286 struct inode_security_struct *isec = inode->i_security; 270 struct inode_security_struct *isec = selinux_inode(inode);
287 271
288 might_sleep_if(may_sleep); 272 might_sleep_if(may_sleep);
289 273
@@ -304,7 +288,7 @@ static int __inode_security_revalidate(struct inode *inode,
304 288
305static struct inode_security_struct *inode_security_novalidate(struct inode *inode) 289static struct inode_security_struct *inode_security_novalidate(struct inode *inode)
306{ 290{
307 return inode->i_security; 291 return selinux_inode(inode);
308} 292}
309 293
310static struct inode_security_struct *inode_security_rcu(struct inode *inode, bool rcu) 294static struct inode_security_struct *inode_security_rcu(struct inode *inode, bool rcu)
@@ -314,7 +298,7 @@ static struct inode_security_struct *inode_security_rcu(struct inode *inode, boo
314 error = __inode_security_revalidate(inode, NULL, !rcu); 298 error = __inode_security_revalidate(inode, NULL, !rcu);
315 if (error) 299 if (error)
316 return ERR_PTR(error); 300 return ERR_PTR(error);
317 return inode->i_security; 301 return selinux_inode(inode);
318} 302}
319 303
320/* 304/*
@@ -323,14 +307,14 @@ static struct inode_security_struct *inode_security_rcu(struct inode *inode, boo
323static struct inode_security_struct *inode_security(struct inode *inode) 307static struct inode_security_struct *inode_security(struct inode *inode)
324{ 308{
325 __inode_security_revalidate(inode, NULL, true); 309 __inode_security_revalidate(inode, NULL, true);
326 return inode->i_security; 310 return selinux_inode(inode);
327} 311}
328 312
329static struct inode_security_struct *backing_inode_security_novalidate(struct dentry *dentry) 313static struct inode_security_struct *backing_inode_security_novalidate(struct dentry *dentry)
330{ 314{
331 struct inode *inode = d_backing_inode(dentry); 315 struct inode *inode = d_backing_inode(dentry);
332 316
333 return inode->i_security; 317 return selinux_inode(inode);
334} 318}
335 319
336/* 320/*
@@ -341,22 +325,17 @@ static struct inode_security_struct *backing_inode_security(struct dentry *dentr
341 struct inode *inode = d_backing_inode(dentry); 325 struct inode *inode = d_backing_inode(dentry);
342 326
343 __inode_security_revalidate(inode, dentry, true); 327 __inode_security_revalidate(inode, dentry, true);
344 return inode->i_security; 328 return selinux_inode(inode);
345}
346
347static void inode_free_rcu(struct rcu_head *head)
348{
349 struct inode_security_struct *isec;
350
351 isec = container_of(head, struct inode_security_struct, rcu);
352 kmem_cache_free(sel_inode_cache, isec);
353} 329}
354 330
355static void inode_free_security(struct inode *inode) 331static void inode_free_security(struct inode *inode)
356{ 332{
357 struct inode_security_struct *isec = inode->i_security; 333 struct inode_security_struct *isec = selinux_inode(inode);
358 struct superblock_security_struct *sbsec = inode->i_sb->s_security; 334 struct superblock_security_struct *sbsec;
359 335
336 if (!isec)
337 return;
338 sbsec = inode->i_sb->s_security;
360 /* 339 /*
361 * As not all inode security structures are in a list, we check for 340 * As not all inode security structures are in a list, we check for
362 * empty list outside of the lock to make sure that we won't waste 341 * empty list outside of the lock to make sure that we won't waste
@@ -372,42 +351,19 @@ static void inode_free_security(struct inode *inode)
372 list_del_init(&isec->list); 351 list_del_init(&isec->list);
373 spin_unlock(&sbsec->isec_lock); 352 spin_unlock(&sbsec->isec_lock);
374 } 353 }
375
376 /*
377 * The inode may still be referenced in a path walk and
378 * a call to selinux_inode_permission() can be made
379 * after inode_free_security() is called. Ideally, the VFS
380 * wouldn't do this, but fixing that is a much harder
381 * job. For now, simply free the i_security via RCU, and
382 * leave the current inode->i_security pointer intact.
383 * The inode will be freed after the RCU grace period too.
384 */
385 call_rcu(&isec->rcu, inode_free_rcu);
386} 354}
387 355
388static int file_alloc_security(struct file *file) 356static int file_alloc_security(struct file *file)
389{ 357{
390 struct file_security_struct *fsec; 358 struct file_security_struct *fsec = selinux_file(file);
391 u32 sid = current_sid(); 359 u32 sid = current_sid();
392 360
393 fsec = kmem_cache_zalloc(file_security_cache, GFP_KERNEL);
394 if (!fsec)
395 return -ENOMEM;
396
397 fsec->sid = sid; 361 fsec->sid = sid;
398 fsec->fown_sid = sid; 362 fsec->fown_sid = sid;
399 file->f_security = fsec;
400 363
401 return 0; 364 return 0;
402} 365}
403 366
404static void file_free_security(struct file *file)
405{
406 struct file_security_struct *fsec = file->f_security;
407 file->f_security = NULL;
408 kmem_cache_free(file_security_cache, fsec);
409}
410
411static int superblock_alloc_security(struct super_block *sb) 367static int superblock_alloc_security(struct super_block *sb)
412{ 368{
413 struct superblock_security_struct *sbsec; 369 struct superblock_security_struct *sbsec;
@@ -503,7 +459,7 @@ static int may_context_mount_sb_relabel(u32 sid,
503 struct superblock_security_struct *sbsec, 459 struct superblock_security_struct *sbsec,
504 const struct cred *cred) 460 const struct cred *cred)
505{ 461{
506 const struct task_security_struct *tsec = cred->security; 462 const struct task_security_struct *tsec = selinux_cred(cred);
507 int rc; 463 int rc;
508 464
509 rc = avc_has_perm(&selinux_state, 465 rc = avc_has_perm(&selinux_state,
@@ -522,7 +478,7 @@ static int may_context_mount_inode_relabel(u32 sid,
522 struct superblock_security_struct *sbsec, 478 struct superblock_security_struct *sbsec,
523 const struct cred *cred) 479 const struct cred *cred)
524{ 480{
525 const struct task_security_struct *tsec = cred->security; 481 const struct task_security_struct *tsec = selinux_cred(cred);
526 int rc; 482 int rc;
527 rc = avc_has_perm(&selinux_state, 483 rc = avc_has_perm(&selinux_state,
528 tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, 484 tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
@@ -536,16 +492,10 @@ static int may_context_mount_inode_relabel(u32 sid,
536 return rc; 492 return rc;
537} 493}
538 494
539static int selinux_is_sblabel_mnt(struct super_block *sb) 495static int selinux_is_genfs_special_handling(struct super_block *sb)
540{ 496{
541 struct superblock_security_struct *sbsec = sb->s_security; 497 /* Special handling. Genfs but also in-core setxattr handler */
542 498 return !strcmp(sb->s_type->name, "sysfs") ||
543 return sbsec->behavior == SECURITY_FS_USE_XATTR ||
544 sbsec->behavior == SECURITY_FS_USE_TRANS ||
545 sbsec->behavior == SECURITY_FS_USE_TASK ||
546 sbsec->behavior == SECURITY_FS_USE_NATIVE ||
547 /* Special handling. Genfs but also in-core setxattr handler */
548 !strcmp(sb->s_type->name, "sysfs") ||
549 !strcmp(sb->s_type->name, "pstore") || 499 !strcmp(sb->s_type->name, "pstore") ||
550 !strcmp(sb->s_type->name, "debugfs") || 500 !strcmp(sb->s_type->name, "debugfs") ||
551 !strcmp(sb->s_type->name, "tracefs") || 501 !strcmp(sb->s_type->name, "tracefs") ||
@@ -555,6 +505,34 @@ static int selinux_is_sblabel_mnt(struct super_block *sb)
555 !strcmp(sb->s_type->name, "cgroup2"))); 505 !strcmp(sb->s_type->name, "cgroup2")));
556} 506}
557 507
508static int selinux_is_sblabel_mnt(struct super_block *sb)
509{
510 struct superblock_security_struct *sbsec = sb->s_security;
511
512 /*
513 * IMPORTANT: Double-check logic in this function when adding a new
514 * SECURITY_FS_USE_* definition!
