1
// SPDX-License-Identifier: GPL-2.0-only
2
/* Updated: Karl MacMillan <[email protected]>
3
 *
4
 *	Added conditional policy language extensions
5
 *
6
 *  Updated: Hewlett-Packard <[email protected]>
7
 *
8
 *	Added support for the policy capability bitmap
9
 *
10
 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
11
 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
12
 * Copyright (C) 2004 Red Hat, Inc., James Morris <[email protected]>
13
 */
14

15
#include <linux/kernel.h>
16
#include <linux/pagemap.h>
17
#include <linux/slab.h>
18
#include <linux/vmalloc.h>
19
#include <linux/fs.h>
20
#include <linux/fs_context.h>
21
#include <linux/mount.h>
22
#include <linux/mutex.h>
23
#include <linux/namei.h>
24
#include <linux/init.h>
25
#include <linux/string.h>
26
#include <linux/security.h>
27
#include <linux/major.h>
28
#include <linux/seq_file.h>
29
#include <linux/percpu.h>
30
#include <linux/audit.h>
31
#include <linux/uaccess.h>
32
#include <linux/kobject.h>
33
#include <linux/ctype.h>
34

35
/* selinuxfs pseudo filesystem for exporting the security policy API.
36
   Based on the proc code and the fs/nfsd/nfsctl.c code. */
37

38
#include "flask.h"
39
#include "avc.h"
40
#include "avc_ss.h"
41
#include "security.h"
42
#include "objsec.h"
43
#include "conditional.h"
44
#include "ima.h"
45

46
enum sel_inos {
47
	SEL_ROOT_INO = 2,
48
	SEL_LOAD,	/* load policy */
49
	SEL_ENFORCE,	/* get or set enforcing status */
50
	SEL_CONTEXT,	/* validate context */
51
	SEL_ACCESS,	/* compute access decision */
52
	SEL_CREATE,	/* compute create labeling decision */
53
	SEL_RELABEL,	/* compute relabeling decision */
54
	SEL_USER,	/* compute reachable user contexts */
55
	SEL_POLICYVERS,	/* return policy version for this kernel */
56
	SEL_COMMIT_BOOLS, /* commit new boolean values */
57
	SEL_MLS,	/* return if MLS policy is enabled */
58
	SEL_DISABLE,	/* disable SELinux until next reboot */
59
	SEL_MEMBER,	/* compute polyinstantiation membership decision */
60
	SEL_CHECKREQPROT, /* check requested protection, not kernel-applied one */
61
	SEL_COMPAT_NET,	/* whether to use old compat network packet controls */
62
	SEL_REJECT_UNKNOWN, /* export unknown reject handling to userspace */
63
	SEL_DENY_UNKNOWN, /* export unknown deny handling to userspace */
64
	SEL_STATUS,	/* export current status using mmap() */
65
	SEL_POLICY,	/* allow userspace to read the in kernel policy */
66
	SEL_VALIDATE_TRANS, /* compute validatetrans decision */
67
	SEL_INO_NEXT,	/* The next inode number to use */
68
};
69

70
struct selinux_fs_info {
71
	struct dentry *bool_dir;
72
	unsigned int bool_num;
73
	char **bool_pending_names;
74
	int *bool_pending_values;
75
	struct dentry *class_dir;
76
	unsigned long last_class_ino;
77
	bool policy_opened;
78
	struct dentry *policycap_dir;
79
	unsigned long last_ino;
80
	struct super_block *sb;
81
};
82

83
static int selinux_fs_info_create(struct super_block *sb)
84
{
85
	struct selinux_fs_info *fsi;
86

87
	fsi = kzalloc(sizeof(*fsi), GFP_KERNEL);
88
	if (!fsi)
89
		return -ENOMEM;
90

91
	fsi->last_ino = SEL_INO_NEXT - 1;
92
	fsi->sb = sb;
93
	sb->s_fs_info = fsi;
94
	return 0;
95
}
96

97
static void selinux_fs_info_free(struct super_block *sb)
98
{
99
	struct selinux_fs_info *fsi = sb->s_fs_info;
100
	unsigned int i;
101

102
	if (fsi) {
103
		for (i = 0; i < fsi->bool_num; i++)
104
			kfree(fsi->bool_pending_names[i]);
105
		kfree(fsi->bool_pending_names);
106
		kfree(fsi->bool_pending_values);
107
	}
108
	kfree(sb->s_fs_info);
109
	sb->s_fs_info = NULL;
110
}
111

112
#define SEL_INITCON_INO_OFFSET		0x01000000
113
#define SEL_BOOL_INO_OFFSET		0x02000000
114
#define SEL_CLASS_INO_OFFSET		0x04000000
115
#define SEL_POLICYCAP_INO_OFFSET	0x08000000
116
#define SEL_INO_MASK			0x00ffffff
117

118
#define BOOL_DIR_NAME "booleans"
119
#define CLASS_DIR_NAME "class"
120
#define POLICYCAP_DIR_NAME "policy_capabilities"
121

122
#define TMPBUFLEN	12
123
static ssize_t sel_read_enforce(struct file *filp, char __user *buf,
124
				size_t count, loff_t *ppos)
125
{
126
	char tmpbuf[TMPBUFLEN];
127
	ssize_t length;
128

129
	length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
130
			   enforcing_enabled());
131
	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
132
}
133

134
#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
135
static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
136
				 size_t count, loff_t *ppos)
137

138
{
139
	char *page = NULL;
140
	ssize_t length;
141
	int scan_value;
142
	bool old_value, new_value;
143

144
	if (count >= PAGE_SIZE)
145
		return -ENOMEM;
146

147
	/* No partial writes. */
148
	if (*ppos != 0)
149
		return -EINVAL;
150

151
	page = memdup_user_nul(buf, count);
152
	if (IS_ERR(page))
153
		return PTR_ERR(page);
154

155
	length = -EINVAL;
156
	if (sscanf(page, "%d", &scan_value) != 1)
157
		goto out;
158

159
	new_value = !!scan_value;
160

161
	old_value = enforcing_enabled();
162
	if (new_value != old_value) {
163
		length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
164
				      SECCLASS_SECURITY, SECURITY__SETENFORCE,
165
				      NULL);
166
		if (length)
167
			goto out;
168
		audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS,
169
			"enforcing=%d old_enforcing=%d auid=%u ses=%u"
170
			" enabled=1 old-enabled=1 lsm=selinux res=1",
171
			new_value, old_value,
172
			from_kuid(&init_user_ns, audit_get_loginuid(current)),
173
			audit_get_sessionid(current));
174
		enforcing_set(new_value);
175
		if (new_value)
176
			avc_ss_reset(0);
177
		selnl_notify_setenforce(new_value);
178
		selinux_status_update_setenforce(new_value);
179
		if (!new_value)
180
			call_blocking_lsm_notifier(LSM_POLICY_CHANGE, NULL);
181

182
		selinux_ima_measure_state();
183
	}
184
	length = count;
185
out:
186
	kfree(page);
187
	return length;
188
}
189
#else
190
#define sel_write_enforce NULL
191
#endif
192

193
static const struct file_operations sel_enforce_ops = {
194
	.read		= sel_read_enforce,
195
	.write		= sel_write_enforce,
196
	.llseek		= generic_file_llseek,
197
};
198

199
static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf,
200
					size_t count, loff_t *ppos)
201
{
202
	char tmpbuf[TMPBUFLEN];
203
	ssize_t length;
204
	ino_t ino = file_inode(filp)->i_ino;
205
	int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ?
206
		security_get_reject_unknown() :
207
		!security_get_allow_unknown();
208

209
	length = scnprintf(tmpbuf, TMPBUFLEN, "%d", handle_unknown);
210
	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
211
}
212

213
static const struct file_operations sel_handle_unknown_ops = {
214
	.read		= sel_read_handle_unknown,
215
	.llseek		= generic_file_llseek,
216
};
217

218
static int sel_open_handle_status(struct inode *inode, struct file *filp)
219
{
220
	struct page    *status = selinux_kernel_status_page();
221

222
	if (!status)
223
		return -ENOMEM;
224

225
	filp->private_data = status;
226

227
	return 0;
228
}
229

230
static ssize_t sel_read_handle_status(struct file *filp, char __user *buf,
231
				      size_t count, loff_t *ppos)
232
{
233
	struct page    *status = filp->private_data;
234

235
	BUG_ON(!status);
236

237
	return simple_read_from_buffer(buf, count, ppos,
238
				       page_address(status),
239
				       sizeof(struct selinux_kernel_status));
240
}
241

242
static int sel_mmap_handle_status(struct file *filp,
243
				  struct vm_area_struct *vma)
244
{
245
	struct page    *status = filp->private_data;
246
	unsigned long	size = vma->vm_end - vma->vm_start;
247

248
	BUG_ON(!status);
249

250
	/* only allows one page from the head */
251
	if (vma->vm_pgoff > 0 || size != PAGE_SIZE)
252
		return -EIO;
253
	/* disallow writable mapping */
254
	if (vma->vm_flags & VM_WRITE)
255
		return -EPERM;
256
	/* disallow mprotect() turns it into writable */
257
	vm_flags_clear(vma, VM_MAYWRITE);
258

