diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/Kconfig | 10 | ||||
-rw-r--r-- | security/Makefile | 11 | ||||
-rw-r--r-- | security/capability.c | 1043 | ||||
-rw-r--r-- | security/commoncap.c | 16 | ||||
-rw-r--r-- | security/device_cgroup.c | 8 | ||||
-rw-r--r-- | security/dummy.c | 1251 | ||||
-rw-r--r-- | security/root_plug.c | 9 | ||||
-rw-r--r-- | security/security.c | 66 | ||||
-rw-r--r-- | security/selinux/hooks.c | 222 | ||||
-rw-r--r-- | security/selinux/include/audit.h | 4 | ||||
-rw-r--r-- | security/selinux/include/avc.h | 15 | ||||
-rw-r--r-- | security/selinux/include/objsec.h | 1 | ||||
-rw-r--r-- | security/selinux/include/security.h | 5 | ||||
-rw-r--r-- | security/selinux/netnode.c | 1 | ||||
-rw-r--r-- | security/selinux/netport.c | 3 | ||||
-rw-r--r-- | security/selinux/selinuxfs.c | 15 | ||||
-rw-r--r-- | security/selinux/ss/avtab.c | 2 | ||||
-rw-r--r-- | security/selinux/ss/context.h | 27 | ||||
-rw-r--r-- | security/selinux/ss/mls.c | 19 | ||||
-rw-r--r-- | security/selinux/ss/mls.h | 3 | ||||
-rw-r--r-- | security/selinux/ss/policydb.c | 15 | ||||
-rw-r--r-- | security/selinux/ss/services.c | 423 | ||||
-rw-r--r-- | security/selinux/ss/sidtab.c | 76 | ||||
-rw-r--r-- | security/selinux/ss/sidtab.h | 7 | ||||
-rw-r--r-- | security/smack/smack_lsm.c | 28 |
25 files changed, 1513 insertions, 1767 deletions
diff --git a/security/Kconfig b/security/Kconfig index 49b51f964897..62ed4717d334 100644 --- a/security/Kconfig +++ b/security/Kconfig | |||
@@ -73,17 +73,9 @@ config SECURITY_NETWORK_XFRM | |||
73 | IPSec. | 73 | IPSec. |
74 | If you are unsure how to answer this question, answer N. | 74 | If you are unsure how to answer this question, answer N. |
75 | 75 | ||
76 | config SECURITY_CAPABILITIES | ||
77 | bool "Default Linux Capabilities" | ||
78 | depends on SECURITY | ||
79 | default y | ||
80 | help | ||
81 | This enables the "default" Linux capabilities functionality. | ||
82 | If you are unsure how to answer this question, answer Y. | ||
83 | |||
84 | config SECURITY_FILE_CAPABILITIES | 76 | config SECURITY_FILE_CAPABILITIES |
85 | bool "File POSIX Capabilities (EXPERIMENTAL)" | 77 | bool "File POSIX Capabilities (EXPERIMENTAL)" |
86 | depends on (SECURITY=n || SECURITY_CAPABILITIES!=n) && EXPERIMENTAL | 78 | depends on EXPERIMENTAL |
87 | default n | 79 | default n |
88 | help | 80 | help |
89 | This enables filesystem capabilities, allowing you to give | 81 | This enables filesystem capabilities, allowing you to give |
diff --git a/security/Makefile b/security/Makefile index 7ef1107a7287..f65426099aa6 100644 --- a/security/Makefile +++ b/security/Makefile | |||
@@ -6,16 +6,13 @@ obj-$(CONFIG_KEYS) += keys/ | |||
6 | subdir-$(CONFIG_SECURITY_SELINUX) += selinux | 6 | subdir-$(CONFIG_SECURITY_SELINUX) += selinux |
7 | subdir-$(CONFIG_SECURITY_SMACK) += smack | 7 | subdir-$(CONFIG_SECURITY_SMACK) += smack |
8 | 8 | ||
9 | # if we don't select a security model, use the default capabilities | 9 | # always enable default capabilities |
10 | ifneq ($(CONFIG_SECURITY),y) | ||
11 | obj-y += commoncap.o | 10 | obj-y += commoncap.o |
12 | endif | ||
13 | 11 | ||
14 | # Object file lists | 12 | # Object file lists |
15 | obj-$(CONFIG_SECURITY) += security.o dummy.o inode.o | 13 | obj-$(CONFIG_SECURITY) += security.o capability.o inode.o |
16 | # Must precede capability.o in order to stack properly. | 14 | # Must precede capability.o in order to stack properly. |
17 | obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o | 15 | obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o |
18 | obj-$(CONFIG_SECURITY_SMACK) += commoncap.o smack/built-in.o | 16 | obj-$(CONFIG_SECURITY_SMACK) += smack/built-in.o |
19 | obj-$(CONFIG_SECURITY_CAPABILITIES) += commoncap.o capability.o | 17 | obj-$(CONFIG_SECURITY_ROOTPLUG) += root_plug.o |
20 | obj-$(CONFIG_SECURITY_ROOTPLUG) += commoncap.o root_plug.o | ||
21 | obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o | 18 | obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o |
diff --git a/security/capability.c b/security/capability.c index 38ac54e3aed1..5b01c0b02422 100644 --- a/security/capability.c +++ b/security/capability.c | |||
@@ -1,6 +1,8 @@ | |||
1 | /* | 1 | /* |
2 | * Capabilities Linux Security Module | 2 | * Capabilities Linux Security Module |
3 | * | 3 | * |
4 | * This is the default security module in case no other module is loaded. | ||
5 | * | ||
4 | * This program is free software; you can redistribute it and/or modify | 6 | * This program is free software; you can redistribute it and/or modify |
5 | * it under the terms of the GNU General Public License as published by | 7 | * it under the terms of the GNU General Public License as published by |
6 | * the Free Software Foundation; either version 2 of the License, or | 8 | * the Free Software Foundation; either version 2 of the License, or |
@@ -8,75 +10,988 @@ | |||
8 | * | 10 | * |
9 | */ | 11 | */ |
10 | 12 | ||
11 | #include <linux/init.h> | ||
12 | #include <linux/kernel.h> | ||
13 | #include <linux/security.h> | 13 | #include <linux/security.h> |
14 | #include <linux/file.h> | ||
15 | #include <linux/mm.h> | ||
16 | #include <linux/mman.h> | ||
17 | #include <linux/pagemap.h> | ||
18 | #include <linux/swap.h> | ||
19 | #include <linux/skbuff.h> | ||
20 | #include <linux/netlink.h> | ||
21 | #include <linux/ptrace.h> | ||
22 | #include <linux/moduleparam.h> | ||
23 | |||
24 | static struct security_operations capability_ops = { | ||
25 | .ptrace = cap_ptrace, | ||
26 | .capget = cap_capget, | ||
27 | .capset_check = cap_capset_check, | ||
28 | .capset_set = cap_capset_set, | ||
29 | .capable = cap_capable, | ||
30 | .settime = cap_settime, | ||
31 | .netlink_send = cap_netlink_send, | ||
32 | .netlink_recv = cap_netlink_recv, | ||
33 | |||
34 | .bprm_apply_creds = cap_bprm_apply_creds, | ||
35 | .bprm_set_security = cap_bprm_set_security, | ||
36 | .bprm_secureexec = cap_bprm_secureexec, | ||
37 | |||
38 | .inode_setxattr = cap_inode_setxattr, | ||
39 | .inode_removexattr = cap_inode_removexattr, | ||
40 | .inode_need_killpriv = cap_inode_need_killpriv, | ||
41 | .inode_killpriv = cap_inode_killpriv, | ||
42 | |||
43 | .task_setscheduler = cap_task_setscheduler, | ||
44 | .task_setioprio = cap_task_setioprio, | ||
45 | .task_setnice = cap_task_setnice, | ||
46 | .task_post_setuid = cap_task_post_setuid, | ||
47 | .task_prctl = cap_task_prctl, | ||
48 | .task_reparent_to_init = cap_task_reparent_to_init, | ||
49 | |||
50 | .syslog = cap_syslog, | ||
51 | |||
52 | .vm_enough_memory = cap_vm_enough_memory, | ||
53 | }; | ||
54 | 14 | ||
55 | /* flag to keep track of how we were registered */ | 15 | static int cap_acct(struct file *file) |
56 | static int secondary; | 16 | { |
17 | return 0; | ||
18 | } | ||
19 | |||
20 | static int cap_sysctl(ctl_table *table, int op) | ||
21 | { | ||
22 | return 0; | ||
23 | } | ||
24 | |||
25 | static int cap_quotactl(int cmds, int type, int id, struct super_block *sb) | ||
26 | { | ||
27 | return 0; | ||
28 | } | ||
29 | |||
30 | static int cap_quota_on(struct dentry *dentry) | ||
31 | { | ||
32 | return 0; | ||
33 | } | ||
34 | |||
35 | static int cap_bprm_alloc_security(struct linux_binprm *bprm) | ||
36 | { | ||
37 | return 0; | ||
38 | } | ||
39 | |||
40 | static void cap_bprm_free_security(struct linux_binprm *bprm) | ||
41 | { | ||
42 | } | ||
43 | |||
44 | static void cap_bprm_post_apply_creds(struct linux_binprm *bprm) | ||
45 | { | ||
46 | } | ||
47 | |||
48 | static int cap_bprm_check_security(struct linux_binprm *bprm) | ||
49 | { | ||
50 | return 0; | ||
51 | } | ||
52 | |||
53 | static int cap_sb_alloc_security(struct super_block *sb) | ||
54 | { | ||
55 | return 0; | ||
56 | } | ||
57 | |||
58 | static void cap_sb_free_security(struct super_block *sb) | ||
59 | { | ||
60 | } | ||
61 | |||
62 | static int cap_sb_copy_data(char *orig, char *copy) | ||
63 | { | ||
64 | return 0; | ||
65 | } | ||
66 | |||
67 | static int cap_sb_kern_mount(struct super_block *sb, void *data) | ||
68 | { | ||
69 | return 0; | ||
70 | } | ||
71 | |||
72 | static int cap_sb_show_options(struct seq_file *m, struct super_block *sb) | ||
73 | { | ||
74 | return 0; | ||
75 | } | ||
76 | |||
77 | static int cap_sb_statfs(struct dentry *dentry) | ||
78 | { | ||
79 | return 0; | ||
80 | } | ||
81 | |||
82 | static int cap_sb_mount(char *dev_name, struct path *path, char *type, | ||
83 | unsigned long flags, void *data) | ||
84 | { | ||
85 | return 0; | ||
86 | } | ||
87 | |||
88 | static int cap_sb_check_sb(struct vfsmount *mnt, struct path *path) | ||
89 | { | ||
90 | return 0; | ||
91 | } | ||
92 | |||
93 | static int cap_sb_umount(struct vfsmount *mnt, int flags) | ||
94 | { | ||
95 | return 0; | ||
96 | } | ||
97 | |||
98 | static void cap_sb_umount_close(struct vfsmount *mnt) | ||
99 | { | ||
100 | } | ||
101 | |||
102 | static void cap_sb_umount_busy(struct vfsmount *mnt) | ||
103 | { | ||
104 | } | ||
105 | |||
106 | static void cap_sb_post_remount(struct vfsmount *mnt, unsigned long flags, | ||
107 | void *data) | ||
108 | { | ||
109 | } | ||
110 | |||
111 | static void cap_sb_post_addmount(struct vfsmount *mnt, struct path *path) | ||
112 | { | ||
113 | } | ||
114 | |||
115 | static int cap_sb_pivotroot(struct path *old_path, struct path *new_path) | ||
116 | { | ||
117 | return 0; | ||
118 | } | ||
119 | |||
120 | static void cap_sb_post_pivotroot(struct path *old_path, struct path *new_path) | ||
121 | { | ||
122 | } | ||
123 | |||
124 | static int cap_sb_set_mnt_opts(struct super_block *sb, | ||
125 | struct security_mnt_opts *opts) | ||
126 | { | ||
127 | if (unlikely(opts->num_mnt_opts)) | ||
128 | return -EOPNOTSUPP; | ||
129 | return 0; | ||
130 | } | ||
131 | |||
132 | static void cap_sb_clone_mnt_opts(const struct super_block *oldsb, | ||
133 | struct super_block *newsb) | ||
134 | { | ||
135 | } | ||
136 | |||
137 | static int cap_sb_parse_opts_str(char *options, struct security_mnt_opts *opts) | ||
138 | { | ||
139 | return 0; | ||
140 | } | ||
141 | |||
142 | static int cap_inode_alloc_security(struct inode *inode) | ||
143 | { | ||
144 | return 0; | ||
145 | } | ||
146 | |||
147 | static void cap_inode_free_security(struct inode *inode) | ||
148 | { | ||
149 | } | ||
150 | |||
151 | static int cap_inode_init_security(struct inode *inode, struct inode *dir, | ||
152 | char **name, void **value, size_t *len) | ||
153 | { | ||
154 | return -EOPNOTSUPP; | ||
155 | } | ||
156 | |||
157 | static int cap_inode_create(struct inode *inode, struct dentry *dentry, | ||
158 | int mask) | ||
159 | { | ||
160 | return 0; | ||
161 | } | ||
162 | |||
163 | static int cap_inode_link(struct dentry *old_dentry, struct inode *inode, | ||
164 | struct dentry *new_dentry) | ||
165 | { | ||
166 | return 0; | ||
167 | } | ||
168 | |||
169 | static int cap_inode_unlink(struct inode *inode, struct dentry *dentry) | ||
170 | { | ||
171 | return 0; | ||
172 | } | ||
173 | |||
174 | static int cap_inode_symlink(struct inode *inode, struct dentry *dentry, | ||
175 | const char *name) | ||
176 | { | ||
177 | return 0; | ||
178 | } | ||
179 | |||
180 | static int cap_inode_mkdir(struct inode *inode, struct dentry *dentry, | ||
181 | int mask) | ||
182 | { | ||
183 | return 0; | ||
184 | } | ||
185 | |||
186 | static int cap_inode_rmdir(struct inode *inode, struct dentry *dentry) | ||
187 | { | ||
188 | return 0; | ||
189 | } | ||
190 | |||
191 | static int cap_inode_mknod(struct inode *inode, struct dentry *dentry, | ||
192 | int mode, dev_t dev) | ||
193 | { | ||
194 | return 0; | ||
195 | } | ||
196 | |||
197 | static int cap_inode_rename(struct inode *old_inode, struct dentry *old_dentry, | ||
198 | struct inode *new_inode, struct dentry *new_dentry) | ||
199 | { | ||
200 | return 0; | ||
201 | } | ||
202 | |||
203 | static int cap_inode_readlink(struct dentry *dentry) | ||
204 | { | ||
205 | return 0; | ||
206 | } | ||
207 | |||
208 | static int cap_inode_follow_link(struct dentry *dentry, | ||
209 | struct nameidata *nameidata) | ||
210 | { | ||
211 | return 0; | ||
212 | } | ||
213 | |||
214 | static int cap_inode_permission(struct inode *inode, int mask, | ||
215 | struct nameidata *nd) | ||
216 | { | ||
217 | return 0; | ||
218 | } | ||
219 | |||
220 | static int cap_inode_setattr(struct dentry *dentry, struct iattr *iattr) | ||
221 | { | ||
222 | return 0; | ||
223 | } | ||
224 | |||
225 | static int cap_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) | ||
226 | { | ||
227 | return 0; | ||
228 | } | ||
229 | |||
230 | static void cap_inode_delete(struct inode *ino) | ||
231 | { | ||
232 | } | ||
233 | |||
234 | static void cap_inode_post_setxattr(struct dentry *dentry, const char *name, | ||
235 | const void *value, size_t size, int flags) | ||
236 | { | ||
237 | } | ||
238 | |||
239 | static int cap_inode_getxattr(struct dentry *dentry, const char *name) | ||
240 | { | ||
241 | return 0; | ||
242 | } | ||
243 | |||
244 | static int cap_inode_listxattr(struct dentry *dentry) | ||
245 | { | ||
246 | return 0; | ||
247 | } | ||
248 | |||
249 | static int cap_inode_getsecurity(const struct inode *inode, const char *name, | ||
250 | void **buffer, bool alloc) | ||
251 | { | ||
252 | return -EOPNOTSUPP; | ||
253 | } | ||
254 | |||
255 | static int cap_inode_setsecurity(struct inode *inode, const char *name, | ||
256 | const void *value, size_t size, int flags) | ||
257 | { | ||
258 | return -EOPNOTSUPP; | ||
259 | } | ||
260 | |||
261 | static int cap_inode_listsecurity(struct inode *inode, char *buffer, | ||
262 | size_t buffer_size) | ||
263 | { | ||
264 | return 0; | ||
265 | } | ||
266 | |||
267 | static void cap_inode_getsecid(const struct inode *inode, u32 *secid) | ||
268 | { | ||
269 | *secid = 0; | ||
270 | } | ||
271 | |||
272 | static int cap_file_permission(struct file *file, int mask) | ||
273 | { | ||
274 | return 0; | ||
275 | } | ||
276 | |||
277 | static int cap_file_alloc_security(struct file *file) | ||
278 | { | ||
279 | return 0; | ||
280 | } | ||
281 | |||
282 | static void cap_file_free_security(struct file *file) | ||
283 | { | ||
284 | } | ||
285 | |||
286 | static int cap_file_ioctl(struct file *file, unsigned int command, | ||
287 | unsigned long arg) | ||
288 | { | ||
289 | return 0; | ||
290 | } | ||
291 | |||
292 | static int cap_file_mmap(struct file *file, unsigned long reqprot, | ||
293 | unsigned long prot, unsigned long flags, | ||
294 | unsigned long addr, unsigned long addr_only) | ||
295 | { | ||
296 | if ((addr < mmap_min_addr) && !capable(CAP_SYS_RAWIO)) | ||
297 | return -EACCES; | ||
298 | return 0; | ||
299 | } | ||
300 | |||
301 | static int cap_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, | ||
302 | unsigned long prot) | ||
303 | { | ||
304 | return 0; | ||
305 | } | ||
306 | |||
307 | static int cap_file_lock(struct file *file, unsigned int cmd) | ||
308 | { | ||
309 | return 0; | ||
310 | } | ||
311 | |||
312 | static int cap_file_fcntl(struct file *file, unsigned int cmd, | ||
313 | unsigned long arg) | ||
314 | { | ||
315 | return 0; | ||
316 | } | ||
317 | |||
318 | static int cap_file_set_fowner(struct file *file) | ||
319 | { | ||
320 | return 0; | ||
321 | } | ||
322 | |||
323 | static int cap_file_send_sigiotask(struct task_struct *tsk, | ||
324 | struct fown_struct *fown, int sig) | ||
325 | { | ||
326 | return 0; | ||
327 | } | ||
328 | |||
329 | static int cap_file_receive(struct file *file) | ||
330 | { | ||
331 | return 0; | ||
332 | } | ||
333 | |||
334 | static int cap_dentry_open(struct file *file) | ||
335 | { | ||
336 | return 0; | ||
337 | } | ||
338 | |||
339 | static int cap_task_create(unsigned long clone_flags) | ||
340 | { | ||
341 | return 0; | ||
342 | } | ||
343 | |||
344 | static int cap_task_alloc_security(struct task_struct *p) | ||
345 | { | ||
346 | return 0; | ||
347 | } | ||
348 | |||
349 | static void cap_task_free_security(struct task_struct *p) | ||
350 | { | ||
351 | } | ||
352 | |||
353 | static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) | ||
354 | { | ||
355 | return 0; | ||
356 | } | ||
357 | |||
358 | static int cap_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) | ||
359 | { | ||
360 | return 0; | ||
361 | } | ||
362 | |||
363 | static int cap_task_setpgid(struct task_struct *p, pid_t pgid) | ||
364 | { | ||
365 | return 0; | ||
366 | } | ||
367 | |||
368 | static int cap_task_getpgid(struct task_struct *p) | ||
369 | { | ||
370 | return 0; | ||
371 | } | ||
372 | |||
373 | static int cap_task_getsid(struct task_struct *p) | ||
374 | { | ||
375 | return 0; | ||
376 | } | ||
377 | |||
378 | static void cap_task_getsecid(struct task_struct *p, u32 *secid) | ||
379 | { | ||
380 | *secid = 0; | ||
381 | } | ||
382 | |||
383 | static int cap_task_setgroups(struct group_info *group_info) | ||
384 | { | ||
385 | return 0; | ||
386 | } | ||
387 | |||
388 | static int cap_task_getioprio(struct task_struct *p) | ||
389 | { | ||
390 | return 0; | ||
391 | } | ||
392 | |||
393 | static int cap_task_setrlimit(unsigned int resource, struct rlimit *new_rlim) | ||
394 | { | ||
395 | return 0; | ||
396 | } | ||
397 | |||
398 | static int cap_task_getscheduler(struct task_struct *p) | ||
399 | { | ||
400 | return 0; | ||
401 | } | ||
402 | |||
403 | static int cap_task_movememory(struct task_struct *p) | ||
404 | { | ||
405 | return 0; | ||
406 | } | ||
407 | |||
408 | static int cap_task_wait(struct task_struct *p) | ||
409 | { | ||
410 | return 0; | ||
411 | } | ||
412 | |||
413 | static int cap_task_kill(struct task_struct *p, struct siginfo *info, | ||
414 | int sig, u32 secid) | ||
415 | { | ||
416 | return 0; | ||
417 | } | ||
418 | |||
419 | static void cap_task_to_inode(struct task_struct *p, struct inode *inode) | ||
420 | { | ||
421 | } | ||
422 | |||
423 | static int cap_ipc_permission(struct kern_ipc_perm *ipcp, short flag) | ||
424 | { | ||
425 | return 0; | ||
426 | } | ||
427 | |||
428 | static void cap_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) | ||
429 | { | ||
430 | *secid = 0; | ||
431 | } | ||
432 | |||
433 | static int cap_msg_msg_alloc_security(struct msg_msg *msg) | ||
434 | { | ||
435 | return 0; | ||
436 | } | ||
437 | |||
438 | static void cap_msg_msg_free_security(struct msg_msg *msg) | ||
439 | { | ||
440 | } | ||
441 | |||
442 | static int cap_msg_queue_alloc_security(struct msg_queue *msq) | ||
443 | { | ||
444 | return 0; | ||
445 | } | ||
446 | |||
447 | static void cap_msg_queue_free_security(struct msg_queue *msq) | ||
448 | { | ||
449 | } | ||
450 | |||
451 | static int cap_msg_queue_associate(struct msg_queue *msq, int msqflg) | ||
452 | { | ||
453 | return 0; | ||
454 | } | ||
455 | |||
456 | static int cap_msg_queue_msgctl(struct msg_queue *msq, int cmd) | ||
457 | { | ||
458 | return 0; | ||
459 | } | ||
460 | |||
461 | static int cap_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, | ||
462 | int msgflg) | ||
463 | { | ||
464 | return 0; | ||
465 | } | ||
466 | |||
467 | static int cap_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, | ||
468 | struct task_struct *target, long type, int mode) | ||
469 | { | ||
470 | return 0; | ||
471 | } | ||
472 | |||
473 | static int cap_shm_alloc_security(struct shmid_kernel *shp) | ||
474 | { | ||
475 | return 0; | ||
476 | } | ||
477 | |||
478 | static void cap_shm_free_security(struct shmid_kernel *shp) | ||
479 | { | ||
480 | } | ||
481 | |||
482 | static int cap_shm_associate(struct shmid_kernel *shp, int shmflg) | ||
483 | { | ||
484 | return 0; | ||
485 | } | ||
486 | |||
487 | static int cap_shm_shmctl(struct shmid_kernel *shp, int cmd) | ||
488 | { | ||
489 | return 0; | ||
490 | } | ||
491 | |||
492 | static int cap_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, | ||
493 | int shmflg) | ||
494 | { | ||
495 | return 0; | ||
496 | } | ||
497 | |||
498 | static int cap_sem_alloc_security(struct sem_array *sma) | ||
499 | { | ||
500 | return 0; | ||
501 | } | ||
502 | |||
503 | static void cap_sem_free_security(struct sem_array *sma) | ||
504 | { | ||
505 | } | ||
506 | |||
507 | static int cap_sem_associate(struct sem_array *sma, int semflg) | ||
508 | { | ||
509 | return 0; | ||
510 | } | ||
511 | |||
512 | static int cap_sem_semctl(struct sem_array *sma, int cmd) | ||
513 | { | ||
514 | return 0; | ||
515 | } | ||
516 | |||
517 | static int cap_sem_semop(struct sem_array *sma, struct sembuf *sops, | ||
518 | unsigned nsops, int alter) | ||
519 | { | ||
520 | return 0; | ||
521 | } | ||
522 | |||
523 | #ifdef CONFIG_SECURITY_NETWORK | ||
524 | static int cap_unix_stream_connect(struct socket *sock, struct socket *other, | ||
525 | struct sock *newsk) | ||
526 | { | ||
527 | return 0; | ||
528 | } | ||
529 | |||
530 | static int cap_unix_may_send(struct socket *sock, struct socket *other) | ||
531 | { | ||
532 | return 0; | ||
533 | } | ||
534 | |||
535 | static int cap_socket_create(int family, int type, int protocol, int kern) | ||
536 | { | ||
537 | return 0; | ||
538 | } | ||
539 | |||
540 | static int cap_socket_post_create(struct socket *sock, int family, int type, | ||
541 | int protocol, int kern) | ||
542 | { | ||
543 | return 0; | ||
544 | } | ||
545 | |||
546 | static int cap_socket_bind(struct socket *sock, struct sockaddr *address, | ||
547 | int addrlen) | ||
548 | { | ||
549 | return 0; | ||
550 | } | ||
551 | |||
552 | static int cap_socket_connect(struct socket *sock, struct sockaddr *address, | ||
553 | int addrlen) | ||
554 | { | ||
555 | return 0; | ||
556 | } | ||
557 | |||
558 | static int cap_socket_listen(struct socket *sock, int backlog) | ||
559 | { | ||
560 | return 0; | ||
561 | } | ||
562 | |||
563 | static int cap_socket_accept(struct socket *sock, struct socket *newsock) | ||
564 | { | ||
565 | return 0; | ||
566 | } | ||
567 | |||
568 | static void cap_socket_post_accept(struct socket *sock, struct socket *newsock) | ||
569 | { | ||
570 | } | ||
571 | |||
572 | static int cap_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size) | ||
573 | { | ||
574 | return 0; | ||
575 | } | ||
576 | |||
577 | static int cap_socket_recvmsg(struct socket *sock, struct msghdr *msg, | ||
578 | int size, int flags) | ||
579 | { | ||
580 | return 0; | ||
581 | } | ||
582 | |||
583 | static int cap_socket_getsockname(struct socket *sock) | ||
584 | { | ||
585 | return 0; | ||
586 | } | ||
587 | |||
588 | static int cap_socket_getpeername(struct socket *sock) | ||
589 | { | ||
590 | return 0; | ||
591 | } | ||
592 | |||
593 | static int cap_socket_setsockopt(struct socket *sock, int level, int optname) | ||
594 | { | ||
595 | return 0; | ||
596 | } | ||
597 | |||
598 | static int cap_socket_getsockopt(struct socket *sock, int level, int optname) | ||
599 | { | ||
600 | return 0; | ||
601 | } | ||
602 | |||
603 | static int cap_socket_shutdown(struct socket *sock, int how) | ||
604 | { | ||
605 | return 0; | ||
606 | } | ||
607 | |||
608 | static int cap_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) | ||
609 | { | ||
610 | return 0; | ||
611 | } | ||
612 | |||
613 | static int cap_socket_getpeersec_stream(struct socket *sock, | ||
614 | char __user *optval, | ||
615 | int __user *optlen, unsigned len) | ||
616 | { | ||
617 | return -ENOPROTOOPT; | ||
618 | } | ||
619 | |||
620 | static int cap_socket_getpeersec_dgram(struct socket *sock, | ||
621 | struct sk_buff *skb, u32 *secid) | ||
622 | { | ||
623 | return -ENOPROTOOPT; | ||
624 | } | ||
625 | |||
626 | static int cap_sk_alloc_security(struct sock *sk, int family, gfp_t priority) | ||
627 | { | ||
628 | return 0; | ||
629 | } | ||
630 | |||
631 | static void cap_sk_free_security(struct sock *sk) | ||
632 | { | ||
633 | } | ||
634 | |||
635 | static void cap_sk_clone_security(const struct sock *sk, struct sock *newsk) | ||
636 | { | ||
637 | } | ||
638 | |||