515 */
516 BUILD_BUG_ON(SECURITY_FS_USE_MAX != 7);
517
518 switch (sbsec->behavior) {
519 case SECURITY_FS_USE_XATTR:
520 case SECURITY_FS_USE_TRANS:
521 case SECURITY_FS_USE_TASK:
522 case SECURITY_FS_USE_NATIVE:
523 return 1;
524
525 case SECURITY_FS_USE_GENFS:
526 return selinux_is_genfs_special_handling(sb);
527
528 /* Never allow relabeling on context mounts */
529 case SECURITY_FS_USE_MNTPOINT:
530 case SECURITY_FS_USE_NONE:
531 default:
532 return 0;
533 }
534}
535
558static int sb_finish_set_opts(struct super_block *sb) 536static int sb_finish_set_opts(struct super_block *sb)
559{ 537{
560 struct superblock_security_struct *sbsec = sb->s_security; 538 struct superblock_security_struct *sbsec = sb->s_security;
@@ -1377,7 +1355,7 @@ static int selinux_genfs_get_sid(struct dentry *dentry,
1377static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry) 1355static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1378{ 1356{
1379 struct superblock_security_struct *sbsec = NULL; 1357 struct superblock_security_struct *sbsec = NULL;
1380 struct inode_security_struct *isec = inode->i_security; 1358 struct inode_security_struct *isec = selinux_inode(inode);
1381 u32 task_sid, sid = 0; 1359 u32 task_sid, sid = 0;
1382 u16 sclass; 1360 u16 sclass;
1383 struct dentry *dentry; 1361 struct dentry *dentry;
@@ -1624,7 +1602,7 @@ static inline u32 signal_to_av(int sig)
1624 1602
1625/* Check whether a task is allowed to use a capability. */ 1603/* Check whether a task is allowed to use a capability. */
1626static int cred_has_capability(const struct cred *cred, 1604static int cred_has_capability(const struct cred *cred,
1627 int cap, int audit, bool initns) 1605 int cap, unsigned int opts, bool initns)
1628{ 1606{
1629 struct common_audit_data ad; 1607 struct common_audit_data ad;
1630 struct av_decision avd; 1608 struct av_decision avd;
@@ -1651,7 +1629,7 @@ static int cred_has_capability(const struct cred *cred,
1651 1629
1652 rc = avc_has_perm_noaudit(&selinux_state, 1630 rc = avc_has_perm_noaudit(&selinux_state,
1653 sid, sid, sclass, av, 0, &avd); 1631 sid, sid, sclass, av, 0, &avd);
1654 if (audit == SECURITY_CAP_AUDIT) { 1632 if (!(opts & CAP_OPT_NOAUDIT)) {
1655 int rc2 = avc_audit(&selinux_state, 1633 int rc2 = avc_audit(&selinux_state,
1656 sid, sid, sclass, av, &avd, rc, &ad, 0); 1634 sid, sid, sclass, av, &avd, rc, &ad, 0);
1657 if (rc2) 1635 if (rc2)
@@ -1677,7 +1655,7 @@ static int inode_has_perm(const struct cred *cred,
1677 return 0; 1655 return 0;
1678 1656
1679 sid = cred_sid(cred); 1657 sid = cred_sid(cred);
1680 isec = inode->i_security; 1658 isec = selinux_inode(inode);
1681 1659
1682 return avc_has_perm(&selinux_state, 1660 return avc_has_perm(&selinux_state,
1683 sid, isec->sid, isec->sclass, perms, adp); 1661 sid, isec->sid, isec->sclass, perms, adp);
@@ -1743,7 +1721,7 @@ static int file_has_perm(const struct cred *cred,
1743 struct file *file, 1721 struct file *file,
1744 u32 av) 1722 u32 av)
1745{ 1723{
1746 struct file_security_struct *fsec = file->f_security; 1724 struct file_security_struct *fsec = selinux_file(file);
1747 struct inode *inode = file_inode(file); 1725 struct inode *inode = file_inode(file);
1748 struct common_audit_data ad; 1726 struct common_audit_data ad;
1749 u32 sid = cred_sid(cred); 1727 u32 sid = cred_sid(cred);
@@ -1809,7 +1787,7 @@ static int may_create(struct inode *dir,
1809 struct dentry *dentry, 1787 struct dentry *dentry,
1810 u16 tclass) 1788 u16 tclass)
1811{ 1789{
1812 const struct task_security_struct *tsec = current_security(); 1790 const struct task_security_struct *tsec = selinux_cred(current_cred());
1813 struct inode_security_struct *dsec; 1791 struct inode_security_struct *dsec;
1814 struct superblock_security_struct *sbsec; 1792 struct superblock_security_struct *sbsec;
1815 u32 sid, newsid; 1793 u32 sid, newsid;
@@ -1831,7 +1809,7 @@ static int may_create(struct inode *dir,
1831 if (rc) 1809 if (rc)
1832 return rc; 1810 return rc;
1833 1811
1834 rc = selinux_determine_inode_label(current_security(), dir, 1812 rc = selinux_determine_inode_label(selinux_cred(current_cred()), dir,
1835 &dentry->d_name, tclass, &newsid); 1813 &dentry->d_name, tclass, &newsid);
1836 if (rc) 1814 if (rc)
1837 return rc; 1815 return rc;
@@ -2087,7 +2065,7 @@ static int selinux_binder_transfer_file(struct task_struct *from,
2087 struct file *file) 2065 struct file *file)
2088{ 2066{
2089 u32 sid = task_sid(to); 2067 u32 sid = task_sid(to);
2090 struct file_security_struct *fsec = file->f_security; 2068 struct file_security_struct *fsec = selinux_file(file);
2091 struct dentry *dentry = file->f_path.dentry; 2069 struct dentry *dentry = file->f_path.dentry;
2092 struct inode_security_struct *isec; 2070 struct inode_security_struct *isec;
2093 struct common_audit_data ad; 2071 struct common_audit_data ad;
@@ -2171,9 +2149,9 @@ static int selinux_capset(struct cred *new, const struct cred *old,
2171 */ 2149 */
2172 2150
2173static int selinux_capable(const struct cred *cred, struct user_namespace *ns, 2151static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
2174 int cap, int audit) 2152 int cap, unsigned int opts)
2175{ 2153{
2176 return cred_has_capability(cred, cap, audit, ns == &init_user_ns); 2154 return cred_has_capability(cred, cap, opts, ns == &init_user_ns);
2177} 2155}
2178 2156
2179static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb) 2157static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
@@ -2247,7 +2225,7 @@ static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
2247 int rc, cap_sys_admin = 0; 2225 int rc, cap_sys_admin = 0;
2248 2226
2249 rc = cred_has_capability(current_cred(), CAP_SYS_ADMIN, 2227 rc = cred_has_capability(current_cred(), CAP_SYS_ADMIN,
2250 SECURITY_CAP_NOAUDIT, true); 2228 CAP_OPT_NOAUDIT, true);
2251 if (rc == 0) 2229 if (rc == 0)
2252 cap_sys_admin = 1; 2230 cap_sys_admin = 1;
2253 2231
@@ -2338,8 +2316,8 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2338 if (bprm->called_set_creds) 2316 if (bprm->called_set_creds)
2339 return 0; 2317 return 0;
2340 2318
2341 old_tsec = current_security(); 2319 old_tsec = selinux_cred(current_cred());