259
	return remap_pfn_range(vma, vma->vm_start,
260
			       page_to_pfn(status),
261
			       size, vma->vm_page_prot);
262
}
263

264
static const struct file_operations sel_handle_status_ops = {
265
	.open		= sel_open_handle_status,
266
	.read		= sel_read_handle_status,
267
	.mmap		= sel_mmap_handle_status,
268
	.llseek		= generic_file_llseek,
269
};
270

271
static ssize_t sel_write_disable(struct file *file, const char __user *buf,
272
				 size_t count, loff_t *ppos)
273

274
{
275
	char *page;
276
	ssize_t length;
277
	int new_value;
278

279
	if (count >= PAGE_SIZE)
280
		return -ENOMEM;
281

282
	/* No partial writes. */
283
	if (*ppos != 0)
284
		return -EINVAL;
285

286
	page = memdup_user_nul(buf, count);
287
	if (IS_ERR(page))
288
		return PTR_ERR(page);
289

290
	if (sscanf(page, "%d", &new_value) != 1) {
291
		length = -EINVAL;
292
		goto out;
293
	}
294
	length = count;
295

296
	if (new_value) {
297
		pr_err("SELinux: https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-runtime-disable\n");
298
		pr_err("SELinux: Runtime disable is not supported, use selinux=0 on the kernel cmdline.\n");
299
	}
300

301
out:
302
	kfree(page);
303
	return length;
304
}
305

306
static const struct file_operations sel_disable_ops = {
307
	.write		= sel_write_disable,
308
	.llseek		= generic_file_llseek,
309
};
310

311
static ssize_t sel_read_policyvers(struct file *filp, char __user *buf,
312
				   size_t count, loff_t *ppos)
313
{
314
	char tmpbuf[TMPBUFLEN];
315
	ssize_t length;
316

317
	length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX);
318
	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
319
}
320

321
static const struct file_operations sel_policyvers_ops = {
322
	.read		= sel_read_policyvers,
323
	.llseek		= generic_file_llseek,
324
};
325

326
/* declaration for sel_write_load */
327
static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_dir,
328
			  unsigned int *bool_num, char ***bool_pending_names,
329
			  int **bool_pending_values);
330
static int sel_make_classes(struct selinux_policy *newpolicy,
331
			    struct dentry *class_dir,
332
			    unsigned long *last_class_ino);
333

334
/* declaration for sel_make_class_dirs */
335
static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
336
			unsigned long *ino);
337

338
/* declaration for sel_make_policy_nodes */
339
static struct dentry *sel_make_swapover_dir(struct super_block *sb,
340
						unsigned long *ino);
341

342
static ssize_t sel_read_mls(struct file *filp, char __user *buf,
343
				size_t count, loff_t *ppos)
344
{
345
	char tmpbuf[TMPBUFLEN];
346
	ssize_t length;
347

348
	length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
349
			   security_mls_enabled());
350
	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
351
}
352

353
static const struct file_operations sel_mls_ops = {
354
	.read		= sel_read_mls,
355
	.llseek		= generic_file_llseek,
356
};
357

358
struct policy_load_memory {
359
	size_t len;
360
	void *data;
361
};
362

363
static int sel_open_policy(struct inode *inode, struct file *filp)
364
{
365
	struct selinux_fs_info *fsi = inode->i_sb->s_fs_info;
366
	struct policy_load_memory *plm = NULL;
367
	int rc;
368

369
	BUG_ON(filp->private_data);
370

371
	mutex_lock(&selinux_state.policy_mutex);
372

373
	rc = avc_has_perm(current_sid(), SECINITSID_SECURITY,
374
			  SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL);
375
	if (rc)
376
		goto err;
377

378
	rc = -EBUSY;
379
	if (fsi->policy_opened)
380
		goto err;
381

382
	rc = -ENOMEM;
383
	plm = kzalloc(sizeof(*plm), GFP_KERNEL);
384
	if (!plm)
385
		goto err;
386

387
	rc = security_read_policy(&plm->data, &plm->len);
388
	if (rc)
389
		goto err;
390

391
	if ((size_t)i_size_read(inode) != plm->len) {
392
		inode_lock(inode);
393
		i_size_write(inode, plm->len);
394
		inode_unlock(inode);
395
	}
396

397
	fsi->policy_opened = 1;
398

399
	filp->private_data = plm;
400

401
	mutex_unlock(&selinux_state.policy_mutex);
402

403
	return 0;
404
err:
405
	mutex_unlock(&selinux_state.policy_mutex);
406

407
	if (plm)
408
		vfree(plm->data);
409
	kfree(plm);
410
	return rc;
411
}
412

413
static int sel_release_policy(struct inode *inode, struct file *filp)
414
{
415
	struct selinux_fs_info *fsi = inode->i_sb->s_fs_info;
416
	struct policy_load_memory *plm = filp->private_data;
417

418
	BUG_ON(!plm);
419

420
	fsi->policy_opened = 0;
421

422
	vfree(plm->data);
423
	kfree(plm);
424

425
	return 0;
426
}
427

428
static ssize_t sel_read_policy(struct file *filp, char __user *buf,
429
			       size_t count, loff_t *ppos)
430
{
431
	struct policy_load_memory *plm = filp->private_data;
432
	int ret;
433

434
	ret = avc_has_perm(current_sid(), SECINITSID_SECURITY,
435
			  SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL);
436
	if (ret)
437
		return ret;
438

439
	return simple_read_from_buffer(buf, count, ppos, plm->data, plm->len);
440
}
441

442
static vm_fault_t sel_mmap_policy_fault(struct vm_fault *vmf)
443
{
444
	struct policy_load_memory *plm = vmf->vma->vm_file->private_data;
445
	unsigned long offset;
446
	struct page *page;
447

448
	if (vmf->flags & (FAULT_FLAG_MKWRITE | FAULT_FLAG_WRITE))
449
		return VM_FAULT_SIGBUS;
450

451
	offset = vmf->pgoff << PAGE_SHIFT;
452
	if (offset >= roundup(plm->len, PAGE_SIZE))
453
		return VM_FAULT_SIGBUS;
454

455
	page = vmalloc_to_page(plm->data + offset);
456
	get_page(page);
457

458
	vmf->page = page;
459

460
	return 0;
461
}
462

463
static const struct vm_operations_struct sel_mmap_policy_ops = {
464
	.fault = sel_mmap_policy_fault,
465
	.page_mkwrite = sel_mmap_policy_fault,
466
};
467

468
static int sel_mmap_policy(struct file *filp, struct vm_area_struct *vma)
469
{
470
	if (vma->vm_flags & VM_SHARED) {
471
		/* do not allow mprotect to make mapping writable */
472
		vm_flags_clear(vma, VM_MAYWRITE);
473

474
		if (vma->vm_flags & VM_WRITE)
475
			return -EACCES;
476
	}
477

478
	vm_flags_set(vma, VM_DONTEXPAND | VM_DONTDUMP);
479
	vma->vm_ops = &sel_mmap_policy_ops;
480

481
	return 0;
482
}
483

484
static const struct file_operations sel_policy_ops = {
485
	.open		= sel_open_policy,
486
	.read		= sel_read_policy,
487
	.mmap		= sel_mmap_policy,
488
	.release	= sel_release_policy,
489
	.llseek		= generic_file_llseek,
490
};
491

492
static void sel_remove_old_bool_data(unsigned int bool_num, char **bool_names,
493
				     int *bool_values)
494
{
495
	u32 i;
496

497
	/* bool_dir cleanup */
498
	for (i = 0; i < bool_num; i++)
499
		kfree(bool_names[i]);
500
	kfree(bool_names);
501
	kfree(bool_values);
502
}
503

504
static int sel_make_policy_nodes(struct selinux_fs_info *fsi,
505
				struct selinux_policy *newpolicy)
506
{
507
	int ret = 0;
508
	struct dentry *tmp_parent, *tmp_bool_dir, *tmp_class_dir;
509
	unsigned int bool_num = 0;
510
	char **bool_names = NULL;
511
	int *bool_values = NULL;
512
	unsigned long tmp_ino = fsi->last_ino; /* Don't increment last_ino in this function */
513

514
	tmp_parent = sel_make_swapover_dir(fsi->sb, &tmp_ino);
515
	if (IS_ERR(tmp_parent))
516
		return PTR_ERR(tmp_parent);
517

518
	tmp_ino = fsi->bool_dir->d_inode->i_ino - 1; /* sel_make_dir will increment and set */
519
	tmp_bool_dir = sel_make_dir(tmp_parent, BOOL_DIR_NAME, &tmp_ino);
520
	if (IS_ERR(tmp_bool_dir)) {
521
		ret = PTR_ERR(tmp_bool_dir);
522
		goto out;
523
	}
524

525
	tmp_ino = fsi->class_dir->d_inode->i_ino - 1; /* sel_make_dir will increment and set */
526
	tmp_class_dir = sel_make_dir(tmp_parent, CLASS_DIR_NAME, &tmp_ino);
527
	if (IS_ERR(tmp_class_dir)) {
528
		ret = PTR_ERR(tmp_class_dir);
529
		goto out;
530
	}
531

