aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux')
-rw-r--r--security/selinux/selinuxfs.c112
1 files changed, 57 insertions, 55 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 6c05e30e8b49..893b3db0bad2 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -1,16 +1,16 @@
1/* Updated: Karl MacMillan <kmacmillan@tresys.com> 1/* Updated: Karl MacMillan <kmacmillan@tresys.com>
2 * 2 *
3 * Added conditional policy language extensions 3 * Added conditional policy language extensions
4 * 4 *
5 * Updated: Hewlett-Packard <paul.moore@hp.com> 5 * Updated: Hewlett-Packard <paul.moore@hp.com>
6 * 6 *
7 * Added support for the policy capability bitmap 7 * Added support for the policy capability bitmap
8 * 8 *
9 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 9 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
10 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 10 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
11 * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com> 11 * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
12 * This program is free software; you can redistribute it and/or modify 12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by 13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation, version 2. 14 * the Free Software Foundation, version 2.
15 */ 15 */
16 16
@@ -58,14 +58,14 @@ int selinux_compat_net = SELINUX_COMPAT_NET_VALUE;
58 58
59static int __init checkreqprot_setup(char *str) 59static int __init checkreqprot_setup(char *str)
60{ 60{
61 selinux_checkreqprot = simple_strtoul(str,NULL,0) ? 1 : 0; 61 selinux_checkreqprot = simple_strtoul(str, NULL, 0) ? 1 : 0;
62 return 1; 62 return 1;
63} 63}
64__setup("checkreqprot=", checkreqprot_setup); 64__setup("checkreqprot=", checkreqprot_setup);
65 65
66static int __init selinux_compat_net_setup(char *str) 66static int __init selinux_compat_net_setup(char *str)
67{ 67{
68 selinux_compat_net = simple_strtoul(str,NULL,0) ? 1 : 0; 68 selinux_compat_net = simple_strtoul(str, NULL, 0) ? 1 : 0;
69 return 1; 69 return 1;
70} 70}
71__setup("selinux_compat_net=", selinux_compat_net_setup); 71__setup("selinux_compat_net=", selinux_compat_net_setup);
@@ -74,17 +74,17 @@ __setup("selinux_compat_net=", selinux_compat_net_setup);
74static DEFINE_MUTEX(sel_mutex); 74static DEFINE_MUTEX(sel_mutex);
75 75
76/* global data for booleans */ 76/* global data for booleans */
77static struct dentry *bool_dir = NULL; 77static struct dentry *bool_dir;
78static int bool_num = 0; 78static int bool_num;
79static char **bool_pending_names; 79static char **bool_pending_names;
80static int *bool_pending_values = NULL; 80static int *bool_pending_values;
81 81
82/* global data for classes */ 82/* global data for classes */
83static struct dentry *class_dir = NULL; 83static struct dentry *class_dir;
84static unsigned long last_class_ino; 84static unsigned long last_class_ino;
85 85
86/* global data for policy capabilities */ 86/* global data for policy capabilities */
87static struct dentry *policycap_dir = NULL; 87static struct dentry *policycap_dir;
88 88
89extern void selnl_notify_setenforce(int val); 89extern void selnl_notify_setenforce(int val);
90 90
@@ -143,7 +143,7 @@ static ssize_t sel_read_enforce(struct file *filp, char __user *buf,
143} 143}
144 144
145#ifdef CONFIG_SECURITY_SELINUX_DEVELOP 145#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
146static ssize_t sel_write_enforce(struct file * file, const char __user * buf, 146static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
147 size_t count, loff_t *ppos) 147 size_t count, loff_t *ppos)
148 148
149{ 149{
@@ -157,7 +157,7 @@ static ssize_t sel_write_enforce(struct file * file, const char __user * buf,
157 /* No partial writes. */ 157 /* No partial writes. */
158 return -EINVAL; 158 return -EINVAL;