2342 new_tsec = bprm->cred->security; 2320 new_tsec = selinux_cred(bprm->cred);
2343 isec = inode_security(inode); 2321 isec = inode_security(inode);
2344 2322
2345 /* Default to the current task SID. */ 2323 /* Default to the current task SID. */
@@ -2503,7 +2481,7 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2503 struct rlimit *rlim, *initrlim; 2481 struct rlimit *rlim, *initrlim;
2504 int rc, i; 2482 int rc, i;
2505 2483
2506 new_tsec = bprm->cred->security; 2484 new_tsec = selinux_cred(bprm->cred);
2507 if (new_tsec->sid == new_tsec->osid) 2485 if (new_tsec->sid == new_tsec->osid)
2508 return; 2486 return;
2509 2487
@@ -2546,7 +2524,7 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2546 */ 2524 */
2547static void selinux_bprm_committed_creds(struct linux_binprm *bprm) 2525static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2548{ 2526{
2549 const struct task_security_struct *tsec = current_security(); 2527 const struct task_security_struct *tsec = selinux_cred(current_cred());
2550 struct itimerval itimer; 2528 struct itimerval itimer;
2551 u32 osid, sid; 2529 u32 osid, sid;
2552 int rc, i; 2530 int rc, i;
@@ -2853,7 +2831,7 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode,
2853 u32 newsid; 2831 u32 newsid;
2854 int rc; 2832 int rc;
2855 2833
2856 rc = selinux_determine_inode_label(current_security(), 2834 rc = selinux_determine_inode_label(selinux_cred(current_cred()),
2857 d_inode(dentry->d_parent), name, 2835 d_inode(dentry->d_parent), name,
2858 inode_mode_to_security_class(mode), 2836 inode_mode_to_security_class(mode),
2859 &newsid); 2837 &newsid);
@@ -2873,14 +2851,14 @@ static int selinux_dentry_create_files_as(struct dentry *dentry, int mode,
2873 int rc; 2851 int rc;
2874 struct task_security_struct *tsec; 2852 struct task_security_struct *tsec;
2875 2853
2876 rc = selinux_determine_inode_label(old->security, 2854 rc = selinux_determine_inode_label(selinux_cred(old),
2877 d_inode(dentry->d_parent), name, 2855 d_inode(dentry->d_parent), name,
2878 inode_mode_to_security_class(mode), 2856 inode_mode_to_security_class(mode),
2879 &newsid); 2857 &newsid);
2880 if (rc) 2858 if (rc)
2881 return rc; 2859 return rc;
2882 2860
2883 tsec = new->security; 2861 tsec = selinux_cred(new);
2884 tsec->create_sid = newsid; 2862 tsec->create_sid = newsid;
2885 return 0; 2863 return 0;
2886} 2864}
@@ -2890,7 +2868,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2890 const char **name, 2868 const char **name,
2891 void **value, size_t *len) 2869 void **value, size_t *len)
2892{ 2870{
2893 const struct task_security_struct *tsec = current_security(); 2871 const struct task_security_struct *tsec = selinux_cred(current_cred());
2894 struct superblock_security_struct *sbsec; 2872 struct superblock_security_struct *sbsec;
2895 u32 newsid, clen; 2873 u32 newsid, clen;
2896 int rc; 2874 int rc;
@@ -2900,7 +2878,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2900 2878
2901 newsid = tsec->create_sid; 2879 newsid = tsec->create_sid;
2902 2880
2903 rc = selinux_determine_inode_label(current_security(), 2881 rc = selinux_determine_inode_label(selinux_cred(current_cred()),
2904 dir, qstr, 2882 dir, qstr,
2905 inode_mode_to_security_class(inode->i_mode), 2883 inode_mode_to_security_class(inode->i_mode),
2906 &newsid); 2884 &newsid);
@@ -2909,7 +2887,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2909 2887
2910 /* Possibly defer initialization to selinux_complete_init. */ 2888 /* Possibly defer initialization to selinux_complete_init. */
2911 if (sbsec->flags & SE_SBINITIALIZED) { 2889 if (sbsec->flags & SE_SBINITIALIZED) {
2912 struct inode_security_struct *isec = inode->i_security; 2890 struct inode_security_struct *isec = selinux_inode(inode);
2913 isec->sclass = inode_mode_to_security_class(inode->i_mode); 2891 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2914 isec->sid = newsid; 2892 isec->sid = newsid;
2915 isec->initialized = LABEL_INITIALIZED; 2893 isec->initialized = LABEL_INITIALIZED;
@@ -2998,9 +2976,8 @@ static int selinux_inode_follow_link(struct dentry *dentry, struct inode *inode,
2998 if (IS_ERR(isec)) 2976 if (IS_ERR(isec))
2999 return PTR_ERR(isec); 2977 return PTR_ERR(isec);
3000 2978
3001 return avc_has_perm_flags(&selinux_state, 2979 return avc_has_perm(&selinux_state,
3002 sid, isec->sid, isec->sclass, FILE__READ, &ad, 2980 sid, isec->sid, isec->sclass, FILE__READ, &ad);
3003 rcu ? MAY_NOT_BLOCK : 0);
3004} 2981}
3005 2982
3006static noinline int audit_inode_permission(struct inode *inode, 2983static noinline int audit_inode_permission(struct inode *inode,
@@ -3009,7 +2986,7 @@ static noinline int audit_inode_permission(struct inode *inode,
3009 unsigned flags) 2986 unsigned flags)
3010{ 2987{
3011 struct common_audit_data ad; 2988 struct common_audit_data ad;
3012 struct inode_security_struct *isec = inode->i_security; 2989 struct inode_security_struct *isec = selinux_inode(inode);
3013 int rc; 2990 int rc;
3014 2991
3015 ad.type = LSM_AUDIT_DATA_INODE; 2992 ad.type = LSM_AUDIT_DATA_INODE;
@@ -3055,7 +3032,9 @@ static int selinux_inode_permission(struct inode *inode, int mask)
3055 return PTR_ERR(isec); 3032 return PTR_ERR(isec);
3056 3033
3057 rc = avc_has_perm_noaudit(&selinux_state, 3034 rc = avc_has_perm_noaudit(&selinux_state,
3058 sid, isec->sid, isec->sclass, perms, 0, &avd); 3035 sid, isec->sid, isec->sclass, perms,
3036 (flags & MAY_NOT_BLOCK) ? AVC_NONBLOCKING : 0,
3037 &avd);
3059 audited = avc_audit_required(perms, &avd, rc, 3038 audited = avc_audit_required(perms, &avd, rc,
3060 from_access ? FILE__AUDIT_ACCESS : 0, 3039 from_access ? FILE__AUDIT_ACCESS : 0,
3061 &denied); 3040 &denied);
@@ -3104,11 +3083,11 @@ static int selinux_inode_getattr(const struct path *path)
3104static bool has_cap_mac_admin(bool audit) 3083static bool has_cap_mac_admin(bool audit)
3105{ 3084{
3106 const struct cred *cred = current_cred(); 3085 const struct cred *cred = current_cred();
3107 int cap_audit = audit ? SECURITY_CAP_AUDIT : SECURITY_CAP_NOAUDIT; 3086 unsigned int opts = audit ? CAP_OPT_NONE : CAP_OPT_NOAUDIT;