532
	ret = sel_make_bools(newpolicy, tmp_bool_dir, &bool_num,
533
			     &bool_names, &bool_values);
534
	if (ret)
535
		goto out;
536

537
	ret = sel_make_classes(newpolicy, tmp_class_dir,
538
			       &fsi->last_class_ino);
539
	if (ret)
540
		goto out;
541

542
	lock_rename(tmp_parent, fsi->sb->s_root);
543

544
	/* booleans */
545
	d_exchange(tmp_bool_dir, fsi->bool_dir);
546

547
	swap(fsi->bool_num, bool_num);
548
	swap(fsi->bool_pending_names, bool_names);
549
	swap(fsi->bool_pending_values, bool_values);
550

551
	fsi->bool_dir = tmp_bool_dir;
552

553
	/* classes */
554
	d_exchange(tmp_class_dir, fsi->class_dir);
555
	fsi->class_dir = tmp_class_dir;
556

557
	unlock_rename(tmp_parent, fsi->sb->s_root);
558

559
out:
560
	sel_remove_old_bool_data(bool_num, bool_names, bool_values);
561
	/* Since the other temporary dirs are children of tmp_parent
562
	 * this will handle all the cleanup in the case of a failure before
563
	 * the swapover
564
	 */
565
	simple_recursive_removal(tmp_parent, NULL);
566

567
	return ret;
568
}
569

570
static ssize_t sel_write_load(struct file *file, const char __user *buf,
571
			      size_t count, loff_t *ppos)
572

573
{
574
	struct selinux_fs_info *fsi;
575
	struct selinux_load_state load_state;
576
	ssize_t length;
577
	void *data = NULL;
578

579
	/* no partial writes */
580
	if (*ppos)
581
		return -EINVAL;
582
	/* no empty policies */
583
	if (!count)
584
		return -EINVAL;
585

586
	mutex_lock(&selinux_state.policy_mutex);
587

588
	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
589
			      SECCLASS_SECURITY, SECURITY__LOAD_POLICY, NULL);
590
	if (length)
591
		goto out;
592

593
	data = vmalloc(count);
594
	if (!data) {
595
		length = -ENOMEM;
596
		goto out;
597
	}
598
	if (copy_from_user(data, buf, count) != 0) {
599
		length = -EFAULT;
600
		goto out;
601
	}
602

603
	length = security_load_policy(data, count, &load_state);
604
	if (length) {
605
		pr_warn_ratelimited("SELinux: failed to load policy\n");
606
		goto out;
607
	}
608
	fsi = file_inode(file)->i_sb->s_fs_info;
609
	length = sel_make_policy_nodes(fsi, load_state.policy);
610
	if (length) {
611
		pr_warn_ratelimited("SELinux: failed to initialize selinuxfs\n");
612
		selinux_policy_cancel(&load_state);
613
		goto out;
614
	}
615

616
	selinux_policy_commit(&load_state);
617
	length = count;
618
	audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
619
		"auid=%u ses=%u lsm=selinux res=1",
620
		from_kuid(&init_user_ns, audit_get_loginuid(current)),
621
		audit_get_sessionid(current));
622

623
out:
624
	mutex_unlock(&selinux_state.policy_mutex);
625
	vfree(data);
626
	return length;
627
}
628

629
static const struct file_operations sel_load_ops = {
630
	.write		= sel_write_load,
631
	.llseek		= generic_file_llseek,
632
};
633

634
static ssize_t sel_write_context(struct file *file, char *buf, size_t size)
635
{
636
	char *canon = NULL;
637
	u32 sid, len;
638
	ssize_t length;
639

640
	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
641
			      SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, NULL);
642
	if (length)
643
		goto out;
644

645
	length = security_context_to_sid(buf, size, &sid, GFP_KERNEL);
646
	if (length)
647
		goto out;
648

649
	length = security_sid_to_context(sid, &canon, &len);
650
	if (length)
651
		goto out;
652

653
	length = -ERANGE;
654
	if (len > SIMPLE_TRANSACTION_LIMIT) {
655
		pr_err("SELinux: %s:  context size (%u) exceeds "
656
			"payload max\n", __func__, len);
657
		goto out;
658
	}
659

660
	memcpy(buf, canon, len);
661
	length = len;
662
out:
663
	kfree(canon);
664
	return length;
665
}
666

667
static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf,
668
				     size_t count, loff_t *ppos)
669
{
670
	char tmpbuf[TMPBUFLEN];
671
	ssize_t length;
672

673
	length = scnprintf(tmpbuf, TMPBUFLEN, "%u",
674
			   checkreqprot_get());
675
	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
676
}
677

678
static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
679
				      size_t count, loff_t *ppos)
680
{
681
	char *page;
682
	ssize_t length;
683
	unsigned int new_value;
684

685
	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
686
			      SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT,
687
			      NULL);
688
	if (length)
689
		return length;
690

691
	if (count >= PAGE_SIZE)
692
		return -ENOMEM;
693

694
	/* No partial writes. */
695
	if (*ppos != 0)
696
		return -EINVAL;
697

698
	page = memdup_user_nul(buf, count);
699
	if (IS_ERR(page))
700
		return PTR_ERR(page);
701

702
	if (sscanf(page, "%u", &new_value) != 1) {
703
		length = -EINVAL;
704
		goto out;
705
	}
706
	length = count;
707

708
	if (new_value) {
709
		char comm[sizeof(current->comm)];
710

711
		strscpy(comm, current->comm);
712
		pr_err("SELinux: %s (%d) set checkreqprot to 1. This is no longer supported.\n",
713
		       comm, current->pid);
714
	}
715

716
	selinux_ima_measure_state();
717

718
out:
719
	kfree(page);
720
	return length;
721
}
722
static const struct file_operations sel_checkreqprot_ops = {
723
	.read		= sel_read_checkreqprot,
724
	.write		= sel_write_checkreqprot,
725
	.llseek		= generic_file_llseek,
726
};
727

728
static ssize_t sel_write_validatetrans(struct file *file,
729
					const char __user *buf,
730
					size_t count, loff_t *ppos)
731
{
732
	char *oldcon = NULL, *newcon = NULL, *taskcon = NULL;
733
	char *req = NULL;
734
	u32 osid, nsid, tsid;
735
	u16 tclass;
736
	int rc;
737

738
	rc = avc_has_perm(current_sid(), SECINITSID_SECURITY,
739
			  SECCLASS_SECURITY, SECURITY__VALIDATE_TRANS, NULL);
740
	if (rc)
741
		goto out;
742

743
	rc = -ENOMEM;
744
	if (count >= PAGE_SIZE)
745
		goto out;
746

747
	/* No partial writes. */
748
	rc = -EINVAL;
749
	if (*ppos != 0)
750
		goto out;
751

752
	req = memdup_user_nul(buf, count);
753
	if (IS_ERR(req)) {
754
		rc = PTR_ERR(req);
755
		req = NULL;
756
		goto out;
757
	}
758

759
	rc = -ENOMEM;
760
	oldcon = kzalloc(count + 1, GFP_KERNEL);
761
	if (!oldcon)
762
		goto out;
763

764
	newcon = kzalloc(count + 1, GFP_KERNEL);
765
	if (!newcon)
766
		goto out;
767

768
	taskcon = kzalloc(count + 1, GFP_KERNEL);
769
	if (!taskcon)
770
		goto out;
771

772
	rc = -EINVAL;
773
	if (sscanf(req, "%s %s %hu %s", oldcon, newcon, &tclass, taskcon) != 4)
774
		goto out;
775

776
	rc = security_context_str_to_sid(oldcon, &osid, GFP_KERNEL);
777
	if (rc)
778
		goto out;
779

780
	rc = security_context_str_to_sid(newcon, &nsid, GFP_KERNEL);
781
	if (rc)
782
		goto out;
783

784
	rc = security_context_str_to_sid(taskcon, &tsid, GFP_KERNEL);
785
	if (rc)
786
		goto out;
787

788
	rc = security_validate_transition_user(osid, nsid, tsid, tclass);
789
	if (!rc)
790
		rc = count;
791
out:
792
	kfree(req);
793
	kfree(oldcon);
794
	kfree(newcon);
795
	kfree(taskcon);
796
	return rc;
797
}
798

799
static const struct file_operations sel_transition_ops = {
800
	.write		= sel_write_validatetrans,
801
	.llseek		= generic_file_llseek,
802
};
803

804
/*
805
 * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c
806
 */
807
static ssize_t sel_write_access(struct file *file, char *buf, size_t size);
808
static ssize_t sel_write_create(struct file *file, char *buf, size_t size);
809
static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size);
810
static ssize_t sel_write_user(struct file *file, char *buf, size_t size);
811
static ssize_t sel_write_member(struct file *file, char *buf, size_t size);
812

813
static ssize_t (*const write_op[])(struct file *, char *, size_t) = {
814
	[SEL_ACCESS] = sel_write_access,
815
	[SEL_CREATE] = sel_write_create,
816
	[SEL_RELABEL] = sel_write_relabel,
817
	[SEL_USER] = sel_write_user,
818
	[SEL_MEMBER] = sel_write_member,
819
	[SEL_CONTEXT] = sel_write_context,
820
};
821