639 | static void cap_sk_getsecid(struct sock *sk, u32 *secid) | ||
640 | { | ||
641 | } | ||
642 | |||
643 | static void cap_sock_graft(struct sock *sk, struct socket *parent) | ||
644 | { | ||
645 | } | ||
646 | |||
647 | static int cap_inet_conn_request(struct sock *sk, struct sk_buff *skb, | ||
648 | struct request_sock *req) | ||
649 | { | ||
650 | return 0; | ||
651 | } | ||
652 | |||
653 | static void cap_inet_csk_clone(struct sock *newsk, | ||
654 | const struct request_sock *req) | ||
655 | { | ||
656 | } | ||
657 | |||
658 | static void cap_inet_conn_established(struct sock *sk, struct sk_buff *skb) | ||
659 | { | ||
660 | } | ||
661 | |||
662 | static void cap_req_classify_flow(const struct request_sock *req, | ||
663 | struct flowi *fl) | ||
664 | { | ||
665 | } | ||
666 | #endif /* CONFIG_SECURITY_NETWORK */ | ||
667 | |||
668 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | ||
669 | static int cap_xfrm_policy_alloc_security(struct xfrm_sec_ctx **ctxp, | ||
670 | struct xfrm_user_sec_ctx *sec_ctx) | ||
671 | { | ||
672 | return 0; | ||
673 | } | ||
674 | |||
675 | static int cap_xfrm_policy_clone_security(struct xfrm_sec_ctx *old_ctx, | ||
676 | struct xfrm_sec_ctx **new_ctxp) | ||
677 | { | ||
678 | return 0; | ||
679 | } | ||
680 | |||
681 | static void cap_xfrm_policy_free_security(struct xfrm_sec_ctx *ctx) | ||
682 | { | ||
683 | } | ||
684 | |||
685 | static int cap_xfrm_policy_delete_security(struct xfrm_sec_ctx *ctx) | ||
686 | { | ||
687 | return 0; | ||
688 | } | ||
689 | |||
690 | static int cap_xfrm_state_alloc_security(struct xfrm_state *x, | ||
691 | struct xfrm_user_sec_ctx *sec_ctx, | ||
692 | u32 secid) | ||
693 | { | ||
694 | return 0; | ||
695 | } | ||
696 | |||
697 | static void cap_xfrm_state_free_security(struct xfrm_state *x) | ||
698 | { | ||
699 | } | ||
700 | |||
701 | static int cap_xfrm_state_delete_security(struct xfrm_state *x) | ||
702 | { | ||
703 | return 0; | ||
704 | } | ||
705 | |||
706 | static int cap_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 sk_sid, u8 dir) | ||
707 | { | ||
708 | return 0; | ||
709 | } | ||
710 | |||
711 | static int cap_xfrm_state_pol_flow_match(struct xfrm_state *x, | ||
712 | struct xfrm_policy *xp, | ||
713 | struct flowi *fl) | ||
714 | { | ||
715 | return 1; | ||
716 | } | ||
717 | |||
718 | static int cap_xfrm_decode_session(struct sk_buff *skb, u32 *fl, int ckall) | ||
719 | { | ||
720 | return 0; | ||
721 | } | ||
722 | |||
723 | #endif /* CONFIG_SECURITY_NETWORK_XFRM */ | ||
724 | static void cap_d_instantiate(struct dentry *dentry, struct inode *inode) | ||
725 | { | ||
726 | } | ||
727 | |||
728 | static int cap_getprocattr(struct task_struct *p, char *name, char **value) | ||
729 | { | ||
730 | return -EINVAL; | ||
731 | } | ||
732 | |||
733 | static int cap_setprocattr(struct task_struct *p, char *name, void *value, | ||
734 | size_t size) | ||
735 | { | ||
736 | return -EINVAL; | ||
737 | } | ||
738 | |||
739 | static int cap_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) | ||
740 | { | ||
741 | return -EOPNOTSUPP; | ||
742 | } | ||
743 | |||
744 | static int cap_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) | ||
745 | { | ||
746 | return -EOPNOTSUPP; | ||
747 | } | ||
748 | |||
749 | static void cap_release_secctx(char *secdata, u32 seclen) | ||
750 | { | ||
751 | } | ||
752 | |||
753 | #ifdef CONFIG_KEYS | ||
754 | static int cap_key_alloc(struct key *key, struct task_struct *ctx, | ||
755 | unsigned long flags) | ||
756 | { | ||
757 | return 0; | ||
758 | } | ||
759 | |||
760 | static void cap_key_free(struct key *key) | ||
761 | { | ||
762 | } | ||
57 | 763 | ||
58 | static int capability_disable; | 764 | static int cap_key_permission(key_ref_t key_ref, struct task_struct *context, |
59 | module_param_named(disable, capability_disable, int, 0); | 765 | key_perm_t perm) |
766 | { | ||
767 | return 0; | ||
768 | } | ||
60 | 769 | ||
61 | static int __init capability_init (void) | 770 | static int cap_key_getsecurity(struct key *key, char **_buffer) |
62 | { | 771 | { |
63 | if (capability_disable) { | 772 | *_buffer = NULL; |
64 | printk(KERN_INFO "Capabilities disabled at initialization\n"); | ||
65 | return 0; | ||
66 | } | ||
67 | /* register ourselves with the security framework */ | ||
68 | if (register_security (&capability_ops)) { | ||
69 | /* try registering with primary module */ | ||
70 | if (mod_reg_security (KBUILD_MODNAME, &capability_ops)) { | ||
71 | printk (KERN_INFO "Failure registering capabilities " | ||
72 | "with primary security module.\n"); | ||
73 | return -EINVAL; | ||
74 | } | ||
75 | secondary = 1; | ||
76 | } | ||
77 | printk (KERN_INFO "Capability LSM initialized%s\n", | ||
78 | secondary ? " as secondary" : ""); | ||
79 | return 0; | 773 | return 0; |
80 | } | 774 | } |
81 | 775 | ||
82 | security_initcall (capability_init); | 776 | #endif /* CONFIG_KEYS */ |
777 | |||
778 | #ifdef CONFIG_AUDIT | ||
779 | static int cap_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) | ||
780 | { | ||
781 | return 0; | ||
782 | } | ||
783 | |||
784 | static int cap_audit_rule_known(struct audit_krule *krule) | ||
785 | { | ||
786 | return 0; | ||
787 | } | ||
788 | |||
789 | static int cap_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, | ||
790 | struct audit_context *actx) | ||
791 | { | ||
792 | return 0; | ||
793 | } | ||
794 | |||
795 | static void cap_audit_rule_free(void *lsmrule) | ||
796 | { | ||
797 | } | ||
798 | #endif /* CONFIG_AUDIT */ | ||
799 | |||
800 | struct security_operations default_security_ops = { | ||
801 | .name = "default", | ||
802 | }; | ||
803 | |||
804 | #define set_to_cap_if_null(ops, function) \ | ||
805 | do { \ | ||
806 | if (!ops->function) { \ | ||
807 | ops->function = cap_##function; \ | ||
808 | pr_debug("Had to override the " #function \ | ||
809 | " security operation with the default.\n");\ | ||
810 | } \ | ||
811 | } while (0) | ||
812 | |||
813 | void security_fixup_ops(struct security_operations *ops) | ||
814 | { | ||
815 | set_to_cap_if_null(ops, ptrace); | ||
816 | set_to_cap_if_null(ops, capget); | ||
817 | set_to_cap_if_null(ops, capset_check); | ||
818 | set_to_cap_if_null(ops, capset_set); | ||
819 | set_to_cap_if_null(ops, acct); | ||
820 | set_to_cap_if_null(ops, capable); | ||
821 | set_to_cap_if_null(ops, quotactl); | ||
822 | set_to_cap_if_null(ops, quota_on); | ||
823 | set_to_cap_if_null(ops, sysctl); | ||
824 | set_to_cap_if_null(ops, syslog); | ||
825 | set_to_cap_if_null(ops, settime); | ||
826 | set_to_cap_if_null(ops, vm_enough_memory); | ||
827 | set_to_cap_if_null(ops, bprm_alloc_security); | ||
828 | set_to_cap_if_null(ops, bprm_free_security); | ||
829 | set_to_cap_if_null(ops, bprm_apply_creds); | ||
830 | set_to_cap_if_null(ops, bprm_post_apply_creds); | ||
831 | set_to_cap_if_null(ops, bprm_set_security); | ||
832 | set_to_cap_if_null(ops, bprm_check_security); | ||
833 | set_to_cap_if_null(ops, bprm_secureexec); | ||
834 | set_to_cap_if_null(ops, sb_alloc_security); | ||
835 | set_to_cap_if_null(ops, sb_free_security); | ||
836 | set_to_cap_if_null(ops, sb_copy_data); | ||
837 | set_to_cap_if_null(ops, sb_kern_mount); | ||
838 | set_to_cap_if_null(ops, sb_show_options); | ||
839 | set_to_cap_if_null(ops, sb_statfs); | ||
840 | set_to_cap_if_null(ops, sb_mount); | ||
841 | set_to_cap_if_null(ops, sb_check_sb); | ||
842 | set_to_cap_if_null(ops, sb_umount); | ||
843 | set_to_cap_if_null(ops, sb_umount_close); | ||
844 | set_to_cap_if_null(ops, sb_umount_busy); | ||
845 | set_to_cap_if_null(ops, sb_post_remount); | ||
846 | set_to_cap_if_null(ops, sb_post_addmount); | ||
847 | set_to_cap_if_null(ops, sb_pivotroot); | ||
848 | set_to_cap_if_null(ops, sb_post_pivotroot); | ||
849 | set_to_cap_if_null(ops, sb_set_mnt_opts); | ||
850 | set_to_cap_if_null(ops, sb_clone_mnt_opts); | ||
851 | set_to_cap_if_null(ops, sb_parse_opts_str); | ||
852 | set_to_cap_if_null(ops, inode_alloc_security); | ||
853 | set_to_cap_if_null(ops, inode_free_security); | ||
854 | set_to_cap_if_null(ops, inode_init_security); | ||
855 | set_to_cap_if_null(ops, inode_create); | ||
856 | set_to_cap_if_null(ops, inode_link); | ||
857 | set_to_cap_if_null(ops, inode_unlink); | ||
858 | set_to_cap_if_null(ops, inode_symlink); | ||
859 | set_to_cap_if_null(ops, inode_mkdir); | ||
860 | set_to_cap_if_null(ops, inode_rmdir); | ||
861 | set_to_cap_if_null(ops, inode_mknod); | ||
862 | set_to_cap_if_null(ops, inode_rename); | ||
863 | set_to_cap_if_null(ops, inode_readlink); | ||
864 | set_to_cap_if_null(ops, inode_follow_link); | ||
865 | set_to_cap_if_null(ops, inode_permission); | ||
866 | set_to_cap_if_null(ops, inode_setattr); | ||
867 | set_to_cap_if_null(ops, inode_getattr); | ||
868 | set_to_cap_if_null(ops, inode_delete); | ||
869 | set_to_cap_if_null(ops, inode_setxattr); | ||
870 | set_to_cap_if_null(ops, inode_post_setxattr); | ||
871 | set_to_cap_if_null(ops, inode_getxattr); | ||
872 | set_to_cap_if_null(ops, inode_listxattr); | ||
873 | set_to_cap_if_null(ops, inode_removexattr); | ||
874 | set_to_cap_if_null(ops, inode_need_killpriv); | ||
875 | set_to_cap_if_null(ops, inode_killpriv); | ||
876 | set_to_cap_if_null(ops, inode_getsecurity); | ||
877 | set_to_cap_if_null(ops, inode_setsecurity); | ||
878 | set_to_cap_if_null(ops, inode_listsecurity); | ||
879 | set_to_cap_if_null(ops, inode_getsecid); | ||
880 | set_to_cap_if_null(ops, file_permission); | ||
881 | set_to_cap_if_null(ops, file_alloc_security); | ||
882 | set_to_cap_if_null(ops, file_free_security); | ||
883 | set_to_cap_if_null(ops, file_ioctl); | ||
884 | set_to_cap_if_null(ops, file_mmap); | ||
885 | set_to_cap_if_null(ops, file_mprotect); | ||
886 | set_to_cap_if_null(ops, file_lock); | ||
887 | set_to_cap_if_null(ops, file_fcntl); | ||
888 | set_to_cap_if_null(ops, file_set_fowner); | ||
889 | set_to_cap_if_null(ops, file_send_sigiotask); | ||
890 | set_to_cap_if_null(ops, file_receive); | ||
891 | set_to_cap_if_null(ops, dentry_open); | ||
892 | set_to_cap_if_null(ops, task_create); | ||
893 | set_to_cap_if_null(ops, task_alloc_security); | ||
894 | set_to_cap_if_null(ops, task_free_security); | ||
895 | set_to_cap_if_null(ops, task_setuid); | ||
896 | set_to_cap_if_null(ops, task_post_setuid); | ||
897 | set_to_cap_if_null(ops, task_setgid); | ||
898 | set_to_cap_if_null(ops, task_setpgid); | ||
899 | set_to_cap_if_null(ops, task_getpgid); | ||
900 | set_to_cap_if_null(ops, task_getsid); | ||
901 | set_to_cap_if_null(ops, task_getsecid); | ||
902 | set_to_cap_if_null(ops, task_setgroups); | ||
903 | set_to_cap_if_null(ops, task_setnice); | ||
904 | set_to_cap_if_null(ops, task_setioprio); | ||
905 | set_to_cap_if_null(ops, task_getioprio); | ||
906 | set_to_cap_if_null(ops, task_setrlimit); | ||
907 | set_to_cap_if_null(ops, task_setscheduler); | ||
908 | set_to_cap_if_null(ops, task_getscheduler); | ||
909 | set_to_cap_if_null(ops, task_movememory); | ||
910 | set_to_cap_if_null(ops, task_wait); | ||
911 | set_to_cap_if_null(ops, task_kill); | ||
912 | set_to_cap_if_null(ops, task_prctl); | ||
913 | set_to_cap_if_null(ops, task_reparent_to_init); | ||
914 | set_to_cap_if_null(ops, task_to_inode); | ||
915 | set_to_cap_if_null(ops, ipc_permission); | ||
916 | set_to_cap_if_null(ops, ipc_getsecid); | ||
917 | set_to_cap_if_null(ops, msg_msg_alloc_security); | ||
918 | set_to_cap_if_null(ops, msg_msg_free_security); | ||
919 | set_to_cap_if_null(ops, msg_queue_alloc_security); | ||
920 | set_to_cap_if_null(ops, msg_queue_free_security); | ||
921 | set_to_cap_if_null(ops, msg_queue_associate); | ||
922 | set_to_cap_if_null(ops, msg_queue_msgctl); | ||
923 | set_to_cap_if_null(ops, msg_queue_msgsnd); | ||
924 | set_to_cap_if_null(ops, msg_queue_msgrcv); | ||
925 | set_to_cap_if_null(ops, shm_alloc_security); | ||
926 | set_to_cap_if_null(ops, shm_free_security); | ||
927 | set_to_cap_if_null(ops, shm_associate); | ||
928 | set_to_cap_if_null(ops, shm_shmctl); | ||
929 | set_to_cap_if_null(ops, shm_shmat); | ||
930 | set_to_cap_if_null(ops, sem_alloc_security); | ||
931 | set_to_cap_if_null(ops, sem_free_security); | ||
932 | set_to_cap_if_null(ops, sem_associate); | ||
933 | set_to_cap_if_null(ops, sem_semctl); | ||
934 | set_to_cap_if_null(ops, sem_semop); | ||
935 | set_to_cap_if_null(ops, netlink_send); | ||
936 | set_to_cap_if_null(ops, netlink_recv); | ||
937 | set_to_cap_if_null(ops, d_instantiate); | ||
938 | set_to_cap_if_null(ops, getprocattr); | ||
939 | set_to_cap_if_null(ops, setprocattr); | ||
940 | set_to_cap_if_null(ops, secid_to_secctx); | ||
941 | set_to_cap_if_null(ops, secctx_to_secid); | ||
942 | set_to_cap_if_null(ops, release_secctx); | ||
943 | #ifdef CONFIG_SECURITY_NETWORK | ||
944 | set_to_cap_if_null(ops, unix_stream_connect); | ||
945 | set_to_cap_if_null(ops, unix_may_send); | ||
946 | set_to_cap_if_null(ops, socket_create); | ||
947 | set_to_cap_if_null(ops, socket_post_create); | ||
948 | set_to_cap_if_null(ops, socket_bind); | ||
949 | set_to_cap_if_null(ops, socket_connect); | ||
950 | set_to_cap_if_null(ops, socket_listen); | ||
951 | set_to_cap_if_null(ops, socket_accept); | ||
952 | set_to_cap_if_null(ops, socket_post_accept); | ||
953 | set_to_cap_if_null(ops, socket_sendmsg); | ||
954 | set_to_cap_if_null(ops, socket_recvmsg); | ||
955 | set_to_cap_if_null(ops, socket_getsockname); | ||
956 | set_to_cap_if_null(ops, socket_getpeername); | ||
957 | set_to_cap_if_null(ops, socket_setsockopt); | ||
958 | set_to_cap_if_null(ops, socket_getsockopt); | ||
959 | set_to_cap_if_null(ops, socket_shutdown); | ||
960 | set_to_cap_if_null(ops, socket_sock_rcv_skb); | ||
961 | set_to_cap_if_null(ops, socket_getpeersec_stream); | ||
962 | set_to_cap_if_null(ops, socket_getpeersec_dgram); | ||
963 | set_to_cap_if_null(ops, sk_alloc_security); | ||
964 | set_to_cap_if_null(ops, sk_free_security); | ||
965 | set_to_cap_if_null(ops, sk_clone_security); | ||
966 | set_to_cap_if_null(ops, sk_getsecid); | ||
967 | set_to_cap_if_null(ops, sock_graft); | ||
968 | set_to_cap_if_null(ops, inet_conn_request); | ||
969 | set_to_cap_if_null(ops, inet_csk_clone); | ||
970 | set_to_cap_if_null(ops, inet_conn_established); | ||
971 | set_to_cap_if_null(ops, req_classify_flow); | ||
972 | #endif /* CONFIG_SECURITY_NETWORK */ | ||
973 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | ||
974 | set_to_cap_if_null(ops, xfrm_policy_alloc_security); | ||
975 | set_to_cap_if_null(ops, xfrm_policy_clone_security); | ||
976 | set_to_cap_if_null(ops, xfrm_policy_free_security); | ||
977 | set_to_cap_if_null(ops, xfrm_policy_delete_security); | ||
978 | set_to_cap_if_null(ops, xfrm_state_alloc_security); | ||
979 | set_to_cap_if_null(ops, xfrm_state_free_security); | ||
980 | set_to_cap_if_null(ops, xfrm_state_delete_security); | ||
981 | set_to_cap_if_null(ops, xfrm_policy_lookup); | ||
982 | set_to_cap_if_null(ops, xfrm_state_pol_flow_match); | ||
983 | set_to_cap_if_null(ops, xfrm_decode_session); | ||
984 | #endif /* CONFIG_SECURITY_NETWORK_XFRM */ | ||
985 | #ifdef CONFIG_KEYS | ||
986 | set_to_cap_if_null(ops, key_alloc); | ||
987 | set_to_cap_if_null(ops, key_free); | ||
988 | set_to_cap_if_null(ops, key_permission); | ||
989 | set_to_cap_if_null(ops, key_getsecurity); | ||
990 | #endif /* CONFIG_KEYS */ | ||
991 | #ifdef CONFIG_AUDIT | ||
992 | set_to_cap_if_null(ops, audit_rule_init); | ||
993 | set_to_cap_if_null(ops, audit_rule_known); | ||
994 | set_to_cap_if_null(ops, audit_rule_match); | ||
995 | set_to_cap_if_null(ops, audit_rule_free); | ||
996 | #endif | ||
997 | } | ||
diff --git a/security/commoncap.c b/security/commoncap.c index 5edabc7542ae..0b6537a3672d 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
@@ -63,7 +63,8 @@ int cap_settime(struct timespec *ts, struct timezone *tz) | |||
63 | return 0; | 63 | return 0; |
64 | } | 64 | } |
65 | 65 | ||
66 | int cap_ptrace (struct task_struct *parent, struct task_struct *child) | 66 | int cap_ptrace (struct task_struct *parent, struct task_struct *child, |
67 | unsigned int mode) | ||
67 | { | 68 | { |
68 | /* Derived from arch/i386/kernel/ptrace.c:sys_ptrace. */ | 69 | /* Derived from arch/i386/kernel/ptrace.c:sys_ptrace. */ |
69 | if (!cap_issubset(child->cap_permitted, parent->cap_permitted) && | 70 | if (!cap_issubset(child->cap_permitted, parent->cap_permitted) && |
@@ -103,10 +104,16 @@ static inline int cap_inh_is_capped(void) | |||
103 | return (cap_capable(current, CAP_SETPCAP) != 0); | 104 | return (cap_capable(current, CAP_SETPCAP) != 0); |
104 | } | 105 | } |
105 | 106 | ||
107 | static inline int cap_limit_ptraced_target(void) { return 1; } | ||
108 | |||
106 | #else /* ie., ndef CONFIG_SECURITY_FILE_CAPABILITIES */ | 109 | #else /* ie., ndef CONFIG_SECURITY_FILE_CAPABILITIES */ |
107 | 110 | ||
108 | static inline int cap_block_setpcap(struct task_struct *t) { return 0; } | 111 | static inline int cap_block_setpcap(struct task_struct *t) { return 0; } |
109 | static inline int cap_inh_is_capped(void) { return 1; } | 112 | static inline int cap_inh_is_capped(void) { return 1; } |
113 | static inline int cap_limit_ptraced_target(void) | ||
114 | { | ||
115 | return !capable(CAP_SETPCAP); | ||
116 | } | ||
110 | 117 | ||
111 | #endif /* def CONFIG_SECURITY_FILE_CAPABILITIES */ | 118 | #endif /* def CONFIG_SECURITY_FILE_CAPABILITIES */ |
112 | 119 | ||
@@ -342,9 +349,10 @@ void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe) | |||
342 | bprm->e_uid = current->uid; | 349 | bprm->e_uid = current->uid; |
343 | bprm->e_gid = current->gid; | 350 | bprm->e_gid = current->gid; |
344 | } | 351 | } |
345 | if (!capable (CAP_SETPCAP)) { | 352 | if (cap_limit_ptraced_target()) { |
346 | new_permitted = cap_intersect (new_permitted, | 353 | new_permitted = |
347 | current->cap_permitted); | 354 | cap_intersect(new_permitted, |
355 | current->cap_permitted); | ||
348 | } | 356 | } |
349 | } | 357 | } |
350 | } | 358 | } |
diff --git a/security/device_cgroup.c b/security/device_cgroup.c index baf348834b66..ddd92cec78ed 100644 --- a/security/device_cgroup.c +++ b/security/device_cgroup.c | |||
@@ -222,7 +222,7 @@ static void devcgroup_destroy(struct cgroup_subsys *ss, | |||
222 | #define DEVCG_DENY 2 | 222 | #define DEVCG_DENY 2 |
223 | #define DEVCG_LIST 3 | 223 | #define DEVCG_LIST 3 |
224 | 224 | ||
225 | #define MAJMINLEN 10 | 225 | #define MAJMINLEN 13 |
226 | #define ACCLEN 4 | 226 | #define ACCLEN 4 |
227 | 227 | ||
228 | static void set_access(char *acc, short access) | 228 | static void set_access(char *acc, short access) |
@@ -254,7 +254,7 @@ static void set_majmin(char *str, unsigned m) | |||
254 | if (m == ~0) | 254 | if (m == ~0) |
255 | sprintf(str, "*"); | 255 | sprintf(str, "*"); |
256 | else | 256 | else |
257 | snprintf(str, MAJMINLEN, "%d", m); | 257 | snprintf(str, MAJMINLEN, "%u", m); |
258 | } | 258 | } |
259 | 259 | ||
260 | static int devcgroup_seq_read(struct cgroup *cgroup, struct cftype *cft, | 260 | static int devcgroup_seq_read(struct cgroup *cgroup, struct cftype *cft, |
@@ -300,7 +300,7 @@ static int may_access_whitelist(struct dev_cgroup *c, | |||
300 | continue; | 300 | continue; |
301 | if (whitem->minor != ~0 && whitem->minor != refwh->minor) | 301 | if (whitem->minor != ~0 && whitem->minor != refwh->minor) |
302 | continue; | 302 | continue; |
303 | if (refwh->access & (~(whitem->access | ACC_MASK))) | 303 | if (refwh->access & (~whitem->access)) |
304 | continue; | 304 | continue; |
305 | return 1; | 305 | return 1; |
306 | } | 306 | } |
@@ -382,6 +382,8 @@ static ssize_t devcgroup_access_write(struct cgroup *cgroup, struct cftype *cft, | |||
382 | case 'a': | 382 | case 'a': |
383 | wh.type = DEV_ALL; | 383 | wh.type = DEV_ALL; |
384 | wh.access = ACC_MASK; | 384 | wh.access = ACC_MASK; |
385 | wh.major = ~0; | ||
386 | wh.minor = ~0; | ||
385 | goto handle; | 387 | goto handle; |
386 | case 'b': | 388 | case 'b': |
387 | wh.type = DEV_BLOCK; | 389 | wh.type = DEV_BLOCK; |
diff --git a/security/dummy.c b/security/dummy.c deleted file mode 100644 index b8916883b77f..000000000000 --- a/security/dummy.c +++ /dev/null | |||
@@ -1,1251 +0,0 @@ | |||
1 | /* | ||
2 | * Stub functions for the default security function pointers in case no | ||
3 | * security model is loaded. | ||
4 | * | ||
5 | * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> | ||
6 | * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com> | ||
7 | * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> | ||
8 | * | ||
9 | * This program is free software; you can redistribute it and/or modify | ||
10 | * it under the terms of the GNU General Public License as published by | ||
11 | * the Free Software Foundation; either version 2 of the License, or | ||
12 | * (at your option) any later version. | ||
13 | */ | ||
14 | |||
15 | #undef DEBUG | ||
16 | |||
17 | #include <linux/capability.h> | ||
18 | #include <linux/kernel.h> | ||
19 | #include <linux/mman.h> | ||
20 | #include <linux/pagemap.h> | ||
21 | #include <linux/swap.h> | ||
22 | #include <linux/security.h> | ||
23 | #include <linux/skbuff.h> | ||
24 | #include <linux/netlink.h> | ||
25 | #include <net/sock.h> | ||
26 | #include <linux/xattr.h> | ||
27 | #include <linux/hugetlb.h> | ||
28 | #include <linux/ptrace.h> | ||
29 | #include <linux/file.h> | ||
30 | #include <linux/prctl.h> | ||
31 | #include <linux/securebits.h> | ||
32 | |||
33 | static int dummy_ptrace (struct task_struct *parent, struct task_struct *child) | ||
34 | { | ||
35 | return 0; | ||
36 | } | ||
37 | |||
38 | static int dummy_capget (struct task_struct *target, kernel_cap_t * effective, | ||
39 | kernel_cap_t * inheritable, kernel_cap_t * permitted) | ||
40 | { | ||
41 | if (target->euid == 0) { | ||
42 | cap_set_full(*permitted); | ||
43 | cap_set_init_eff(*effective); | ||
44 | } else { | ||
45 | cap_clear(*permitted); | ||
46 | cap_clear(*effective); | ||
47 | } | ||
48 | |||
49 | cap_clear(*inheritable); | ||
50 | |||
51 | if (target->fsuid != 0) { | ||
52 | *permitted = cap_drop_fs_set(*permitted); | ||
53 | *effective = cap_drop_fs_set(*effective); | ||
54 | } | ||
55 | return 0; | ||
56 | } | ||
57 | |||
58 | static int dummy_capset_check (struct task_struct *target, | ||
59 | kernel_cap_t * effective, | ||
60 | kernel_cap_t * inheritable, | ||
61 | kernel_cap_t * permitted) | ||
62 | { | ||
63 | return -EPERM; | ||
64 | } | ||
65 | |||
66 | static void dummy_capset_set (struct task_struct *target, | ||
67 | kernel_cap_t * effective, | ||
68 | kernel_cap_t * inheritable, | ||
69 | kernel_cap_t * permitted) | ||
70 | { | ||
71 | return; | ||
72 | } | ||
73 | |||
74 | static int dummy_acct (struct file *file) | ||
75 | { | ||
76 | return 0; | ||
77 | } | ||
78 | |||
79 | static int dummy_capable (struct task_struct *tsk, int cap) | ||
80 | { | ||
81 | if (cap_raised (tsk->cap_effective, cap)) | ||
82 | return 0; | ||
83 | return -EPERM; | ||
84 | } | ||
85 | |||
86 | static int dummy_sysctl (ctl_table * table, int op) | ||
87 | { | ||
88 | return 0; | ||
89 | } | ||
90 | |||
91 | static int dummy_quotactl (int cmds, int type, int id, struct super_block *sb) | ||
92 | { | ||
93 | return 0; | ||
94 | } | ||
95 | |||
96 | static int dummy_quota_on (struct dentry *dentry) | ||
97 | { | ||
98 | return 0; | ||
99 | } | ||
100 | |||
101 | static int dummy_syslog (int type) | ||
102 | { | ||
103 | if ((type != 3 && type != 10) && current->euid) | ||
104 | return -EPERM; | ||
105 | return 0; | ||
106 | } | ||
107 | |||
108 | static int dummy_settime(struct timespec *ts, struct timezone *tz) | ||
109 | { | ||
110 | if (!capable(CAP_SYS_TIME)) | ||
111 | return -EPERM; | ||
112 | return 0; | ||
113 | } | ||
114 | |||
115 | static int dummy_vm_enough_memory(struct mm_struct *mm, long pages) | ||
116 | { | ||
117 | int cap_sys_admin = 0; | ||
118 | |||
119 | if (dummy_capable(current, CAP_SYS_ADMIN) == 0) | ||