3108 3087
3109 if (cap_capable(cred, &init_user_ns, CAP_MAC_ADMIN, cap_audit)) 3088 if (cap_capable(cred, &init_user_ns, CAP_MAC_ADMIN, opts))
3110 return false; 3089 return false;
3111 if (cred_has_capability(cred, CAP_MAC_ADMIN, cap_audit, true)) 3090 if (cred_has_capability(cred, CAP_MAC_ADMIN, opts, true))
3112 return false; 3091 return false;
3113 return true; 3092 return true;
3114} 3093}
@@ -3314,12 +3293,16 @@ static int selinux_inode_setsecurity(struct inode *inode, const char *name,
3314 const void *value, size_t size, int flags) 3293 const void *value, size_t size, int flags)
3315{ 3294{
3316 struct inode_security_struct *isec = inode_security_novalidate(inode); 3295 struct inode_security_struct *isec = inode_security_novalidate(inode);
3296 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
3317 u32 newsid; 3297 u32 newsid;
3318 int rc; 3298 int rc;
3319 3299
3320 if (strcmp(name, XATTR_SELINUX_SUFFIX)) 3300 if (strcmp(name, XATTR_SELINUX_SUFFIX))
3321 return -EOPNOTSUPP; 3301 return -EOPNOTSUPP;
3322 3302
3303 if (!(sbsec->flags & SBLABEL_MNT))
3304 return -EOPNOTSUPP;
3305
3323 if (!value || !size) 3306 if (!value || !size)
3324 return -EACCES; 3307 return -EACCES;
3325 3308
@@ -3362,7 +3345,7 @@ static int selinux_inode_copy_up(struct dentry *src, struct cred **new)
3362 return -ENOMEM; 3345 return -ENOMEM;
3363 } 3346 }
3364 3347
3365 tsec = new_creds->security; 3348 tsec = selinux_cred(new_creds);
3366 /* Get label from overlay inode and set it in create_sid */ 3349 /* Get label from overlay inode and set it in create_sid */
3367 selinux_inode_getsecid(d_inode(src), &sid); 3350 selinux_inode_getsecid(d_inode(src), &sid);
3368 tsec->create_sid = sid; 3351 tsec->create_sid = sid;
@@ -3403,7 +3386,7 @@ static int selinux_revalidate_file_permission(struct file *file, int mask)
3403static int selinux_file_permission(struct file *file, int mask) 3386static int selinux_file_permission(struct file *file, int mask)
3404{ 3387{
3405 struct inode *inode = file_inode(file); 3388 struct inode *inode = file_inode(file);
3406 struct file_security_struct *fsec = file->f_security; 3389 struct file_security_struct *fsec = selinux_file(file);
3407 struct inode_security_struct *isec; 3390 struct inode_security_struct *isec;
3408 u32 sid = current_sid(); 3391 u32 sid = current_sid();
3409 3392
@@ -3425,11 +3408,6 @@ static int selinux_file_alloc_security(struct file *file)
3425 return file_alloc_security(file); 3408 return file_alloc_security(file);
3426} 3409}
3427 3410
3428static void selinux_file_free_security(struct file *file)
3429{
3430 file_free_security(file);
3431}
3432
3433/* 3411/*
3434 * Check whether a task has the ioctl permission and cmd 3412 * Check whether a task has the ioctl permission and cmd
3435 * operation to an inode. 3413 * operation to an inode.
@@ -3438,7 +3416,7 @@ static int ioctl_has_perm(const struct cred *cred, struct file *file,
3438 u32 requested, u16 cmd) 3416 u32 requested, u16 cmd)
3439{ 3417{
3440 struct common_audit_data ad; 3418 struct common_audit_data ad;
3441 struct file_security_struct *fsec = file->f_security; 3419 struct file_security_struct *fsec = selinux_file(file);
3442 struct inode *inode = file_inode(file); 3420 struct inode *inode = file_inode(file);
3443 struct inode_security_struct *isec; 3421 struct inode_security_struct *isec;
3444 struct lsm_ioctlop_audit ioctl; 3422 struct lsm_ioctlop_audit ioctl;
@@ -3508,7 +3486,7 @@ static int selinux_file_ioctl(struct file *file, unsigned int cmd,
3508 case KDSKBENT: 3486 case KDSKBENT:
3509 case KDSKBSENT: 3487 case KDSKBSENT:
3510 error = cred_has_capability(cred, CAP_SYS_TTY_CONFIG, 3488 error = cred_has_capability(cred, CAP_SYS_TTY_CONFIG,
3511 SECURITY_CAP_AUDIT, true); 3489 CAP_OPT_NONE, true);
3512 break; 3490 break;
3513 3491
3514 /* default case assumes that the command will go 3492 /* default case assumes that the command will go
@@ -3690,7 +3668,7 @@ static void selinux_file_set_fowner(struct file *file)
3690{ 3668{
3691 struct file_security_struct *fsec; 3669 struct file_security_struct *fsec;
3692 3670
3693 fsec = file->f_security; 3671 fsec = selinux_file(file);
3694 fsec->fown_sid = current_sid(); 3672 fsec->fown_sid = current_sid();
3695} 3673}
3696 3674
@@ -3705,7 +3683,7 @@ static int selinux_file_send_sigiotask(struct task_struct *tsk,
3705 /* struct fown_struct is never outside the context of a struct file */ 3683 /* struct fown_struct is never outside the context of a struct file */
3706 file = container_of(fown, struct file, f_owner); 3684 file = container_of(fown, struct file, f_owner);
3707 3685
3708 fsec = file->f_security; 3686 fsec = selinux_file(file);
3709 3687
3710 if (!signum) 3688 if (!signum)
3711 perm = signal_to_av(SIGIO); /* as per send_sigio_to_task */ 3689 perm = signal_to_av(SIGIO); /* as per send_sigio_to_task */
@@ -3729,7 +3707,7 @@ static int selinux_file_open(struct file *file)
3729 struct file_security_struct *fsec; 3707 struct file_security_struct *fsec;
3730 struct inode_security_struct *isec; 3708 struct inode_security_struct *isec;
3731 3709
3732 fsec = file->f_security; 3710 fsec = selinux_file(file);
3733 isec = inode_security(file_inode(file)); 3711 isec = inode_security(file_inode(file));
3734 /* 3712 /*
3735 * Save inode label and policy sequence number 3713 * Save inode label and policy sequence number
@@ -3763,52 +3741,15 @@ static int selinux_task_alloc(struct task_struct *task,
3763} 3741}
3764 3742
3765/* 3743/*
3766 * allocate the SELinux part of blank credentials
3767 */
3768static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp)
3769{
3770 struct task_security_struct *tsec;
3771
3772 tsec = kzalloc(sizeof(struct task_security_struct), gfp);
3773 if (!tsec)
3774 return -ENOMEM;
3775
3776 cred->security = tsec;
3777 return 0;
3778}
3779
3780/*
3781 * detach and free the LSM part of a set of credentials
3782 */
3783static void selinux_cred_free(struct cred *cred)
3784{
3785 struct task_security_struct *tsec = cred->security;
3786
3787 /*
3788 * cred->security == NULL if security_cred_alloc_blank() or
3789 * security_prepare_creds() returned an error.