822
static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos)
823
{
824
	ino_t ino = file_inode(file)->i_ino;
825
	char *data;
826
	ssize_t rv;
827

828
	if (ino >= ARRAY_SIZE(write_op) || !write_op[ino])
829
		return -EINVAL;
830

831
	data = simple_transaction_get(file, buf, size);
832
	if (IS_ERR(data))
833
		return PTR_ERR(data);
834

835
	rv = write_op[ino](file, data, size);
836
	if (rv > 0) {
837
		simple_transaction_set(file, rv);
838
		rv = size;
839
	}
840
	return rv;
841
}
842

843
static const struct file_operations transaction_ops = {
844
	.write		= selinux_transaction_write,
845
	.read		= simple_transaction_read,
846
	.release	= simple_transaction_release,
847
	.llseek		= generic_file_llseek,
848
};
849

850
/*
851
 * payload - write methods
852
 * If the method has a response, the response should be put in buf,
853
 * and the length returned.  Otherwise return 0 or and -error.
854
 */
855

856
static ssize_t sel_write_access(struct file *file, char *buf, size_t size)
857
{
858
	char *scon = NULL, *tcon = NULL;
859
	u32 ssid, tsid;
860
	u16 tclass;
861
	struct av_decision avd;
862
	ssize_t length;
863

864
	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
865
			      SECCLASS_SECURITY, SECURITY__COMPUTE_AV, NULL);
866
	if (length)
867
		goto out;
868

869
	length = -ENOMEM;
870
	scon = kzalloc(size + 1, GFP_KERNEL);
871
	if (!scon)
872
		goto out;
873

874
	length = -ENOMEM;
875
	tcon = kzalloc(size + 1, GFP_KERNEL);
876
	if (!tcon)
877
		goto out;
878

879
	length = -EINVAL;
880
	if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
881
		goto out;
882

883
	length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
884
	if (length)
885
		goto out;
886

887
	length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
888
	if (length)
889
		goto out;
890

891
	security_compute_av_user(ssid, tsid, tclass, &avd);
892

893
	length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT,
894
			  "%x %x %x %x %u %x",
895
			  avd.allowed, 0xffffffff,
896
			  avd.auditallow, avd.auditdeny,
897
			  avd.seqno, avd.flags);
898
out:
899
	kfree(tcon);
900
	kfree(scon);
901
	return length;
902
}
903

904
static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
905
{
906
	char *scon = NULL, *tcon = NULL;
907
	char *namebuf = NULL, *objname = NULL;
908
	u32 ssid, tsid, newsid;
909
	u16 tclass;
910
	ssize_t length;
911
	char *newcon = NULL;
912
	u32 len;
913
	int nargs;
914

915
	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
916
			      SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE,
917
			      NULL);
918
	if (length)
919
		goto out;
920

921
	length = -ENOMEM;
922
	scon = kzalloc(size + 1, GFP_KERNEL);
923
	if (!scon)
924
		goto out;
925

926
	length = -ENOMEM;
927
	tcon = kzalloc(size + 1, GFP_KERNEL);
928
	if (!tcon)
929
		goto out;
930

931
	length = -ENOMEM;
932
	namebuf = kzalloc(size + 1, GFP_KERNEL);
933
	if (!namebuf)
934
		goto out;
935

936
	length = -EINVAL;
937
	nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf);
938
	if (nargs < 3 || nargs > 4)
939
		goto out;
940
	if (nargs == 4) {
941
		/*
942
		 * If and when the name of new object to be queried contains
943
		 * either whitespace or multibyte characters, they shall be
944
		 * encoded based on the percentage-encoding rule.
945
		 * If not encoded, the sscanf logic picks up only left-half
946
		 * of the supplied name; split by a whitespace unexpectedly.
947
		 */
948
		char   *r, *w;
949
		int     c1, c2;
950

951
		r = w = namebuf;
952
		do {
953
			c1 = *r++;
954
			if (c1 == '+')
955
				c1 = ' ';
956
			else if (c1 == '%') {
957
				c1 = hex_to_bin(*r++);
958
				if (c1 < 0)
959
					goto out;
960
				c2 = hex_to_bin(*r++);
961
				if (c2 < 0)
962
					goto out;
963
				c1 = (c1 << 4) | c2;
964
			}
965
			*w++ = c1;
966
		} while (c1 != '\0');
967

968
		objname = namebuf;
969
	}
970

971
	length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
972
	if (length)
973
		goto out;
974

975
	length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
976
	if (length)
977
		goto out;
978

979
	length = security_transition_sid_user(ssid, tsid, tclass,
980
					      objname, &newsid);
981
	if (length)
982
		goto out;
983

984
	length = security_sid_to_context(newsid, &newcon, &len);
985
	if (length)
986
		goto out;
987

988
	length = -ERANGE;
989
	if (len > SIMPLE_TRANSACTION_LIMIT) {
990
		pr_err("SELinux: %s:  context size (%u) exceeds "
991
			"payload max\n", __func__, len);
992
		goto out;
993
	}
994

995
	memcpy(buf, newcon, len);
996
	length = len;
997
out:
998
	kfree(newcon);
999
	kfree(namebuf);
1000
	kfree(tcon);
1001
	kfree(scon);
1002
	return length;
1003
}
1004

1005
static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size)
1006
{
1007
	char *scon = NULL, *tcon = NULL;
1008
	u32 ssid, tsid, newsid;
1009
	u16 tclass;
1010
	ssize_t length;
1011
	char *newcon = NULL;
1012
	u32 len;
1013

1014
	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1015
			      SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL,
1016
			      NULL);
1017
	if (length)
1018
		goto out;
1019

1020
	length = -ENOMEM;
1021
	scon = kzalloc(size + 1, GFP_KERNEL);
1022
	if (!scon)
1023
		goto out;
1024

1025
	length = -ENOMEM;
1026
	tcon = kzalloc(size + 1, GFP_KERNEL);
1027
	if (!tcon)
1028
		goto out;
1029

1030
	length = -EINVAL;
1031
	if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
1032
		goto out;
1033

1034
	length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
1035
	if (length)
1036
		goto out;
1037

1038
	length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
1039
	if (length)
1040
		goto out;
1041

1042
	length = security_change_sid(ssid, tsid, tclass, &newsid);
1043
	if (length)
1044
		goto out;
1045

1046
	length = security_sid_to_context(newsid, &newcon, &len);
1047
	if (length)
1048
		goto out;
1049

1050
	length = -ERANGE;
1051
	if (len > SIMPLE_TRANSACTION_LIMIT)
1052
		goto out;
1053

1054
	memcpy(buf, newcon, len);
1055
	length = len;
1056
out:
1057
	kfree(newcon);
1058
	kfree(tcon);
1059
	kfree(scon);
1060
	return length;
1061
}
1062

1063
static ssize_t sel_write_user(struct file *file, char *buf, size_t size)
1064
{
1065
	char *con = NULL, *user = NULL, *ptr;
1066
	u32 sid, *sids = NULL;
1067
	ssize_t length;
1068
	char *newcon;
1069
	int rc;
1070
	u32 i, len, nsids;
1071

1072
	pr_warn_ratelimited("SELinux: %s (%d) wrote to /sys/fs/selinux/user!"
1073
		" This will not be supported in the future; please update your"
1074
		" userspace.\n", current->comm, current->pid);
1075
	ssleep(5);
1076

1077
	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1078
			      SECCLASS_SECURITY, SECURITY__COMPUTE_USER,
1079
			      NULL);
1080
	if (length)
1081
		goto out;
1082

1083
	length = -ENOMEM;
1084
	con = kzalloc(size + 1, GFP_KERNEL);
1085
	if (!con)
1086
		goto out;
1087

1088
	length = -ENOMEM;
1089
	user = kzalloc(size + 1, GFP_KERNEL);
1090
	if (!user)
1091
		goto out;
1092

1093
	length = -EINVAL;
1094
	if (sscanf(buf, "%s %s", con, user) != 2)
1095
		goto out;
1096

1097
	length = security_context_str_to_sid(con, &sid, GFP_KERNEL);
1098
	if (length)
1099
		goto out;
1100

1101
	length = security_get_user_sids(sid, user, &sids, &nsids);
1102
	if (length)
1103
		goto out;
1104

1105
	length = sprintf(buf, "%u", nsids) + 1;
1106
	ptr = buf + length;
1107
	for (i = 0; i < nsids; i++) {
1108
		rc = security_sid_to_context(sids[i], &newcon, &len);
1109
		if (rc) {
1110
			length = rc;
1111
			goto out;
1112
		}
1113
		if ((length + len) >= SIMPLE_TRANSACTION_LIMIT) {
1114
			kfree(newcon);
1115
			length = -ERANGE;
1116
			goto out;
1117
		}
1118
		memcpy(ptr, newcon, len);
1119
		kfree(newcon);
1120
		ptr += len;
1121
		length += len;
1122
	}
1123
out:
1124
	kfree(sids);
1125
	kfree(user);
1126
	kfree(con);
1127
	return length;
1128
}
1129

