// SPDX-License-Identifier: GPL-2.0-only /* Updated: Karl MacMillan <[email protected]> * * Added conditional policy language extensions * * Updated: Hewlett-Packard <[email protected]> * * Added support for the policy capability bitmap * * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. * Copyright (C) 2003 - 2004 Tresys Technology, LLC * Copyright (C) 2004 Red Hat, Inc., James Morris <[email protected]> */ #include <linux/kernel.h> #include <linux/pagemap.h> #include <linux/slab.h> #include <linux/vmalloc.h> #include <linux/fs.h> #include <linux/fs_context.h> #include <linux/mount.h> #include <linux/mutex.h> #include <linux/namei.h> #include <linux/init.h> #include <linux/string.h> #include <linux/security.h> #include <linux/major.h> #include <linux/seq_file.h> #include <linux/percpu.h> #include <linux/audit.h> #include <linux/uaccess.h> #include <linux/kobject.h> #include <linux/ctype.h> /* selinuxfs pseudo filesystem for exporting the security policy API. Based on the proc code and the fs/nfsd/nfsctl.c code. */ #include "flask.h" #include "avc.h" #include "avc_ss.h" #include "security.h" #include "objsec.h" #include "conditional.h" #include "ima.h" enum sel_inos { … }; struct selinux_fs_info { … }; static int selinux_fs_info_create(struct super_block *sb) { … } static void selinux_fs_info_free(struct super_block *sb) { … } #define SEL_INITCON_INO_OFFSET … #define SEL_BOOL_INO_OFFSET … #define SEL_CLASS_INO_OFFSET … #define SEL_POLICYCAP_INO_OFFSET … #define SEL_INO_MASK … #define BOOL_DIR_NAME … #define CLASS_DIR_NAME … #define POLICYCAP_DIR_NAME … #define TMPBUFLEN … static ssize_t sel_read_enforce(struct file *filp, char __user *buf, size_t count, loff_t *ppos) { … } #ifdef CONFIG_SECURITY_SELINUX_DEVELOP static ssize_t sel_write_enforce(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { … } #else #define sel_write_enforce … #endif static const struct file_operations sel_enforce_ops = …; static ssize_t sel_read_handle_unknown(struct file *filp, char __user *buf, size_t count, loff_t *ppos) { … } static const struct file_operations sel_handle_unknown_ops = …; static int sel_open_handle_status(struct inode *inode, struct file *filp) { … } static ssize_t sel_read_handle_status(struct file *filp, char __user *buf, size_t count, loff_t *ppos) { … } static int sel_mmap_handle_status(struct file *filp, struct vm_area_struct *vma) { … } static const struct file_operations sel_handle_status_ops = …; static ssize_t sel_write_disable(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { … } static const struct file_operations sel_disable_ops = …; static ssize_t sel_read_policyvers(struct file *filp, char __user *buf, size_t count, loff_t *ppos) { … } static const struct file_operations sel_policyvers_ops = …; /* declaration for sel_write_load */ static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_dir, unsigned int *bool_num, char ***bool_pending_names, int **bool_pending_values); static int sel_make_classes(struct selinux_policy *newpolicy, struct dentry *class_dir, unsigned long *last_class_ino); /* declaration for sel_make_class_dirs */ static struct dentry *sel_make_dir(struct dentry *dir, const char *name, unsigned long *ino); /* declaration for sel_make_policy_nodes */ static struct dentry *sel_make_swapover_dir(struct super_block *sb, unsigned long *ino); static ssize_t sel_read_mls(struct file *filp, char __user *buf, size_t count, loff_t *ppos) { … } static const struct file_operations sel_mls_ops = …; struct policy_load_memory { … }; static int sel_open_policy(struct inode *inode, struct file *filp) { … } static int sel_release_policy(struct inode *inode, struct file *filp) { … } static ssize_t sel_read_policy(struct file *filp, char __user *buf, size_t count, loff_t *ppos) { … } static vm_fault_t sel_mmap_policy_fault(struct vm_fault *vmf) { … } static const struct vm_operations_struct sel_mmap_policy_ops = …; static int sel_mmap_policy(struct file *filp, struct vm_area_struct *vma) { … } static const struct file_operations sel_policy_ops = …; static void sel_remove_old_bool_data(unsigned int bool_num, char **bool_names, int *bool_values) { … } static int sel_make_policy_nodes(struct selinux_fs_info *fsi, struct selinux_policy *newpolicy) { … } static ssize_t sel_write_load(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { … } static const struct file_operations sel_load_ops = …; static ssize_t sel_write_context(struct file *file, char *buf, size_t size) { … } static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf, size_t count, loff_t *ppos) { … } static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { … } static const struct file_operations sel_checkreqprot_ops = …; static ssize_t sel_write_validatetrans(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { … } static const struct file_operations sel_transition_ops = …; /* * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c */ static ssize_t sel_write_access(struct file *file, char *buf, size_t size); static ssize_t sel_write_create(struct file *file, char *buf, size_t size); static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size); static ssize_t