3790 */
3791 BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE);
3792 cred->security = (void *) 0x7UL;
3793 kfree(tsec);
3794}
3795
3796/*
3797 * prepare a new set of credentials for modification 3744 * prepare a new set of credentials for modification
3798 */ 3745 */
3799static int selinux_cred_prepare(struct cred *new, const struct cred *old, 3746static int selinux_cred_prepare(struct cred *new, const struct cred *old,
3800 gfp_t gfp) 3747 gfp_t gfp)
3801{ 3748{
3802 const struct task_security_struct *old_tsec; 3749 const struct task_security_struct *old_tsec = selinux_cred(old);
3803 struct task_security_struct *tsec; 3750 struct task_security_struct *tsec = selinux_cred(new);
3804
3805 old_tsec = old->security;
3806
3807 tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp);
3808 if (!tsec)
3809 return -ENOMEM;
3810 3751
3811 new->security = tsec; 3752 *tsec = *old_tsec;
3812 return 0; 3753 return 0;
3813} 3754}
3814 3755
@@ -3817,8 +3758,8 @@ static int selinux_cred_prepare(struct cred *new, const struct cred *old,
3817 */ 3758 */
3818static void selinux_cred_transfer(struct cred *new, const struct cred *old) 3759static void selinux_cred_transfer(struct cred *new, const struct cred *old)
3819{ 3760{
3820 const struct task_security_struct *old_tsec = old->security; 3761 const struct task_security_struct *old_tsec = selinux_cred(old);
3821 struct task_security_struct *tsec = new->security; 3762 struct task_security_struct *tsec = selinux_cred(new);
3822 3763
3823 *tsec = *old_tsec; 3764 *tsec = *old_tsec;
3824} 3765}
@@ -3834,7 +3775,7 @@ static void selinux_cred_getsecid(const struct cred *c, u32 *secid)
3834 */ 3775 */
3835static int selinux_kernel_act_as(struct cred *new, u32 secid) 3776static int selinux_kernel_act_as(struct cred *new, u32 secid)
3836{ 3777{
3837 struct task_security_struct *tsec = new->security; 3778 struct task_security_struct *tsec = selinux_cred(new);
3838 u32 sid = current_sid(); 3779 u32 sid = current_sid();
3839 int ret; 3780 int ret;
3840 3781
@@ -3859,7 +3800,7 @@ static int selinux_kernel_act_as(struct cred *new, u32 secid)
3859static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode) 3800static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
3860{ 3801{
3861 struct inode_security_struct *isec = inode_security(inode); 3802 struct inode_security_struct *isec = inode_security(inode);
3862 struct task_security_struct *tsec = new->security; 3803 struct task_security_struct *tsec = selinux_cred(new);
3863 u32 sid = current_sid(); 3804 u32 sid = current_sid();
3864 int ret; 3805 int ret;
3865 3806
@@ -3905,7 +3846,7 @@ static int selinux_kernel_module_from_file(struct file *file)
3905 ad.type = LSM_AUDIT_DATA_FILE; 3846 ad.type = LSM_AUDIT_DATA_FILE;
3906 ad.u.file = file; 3847 ad.u.file = file;
3907 3848
3908 fsec = file->f_security; 3849 fsec = selinux_file(file);
3909 if (sid != fsec->sid) { 3850 if (sid != fsec->sid) {
3910 rc = avc_has_perm(&selinux_state, 3851 rc = avc_has_perm(&selinux_state,
3911 sid, fsec->sid, SECCLASS_FD, FD__USE, &ad); 3852 sid, fsec->sid, SECCLASS_FD, FD__USE, &ad);
@@ -4071,7 +4012,7 @@ static int selinux_task_kill(struct task_struct *p, struct kernel_siginfo *info,
4071static void selinux_task_to_inode(struct task_struct *p, 4012static void selinux_task_to_inode(struct task_struct *p,
4072 struct inode *inode) 4013 struct inode *inode)
4073{ 4014{
4074 struct inode_security_struct *isec = inode->i_security; 4015 struct inode_security_struct *isec = selinux_inode(inode);
4075 u32 sid = task_sid(p); 4016 u32 sid = task_sid(p);
4076 4017
4077 spin_lock(&isec->lock); 4018 spin_lock(&isec->lock);
@@ -4408,7 +4349,7 @@ static int sock_has_perm(struct sock *sk, u32 perms)
4408static int selinux_socket_create(int family, int type, 4349static int selinux_socket_create(int family, int type,
4409 int protocol, int kern) 4350 int protocol, int kern)
4410{ 4351{
4411 const struct task_security_struct *tsec = current_security(); 4352 const struct task_security_struct *tsec = selinux_cred(current_cred());
4412 u32 newsid; 4353 u32 newsid;
4413 u16 secclass; 4354 u16 secclass;
4414 int rc; 4355 int rc;
@@ -4428,7 +4369,7 @@ static int selinux_socket_create(int family, int type,
4428static int selinux_socket_post_create(struct socket *sock, int family, 4369static int selinux_socket_post_create(struct socket *sock, int family,
4429 int type, int protocol, int kern) 4370 int type, int protocol, int kern)
4430{ 4371{
4431 const struct task_security_struct *tsec = current_security(); 4372 const struct task_security_struct *tsec = selinux_cred(current_cred());
4432 struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(sock)); 4373 struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(sock));
4433 struct sk_security_struct *sksec; 4374 struct sk_security_struct *sksec;
4434 u16 sclass = socket_type_to_security_class(family, type, protocol); 4375 u16 sclass = socket_type_to_security_class(family, type, protocol);
@@ -4604,7 +4545,7 @@ err_af:
4604} 4545}
4605 4546
4606/* This supports connect(2) and SCTP connect services such as sctp_connectx(3) 4547/* This supports connect(2) and SCTP connect services such as sctp_connectx(3)
4607 * and sctp_sendmsg(3) as described in Documentation/security/LSM-sctp.rst 4548 * and sctp_sendmsg(3) as described in Documentation/security/SCTP.rst
4608 */ 4549 */
4609static int selinux_socket_connect_helper(struct socket *sock, 4550static int selinux_socket_connect_helper(struct socket *sock,
4610 struct sockaddr *address, int addrlen) 4551 struct sockaddr *address, int addrlen)
@@ -5309,7 +5250,7 @@ static int selinux_secmark_relabel_packet(u32 sid)
5309 const struct task_security_struct *__tsec; 5250 const struct task_security_struct *__tsec;
5310 u32 tsid; 5251 u32 tsid;
5311 5252
5312 __tsec = current_security(); 5253 __tsec = selinux_cred(current_cred());
5313 tsid = __tsec->sid; 5254 tsid = __tsec->sid;
5314 5255