1130
static ssize_t sel_write_member(struct file *file, char *buf, size_t size)
1131
{
1132
	char *scon = NULL, *tcon = NULL;
1133
	u32 ssid, tsid, newsid;
1134
	u16 tclass;
1135
	ssize_t length;
1136
	char *newcon = NULL;
1137
	u32 len;
1138

1139
	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1140
			      SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER,
1141
			      NULL);
1142
	if (length)
1143
		goto out;
1144

1145
	length = -ENOMEM;
1146
	scon = kzalloc(size + 1, GFP_KERNEL);
1147
	if (!scon)
1148
		goto out;
1149

1150
	length = -ENOMEM;
1151
	tcon = kzalloc(size + 1, GFP_KERNEL);
1152
	if (!tcon)
1153
		goto out;
1154

1155
	length = -EINVAL;
1156
	if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
1157
		goto out;
1158

1159
	length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL);
1160
	if (length)
1161
		goto out;
1162

1163
	length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL);
1164
	if (length)
1165
		goto out;
1166

1167
	length = security_member_sid(ssid, tsid, tclass, &newsid);
1168
	if (length)
1169
		goto out;
1170

1171
	length = security_sid_to_context(newsid, &newcon, &len);
1172
	if (length)
1173
		goto out;
1174

1175
	length = -ERANGE;
1176
	if (len > SIMPLE_TRANSACTION_LIMIT) {
1177
		pr_err("SELinux: %s:  context size (%u) exceeds "
1178
			"payload max\n", __func__, len);
1179
		goto out;
1180
	}
1181

1182
	memcpy(buf, newcon, len);
1183
	length = len;
1184
out:
1185
	kfree(newcon);
1186
	kfree(tcon);
1187
	kfree(scon);
1188
	return length;
1189
}
1190

1191
static struct inode *sel_make_inode(struct super_block *sb, umode_t mode)
1192
{
1193
	struct inode *ret = new_inode(sb);
1194

1195
	if (ret) {
1196
		ret->i_mode = mode;
1197
		simple_inode_init_ts(ret);
1198
	}
1199
	return ret;
1200
}
1201

1202
static ssize_t sel_read_bool(struct file *filep, char __user *buf,
1203
			     size_t count, loff_t *ppos)
1204
{
1205
	struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info;
1206
	char buffer[4];
1207
	ssize_t length;
1208
	ssize_t ret;
1209
	int cur_enforcing;
1210
	unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
1211
	const char *name = filep->f_path.dentry->d_name.name;
1212

1213
	mutex_lock(&selinux_state.policy_mutex);
1214

1215
	ret = -EINVAL;
1216
	if (index >= fsi->bool_num || strcmp(name,
1217
					     fsi->bool_pending_names[index]))
1218
		goto out_unlock;
1219

1220
	cur_enforcing = security_get_bool_value(index);
1221
	if (cur_enforcing < 0) {
1222
		ret = cur_enforcing;
1223
		goto out_unlock;
1224
	}
1225
	length = scnprintf(buffer, sizeof(buffer), "%d %d", !!cur_enforcing,
1226
			  !!fsi->bool_pending_values[index]);
1227
	mutex_unlock(&selinux_state.policy_mutex);
1228
	return simple_read_from_buffer(buf, count, ppos, buffer, length);
1229

1230
out_unlock:
1231
	mutex_unlock(&selinux_state.policy_mutex);
1232
	return ret;
1233
}
1234

1235
static ssize_t sel_write_bool(struct file *filep, const char __user *buf,
1236
			      size_t count, loff_t *ppos)
1237
{
1238
	struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info;
1239
	char *page = NULL;
1240
	ssize_t length;
1241
	int new_value;
1242
	unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
1243
	const char *name = filep->f_path.dentry->d_name.name;
1244

1245
	if (count >= PAGE_SIZE)
1246
		return -ENOMEM;
1247

1248
	/* No partial writes. */
1249
	if (*ppos != 0)
1250
		return -EINVAL;
1251

1252
	page = memdup_user_nul(buf, count);
1253
	if (IS_ERR(page))
1254
		return PTR_ERR(page);
1255

1256
	mutex_lock(&selinux_state.policy_mutex);
1257

1258
	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1259
			      SECCLASS_SECURITY, SECURITY__SETBOOL,
1260
			      NULL);
1261
	if (length)
1262
		goto out;
1263

1264
	length = -EINVAL;
1265
	if (index >= fsi->bool_num || strcmp(name,
1266
					     fsi->bool_pending_names[index]))
1267
		goto out;
1268

1269
	length = -EINVAL;
1270
	if (sscanf(page, "%d", &new_value) != 1)
1271
		goto out;
1272

1273
	if (new_value)
1274
		new_value = 1;
1275

1276
	fsi->bool_pending_values[index] = new_value;
1277
	length = count;
1278

1279
out:
1280
	mutex_unlock(&selinux_state.policy_mutex);
1281
	kfree(page);
1282
	return length;
1283
}
1284

1285
static const struct file_operations sel_bool_ops = {
1286
	.read		= sel_read_bool,
1287
	.write		= sel_write_bool,
1288
	.llseek		= generic_file_llseek,
1289
};
1290

1291
static ssize_t sel_commit_bools_write(struct file *filep,
1292
				      const char __user *buf,
1293
				      size_t count, loff_t *ppos)
1294
{
1295
	struct selinux_fs_info *fsi = file_inode(filep)->i_sb->s_fs_info;
1296
	char *page = NULL;
1297
	ssize_t length;
1298
	int new_value;
1299

1300
	if (count >= PAGE_SIZE)
1301
		return -ENOMEM;
1302

1303
	/* No partial writes. */
1304
	if (*ppos != 0)
1305
		return -EINVAL;
1306

1307
	page = memdup_user_nul(buf, count);
1308
	if (IS_ERR(page))
1309
		return PTR_ERR(page);
1310

1311
	mutex_lock(&selinux_state.policy_mutex);
1312

1313
	length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1314
			      SECCLASS_SECURITY, SECURITY__SETBOOL,
1315
			      NULL);
1316
	if (length)
1317
		goto out;
1318

1319
	length = -EINVAL;
1320
	if (sscanf(page, "%d", &new_value) != 1)
1321
		goto out;
1322

1323
	length = 0;
1324
	if (new_value && fsi->bool_pending_values)
1325
		length = security_set_bools(fsi->bool_num,
1326
					    fsi->bool_pending_values);
1327

1328
	if (!length)
1329
		length = count;
1330

1331
out:
1332
	mutex_unlock(&selinux_state.policy_mutex);
1333
	kfree(page);
1334
	return length;
1335
}
1336

1337
static const struct file_operations sel_commit_bools_ops = {
1338
	.write		= sel_commit_bools_write,
1339
	.llseek		= generic_file_llseek,
1340
};
1341

1342
static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_dir,
1343
			  unsigned int *bool_num, char ***bool_pending_names,
1344
			  int **bool_pending_values)
1345
{
1346
	int ret;
1347
	char **names, *page;
1348
	u32 i, num;
1349

1350
	page = (char *)get_zeroed_page(GFP_KERNEL);
1351
	if (!page)
1352
		return -ENOMEM;
1353

1354
	ret = security_get_bools(newpolicy, &num, &names, bool_pending_values);
1355
	if (ret)
1356
		goto out;
1357

1358
	*bool_num = num;
1359
	*bool_pending_names = names;
1360

1361
	for (i = 0; i < num; i++) {
1362
		struct dentry *dentry;
1363
		struct inode *inode;
1364
		struct inode_security_struct *isec;
1365
		ssize_t len;
1366
		u32 sid;
1367

1368
		len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]);
1369
		if (len >= PAGE_SIZE) {
1370
			ret = -ENAMETOOLONG;
1371
			break;
1372
		}
1373
		dentry = d_alloc_name(bool_dir, names[i]);
1374
		if (!dentry) {
1375
			ret = -ENOMEM;
1376
			break;
1377
		}
1378

1379
		inode = sel_make_inode(bool_dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR);
1380
		if (!inode) {
1381
			dput(dentry);
1382
			ret = -ENOMEM;
1383
			break;
1384
		}
1385

1386
		isec = selinux_inode(inode);
1387
		ret = selinux_policy_genfs_sid(newpolicy, "selinuxfs", page,
1388
					 SECCLASS_FILE, &sid);
1389
		if (ret) {
1390
			pr_warn_ratelimited("SELinux: no sid found, defaulting to security isid for %s\n",
1391
					   page);
1392
			sid = SECINITSID_SECURITY;
1393
		}
1394

1395
		isec->sid = sid;
1396
		isec->initialized = LABEL_INITIALIZED;
1397
		inode->i_fop = &sel_bool_ops;
1398
		inode->i_ino = i|SEL_BOOL_INO_OFFSET;
1399
		d_add(dentry, inode);
1400
	}
1401
out:
1402
	free_page((unsigned long)page);
1403
	return ret;
1404
}
1405

1406
static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf,
1407
					    size_t count, loff_t *ppos)
1408
{
1409
	char tmpbuf[TMPBUFLEN];
1410
	ssize_t length;
1411

1412
	length = scnprintf(tmpbuf, TMPBUFLEN, "%u",
1413
			   avc_get_cache_threshold());
1414
	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
1415
}
1416