120 | cap_sys_admin = 1; | ||
121 | return __vm_enough_memory(mm, pages, cap_sys_admin); | ||
122 | } | ||
123 | |||
124 | static int dummy_bprm_alloc_security (struct linux_binprm *bprm) | ||
125 | { | ||
126 | return 0; | ||
127 | } | ||
128 | |||
129 | static void dummy_bprm_free_security (struct linux_binprm *bprm) | ||
130 | { | ||
131 | return; | ||
132 | } | ||
133 | |||
134 | static void dummy_bprm_apply_creds (struct linux_binprm *bprm, int unsafe) | ||
135 | { | ||
136 | if (bprm->e_uid != current->uid || bprm->e_gid != current->gid) { | ||
137 | set_dumpable(current->mm, suid_dumpable); | ||
138 | |||
139 | if ((unsafe & ~LSM_UNSAFE_PTRACE_CAP) && !capable(CAP_SETUID)) { | ||
140 | bprm->e_uid = current->uid; | ||
141 | bprm->e_gid = current->gid; | ||
142 | } | ||
143 | } | ||
144 | |||
145 | current->suid = current->euid = current->fsuid = bprm->e_uid; | ||
146 | current->sgid = current->egid = current->fsgid = bprm->e_gid; | ||
147 | |||
148 | dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted); | ||
149 | } | ||
150 | |||
151 | static void dummy_bprm_post_apply_creds (struct linux_binprm *bprm) | ||
152 | { | ||
153 | return; | ||
154 | } | ||
155 | |||
156 | static int dummy_bprm_set_security (struct linux_binprm *bprm) | ||
157 | { | ||
158 | return 0; | ||
159 | } | ||
160 | |||
161 | static int dummy_bprm_check_security (struct linux_binprm *bprm) | ||
162 | { | ||
163 | return 0; | ||
164 | } | ||
165 | |||
166 | static int dummy_bprm_secureexec (struct linux_binprm *bprm) | ||
167 | { | ||
168 | /* The new userland will simply use the value provided | ||
169 | in the AT_SECURE field to decide whether secure mode | ||
170 | is required. Hence, this logic is required to preserve | ||
171 | the legacy decision algorithm used by the old userland. */ | ||
172 | return (current->euid != current->uid || | ||
173 | current->egid != current->gid); | ||
174 | } | ||
175 | |||
176 | static int dummy_sb_alloc_security (struct super_block *sb) | ||
177 | { | ||
178 | return 0; | ||
179 | } | ||
180 | |||
181 | static void dummy_sb_free_security (struct super_block *sb) | ||
182 | { | ||
183 | return; | ||
184 | } | ||
185 | |||
186 | static int dummy_sb_copy_data (char *orig, char *copy) | ||
187 | { | ||
188 | return 0; | ||
189 | } | ||
190 | |||
191 | static int dummy_sb_kern_mount (struct super_block *sb, void *data) | ||
192 | { | ||
193 | return 0; | ||
194 | } | ||
195 | |||
196 | static int dummy_sb_statfs (struct dentry *dentry) | ||
197 | { | ||
198 | return 0; | ||
199 | } | ||
200 | |||
201 | static int dummy_sb_mount (char *dev_name, struct path *path, char *type, | ||
202 | unsigned long flags, void *data) | ||
203 | { | ||
204 | return 0; | ||
205 | } | ||
206 | |||
207 | static int dummy_sb_check_sb (struct vfsmount *mnt, struct path *path) | ||
208 | { | ||
209 | return 0; | ||
210 | } | ||
211 | |||
212 | static int dummy_sb_umount (struct vfsmount *mnt, int flags) | ||
213 | { | ||
214 | return 0; | ||
215 | } | ||
216 | |||
217 | static void dummy_sb_umount_close (struct vfsmount *mnt) | ||
218 | { | ||
219 | return; | ||
220 | } | ||
221 | |||
222 | static void dummy_sb_umount_busy (struct vfsmount *mnt) | ||
223 | { | ||
224 | return; | ||
225 | } | ||
226 | |||
227 | static void dummy_sb_post_remount (struct vfsmount *mnt, unsigned long flags, | ||
228 | void *data) | ||
229 | { | ||
230 | return; | ||
231 | } | ||
232 | |||
233 | |||
234 | static void dummy_sb_post_addmount (struct vfsmount *mnt, struct path *path) | ||
235 | { | ||
236 | return; | ||
237 | } | ||
238 | |||
239 | static int dummy_sb_pivotroot (struct path *old_path, struct path *new_path) | ||
240 | { | ||
241 | return 0; | ||
242 | } | ||
243 | |||
244 | static void dummy_sb_post_pivotroot (struct path *old_path, struct path *new_path) | ||
245 | { | ||
246 | return; | ||
247 | } | ||
248 | |||
249 | static int dummy_sb_get_mnt_opts(const struct super_block *sb, | ||
250 | struct security_mnt_opts *opts) | ||
251 | { | ||
252 | security_init_mnt_opts(opts); | ||
253 | return 0; | ||
254 | } | ||
255 | |||
256 | static int dummy_sb_set_mnt_opts(struct super_block *sb, | ||
257 | struct security_mnt_opts *opts) | ||
258 | { | ||
259 | if (unlikely(opts->num_mnt_opts)) | ||
260 | return -EOPNOTSUPP; | ||
261 | return 0; | ||
262 | } | ||
263 | |||
264 | static void dummy_sb_clone_mnt_opts(const struct super_block *oldsb, | ||
265 | struct super_block *newsb) | ||
266 | { | ||
267 | return; | ||
268 | } | ||
269 | |||
270 | static int dummy_sb_parse_opts_str(char *options, struct security_mnt_opts *opts) | ||
271 | { | ||
272 | return 0; | ||
273 | } | ||
274 | |||
275 | static int dummy_inode_alloc_security (struct inode *inode) | ||
276 | { | ||
277 | return 0; | ||
278 | } | ||
279 | |||
280 | static void dummy_inode_free_security (struct inode *inode) | ||
281 | { | ||
282 | return; | ||
283 | } | ||
284 | |||
285 | static int dummy_inode_init_security (struct inode *inode, struct inode *dir, | ||
286 | char **name, void **value, size_t *len) | ||
287 | { | ||
288 | return -EOPNOTSUPP; | ||
289 | } | ||
290 | |||
291 | static int dummy_inode_create (struct inode *inode, struct dentry *dentry, | ||
292 | int mask) | ||
293 | { | ||
294 | return 0; | ||
295 | } | ||
296 | |||
297 | static int dummy_inode_link (struct dentry *old_dentry, struct inode *inode, | ||
298 | struct dentry *new_dentry) | ||
299 | { | ||
300 | return 0; | ||
301 | } | ||
302 | |||
303 | static int dummy_inode_unlink (struct inode *inode, struct dentry *dentry) | ||
304 | { | ||
305 | return 0; | ||
306 | } | ||
307 | |||
308 | static int dummy_inode_symlink (struct inode *inode, struct dentry *dentry, | ||
309 | const char *name) | ||
310 | { | ||
311 | return 0; | ||
312 | } | ||
313 | |||
314 | static int dummy_inode_mkdir (struct inode *inode, struct dentry *dentry, | ||
315 | int mask) | ||
316 | { | ||
317 | return 0; | ||
318 | } | ||
319 | |||
320 | static int dummy_inode_rmdir (struct inode *inode, struct dentry *dentry) | ||
321 | { | ||
322 | return 0; | ||
323 | } | ||
324 | |||
325 | static int dummy_inode_mknod (struct inode *inode, struct dentry *dentry, | ||
326 | int mode, dev_t dev) | ||
327 | { | ||
328 | return 0; | ||
329 | } | ||
330 | |||
331 | static int dummy_inode_rename (struct inode *old_inode, | ||
332 | struct dentry *old_dentry, | ||
333 | struct inode *new_inode, | ||
334 | struct dentry *new_dentry) | ||
335 | { | ||
336 | return 0; | ||
337 | } | ||
338 | |||
339 | static int dummy_inode_readlink (struct dentry *dentry) | ||
340 | { | ||
341 | return 0; | ||
342 | } | ||
343 | |||
344 | static int dummy_inode_follow_link (struct dentry *dentry, | ||
345 | struct nameidata *nameidata) | ||
346 | { | ||
347 | return 0; | ||
348 | } | ||
349 | |||
350 | static int dummy_inode_permission (struct inode *inode, int mask, struct nameidata *nd) | ||
351 | { | ||
352 | return 0; | ||
353 | } | ||
354 | |||
355 | static int dummy_inode_setattr (struct dentry *dentry, struct iattr *iattr) | ||
356 | { | ||
357 | return 0; | ||
358 | } | ||
359 | |||
360 | static int dummy_inode_getattr (struct vfsmount *mnt, struct dentry *dentry) | ||
361 | { | ||
362 | return 0; | ||
363 | } | ||
364 | |||
365 | static void dummy_inode_delete (struct inode *ino) | ||
366 | { | ||
367 | return; | ||
368 | } | ||
369 | |||
370 | static int dummy_inode_setxattr (struct dentry *dentry, const char *name, | ||
371 | const void *value, size_t size, int flags) | ||
372 | { | ||
373 | if (!strncmp(name, XATTR_SECURITY_PREFIX, | ||
374 | sizeof(XATTR_SECURITY_PREFIX) - 1) && | ||
375 | !capable(CAP_SYS_ADMIN)) | ||
376 | return -EPERM; | ||
377 | return 0; | ||
378 | } | ||
379 | |||
380 | static void dummy_inode_post_setxattr (struct dentry *dentry, const char *name, | ||
381 | const void *value, size_t size, | ||
382 | int flags) | ||
383 | { | ||
384 | } | ||
385 | |||
386 | static int dummy_inode_getxattr (struct dentry *dentry, const char *name) | ||
387 | { | ||
388 | return 0; | ||
389 | } | ||
390 | |||
391 | static int dummy_inode_listxattr (struct dentry *dentry) | ||
392 | { | ||
393 | return 0; | ||
394 | } | ||
395 | |||
396 | static int dummy_inode_removexattr (struct dentry *dentry, const char *name) | ||
397 | { | ||
398 | if (!strncmp(name, XATTR_SECURITY_PREFIX, | ||
399 | sizeof(XATTR_SECURITY_PREFIX) - 1) && | ||
400 | !capable(CAP_SYS_ADMIN)) | ||
401 | return -EPERM; | ||
402 | return 0; | ||
403 | } | ||
404 | |||
405 | static int dummy_inode_need_killpriv(struct dentry *dentry) | ||
406 | { | ||
407 | return 0; | ||
408 | } | ||
409 | |||
410 | static int dummy_inode_killpriv(struct dentry *dentry) | ||
411 | { | ||
412 | return 0; | ||
413 | } | ||
414 | |||
415 | static int dummy_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc) | ||
416 | { | ||
417 | return -EOPNOTSUPP; | ||
418 | } | ||
419 | |||
420 | static int dummy_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) | ||
421 | { | ||
422 | return -EOPNOTSUPP; | ||
423 | } | ||
424 | |||
425 | static int dummy_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size) | ||
426 | { | ||
427 | return 0; | ||
428 | } | ||
429 | |||
430 | static void dummy_inode_getsecid(const struct inode *inode, u32 *secid) | ||
431 | { | ||
432 | *secid = 0; | ||
433 | } | ||
434 | |||
435 | static int dummy_file_permission (struct file *file, int mask) | ||
436 | { | ||
437 | return 0; | ||
438 | } | ||
439 | |||
440 | static int dummy_file_alloc_security (struct file *file) | ||
441 | { | ||
442 | return 0; | ||
443 | } | ||
444 | |||
445 | static void dummy_file_free_security (struct file *file) | ||
446 | { | ||
447 | return; | ||
448 | } | ||
449 | |||
450 | static int dummy_file_ioctl (struct file *file, unsigned int command, | ||
451 | unsigned long arg) | ||
452 | { | ||
453 | return 0; | ||
454 | } | ||
455 | |||
456 | static int dummy_file_mmap (struct file *file, unsigned long reqprot, | ||
457 | unsigned long prot, | ||
458 | unsigned long flags, | ||
459 | unsigned long addr, | ||
460 | unsigned long addr_only) | ||
461 | { | ||
462 | if ((addr < mmap_min_addr) && !capable(CAP_SYS_RAWIO)) | ||
463 | return -EACCES; | ||
464 | return 0; | ||
465 | } | ||
466 | |||
467 | static int dummy_file_mprotect (struct vm_area_struct *vma, | ||
468 | unsigned long reqprot, | ||
469 | unsigned long prot) | ||
470 | { | ||
471 | return 0; | ||
472 | } | ||
473 | |||
474 | static int dummy_file_lock (struct file *file, unsigned int cmd) | ||
475 | { | ||
476 | return 0; | ||
477 | } | ||
478 | |||
479 | static int dummy_file_fcntl (struct file *file, unsigned int cmd, | ||
480 | unsigned long arg) | ||
481 | { | ||
482 | return 0; | ||
483 | } | ||
484 | |||
485 | static int dummy_file_set_fowner (struct file *file) | ||
486 | { | ||
487 | return 0; | ||
488 | } | ||
489 | |||
490 | static int dummy_file_send_sigiotask (struct task_struct *tsk, | ||
491 | struct fown_struct *fown, int sig) | ||
492 | { | ||
493 | return 0; | ||
494 | } | ||
495 | |||
496 | static int dummy_file_receive (struct file *file) | ||
497 | { | ||
498 | return 0; | ||
499 | } | ||
500 | |||
501 | static int dummy_dentry_open (struct file *file) | ||
502 | { | ||
503 | return 0; | ||
504 | } | ||
505 | |||
506 | static int dummy_task_create (unsigned long clone_flags) | ||
507 | { | ||
508 | return 0; | ||
509 | } | ||
510 | |||
511 | static int dummy_task_alloc_security (struct task_struct *p) | ||
512 | { | ||
513 | return 0; | ||
514 | } | ||
515 | |||
516 | static void dummy_task_free_security (struct task_struct *p) | ||
517 | { | ||
518 | return; | ||
519 | } | ||
520 | |||
521 | static int dummy_task_setuid (uid_t id0, uid_t id1, uid_t id2, int flags) | ||
522 | { | ||
523 | return 0; | ||
524 | } | ||
525 | |||
526 | static int dummy_task_post_setuid (uid_t id0, uid_t id1, uid_t id2, int flags) | ||
527 | { | ||
528 | dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted); | ||
529 | return 0; | ||
530 | } | ||
531 | |||
532 | static int dummy_task_setgid (gid_t id0, gid_t id1, gid_t id2, int flags) | ||
533 | { | ||
534 | return 0; | ||
535 | } | ||
536 | |||
537 | static int dummy_task_setpgid (struct task_struct *p, pid_t pgid) | ||
538 | { | ||
539 | return 0; | ||
540 | } | ||
541 | |||
542 | static int dummy_task_getpgid (struct task_struct *p) | ||
543 | { | ||
544 | return 0; | ||
545 | } | ||
546 | |||
547 | static int dummy_task_getsid (struct task_struct *p) | ||
548 | { | ||
549 | return 0; | ||
550 | } | ||
551 | |||
552 | static void dummy_task_getsecid (struct task_struct *p, u32 *secid) | ||
553 | { | ||
554 | *secid = 0; | ||
555 | } | ||
556 | |||
557 | static int dummy_task_setgroups (struct group_info *group_info) | ||
558 | { | ||
559 | return 0; | ||
560 | } | ||
561 | |||
562 | static int dummy_task_setnice (struct task_struct *p, int nice) | ||
563 | { | ||
564 | return 0; | ||
565 | } | ||
566 | |||
567 | static int dummy_task_setioprio (struct task_struct *p, int ioprio) | ||
568 | { | ||
569 | return 0; | ||
570 | } | ||
571 | |||
572 | static int dummy_task_getioprio (struct task_struct *p) | ||
573 | { | ||
574 | return 0; | ||
575 | } | ||
576 | |||
577 | static int dummy_task_setrlimit (unsigned int resource, struct rlimit *new_rlim) | ||
578 | { | ||
579 | return 0; | ||
580 | } | ||
581 | |||
582 | static int dummy_task_setscheduler (struct task_struct *p, int policy, | ||
583 | struct sched_param *lp) | ||
584 | { | ||
585 | return 0; | ||
586 | } | ||
587 | |||
588 | static int dummy_task_getscheduler (struct task_struct *p) | ||
589 | { | ||
590 | return 0; | ||
591 | } | ||
592 | |||
593 | static int dummy_task_movememory (struct task_struct *p) | ||
594 | { | ||
595 | return 0; | ||
596 | } | ||
597 | |||
598 | static int dummy_task_wait (struct task_struct *p) | ||
599 | { | ||
600 | return 0; | ||
601 | } | ||
602 | |||
603 | static int dummy_task_kill (struct task_struct *p, struct siginfo *info, | ||
604 | int sig, u32 secid) | ||
605 | { | ||
606 | return 0; | ||
607 | } | ||
608 | |||
609 | static int dummy_task_prctl (int option, unsigned long arg2, unsigned long arg3, | ||
610 | unsigned long arg4, unsigned long arg5, long *rc_p) | ||
611 | { | ||
612 | switch (option) { | ||
613 | case PR_CAPBSET_READ: | ||
614 | *rc_p = (cap_valid(arg2) ? 1 : -EINVAL); | ||
615 | break; | ||
616 | case PR_GET_KEEPCAPS: | ||
617 | *rc_p = issecure(SECURE_KEEP_CAPS); | ||
618 | break; | ||
619 | case PR_SET_KEEPCAPS: | ||
620 | if (arg2 > 1) | ||
621 | *rc_p = -EINVAL; | ||
622 | else if (arg2) | ||
623 | current->securebits |= issecure_mask(SECURE_KEEP_CAPS); | ||
624 | else | ||
625 | current->securebits &= | ||
626 | ~issecure_mask(SECURE_KEEP_CAPS); | ||
627 | break; | ||
628 | default: | ||
629 | return 0; | ||
630 | } | ||
631 | |||
632 | return 1; | ||
633 | } | ||
634 | |||
635 | static void dummy_task_reparent_to_init (struct task_struct *p) | ||
636 | { | ||
637 | p->euid = p->fsuid = 0; | ||
638 | return; | ||
639 | } | ||
640 | |||
641 | static void dummy_task_to_inode(struct task_struct *p, struct inode *inode) | ||
642 | { } | ||
643 | |||
644 | static int dummy_ipc_permission (struct kern_ipc_perm *ipcp, short flag) | ||
645 | { | ||
646 | return 0; | ||
647 | } | ||
648 | |||
649 | static void dummy_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) | ||
650 | { | ||
651 | *secid = 0; | ||
652 | } | ||
653 | |||
654 | static int dummy_msg_msg_alloc_security (struct msg_msg *msg) | ||
655 | { | ||
656 | return 0; | ||
657 | } | ||
658 | |||
659 | static void dummy_msg_msg_free_security (struct msg_msg *msg) | ||
660 | { | ||
661 | return; | ||
662 | } | ||
663 | |||
664 | static int dummy_msg_queue_alloc_security (struct msg_queue *msq) | ||
665 | { | ||
666 | return 0; | ||
667 | } | ||
668 | |||
669 | static void dummy_msg_queue_free_security (struct msg_queue *msq) | ||
670 | { | ||
671 | return; | ||
672 | } | ||
673 | |||
674 | static int dummy_msg_queue_associate (struct msg_queue *msq, | ||
675 | int msqflg) | ||
676 | { | ||
677 | return 0; | ||
678 | } | ||
679 | |||
680 | static int dummy_msg_queue_msgctl (struct msg_queue *msq, int cmd) | ||
681 | { | ||
682 | return 0; | ||
683 | } | ||
684 | |||
685 | static int dummy_msg_queue_msgsnd (struct msg_queue *msq, struct msg_msg *msg, | ||
686 | int msgflg) | ||
687 | { | ||
688 | return 0; | ||
689 | } | ||
690 | |||
691 | static int dummy_msg_queue_msgrcv (struct msg_queue *msq, struct msg_msg *msg, | ||
692 | struct task_struct *target, long type, | ||
693 | int mode) | ||
694 | { | ||
695 | return 0; | ||
696 | } | ||
697 | |||
698 | static int dummy_shm_alloc_security (struct shmid_kernel *shp) | ||
699 | { | ||
700 | return 0; | ||
701 | } | ||
702 | |||
703 | static void dummy_shm_free_security (struct shmid_kernel *shp) | ||
704 | { | ||
705 | return; | ||
706 | } | ||
707 | |||
708 | static int dummy_shm_associate (struct shmid_kernel *shp, int shmflg) | ||
709 | { | ||
710 | return 0; | ||
711 | } | ||
712 | |||
713 | static int dummy_shm_shmctl (struct shmid_kernel *shp, int cmd) | ||
714 | { | ||
715 | return 0; | ||
716 | } | ||
717 | |||
718 | static int dummy_shm_shmat (struct shmid_kernel *shp, char __user *shmaddr, | ||
719 | int shmflg) | ||
720 | { | ||
721 | return 0; | ||
722 | } | ||
723 | |||
724 | static int dummy_sem_alloc_security (struct sem_array *sma) | ||
725 | { | ||
726 | return 0; | ||
727 | } | ||
728 | |||
729 | static void dummy_sem_free_security (struct sem_array *sma) | ||
730 | { | ||
731 | return; | ||
732 | } | ||
733 | |||
734 | static int dummy_sem_associate (struct sem_array *sma, int semflg) | ||
735 | { | ||
736 | return 0; | ||
737 | } | ||
738 | |||
739 | static int dummy_sem_semctl (struct sem_array *sma, int cmd) | ||
740 | { | ||
741 | return 0; | ||
742 | } | ||
743 | |||
744 | static int dummy_sem_semop (struct sem_array *sma, | ||
745 | struct sembuf *sops, unsigned nsops, int alter) | ||
746 | { | ||
747 | return 0; | ||
748 | } | ||
749 | |||
750 | static int dummy_netlink_send (struct sock *sk, struct sk_buff *skb) | ||
751 | { | ||
752 | NETLINK_CB(skb).eff_cap = current->cap_effective; | ||
753 | return 0; | ||
754 | } | ||
755 | |||
756 | static int dummy_netlink_recv (struct sk_buff *skb, int cap) | ||
757 | { | ||
758 | if (!cap_raised (NETLINK_CB (skb).eff_cap, cap)) | ||
759 | return -EPERM; | ||
760 | return 0; | ||
761 | } | ||
762 | |||
763 | #ifdef CONFIG_SECURITY_NETWORK | ||
764 | static int dummy_unix_stream_connect (struct socket *sock, | ||
765 | struct socket *other, | ||
766 | struct sock *newsk) | ||
767 | { | ||
768 | return 0; | ||
769 | } | ||
770 | |||
771 | static int dummy_unix_may_send (struct socket *sock, | ||
772 | struct socket *other) | ||
773 | { | ||
774 | return 0; | ||
775 | } | ||
776 | |||
777 | static int dummy_socket_create (int family, int type, | ||
778 | int protocol, int kern) | ||
779 | { | ||
780 | return 0; | ||
781 | } | ||
782 | |||
783 | static int dummy_socket_post_create (struct socket *sock, int family, int type, | ||
784 | int protocol, int kern) | ||
785 | { | ||
786 | return 0; | ||
787 | } | ||
788 | |||
789 | static int dummy_socket_bind (struct socket *sock, struct sockaddr *address, | ||
790 | int addrlen) | ||
791 | { | ||
792 | return 0; | ||
793 | } | ||
794 | |||
795 | static int dummy_socket_connect (struct socket *sock, struct sockaddr *address, | ||
796 | int addrlen) | ||
797 | { | ||
798 | return 0; | ||
799 | } | ||
800 | |||
801 | static int dummy_socket_listen (struct socket *sock, int backlog) | ||
802 | { | ||
803 | return 0; | ||
804 | } | ||
805 | |||
806 | static int dummy_socket_accept (struct socket *sock, struct socket *newsock) | ||
807 | { | ||
808 | return 0; | ||
809 | } | ||
810 | |||
811 | static void dummy_socket_post_accept (struct socket *sock, | ||
812 | struct socket *newsock) | ||
813 | { | ||
814 | return; | ||
815 | } | ||
816 | |||
817 | static int dummy_socket_sendmsg (struct socket *sock, struct msghdr *msg, | ||
818 | int size) | ||
819 | { | ||
820 | return 0; | ||
821 | } | ||
822 | |||
823 | static int dummy_socket_recvmsg (struct socket *sock, struct msghdr *msg, | ||
824 | int size, int flags) | ||
825 | { | ||
826 | return 0; | ||
827 | } | ||
828 | |||
829 | static int dummy_socket_getsockname (struct socket *sock) | ||
830 | { | ||
831 | return 0; | ||
832 | } | ||
833 | |||
834 | static int dummy_socket_getpeername (struct socket *sock) | ||
835 | { | ||
836 | return 0; | ||
837 | } | ||
838 | |||
839 | static int dummy_socket_setsockopt (struct socket *sock, int level, int optname) | ||
840 | { | ||
841 | return 0; | ||
842 | } | ||
843 | |||
844 | static int dummy_socket_getsockopt (struct socket *sock, int level, int optname) | ||
845 | { | ||
846 | return 0; | ||
847 | } | ||
848 | |||
849 | static int dummy_socket_shutdown (struct socket *sock, int how) | ||
850 | { | ||
851 | return 0; | ||
852 | } | ||
853 | |||
854 | static int dummy_socket_sock_rcv_skb (struct sock *sk, struct sk_buff *skb) | ||
855 | { | ||
856 | return 0; | ||
857 | } | ||
858 | |||
859 | static int dummy_socket_getpeersec_stream(struct socket *sock, char __user *optval, | ||
860 | int __user *optlen, unsigned len) | ||
861 | { | ||
862 | return -ENOPROTOOPT; | ||
863 | } | ||
864 | |||
865 | static int dummy_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) | ||
866 | { | ||
867 | return -ENOPROTOOPT; | ||
868 | } | ||
869 | |||
870 | static inline int dummy_sk_alloc_security (struct sock *sk, int family, gfp_t priority) | ||
871 | { | ||
872 | return 0; | ||
873 | } | ||
874 | |||
875 | static inline void dummy_sk_free_security (struct sock *sk) | ||
876 | { | ||
877 | } | ||
878 | |||
879 | static inline void dummy_sk_clone_security (const struct sock *sk, struct sock *newsk) | ||
880 | { | ||
881 | } | ||
882 | |||
883 | static inline void dummy_sk_getsecid(struct sock *sk, u32 *secid) | ||
884 | { | ||
885 | } | ||
886 | |||
887 | static inline void dummy_sock_graft(struct sock* sk, struct socket *parent) | ||
888 | { | ||
889 | } | ||
890 | |||
891 | static inline int dummy_inet_conn_request(struct sock *sk, | ||
892 | struct sk_buff *skb, struct request_sock *req) | ||
893 | { | ||
894 | return 0; | ||
895 | } | ||
896 | |||
897 | static inline void dummy_inet_csk_clone(struct sock *newsk, | ||
898 | const struct request_sock *req) | ||
899 | { | ||
900 | } | ||
901 | |||
902 | static inline void dummy_inet_conn_established(struct sock *sk, | ||
903 | struct sk_buff *skb) | ||
904 | { | ||
905 | } | ||
906 | |||
907 | static inline void dummy_req_classify_flow(const struct request_sock *req, | ||
908 | struct flowi *fl) | ||
909 | { | ||
910 | } | ||
911 | #endif /* CONFIG_SECURITY_NETWORK */ | ||
912 | |||
913 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | ||
914 | static int dummy_xfrm_policy_alloc_security(struct xfrm_sec_ctx **ctxp, | ||
915 | struct xfrm_user_sec_ctx *sec_ctx) | ||
916 | { | ||
917 | return 0; | ||
918 | } | ||
919 | |||
920 | static inline int dummy_xfrm_policy_clone_security(struct xfrm_sec_ctx *old_ctx, | ||
921 | struct xfrm_sec_ctx **new_ctxp) | ||
922 | { | ||
923 | return 0; | ||
924 | } | ||
925 | |||
926 | static void dummy_xfrm_policy_free_security(struct xfrm_sec_ctx *ctx) | ||
927 | { | ||
928 | } | ||
929 | |||
930 | static int dummy_xfrm_policy_delete_security(struct xfrm_sec_ctx *ctx) | ||
931 | { | ||
932 | return 0; | ||
933 | } | ||
934 | |||
935 | static int dummy_xfrm_state_alloc_security(struct xfrm_state *x, | ||
936 | struct xfrm_user_sec_ctx *sec_ctx, u32 secid) | ||
937 | { | ||
938 | return 0; | ||
939 | } | ||
940 | |||
941 | static void dummy_xfrm_state_free_security(struct xfrm_state *x) | ||
942 | { | ||
943 | } | ||
944 | |||
