1 files changed, 56 insertions, 0 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 79a1bb635662..a2e7a8563b38 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -110,6 +110,7 @@ enum sel_inos {
        SEL_COMPAT_NET, /* whether to use old compat network packet controls */
        SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */
        SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */
+        SEL_STATUS,     /* export current status using mmap() */
        SEL_INO_NEXT,   /* The next inode number to use */
 };
@@ -171,6 +172,7 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
                if (selinux_enforcing)
                        avc_ss_reset(0);
                selnl_notify_setenforce(selinux_enforcing);
+                selinux_status_update_setenforce(selinux_enforcing);
        }
        length = count;
 out:
@@ -205,6 +207,59 @@ static const struct file_operations sel_handle_unknown_ops = {
        .llseek         = generic_file_llseek,
 };
+static int sel_open_handle_status(struct inode *inode, struct file *filp)
+{
+        struct page    *status = selinux_kernel_status_page();
+        if (!status)
+                return -ENOMEM;
+        filp->private_data = status;
+        return 0;
+}
+static ssize_t sel_read_handle_status(struct file *filp, char __user *buf,
+                                      size_t count, loff_t *ppos)
+{
+        struct page    *status = filp->private_data;
+        BUG_ON(!status);
+        return simple_read_from_buffer(buf, count, ppos,
+                                       page_address(status),
+                                       sizeof(struct selinux_kernel_status));
+}
+static int sel_mmap_handle_status(struct file *filp,
+                                  struct vm_area_struct *vma)
+{
+        struct page    *status = filp->private_data;
+        unsigned long   size = vma->vm_end - vma->vm_start;
+        BUG_ON(!status);
+        /* only allows one page from the head */
+        if (vma->vm_pgoff > 0 || size != PAGE_SIZE)
+                return -EIO;
+        /* disallow writable mapping */
+        if (vma->vm_flags & VM_WRITE)
+                return -EPERM;
+        /* disallow mprotect() turns it into writable */
+        vma->vm_flags &= ~VM_MAYWRITE;
+        return remap_pfn_range(vma, vma->vm_start,
+                               page_to_pfn(status),
+                               size, vma->vm_page_prot);
+}
+static const struct file_operations sel_handle_status_ops = {
+        .open           = sel_open_handle_status,
+        .read           = sel_read_handle_status,
+        .mmap           = sel_mmap_handle_status,
+        .llseek         = generic_file_llseek,
+};
 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
 static ssize_t sel_write_disable(struct file *file, const char __user *buf,
                                 size_t count, loff_t *ppos)
@@ -1612,6 +1667,7 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent)
                [SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR},
                [SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO},
                [SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO},
+                [SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO},
                /* last one */ {""}
        };
        ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 79a1bb635662..a2e7a8563b38 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c
@@ -110,6 +110,7 @@ enum sel_inos {
110	SEL_COMPAT_NET, /* whether to use old compat network packet controls */	110	SEL_COMPAT_NET, /* whether to use old compat network packet controls */
111	SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */	111	SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */
112	SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */	112	SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */
		113	SEL_STATUS, /* export current status using mmap() */
113	SEL_INO_NEXT, /* The next inode number to use */	114	SEL_INO_NEXT, /* The next inode number to use */
114	};	115	};
115		116
@@ -171,6 +172,7 @@ static ssize_t sel_write_enforce(struct file file, const char __user buf,
171	if (selinux_enforcing)	172	if (selinux_enforcing)
172	avc_ss_reset(0);	173	avc_ss_reset(0);
173	selnl_notify_setenforce(selinux_enforcing);	174	selnl_notify_setenforce(selinux_enforcing);
		175	selinux_status_update_setenforce(selinux_enforcing);
174	}	176	}
175	length = count;	177	length = count;
176	out:	178	out:
@@ -205,6 +207,59 @@ static const struct file_operations sel_handle_unknown_ops = {
205	.llseek = generic_file_llseek,	207	.llseek = generic_file_llseek,
206	};	208	};
207		209
		210	static int sel_open_handle_status(struct inode inode, struct file filp)
		211	{
		212	struct page *status = selinux_kernel_status_page();
		213
		214	if (!status)
		215	return -ENOMEM;
		216
		217	filp->private_data = status;
		218
		219	return 0;
		220	}
		221
		222	static ssize_t sel_read_handle_status(struct file filp, char __user buf,
		223	size_t count, loff_t *ppos)
		224	{
		225	struct page *status = filp->private_data;
		226
		227	BUG_ON(!status);
		228
		229	return simple_read_from_buffer(buf, count, ppos,
		230	page_address(status),
		231	sizeof(struct selinux_kernel_status));
		232	}
		233
		234	static int sel_mmap_handle_status(struct file *filp,
		235	struct vm_area_struct *vma)
		236	{
		237	struct page *status = filp->private_data;
		238	unsigned long size = vma->vm_end - vma->vm_start;
		239
		240	BUG_ON(!status);
		241
		242	/* only allows one page from the head */
		243	if (vma->vm_pgoff > 0 \|\| size != PAGE_SIZE)
		244	return -EIO;
		245	/* disallow writable mapping */
		246	if (vma->vm_flags & VM_WRITE)
		247	return -EPERM;
		248	/* disallow mprotect() turns it into writable */
		249	vma->vm_flags &= ~VM_MAYWRITE;
		250
		251	return remap_pfn_range(vma, vma->vm_start,
		252	page_to_pfn(status),
		253	size, vma->vm_page_prot);
		254	}
		255
		256	static const struct file_operations sel_handle_status_ops = {
		257	.open = sel_open_handle_status,
		258	.read = sel_read_handle_status,
		259	.mmap = sel_mmap_handle_status,
		260	.llseek = generic_file_llseek,
		261	};
		262
208	#ifdef CONFIG_SECURITY_SELINUX_DISABLE	263	#ifdef CONFIG_SECURITY_SELINUX_DISABLE
209	static ssize_t sel_write_disable(struct file file, const char __user buf,	264	static ssize_t sel_write_disable(struct file file, const char __user buf,
210	size_t count, loff_t *ppos)	265	size_t count, loff_t *ppos)
@@ -1612,6 +1667,7 @@ static int sel_fill_super(struct super_block sb, void data, int silent)
1612	[SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO\|S_IWUSR},	1667	[SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO\|S_IWUSR},
1613	[SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO},	1668	[SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO},
1614	[SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO},	1669	[SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO},
		1670	[SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO},
1615	/* last one */ {""}	1671	/* last one */ {""}
1616	};	1672	};
1617	ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);	1673	ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);