aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/selinux/include/security.h2
-rw-r--r--security/selinux/selinuxfs.c67
-rw-r--r--security/selinux/ss/services.c7
3 files changed, 76 insertions, 0 deletions
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index bfe562c36469..b94378afea25 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -123,5 +123,7 @@ static inline int security_netlbl_sid_to_secattr(u32 sid,
123} 123}
124#endif /* CONFIG_NETLABEL */ 124#endif /* CONFIG_NETLABEL */
125 125
126const char *security_get_initial_sid_context(u32 sid);
127
126#endif /* _SELINUX_SECURITY_H_ */ 128#endif /* _SELINUX_SECURITY_H_ */
127 129
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 93b3177c7585..e24235c59ddf 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -102,6 +102,9 @@ enum sel_inos {
102 SEL_COMPAT_NET, /* whether to use old compat network packet controls */ 102 SEL_COMPAT_NET, /* whether to use old compat network packet controls */
103}; 103};
104 104
105#define SEL_INITCON_INO_OFFSET 0x01000000
106#define SEL_INO_MASK 0x00ffffff
107
105#define TMPBUFLEN 12 108#define TMPBUFLEN 12
106static ssize_t sel_read_enforce(struct file *filp, char __user *buf, 109static ssize_t sel_read_enforce(struct file *filp, char __user *buf,
107 size_t count, loff_t *ppos) 110 size_t count, loff_t *ppos)
@@ -1240,6 +1243,55 @@ out:
1240 return ret; 1243 return ret;
1241} 1244}
1242 1245
1246static ssize_t sel_read_initcon(struct file * file, char __user *buf,
1247 size_t count, loff_t *ppos)
1248{
1249 struct inode *inode;
1250 char *con;
1251 u32 sid, len;
1252 ssize_t ret;
1253
1254 inode = file->f_path.dentry->d_inode;
1255 sid = inode->i_ino&SEL_INO_MASK;
1256 ret = security_sid_to_context(sid, &con, &len);
1257 if (ret < 0)
1258 return ret;
1259
1260 ret = simple_read_from_buffer(buf, count, ppos, con, len);
1261 kfree(con);
1262 return ret;
1263}
1264
1265static const struct file_operations sel_initcon_ops = {
1266 .read = sel_read_initcon,
1267};
1268
1269static int sel_make_initcon_files(struct dentry *dir)
1270{
1271 int i, ret = 0;
1272
1273 for (i = 1; i <= SECINITSID_NUM; i++) {
1274 struct inode *inode;
1275 struct dentry *dentry;
1276 dentry = d_alloc_name(dir, security_get_initial_sid_context(i));
1277 if (!dentry) {
1278 ret = -ENOMEM;
1279 goto out;
1280 }
1281
1282 inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1283 if (!inode) {
1284 ret = -ENOMEM;
1285 goto out;
1286 }
1287 inode->i_fop = &sel_initcon_ops;
1288 inode->i_ino = i|SEL_INITCON_INO_OFFSET;
1289 d_add(dentry, inode);
1290 }
1291out:
1292 return ret;
1293}
1294
1243static int sel_make_dir(struct inode *dir, struct dentry *dentry) 1295static int sel_make_dir(struct inode *dir, struct dentry *dentry)
1244{ 1296{
1245 int ret = 0; 1297 int ret = 0;
@@ -1336,6 +1388,21 @@ static int sel_fill_super(struct super_block * sb, void * data, int silent)
1336 ret = sel_make_avc_files(dentry); 1388 ret = sel_make_avc_files(dentry);
1337 if (ret) 1389 if (ret)
1338 goto err; 1390 goto err;
1391
1392 dentry = d_alloc_name(sb->s_root, "initial_contexts");
1393 if (!dentry) {
1394 ret = -ENOMEM;
1395 goto err;
1396 }
1397
1398 ret = sel_make_dir(root_inode, dentry);
1399 if (ret)
1400 goto err;
1401
1402 ret = sel_make_initcon_files(dentry);
1403 if (ret)
1404 goto err;
1405
1339out: 1406out:
1340 return ret; 1407 return ret;
1341err: 1408err:
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index d3698568a213..21b8318979e3 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -593,6 +593,13 @@ static int context_struct_to_string(struct context *context, char **scontext, u3
593 593
594#include "initial_sid_to_string.h" 594#include "initial_sid_to_string.h"
595 595
596const char *security_get_initial_sid_context(u32 sid)
597{
598 if (unlikely(sid > SECINITSID_NUM))
599 return NULL;
600 return initial_sid_to_string[sid];
601}
602
596/** 603/**
597 * security_sid_to_context - Obtain a context for a given SID. 604 * security_sid_to_context - Obtain a context for a given SID.
598 * @sid: security identifier, SID 605 * @sid: security identifier, SID