159 } 159 }
160 page = (char*)get_zeroed_page(GFP_KERNEL); 160 page = (char *)get_zeroed_page(GFP_KERNEL);
161 if (!page) 161 if (!page)
162 return -ENOMEM; 162 return -ENOMEM;
163 length = -EFAULT; 163 length = -EFAULT;
@@ -214,7 +214,7 @@ static const struct file_operations sel_handle_unknown_ops = {
214}; 214};
215 215
216#ifdef CONFIG_SECURITY_SELINUX_DISABLE 216#ifdef CONFIG_SECURITY_SELINUX_DISABLE
217static ssize_t sel_write_disable(struct file * file, const char __user * buf, 217static ssize_t sel_write_disable(struct file *file, const char __user *buf,
218 size_t count, loff_t *ppos) 218 size_t count, loff_t *ppos)
219 219
220{ 220{
@@ -229,7 +229,7 @@ static ssize_t sel_write_disable(struct file * file, const char __user * buf,
229 /* No partial writes. */ 229 /* No partial writes. */
230 return -EINVAL; 230 return -EINVAL;
231 } 231 }
232 page = (char*)get_zeroed_page(GFP_KERNEL); 232 page = (char *)get_zeroed_page(GFP_KERNEL);
233 if (!page) 233 if (!page)
234 return -ENOMEM; 234 return -ENOMEM;
235 length = -EFAULT; 235 length = -EFAULT;
@@ -264,7 +264,7 @@ static const struct file_operations sel_disable_ops = {
264}; 264};
265 265
266static ssize_t sel_read_policyvers(struct file *filp, char __user *buf, 266static ssize_t sel_read_policyvers(struct file *filp, char __user *buf,
267 size_t count, loff_t *ppos) 267 size_t count, loff_t *ppos)
268{ 268{
269 char tmpbuf[TMPBUFLEN]; 269 char tmpbuf[TMPBUFLEN];
270 ssize_t length; 270 ssize_t length;
@@ -300,7 +300,7 @@ static const struct file_operations sel_mls_ops = {
300 .read = sel_read_mls, 300 .read = sel_read_mls,
301}; 301};
302 302
303static ssize_t sel_write_load(struct file * file, const char __user * buf, 303static ssize_t sel_write_load(struct file *file, const char __user *buf,
304 size_t count, loff_t *ppos) 304 size_t count, loff_t *ppos)
305 305
306{ 306{
@@ -372,7 +372,7 @@ static const struct file_operations sel_load_ops = {
372 .write = sel_write_load, 372 .write = sel_write_load,
373}; 373};
374 374
375static ssize_t sel_write_context(struct file * file, char *buf, size_t size) 375static ssize_t sel_write_context(struct file *file, char *buf, size_t size)
376{ 376{
377 char *canon; 377 char *canon;
378 u32 sid, len; 378 u32 sid, len;
@@ -414,7 +414,7 @@ static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf,
414 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 414 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
415} 415}
416 416
417static ssize_t sel_write_checkreqprot(struct file * file, const char __user * buf, 417static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
418 size_t count, loff_t *ppos) 418 size_t count, loff_t *ppos)
419{ 419{
420 char *page; 420 char *page;
@@ -431,7 +431,7 @@ static ssize_t sel_write_checkreqprot(struct file * file, const char __user * bu
431 /* No partial writes. */ 431 /* No partial writes. */
432 return -EINVAL; 432 return -EINVAL;
433 } 433 }
434 page = (char*)get_zeroed_page(GFP_KERNEL); 434 page = (char *)get_zeroed_page(GFP_KERNEL);
435 if (!page) 435 if (!page)
436 return -ENOMEM; 436 return -ENOMEM;
437 length = -EFAULT; 437 length = -EFAULT;
@@ -463,7 +463,7 @@ static ssize_t sel_read_compat_net(struct file *filp, char __user *buf,
463 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 463 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
464} 464}
465 465
466static ssize_t sel_write_compat_net(struct file * file, const char __user * buf, 466static ssize_t sel_write_compat_net(struct file *file, const char __user *buf,
467 size_t count, loff_t *ppos) 467 size_t count, loff_t *ppos)
468{ 468{
469 char *page; 469 char *page;
@@ -480,7 +480,7 @@ static ssize_t sel_write_compat_net(struct file * file, const char __user * buf,
480 /* No partial writes. */ 480 /* No partial writes. */