5315 return avc_has_perm(&selinux_state, 5256 return avc_has_perm(&selinux_state,
@@ -5784,51 +5725,22 @@ static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
5784 return selinux_nlmsg_perm(sk, skb); 5725 return selinux_nlmsg_perm(sk, skb);
5785} 5726}
5786 5727
5787static int ipc_alloc_security(struct kern_ipc_perm *perm, 5728static void ipc_init_security(struct ipc_security_struct *isec, u16 sclass)
5788 u16 sclass)
5789{ 5729{
5790 struct ipc_security_struct *isec;
5791
5792 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
5793 if (!isec)
5794 return -ENOMEM;
5795
5796 isec->sclass = sclass; 5730 isec->sclass = sclass;
5797 isec->sid = current_sid(); 5731 isec->sid = current_sid();
5798 perm->security = isec;
5799
5800 return 0;
5801}
5802
5803static void ipc_free_security(struct kern_ipc_perm *perm)
5804{
5805 struct ipc_security_struct *isec = perm->security;
5806 perm->security = NULL;
5807 kfree(isec);
5808} 5732}
5809 5733
5810static int msg_msg_alloc_security(struct msg_msg *msg) 5734static int msg_msg_alloc_security(struct msg_msg *msg)
5811{ 5735{
5812 struct msg_security_struct *msec; 5736 struct msg_security_struct *msec;
5813 5737
5814 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL); 5738 msec = selinux_msg_msg(msg);
5815 if (!msec)
5816 return -ENOMEM;
5817
5818 msec->sid = SECINITSID_UNLABELED; 5739 msec->sid = SECINITSID_UNLABELED;
5819 msg->security = msec;
5820 5740
5821 return 0; 5741 return 0;
5822} 5742}
5823 5743
5824static void msg_msg_free_security(struct msg_msg *msg)
5825{
5826 struct msg_security_struct *msec = msg->security;
5827
5828 msg->security = NULL;
5829 kfree(msec);
5830}
5831
5832static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, 5744static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
5833 u32 perms) 5745 u32 perms)
5834{ 5746{
@@ -5836,7 +5748,7 @@ static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
5836 struct common_audit_data ad; 5748 struct common_audit_data ad;
5837 u32 sid = current_sid(); 5749 u32 sid = current_sid();
5838 5750
5839 isec = ipc_perms->security; 5751 isec = selinux_ipc(ipc_perms);
5840 5752
5841 ad.type = LSM_AUDIT_DATA_IPC; 5753 ad.type = LSM_AUDIT_DATA_IPC;
5842 ad.u.ipc_id = ipc_perms->key; 5754 ad.u.ipc_id = ipc_perms->key;
@@ -5850,11 +5762,6 @@ static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
5850 return msg_msg_alloc_security(msg); 5762 return msg_msg_alloc_security(msg);
5851} 5763}
5852 5764
5853static void selinux_msg_msg_free_security(struct msg_msg *msg)
5854{
5855 msg_msg_free_security(msg);
5856}
5857
5858/* message queue security operations */ 5765/* message queue security operations */
5859static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq) 5766static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq)
5860{ 5767{
@@ -5863,11 +5770,8 @@ static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq)
5863 u32 sid = current_sid(); 5770 u32 sid = current_sid();
5864 int rc; 5771 int rc;
5865 5772
5866 rc = ipc_alloc_security(msq, SECCLASS_MSGQ); 5773 isec = selinux_ipc(msq);
5867 if (rc) 5774 ipc_init_security(isec, SECCLASS_MSGQ);
5868 return rc;
5869
5870 isec = msq->security;
5871 5775
5872 ad.type = LSM_AUDIT_DATA_IPC; 5776 ad.type = LSM_AUDIT_DATA_IPC;
5873 ad.u.ipc_id = msq->key; 5777 ad.u.ipc_id = msq->key;
@@ -5875,16 +5779,7 @@ static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq)
5875 rc = avc_has_perm(&selinux_state, 5779 rc = avc_has_perm(&selinux_state,
5876 sid, isec->sid, SECCLASS_MSGQ, 5780 sid, isec->sid, SECCLASS_MSGQ,
5877 MSGQ__CREATE, &ad); 5781 MSGQ__CREATE, &ad);
5878 if (rc) { 5782 return rc;
5879 ipc_free_security(msq);
5880 return rc;
5881 }
5882 return 0;
5883}
5884
5885static void selinux_msg_queue_free_security(struct kern_ipc_perm *msq)
5886{
5887 ipc_free_security(msq);
5888} 5783}
5889 5784
5890static int selinux_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg) 5785static int selinux_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg)
@@ -5893,7 +5788,7 @@ static int selinux_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg)
5893 struct common_audit_data ad; 5788 struct common_audit_data ad;
5894 u32 sid = current_sid(); 5789 u32 sid = current_sid();
5895 5790
5896 isec = msq->security; 5791 isec = selinux_ipc(msq);
5897 5792
5898 ad.type = LSM_AUDIT_DATA_IPC; 5793 ad.type = LSM_AUDIT_DATA_IPC;
5899 ad.u.ipc_id = msq->key; 5794 ad.u.ipc_id = msq->key;
@@ -5942,8 +5837,8 @@ static int selinux_msg_queue_msgsnd(struct kern_ipc_perm *msq, struct msg_msg *m
5942 u32 sid = current_sid(); 5837 u32 sid = current_sid();
5943 int rc; 5838 int rc;
5944 5839
5945 isec = msq->security; 5840 isec = selinux_ipc(msq);
5946 msec = msg->security; 5841 msec = selinux_msg_msg(msg);
5947 5842
5948 /* 5843 /*
5949 * First time through, need to assign label to the message 5844 * First time through, need to assign label to the message
@@ -5990,8 +5885,8 @@ static int selinux_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *m
5990 u32 sid = task_sid(target); 5885 u32 sid = task_sid(target);
5991 int rc; 5886 int rc;
5992 5887
5993 isec = msq->security; 5888 isec = selinux_ipc(msq);
5994 msec = msg->security; 5889 msec = selinux_msg_msg(msg);
5995 5890
5996 ad.type = LSM_AUDIT_DATA_IPC; 5891 ad.type = LSM_AUDIT_DATA_IPC;
5997 ad.u.ipc_id = msq->key; 5892 ad.u.ipc_id = msq->key;
@@ -6014,11 +5909,8 @@ static int selinux_shm_alloc_security(struct kern_ipc_perm *shp)
6014 u32 sid = current_sid(); 5909 u32 sid = current_sid();
6015 int rc; 5910 int rc;
6016 5911
6017 rc = ipc_alloc_security(shp, SECCLASS_SHM); 5912 isec = selinux_ipc(shp);
6018 if (rc) 5913 ipc_init_security(isec, SECCLASS_SHM);
6019 return rc;
6020
6021 isec = shp->security;
6022 5914
6023 ad.type = LSM_AUDIT_DATA_IPC; 5915 ad.type = LSM_AUDIT_DATA_IPC;
6024 ad.u.ipc_id = shp->key; 5916 ad.u.ipc_id = shp->key;
@@ -6026,16 +5918,7 @@ static int selinux_shm_alloc_security(struct kern_ipc_perm *shp)
6026 rc = avc_has_perm(&selinux_state, 5918 rc = avc_has_perm(&selinux_state,