1417
static ssize_t sel_write_avc_cache_threshold(struct file *file,
1418
					     const char __user *buf,
1419
					     size_t count, loff_t *ppos)
1420

1421
{
1422
	char *page;
1423
	ssize_t ret;
1424
	unsigned int new_value;
1425

1426
	ret = avc_has_perm(current_sid(), SECINITSID_SECURITY,
1427
			   SECCLASS_SECURITY, SECURITY__SETSECPARAM,
1428
			   NULL);
1429
	if (ret)
1430
		return ret;
1431

1432
	if (count >= PAGE_SIZE)
1433
		return -ENOMEM;
1434

1435
	/* No partial writes. */
1436
	if (*ppos != 0)
1437
		return -EINVAL;
1438

1439
	page = memdup_user_nul(buf, count);
1440
	if (IS_ERR(page))
1441
		return PTR_ERR(page);
1442

1443
	ret = -EINVAL;
1444
	if (sscanf(page, "%u", &new_value) != 1)
1445
		goto out;
1446

1447
	avc_set_cache_threshold(new_value);
1448

1449
	ret = count;
1450
out:
1451
	kfree(page);
1452
	return ret;
1453
}
1454

1455
static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf,
1456
				       size_t count, loff_t *ppos)
1457
{
1458
	char *page;
1459
	ssize_t length;
1460

1461
	page = (char *)__get_free_page(GFP_KERNEL);
1462
	if (!page)
1463
		return -ENOMEM;
1464

1465
	length = avc_get_hash_stats(page);
1466
	if (length >= 0)
1467
		length = simple_read_from_buffer(buf, count, ppos, page, length);
1468
	free_page((unsigned long)page);
1469

1470
	return length;
1471
}
1472

1473
static ssize_t sel_read_sidtab_hash_stats(struct file *filp, char __user *buf,
1474
					size_t count, loff_t *ppos)
1475
{
1476
	char *page;
1477
	ssize_t length;
1478

1479
	page = (char *)__get_free_page(GFP_KERNEL);
1480
	if (!page)
1481
		return -ENOMEM;
1482

1483
	length = security_sidtab_hash_stats(page);
1484
	if (length >= 0)
1485
		length = simple_read_from_buffer(buf, count, ppos, page,
1486
						length);
1487
	free_page((unsigned long)page);
1488

1489
	return length;
1490
}
1491

1492
static const struct file_operations sel_sidtab_hash_stats_ops = {
1493
	.read		= sel_read_sidtab_hash_stats,
1494
	.llseek		= generic_file_llseek,
1495
};
1496

1497
static const struct file_operations sel_avc_cache_threshold_ops = {
1498
	.read		= sel_read_avc_cache_threshold,
1499
	.write		= sel_write_avc_cache_threshold,
1500
	.llseek		= generic_file_llseek,
1501
};
1502

1503
static const struct file_operations sel_avc_hash_stats_ops = {
1504
	.read		= sel_read_avc_hash_stats,
1505
	.llseek		= generic_file_llseek,
1506
};
1507

1508
#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
1509
static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx)
1510
{
1511
	loff_t cpu;
1512

1513
	for (cpu = *idx; cpu < nr_cpu_ids; ++cpu) {
1514
		if (!cpu_possible(cpu))
1515
			continue;
1516
		*idx = cpu + 1;
1517
		return &per_cpu(avc_cache_stats, cpu);
1518
	}
1519
	(*idx)++;
1520
	return NULL;
1521
}
1522

1523
static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos)
1524
{
1525
	loff_t n = *pos - 1;
1526

1527
	if (*pos == 0)
1528
		return SEQ_START_TOKEN;
1529

1530
	return sel_avc_get_stat_idx(&n);
1531
}
1532

1533
static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1534
{
1535
	return sel_avc_get_stat_idx(pos);
1536
}
1537

1538
static int sel_avc_stats_seq_show(struct seq_file *seq, void *v)
1539
{
1540
	struct avc_cache_stats *st = v;
1541

1542
	if (v == SEQ_START_TOKEN) {
1543
		seq_puts(seq,
1544
			 "lookups hits misses allocations reclaims frees\n");
1545
	} else {
1546
		unsigned int lookups = st->lookups;
1547
		unsigned int misses = st->misses;
1548
		unsigned int hits = lookups - misses;
1549
		seq_printf(seq, "%u %u %u %u %u %u\n", lookups,
1550
			   hits, misses, st->allocations,
1551
			   st->reclaims, st->frees);
1552
	}
1553
	return 0;
1554
}
1555

1556
static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v)
1557
{ }
1558

1559
static const struct seq_operations sel_avc_cache_stats_seq_ops = {
1560
	.start		= sel_avc_stats_seq_start,
1561
	.next		= sel_avc_stats_seq_next,
1562
	.show		= sel_avc_stats_seq_show,
1563
	.stop		= sel_avc_stats_seq_stop,
1564
};
1565

1566
static int sel_open_avc_cache_stats(struct inode *inode, struct file *file)
1567
{
1568
	return seq_open(file, &sel_avc_cache_stats_seq_ops);
1569
}
1570

1571
static const struct file_operations sel_avc_cache_stats_ops = {
1572
	.open		= sel_open_avc_cache_stats,
1573
	.read		= seq_read,
1574
	.llseek		= seq_lseek,
1575
	.release	= seq_release,
1576
};
1577
#endif
1578

1579
static int sel_make_avc_files(struct dentry *dir)
1580
{
1581
	struct super_block *sb = dir->d_sb;
1582
	struct selinux_fs_info *fsi = sb->s_fs_info;
1583
	unsigned int i;
1584
	static const struct tree_descr files[] = {
1585
		{ "cache_threshold",
1586
		  &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR },
1587
		{ "hash_stats", &sel_avc_hash_stats_ops, S_IRUGO },
1588
#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
1589
		{ "cache_stats", &sel_avc_cache_stats_ops, S_IRUGO },
1590
#endif
1591
	};
1592

1593
	for (i = 0; i < ARRAY_SIZE(files); i++) {
1594
		struct inode *inode;
1595
		struct dentry *dentry;
1596

1597
		dentry = d_alloc_name(dir, files[i].name);
1598
		if (!dentry)
1599
			return -ENOMEM;
1600

1601
		inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode);
1602
		if (!inode) {
1603
			dput(dentry);
1604
			return -ENOMEM;
1605
		}
1606

1607
		inode->i_fop = files[i].ops;
1608
		inode->i_ino = ++fsi->last_ino;
1609
		d_add(dentry, inode);
1610
	}
1611

1612
	return 0;
1613
}
1614

1615
static int sel_make_ss_files(struct dentry *dir)
1616
{
1617
	struct super_block *sb = dir->d_sb;
1618
	struct selinux_fs_info *fsi = sb->s_fs_info;
1619
	unsigned int i;
1620
	static const struct tree_descr files[] = {
1621
		{ "sidtab_hash_stats", &sel_sidtab_hash_stats_ops, S_IRUGO },
1622
	};
1623

1624
	for (i = 0; i < ARRAY_SIZE(files); i++) {
1625
		struct inode *inode;
1626
		struct dentry *dentry;
1627

1628
		dentry = d_alloc_name(dir, files[i].name);
1629
		if (!dentry)
1630
			return -ENOMEM;
1631

1632
		inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode);
1633
		if (!inode) {
1634
			dput(dentry);
1635
			return -ENOMEM;
1636
		}
1637

1638
		inode->i_fop = files[i].ops;
1639
		inode->i_ino = ++fsi->last_ino;
1640
		d_add(dentry, inode);
1641
	}
1642

1643
	return 0;
1644
}
1645

1646
static ssize_t sel_read_initcon(struct file *file, char __user *buf,
1647
				size_t count, loff_t *ppos)
1648
{
1649
	char *con;
1650
	u32 sid, len;
1651
	ssize_t ret;
1652

1653
	sid = file_inode(file)->i_ino&SEL_INO_MASK;
1654
	ret = security_sid_to_context(sid, &con, &len);
1655
	if (ret)
1656
		return ret;
1657

1658
	ret = simple_read_from_buffer(buf, count, ppos, con, len);
1659
	kfree(con);
1660
	return ret;
1661
}
1662

1663
static const struct file_operations sel_initcon_ops = {
1664
	.read		= sel_read_initcon,
1665
	.llseek		= generic_file_llseek,
1666
};
1667

1668
static int sel_make_initcon_files(struct dentry *dir)
1669
{
1670
	unsigned int i;
1671

1672
	for (i = 1; i <= SECINITSID_NUM; i++) {
1673
		struct inode *inode;
1674
		struct dentry *dentry;
1675
		const char *s = security_get_initial_sid_context(i);
1676

1677
		if (!s)
1678
			continue;
1679
		dentry = d_alloc_name(dir, s);
1680
		if (!dentry)
1681
			return -ENOMEM;
1682

1683
		inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1684
		if (!inode) {
1685
			dput(dentry);
1686
			return -ENOMEM;
1687
		}
1688