945 | static int dummy_xfrm_state_delete_security(struct xfrm_state *x) | ||
946 | { | ||
947 | return 0; | ||
948 | } | ||
949 | |||
950 | static int dummy_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, | ||
951 | u32 sk_sid, u8 dir) | ||
952 | { | ||
953 | return 0; | ||
954 | } | ||
955 | |||
956 | static int dummy_xfrm_state_pol_flow_match(struct xfrm_state *x, | ||
957 | struct xfrm_policy *xp, struct flowi *fl) | ||
958 | { | ||
959 | return 1; | ||
960 | } | ||
961 | |||
962 | static int dummy_xfrm_decode_session(struct sk_buff *skb, u32 *fl, int ckall) | ||
963 | { | ||
964 | return 0; | ||
965 | } | ||
966 | |||
967 | #endif /* CONFIG_SECURITY_NETWORK_XFRM */ | ||
968 | static int dummy_register_security (const char *name, struct security_operations *ops) | ||
969 | { | ||
970 | return -EINVAL; | ||
971 | } | ||
972 | |||
973 | static void dummy_d_instantiate (struct dentry *dentry, struct inode *inode) | ||
974 | { | ||
975 | return; | ||
976 | } | ||
977 | |||
978 | static int dummy_getprocattr(struct task_struct *p, char *name, char **value) | ||
979 | { | ||
980 | return -EINVAL; | ||
981 | } | ||
982 | |||
983 | static int dummy_setprocattr(struct task_struct *p, char *name, void *value, size_t size) | ||
984 | { | ||
985 | return -EINVAL; | ||
986 | } | ||
987 | |||
988 | static int dummy_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) | ||
989 | { | ||
990 | return -EOPNOTSUPP; | ||
991 | } | ||
992 | |||
993 | static int dummy_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) | ||
994 | { | ||
995 | return -EOPNOTSUPP; | ||
996 | } | ||
997 | |||
998 | static void dummy_release_secctx(char *secdata, u32 seclen) | ||
999 | { | ||
1000 | } | ||
1001 | |||
1002 | #ifdef CONFIG_KEYS | ||
1003 | static inline int dummy_key_alloc(struct key *key, struct task_struct *ctx, | ||
1004 | unsigned long flags) | ||
1005 | { | ||
1006 | return 0; | ||
1007 | } | ||
1008 | |||
1009 | static inline void dummy_key_free(struct key *key) | ||
1010 | { | ||
1011 | } | ||
1012 | |||
1013 | static inline int dummy_key_permission(key_ref_t key_ref, | ||
1014 | struct task_struct *context, | ||
1015 | key_perm_t perm) | ||
1016 | { | ||
1017 | return 0; | ||
1018 | } | ||
1019 | |||
1020 | static int dummy_key_getsecurity(struct key *key, char **_buffer) | ||
1021 | { | ||
1022 | *_buffer = NULL; | ||
1023 | return 0; | ||
1024 | } | ||
1025 | |||
1026 | #endif /* CONFIG_KEYS */ | ||
1027 | |||
1028 | #ifdef CONFIG_AUDIT | ||
1029 | static inline int dummy_audit_rule_init(u32 field, u32 op, char *rulestr, | ||
1030 | void **lsmrule) | ||
1031 | { | ||
1032 | return 0; | ||
1033 | } | ||
1034 | |||
1035 | static inline int dummy_audit_rule_known(struct audit_krule *krule) | ||
1036 | { | ||
1037 | return 0; | ||
1038 | } | ||
1039 | |||
1040 | static inline int dummy_audit_rule_match(u32 secid, u32 field, u32 op, | ||
1041 | void *lsmrule, | ||
1042 | struct audit_context *actx) | ||
1043 | { | ||
1044 | return 0; | ||
1045 | } | ||
1046 | |||
1047 | static inline void dummy_audit_rule_free(void *lsmrule) | ||
1048 | { } | ||
1049 | |||
1050 | #endif /* CONFIG_AUDIT */ | ||
1051 | |||
1052 | struct security_operations dummy_security_ops = { | ||
1053 | .name = "dummy", | ||
1054 | }; | ||
1055 | |||
1056 | #define set_to_dummy_if_null(ops, function) \ | ||
1057 | do { \ | ||
1058 | if (!ops->function) { \ | ||
1059 | ops->function = dummy_##function; \ | ||
1060 | pr_debug("Had to override the " #function \ | ||
1061 | " security operation with the dummy one.\n");\ | ||
1062 | } \ | ||
1063 | } while (0) | ||
1064 | |||
1065 | void security_fixup_ops (struct security_operations *ops) | ||
1066 | { | ||
1067 | set_to_dummy_if_null(ops, ptrace); | ||
1068 | set_to_dummy_if_null(ops, capget); | ||
1069 | set_to_dummy_if_null(ops, capset_check); | ||
1070 | set_to_dummy_if_null(ops, capset_set); | ||
1071 | set_to_dummy_if_null(ops, acct); | ||
1072 | set_to_dummy_if_null(ops, capable); | ||
1073 | set_to_dummy_if_null(ops, quotactl); | ||
1074 | set_to_dummy_if_null(ops, quota_on); | ||
1075 | set_to_dummy_if_null(ops, sysctl); | ||
1076 | set_to_dummy_if_null(ops, syslog); | ||
1077 | set_to_dummy_if_null(ops, settime); | ||
1078 | set_to_dummy_if_null(ops, vm_enough_memory); | ||
1079 | set_to_dummy_if_null(ops, bprm_alloc_security); | ||
1080 | set_to_dummy_if_null(ops, bprm_free_security); | ||
1081 | set_to_dummy_if_null(ops, bprm_apply_creds); | ||
1082 | set_to_dummy_if_null(ops, bprm_post_apply_creds); | ||
1083 | set_to_dummy_if_null(ops, bprm_set_security); | ||
1084 | set_to_dummy_if_null(ops, bprm_check_security); | ||
1085 | set_to_dummy_if_null(ops, bprm_secureexec); | ||
1086 | set_to_dummy_if_null(ops, sb_alloc_security); | ||
1087 | set_to_dummy_if_null(ops, sb_free_security); | ||
1088 | set_to_dummy_if_null(ops, sb_copy_data); | ||
1089 | set_to_dummy_if_null(ops, sb_kern_mount); | ||
1090 | set_to_dummy_if_null(ops, sb_statfs); | ||
1091 | set_to_dummy_if_null(ops, sb_mount); | ||
1092 | set_to_dummy_if_null(ops, sb_check_sb); | ||
1093 | set_to_dummy_if_null(ops, sb_umount); | ||
1094 | set_to_dummy_if_null(ops, sb_umount_close); | ||
1095 | set_to_dummy_if_null(ops, sb_umount_busy); | ||
1096 | set_to_dummy_if_null(ops, sb_post_remount); | ||
1097 | set_to_dummy_if_null(ops, sb_post_addmount); | ||
1098 | set_to_dummy_if_null(ops, sb_pivotroot); | ||
1099 | set_to_dummy_if_null(ops, sb_post_pivotroot); | ||
1100 | set_to_dummy_if_null(ops, sb_get_mnt_opts); | ||
1101 | set_to_dummy_if_null(ops, sb_set_mnt_opts); | ||
1102 | set_to_dummy_if_null(ops, sb_clone_mnt_opts); | ||
1103 | set_to_dummy_if_null(ops, sb_parse_opts_str); | ||
1104 | set_to_dummy_if_null(ops, inode_alloc_security); | ||
1105 | set_to_dummy_if_null(ops, inode_free_security); | ||
1106 | set_to_dummy_if_null(ops, inode_init_security); | ||
1107 | set_to_dummy_if_null(ops, inode_create); | ||
1108 | set_to_dummy_if_null(ops, inode_link); | ||
1109 | set_to_dummy_if_null(ops, inode_unlink); | ||
1110 | set_to_dummy_if_null(ops, inode_symlink); | ||
1111 | set_to_dummy_if_null(ops, inode_mkdir); | ||
1112 | set_to_dummy_if_null(ops, inode_rmdir); | ||
1113 | set_to_dummy_if_null(ops, inode_mknod); | ||
1114 | set_to_dummy_if_null(ops, inode_rename); | ||
1115 | set_to_dummy_if_null(ops, inode_readlink); | ||
1116 | set_to_dummy_if_null(ops, inode_follow_link); | ||
1117 | set_to_dummy_if_null(ops, inode_permission); | ||
1118 | set_to_dummy_if_null(ops, inode_setattr); | ||
1119 | set_to_dummy_if_null(ops, inode_getattr); | ||
1120 | set_to_dummy_if_null(ops, inode_delete); | ||
1121 | set_to_dummy_if_null(ops, inode_setxattr); | ||
1122 | set_to_dummy_if_null(ops, inode_post_setxattr); | ||
1123 | set_to_dummy_if_null(ops, inode_getxattr); | ||
1124 | set_to_dummy_if_null(ops, inode_listxattr); | ||
1125 | set_to_dummy_if_null(ops, inode_removexattr); | ||
1126 | set_to_dummy_if_null(ops, inode_need_killpriv); | ||
1127 | set_to_dummy_if_null(ops, inode_killpriv); | ||
1128 | set_to_dummy_if_null(ops, inode_getsecurity); | ||
1129 | set_to_dummy_if_null(ops, inode_setsecurity); | ||
1130 | set_to_dummy_if_null(ops, inode_listsecurity); | ||
1131 | set_to_dummy_if_null(ops, inode_getsecid); | ||
1132 | set_to_dummy_if_null(ops, file_permission); | ||
1133 | set_to_dummy_if_null(ops, file_alloc_security); | ||
1134 | set_to_dummy_if_null(ops, file_free_security); | ||
1135 | set_to_dummy_if_null(ops, file_ioctl); | ||
1136 | set_to_dummy_if_null(ops, file_mmap); | ||
1137 | set_to_dummy_if_null(ops, file_mprotect); | ||
1138 | set_to_dummy_if_null(ops, file_lock); | ||
1139 | set_to_dummy_if_null(ops, file_fcntl); | ||
1140 | set_to_dummy_if_null(ops, file_set_fowner); | ||
1141 | set_to_dummy_if_null(ops, file_send_sigiotask); | ||
1142 | set_to_dummy_if_null(ops, file_receive); | ||
1143 | set_to_dummy_if_null(ops, dentry_open); | ||
1144 | set_to_dummy_if_null(ops, task_create); | ||
1145 | set_to_dummy_if_null(ops, task_alloc_security); | ||
1146 | set_to_dummy_if_null(ops, task_free_security); | ||
1147 | set_to_dummy_if_null(ops, task_setuid); | ||
1148 | set_to_dummy_if_null(ops, task_post_setuid); | ||
1149 | set_to_dummy_if_null(ops, task_setgid); | ||
1150 | set_to_dummy_if_null(ops, task_setpgid); | ||
1151 | set_to_dummy_if_null(ops, task_getpgid); | ||
1152 | set_to_dummy_if_null(ops, task_getsid); | ||
1153 | set_to_dummy_if_null(ops, task_getsecid); | ||
1154 | set_to_dummy_if_null(ops, task_setgroups); | ||
1155 | set_to_dummy_if_null(ops, task_setnice); | ||
1156 | set_to_dummy_if_null(ops, task_setioprio); | ||
1157 | set_to_dummy_if_null(ops, task_getioprio); | ||
1158 | set_to_dummy_if_null(ops, task_setrlimit); | ||
1159 | set_to_dummy_if_null(ops, task_setscheduler); | ||
1160 | set_to_dummy_if_null(ops, task_getscheduler); | ||
1161 | set_to_dummy_if_null(ops, task_movememory); | ||
1162 | set_to_dummy_if_null(ops, task_wait); | ||
1163 | set_to_dummy_if_null(ops, task_kill); | ||
1164 | set_to_dummy_if_null(ops, task_prctl); | ||
1165 | set_to_dummy_if_null(ops, task_reparent_to_init); | ||
1166 | set_to_dummy_if_null(ops, task_to_inode); | ||
1167 | set_to_dummy_if_null(ops, ipc_permission); | ||
1168 | set_to_dummy_if_null(ops, ipc_getsecid); | ||
1169 | set_to_dummy_if_null(ops, msg_msg_alloc_security); | ||
1170 | set_to_dummy_if_null(ops, msg_msg_free_security); | ||
1171 | set_to_dummy_if_null(ops, msg_queue_alloc_security); | ||
1172 | set_to_dummy_if_null(ops, msg_queue_free_security); | ||
1173 | set_to_dummy_if_null(ops, msg_queue_associate); | ||
1174 | set_to_dummy_if_null(ops, msg_queue_msgctl); | ||
1175 | set_to_dummy_if_null(ops, msg_queue_msgsnd); | ||
1176 | set_to_dummy_if_null(ops, msg_queue_msgrcv); | ||
1177 | set_to_dummy_if_null(ops, shm_alloc_security); | ||
1178 | set_to_dummy_if_null(ops, shm_free_security); | ||
1179 | set_to_dummy_if_null(ops, shm_associate); | ||
1180 | set_to_dummy_if_null(ops, shm_shmctl); | ||
1181 | set_to_dummy_if_null(ops, shm_shmat); | ||
1182 | set_to_dummy_if_null(ops, sem_alloc_security); | ||
1183 | set_to_dummy_if_null(ops, sem_free_security); | ||
1184 | set_to_dummy_if_null(ops, sem_associate); | ||
1185 | set_to_dummy_if_null(ops, sem_semctl); | ||
1186 | set_to_dummy_if_null(ops, sem_semop); | ||
1187 | set_to_dummy_if_null(ops, netlink_send); | ||
1188 | set_to_dummy_if_null(ops, netlink_recv); | ||
1189 | set_to_dummy_if_null(ops, register_security); | ||
1190 | set_to_dummy_if_null(ops, d_instantiate); | ||
1191 | set_to_dummy_if_null(ops, getprocattr); | ||
1192 | set_to_dummy_if_null(ops, setprocattr); | ||
1193 | set_to_dummy_if_null(ops, secid_to_secctx); | ||
1194 | set_to_dummy_if_null(ops, secctx_to_secid); | ||
1195 | set_to_dummy_if_null(ops, release_secctx); | ||
1196 | #ifdef CONFIG_SECURITY_NETWORK | ||
1197 | set_to_dummy_if_null(ops, unix_stream_connect); | ||
1198 | set_to_dummy_if_null(ops, unix_may_send); | ||
1199 | set_to_dummy_if_null(ops, socket_create); | ||
1200 | set_to_dummy_if_null(ops, socket_post_create); | ||
1201 | set_to_dummy_if_null(ops, socket_bind); | ||
1202 | set_to_dummy_if_null(ops, socket_connect); | ||
1203 | set_to_dummy_if_null(ops, socket_listen); | ||
1204 | set_to_dummy_if_null(ops, socket_accept); | ||
1205 | set_to_dummy_if_null(ops, socket_post_accept); | ||
1206 | set_to_dummy_if_null(ops, socket_sendmsg); | ||
1207 | set_to_dummy_if_null(ops, socket_recvmsg); | ||
1208 | set_to_dummy_if_null(ops, socket_getsockname); | ||
1209 | set_to_dummy_if_null(ops, socket_getpeername); | ||
1210 | set_to_dummy_if_null(ops, socket_setsockopt); | ||
1211 | set_to_dummy_if_null(ops, socket_getsockopt); | ||
1212 | set_to_dummy_if_null(ops, socket_shutdown); | ||
1213 | set_to_dummy_if_null(ops, socket_sock_rcv_skb); | ||
1214 | set_to_dummy_if_null(ops, socket_getpeersec_stream); | ||
1215 | set_to_dummy_if_null(ops, socket_getpeersec_dgram); | ||
1216 | set_to_dummy_if_null(ops, sk_alloc_security); | ||
1217 | set_to_dummy_if_null(ops, sk_free_security); | ||
1218 | set_to_dummy_if_null(ops, sk_clone_security); | ||
1219 | set_to_dummy_if_null(ops, sk_getsecid); | ||
1220 | set_to_dummy_if_null(ops, sock_graft); | ||
1221 | set_to_dummy_if_null(ops, inet_conn_request); | ||
1222 | set_to_dummy_if_null(ops, inet_csk_clone); | ||
1223 | set_to_dummy_if_null(ops, inet_conn_established); | ||
1224 | set_to_dummy_if_null(ops, req_classify_flow); | ||
1225 | #endif /* CONFIG_SECURITY_NETWORK */ | ||
1226 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | ||
1227 | set_to_dummy_if_null(ops, xfrm_policy_alloc_security); | ||
1228 | set_to_dummy_if_null(ops, xfrm_policy_clone_security); | ||
1229 | set_to_dummy_if_null(ops, xfrm_policy_free_security); | ||
1230 | set_to_dummy_if_null(ops, xfrm_policy_delete_security); | ||
1231 | set_to_dummy_if_null(ops, xfrm_state_alloc_security); | ||
1232 | set_to_dummy_if_null(ops, xfrm_state_free_security); | ||
1233 | set_to_dummy_if_null(ops, xfrm_state_delete_security); | ||
1234 | set_to_dummy_if_null(ops, xfrm_policy_lookup); | ||
1235 | set_to_dummy_if_null(ops, xfrm_state_pol_flow_match); | ||
1236 | set_to_dummy_if_null(ops, xfrm_decode_session); | ||
1237 | #endif /* CONFIG_SECURITY_NETWORK_XFRM */ | ||
1238 | #ifdef CONFIG_KEYS | ||
1239 | set_to_dummy_if_null(ops, key_alloc); | ||
1240 | set_to_dummy_if_null(ops, key_free); | ||
1241 | set_to_dummy_if_null(ops, key_permission); | ||
1242 | set_to_dummy_if_null(ops, key_getsecurity); | ||
1243 | #endif /* CONFIG_KEYS */ | ||
1244 | #ifdef CONFIG_AUDIT | ||
1245 | set_to_dummy_if_null(ops, audit_rule_init); | ||
1246 | set_to_dummy_if_null(ops, audit_rule_known); | ||
1247 | set_to_dummy_if_null(ops, audit_rule_match); | ||
1248 | set_to_dummy_if_null(ops, audit_rule_free); | ||
1249 | #endif | ||
1250 | } | ||
1251 | |||
diff --git a/security/root_plug.c b/security/root_plug.c index a41cf42a4fa0..be0ebec2580b 100644 --- a/security/root_plug.c +++ b/security/root_plug.c | |||
@@ -28,9 +28,6 @@ | |||
28 | #include <linux/usb.h> | 28 | #include <linux/usb.h> |
29 | #include <linux/moduleparam.h> | 29 | #include <linux/moduleparam.h> |
30 | 30 | ||
31 | /* flag to keep track of how we were registered */ | ||
32 | static int secondary; | ||
33 | |||
34 | /* default is a generic type of usb to serial converter */ | 31 | /* default is a generic type of usb to serial converter */ |
35 | static int vendor_id = 0x0557; | 32 | static int vendor_id = 0x0557; |
36 | static int product_id = 0x2008; | 33 | static int product_id = 0x2008; |
@@ -97,13 +94,7 @@ static int __init rootplug_init (void) | |||
97 | if (register_security (&rootplug_security_ops)) { | 94 | if (register_security (&rootplug_security_ops)) { |
98 | printk (KERN_INFO | 95 | printk (KERN_INFO |
99 | "Failure registering Root Plug module with the kernel\n"); | 96 | "Failure registering Root Plug module with the kernel\n"); |
100 | /* try registering with primary module */ | ||
101 | if (mod_reg_security (MY_NAME, &rootplug_security_ops)) { | ||
102 | printk (KERN_INFO "Failure registering Root Plug " | ||
103 | " module with primary security module.\n"); | ||
104 | return -EINVAL; | 97 | return -EINVAL; |
105 | } | ||
106 | secondary = 1; | ||
107 | } | 98 | } |
108 | printk (KERN_INFO "Root Plug module initialized, " | 99 | printk (KERN_INFO "Root Plug module initialized, " |
109 | "vendor_id = %4.4x, product id = %4.4x\n", vendor_id, product_id); | 100 | "vendor_id = %4.4x, product id = %4.4x\n", vendor_id, product_id); |
diff --git a/security/security.c b/security/security.c index 59838a99b80e..59f23b5918b3 100644 --- a/security/security.c +++ b/security/security.c | |||
@@ -20,8 +20,8 @@ | |||
20 | /* Boot-time LSM user choice */ | 20 | /* Boot-time LSM user choice */ |
21 | static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1]; | 21 | static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1]; |
22 | 22 | ||
23 | /* things that live in dummy.c */ | 23 | /* things that live in capability.c */ |
24 | extern struct security_operations dummy_security_ops; | 24 | extern struct security_operations default_security_ops; |
25 | extern void security_fixup_ops(struct security_operations *ops); | 25 | extern void security_fixup_ops(struct security_operations *ops); |
26 | 26 | ||
27 | struct security_operations *security_ops; /* Initialized to NULL */ | 27 | struct security_operations *security_ops; /* Initialized to NULL */ |
@@ -57,13 +57,8 @@ int __init security_init(void) | |||
57 | { | 57 | { |
58 | printk(KERN_INFO "Security Framework initialized\n"); | 58 | printk(KERN_INFO "Security Framework initialized\n"); |
59 | 59 | ||
60 | if (verify(&dummy_security_ops)) { | 60 | security_fixup_ops(&default_security_ops); |
61 | printk(KERN_ERR "%s could not verify " | 61 | security_ops = &default_security_ops; |
62 | "dummy_security_ops structure.\n", __func__); | ||
63 | return -EIO; | ||
64 | } | ||
65 | |||
66 | security_ops = &dummy_security_ops; | ||
67 | do_security_initcalls(); | 62 | do_security_initcalls(); |
68 | 63 | ||
69 | return 0; | 64 | return 0; |
@@ -122,7 +117,7 @@ int register_security(struct security_operations *ops) | |||
122 | return -EINVAL; | 117 | return -EINVAL; |
123 | } | 118 | } |
124 | 119 | ||
125 | if (security_ops != &dummy_security_ops) | 120 | if (security_ops != &default_security_ops) |
126 | return -EAGAIN; | 121 | return -EAGAIN; |
127 | 122 | ||
128 | security_ops = ops; | 123 | security_ops = ops; |
@@ -130,40 +125,12 @@ int register_security(struct security_operations *ops) | |||
130 | return 0; | 125 | return 0; |
131 | } | 126 | } |
132 | 127 | ||
133 | /** | ||
134 | * mod_reg_security - allows security modules to be "stacked" | ||
135 | * @name: a pointer to a string with the name of the security_options to be registered | ||
136 | * @ops: a pointer to the struct security_options that is to be registered | ||
137 | * | ||
138 | * This function allows security modules to be stacked if the currently loaded | ||
139 | * security module allows this to happen. It passes the @name and @ops to the | ||
140 | * register_security function of the currently loaded security module. | ||
141 | * | ||
142 | * The return value depends on the currently loaded security module, with 0 as | ||
143 | * success. | ||
144 | */ | ||
145 | int mod_reg_security(const char *name, struct security_operations *ops) | ||
146 | { | ||
147 | if (verify(ops)) { | ||
148 | printk(KERN_INFO "%s could not verify " | ||
149 | "security operations.\n", __func__); | ||
150 | return -EINVAL; | ||
151 | } | ||
152 | |||
153 | if (ops == security_ops) { | ||
154 | printk(KERN_INFO "%s security operations " | ||
155 | "already registered.\n", __func__); | ||
156 | return -EINVAL; | ||
157 | } | ||
158 | |||
159 | return security_ops->register_security(name, ops); | ||
160 | } | ||
161 | |||
162 | /* Security operations */ | 128 | /* Security operations */ |
163 | 129 | ||
164 | int security_ptrace(struct task_struct *parent, struct task_struct *child) | 130 | int security_ptrace(struct task_struct *parent, struct task_struct *child, |
131 | unsigned int mode) | ||
165 | { | 132 | { |
166 | return security_ops->ptrace(parent, child); | 133 | return security_ops->ptrace(parent, child, mode); |
167 | } | 134 | } |
168 | 135 | ||
169 | int security_capget(struct task_struct *target, | 136 | int security_capget(struct task_struct *target, |
@@ -291,6 +258,11 @@ int security_sb_kern_mount(struct super_block *sb, void *data) | |||
291 | return security_ops->sb_kern_mount(sb, data); | 258 | return security_ops->sb_kern_mount(sb, data); |
292 | } | 259 | } |
293 | 260 | ||
261 | int security_sb_show_options(struct seq_file *m, struct super_block *sb) | ||
262 | { | ||
263 | return security_ops->sb_show_options(m, sb); | ||
264 | } | ||
265 | |||
294 | int security_sb_statfs(struct dentry *dentry) | 266 | int security_sb_statfs(struct dentry *dentry) |
295 | { | 267 | { |
296 | return security_ops->sb_statfs(dentry); | 268 | return security_ops->sb_statfs(dentry); |
@@ -342,12 +314,6 @@ void security_sb_post_pivotroot(struct path *old_path, struct path *new_path) | |||
342 | security_ops->sb_post_pivotroot(old_path, new_path); | 314 | security_ops->sb_post_pivotroot(old_path, new_path); |
343 | } | 315 | } |
344 | 316 | ||
345 | int security_sb_get_mnt_opts(const struct super_block *sb, | ||
346 | struct security_mnt_opts *opts) | ||
347 | { | ||
348 | return security_ops->sb_get_mnt_opts(sb, opts); | ||
349 | } | ||
350 | |||
351 | int security_sb_set_mnt_opts(struct super_block *sb, | 317 | int security_sb_set_mnt_opts(struct super_block *sb, |
352 | struct security_mnt_opts *opts) | 318 | struct security_mnt_opts *opts) |
353 | { | 319 | { |
@@ -894,7 +860,7 @@ EXPORT_SYMBOL(security_secctx_to_secid); | |||
894 | 860 | ||
895 | void security_release_secctx(char *secdata, u32 seclen) | 861 | void security_release_secctx(char *secdata, u32 seclen) |
896 | { | 862 | { |
897 | return security_ops->release_secctx(secdata, seclen); | 863 | security_ops->release_secctx(secdata, seclen); |
898 | } | 864 | } |
899 | EXPORT_SYMBOL(security_release_secctx); | 865 | EXPORT_SYMBOL(security_release_secctx); |
900 | 866 | ||
@@ -1011,12 +977,12 @@ int security_sk_alloc(struct sock *sk, int family, gfp_t priority) | |||
1011 | 977 | ||
1012 | void security_sk_free(struct sock *sk) | 978 | void security_sk_free(struct sock *sk) |
1013 | { | 979 | { |
1014 | return security_ops->sk_free_security(sk); | 980 | security_ops->sk_free_security(sk); |
1015 | } | 981 | } |
1016 | 982 | ||
1017 | void security_sk_clone(const struct sock *sk, struct sock *newsk) | 983 | void security_sk_clone(const struct sock *sk, struct sock *newsk) |
1018 | { | 984 | { |
1019 | return security_ops->sk_clone_security(sk, newsk); | 985 | security_ops->sk_clone_security(sk, newsk); |
1020 | } | 986 | } |
1021 | 987 | ||
1022 | void security_sk_classify_flow(struct sock *sk, struct flowi *fl) | 988 | void security_sk_classify_flow(struct sock *sk, struct flowi *fl) |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 1c864c0efe2b..63f131fc42e4 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -9,7 +9,8 @@ | |||
9 | * James Morris <jmorris@redhat.com> | 9 | * James Morris <jmorris@redhat.com> |
10 | * | 10 | * |
11 | * Copyright (C) 2001,2002 Networks Associates Technology, Inc. | 11 | * Copyright (C) 2001,2002 Networks Associates Technology, Inc. |
12 | * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com> | 12 | * Copyright (C) 2003-2008 Red Hat, Inc., James Morris <jmorris@redhat.com> |
13 | * Eric Paris <eparis@redhat.com> | ||
13 | * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. | 14 | * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. |
14 | * <dgoeddel@trustedcs.com> | 15 | * <dgoeddel@trustedcs.com> |
15 | * Copyright (C) 2006, 2007 Hewlett-Packard Development Company, L.P. | 16 | * Copyright (C) 2006, 2007 Hewlett-Packard Development Company, L.P. |
@@ -42,9 +43,7 @@ | |||
42 | #include <linux/fdtable.h> | 43 | #include <linux/fdtable.h> |
43 | #include <linux/namei.h> | 44 | #include <linux/namei.h> |
44 | #include <linux/mount.h> | 45 | #include <linux/mount.h> |
45 | #include <linux/ext2_fs.h> | ||
46 | #include <linux/proc_fs.h> | 46 | #include <linux/proc_fs.h> |
47 | #include <linux/kd.h> | ||
48 | #include <linux/netfilter_ipv4.h> | 47 | #include <linux/netfilter_ipv4.h> |
49 | #include <linux/netfilter_ipv6.h> | 48 | #include <linux/netfilter_ipv6.h> |
50 | #include <linux/tty.h> | 49 | #include <linux/tty.h> |
@@ -53,7 +52,7 @@ | |||
53 | #include <net/tcp.h> /* struct or_callable used in sock_rcv_skb */ | 52 | #include <net/tcp.h> /* struct or_callable used in sock_rcv_skb */ |
54 | #include <net/net_namespace.h> | 53 | #include <net/net_namespace.h> |
55 | #include <net/netlabel.h> | 54 | #include <net/netlabel.h> |