6027 sid, isec->sid, SECCLASS_SHM, 5919 sid, isec->sid, SECCLASS_SHM,
6028 SHM__CREATE, &ad); 5920 SHM__CREATE, &ad);
6029 if (rc) { 5921 return rc;
6030 ipc_free_security(shp);
6031 return rc;
6032 }
6033 return 0;
6034}
6035
6036static void selinux_shm_free_security(struct kern_ipc_perm *shp)
6037{
6038 ipc_free_security(shp);
6039} 5922}
6040 5923
6041static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg) 5924static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg)
@@ -6044,7 +5927,7 @@ static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg)
6044 struct common_audit_data ad; 5927 struct common_audit_data ad;
6045 u32 sid = current_sid(); 5928 u32 sid = current_sid();
6046 5929
6047 isec = shp->security; 5930 isec = selinux_ipc(shp);
6048 5931
6049 ad.type = LSM_AUDIT_DATA_IPC; 5932 ad.type = LSM_AUDIT_DATA_IPC;
6050 ad.u.ipc_id = shp->key; 5933 ad.u.ipc_id = shp->key;
@@ -6111,11 +5994,8 @@ static int selinux_sem_alloc_security(struct kern_ipc_perm *sma)
6111 u32 sid = current_sid(); 5994 u32 sid = current_sid();
6112 int rc; 5995 int rc;
6113 5996
6114 rc = ipc_alloc_security(sma, SECCLASS_SEM); 5997 isec = selinux_ipc(sma);
6115 if (rc) 5998 ipc_init_security(isec, SECCLASS_SEM);
6116 return rc;
6117
6118 isec = sma->security;
6119 5999
6120 ad.type = LSM_AUDIT_DATA_IPC; 6000 ad.type = LSM_AUDIT_DATA_IPC;
6121 ad.u.ipc_id = sma->key; 6001 ad.u.ipc_id = sma->key;
@@ -6123,16 +6003,7 @@ static int selinux_sem_alloc_security(struct kern_ipc_perm *sma)
6123 rc = avc_has_perm(&selinux_state, 6003 rc = avc_has_perm(&selinux_state,
6124 sid, isec->sid, SECCLASS_SEM, 6004 sid, isec->sid, SECCLASS_SEM,
6125 SEM__CREATE, &ad); 6005 SEM__CREATE, &ad);
6126 if (rc) { 6006 return rc;
6127 ipc_free_security(sma);
6128 return rc;
6129 }
6130 return 0;
6131}
6132
6133static void selinux_sem_free_security(struct kern_ipc_perm *sma)
6134{
6135 ipc_free_security(sma);
6136} 6007}
6137 6008
6138static int selinux_sem_associate(struct kern_ipc_perm *sma, int semflg) 6009static int selinux_sem_associate(struct kern_ipc_perm *sma, int semflg)
@@ -6141,7 +6012,7 @@ static int selinux_sem_associate(struct kern_ipc_perm *sma, int semflg)
6141 struct common_audit_data ad; 6012 struct common_audit_data ad;
6142 u32 sid = current_sid(); 6013 u32 sid = current_sid();
6143 6014
6144 isec = sma->security; 6015 isec = selinux_ipc(sma);
6145 6016
6146 ad.type = LSM_AUDIT_DATA_IPC; 6017 ad.type = LSM_AUDIT_DATA_IPC;
6147 ad.u.ipc_id = sma->key; 6018 ad.u.ipc_id = sma->key;
@@ -6227,7 +6098,7 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
6227 6098
6228static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) 6099static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
6229{ 6100{
6230 struct ipc_security_struct *isec = ipcp->security; 6101 struct ipc_security_struct *isec = selinux_ipc(ipcp);
6231 *secid = isec->sid; 6102 *secid = isec->sid;
6232} 6103}
6233 6104
@@ -6246,7 +6117,7 @@ static int selinux_getprocattr(struct task_struct *p,
6246 unsigned len; 6117 unsigned len;
6247 6118
6248 rcu_read_lock(); 6119 rcu_read_lock();
6249 __tsec = __task_cred(p)->security; 6120 __tsec = selinux_cred(__task_cred(p));
6250 6121
6251 if (current != p) { 6122 if (current != p) {
6252 error = avc_has_perm(&selinux_state, 6123 error = avc_has_perm(&selinux_state,
@@ -6369,7 +6240,7 @@ static int selinux_setprocattr(const char *name, void *value, size_t size)
6369 operation. See selinux_bprm_set_creds for the execve 6240 operation. See selinux_bprm_set_creds for the execve
6370 checks and may_create for the file creation checks. The 6241 checks and may_create for the file creation checks. The
6371 operation will then fail if the context is not permitted. */ 6242 operation will then fail if the context is not permitted. */
6372 tsec = new->security; 6243 tsec = selinux_cred(new);
6373 if (!strcmp(name, "exec")) { 6244 if (!strcmp(name, "exec")) {
6374 tsec->exec_sid = sid; 6245 tsec->exec_sid = sid;
6375 } else if (!strcmp(name, "fscreate")) { 6246 } else if (!strcmp(name, "fscreate")) {
@@ -6453,7 +6324,7 @@ static void selinux_release_secctx(char *secdata, u32 seclen)
6453 6324
6454static void selinux_inode_invalidate_secctx(struct inode *inode) 6325static void selinux_inode_invalidate_secctx(struct inode *inode)
6455{ 6326{
6456 struct inode_security_struct *isec = inode->i_security; 6327 struct inode_security_struct *isec = selinux_inode(inode);
6457 6328
6458 spin_lock(&isec->lock); 6329 spin_lock(&isec->lock);
6459 isec->initialized = LABEL_INVALID; 6330 isec->initialized = LABEL_INVALID;
@@ -6465,7 +6336,10 @@ static void selinux_inode_invalidate_secctx(struct inode *inode)
6465 */ 6336 */
6466static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 6337static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
6467{ 6338{
6468 return selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX, ctx, ctxlen, 0); 6339 int rc = selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX,
6340 ctx, ctxlen, 0);
6341 /* Do not return error when suppressing label (SBLABEL_MNT not set). */
6342 return rc == -EOPNOTSUPP ? 0 : rc;
6469} 6343}
6470 6344
6471/* 6345/*
@@ -6498,7 +6372,7 @@ static int selinux_key_alloc(struct key *k, const struct cred *cred,
6498 if (!ksec) 6372 if (!ksec)
6499 return -ENOMEM; 6373 return -ENOMEM;
6500 6374
6501 tsec = cred->security; 6375 tsec = selinux_cred(cred);
6502 if (tsec->keycreate_sid) 6376 if (tsec->keycreate_sid)
6503 ksec->sid = tsec->keycreate_sid; 6377 ksec->sid = tsec->keycreate_sid;
6504 else 6378 else
@@ -6761,6 +6635,14 @@ static void selinux_bpf_prog_free(struct bpf_prog_aux *aux)
6761} 6635}
6762#endif 6636#endif
6763 6637
6638struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = {
6639 .lbs_cred = sizeof(struct task_security_struct),
6640 .lbs_file = sizeof(struct file_security_struct),
6641 .lbs_inode = sizeof(struct inode_security_struct),
6642 .lbs_ipc = sizeof(struct ipc_security_struct),