sel_write_user(struct file *file, char *buf, size_t size); static ssize_t sel_write_member(struct file *file, char *buf, size_t size); static ssize_t (*const write_op[])(struct file *, char *, size_t) = …; static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos) { … } static const struct file_operations transaction_ops = …; /* * payload - write methods * If the method has a response, the response should be put in buf, * and the length returned. Otherwise return 0 or and -error. */ static ssize_t sel_write_access(struct file *file, char *buf, size_t size) { … } static ssize_t sel_write_create(struct file *file, char *buf, size_t size) { … } static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size) { … } static ssize_t sel_write_user(struct file *file, char *buf, size_t size) { … } static ssize_t sel_write_member(struct file *file, char *buf, size_t size) { … } static struct inode *sel_make_inode(struct super_block *sb, umode_t mode) { … } static ssize_t sel_read_bool(struct file *filep, char __user *buf, size_t count, loff_t *ppos) { … } static ssize_t sel_write_bool(struct file *filep, const char __user *buf, size_t count, loff_t *ppos) { … } static const struct file_operations sel_bool_ops = …; static ssize_t sel_commit_bools_write(struct file *filep, const char __user *buf, size_t count, loff_t *ppos) { … } static const struct file_operations sel_commit_bools_ops = …; static int sel_make_bools(struct selinux_policy *newpolicy, struct dentry *bool_dir, unsigned int *bool_num, char ***bool_pending_names, int **bool_pending_values) { … } static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf, size_t count, loff_t *ppos) { … } static ssize_t sel_write_avc_cache_threshold(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { … } static ssize_t sel_read_avc_hash_stats(struct file *filp, char __user *buf, size_t count, loff_t *ppos) { … } static ssize_t sel_read_sidtab_hash_stats(struct file *filp, char __user *buf, size_t count, loff_t *ppos) { … } static const struct file_operations sel_sidtab_hash_stats_ops = …; static const struct file_operations sel_avc_cache_threshold_ops = …; static const struct file_operations sel_avc_hash_stats_ops = …; #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx) { … } static void *sel_avc_stats_seq_start(struct seq_file *seq, loff_t *pos) { … } static void *sel_avc_stats_seq_next(struct seq_file *seq, void *v, loff_t *pos) { … } static int sel_avc_stats_seq_show(struct seq_file *seq, void *v) { … } static void sel_avc_stats_seq_stop(struct seq_file *seq, void *v) { … } static const struct seq_operations sel_avc_cache_stats_seq_ops = …; static int sel_open_avc_cache_stats(struct inode *inode, struct file *file) { … } static const struct file_operations sel_avc_cache_stats_ops = …; #endif static int sel_make_avc_files(struct dentry *dir) { … } static int sel_make_ss_files(struct dentry *dir) { … } static ssize_t sel_read_initcon(struct file *file, char __user *buf, size_t count, loff_t *ppos) { … } static const struct file_operations sel_initcon_ops = …; static int sel_make_initcon_files(struct dentry *dir) { … } static inline unsigned long sel_class_to_ino(u16 class) { … } static inline u16 sel_ino_to_class(unsigned long ino) { … } static inline unsigned long sel_perm_to_ino(u16 class, u32 perm) { … } static inline u32 sel_ino_to_perm(unsigned long ino) { … } static ssize_t sel_read_class(struct file *file, char __user *buf, size_t count, loff_t *ppos) { … } static const struct file_operations sel_class_ops = …; static ssize_t sel_read_perm(struct file *file, char __user *buf, size_t count, loff_t *ppos) { … } static const struct file_operations sel_perm_ops = …; static ssize_t sel_read_policycap(struct file *file, char __user *buf, size_t count, loff_t *ppos) { … } static const struct file_operations sel_policycap_ops = …; static int sel_make_perm_files(struct selinux_policy *newpolicy, char *objclass, int classvalue, struct dentry *dir) { … } static int sel_make_class_dir_entries(struct selinux_policy *newpolicy, char *classname, int index, struct dentry *dir) { … } static int sel_make_classes(struct selinux_policy *newpolicy, struct dentry *class_dir, unsigned long *last_class_ino) { … } static int sel_make_policycap(struct selinux_fs_info *fsi) { … } static struct dentry *sel_make_dir(struct dentry *dir, const char *name, unsigned long *ino) { … } static int reject_all(struct mnt_idmap *idmap, struct inode *inode, int mask) { … } static const struct inode_operations swapover_dir_inode_operations = …; static struct dentry *sel_make_swapover_dir(struct super_block *sb, unsigned long *ino) { … } #define NULL_FILE_NAME … static int sel_fill_super(struct super_block *sb, struct fs_context *fc) { … } static int sel_get_tree(struct fs_context *fc) { … } static const struct fs_context_operations sel_context_ops = …; static int sel_init_fs_context(struct fs_context *fc) { … } static void sel_kill_sb(struct super_block *sb) { … } static struct file_system_type sel_fs_type = …; struct path selinux_null __ro_after_init; static int __init init_sel_fs(void) { … } __initcall(init_sel_fs);
Codebase Browser
linux