56 | #include <asm/uaccess.h> | 55 | #include <linux/uaccess.h> |
57 | #include <asm/ioctls.h> | 56 | #include <asm/ioctls.h> |
58 | #include <asm/atomic.h> | 57 | #include <asm/atomic.h> |
59 | #include <linux/bitops.h> | 58 | #include <linux/bitops.h> |
@@ -104,7 +103,9 @@ int selinux_enforcing; | |||
104 | 103 | ||
105 | static int __init enforcing_setup(char *str) | 104 | static int __init enforcing_setup(char *str) |
106 | { | 105 | { |
107 | selinux_enforcing = simple_strtol(str, NULL, 0); | 106 | unsigned long enforcing; |
107 | if (!strict_strtoul(str, 0, &enforcing)) | ||
108 | selinux_enforcing = enforcing ? 1 : 0; | ||
108 | return 1; | 109 | return 1; |
109 | } | 110 | } |
110 | __setup("enforcing=", enforcing_setup); | 111 | __setup("enforcing=", enforcing_setup); |
@@ -115,7 +116,9 @@ int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE; | |||
115 | 116 | ||
116 | static int __init selinux_enabled_setup(char *str) | 117 | static int __init selinux_enabled_setup(char *str) |
117 | { | 118 | { |
118 | selinux_enabled = simple_strtol(str, NULL, 0); | 119 | unsigned long enabled; |
120 | if (!strict_strtoul(str, 0, &enabled)) | ||
121 | selinux_enabled = enabled ? 1 : 0; | ||
119 | return 1; | 122 | return 1; |
120 | } | 123 | } |
121 | __setup("selinux=", selinux_enabled_setup); | 124 | __setup("selinux=", selinux_enabled_setup); |
@@ -123,13 +126,11 @@ __setup("selinux=", selinux_enabled_setup); | |||
123 | int selinux_enabled = 1; | 126 | int selinux_enabled = 1; |
124 | #endif | 127 | #endif |
125 | 128 | ||
126 | /* Original (dummy) security module. */ | ||
127 | static struct security_operations *original_ops; | ||
128 | 129 | ||
129 | /* Minimal support for a secondary security module, | 130 | /* |
130 | just to allow the use of the dummy or capability modules. | 131 | * Minimal support for a secondary security module, |
131 | The owlsm module can alternatively be used as a secondary | 132 | * just to allow the use of the capability module. |
132 | module as long as CONFIG_OWLSM_FD is not enabled. */ | 133 | */ |
133 | static struct security_operations *secondary_ops; | 134 | static struct security_operations *secondary_ops; |
134 | 135 | ||
135 | /* Lists of inode and superblock security structures initialized | 136 | /* Lists of inode and superblock security structures initialized |
@@ -594,7 +595,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, | |||
594 | */ | 595 | */ |
595 | if (sbsec->initialized && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA) | 596 | if (sbsec->initialized && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA) |
596 | && (num_opts == 0)) | 597 | && (num_opts == 0)) |
597 | goto out; | 598 | goto out; |
598 | 599 | ||
599 | /* | 600 | /* |
600 | * parse the mount options, check if they are valid sids. | 601 | * parse the mount options, check if they are valid sids. |
@@ -956,6 +957,57 @@ out_err: | |||
956 | return rc; | 957 | return rc; |
957 | } | 958 | } |
958 | 959 | ||
960 | void selinux_write_opts(struct seq_file *m, struct security_mnt_opts *opts) | ||
961 | { | ||
962 | int i; | ||
963 | char *prefix; | ||
964 | |||
965 | for (i = 0; i < opts->num_mnt_opts; i++) { | ||
966 | char *has_comma = strchr(opts->mnt_opts[i], ','); | ||
967 | |||
968 | switch (opts->mnt_opts_flags[i]) { | ||
969 | case CONTEXT_MNT: | ||
970 | prefix = CONTEXT_STR; | ||
971 | break; | ||
972 | case FSCONTEXT_MNT: | ||
973 | prefix = FSCONTEXT_STR; | ||
974 | break; | ||
975 | case ROOTCONTEXT_MNT: | ||
976 | prefix = ROOTCONTEXT_STR; | ||
977 | break; | ||
978 | case DEFCONTEXT_MNT: | ||
979 | prefix = DEFCONTEXT_STR; | ||
980 | break; | ||
981 | default: | ||
982 | BUG(); | ||
983 | }; | ||
984 | /* we need a comma before each option */ | ||
985 | seq_putc(m, ','); | ||
986 | seq_puts(m, prefix); | ||
987 | if (has_comma) | ||
988 | seq_putc(m, '\"'); | ||
989 | seq_puts(m, opts->mnt_opts[i]); | ||
990 | if (has_comma) | ||
991 | seq_putc(m, '\"'); | ||
992 | } | ||
993 | } | ||
994 | |||
995 | static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb) | ||
996 | { | ||
997 | struct security_mnt_opts opts; | ||
998 | int rc; | ||
999 | |||
1000 | rc = selinux_get_mnt_opts(sb, &opts); | ||
1001 | if (rc) | ||
1002 | return rc; | ||
1003 | |||
1004 | selinux_write_opts(m, &opts); | ||
1005 | |||
1006 | security_free_mnt_opts(&opts); | ||
1007 | |||
1008 | return rc; | ||
1009 | } | ||
1010 | |||
959 | static inline u16 inode_mode_to_security_class(umode_t mode) | 1011 | static inline u16 inode_mode_to_security_class(umode_t mode) |
960 | { | 1012 | { |
961 | switch (mode & S_IFMT) { | 1013 | switch (mode & S_IFMT) { |
@@ -1682,14 +1734,23 @@ static inline u32 file_to_av(struct file *file) | |||
1682 | 1734 | ||
1683 | /* Hook functions begin here. */ | 1735 | /* Hook functions begin here. */ |
1684 | 1736 | ||
1685 | static int selinux_ptrace(struct task_struct *parent, struct task_struct *child) | 1737 | static int selinux_ptrace(struct task_struct *parent, |
1738 | struct task_struct *child, | ||
1739 | unsigned int mode) | ||
1686 | { | 1740 | { |
1687 | int rc; | 1741 | int rc; |
1688 | 1742 | ||
1689 | rc = secondary_ops->ptrace(parent, child); | 1743 | rc = secondary_ops->ptrace(parent, child, mode); |
1690 | if (rc) | 1744 | if (rc) |
1691 | return rc; | 1745 | return rc; |
1692 | 1746 | ||
1747 | if (mode == PTRACE_MODE_READ) { | ||
1748 | struct task_security_struct *tsec = parent->security; | ||
1749 | struct task_security_struct *csec = child->security; | ||
1750 | return avc_has_perm(tsec->sid, csec->sid, | ||
1751 | SECCLASS_FILE, FILE__READ, NULL); | ||
1752 | } | ||
1753 | |||
1693 | return task_has_perm(parent, child, PROCESS__PTRACE); | 1754 | return task_has_perm(parent, child, PROCESS__PTRACE); |
1694 | } | 1755 | } |
1695 | 1756 | ||
@@ -2495,7 +2556,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, | |||
2495 | } | 2556 | } |
2496 | 2557 | ||
2497 | if (value && len) { | 2558 | if (value && len) { |
2498 | rc = security_sid_to_context(newsid, &context, &clen); | 2559 | rc = security_sid_to_context_force(newsid, &context, &clen); |
2499 | if (rc) { | 2560 | if (rc) { |
2500 | kfree(namep); | 2561 | kfree(namep); |
2501 | return rc; | 2562 | return rc; |
@@ -2669,6 +2730,11 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name, | |||
2669 | return rc; | 2730 | return rc; |
2670 | 2731 | ||
2671 | rc = security_context_to_sid(value, size, &newsid); | 2732 | rc = security_context_to_sid(value, size, &newsid); |
2733 | if (rc == -EINVAL) { | ||
2734 | if (!capable(CAP_MAC_ADMIN)) | ||
2735 | return rc; | ||
2736 | rc = security_context_to_sid_force(value, size, &newsid); | ||
2737 | } | ||
2672 | if (rc) | 2738 | if (rc) |
2673 | return rc; | 2739 | return rc; |
2674 | 2740 | ||
@@ -2690,7 +2756,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name, | |||
2690 | } | 2756 | } |
2691 | 2757 | ||
2692 | static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name, | 2758 | static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name, |
2693 | const void *value, size_t size, | 2759 | const void *value, size_t size, |
2694 | int flags) | 2760 | int flags) |
2695 | { | 2761 | { |
2696 | struct inode *inode = dentry->d_inode; | 2762 | struct inode *inode = dentry->d_inode; |
@@ -2703,10 +2769,11 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name, | |||
2703 | return; | 2769 | return; |
2704 | } | 2770 | } |
2705 | 2771 | ||
2706 | rc = security_context_to_sid(value, size, &newsid); | 2772 | rc = security_context_to_sid_force(value, size, &newsid); |
2707 | if (rc) { | 2773 | if (rc) { |
2708 | printk(KERN_WARNING "%s: unable to obtain SID for context " | 2774 | printk(KERN_ERR "SELinux: unable to map context to SID" |
2709 | "%s, rc=%d\n", __func__, (char *)value, -rc); | 2775 | "for (%s, %lu), rc=%d\n", |
2776 | inode->i_sb->s_id, inode->i_ino, -rc); | ||
2710 | return; | 2777 | return; |
2711 | } | 2778 | } |
2712 | 2779 | ||
@@ -2735,9 +2802,7 @@ static int selinux_inode_removexattr(struct dentry *dentry, const char *name) | |||
2735 | } | 2802 | } |
2736 | 2803 | ||
2737 | /* | 2804 | /* |
2738 | * Copy the in-core inode security context value to the user. If the | 2805 | * Copy the inode security context value to the user. |
2739 | * getxattr() prior to this succeeded, check to see if we need to | ||
2740 | * canonicalize the value to be finally returned to the user. | ||
2741 | * | 2806 | * |
2742 | * Permission check is handled by selinux_inode_getxattr hook. | 2807 | * Permission check is handled by selinux_inode_getxattr hook. |
2743 | */ | 2808 | */ |
@@ -2746,12 +2811,33 @@ static int selinux_inode_getsecurity(const struct inode *inode, const char *name | |||
2746 | u32 size; | 2811 | u32 size; |
2747 | int error; | 2812 | int error; |
2748 | char *context = NULL; | 2813 | char *context = NULL; |
2814 | struct task_security_struct *tsec = current->security; | ||
2749 | struct inode_security_struct *isec = inode->i_security; | 2815 | struct inode_security_struct *isec = inode->i_security; |
2750 | 2816 | ||
2751 | if (strcmp(name, XATTR_SELINUX_SUFFIX)) | 2817 | if (strcmp(name, XATTR_SELINUX_SUFFIX)) |
2752 | return -EOPNOTSUPP; | 2818 | return -EOPNOTSUPP; |
2753 | 2819 | ||
2754 | error = security_sid_to_context(isec->sid, &context, &size); | 2820 | /* |
2821 | * If the caller has CAP_MAC_ADMIN, then get the raw context | ||
2822 | * value even if it is not defined by current policy; otherwise, | ||
2823 | * use the in-core value under current policy. | ||
2824 | * Use the non-auditing forms of the permission checks since | ||
2825 | * getxattr may be called by unprivileged processes commonly | ||
2826 | * and lack of permission just means that we fall back to the | ||
2827 | * in-core context value, not a denial. | ||
2828 | */ | ||
2829 | error = secondary_ops->capable(current, CAP_MAC_ADMIN); | ||
2830 | if (!error) | ||
2831 | error = avc_has_perm_noaudit(tsec->sid, tsec->sid, | ||
2832 | SECCLASS_CAPABILITY2, | ||
2833 | CAPABILITY2__MAC_ADMIN, | ||
2834 | 0, | ||
2835 | NULL); | ||
2836 | if (!error) | ||
2837 | error = security_sid_to_context_force(isec->sid, &context, | ||
2838 | &size); | ||
2839 | else | ||
2840 | error = security_sid_to_context(isec->sid, &context, &size); | ||
2755 | if (error) | 2841 | if (error) |
2756 | return error; | 2842 | return error; |
2757 | error = size; | 2843 | error = size; |
@@ -2865,46 +2951,16 @@ static void selinux_file_free_security(struct file *file) | |||
2865 | static int selinux_file_ioctl(struct file *file, unsigned int cmd, | 2951 | static int selinux_file_ioctl(struct file *file, unsigned int cmd, |
2866 | unsigned long arg) | 2952 | unsigned long arg) |
2867 | { | 2953 | { |
2868 | int error = 0; | 2954 | u32 av = 0; |
2869 | |||
2870 | switch (cmd) { | ||
2871 | case FIONREAD: | ||
2872 | /* fall through */ | ||
2873 | case FIBMAP: | ||
2874 | /* fall through */ | ||
2875 | case FIGETBSZ: | ||
2876 | /* fall through */ | ||
2877 | case EXT2_IOC_GETFLAGS: | ||
2878 | /* fall through */ | ||
2879 | case EXT2_IOC_GETVERSION: | ||
2880 | error = file_has_perm(current, file, FILE__GETATTR); | ||
2881 | break; | ||
2882 | |||
2883 | case EXT2_IOC_SETFLAGS: | ||
2884 | /* fall through */ | ||
2885 | case EXT2_IOC_SETVERSION: | ||
2886 | error = file_has_perm(current, file, FILE__SETATTR); | ||
2887 | break; | ||
2888 | |||
2889 | /* sys_ioctl() checks */ | ||
2890 | case FIONBIO: | ||
2891 | /* fall through */ | ||
2892 | case FIOASYNC: | ||
2893 | error = file_has_perm(current, file, 0); | ||
2894 | break; | ||
2895 | 2955 | ||
2896 | case KDSKBENT: | 2956 | if (_IOC_DIR(cmd) & _IOC_WRITE) |
2897 | case KDSKBSENT: | 2957 | av |= FILE__WRITE; |
2898 | error = task_has_capability(current, CAP_SYS_TTY_CONFIG); | 2958 | if (_IOC_DIR(cmd) & _IOC_READ) |
2899 | break; | 2959 | av |= FILE__READ; |
2960 | if (!av) | ||
2961 | av = FILE__IOCTL; | ||
2900 | 2962 | ||
2901 | /* default case assumes that the command will go | 2963 | return file_has_perm(current, file, av); |
2902 | * to the file's ioctl() function. | ||
2903 | */ | ||
2904 | default: | ||
2905 | error = file_has_perm(current, file, FILE__IOCTL); | ||
2906 | } | ||
2907 | return error; | ||
2908 | } | 2964 | } |
2909 | 2965 | ||
2910 | static int file_map_prot_check(struct file *file, unsigned long prot, int shared) | 2966 | static int file_map_prot_check(struct file *file, unsigned long prot, int shared) |
@@ -3663,7 +3719,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in | |||
3663 | struct sockaddr_in6 *addr6 = NULL; | 3719 | struct sockaddr_in6 *addr6 = NULL; |
3664 | unsigned short snum; | 3720 | unsigned short snum; |
3665 | struct sock *sk = sock->sk; | 3721 | struct sock *sk = sock->sk; |
3666 | u32 sid, node_perm, addrlen; | 3722 | u32 sid, node_perm; |
3667 | 3723 | ||
3668 | tsec = current->security; | 3724 | tsec = current->security; |
3669 | isec = SOCK_INODE(sock)->i_security; | 3725 | isec = SOCK_INODE(sock)->i_security; |
@@ -3671,12 +3727,10 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in | |||
3671 | if (family == PF_INET) { | 3727 | if (family == PF_INET) { |
3672 | addr4 = (struct sockaddr_in *)address; | 3728 | addr4 = (struct sockaddr_in *)address; |
3673 | snum = ntohs(addr4->sin_port); | 3729 | snum = ntohs(addr4->sin_port); |
3674 | addrlen = sizeof(addr4->sin_addr.s_addr); | ||
3675 | addrp = (char *)&addr4->sin_addr.s_addr; | 3730 | addrp = (char *)&addr4->sin_addr.s_addr; |
3676 | } else { | 3731 | } else { |
3677 | addr6 = (struct sockaddr_in6 *)address; | 3732 | addr6 = (struct sockaddr_in6 *)address; |
3678 | snum = ntohs(addr6->sin6_port); | 3733 | snum = ntohs(addr6->sin6_port); |
3679 | addrlen = sizeof(addr6->sin6_addr.s6_addr); | ||
3680 | addrp = (char *)&addr6->sin6_addr.s6_addr; | 3734 | addrp = (char *)&addr6->sin6_addr.s6_addr; |
3681 | } | 3735 | } |
3682 | 3736 | ||
@@ -5047,24 +5101,6 @@ static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) | |||
5047 | *secid = isec->sid; | 5101 | *secid = isec->sid; |
5048 | } | 5102 | } |
5049 | 5103 | ||
5050 | /* module stacking operations */ | ||
5051 | static int selinux_register_security(const char *name, struct security_operations *ops) | ||
5052 | { | ||
5053 | if (secondary_ops != original_ops) { | ||
5054 | printk(KERN_ERR "%s: There is already a secondary security " | ||
5055 | "module registered.\n", __func__); | ||
5056 | return -EINVAL; | ||
5057 | } | ||
5058 | |||
5059 | secondary_ops = ops; | ||
5060 | |||
5061 | printk(KERN_INFO "%s: Registering secondary module %s\n", | ||
5062 | __func__, | ||
5063 | name); | ||
5064 | |||
5065 | return 0; | ||
5066 | } | ||
5067 | |||
5068 | static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode) | 5104 | static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode) |
5069 | { | 5105 | { |
5070 | if (inode) | 5106 | if (inode) |
@@ -5153,6 +5189,12 @@ static int selinux_setprocattr(struct task_struct *p, | |||
5153 | size--; | 5189 | size--; |
5154 | } | 5190 | } |
5155 | error = security_context_to_sid(value, size, &sid); | 5191 | error = security_context_to_sid(value, size, &sid); |
5192 | if (error == -EINVAL && !strcmp(name, "fscreate")) { | ||
5193 | if (!capable(CAP_MAC_ADMIN)) | ||
5194 | return error; | ||
5195 | error = security_context_to_sid_force(value, size, | ||
5196 | &sid); | ||
5197 | } | ||
5156 | if (error) | 5198 | if (error) |
5157 | return error; | 5199 | return error; |
5158 | } | 5200 | } |
@@ -5186,12 +5228,12 @@ static int selinux_setprocattr(struct task_struct *p, | |||
5186 | struct task_struct *g, *t; | 5228 | struct task_struct *g, *t; |
5187 | struct mm_struct *mm = p->mm; | 5229 | struct mm_struct *mm = p->mm; |
5188 | read_lock(&tasklist_lock); | 5230 | read_lock(&tasklist_lock); |
5189 | do_each_thread(g, t) | 5231 | do_each_thread(g, t) { |
5190 | if (t->mm == mm && t != p) { | 5232 | if (t->mm == mm && t != p) { |
5191 | read_unlock(&tasklist_lock); | 5233 | read_unlock(&tasklist_lock); |
5192 | return -EPERM; | 5234 | return -EPERM; |
5193 | } | 5235 | } |
5194 | while_each_thread(g, t); | 5236 | } while_each_thread(g, t); |
5195 | read_unlock(&tasklist_lock); | 5237 | read_unlock(&tasklist_lock); |
5196 | } | 5238 | } |
5197 | 5239 | ||
@@ -5343,10 +5385,10 @@ static struct security_operations selinux_ops = { | |||
5343 | .sb_free_security = selinux_sb_free_security, | 5385 | .sb_free_security = selinux_sb_free_security, |
5344 | .sb_copy_data = selinux_sb_copy_data, | 5386 | .sb_copy_data = selinux_sb_copy_data, |
5345 | .sb_kern_mount = selinux_sb_kern_mount, | 5387 | .sb_kern_mount = selinux_sb_kern_mount, |
5388 | .sb_show_options = selinux_sb_show_options, | ||
5346 | .sb_statfs = selinux_sb_statfs, | 5389 | .sb_statfs = selinux_sb_statfs, |
5347 | .sb_mount = selinux_mount, | 5390 | .sb_mount = selinux_mount, |
5348 | .sb_umount = selinux_umount, | 5391 | .sb_umount = selinux_umount, |
5349 | .sb_get_mnt_opts = selinux_get_mnt_opts, | ||
5350 | .sb_set_mnt_opts = selinux_set_mnt_opts, | 5392 | .sb_set_mnt_opts = selinux_set_mnt_opts, |
5351 | .sb_clone_mnt_opts = selinux_sb_clone_mnt_opts, | 5393 | .sb_clone_mnt_opts = selinux_sb_clone_mnt_opts, |
5352 | .sb_parse_opts_str = selinux_parse_opts_str, | 5394 | .sb_parse_opts_str = selinux_parse_opts_str, |
@@ -5378,7 +5420,7 @@ static struct security_operations selinux_ops = { | |||
5378 | .inode_listsecurity = selinux_inode_listsecurity, | 5420 | .inode_listsecurity = selinux_inode_listsecurity, |
5379 | .inode_need_killpriv = selinux_inode_need_killpriv, | 5421 | .inode_need_killpriv = selinux_inode_need_killpriv, |
5380 | .inode_killpriv = selinux_inode_killpriv, | 5422 | .inode_killpriv = selinux_inode_killpriv, |
5381 | .inode_getsecid = selinux_inode_getsecid, | 5423 | .inode_getsecid = selinux_inode_getsecid, |
5382 | 5424 | ||
5383 | .file_permission = selinux_file_permission, | 5425 | .file_permission = selinux_file_permission, |
5384 | .file_alloc_security = selinux_file_alloc_security, | 5426 | .file_alloc_security = selinux_file_alloc_security, |
@@ -5419,7 +5461,7 @@ static struct security_operations selinux_ops = { | |||
5419 | .task_to_inode = selinux_task_to_inode, | 5461 | .task_to_inode = selinux_task_to_inode, |
5420 | 5462 | ||
5421 | .ipc_permission = selinux_ipc_permission, | 5463 | .ipc_permission = selinux_ipc_permission, |
5422 | .ipc_getsecid = selinux_ipc_getsecid, | 5464 | .ipc_getsecid = selinux_ipc_getsecid, |
5423 | 5465 | ||
5424 | .msg_msg_alloc_security = selinux_msg_msg_alloc_security, | 5466 | .msg_msg_alloc_security = selinux_msg_msg_alloc_security, |
5425 | .msg_msg_free_security = selinux_msg_msg_free_security, | 5467 | .msg_msg_free_security = selinux_msg_msg_free_security, |
@@ -5443,8 +5485,6 @@ static struct security_operations selinux_ops = { | |||
5443 | .sem_semctl = selinux_sem_semctl, | 5485 | .sem_semctl = selinux_sem_semctl, |
5444 | .sem_semop = selinux_sem_semop, | 5486 | .sem_semop = selinux_sem_semop, |
5445 | 5487 | ||
5446 | .register_security = selinux_register_security, | ||
5447 | |||
5448 | .d_instantiate = selinux_d_instantiate, | 5488 | .d_instantiate = selinux_d_instantiate, |
5449 | 5489 | ||
5450 | .getprocattr = selinux_getprocattr, | 5490 | .getprocattr = selinux_getprocattr, |
@@ -5538,7 +5578,7 @@ static __init int selinux_init(void) | |||
5538 | 0, SLAB_PANIC, NULL); | 5578 | 0, SLAB_PANIC, NULL); |
5539 | avc_init(); | 5579 | avc_init(); |
5540 | 5580 | ||
5541 | original_ops = secondary_ops = security_ops; | 5581 | secondary_ops = security_ops; |
5542 | if (!secondary_ops) | 5582 | if (!secondary_ops) |
5543 | panic("SELinux: No initial security operations\n"); | 5583 | panic("SELinux: No initial security operations\n"); |
5544 | if (register_security(&selinux_ops)) | 5584 | if (register_security(&selinux_ops)) |
diff --git a/security/selinux/include/audit.h b/security/selinux/include/audit.h index 6c8b9ef15579..1bdf973433cc 100644 --- a/security/selinux/include/audit.h +++ b/security/selinux/include/audit.h | |||
@@ -1,7 +1,7 @@ | |||
1 | /* | 1 | /* |
2 | * SELinux support for the Audit LSM hooks | 2 | * SELinux support for the Audit LSM hooks |
3 | * | 3 | * |
4 | * Most of below header was moved from include/linux/selinux.h which | 4 | * Most of below header was moved from include/linux/selinux.h which |
5 | * is released under below copyrights: | 5 | * is released under below copyrights: |
6 | * | 6 | * |
7 | * Author: James Morris <jmorris@redhat.com> | 7 | * Author: James Morris <jmorris@redhat.com> |
@@ -52,7 +52,7 @@ void selinux_audit_rule_free(void *rule); | |||
52 | * -errno on failure. | 52 | * -errno on failure. |
53 | */ | 53 | */ |
54 | int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule, | 54 | int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule, |
55 | struct audit_context *actx); | 55 | struct audit_context *actx); |
56 | 56 | ||
57 | /** | 57 | /** |
58 | * selinux_audit_rule_known - check to see if rule contains selinux fields. | 58 | * selinux_audit_rule_known - check to see if rule contains selinux fields. |
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h index 8e23d7a873a4..7b9769f5e775 100644 --- a/security/selinux/include/avc.h +++ b/security/selinux/include/avc.h | |||
@@ -75,13 +75,12 @@ struct avc_audit_data { | |||
75 | 75 | ||
76 | /* Initialize an AVC audit data structure. */ | 76 | /* Initialize an AVC audit data structure. */ |
77 | #define AVC_AUDIT_DATA_INIT(_d,_t) \ | 77 | #define AVC_AUDIT_DATA_INIT(_d,_t) \ |
78 | { memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; } | 78 | { memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; } |
79 | 79 | ||
80 | /* | 80 | /* |
81 | * AVC statistics | 81 | * AVC statistics |
82 | */ | 82 | */ |
83 | struct avc_cache_stats | 83 | struct avc_cache_stats { |
84 | { | ||
85 | unsigned int lookups; | 84 | unsigned int lookups; |
86 | unsigned int hits; | 85 | unsigned int hits; |
87 | unsigned int misses; | 86 | unsigned int misses; |
@@ -97,8 +96,8 @@ struct avc_cache_stats | |||
97 | void __init avc_init(void); | 96 | void __init avc_init(void); |
98 | 97 | ||
99 | void avc_audit(u32 ssid, u32 tsid, | 98 | void avc_audit(u32 ssid, u32 tsid, |
100 | u16 tclass, u32 requested, | 99 | u16 tclass, u32 requested, |
101 | struct av_decision *avd, int result, struct avc_audit_data *auditdata); | 100 | struct av_decision *avd, int result, struct avc_audit_data *auditdata); |
102 | 101 | ||
103 | #define AVC_STRICT 1 /* Ignore permissive mode. */ | 102 | #define AVC_STRICT 1 /* Ignore permissive mode. */ |
104 | int avc_has_perm_noaudit(u32 ssid, u32 tsid, | 103 | int avc_has_perm_noaudit(u32 ssid, u32 tsid, |
@@ -107,8 +106,8 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid, | |||
107 | struct av_decision *avd); | 106 | struct av_decision *avd); |
108 | 107 | ||
109 | int avc_has_perm(u32 ssid, u32 tsid, | 108 | int avc_has_perm(u32 ssid, u32 tsid, |
110 | u16 tclass, u32 requested, | 109 | u16 tclass, u32 requested, |
111 | struct avc_audit_data *auditdata); | 110 | struct avc_audit_data *auditdata); |
112 | 111 | ||
113 | u32 avc_policy_seqno(void); | 112 | u32 avc_policy_seqno(void); |
114 | 113 | ||
@@ -122,7 +121,7 @@ u32 avc_policy_seqno(void); | |||
122 | #define AVC_CALLBACK_AUDITDENY_DISABLE 128 | 121 | #define AVC_CALLBACK_AUDITDENY_DISABLE 128 |
123 | 122 | ||
124 | int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid, | 123 | int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid, |
125 | u16 tclass, u32 perms, | 124 | u16 tclass, u32 perms, |
126 | u32 *out_retained), | 125 | u32 *out_retained), |
127 | u32 events, u32 ssid, u32 tsid, | 126 | u32 events, u32 ssid, u32 tsid, |
128 | u16 tclass, u32 perms); | 127 | u16 tclass, u32 perms); |