481 return -EINVAL; 481 return -EINVAL;
482 } 482 }
483 page = (char*)get_zeroed_page(GFP_KERNEL); 483 page = (char *)get_zeroed_page(GFP_KERNEL);
484 if (!page) 484 if (!page)
485 return -ENOMEM; 485 return -ENOMEM;
486 length = -EFAULT; 486 length = -EFAULT;
@@ -505,11 +505,11 @@ static const struct file_operations sel_compat_net_ops = {
505/* 505/*
506 * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c 506 * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c
507 */ 507 */
508static ssize_t sel_write_access(struct file * file, char *buf, size_t size); 508static ssize_t sel_write_access(struct file *file, char *buf, size_t size);
509static ssize_t sel_write_create(struct file * file, char *buf, size_t size); 509static ssize_t sel_write_create(struct file *file, char *buf, size_t size);
510static ssize_t sel_write_relabel(struct file * file, char *buf, size_t size); 510static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size);
511static ssize_t sel_write_user(struct file * file, char *buf, size_t size); 511static ssize_t sel_write_user(struct file *file, char *buf, size_t size);
512static ssize_t sel_write_member(struct file * file, char *buf, size_t size); 512static ssize_t sel_write_member(struct file *file, char *buf, size_t size);
513 513
514static ssize_t (*write_op[])(struct file *, char *, size_t) = { 514static ssize_t (*write_op[])(struct file *, char *, size_t) = {
515 [SEL_ACCESS] = sel_write_access, 515 [SEL_ACCESS] = sel_write_access,
@@ -522,7 +522,7 @@ static ssize_t (*write_op[])(struct file *, char *, size_t) = {
522 522
523static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos) 523static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos)
524{ 524{
525 ino_t ino = file->f_path.dentry->d_inode->i_ino; 525 ino_t ino = file->f_path.dentry->d_inode->i_ino;
526 char *data; 526 char *data;
527 ssize_t rv; 527 ssize_t rv;
528 528
@@ -533,8 +533,8 @@ static ssize_t selinux_transaction_write(struct file *file, const char __user *b
533 if (IS_ERR(data)) 533 if (IS_ERR(data))
534 return PTR_ERR(data); 534 return PTR_ERR(data);
535 535
536 rv = write_op[ino](file, data, size); 536 rv = write_op[ino](file, data, size);
537 if (rv>0) { 537 if (rv > 0) {
538 simple_transaction_set(file, rv); 538 simple_transaction_set(file, rv);
539 rv = size; 539 rv = size;
540 } 540 }
@@ -553,7 +553,7 @@ static const struct file_operations transaction_ops = {
553 * and the length returned. Otherwise return 0 or and -error. 553 * and the length returned. Otherwise return 0 or and -error.
554 */ 554 */
555 555
556static ssize_t sel_write_access(struct file * file, char *buf, size_t size) 556static ssize_t sel_write_access(struct file *file, char *buf, size_t size)
557{ 557{
558 char *scon, *tcon; 558 char *scon, *tcon;
559 u32 ssid, tsid; 559 u32 ssid, tsid;
@@ -602,7 +602,7 @@ out:
602 return length; 602 return length;
603} 603}
604 604
605static ssize_t sel_write_create(struct file * file, char *buf, size_t size) 605static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
606{ 606{
607 char *scon, *tcon; 607 char *scon, *tcon;
608 u32 ssid, tsid, newsid; 608 u32 ssid, tsid, newsid;
@@ -661,7 +661,7 @@ out:
661 return length; 661 return length;
662} 662}
663 663
664static ssize_t sel_write_relabel(struct file * file, char *buf, size_t size) 664static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size)
665{ 665{
666 char *scon, *tcon; 666 char *scon, *tcon;
667 u32 ssid, tsid, newsid; 667 u32 ssid, tsid, newsid;
@@ -718,7 +718,7 @@ out:
718 return length; 718 return length;
719} 719}
720 720
721static ssize_t sel_write_user(struct file * file, char *buf, size_t size) 721static ssize_t sel_write_user(struct file *file, char *buf, size_t size)
722{ 722{
723 char *con, *user, *ptr; 723 char *con, *user, *ptr;
724 u32 sid, *sids; 724 u32 sid, *sids;