6643 .lbs_msg_msg = sizeof(struct msg_security_struct),
6644};
6645
6764static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { 6646static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
6765 LSM_HOOK_INIT(binder_set_context_mgr, selinux_binder_set_context_mgr), 6647 LSM_HOOK_INIT(binder_set_context_mgr, selinux_binder_set_context_mgr),
6766 LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction), 6648 LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction),
@@ -6833,7 +6715,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
6833 6715
6834 LSM_HOOK_INIT(file_permission, selinux_file_permission), 6716 LSM_HOOK_INIT(file_permission, selinux_file_permission),
6835 LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security), 6717 LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security),
6836 LSM_HOOK_INIT(file_free_security, selinux_file_free_security),
6837 LSM_HOOK_INIT(file_ioctl, selinux_file_ioctl), 6718 LSM_HOOK_INIT(file_ioctl, selinux_file_ioctl),
6838 LSM_HOOK_INIT(mmap_file, selinux_mmap_file), 6719 LSM_HOOK_INIT(mmap_file, selinux_mmap_file),
6839 LSM_HOOK_INIT(mmap_addr, selinux_mmap_addr), 6720 LSM_HOOK_INIT(mmap_addr, selinux_mmap_addr),
@@ -6847,8 +6728,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
6847 LSM_HOOK_INIT(file_open, selinux_file_open), 6728 LSM_HOOK_INIT(file_open, selinux_file_open),
6848 6729
6849 LSM_HOOK_INIT(task_alloc, selinux_task_alloc), 6730 LSM_HOOK_INIT(task_alloc, selinux_task_alloc),
6850 LSM_HOOK_INIT(cred_alloc_blank, selinux_cred_alloc_blank),
6851 LSM_HOOK_INIT(cred_free, selinux_cred_free),
6852 LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare), 6731 LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare),
6853 LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer), 6732 LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer),
6854 LSM_HOOK_INIT(cred_getsecid, selinux_cred_getsecid), 6733 LSM_HOOK_INIT(cred_getsecid, selinux_cred_getsecid),
@@ -6876,24 +6755,20 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
6876 LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid), 6755 LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid),
6877 6756
6878 LSM_HOOK_INIT(msg_msg_alloc_security, selinux_msg_msg_alloc_security), 6757 LSM_HOOK_INIT(msg_msg_alloc_security, selinux_msg_msg_alloc_security),
6879 LSM_HOOK_INIT(msg_msg_free_security, selinux_msg_msg_free_security),
6880 6758
6881 LSM_HOOK_INIT(msg_queue_alloc_security, 6759 LSM_HOOK_INIT(msg_queue_alloc_security,
6882 selinux_msg_queue_alloc_security), 6760 selinux_msg_queue_alloc_security),
6883 LSM_HOOK_INIT(msg_queue_free_security, selinux_msg_queue_free_security),
6884 LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate), 6761 LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate),
6885 LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl), 6762 LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl),
6886 LSM_HOOK_INIT(msg_queue_msgsnd, selinux_msg_queue_msgsnd), 6763 LSM_HOOK_INIT(msg_queue_msgsnd, selinux_msg_queue_msgsnd),
6887 LSM_HOOK_INIT(msg_queue_msgrcv, selinux_msg_queue_msgrcv), 6764 LSM_HOOK_INIT(msg_queue_msgrcv, selinux_msg_queue_msgrcv),
6888 6765
6889 LSM_HOOK_INIT(shm_alloc_security, selinux_shm_alloc_security), 6766 LSM_HOOK_INIT(shm_alloc_security, selinux_shm_alloc_security),
6890 LSM_HOOK_INIT(shm_free_security, selinux_shm_free_security),
6891 LSM_HOOK_INIT(shm_associate, selinux_shm_associate), 6767 LSM_HOOK_INIT(shm_associate, selinux_shm_associate),
6892 LSM_HOOK_INIT(shm_shmctl, selinux_shm_shmctl), 6768 LSM_HOOK_INIT(shm_shmctl, selinux_shm_shmctl),
6893 LSM_HOOK_INIT(shm_shmat, selinux_shm_shmat), 6769 LSM_HOOK_INIT(shm_shmat, selinux_shm_shmat),
6894 6770
6895 LSM_HOOK_INIT(sem_alloc_security, selinux_sem_alloc_security), 6771 LSM_HOOK_INIT(sem_alloc_security, selinux_sem_alloc_security),
6896 LSM_HOOK_INIT(sem_free_security, selinux_sem_free_security),
6897 LSM_HOOK_INIT(sem_associate, selinux_sem_associate), 6772 LSM_HOOK_INIT(sem_associate, selinux_sem_associate),
6898 LSM_HOOK_INIT(sem_semctl, selinux_sem_semctl), 6773 LSM_HOOK_INIT(sem_semctl, selinux_sem_semctl),
6899 LSM_HOOK_INIT(sem_semop, selinux_sem_semop), 6774 LSM_HOOK_INIT(sem_semop, selinux_sem_semop),
@@ -7004,16 +6879,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
7004 6879
7005static __init int selinux_init(void) 6880static __init int selinux_init(void)
7006{ 6881{
7007 if (!security_module_enable("selinux")) {
7008 selinux_enabled = 0;
7009 return 0;
7010 }
7011
7012 if (!selinux_enabled) {
7013 pr_info("SELinux: Disabled at boot.\n");
7014 return 0;
7015 }
7016
7017 pr_info("SELinux: Initializing.\n"); 6882 pr_info("SELinux: Initializing.\n");
7018 6883
7019 memset(&selinux_state, 0, sizeof(selinux_state)); 6884 memset(&selinux_state, 0, sizeof(selinux_state));
@@ -7027,12 +6892,6 @@ static __init int selinux_init(void)
7027 6892
7028 default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC); 6893 default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
7029 6894
7030 sel_inode_cache = kmem_cache_create("selinux_inode_security",
7031 sizeof(struct inode_security_struct),
7032 0, SLAB_PANIC, NULL);
7033 file_security_cache = kmem_cache_create("selinux_file_security",
7034 sizeof(struct file_security_struct),
7035 0, SLAB_PANIC, NULL);
7036 avc_init(); 6895 avc_init();
7037 6896
7038 avtab_cache_init(); 6897 avtab_cache_init();
@@ -7077,6 +6936,9 @@ void selinux_complete_init(void)
7077 all processes and objects when they are created. */ 6936 all processes and objects when they are created. */
7078DEFINE_LSM(selinux) = { 6937DEFINE_LSM(selinux) = {
7079 .name = "selinux", 6938 .name = "selinux",
6939 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
6940 .enabled = &selinux_enabled,
6941 .blobs = &selinux_blob_sizes,
7080 .init = selinux_init, 6942 .init = selinux_init,
7081}; 6943};
7082 6944
generated by cgit v1.2.2 (git 2.25.0) at 2025-10-03 22:10:57 -0400