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 032c2357dad1..91070ab874ce 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h | |||
@@ -44,7 +44,6 @@ struct inode_security_struct { | |||
44 | u16 sclass; /* security class of this object */ | 44 | u16 sclass; /* security class of this object */ |
45 | unsigned char initialized; /* initialization flag */ | 45 | unsigned char initialized; /* initialization flag */ |
46 | struct mutex lock; | 46 | struct mutex lock; |
47 | unsigned char inherit; /* inherit SID from parent entry */ | ||
48 | }; | 47 | }; |
49 | 48 | ||
50 | struct file_security_struct { | 49 | struct file_security_struct { |
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index ad30ac4273d6..7c543003d653 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h | |||
@@ -93,12 +93,17 @@ int security_change_sid(u32 ssid, u32 tsid, | |||
93 | int security_sid_to_context(u32 sid, char **scontext, | 93 | int security_sid_to_context(u32 sid, char **scontext, |
94 | u32 *scontext_len); | 94 | u32 *scontext_len); |
95 | 95 | ||
96 | int security_sid_to_context_force(u32 sid, char **scontext, u32 *scontext_len); | ||
97 | |||
96 | int security_context_to_sid(const char *scontext, u32 scontext_len, | 98 | int security_context_to_sid(const char *scontext, u32 scontext_len, |
97 | u32 *out_sid); | 99 | u32 *out_sid); |
98 | 100 | ||
99 | int security_context_to_sid_default(const char *scontext, u32 scontext_len, | 101 | int security_context_to_sid_default(const char *scontext, u32 scontext_len, |
100 | u32 *out_sid, u32 def_sid, gfp_t gfp_flags); | 102 | u32 *out_sid, u32 def_sid, gfp_t gfp_flags); |
101 | 103 | ||
104 | int security_context_to_sid_force(const char *scontext, u32 scontext_len, | ||
105 | u32 *sid); | ||
106 | |||
102 | int security_get_user_sids(u32 callsid, char *username, | 107 | int security_get_user_sids(u32 callsid, char *username, |
103 | u32 **sids, u32 *nel); | 108 | u32 **sids, u32 *nel); |
104 | 109 | ||
diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c index b6ccd09379f1..7100072bb1b0 100644 --- a/security/selinux/netnode.c +++ b/security/selinux/netnode.c | |||
@@ -38,7 +38,6 @@ | |||
38 | #include <linux/ipv6.h> | 38 | #include <linux/ipv6.h> |
39 | #include <net/ip.h> | 39 | #include <net/ip.h> |
40 | #include <net/ipv6.h> | 40 | #include <net/ipv6.h> |
41 | #include <asm/bug.h> | ||
42 | 41 | ||
43 | #include "netnode.h" | 42 | #include "netnode.h" |
44 | #include "objsec.h" | 43 | #include "objsec.h" |
diff --git a/security/selinux/netport.c b/security/selinux/netport.c index 90b4cff7c350..fe7fba67f19f 100644 --- a/security/selinux/netport.c +++ b/security/selinux/netport.c | |||
@@ -37,7 +37,6 @@ | |||
37 | #include <linux/ipv6.h> | 37 | #include <linux/ipv6.h> |
38 | #include <net/ip.h> | 38 | #include <net/ip.h> |
39 | #include <net/ipv6.h> | 39 | #include <net/ipv6.h> |
40 | #include <asm/bug.h> | ||
41 | 40 | ||
42 | #include "netport.h" | 41 | #include "netport.h" |
43 | #include "objsec.h" | 42 | #include "objsec.h" |
@@ -272,7 +271,7 @@ static __init int sel_netport_init(void) | |||
272 | } | 271 | } |
273 | 272 | ||
274 | ret = avc_add_callback(sel_netport_avc_callback, AVC_CALLBACK_RESET, | 273 | ret = avc_add_callback(sel_netport_avc_callback, AVC_CALLBACK_RESET, |
275 | SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0); | 274 | SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0); |
276 | if (ret != 0) | 275 | if (ret != 0) |
277 | panic("avc_add_callback() failed, error %d\n", ret); | 276 | panic("avc_add_callback() failed, error %d\n", ret); |
278 | 277 | ||
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index ac1ccc13a704..69c9dccc8cf0 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c | |||
@@ -27,7 +27,7 @@ | |||
27 | #include <linux/seq_file.h> | 27 | #include <linux/seq_file.h> |
28 | #include <linux/percpu.h> | 28 | #include <linux/percpu.h> |
29 | #include <linux/audit.h> | 29 | #include <linux/audit.h> |
30 | #include <asm/uaccess.h> | 30 | #include <linux/uaccess.h> |
31 | 31 | ||
32 | /* selinuxfs pseudo filesystem for exporting the security policy API. | 32 | /* selinuxfs pseudo filesystem for exporting the security policy API. |
33 | Based on the proc code and the fs/nfsd/nfsctl.c code. */ | 33 | Based on the proc code and the fs/nfsd/nfsctl.c code. */ |
@@ -57,14 +57,18 @@ int selinux_compat_net = SELINUX_COMPAT_NET_VALUE; | |||
57 | 57 | ||
58 | static int __init checkreqprot_setup(char *str) | 58 | static int __init checkreqprot_setup(char *str) |
59 | { | 59 | { |
60 | selinux_checkreqprot = simple_strtoul(str, NULL, 0) ? 1 : 0; | 60 | unsigned long checkreqprot; |
61 | if (!strict_strtoul(str, 0, &checkreqprot)) | ||
62 | selinux_checkreqprot = checkreqprot ? 1 : 0; | ||
61 | return 1; | 63 | return 1; |
62 | } | 64 | } |
63 | __setup("checkreqprot=", checkreqprot_setup); | 65 | __setup("checkreqprot=", checkreqprot_setup); |
64 | 66 | ||
65 | static int __init selinux_compat_net_setup(char *str) | 67 | static int __init selinux_compat_net_setup(char *str) |
66 | { | 68 | { |
67 | selinux_compat_net = simple_strtoul(str, NULL, 0) ? 1 : 0; | 69 | unsigned long compat_net; |
70 | if (!strict_strtoul(str, 0, &compat_net)) | ||
71 | selinux_compat_net = compat_net ? 1 : 0; | ||
68 | return 1; | 72 | return 1; |
69 | } | 73 | } |
70 | __setup("selinux_compat_net=", selinux_compat_net_setup); | 74 | __setup("selinux_compat_net=", selinux_compat_net_setup); |
@@ -352,11 +356,6 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf, | |||
352 | length = count; | 356 | length = count; |
353 | 357 | ||
354 | out1: | 358 | out1: |
355 | |||
356 | printk(KERN_INFO "SELinux: policy loaded with handle_unknown=%s\n", | ||
357 | (security_get_reject_unknown() ? "reject" : | ||
358 | (security_get_allow_unknown() ? "allow" : "deny"))); | ||
359 | |||
360 | audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, | 359 | audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, |
361 | "policy loaded auid=%u ses=%u", | 360 | "policy loaded auid=%u ses=%u", |
362 | audit_get_loginuid(current), | 361 | audit_get_loginuid(current), |
diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index 9e6626362bfd..a1be97f8beea 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c | |||
@@ -311,7 +311,7 @@ void avtab_hash_eval(struct avtab *h, char *tag) | |||
311 | } | 311 | } |
312 | 312 | ||
313 | printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, " | 313 | printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, " |
314 | "longest chain length %d sum of chain length^2 %Lu\n", | 314 | "longest chain length %d sum of chain length^2 %llu\n", |
315 | tag, h->nel, slots_used, h->nslot, max_chain_len, | 315 | tag, h->nel, slots_used, h->nslot, max_chain_len, |
316 | chain2_len_sum); | 316 | chain2_len_sum); |
317 | } | 317 | } |
diff --git a/security/selinux/ss/context.h b/security/selinux/ss/context.h index b9a6f7fc62fc..658c2bd17da8 100644 --- a/security/selinux/ss/context.h +++ b/security/selinux/ss/context.h | |||
@@ -28,6 +28,8 @@ struct context { | |||
28 | u32 role; | 28 | u32 role; |
29 | u32 type; | 29 | u32 type; |
30 | struct mls_range range; | 30 | struct mls_range range; |
31 | char *str; /* string representation if context cannot be mapped. */ | ||
32 | u32 len; /* length of string in bytes */ | ||
31 | }; | 33 | }; |
32 | 34 | ||
33 | static inline void mls_context_init(struct context *c) | 35 | static inline void mls_context_init(struct context *c) |
@@ -106,20 +108,43 @@ static inline void context_init(struct context *c) | |||
106 | 108 | ||
107 | static inline int context_cpy(struct context *dst, struct context *src) | 109 | static inline int context_cpy(struct context *dst, struct context *src) |
108 | { | 110 | { |
111 | int rc; | ||
112 | |||
109 | dst->user = src->user; | 113 | dst->user = src->user; |
110 | dst->role = src->role; | 114 | dst->role = src->role; |
111 | dst->type = src->type; | 115 | dst->type = src->type; |
112 | return mls_context_cpy(dst, src); | 116 | if (src->str) { |
117 | dst->str = kstrdup(src->str, GFP_ATOMIC); | ||
118 | if (!dst->str) | ||
119 | return -ENOMEM; | ||
120 | dst->len = src->len; | ||
121 | } else { | ||
122 | dst->str = NULL; | ||
123 | dst->len = 0; | ||
124 | } | ||
125 | rc = mls_context_cpy(dst, src); | ||
126 | if (rc) { | ||
127 | kfree(dst->str); | ||
128 | return rc; | ||
129 | } | ||
130 | return 0; | ||
113 | } | 131 | } |
114 | 132 | ||
115 | static inline void context_destroy(struct context *c) | 133 | static inline void context_destroy(struct context *c) |
116 | { | 134 | { |
117 | c->user = c->role = c->type = 0; | 135 | c->user = c->role = c->type = 0; |
136 | kfree(c->str); | ||
137 | c->str = NULL; | ||
138 | c->len = 0; | ||
118 | mls_context_destroy(c); | 139 | mls_context_destroy(c); |
119 | } | 140 | } |
120 | 141 | ||
121 | static inline int context_cmp(struct context *c1, struct context *c2) | 142 | static inline int context_cmp(struct context *c1, struct context *c2) |
122 | { | 143 | { |
144 | if (c1->len && c2->len) | ||
145 | return (c1->len == c2->len && !strcmp(c1->str, c2->str)); | ||
146 | if (c1->len || c2->len) | ||
147 | return 0; | ||
123 | return ((c1->user == c2->user) && | 148 | return ((c1->user == c2->user) && |
124 | (c1->role == c2->role) && | 149 | (c1->role == c2->role) && |
125 | (c1->type == c2->type) && | 150 | (c1->type == c2->type) && |
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index 8b1706b7b3cc..77d745da48bb 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c | |||
@@ -239,7 +239,8 @@ int mls_context_isvalid(struct policydb *p, struct context *c) | |||
239 | * Policy read-lock must be held for sidtab lookup. | 239 | * Policy read-lock must be held for sidtab lookup. |
240 | * | 240 | * |
241 | */ | 241 | */ |
242 | int mls_context_to_sid(char oldc, | 242 | int mls_context_to_sid(struct policydb *pol, |
243 | char oldc, | ||
243 | char **scontext, | 244 | char **scontext, |
244 | struct context *context, | 245 | struct context *context, |
245 | struct sidtab *s, | 246 | struct sidtab *s, |
@@ -286,7 +287,7 @@ int mls_context_to_sid(char oldc, | |||
286 | *p++ = 0; | 287 | *p++ = 0; |
287 | 288 | ||
288 | for (l = 0; l < 2; l++) { | 289 | for (l = 0; l < 2; l++) { |
289 | levdatum = hashtab_search(policydb.p_levels.table, scontextp); | 290 | levdatum = hashtab_search(pol->p_levels.table, scontextp); |
290 | if (!levdatum) { | 291 | if (!levdatum) { |
291 | rc = -EINVAL; | 292 | rc = -EINVAL; |
292 | goto out; | 293 | goto out; |
@@ -311,7 +312,7 @@ int mls_context_to_sid(char oldc, | |||
311 | *rngptr++ = 0; | 312 | *rngptr++ = 0; |
312 | } | 313 | } |
313 | 314 | ||
314 | catdatum = hashtab_search(policydb.p_cats.table, | 315 | catdatum = hashtab_search(pol->p_cats.table, |
315 | scontextp); | 316 | scontextp); |
316 | if (!catdatum) { | 317 | if (!catdatum) { |
317 | rc = -EINVAL; | 318 | rc = -EINVAL; |
@@ -327,7 +328,7 @@ int mls_context_to_sid(char oldc, | |||
327 | if (rngptr) { | 328 | if (rngptr) { |
328 | int i; | 329 | int i; |
329 | 330 | ||
330 | rngdatum = hashtab_search(policydb.p_cats.table, rngptr); | 331 | rngdatum = hashtab_search(pol->p_cats.table, rngptr); |
331 | if (!rngdatum) { | 332 | if (!rngdatum) { |
332 | rc = -EINVAL; | 333 | rc = -EINVAL; |
333 | goto out; | 334 | goto out; |
@@ -395,7 +396,7 @@ int mls_from_string(char *str, struct context *context, gfp_t gfp_mask) | |||
395 | if (!tmpstr) { | 396 | if (!tmpstr) { |
396 | rc = -ENOMEM; | 397 | rc = -ENOMEM; |
397 | } else { | 398 | } else { |
398 | rc = mls_context_to_sid(':', &tmpstr, context, | 399 | rc = mls_context_to_sid(&policydb, ':', &tmpstr, context, |
399 | NULL, SECSID_NULL); | 400 | NULL, SECSID_NULL); |
400 | kfree(freestr); | 401 | kfree(freestr); |
401 | } | 402 | } |
@@ -436,13 +437,13 @@ int mls_setup_user_range(struct context *fromcon, struct user_datum *user, | |||
436 | struct mls_level *usercon_clr = &(usercon->range.level[1]); | 437 | struct mls_level *usercon_clr = &(usercon->range.level[1]); |
437 | 438 | ||
438 | /* Honor the user's default level if we can */ | 439 | /* Honor the user's default level if we can */ |
439 | if (mls_level_between(user_def, fromcon_sen, fromcon_clr)) { | 440 | if (mls_level_between(user_def, fromcon_sen, fromcon_clr)) |
440 | *usercon_sen = *user_def; | 441 | *usercon_sen = *user_def; |
441 | } else if (mls_level_between(fromcon_sen, user_def, user_clr)) { | 442 | else if (mls_level_between(fromcon_sen, user_def, user_clr)) |
442 | *usercon_sen = *fromcon_sen; | 443 | *usercon_sen = *fromcon_sen; |
443 | } else if (mls_level_between(fromcon_clr, user_low, user_def)) { | 444 | else if (mls_level_between(fromcon_clr, user_low, user_def)) |
444 | *usercon_sen = *user_low; | 445 | *usercon_sen = *user_low; |
445 | } else | 446 | else |
446 | return -EINVAL; | 447 | return -EINVAL; |
447 | 448 | ||
448 | /* Lower the clearance of available contexts | 449 | /* Lower the clearance of available contexts |
diff --git a/security/selinux/ss/mls.h b/security/selinux/ss/mls.h index 0fdf6257ef64..1276715aaa8b 100644 --- a/security/selinux/ss/mls.h +++ b/security/selinux/ss/mls.h | |||
@@ -30,7 +30,8 @@ int mls_context_isvalid(struct policydb *p, struct context *c); | |||
30 | int mls_range_isvalid(struct policydb *p, struct mls_range *r); | 30 | int mls_range_isvalid(struct policydb *p, struct mls_range *r); |
31 | int mls_level_isvalid(struct policydb *p, struct mls_level *l); | 31 | int mls_level_isvalid(struct policydb *p, struct mls_level *l); |
32 | 32 | ||
33 | int mls_context_to_sid(char oldc, | 33 | int mls_context_to_sid(struct policydb *p, |
34 | char oldc, | ||
34 | char **scontext, | 35 | char **scontext, |
35 | struct context *context, | 36 | struct context *context, |
36 | struct sidtab *s, | 37 | struct sidtab *s, |
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 84f8cc73c7db..2391761ae422 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c | |||
@@ -1478,7 +1478,8 @@ int policydb_read(struct policydb *p, void *fp) | |||
1478 | struct ocontext *l, *c, *newc; | 1478 | struct ocontext *l, *c, *newc; |
1479 | struct genfs *genfs_p, *genfs, *newgenfs; | 1479 | struct genfs *genfs_p, *genfs, *newgenfs; |
1480 | int i, j, rc; | 1480 | int i, j, rc; |
1481 | __le32 buf[8]; | 1481 | __le32 buf[4]; |
1482 | u32 nodebuf[8]; | ||
1482 | u32 len, len2, config, nprim, nel, nel2; | 1483 | u32 len, len2, config, nprim, nel, nel2; |
1483 | char *policydb_str; | 1484 | char *policydb_str; |
1484 | struct policydb_compat_info *info; | 1485 | struct policydb_compat_info *info; |
@@ -1749,11 +1750,11 @@ int policydb_read(struct policydb *p, void *fp) | |||
1749 | goto bad; | 1750 | goto bad; |
1750 | break; | 1751 | break; |
1751 | case OCON_NODE: | 1752 | case OCON_NODE: |
1752 | rc = next_entry(buf, fp, sizeof(u32) * 2); | 1753 | rc = next_entry(nodebuf, fp, sizeof(u32) * 2); |
1753 | if (rc < 0) | 1754 | if (rc < 0) |
1754 | goto bad; | 1755 | goto bad; |
1755 | c->u.node.addr = le32_to_cpu(buf[0]); | 1756 | c->u.node.addr = nodebuf[0]; /* network order */ |
1756 | c->u.node.mask = le32_to_cpu(buf[1]); | 1757 | c->u.node.mask = nodebuf[1]; /* network order */ |
1757 | rc = context_read_and_validate(&c->context[0], p, fp); | 1758 | rc = context_read_and_validate(&c->context[0], p, fp); |
1758 | if (rc) | 1759 | if (rc) |
1759 | goto bad; | 1760 | goto bad; |
@@ -1782,13 +1783,13 @@ int policydb_read(struct policydb *p, void *fp) | |||
1782 | case OCON_NODE6: { | 1783 | case OCON_NODE6: { |
1783 | int k; | 1784 | int k; |
1784 | 1785 | ||
1785 | rc = next_entry(buf, fp, sizeof(u32) * 8); | 1786 | rc = next_entry(nodebuf, fp, sizeof(u32) * 8); |
1786 | if (rc < 0) | 1787 | if (rc < 0) |
1787 | goto bad; | 1788 | goto bad; |
1788 | for (k = 0; k < 4; k++) | 1789 | for (k = 0; k < 4; k++) |
1789 | c->u.node6.addr[k] = le32_to_cpu(buf[k]); | 1790 | c->u.node6.addr[k] = nodebuf[k]; |
1790 | for (k = 0; k < 4; k++) | 1791 | for (k = 0; k < 4; k++) |
1791 | c->u.node6.mask[k] = le32_to_cpu(buf[k+4]); | 1792 | c->u.node6.mask[k] = nodebuf[k+4]; |
1792 | if (context_read_and_validate(&c->context[0], p, fp)) | 1793 | if (context_read_and_validate(&c->context[0], p, fp)) |
1793 | goto bad; | 1794 | goto bad; |
1794 | break; | 1795 | break; |
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index dcc2e1c4fd83..b52f923ce680 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -71,14 +71,6 @@ int selinux_policycap_openperm; | |||
71 | extern const struct selinux_class_perm selinux_class_perm; | 71 | extern const struct selinux_class_perm selinux_class_perm; |
72 | 72 | ||
73 | static DEFINE_RWLOCK(policy_rwlock); | 73 | static DEFINE_RWLOCK(policy_rwlock); |
74 | #define POLICY_RDLOCK read_lock(&policy_rwlock) | ||
75 | #define POLICY_WRLOCK write_lock_irq(&policy_rwlock) | ||
76 | #define POLICY_RDUNLOCK read_unlock(&policy_rwlock) | ||
77 | #define POLICY_WRUNLOCK write_unlock_irq(&policy_rwlock) | ||
78 | |||
79 | static DEFINE_MUTEX(load_mutex); | ||
80 | #define LOAD_LOCK mutex_lock(&load_mutex) | ||
81 | #define LOAD_UNLOCK mutex_unlock(&load_mutex) | ||
82 | 74 | ||
83 | static struct sidtab sidtab; | 75 | static struct sidtab sidtab; |
84 | struct policydb policydb; | 76 | struct policydb policydb; |
@@ -332,7 +324,7 @@ static int context_struct_compute_av(struct context *scontext, | |||
332 | goto inval_class; | 324 | goto inval_class; |
333 | if (unlikely(tclass > policydb.p_classes.nprim)) | 325 | if (unlikely(tclass > policydb.p_classes.nprim)) |
334 | if (tclass > kdefs->cts_len || | 326 | if (tclass > kdefs->cts_len || |
335 | !kdefs->class_to_string[tclass - 1] || | 327 | !kdefs->class_to_string[tclass] || |
336 | !policydb.allow_unknown) | 328 | !policydb.allow_unknown) |
337 | goto inval_class; | 329 | goto inval_class; |
338 | 330 | ||
@@ -415,9 +407,19 @@ static int context_struct_compute_av(struct context *scontext, | |||
415 | return 0; | 407 | return 0; |
416 | 408 | ||
417 | inval_class: | 409 | inval_class: |
418 | printk(KERN_ERR "SELinux: %s: unrecognized class %d\n", __func__, | 410 | if (!tclass || tclass > kdefs->cts_len || |
419 | tclass); | 411 | !kdefs->class_to_string[tclass]) { |
420 | return -EINVAL; | 412 | if (printk_ratelimit()) |
413 | printk(KERN_ERR "SELinux: %s: unrecognized class %d\n", | ||
414 | __func__, tclass); | ||
415 | return -EINVAL; | ||
416 | } | ||
417 | |||
418 | /* | ||
419 | * Known to the kernel, but not to the policy. | ||
420 | * Handle as a denial (allowed is 0). | ||
421 | */ | ||
422 | return 0; | ||
421 | } | 423 | } |
422 | 424 | ||
423 | /* | 425 | /* |
@@ -429,7 +431,7 @@ int security_permissive_sid(u32 sid) | |||
429 | u32 type; | 431 | u32 type; |
430 | int rc; | 432 | int rc; |
431 | 433 | ||
432 | POLICY_RDLOCK; | 434 | read_lock(&policy_rwlock); |
433 | 435 | ||
434 | context = sidtab_search(&sidtab, sid); | 436 | context = sidtab_search(&sidtab, sid); |
435 | BUG_ON(!context); | 437 | BUG_ON(!context); |
@@ -441,7 +443,7 @@ int security_permissive_sid(u32 sid) | |||
441 | */ | 443 | */ |
442 | rc = ebitmap_get_bit(&policydb.permissive_map, type); | 444 | rc = ebitmap_get_bit(&policydb.permissive_map, type); |
443 | 445 | ||
444 | POLICY_RDUNLOCK; | 446 | read_unlock(&policy_rwlock); |
445 | return rc; | 447 | return rc; |
446 | } | 448 | } |
447 | 449 | ||
@@ -486,7 +488,7 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, | |||
486 | if (!ss_initialized) | 488 | if (!ss_initialized) |
487 | return 0; | 489 | return 0; |
488 | 490 | ||
489 | POLICY_RDLOCK; | 491 | read_lock(&policy_rwlock); |
490 | 492 | ||
491 | /* | 493 | /* |
492 | * Remap extended Netlink classes for old policy versions. | 494 | * Remap extended Netlink classes for old policy versions. |
@@ -543,7 +545,7 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, | |||
543 | } | 545 | } |
544 | 546 | ||
545 | out: | 547 | out: |
546 | POLICY_RDUNLOCK; | 548 | read_unlock(&policy_rwlock); |
547 | return rc; | 549 | return rc; |
548 | } | 550 | } |
549 | 551 | ||
@@ -578,7 +580,7 @@ int security_compute_av(u32 ssid, | |||
578 | return 0; | 580 | return 0; |
579 | } | 581 | } |
580 | 582 | ||
581 | POLICY_RDLOCK; | 583 | read_lock(&policy_rwlock); |
582 | 584 | ||
583 | scontext = sidtab_search(&sidtab, ssid); | 585 | scontext = sidtab_search(&sidtab, ssid); |
584 | if (!scontext) { | 586 | if (!scontext) { |
@@ -598,7 +600,7 @@ int security_compute_av(u32 ssid, | |||
598 | rc = context_struct_compute_av(scontext, tcontext, tclass, | 600 | rc = context_struct_compute_av(scontext, tcontext, tclass, |
599 | requested, avd); | 601 | requested, avd); |
600 | out: | 602 | out: |
601 | POLICY_RDUNLOCK; | 603 | read_unlock(&policy_rwlock); |
602 | return rc; | 604 | return rc; |
603 | } | 605 | } |
604 | 606 | ||
@@ -616,6 +618,14 @@ static int context_struct_to_string(struct context *context, char **scontext, u3 | |||
616 | *scontext = NULL; | 618 | *scontext = NULL; |
617 | *scontext_len = 0; | 619 | *scontext_len = 0; |
618 | 620 | ||
621 | if (context->len) { | ||
622 | *scontext_len = context->len; | ||
623 | *scontext = kstrdup(context->str, GFP_ATOMIC); | ||
624 | if (!(*scontext)) | ||
625 | return -ENOMEM; | ||
626 | return 0; | ||
627 | } | ||
628 | |||
619 | /* Compute the size of the context. */ | 629 | /* Compute the size of the context. */ |
620 | *scontext_len += strlen(policydb.p_user_val_to_name[context->user - 1]) + 1; | 630 | *scontext_len += strlen(policydb.p_user_val_to_name[context->user - 1]) + 1; |
621 | *scontext_len += strlen(policydb.p_role_val_to_name[context->role - 1]) + 1; | 631 | *scontext_len += strlen(policydb.p_role_val_to_name[context->role - 1]) + 1; |
@@ -655,17 +665,8 @@ const char *security_get_initial_sid_context(u32 sid) | |||
655 | return initial_sid_to_string[sid]; | 665 | return initial_sid_to_string[sid]; |
656 | } | 666 | } |
657 | 667 | ||
658 | /** | 668 | static int security_sid_to_context_core(u32 sid, char **scontext, |
659 | * security_sid_to_context - Obtain a context for a given SID. | 669 | u32 *scontext_len, int force) |
660 | * @sid: security identifier, SID | ||
661 | * @scontext: security context | ||
662 | * @scontext_len: length in bytes | ||
663 | * | ||
664 | * Write the string representation of the context associated with @sid | ||
665 | * into a dynamically allocated string of the correct size. Set @scontext | ||
666 | * to point to this string and set @scontext_len to the length of the string. | ||
667 | */ | ||
668 | int security_sid_to_context(u32 sid, char **scontext, u32 *scontext_len) | ||
669 | { | 670 | { |
670 | struct context *context; | 671 | struct context *context; |
671 | int rc = 0; | 672 | int rc = 0; |
@@ -692,8 +693,11 @@ int security_sid_to_context(u32 sid, char **scontext, u32 *scontext_len) | |||
692 | rc = -EINVAL; | 693 | rc = -EINVAL; |
693 | goto out; | 694 | goto out; |
694 | } | 695 | } |
695 | POLICY_RDLOCK; | 696 | read_lock(&policy_rwlock); |
696 | context = sidtab_search(&sidtab, sid); | 697 | if (force) |
698 | context = sidtab_search_force(&sidtab, sid); | ||
699 | else | ||
700 | context = sidtab_search(&sidtab, sid); | ||
697 | if (!context) { | 701 | if (!context) { |
698 | printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", | 702 | printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", |
699 | __func__, sid); | 703 | __func__, sid); |
@@ -702,59 +706,54 @@ int security_sid_to_context(u32 sid, char **scontext, u32 *scontext_len) | |||
702 | } | 706 | } |
703 | rc = context_struct_to_string(context, scontext, scontext_len); | 707 | rc = context_struct_to_string(context, scontext, scontext_len); |
704 | out_unlock: | 708 | out_unlock: |
705 | POLICY_RDUNLOCK; | 709 | read_unlock(&policy_rwlock); |
706 | out: | 710 | out: |
707 | return rc; | 711 | return rc; |
708 | 712 | ||