@@ -779,7 +779,7 @@ out:
779 return length; 779 return length;
780} 780}
781 781
782static ssize_t sel_write_member(struct file * file, char *buf, size_t size) 782static ssize_t sel_write_member(struct file *file, char *buf, size_t size)
783{ 783{
784 char *scon, *tcon; 784 char *scon, *tcon;
785 u32 ssid, tsid, newsid; 785 u32 ssid, tsid, newsid;
@@ -873,7 +873,8 @@ static ssize_t sel_read_bool(struct file *filep, char __user *buf,
873 ret = -EINVAL; 873 ret = -EINVAL;
874 goto out; 874 goto out;
875 } 875 }
876 if (!(page = (char*)get_zeroed_page(GFP_KERNEL))) { 876 page = (char *)get_zeroed_page(GFP_KERNEL);
877 if (!page) {
877 ret = -ENOMEM; 878 ret = -ENOMEM;
878 goto out; 879 goto out;
879 } 880 }
@@ -924,7 +925,7 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf,
924 length = -EINVAL; 925 length = -EINVAL;
925 goto out; 926 goto out;
926 } 927 }
927 page = (char*)get_zeroed_page(GFP_KERNEL); 928 page = (char *)get_zeroed_page(GFP_KERNEL);
928 if (!page) { 929 if (!page) {
929 length = -ENOMEM; 930 length = -ENOMEM;
930 goto out; 931 goto out;
@@ -952,8 +953,8 @@ out:
952} 953}
953 954
954static const struct file_operations sel_bool_ops = { 955static const struct file_operations sel_bool_ops = {
955 .read = sel_read_bool, 956 .read = sel_read_bool,
956 .write = sel_write_bool, 957 .write = sel_write_bool,
957}; 958};
958 959
959static ssize_t sel_commit_bools_write(struct file *filep, 960static ssize_t sel_commit_bools_write(struct file *filep,
@@ -978,7 +979,7 @@ static ssize_t sel_commit_bools_write(struct file *filep,
978 /* No partial writes. */ 979 /* No partial writes. */
979 goto out; 980 goto out;
980 } 981 }
981 page = (char*)get_zeroed_page(GFP_KERNEL); 982 page = (char *)get_zeroed_page(GFP_KERNEL);
982 if (!page) { 983 if (!page) {
983 length = -ENOMEM; 984 length = -ENOMEM;
984 goto out; 985 goto out;
@@ -992,9 +993,8 @@ static ssize_t sel_commit_bools_write(struct file *filep,
992 if (sscanf(page, "%d", &new_value) != 1) 993 if (sscanf(page, "%d", &new_value) != 1)
993 goto out; 994 goto out;
994 995
995 if (new_value && bool_pending_values) { 996 if (new_value && bool_pending_values)
996 security_set_bools(bool_num, bool_pending_values); 997 security_set_bools(bool_num, bool_pending_values);
997 }
998 998
999 length = count; 999 length = count;
1000 1000
@@ -1006,7 +1006,7 @@ out:
1006} 1006}
1007 1007
1008static const struct file_operations sel_commit_bools_ops = { 1008static const struct file_operations sel_commit_bools_ops = {
1009 .write = sel_commit_bools_write, 1009 .write = sel_commit_bools_write,
1010}; 1010};
1011 1011
1012static void sel_remove_entries(struct dentry *de) 1012static void sel_remove_entries(struct dentry *de)
@@ -1056,7 +1056,8 @@ static int sel_make_bools(void)
1056 1056
1057 sel_remove_entries(dir); 1057 sel_remove_entries(dir);
1058 1058
1059 if (!(page = (char*)get_zeroed_page(GFP_KERNEL))) 1059 page = (char *)get_zeroed_page(GFP_KERNEL);
1060 if (!page)
1060 return -ENOMEM; 1061 return -ENOMEM;
1061 1062
1062 ret = security_get_bools(&num, &names, &values); 1063 ret = security_get_bools(&num, &names, &values);
@@ -1083,8 +1084,9 @@ static int sel_make_bools(void)
1083 ret = -ENAMETOOLONG; 1084 ret = -ENAMETOOLONG;
1084 goto err; 1085 goto err;
1085 } 1086 }
1086 isec = (struct inode_security_struct*)inode->i_security; 1087 isec = (struct inode_security_struct *)inode->i_security;
1087 if ((ret = security_genfs_sid("selinuxfs", page, SECCLASS_FILE, &sid))) 1088 ret = security_genfs_sid("selinuxfs", page, SECCLASS_FILE, &sid);
1089 if (ret)
1088 goto err; 1090 goto err;
1089 isec->sid = sid; 1091 isec->sid = sid;
1090 isec->initialized = 1; 1092 isec->initialized = 1;
@@ -1112,7 +1114,7 @@ err:
1112 1114
1113#define NULL_FILE_NAME "null" 1115#define NULL_FILE_NAME "null"