1689
		inode->i_fop = &sel_initcon_ops;
1690
		inode->i_ino = i|SEL_INITCON_INO_OFFSET;
1691
		d_add(dentry, inode);
1692
	}
1693

1694
	return 0;
1695
}
1696

1697
static inline unsigned long sel_class_to_ino(u16 class)
1698
{
1699
	return (class * (SEL_VEC_MAX + 1)) | SEL_CLASS_INO_OFFSET;
1700
}
1701

1702
static inline u16 sel_ino_to_class(unsigned long ino)
1703
{
1704
	return (ino & SEL_INO_MASK) / (SEL_VEC_MAX + 1);
1705
}
1706

1707
static inline unsigned long sel_perm_to_ino(u16 class, u32 perm)
1708
{
1709
	return (class * (SEL_VEC_MAX + 1) + perm) | SEL_CLASS_INO_OFFSET;
1710
}
1711

1712
static inline u32 sel_ino_to_perm(unsigned long ino)
1713
{
1714
	return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1);
1715
}
1716

1717
static ssize_t sel_read_class(struct file *file, char __user *buf,
1718
				size_t count, loff_t *ppos)
1719
{
1720
	unsigned long ino = file_inode(file)->i_ino;
1721
	char res[TMPBUFLEN];
1722
	ssize_t len = scnprintf(res, sizeof(res), "%d", sel_ino_to_class(ino));
1723
	return simple_read_from_buffer(buf, count, ppos, res, len);
1724
}
1725

1726
static const struct file_operations sel_class_ops = {
1727
	.read		= sel_read_class,
1728
	.llseek		= generic_file_llseek,
1729
};
1730

1731
static ssize_t sel_read_perm(struct file *file, char __user *buf,
1732
				size_t count, loff_t *ppos)
1733
{
1734
	unsigned long ino = file_inode(file)->i_ino;
1735
	char res[TMPBUFLEN];
1736
	ssize_t len = scnprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino));
1737
	return simple_read_from_buffer(buf, count, ppos, res, len);
1738
}
1739

1740
static const struct file_operations sel_perm_ops = {
1741
	.read		= sel_read_perm,
1742
	.llseek		= generic_file_llseek,
1743
};
1744

1745
static ssize_t sel_read_policycap(struct file *file, char __user *buf,
1746
				  size_t count, loff_t *ppos)
1747
{
1748
	int value;
1749
	char tmpbuf[TMPBUFLEN];
1750
	ssize_t length;
1751
	unsigned long i_ino = file_inode(file)->i_ino;
1752

1753
	value = security_policycap_supported(i_ino & SEL_INO_MASK);
1754
	length = scnprintf(tmpbuf, TMPBUFLEN, "%d", value);
1755

1756
	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
1757
}
1758

1759
static const struct file_operations sel_policycap_ops = {
1760
	.read		= sel_read_policycap,
1761
	.llseek		= generic_file_llseek,
1762
};
1763

1764
static int sel_make_perm_files(struct selinux_policy *newpolicy,
1765
			char *objclass, int classvalue,
1766
			struct dentry *dir)
1767
{
1768
	u32 i, nperms;
1769
	int rc;
1770
	char **perms;
1771

1772
	rc = security_get_permissions(newpolicy, objclass, &perms, &nperms);
1773
	if (rc)
1774
		return rc;
1775

1776
	for (i = 0; i < nperms; i++) {
1777
		struct inode *inode;
1778
		struct dentry *dentry;
1779

1780
		rc = -ENOMEM;
1781
		dentry = d_alloc_name(dir, perms[i]);
1782
		if (!dentry)
1783
			goto out;
1784

1785
		rc = -ENOMEM;
1786
		inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1787
		if (!inode) {
1788
			dput(dentry);
1789
			goto out;
1790
		}
1791

1792
		inode->i_fop = &sel_perm_ops;
1793
		/* i+1 since perm values are 1-indexed */
1794
		inode->i_ino = sel_perm_to_ino(classvalue, i + 1);
1795
		d_add(dentry, inode);
1796
	}
1797
	rc = 0;
1798
out:
1799
	for (i = 0; i < nperms; i++)
1800
		kfree(perms[i]);
1801
	kfree(perms);
1802
	return rc;
1803
}
1804

1805
static int sel_make_class_dir_entries(struct selinux_policy *newpolicy,
1806
				char *classname, int index,
1807
				struct dentry *dir)
1808
{
1809
	struct super_block *sb = dir->d_sb;
1810
	struct selinux_fs_info *fsi = sb->s_fs_info;
1811
	struct dentry *dentry = NULL;
1812
	struct inode *inode = NULL;
1813

1814
	dentry = d_alloc_name(dir, "index");
1815
	if (!dentry)
1816
		return -ENOMEM;
1817

1818
	inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO);
1819
	if (!inode) {
1820
		dput(dentry);
1821
		return -ENOMEM;
1822
	}
1823

1824
	inode->i_fop = &sel_class_ops;
1825
	inode->i_ino = sel_class_to_ino(index);
1826
	d_add(dentry, inode);
1827

1828
	dentry = sel_make_dir(dir, "perms", &fsi->last_class_ino);
1829
	if (IS_ERR(dentry))
1830
		return PTR_ERR(dentry);
1831

1832
	return sel_make_perm_files(newpolicy, classname, index, dentry);
1833
}
1834

1835
static int sel_make_classes(struct selinux_policy *newpolicy,
1836
			    struct dentry *class_dir,
1837
			    unsigned long *last_class_ino)
1838
{
1839
	u32 i, nclasses;
1840
	int rc;
1841
	char **classes;
1842

1843
	rc = security_get_classes(newpolicy, &classes, &nclasses);
1844
	if (rc)
1845
		return rc;
1846

1847
	/* +2 since classes are 1-indexed */
1848
	*last_class_ino = sel_class_to_ino(nclasses + 2);
1849

1850
	for (i = 0; i < nclasses; i++) {
1851
		struct dentry *class_name_dir;
1852

1853
		class_name_dir = sel_make_dir(class_dir, classes[i],
1854
					      last_class_ino);
1855
		if (IS_ERR(class_name_dir)) {
1856
			rc = PTR_ERR(class_name_dir);
1857
			goto out;
1858
		}
1859

1860
		/* i+1 since class values are 1-indexed */
1861
		rc = sel_make_class_dir_entries(newpolicy, classes[i], i + 1,
1862
				class_name_dir);
1863
		if (rc)
1864
			goto out;
1865
	}
1866
	rc = 0;
1867
out:
1868
	for (i = 0; i < nclasses; i++)
1869
		kfree(classes[i]);
1870
	kfree(classes);
1871
	return rc;
1872
}
1873

1874
static int sel_make_policycap(struct selinux_fs_info *fsi)
1875
{
1876
	unsigned int iter;
1877
	struct dentry *dentry = NULL;
1878
	struct inode *inode = NULL;
1879

1880
	for (iter = 0; iter <= POLICYDB_CAP_MAX; iter++) {
1881
		if (iter < ARRAY_SIZE(selinux_policycap_names))
1882
			dentry = d_alloc_name(fsi->policycap_dir,
1883
					      selinux_policycap_names[iter]);
1884
		else
1885
			dentry = d_alloc_name(fsi->policycap_dir, "unknown");
1886

1887
		if (dentry == NULL)
1888
			return -ENOMEM;
1889

1890
		inode = sel_make_inode(fsi->sb, S_IFREG | 0444);
1891
		if (inode == NULL) {
1892
			dput(dentry);
1893
			return -ENOMEM;
1894
		}
1895

1896
		inode->i_fop = &sel_policycap_ops;
1897
		inode->i_ino = iter | SEL_POLICYCAP_INO_OFFSET;
1898
		d_add(dentry, inode);
1899
	}
1900

1901
	return 0;
1902
}
1903

1904
static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
1905
			unsigned long *ino)
1906
{
1907
	struct dentry *dentry = d_alloc_name(dir, name);
1908
	struct inode *inode;
1909

1910
	if (!dentry)
1911
		return ERR_PTR(-ENOMEM);
1912

1913
	inode = sel_make_inode(dir->d_sb, S_IFDIR | S_IRUGO | S_IXUGO);
1914
	if (!inode) {
1915
		dput(dentry);
1916
		return ERR_PTR(-ENOMEM);
1917
	}
1918

1919
	inode->i_op = &simple_dir_inode_operations;
1920
	inode->i_fop = &simple_dir_operations;
1921
	inode->i_ino = ++(*ino);
1922
	/* directory inodes start off with i_nlink == 2 (for "." entry) */
1923
	inc_nlink(inode);
1924
	d_add(dentry, inode);
1925
	/* bump link count on parent directory, too */
1926
	inc_nlink(d_inode(dir));
1927

1928
	return dentry;
1929
}
1930

1931
static int reject_all(struct mnt_idmap *idmap, struct inode *inode, int mask)
1932
{
1933
	return -EPERM;	// no access for anyone, root or no root.
1934
}
1935

1936
static const struct inode_operations swapover_dir_inode_operations = {
1937
	.lookup		= simple_lookup,
1938
	.permission	= reject_all,
1939
};
1940