709 | } | 713 | } |
710 | 714 | ||
711 | static int security_context_to_sid_core(const char *scontext, u32 scontext_len, | 715 | /** |
712 | u32 *sid, u32 def_sid, gfp_t gfp_flags) | 716 | * security_sid_to_context - Obtain a context for a given SID. |
717 | * @sid: security identifier, SID | ||
718 | * @scontext: security context | ||
719 | * @scontext_len: length in bytes | ||
720 | * | ||
721 | * Write the string representation of the context associated with @sid | ||
722 | * into a dynamically allocated string of the correct size. Set @scontext | ||
723 | * to point to this string and set @scontext_len to the length of the string. | ||
724 | */ | ||
725 | int security_sid_to_context(u32 sid, char **scontext, u32 *scontext_len) | ||
726 | { | ||
727 | return security_sid_to_context_core(sid, scontext, scontext_len, 0); | ||
728 | } | ||
729 | |||
730 | int security_sid_to_context_force(u32 sid, char **scontext, u32 *scontext_len) | ||
731 | { | ||
732 | return security_sid_to_context_core(sid, scontext, scontext_len, 1); | ||
733 | } | ||
734 | |||
735 | /* | ||
736 | * Caveat: Mutates scontext. | ||
737 | */ | ||
738 | static int string_to_context_struct(struct policydb *pol, | ||
739 | struct sidtab *sidtabp, | ||
740 | char *scontext, | ||
741 | u32 scontext_len, | ||
742 | struct context *ctx, | ||
743 | u32 def_sid) | ||
713 | { | 744 | { |
714 | char *scontext2; | ||
715 | struct context context; | ||
716 | struct role_datum *role; | 745 | struct role_datum *role; |
717 | struct type_datum *typdatum; | 746 | struct type_datum *typdatum; |
718 | struct user_datum *usrdatum; | 747 | struct user_datum *usrdatum; |
719 | char *scontextp, *p, oldc; | 748 | char *scontextp, *p, oldc; |
720 | int rc = 0; | 749 | int rc = 0; |
721 | 750 | ||
722 | if (!ss_initialized) { | 751 | context_init(ctx); |
723 | int i; | ||
724 | |||
725 | for (i = 1; i < SECINITSID_NUM; i++) { | ||
726 | if (!strcmp(initial_sid_to_string[i], scontext)) { | ||
727 | *sid = i; | ||
728 | goto out; | ||
729 | } | ||
730 | } | ||
731 | *sid = SECINITSID_KERNEL; | ||
732 | goto out; | ||
733 | } | ||
734 | *sid = SECSID_NULL; | ||
735 | |||
736 | /* Copy the string so that we can modify the copy as we parse it. | ||
737 | The string should already by null terminated, but we append a | ||
738 | null suffix to the copy to avoid problems with the existing | ||
739 | attr package, which doesn't view the null terminator as part | ||
740 | of the attribute value. */ | ||
741 | scontext2 = kmalloc(scontext_len+1, gfp_flags); | ||
742 | if (!scontext2) { | ||
743 | rc = -ENOMEM; | ||
744 | goto out; | ||
745 | } | ||
746 | memcpy(scontext2, scontext, scontext_len); | ||
747 | scontext2[scontext_len] = 0; | ||
748 | |||
749 | context_init(&context); | ||
750 | *sid = SECSID_NULL; | ||
751 | |||
752 | POLICY_RDLOCK; | ||
753 | 752 | ||
754 | /* Parse the security context. */ | 753 | /* Parse the security context. */ |
755 | 754 | ||
756 | rc = -EINVAL; | 755 | rc = -EINVAL; |
757 | scontextp = (char *) scontext2; | 756 | scontextp = (char *) scontext; |
758 | 757 | ||
759 | /* Extract the user. */ | 758 | /* Extract the user. */ |
760 | p = scontextp; | 759 | p = scontextp; |
@@ -762,15 +761,15 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len, | |||
762 | p++; | 761 | p++; |
763 | 762 | ||
764 | if (*p == 0) | 763 | if (*p == 0) |
765 | goto out_unlock; | 764 | goto out; |
766 | 765 | ||
767 | *p++ = 0; | 766 | *p++ = 0; |
768 | 767 | ||
769 | usrdatum = hashtab_search(policydb.p_users.table, scontextp); | 768 | usrdatum = hashtab_search(pol->p_users.table, scontextp); |
770 | if (!usrdatum) | 769 | if (!usrdatum) |
771 | goto out_unlock; | 770 | goto out; |
772 | 771 | ||
773 | context.user = usrdatum->value; | 772 | ctx->user = usrdatum->value; |
774 | 773 | ||
775 | /* Extract role. */ | 774 | /* Extract role. */ |
776 | scontextp = p; | 775 | scontextp = p; |
@@ -778,14 +777,14 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len, | |||
778 | p++; | 777 | p++; |
779 | 778 | ||
780 | if (*p == 0) | 779 | if (*p == 0) |
781 | goto out_unlock; | 780 | goto out; |
782 | 781 | ||
783 | *p++ = 0; | 782 | *p++ = 0; |
784 | 783 | ||
785 | role = hashtab_search(policydb.p_roles.table, scontextp); | 784 | role = hashtab_search(pol->p_roles.table, scontextp); |
786 | if (!role) | 785 | if (!role) |
787 | goto out_unlock; | 786 | goto out; |
788 | context.role = role->value; | 787 | ctx->role = role->value; |
789 | 788 | ||
790 | /* Extract type. */ | 789 | /* Extract type. */ |
791 | scontextp = p; | 790 | scontextp = p; |
@@ -794,33 +793,87 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len, | |||
794 | oldc = *p; | 793 | oldc = *p; |
795 | *p++ = 0; | 794 | *p++ = 0; |
796 | 795 | ||
797 | typdatum = hashtab_search(policydb.p_types.table, scontextp); | 796 | typdatum = hashtab_search(pol->p_types.table, scontextp); |
798 | if (!typdatum) | 797 | if (!typdatum) |
799 | goto out_unlock; | 798 | goto out; |
800 | 799 | ||
801 | context.type = typdatum->value; | 800 | ctx->type = typdatum->value; |
802 | 801 | ||
803 | rc = mls_context_to_sid(oldc, &p, &context, &sidtab, def_sid); | 802 | rc = mls_context_to_sid(pol, oldc, &p, ctx, sidtabp, def_sid); |
804 | if (rc) | 803 | if (rc) |
805 | goto out_unlock; | 804 | goto out; |
806 | 805 | ||
807 | if ((p - scontext2) < scontext_len) { | 806 | if ((p - scontext) < scontext_len) { |
808 | rc = -EINVAL; | 807 | rc = -EINVAL; |
809 | goto out_unlock; | 808 | goto out; |
810 | } | 809 | } |
811 | 810 | ||
812 | /* Check the validity of the new context. */ | 811 | /* Check the validity of the new context. */ |
813 | if (!policydb_context_isvalid(&policydb, &context)) { | 812 | if (!policydb_context_isvalid(pol, ctx)) { |
814 | rc = -EINVAL; | 813 | rc = -EINVAL; |
815 | goto out_unlock; | 814 | context_destroy(ctx); |
815 | goto out; | ||
816 | } | ||
817 | rc = 0; | ||
818 | out: | ||
819 | return rc; | ||
820 | } | ||
821 | |||
822 | static int security_context_to_sid_core(const char *scontext, u32 scontext_len, | ||
823 | u32 *sid, u32 def_sid, gfp_t gfp_flags, | ||
824 | int force) | ||
825 | { | ||
826 | char *scontext2, *str = NULL; | ||
827 | struct context context; | ||
828 | int rc = 0; | ||
829 | |||
830 | if (!ss_initialized) { | ||
831 | int i; | ||
832 | |||
833 | for (i = 1; i < SECINITSID_NUM; i++) { | ||
834 | if (!strcmp(initial_sid_to_string[i], scontext)) { | ||
835 | *sid = i; | ||
836 | return 0; | ||
837 | } | ||
838 | } | ||
839 | *sid = SECINITSID_KERNEL; | ||
840 | return 0; | ||
841 | } | ||
842 | *sid = SECSID_NULL; | ||
843 | |||
844 | /* Copy the string so that we can modify the copy as we parse it. */ | ||
845 | scontext2 = kmalloc(scontext_len+1, gfp_flags); | ||
846 | if (!scontext2) | ||
847 | return -ENOMEM; | ||
848 | memcpy(scontext2, scontext, scontext_len); | ||
849 | scontext2[scontext_len] = 0; | ||
850 | |||
851 | if (force) { | ||
852 | /* Save another copy for storing in uninterpreted form */ | ||
853 | str = kstrdup(scontext2, gfp_flags); | ||
854 | if (!str) { | ||
855 | kfree(scontext2); | ||
856 | return -ENOMEM; | ||
857 | } | ||
816 | } | 858 | } |
817 | /* Obtain the new sid. */ | 859 | |
860 | read_lock(&policy_rwlock); | ||
861 | rc = string_to_context_struct(&policydb, &sidtab, | ||
862 | scontext2, scontext_len, | ||
863 | &context, def_sid); | ||
864 | if (rc == -EINVAL && force) { | ||
865 | context.str = str; | ||
866 | context.len = scontext_len; | ||
867 | str = NULL; | ||
868 | } else if (rc) | ||
869 | goto out; | ||
818 | rc = sidtab_context_to_sid(&sidtab, &context, sid); | 870 | rc = sidtab_context_to_sid(&sidtab, &context, sid); |
819 | out_unlock: | 871 | if (rc) |
820 | POLICY_RDUNLOCK; | 872 | context_destroy(&context); |
821 | context_destroy(&context); | ||
822 | kfree(scontext2); | ||
823 | out: | 873 | out: |
874 | read_unlock(&policy_rwlock); | ||
875 | kfree(scontext2); | ||
876 | kfree(str); | ||
824 | return rc; | 877 | return rc; |
825 | } | 878 | } |
826 | 879 | ||
@@ -838,7 +891,7 @@ out: | |||
838 | int security_context_to_sid(const char *scontext, u32 scontext_len, u32 *sid) | 891 | int security_context_to_sid(const char *scontext, u32 scontext_len, u32 *sid) |
839 | { | 892 | { |
840 | return security_context_to_sid_core(scontext, scontext_len, | 893 | return security_context_to_sid_core(scontext, scontext_len, |
841 | sid, SECSID_NULL, GFP_KERNEL); | 894 | sid, SECSID_NULL, GFP_KERNEL, 0); |
842 | } | 895 | } |
843 | 896 | ||
844 | /** | 897 | /** |
@@ -855,6 +908,7 @@ int security_context_to_sid(const char *scontext, u32 scontext_len, u32 *sid) | |||
855 | * The default SID is passed to the MLS layer to be used to allow | 908 | * The default SID is passed to the MLS layer to be used to allow |
856 | * kernel labeling of the MLS field if the MLS field is not present | 909 | * kernel labeling of the MLS field if the MLS field is not present |
857 | * (for upgrading to MLS without full relabel). | 910 | * (for upgrading to MLS without full relabel). |
911 | * Implicitly forces adding of the context even if it cannot be mapped yet. | ||
858 | * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient | 912 | * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient |
859 | * memory is available, or 0 on success. | 913 | * memory is available, or 0 on success. |
860 | */ | 914 | */ |
@@ -862,7 +916,14 @@ int security_context_to_sid_default(const char *scontext, u32 scontext_len, | |||
862 | u32 *sid, u32 def_sid, gfp_t gfp_flags) | 916 | u32 *sid, u32 def_sid, gfp_t gfp_flags) |
863 | { | 917 | { |
864 | return security_context_to_sid_core(scontext, scontext_len, | 918 | return security_context_to_sid_core(scontext, scontext_len, |
865 | sid, def_sid, gfp_flags); | 919 | sid, def_sid, gfp_flags, 1); |
920 | } | ||
921 | |||
922 | int security_context_to_sid_force(const char *scontext, u32 scontext_len, | ||
923 | u32 *sid) | ||
924 | { | ||
925 | return security_context_to_sid_core(scontext, scontext_len, | ||
926 | sid, SECSID_NULL, GFP_KERNEL, 1); | ||
866 | } | 927 | } |
867 | 928 | ||
868 | static int compute_sid_handle_invalid_context( | 929 | static int compute_sid_handle_invalid_context( |
@@ -922,7 +983,7 @@ static int security_compute_sid(u32 ssid, | |||
922 | 983 | ||
923 | context_init(&newcontext); | 984 | context_init(&newcontext); |
924 | 985 | ||
925 | POLICY_RDLOCK; | 986 | read_lock(&policy_rwlock); |
926 | 987 | ||
927 | scontext = sidtab_search(&sidtab, ssid); | 988 | scontext = sidtab_search(&sidtab, ssid); |
928 | if (!scontext) { | 989 | if (!scontext) { |
@@ -1027,7 +1088,7 @@ static int security_compute_sid(u32 ssid, | |||
1027 | /* Obtain the sid for the context. */ | 1088 | /* Obtain the sid for the context. */ |
1028 | rc = sidtab_context_to_sid(&sidtab, &newcontext, out_sid); | 1089 | rc = sidtab_context_to_sid(&sidtab, &newcontext, out_sid); |
1029 | out_unlock: | 1090 | out_unlock: |
1030 | POLICY_RDUNLOCK; | 1091 | read_unlock(&policy_rwlock); |
1031 | context_destroy(&newcontext); | 1092 | context_destroy(&newcontext); |
1032 | out: | 1093 | out: |
1033 | return rc; | 1094 | return rc; |
@@ -1110,6 +1171,7 @@ static int validate_classes(struct policydb *p) | |||
1110 | const struct selinux_class_perm *kdefs = &selinux_class_perm; | 1171 | const struct selinux_class_perm *kdefs = &selinux_class_perm; |
1111 | const char *def_class, *def_perm, *pol_class; | 1172 | const char *def_class, *def_perm, *pol_class; |
1112 | struct symtab *perms; | 1173 | struct symtab *perms; |
1174 | bool print_unknown_handle = 0; | ||
1113 | 1175 | ||
1114 | if (p->allow_unknown) { | 1176 | if (p->allow_unknown) { |
1115 | u32 num_classes = kdefs->cts_len; | 1177 | u32 num_classes = kdefs->cts_len; |
@@ -1130,6 +1192,7 @@ static int validate_classes(struct policydb *p) | |||
1130 | return -EINVAL; | 1192 | return -EINVAL; |
1131 | if (p->allow_unknown) | 1193 | if (p->allow_unknown) |
1132 | p->undefined_perms[i-1] = ~0U; | 1194 | p->undefined_perms[i-1] = ~0U; |
1195 | print_unknown_handle = 1; | ||
1133 | continue; | 1196 | continue; |
1134 | } | 1197 | } |
1135 | pol_class = p->p_class_val_to_name[i-1]; | 1198 | pol_class = p->p_class_val_to_name[i-1]; |
@@ -1159,6 +1222,7 @@ static int validate_classes(struct policydb *p) | |||
1159 | return -EINVAL; | 1222 | return -EINVAL; |
1160 | if (p->allow_unknown) | 1223 | if (p->allow_unknown) |
1161 | p->undefined_perms[class_val-1] |= perm_val; | 1224 | p->undefined_perms[class_val-1] |= perm_val; |
1225 | print_unknown_handle = 1; | ||
1162 | continue; | 1226 | continue; |
1163 | } | 1227 | } |
1164 | perdatum = hashtab_search(perms->table, def_perm); | 1228 | perdatum = hashtab_search(perms->table, def_perm); |
@@ -1206,6 +1270,7 @@ static int validate_classes(struct policydb *p) | |||
1206 | return -EINVAL; | 1270 | return -EINVAL; |
1207 | if (p->allow_unknown) | 1271 | if (p->allow_unknown) |
1208 | p->undefined_perms[class_val-1] |= (1 << j); | 1272 | p->undefined_perms[class_val-1] |= (1 << j); |
1273 | print_unknown_handle = 1; | ||
1209 | continue; | 1274 | continue; |
1210 | } | 1275 | } |
1211 | perdatum = hashtab_search(perms->table, def_perm); | 1276 | perdatum = hashtab_search(perms->table, def_perm); |
@@ -1223,6 +1288,9 @@ static int validate_classes(struct policydb *p) | |||
1223 | } | 1288 | } |
1224 | } | 1289 | } |
1225 | } | 1290 | } |
1291 | if (print_unknown_handle) | ||
1292 | printk(KERN_INFO "SELinux: the above unknown classes and permissions will be %s\n", | ||
1293 | (security_get_allow_unknown() ? "allowed" : "denied")); | ||
1226 | return 0; | 1294 | return 0; |
1227 | } | 1295 | } |
1228 | 1296 | ||
@@ -1246,9 +1314,12 @@ static inline int convert_context_handle_invalid_context(struct context *context | |||
1246 | char *s; | 1314 | char *s; |
1247 | u32 len; | 1315 | u32 len; |
1248 | 1316 | ||
1249 | context_struct_to_string(context, &s, &len); | 1317 | if (!context_struct_to_string(context, &s, &len)) { |
1250 | printk(KERN_ERR "SELinux: context %s is invalid\n", s); | 1318 | printk(KERN_WARNING |
1251 | kfree(s); | 1319 | "SELinux: Context %s would be invalid if enforcing\n", |
1320 | s); | ||
1321 | kfree(s); | ||
1322 | } | ||
1252 | } | 1323 | } |
1253 | return rc; | 1324 | return rc; |
1254 | } | 1325 | } |
@@ -1280,6 +1351,37 @@ static int convert_context(u32 key, | |||
1280 | 1351 | ||
1281 | args = p; | 1352 | args = p; |
1282 | 1353 | ||
1354 | if (c->str) { | ||
1355 | struct context ctx; | ||
1356 | s = kstrdup(c->str, GFP_KERNEL); | ||
1357 | if (!s) { | ||
1358 | rc = -ENOMEM; | ||
1359 | goto out; | ||
1360 | } | ||
1361 | rc = string_to_context_struct(args->newp, NULL, s, | ||
1362 | c->len, &ctx, SECSID_NULL); | ||
1363 | kfree(s); | ||
1364 | if (!rc) { | ||
1365 | printk(KERN_INFO | ||
1366 | "SELinux: Context %s became valid (mapped).\n", | ||
1367 | c->str); | ||
1368 | /* Replace string with mapped representation. */ | ||
1369 | kfree(c->str); | ||
1370 | memcpy(c, &ctx, sizeof(*c)); | ||
1371 | goto out; | ||
1372 | } else if (rc == -EINVAL) { | ||
1373 | /* Retain string representation for later mapping. */ | ||
1374 | rc = 0; | ||
1375 | goto out; | ||
1376 | } else { | ||
1377 | /* Other error condition, e.g. ENOMEM. */ | ||
1378 | printk(KERN_ERR | ||
1379 | "SELinux: Unable to map context %s, rc = %d.\n", | ||
1380 | c->str, -rc); | ||
1381 | goto out; | ||
1382 | } | ||
1383 | } | ||
1384 | |||
1283 | rc = context_cpy(&oldc, c); | 1385 | rc = context_cpy(&oldc, c); |
1284 | if (rc) | 1386 | if (rc) |
1285 | goto out; | 1387 | goto out; |
@@ -1319,13 +1421,21 @@ static int convert_context(u32 key, | |||
1319 | } | 1421 | } |
1320 | 1422 | ||
1321 | context_destroy(&oldc); | 1423 | context_destroy(&oldc); |
1424 | rc = 0; | ||
1322 | out: | 1425 | out: |
1323 | return rc; | 1426 | return rc; |
1324 | bad: | 1427 | bad: |
1325 | context_struct_to_string(&oldc, &s, &len); | 1428 | /* Map old representation to string and save it. */ |
1429 | if (context_struct_to_string(&oldc, &s, &len)) | ||
1430 | return -ENOMEM; | ||
1326 | context_destroy(&oldc); | 1431 | context_destroy(&oldc); |
1327 | printk(KERN_ERR "SELinux: invalidating context %s\n", s); | 1432 | context_destroy(c); |
1328 | kfree(s); | 1433 | c->str = s; |
1434 | c->len = len; | ||
1435 | printk(KERN_INFO | ||
1436 | "SELinux: Context %s became invalid (unmapped).\n", | ||
1437 | c->str); | ||
1438 | rc = 0; | ||
1329 | goto out; | 1439 | goto out; |
1330 | } | 1440 | } |
1331 | 1441 | ||
@@ -1359,17 +1469,13 @@ int security_load_policy(void *data, size_t len) | |||
1359 | int rc = 0; | 1469 | int rc = 0; |
1360 | struct policy_file file = { data, len }, *fp = &file; | 1470 | struct policy_file file = { data, len }, *fp = &file; |
1361 | 1471 | ||
1362 | LOAD_LOCK; | ||
1363 | |||
1364 | if (!ss_initialized) { | 1472 | if (!ss_initialized) { |
1365 | avtab_cache_init(); | 1473 | avtab_cache_init(); |
1366 | if (policydb_read(&policydb, fp)) { | 1474 | if (policydb_read(&policydb, fp)) { |
1367 | LOAD_UNLOCK; | ||
1368 | avtab_cache_destroy(); | 1475 | avtab_cache_destroy(); |
1369 | return -EINVAL; | 1476 | return -EINVAL; |
1370 | } | 1477 | } |
1371 | if (policydb_load_isids(&policydb, &sidtab)) { | 1478 | if (policydb_load_isids(&policydb, &sidtab)) { |
1372 | LOAD_UNLOCK; | ||
1373 | policydb_destroy(&policydb); | 1479 | policydb_destroy(&policydb); |
1374 | avtab_cache_destroy(); | 1480 | avtab_cache_destroy(); |
1375 | return -EINVAL; | 1481 | return -EINVAL; |
@@ -1378,7 +1484,6 @@ int security_load_policy(void *data, size_t len) | |||
1378 | if (validate_classes(&policydb)) { | 1484 | if (validate_classes(&policydb)) { |
1379 | printk(KERN_ERR | 1485 | printk(KERN_ERR |
1380 | "SELinux: the definition of a class is incorrect\n"); | 1486 | "SELinux: the definition of a class is incorrect\n"); |
1381 | LOAD_UNLOCK; | ||
1382 | sidtab_destroy(&sidtab); | 1487 | sidtab_destroy(&sidtab); |
1383 | policydb_destroy(&policydb); | 1488 | policydb_destroy(&policydb); |
1384 | avtab_cache_destroy(); | 1489 | avtab_cache_destroy(); |
@@ -1388,7 +1493,6 @@ int security_load_policy(void *data, size_t len) | |||
1388 | policydb_loaded_version = policydb.policyvers; | 1493 | policydb_loaded_version = policydb.policyvers; |
1389 | ss_initialized = 1; | 1494 | ss_initialized = 1; |
1390 | seqno = ++latest_granting; | 1495 | seqno = ++latest_granting; |
1391 | LOAD_UNLOCK; | ||
1392 | selinux_complete_init(); | 1496 | selinux_complete_init(); |
1393 | avc_ss_reset(seqno); | 1497 | avc_ss_reset(seqno); |
1394 | selnl_notify_policyload(seqno); | 1498 | selnl_notify_policyload(seqno); |
@@ -1401,12 +1505,13 @@ int security_load_policy(void *data, size_t len) | |||
1401 | sidtab_hash_eval(&sidtab, "sids"); | 1505 | sidtab_hash_eval(&sidtab, "sids"); |
1402 | #endif | 1506 | #endif |
1403 | 1507 | ||
1404 | if (policydb_read(&newpolicydb, fp)) { | 1508 | if (policydb_read(&newpolicydb, fp)) |
1405 | LOAD_UNLOCK; | ||
1406 | return -EINVAL; | 1509 | return -EINVAL; |
1407 | } | ||
1408 | 1510 | ||
1409 | sidtab_init(&newsidtab); | 1511 | if (sidtab_init(&newsidtab)) { |
1512 | policydb_destroy(&newpolicydb); | ||
1513 | return -ENOMEM; | ||
1514 | } | ||
1410 | 1515 | ||
1411 | /* Verify that the kernel defined classes are correct. */ | 1516 | /* Verify that the kernel defined classes are correct. */ |
1412 | if (validate_classes(&newpolicydb)) { | 1517 | if (validate_classes(&newpolicydb)) { |
@@ -1429,25 +1534,28 @@ int security_load_policy(void *data, size_t len) | |||
1429 | goto err; | 1534 | goto err; |
1430 | } | 1535 | } |
1431 | 1536 | ||
1432 | /* Convert the internal representations of contexts | 1537 | /* |
1433 | in the new SID table and remove invalid SIDs. */ | 1538 | * Convert the internal representations of contexts |
1539 | * in the new SID table. | ||
1540 | */ | ||
1434 | args.oldp = &policydb; | 1541 | args.oldp = &policydb; |
1435 | args.newp = &newpolicydb; | 1542 | args.newp = &newpolicydb; |
1436 | sidtab_map_remove_on_error(&newsidtab, convert_context, &args); | 1543 | rc = sidtab_map(&newsidtab, convert_context, &args); |
1544 | if (rc) | ||
1545 | goto err; | ||
1437 | 1546 | ||
1438 | /* Save the old policydb and SID table to free later. */ | 1547 | /* Save the old policydb and SID table to free later. */ |
1439 | memcpy(&oldpolicydb, &policydb, sizeof policydb); | 1548 | memcpy(&oldpolicydb, &policydb, sizeof policydb); |
1440 | sidtab_set(&oldsidtab, &sidtab); | 1549 | sidtab_set(&oldsidtab, &sidtab); |
1441 | 1550 | ||
1442 | /* Install the new policydb and SID table. */ | 1551 | /* Install the new policydb and SID table. */ |
1443 | POLICY_WRLOCK; | 1552 | write_lock_irq(&policy_rwlock); |
1444 | memcpy(&policydb, &newpolicydb, sizeof policydb); | 1553 | memcpy(&policydb, &newpolicydb, sizeof policydb); |
1445 | sidtab_set(&sidtab, &newsidtab); | 1554 | sidtab_set(&sidtab, &newsidtab); |
1446 | security_load_policycaps(); | 1555 | security_load_policycaps(); |
1447 | seqno = ++latest_granting; | 1556 | seqno = ++latest_granting; |
1448 | policydb_loaded_version = policydb.policyvers; | 1557 | policydb_loaded_version = policydb.policyvers; |
1449 | POLICY_WRUNLOCK; | 1558 | write_unlock_irq(&policy_rwlock); |
1450 | LOAD_UNLOCK; | ||
1451 | 1559 | ||
1452 | /* Free the old policydb and SID table. */ | 1560 | /* Free the old policydb and SID table. */ |
1453 | policydb_destroy(&oldpolicydb); | 1561 | policydb_destroy(&oldpolicydb); |
@@ -1461,7 +1569,6 @@ int security_load_policy(void *data, size_t len) | |||
1461 | return 0; | 1569 | return 0; |
1462 | 1570 | ||
1463 | err: | 1571 | err: |
1464 | LOAD_UNLOCK; | ||
1465 | sidtab_destroy(&newsidtab); | 1572 | sidtab_destroy(&newsidtab); |
1466 | policydb_destroy(&newpolicydb); | 1573 | policydb_destroy(&newpolicydb); |
1467 | return rc; | 1574 | return rc; |
@@ -1479,7 +1586,7 @@ int security_port_sid(u8 protocol, u16 port, u32 *out_sid) | |||
1479 | struct ocontext *c; | 1586 | struct ocontext *c; |
1480 | int rc = 0; | 1587 | int rc = 0; |
1481 | 1588 | ||
1482 | POLICY_RDLOCK; | 1589 | read_lock(&policy_rwlock); |
1483 | 1590 | ||
1484 | c = policydb.ocontexts[OCON_PORT]; | 1591 | c = policydb.ocontexts[OCON_PORT]; |
1485 | while (c) { | 1592 | while (c) { |
@@ -1504,7 +1611,7 @@ int security_port_sid(u8 protocol, u16 port, u32 *out_sid) | |||
1504 | } | 1611 | } |
1505 | 1612 | ||
1506 | out: | 1613 | out: |
1507 | POLICY_RDUNLOCK; | 1614 | read_unlock(&policy_rwlock); |
1508 | return rc; | 1615 | return rc; |
1509 | } | 1616 | } |
1510 | 1617 | ||
@@ -1518,7 +1625,7 @@ int security_netif_sid(char *name, u32 *if_sid) | |||
1518 | int rc = 0; | 1625 | int rc = 0; |
1519 | struct ocontext *c; | 1626 | struct ocontext *c; |
1520 | 1627 | ||
1521 | POLICY_RDLOCK; | 1628 | read_lock(&policy_rwlock); |
1522 | 1629 | ||
1523 | c = policydb.ocontexts[OCON_NETIF]; | 1630 | c = policydb.ocontexts[OCON_NETIF]; |
1524 | while (c) { | 1631 | while (c) { |
@@ -1545,7 +1652,7 @@ int security_netif_sid(char *name, u32 *if_sid) | |||
1545 | *if_sid = SECINITSID_NETIF; | 1652 | *if_sid = SECINITSID_NETIF; |
1546 | 1653 | ||
1547 | out: | 1654 | out: |
1548 | POLICY_RDUNLOCK; | 1655 | read_unlock(&policy_rwlock); |
1549 | return rc; | 1656 | return rc; |
1550 | } | 1657 | } |
1551 | 1658 | ||
@@ -1577,7 +1684,7 @@ int security_node_sid(u16 domain, | |||
1577 | int rc = 0; | 1684 | int rc = 0; |
1578 | struct ocontext *c; | 1685 | struct ocontext *c; |
1579 | 1686 | ||
1580 | POLICY_RDLOCK; | 1687 | read_lock(&policy_rwlock); |
1581 | 1688 | ||
1582 | switch (domain) { | 1689 | switch (domain) { |
1583 | case AF_INET: { | 1690 | case AF_INET: { |
@@ -1632,7 +1739,7 @@ int security_node_sid(u16 domain, | |||
1632 | } | 1739 | } |
1633 | 1740 | ||
1634 | out: | 1741 | out: |
1635 | POLICY_RDUNLOCK; | 1742 | read_unlock(&policy_rwlock); |