1114 1116
1115struct dentry *selinux_null = NULL; 1117struct dentry *selinux_null;
1116 1118
1117static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf, 1119static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf,
1118 size_t count, loff_t *ppos) 1120 size_t count, loff_t *ppos)
@@ -1124,8 +1126,8 @@ static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf,
1124 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); 1126 return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
1125} 1127}
1126 1128
1127static ssize_t sel_write_avc_cache_threshold(struct file * file, 1129static ssize_t sel_write_avc_cache_threshold(struct file *file,
1128 const char __user * buf, 1130 const char __user *buf,
1129 size_t count, loff_t *ppos) 1131 size_t count, loff_t *ppos)
1130 1132
1131{ 1133{
@@ -1144,7 +1146,7 @@ static ssize_t sel_write_avc_cache_threshold(struct file * file,
1144 goto out; 1146 goto out;
1145 } 1147 }
1146 1148
1147 page = (char*)get_zeroed_page(GFP_KERNEL); 1149 page = (char *)get_zeroed_page(GFP_KERNEL);
1148 if (!page) { 1150 if (!page) {
1149 ret = -ENOMEM; 1151 ret = -ENOMEM;
1150 goto out; 1152 goto out;
@@ -1302,7 +1304,7 @@ out:
1302 return ret; 1304 return ret;
1303} 1305}
1304 1306
1305static ssize_t sel_read_initcon(struct file * file, char __user *buf, 1307static ssize_t sel_read_initcon(struct file *file, char __user *buf,
1306 size_t count, loff_t *ppos) 1308 size_t count, loff_t *ppos)
1307{ 1309{
1308 struct inode *inode; 1310 struct inode *inode;
@@ -1376,7 +1378,7 @@ static inline u32 sel_ino_to_perm(unsigned long ino)
1376 return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1); 1378 return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1);
1377} 1379}
1378 1380
1379static ssize_t sel_read_class(struct file * file, char __user *buf, 1381static ssize_t sel_read_class(struct file *file, char __user *buf,
1380 size_t count, loff_t *ppos) 1382 size_t count, loff_t *ppos)
1381{ 1383{
1382 ssize_t rc, len; 1384 ssize_t rc, len;
@@ -1400,7 +1402,7 @@ static const struct file_operations sel_class_ops = {
1400 .read = sel_read_class, 1402 .read = sel_read_class,
1401}; 1403};
1402 1404
1403static ssize_t sel_read_perm(struct file * file, char __user *buf, 1405static ssize_t sel_read_perm(struct file *file, char __user *buf,
1404 size_t count, loff_t *ppos) 1406 size_t count, loff_t *ppos)
1405{ 1407{
1406 ssize_t rc, len; 1408 ssize_t rc, len;
@@ -1413,7 +1415,7 @@ static ssize_t sel_read_perm(struct file * file, char __user *buf,
1413 goto out; 1415 goto out;
1414 } 1416 }
1415 1417
1416 len = snprintf(page, PAGE_SIZE,"%d", sel_ino_to_perm(ino)); 1418 len = snprintf(page, PAGE_SIZE, "%d", sel_ino_to_perm(ino));
1417 rc = simple_read_from_buffer(buf, count, ppos, page, len); 1419 rc = simple_read_from_buffer(buf, count, ppos, page, len);
1418 free_page((unsigned long)page); 1420 free_page((unsigned long)page);
1419out: 1421out:
@@ -1641,7 +1643,7 @@ out:
1641 return ret; 1643 return ret;
1642} 1644}
1643 1645
1644static int sel_fill_super(struct super_block * sb, void * data, int silent) 1646static int sel_fill_super(struct super_block *sb, void *data, int silent)
1645{ 1647{
1646 int ret; 1648 int ret;
1647 struct dentry *dentry; 1649 struct dentry *dentry;
@@ -1697,7 +1699,7 @@ static int sel_fill_super(struct super_block * sb, void * data, int silent)
1697 goto err; 1699 goto err;
1698 } 1700 }
1699 inode->i_ino = ++sel_last_ino; 1701 inode->i_ino = ++sel_last_ino;
1700 isec = (struct inode_security_struct*)inode->i_security; 1702 isec = (struct inode_security_struct *)inode->i_security;
1701 isec->sid = SECINITSID_DEVNULL; 1703 isec->sid = SECINITSID_DEVNULL;
1702 isec->sclass = SECCLASS_CHR_FILE; 1704 isec->sclass = SECCLASS_CHR_FILE;
1703 isec->initialized = 1; 1705 isec->initialized = 1;