1941
static struct dentry *sel_make_swapover_dir(struct super_block *sb,
1942
						unsigned long *ino)
1943
{
1944
	struct dentry *dentry = d_alloc_name(sb->s_root, ".swapover");
1945
	struct inode *inode;
1946

1947
	if (!dentry)
1948
		return ERR_PTR(-ENOMEM);
1949

1950
	inode = sel_make_inode(sb, S_IFDIR);
1951
	if (!inode) {
1952
		dput(dentry);
1953
		return ERR_PTR(-ENOMEM);
1954
	}
1955

1956
	inode->i_op = &swapover_dir_inode_operations;
1957
	inode->i_ino = ++(*ino);
1958
	/* directory inodes start off with i_nlink == 2 (for "." entry) */
1959
	inc_nlink(inode);
1960
	inode_lock(sb->s_root->d_inode);
1961
	d_add(dentry, inode);
1962
	inc_nlink(sb->s_root->d_inode);
1963
	inode_unlock(sb->s_root->d_inode);
1964
	return dentry;
1965
}
1966

1967
#define NULL_FILE_NAME "null"
1968

1969
static int sel_fill_super(struct super_block *sb, struct fs_context *fc)
1970
{
1971
	struct selinux_fs_info *fsi;
1972
	int ret;
1973
	struct dentry *dentry;
1974
	struct inode *inode;
1975
	struct inode_security_struct *isec;
1976

1977
	static const struct tree_descr selinux_files[] = {
1978
		[SEL_LOAD] = {"load", &sel_load_ops, S_IRUSR|S_IWUSR},
1979
		[SEL_ENFORCE] = {"enforce", &sel_enforce_ops, S_IRUGO|S_IWUSR},
1980
		[SEL_CONTEXT] = {"context", &transaction_ops, S_IRUGO|S_IWUGO},
1981
		[SEL_ACCESS] = {"access", &transaction_ops, S_IRUGO|S_IWUGO},
1982
		[SEL_CREATE] = {"create", &transaction_ops, S_IRUGO|S_IWUGO},
1983
		[SEL_RELABEL] = {"relabel", &transaction_ops, S_IRUGO|S_IWUGO},
1984
		[SEL_USER] = {"user", &transaction_ops, S_IRUGO|S_IWUGO},
1985
		[SEL_POLICYVERS] = {"policyvers", &sel_policyvers_ops, S_IRUGO},
1986
		[SEL_COMMIT_BOOLS] = {"commit_pending_bools", &sel_commit_bools_ops, S_IWUSR},
1987
		[SEL_MLS] = {"mls", &sel_mls_ops, S_IRUGO},
1988
		[SEL_DISABLE] = {"disable", &sel_disable_ops, S_IWUSR},
1989
		[SEL_MEMBER] = {"member", &transaction_ops, S_IRUGO|S_IWUGO},
1990
		[SEL_CHECKREQPROT] = {"checkreqprot", &sel_checkreqprot_ops, S_IRUGO|S_IWUSR},
1991
		[SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO},
1992
		[SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO},
1993
		[SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO},
1994
		[SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO},
1995
		[SEL_VALIDATE_TRANS] = {"validatetrans", &sel_transition_ops,
1996
					S_IWUGO},
1997
		/* last one */ {"", NULL, 0}
1998
	};
1999

2000
	ret = selinux_fs_info_create(sb);
2001
	if (ret)
2002
		goto err;
2003

2004
	ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);
2005
	if (ret)
2006
		goto err;
2007

2008
	fsi = sb->s_fs_info;
2009
	fsi->bool_dir = sel_make_dir(sb->s_root, BOOL_DIR_NAME, &fsi->last_ino);
2010
	if (IS_ERR(fsi->bool_dir)) {
2011
		ret = PTR_ERR(fsi->bool_dir);
2012
		fsi->bool_dir = NULL;
2013
		goto err;
2014
	}
2015

2016
	ret = -ENOMEM;
2017
	dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME);
2018
	if (!dentry)
2019
		goto err;
2020

2021
	ret = -ENOMEM;
2022
	inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO);
2023
	if (!inode) {
2024
		dput(dentry);
2025
		goto err;
2026
	}
2027

2028
	inode->i_ino = ++fsi->last_ino;
2029
	isec = selinux_inode(inode);
2030
	isec->sid = SECINITSID_DEVNULL;
2031
	isec->sclass = SECCLASS_CHR_FILE;
2032
	isec->initialized = LABEL_INITIALIZED;
2033

2034
	init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3));
2035
	d_add(dentry, inode);
2036

2037
	dentry = sel_make_dir(sb->s_root, "avc", &fsi->last_ino);
2038
	if (IS_ERR(dentry)) {
2039
		ret = PTR_ERR(dentry);
2040
		goto err;
2041
	}
2042

2043
	ret = sel_make_avc_files(dentry);
2044
	if (ret)
2045
		goto err;
2046

2047
	dentry = sel_make_dir(sb->s_root, "ss", &fsi->last_ino);
2048
	if (IS_ERR(dentry)) {
2049
		ret = PTR_ERR(dentry);
2050
		goto err;
2051
	}
2052

2053
	ret = sel_make_ss_files(dentry);
2054
	if (ret)
2055
		goto err;
2056

2057
	dentry = sel_make_dir(sb->s_root, "initial_contexts", &fsi->last_ino);
2058
	if (IS_ERR(dentry)) {
2059
		ret = PTR_ERR(dentry);
2060
		goto err;
2061
	}
2062

2063
	ret = sel_make_initcon_files(dentry);
2064
	if (ret)
2065
		goto err;
2066

2067
	fsi->class_dir = sel_make_dir(sb->s_root, CLASS_DIR_NAME, &fsi->last_ino);
2068
	if (IS_ERR(fsi->class_dir)) {
2069
		ret = PTR_ERR(fsi->class_dir);
2070
		fsi->class_dir = NULL;
2071
		goto err;
2072
	}
2073

2074
	fsi->policycap_dir = sel_make_dir(sb->s_root, POLICYCAP_DIR_NAME,
2075
					  &fsi->last_ino);
2076
	if (IS_ERR(fsi->policycap_dir)) {
2077
		ret = PTR_ERR(fsi->policycap_dir);
2078
		fsi->policycap_dir = NULL;
2079
		goto err;
2080
	}
2081

2082
	ret = sel_make_policycap(fsi);
2083
	if (ret) {
2084
		pr_err("SELinux: failed to load policy capabilities\n");
2085
		goto err;
2086
	}
2087

2088
	return 0;
2089
err:
2090
	pr_err("SELinux: %s:  failed while creating inodes\n",
2091
		__func__);
2092

2093
	return ret;
2094
}
2095

2096
static int sel_get_tree(struct fs_context *fc)
2097
{
2098
	return get_tree_single(fc, sel_fill_super);
2099
}
2100

2101
static const struct fs_context_operations sel_context_ops = {
2102
	.get_tree	= sel_get_tree,
2103
};
2104

2105
static int sel_init_fs_context(struct fs_context *fc)
2106
{
2107
	fc->ops = &sel_context_ops;
2108
	return 0;
2109
}
2110

2111
static void sel_kill_sb(struct super_block *sb)
2112
{
2113
	selinux_fs_info_free(sb);
2114
	kill_litter_super(sb);
2115
}
2116

2117
static struct file_system_type sel_fs_type = {
2118
	.name		= "selinuxfs",
2119
	.init_fs_context = sel_init_fs_context,
2120
	.kill_sb	= sel_kill_sb,
2121
};
2122

2123
struct path selinux_null __ro_after_init;
2124

2125
static int __init init_sel_fs(void)
2126
{
2127
	struct qstr null_name = QSTR_INIT(NULL_FILE_NAME,
2128
					  sizeof(NULL_FILE_NAME)-1);
2129
	int err;
2130

2131
	if (!selinux_enabled_boot)
2132
		return 0;
2133

2134
	err = sysfs_create_mount_point(fs_kobj, "selinux");
2135
	if (err)
2136
		return err;
2137

2138
	err = register_filesystem(&sel_fs_type);
2139
	if (err) {
2140
		sysfs_remove_mount_point(fs_kobj, "selinux");
2141
		return err;
2142
	}
2143

2144
	selinux_null.mnt = kern_mount(&sel_fs_type);
2145
	if (IS_ERR(selinux_null.mnt)) {
2146
		pr_err("selinuxfs:  could not mount!\n");
2147
		err = PTR_ERR(selinux_null.mnt);
2148
		selinux_null.mnt = NULL;
2149
		return err;
2150
	}
2151

2152
	selinux_null.dentry = try_lookup_noperm(&null_name,
2153
						  selinux_null.mnt->mnt_root);
2154
	if (IS_ERR(selinux_null.dentry)) {
2155
		pr_err("selinuxfs:  could not lookup null!\n");
2156
		err = PTR_ERR(selinux_null.dentry);
2157
		selinux_null.dentry = NULL;
2158
		return err;
2159
	}
2160

2161
	/*
2162
	 * Try to pre-allocate the status page, so the sequence number of the
2163
	 * initial policy load can be stored.
2164
	 */
2165
	(void) selinux_kernel_status_page();
2166

2167
	return err;
2168
}
2169

2170
__initcall(init_sel_fs);
2171

2172