1636 | return rc; | 1743 | return rc; |
1637 | } | 1744 | } |
1638 | 1745 | ||
@@ -1671,7 +1778,9 @@ int security_get_user_sids(u32 fromsid, | |||
1671 | if (!ss_initialized) | 1778 | if (!ss_initialized) |
1672 | goto out; | 1779 | goto out; |
1673 | 1780 | ||
1674 | POLICY_RDLOCK; | 1781 | read_lock(&policy_rwlock); |
1782 | |||
1783 | context_init(&usercon); | ||
1675 | 1784 | ||
1676 | fromcon = sidtab_search(&sidtab, fromsid); | 1785 | fromcon = sidtab_search(&sidtab, fromsid); |
1677 | if (!fromcon) { | 1786 | if (!fromcon) { |
@@ -1722,7 +1831,7 @@ int security_get_user_sids(u32 fromsid, | |||
1722 | } | 1831 | } |
1723 | 1832 | ||
1724 | out_unlock: | 1833 | out_unlock: |
1725 | POLICY_RDUNLOCK; | 1834 | read_unlock(&policy_rwlock); |
1726 | if (rc || !mynel) { | 1835 | if (rc || !mynel) { |
1727 | kfree(mysids); | 1836 | kfree(mysids); |
1728 | goto out; | 1837 | goto out; |
@@ -1775,7 +1884,7 @@ int security_genfs_sid(const char *fstype, | |||
1775 | while (path[0] == '/' && path[1] == '/') | 1884 | while (path[0] == '/' && path[1] == '/') |
1776 | path++; | 1885 | path++; |
1777 | 1886 | ||
1778 | POLICY_RDLOCK; | 1887 | read_lock(&policy_rwlock); |
1779 | 1888 | ||
1780 | for (genfs = policydb.genfs; genfs; genfs = genfs->next) { | 1889 | for (genfs = policydb.genfs; genfs; genfs = genfs->next) { |
1781 | cmp = strcmp(fstype, genfs->fstype); | 1890 | cmp = strcmp(fstype, genfs->fstype); |
@@ -1812,7 +1921,7 @@ int security_genfs_sid(const char *fstype, | |||
1812 | 1921 | ||
1813 | *sid = c->sid[0]; | 1922 | *sid = c->sid[0]; |
1814 | out: | 1923 | out: |
1815 | POLICY_RDUNLOCK; | 1924 | read_unlock(&policy_rwlock); |
1816 | return rc; | 1925 | return rc; |
1817 | } | 1926 | } |
1818 | 1927 | ||
@@ -1830,7 +1939,7 @@ int security_fs_use( | |||
1830 | int rc = 0; | 1939 | int rc = 0; |
1831 | struct ocontext *c; | 1940 | struct ocontext *c; |
1832 | 1941 | ||
1833 | POLICY_RDLOCK; | 1942 | read_lock(&policy_rwlock); |
1834 | 1943 | ||
1835 | c = policydb.ocontexts[OCON_FSUSE]; | 1944 | c = policydb.ocontexts[OCON_FSUSE]; |
1836 | while (c) { | 1945 | while (c) { |
@@ -1860,7 +1969,7 @@ int security_fs_use( | |||
1860 | } | 1969 | } |
1861 | 1970 | ||
1862 | out: | 1971 | out: |
1863 | POLICY_RDUNLOCK; | 1972 | read_unlock(&policy_rwlock); |
1864 | return rc; | 1973 | return rc; |
1865 | } | 1974 | } |
1866 | 1975 | ||
@@ -1868,7 +1977,7 @@ int security_get_bools(int *len, char ***names, int **values) | |||
1868 | { | 1977 | { |
1869 | int i, rc = -ENOMEM; | 1978 | int i, rc = -ENOMEM; |
1870 | 1979 | ||
1871 | POLICY_RDLOCK; | 1980 | read_lock(&policy_rwlock); |
1872 | *names = NULL; | 1981 | *names = NULL; |
1873 | *values = NULL; | 1982 | *values = NULL; |
1874 | 1983 | ||
@@ -1898,7 +2007,7 @@ int security_get_bools(int *len, char ***names, int **values) | |||
1898 | } | 2007 | } |
1899 | rc = 0; | 2008 | rc = 0; |
1900 | out: | 2009 | out: |
1901 | POLICY_RDUNLOCK; | 2010 | read_unlock(&policy_rwlock); |
1902 | return rc; | 2011 | return rc; |
1903 | err: | 2012 | err: |
1904 | if (*names) { | 2013 | if (*names) { |
@@ -1916,7 +2025,7 @@ int security_set_bools(int len, int *values) | |||
1916 | int lenp, seqno = 0; | 2025 | int lenp, seqno = 0; |
1917 | struct cond_node *cur; | 2026 | struct cond_node *cur; |
1918 | 2027 | ||
1919 | POLICY_WRLOCK; | 2028 | write_lock_irq(&policy_rwlock); |
1920 | 2029 | ||
1921 | lenp = policydb.p_bools.nprim; | 2030 | lenp = policydb.p_bools.nprim; |
1922 | if (len != lenp) { | 2031 | if (len != lenp) { |
@@ -1950,7 +2059,7 @@ int security_set_bools(int len, int *values) | |||
1950 | seqno = ++latest_granting; | 2059 | seqno = ++latest_granting; |
1951 | 2060 | ||
1952 | out: | 2061 | out: |
1953 | POLICY_WRUNLOCK; | 2062 | write_unlock_irq(&policy_rwlock); |
1954 | if (!rc) { | 2063 | if (!rc) { |
1955 | avc_ss_reset(seqno); | 2064 | avc_ss_reset(seqno); |
1956 | selnl_notify_policyload(seqno); | 2065 | selnl_notify_policyload(seqno); |
@@ -1964,7 +2073,7 @@ int security_get_bool_value(int bool) | |||
1964 | int rc = 0; | 2073 | int rc = 0; |
1965 | int len; | 2074 | int len; |
1966 | 2075 | ||
1967 | POLICY_RDLOCK; | 2076 | read_lock(&policy_rwlock); |
1968 | 2077 | ||
1969 | len = policydb.p_bools.nprim; | 2078 | len = policydb.p_bools.nprim; |
1970 | if (bool >= len) { | 2079 | if (bool >= len) { |
@@ -1974,7 +2083,7 @@ int security_get_bool_value(int bool) | |||
1974 | 2083 | ||
1975 | rc = policydb.bool_val_to_struct[bool]->state; | 2084 | rc = policydb.bool_val_to_struct[bool]->state; |
1976 | out: | 2085 | out: |
1977 | POLICY_RDUNLOCK; | 2086 | read_unlock(&policy_rwlock); |
1978 | return rc; | 2087 | return rc; |
1979 | } | 2088 | } |
1980 | 2089 | ||
@@ -2029,7 +2138,7 @@ int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid) | |||
2029 | 2138 | ||
2030 | context_init(&newcon); | 2139 | context_init(&newcon); |
2031 | 2140 | ||
2032 | POLICY_RDLOCK; | 2141 | read_lock(&policy_rwlock); |
2033 | context1 = sidtab_search(&sidtab, sid); | 2142 | context1 = sidtab_search(&sidtab, sid); |
2034 | if (!context1) { | 2143 | if (!context1) { |
2035 | printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", | 2144 | printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", |
@@ -2071,7 +2180,7 @@ bad: | |||
2071 | } | 2180 | } |
2072 | 2181 | ||
2073 | out_unlock: | 2182 | out_unlock: |
2074 | POLICY_RDUNLOCK; | 2183 | read_unlock(&policy_rwlock); |
2075 | context_destroy(&newcon); | 2184 | context_destroy(&newcon); |
2076 | out: | 2185 | out: |
2077 | return rc; | 2186 | return rc; |
@@ -2128,7 +2237,7 @@ int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type, | |||
2128 | return 0; | 2237 | return 0; |
2129 | } | 2238 | } |
2130 | 2239 | ||
2131 | POLICY_RDLOCK; | 2240 | read_lock(&policy_rwlock); |
2132 | 2241 | ||
2133 | nlbl_ctx = sidtab_search(&sidtab, nlbl_sid); | 2242 | nlbl_ctx = sidtab_search(&sidtab, nlbl_sid); |
2134 | if (!nlbl_ctx) { | 2243 | if (!nlbl_ctx) { |
@@ -2147,7 +2256,7 @@ int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type, | |||
2147 | rc = (mls_context_cmp(nlbl_ctx, xfrm_ctx) ? 0 : -EACCES); | 2256 | rc = (mls_context_cmp(nlbl_ctx, xfrm_ctx) ? 0 : -EACCES); |
2148 | 2257 | ||
2149 | out_slowpath: | 2258 | out_slowpath: |
2150 | POLICY_RDUNLOCK; | 2259 | read_unlock(&policy_rwlock); |
2151 | if (rc == 0) | 2260 | if (rc == 0) |
2152 | /* at present NetLabel SIDs/labels really only carry MLS | 2261 | /* at present NetLabel SIDs/labels really only carry MLS |
2153 | * information so if the MLS portion of the NetLabel SID | 2262 | * information so if the MLS portion of the NetLabel SID |
@@ -2177,7 +2286,7 @@ int security_get_classes(char ***classes, int *nclasses) | |||
2177 | { | 2286 | { |
2178 | int rc = -ENOMEM; | 2287 | int rc = -ENOMEM; |
2179 | 2288 | ||
2180 | POLICY_RDLOCK; | 2289 | read_lock(&policy_rwlock); |
2181 | 2290 | ||
2182 | *nclasses = policydb.p_classes.nprim; | 2291 | *nclasses = policydb.p_classes.nprim; |
2183 | *classes = kcalloc(*nclasses, sizeof(*classes), GFP_ATOMIC); | 2292 | *classes = kcalloc(*nclasses, sizeof(*classes), GFP_ATOMIC); |
@@ -2194,7 +2303,7 @@ int security_get_classes(char ***classes, int *nclasses) | |||
2194 | } | 2303 | } |
2195 | 2304 | ||
2196 | out: | 2305 | out: |
2197 | POLICY_RDUNLOCK; | 2306 | read_unlock(&policy_rwlock); |
2198 | return rc; | 2307 | return rc; |
2199 | } | 2308 | } |
2200 | 2309 | ||
@@ -2216,7 +2325,7 @@ int security_get_permissions(char *class, char ***perms, int *nperms) | |||
2216 | int rc = -ENOMEM, i; | 2325 | int rc = -ENOMEM, i; |
2217 | struct class_datum *match; | 2326 | struct class_datum *match; |
2218 | 2327 | ||
2219 | POLICY_RDLOCK; | 2328 | read_lock(&policy_rwlock); |
2220 | 2329 | ||
2221 | match = hashtab_search(policydb.p_classes.table, class); | 2330 | match = hashtab_search(policydb.p_classes.table, class); |
2222 | if (!match) { | 2331 | if (!match) { |
@@ -2244,11 +2353,11 @@ int security_get_permissions(char *class, char ***perms, int *nperms) | |||
2244 | goto err; | 2353 | goto err; |
2245 | 2354 | ||
2246 | out: | 2355 | out: |
2247 | POLICY_RDUNLOCK; | 2356 | read_unlock(&policy_rwlock); |
2248 | return rc; | 2357 | return rc; |
2249 | 2358 | ||
2250 | err: | 2359 | err: |
2251 | POLICY_RDUNLOCK; | 2360 | read_unlock(&policy_rwlock); |
2252 | for (i = 0; i < *nperms; i++) | 2361 | for (i = 0; i < *nperms; i++) |
2253 | kfree((*perms)[i]); | 2362 | kfree((*perms)[i]); |
2254 | kfree(*perms); | 2363 | kfree(*perms); |
@@ -2279,9 +2388,9 @@ int security_policycap_supported(unsigned int req_cap) | |||
2279 | { | 2388 | { |
2280 | int rc; | 2389 | int rc; |
2281 | 2390 | ||
2282 | POLICY_RDLOCK; | 2391 | read_lock(&policy_rwlock); |
2283 | rc = ebitmap_get_bit(&policydb.policycaps, req_cap); | 2392 | rc = ebitmap_get_bit(&policydb.policycaps, req_cap); |
2284 | POLICY_RDUNLOCK; | 2393 | read_unlock(&policy_rwlock); |
2285 | 2394 | ||
2286 | return rc; | 2395 | return rc; |
2287 | } | 2396 | } |
@@ -2345,7 +2454,7 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) | |||
2345 | 2454 | ||
2346 | context_init(&tmprule->au_ctxt); | 2455 | context_init(&tmprule->au_ctxt); |
2347 | 2456 | ||
2348 | POLICY_RDLOCK; | 2457 | read_lock(&policy_rwlock); |
2349 | 2458 | ||
2350 | tmprule->au_seqno = latest_granting; | 2459 | tmprule->au_seqno = latest_granting; |
2351 | 2460 | ||
@@ -2382,7 +2491,7 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) | |||
2382 | break; | 2491 | break; |
2383 | } | 2492 | } |
2384 | 2493 | ||
2385 | POLICY_RDUNLOCK; | 2494 | read_unlock(&policy_rwlock); |
2386 | 2495 | ||
2387 | if (rc) { | 2496 | if (rc) { |
2388 | selinux_audit_rule_free(tmprule); | 2497 | selinux_audit_rule_free(tmprule); |
@@ -2420,7 +2529,7 @@ int selinux_audit_rule_known(struct audit_krule *rule) | |||
2420 | } | 2529 | } |
2421 | 2530 | ||
2422 | int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, | 2531 | int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, |
2423 | struct audit_context *actx) | 2532 | struct audit_context *actx) |
2424 | { | 2533 | { |
2425 | struct context *ctxt; | 2534 | struct context *ctxt; |
2426 | struct mls_level *level; | 2535 | struct mls_level *level; |
@@ -2433,7 +2542,7 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, | |||
2433 | return -ENOENT; | 2542 | return -ENOENT; |
2434 | } | 2543 | } |
2435 | 2544 | ||
2436 | POLICY_RDLOCK; | 2545 | read_lock(&policy_rwlock); |
2437 | 2546 | ||
2438 | if (rule->au_seqno < latest_granting) { | 2547 | if (rule->au_seqno < latest_granting) { |
2439 | audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR, | 2548 | audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR, |
@@ -2527,14 +2636,14 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, | |||
2527 | } | 2636 | } |
2528 | 2637 | ||
2529 | out: | 2638 | out: |
2530 | POLICY_RDUNLOCK; | 2639 | read_unlock(&policy_rwlock); |
2531 | return match; | 2640 | return match; |
2532 | } | 2641 | } |
2533 | 2642 | ||
2534 | static int (*aurule_callback)(void) = audit_update_lsm_rules; | 2643 | static int (*aurule_callback)(void) = audit_update_lsm_rules; |
2535 | 2644 | ||
2536 | static int aurule_avc_callback(u32 event, u32 ssid, u32 tsid, | 2645 | static int aurule_avc_callback(u32 event, u32 ssid, u32 tsid, |
2537 | u16 class, u32 perms, u32 *retained) | 2646 | u16 class, u32 perms, u32 *retained) |
2538 | { | 2647 | { |
2539 | int err = 0; | 2648 | int err = 0; |
2540 | 2649 | ||
@@ -2615,7 +2724,7 @@ int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, | |||
2615 | return 0; | 2724 | return 0; |
2616 | } | 2725 | } |
2617 | 2726 | ||
2618 | POLICY_RDLOCK; | 2727 | read_lock(&policy_rwlock); |
2619 | 2728 | ||
2620 | if (secattr->flags & NETLBL_SECATTR_CACHE) { | 2729 | if (secattr->flags & NETLBL_SECATTR_CACHE) { |
2621 | *sid = *(u32 *)secattr->cache->data; | 2730 | *sid = *(u32 *)secattr->cache->data; |
@@ -2660,7 +2769,7 @@ int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, | |||
2660 | } | 2769 | } |
2661 | 2770 | ||
2662 | netlbl_secattr_to_sid_return: | 2771 | netlbl_secattr_to_sid_return: |
2663 | POLICY_RDUNLOCK; | 2772 | read_unlock(&policy_rwlock); |
2664 | return rc; | 2773 | return rc; |
2665 | netlbl_secattr_to_sid_return_cleanup: | 2774 | netlbl_secattr_to_sid_return_cleanup: |
2666 | ebitmap_destroy(&ctx_new.range.level[0].cat); | 2775 | ebitmap_destroy(&ctx_new.range.level[0].cat); |
@@ -2685,7 +2794,7 @@ int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr) | |||
2685 | if (!ss_initialized) | 2794 | if (!ss_initialized) |
2686 | return 0; | 2795 | return 0; |
2687 | 2796 | ||
2688 | POLICY_RDLOCK; | 2797 | read_lock(&policy_rwlock); |
2689 | ctx = sidtab_search(&sidtab, sid); | 2798 | ctx = sidtab_search(&sidtab, sid); |
2690 | if (ctx == NULL) | 2799 | if (ctx == NULL) |
2691 | goto netlbl_sid_to_secattr_failure; | 2800 | goto netlbl_sid_to_secattr_failure; |
@@ -2696,12 +2805,12 @@ int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr) | |||
2696 | rc = mls_export_netlbl_cat(ctx, secattr); | 2805 | rc = mls_export_netlbl_cat(ctx, secattr); |
2697 | if (rc != 0) | 2806 | if (rc != 0) |
2698 | goto netlbl_sid_to_secattr_failure; | 2807 | goto netlbl_sid_to_secattr_failure; |
2699 | POLICY_RDUNLOCK; | 2808 | read_unlock(&policy_rwlock); |
2700 | 2809 | ||
2701 | return 0; | 2810 | return 0; |
2702 | 2811 | ||
2703 | netlbl_sid_to_secattr_failure: | 2812 | netlbl_sid_to_secattr_failure: |
2704 | POLICY_RDUNLOCK; | 2813 | read_unlock(&policy_rwlock); |
2705 | return rc; | 2814 | return rc; |
2706 | } | 2815 | } |
2707 | #endif /* CONFIG_NETLABEL */ | 2816 | #endif /* CONFIG_NETLABEL */ |
diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c index 4a516ff4bcde..a81ded104129 100644 --- a/security/selinux/ss/sidtab.c +++ b/security/selinux/ss/sidtab.c | |||
@@ -14,10 +14,6 @@ | |||
14 | #define SIDTAB_HASH(sid) \ | 14 | #define SIDTAB_HASH(sid) \ |
15 | (sid & SIDTAB_HASH_MASK) | 15 | (sid & SIDTAB_HASH_MASK) |
16 | 16 | ||
17 | #define INIT_SIDTAB_LOCK(s) spin_lock_init(&s->lock) | ||
18 | #define SIDTAB_LOCK(s, x) spin_lock_irqsave(&s->lock, x) | ||
19 | #define SIDTAB_UNLOCK(s, x) spin_unlock_irqrestore(&s->lock, x) | ||
20 | |||
21 | int sidtab_init(struct sidtab *s) | 17 | int sidtab_init(struct sidtab *s) |
22 | { | 18 | { |
23 | int i; | 19 | int i; |
@@ -30,7 +26,7 @@ int sidtab_init(struct sidtab *s) | |||
30 | s->nel = 0; | 26 | s->nel = 0; |
31 | s->next_sid = 1; | 27 | s->next_sid = 1; |
32 | s->shutdown = 0; | 28 | s->shutdown = 0; |
33 | INIT_SIDTAB_LOCK(s); | 29 | spin_lock_init(&s->lock); |
34 | return 0; | 30 | return 0; |
35 | } | 31 | } |
36 | 32 | ||
@@ -86,7 +82,7 @@ out: | |||
86 | return rc; | 82 | return rc; |
87 | } | 83 | } |
88 | 84 | ||
89 | struct context *sidtab_search(struct sidtab *s, u32 sid) | 85 | static struct context *sidtab_search_core(struct sidtab *s, u32 sid, int force) |
90 | { | 86 | { |
91 | int hvalue; | 87 | int hvalue; |
92 | struct sidtab_node *cur; | 88 | struct sidtab_node *cur; |
@@ -99,7 +95,10 @@ struct context *sidtab_search(struct sidtab *s, u32 sid) | |||
99 | while (cur != NULL && sid > cur->sid) | 95 | while (cur != NULL && sid > cur->sid) |
100 | cur = cur->next; | 96 | cur = cur->next; |
101 | 97 | ||
102 | if (cur == NULL || sid != cur->sid) { | 98 | if (force && cur && sid == cur->sid && cur->context.len) |
99 | return &cur->context; | ||
100 | |||
101 | if (cur == NULL || sid != cur->sid || cur->context.len) { | ||
103 | /* Remap invalid SIDs to the unlabeled SID. */ | 102 | /* Remap invalid SIDs to the unlabeled SID. */ |
104 | sid = SECINITSID_UNLABELED; | 103 | sid = SECINITSID_UNLABELED; |
105 | hvalue = SIDTAB_HASH(sid); | 104 | hvalue = SIDTAB_HASH(sid); |
@@ -113,6 +112,16 @@ struct context *sidtab_search(struct sidtab *s, u32 sid) | |||
113 | return &cur->context; | 112 | return &cur->context; |
114 | } | 113 | } |
115 | 114 | ||
115 | struct context *sidtab_search(struct sidtab *s, u32 sid) | ||
116 | { | ||
117 | return sidtab_search_core(s, sid, 0); | ||
118 | } | ||
119 | |||
120 | struct context *sidtab_search_force(struct sidtab *s, u32 sid) | ||
121 | { | ||
122 | return sidtab_search_core(s, sid, 1); | ||
123 | } | ||
124 | |||
116 | int sidtab_map(struct sidtab *s, | 125 | int sidtab_map(struct sidtab *s, |
117 | int (*apply) (u32 sid, | 126 | int (*apply) (u32 sid, |
118 | struct context *context, | 127 | struct context *context, |
@@ -138,43 +147,6 @@ out: | |||
138 | return rc; | 147 | return rc; |
139 | } | 148 | } |
140 | 149 | ||
141 | void sidtab_map_remove_on_error(struct sidtab *s, | ||
142 | int (*apply) (u32 sid, | ||
143 | struct context *context, | ||
144 | void *args), | ||
145 | void *args) | ||
146 | { | ||
147 | int i, ret; | ||
148 | struct sidtab_node *last, *cur, *temp; | ||
149 | |||
150 | if (!s) | ||
151 | return; | ||
152 | |||
153 | for (i = 0; i < SIDTAB_SIZE; i++) { | ||
154 | last = NULL; | ||
155 | cur = s->htable[i]; | ||
156 | while (cur != NULL) { | ||
157 | ret = apply(cur->sid, &cur->context, args); | ||
158 | if (ret) { | ||
159 | if (last) | ||
160 | last->next = cur->next; | ||
161 | else | ||
162 | s->htable[i] = cur->next; | ||
163 | temp = cur; | ||
164 | cur = cur->next; | ||
165 | context_destroy(&temp->context); | ||
166 | kfree(temp); | ||
167 | s->nel--; | ||
168 | } else { | ||
169 | last = cur; | ||
170 | cur = cur->next; | ||
171 | } | ||
172 | } | ||
173 | } | ||
174 | |||
175 | return; | ||
176 | } | ||
177 | |||
178 | static inline u32 sidtab_search_context(struct sidtab *s, | 150 | static inline u32 sidtab_search_context(struct sidtab *s, |
179 | struct context *context) | 151 | struct context *context) |
180 | { | 152 | { |
@@ -204,7 +176,7 @@ int sidtab_context_to_sid(struct sidtab *s, | |||
204 | 176 | ||
205 | sid = sidtab_search_context(s, context); | 177 | sid = sidtab_search_context(s, context); |
206 | if (!sid) { | 178 | if (!sid) { |
207 | SIDTAB_LOCK(s, flags); | 179 | spin_lock_irqsave(&s->lock, flags); |
208 | /* Rescan now that we hold the lock. */ | 180 | /* Rescan now that we hold the lock. */ |
209 | sid = sidtab_search_context(s, context); | 181 | sid = sidtab_search_context(s, context); |
210 | if (sid) | 182 | if (sid) |
@@ -215,11 +187,15 @@ int sidtab_context_to_sid(struct sidtab *s, | |||
215 | goto unlock_out; | 187 | goto unlock_out; |
216 | } | 188 | } |
217 | sid = s->next_sid++; | 189 | sid = s->next_sid++; |
190 | if (context->len) | ||
191 | printk(KERN_INFO | ||
192 | "SELinux: Context %s is not valid (left unmapped).\n", | ||
193 | context->str); | ||
218 | ret = sidtab_insert(s, sid, context); | 194 | ret = sidtab_insert(s, sid, context); |
219 | if (ret) | 195 | if (ret) |
220 | s->next_sid--; | 196 | s->next_sid--; |
221 | unlock_out: | 197 | unlock_out: |
222 | SIDTAB_UNLOCK(s, flags); | 198 | spin_unlock_irqrestore(&s->lock, flags); |
223 | } | 199 | } |
224 | 200 | ||
225 | if (ret) | 201 | if (ret) |
@@ -284,19 +260,19 @@ void sidtab_set(struct sidtab *dst, struct sidtab *src) | |||
284 | { | 260 | { |
285 | unsigned long flags; | 261 | unsigned long flags; |
286 | 262 | ||
287 | SIDTAB_LOCK(src, flags); | 263 | spin_lock_irqsave(&src->lock, flags); |
288 | dst->htable = src->htable; | 264 | dst->htable = src->htable; |
289 | dst->nel = src->nel; | 265 | dst->nel = src->nel; |
290 | dst->next_sid = src->next_sid; | 266 | dst->next_sid = src->next_sid; |
291 | dst->shutdown = 0; | 267 | dst->shutdown = 0; |
292 | SIDTAB_UNLOCK(src, flags); | 268 | spin_unlock_irqrestore(&src->lock, flags); |
293 | } | 269 | } |
294 | 270 | ||
295 | void sidtab_shutdown(struct sidtab *s) | 271 | void sidtab_shutdown(struct sidtab *s) |
296 | { | 272 | { |
297 | unsigned long flags; | 273 | unsigned long flags; |
298 | 274 | ||
299 | SIDTAB_LOCK(s, flags); | 275 | spin_lock_irqsave(&s->lock, flags); |
300 | s->shutdown = 1; | 276 | s->shutdown = 1; |
301 | SIDTAB_UNLOCK(s, flags); | 277 | spin_unlock_irqrestore(&s->lock, flags); |
302 | } | 278 | } |
diff --git a/security/selinux/ss/sidtab.h b/security/selinux/ss/sidtab.h index 2fe9dfa3eb3a..64ea5b1cdea4 100644 --- a/security/selinux/ss/sidtab.h +++ b/security/selinux/ss/sidtab.h | |||
@@ -32,6 +32,7 @@ struct sidtab { | |||
32 | int sidtab_init(struct sidtab *s); | 32 | int sidtab_init(struct sidtab *s); |
33 | int sidtab_insert(struct sidtab *s, u32 sid, struct context *context); | 33 | int sidtab_insert(struct sidtab *s, u32 sid, struct context *context); |
34 | struct context *sidtab_search(struct sidtab *s, u32 sid); | 34 | struct context *sidtab_search(struct sidtab *s, u32 sid); |
35 | struct context *sidtab_search_force(struct sidtab *s, u32 sid); | ||
35 | 36 | ||
36 | int sidtab_map(struct sidtab *s, | 37 | int sidtab_map(struct sidtab *s, |
37 | int (*apply) (u32 sid, | 38 | int (*apply) (u32 sid, |
@@ -39,12 +40,6 @@ int sidtab_map(struct sidtab *s, | |||
39 | void *args), | 40 | void *args), |
40 | void *args); | 41 | void *args); |
41 | 42 | ||
42 | void sidtab_map_remove_on_error(struct sidtab *s, | ||
43 | int (*apply) (u32 sid, | ||
44 | struct context *context, | ||
45 | void *args), | ||
46 | void *args); | ||
47 | |||
48 | int sidtab_context_to_sid(struct sidtab *s, | 43 | int sidtab_context_to_sid(struct sidtab *s, |
49 | struct context *context, | 44 | struct context *context, |
50 | u32 *sid); | 45 | u32 *sid); |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 4a09293efa00..ee5a51cbc5eb 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
@@ -95,11 +95,12 @@ struct inode_smack *new_inode_smack(char *smack) | |||
95 | * | 95 | * |
96 | * Do the capability checks, and require read and write. | 96 | * Do the capability checks, and require read and write. |
97 | */ | 97 | */ |
98 | static int smack_ptrace(struct task_struct *ptp, struct task_struct *ctp) | 98 | static int smack_ptrace(struct task_struct *ptp, struct task_struct *ctp, |
99 | unsigned int mode) | ||
99 | { | 100 | { |
100 | int rc; | 101 | int rc; |
101 | 102 | ||
102 | rc = cap_ptrace(ptp, ctp); | 103 | rc = cap_ptrace(ptp, ctp, mode); |
103 | if (rc != 0) | 104 | if (rc != 0) |
104 | return rc; | 105 | return rc; |
105 | 106 | ||
@@ -1821,27 +1822,6 @@ static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) | |||
1821 | *secid = smack_to_secid(smack); | 1822 | *secid = smack_to_secid(smack); |
1822 | } | 1823 | } |
1823 | 1824 | ||
1824 | /* module stacking operations */ | ||
1825 | |||
1826 | /** | ||
1827 | * smack_register_security - stack capability module | ||
1828 | * @name: module name | ||
1829 | * @ops: module operations - ignored | ||
1830 | * | ||
1831 | * Allow the capability module to register. | ||
1832 | */ | ||
1833 | static int smack_register_security(const char *name, | ||
1834 | struct security_operations *ops) | ||
1835 | { | ||
1836 | if (strcmp(name, "capability") != 0) | ||
1837 | return -EINVAL; | ||
1838 | |||
1839 | printk(KERN_INFO "%s: Registering secondary module %s\n", | ||
1840 | __func__, name); | ||
1841 | |||
1842 | return 0; | ||
1843 | } | ||
1844 | |||
1845 | /** | 1825 | /** |
1846 | * smack_d_instantiate - Make sure the blob is correct on an inode | 1826 | * smack_d_instantiate - Make sure the blob is correct on an inode |
1847 | * @opt_dentry: unused | 1827 | * @opt_dentry: unused |
@@ -2672,8 +2652,6 @@ struct security_operations smack_ops = { | |||
2672 | .netlink_send = cap_netlink_send, | 2652 | .netlink_send = cap_netlink_send, |
2673 | .netlink_recv = cap_netlink_recv, | 2653 | .netlink_recv = cap_netlink_recv, |
2674 | 2654 | ||
2675 | .register_security = smack_register_security, | ||
2676 | |||
2677 | .d_instantiate = smack_d_instantiate, | 2655 | .d_instantiate = smack_d_instantiate, |
2678 | 2656 | ||
2679 | .getprocattr = smack_getprocattr, | 2657 | .getprocattr = smack_getprocattr, |